Netgear SRX5308 User manual

Category
Routers
Type
User manual

This manual is also suitable for

350 East Plumeria Drive
San Jose, CA 95134
USA
July, 2012
202-10536-04
v1.0
ProSafe Gigabit Quad WAN
SSL VPN Firewall SRX5308
Reference Manual
2
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
© 2010–2012 NETGEAR, Inc. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or
for more information about the topics covered in this manual, visit the Support website at
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): Check the li
st of phone numbers at
http://support.netgear.com/app
/answers/detail/a_id/984.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. Other brand and product names are registered trademarks or trademarks of their respective
holders. © 2010–2012 NETGEAR, Inc. All rights reserved.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication
Part Number
Version Publish Date Comments
202-10536-04 1.0 July 2012 A major revision. Added the following features:
• Support for IPv6 with multiple IPv6 features, including a new
general menu structure that provides both IPv4 and IPv6 radio
buttons (very extensive revisions throughout the manual)
• IPSec VPN autoinitia
te support (see Manually Add or Edit a
VPN Policy)
• SNMPv3 support (see Use a Simple Network Management
Protocol Manager)
• Option to reboot with a different firmware version (see Select
the Firmware and Reboot the VPN Firewall)
• Extensive list of factory d
efault settings (see Appendix A,
Default Settings and Technical Specifications)
202-10536-03 1.0 November 2011 Incorporated nontechnical edits only (there are no feature
chan
ges).
3
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
202-10536-02 1.0 July 2011 Added new features that are documented in the following
sections:
• Configure WAN QoS Profiles
• Inbound Rules (Port Forwarding) and Create LAN WAN Inbound
Service Rules
• Attack Checks
• Set Limits for IPv4 Sessions
• Create IP Groups
• Use the NETGEAR VPN Client Wizard to Create a Secure
Connection
• Manually Create a Secure Conne
ction Using the NETGEAR
VPN Client
• Configure the ProSafe VPN Client for Mode Config Operation
• Configure Date and Time Service
• Configure and Enable the LAN Traffic Meter
202-10536-01 1.0 April 2010 Initial publication of this reference manual.
4
Contents
Chapter 1 Introduction
What Is the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308? . .11
Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Quad-WAN Ports for Increased Reliability and
Load Balancing. . . . . . .13
Advanced VPN Support for Both IPSec and SSL. . . . . . . . . . . . . . . . . .13
A Powerful, True Firewall with Content Filtering
. . . . . . . . . . . . . . . . . . .14
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Autosensing Ethernet Connections with Auto Uplink
. . . . . . . . . . . . . . .14
Extensive Protocol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Easy Installation and Management . . . . . . .
. . . . . . . . . . . . . . . . . . . . .15
Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Bottom Panel with Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Choose a Location for the VPN Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . .20
Use the Rack-Mounting Kit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Log In to the VPN Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Web Management Interface Menu Layout . . . . . . . . . . . . . . . . . . . . . . . . .23
Requirements for Entering IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . .25
IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Chapter 2 IPv4 and IPv6 Internet and WAN Settings
Internet and WAN Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Tasks to Set Up IPv4 Internet Connections
to Your ISPs . . . . . . . . . . .27
Tasks to Set Up an IPv6 Internet
Connection to Your ISPs . . . . . . . . . .27
Configure the IPv4 Internet Connection and W
AN Settings. . . . . . . . . . . .28
Configure the IPv4 WAN Mode . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Let the VPN Firewall Automatically Detect and
Configure an IPv4 Internet Connection
. . . . . . . . . . . . . . . . . . . . . . . . .30
Manually Configure an IPv4 Internet
Connection. . . . . . . . . . . . . . . . . .33
Configure Load Balancing or Auto-Rollover. . . . . . . . . . . . . . . . . . . . . .39
Configure Secondary WAN Addresses . . . . . . . . . . . . . . . . . . . . . . . . .46
Configure Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Configure the IPv6 Internet Connection and W
AN Settings. . . . . . . . . . . .51
Configure the IPv6 Routing Mode . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .52
Use a DHCPv6 Server to Configure an IPv6 Internet Connection . . . . .54
5
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Configure a Static IPv6 Internet Connection. . . . . . . . . . . . . . . . . . . . . .57
Configure a PPPoE IPv6 Internet Connection . . . . . . . . . . . . . . . . . . . .60
Configure 6to4 Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Configure ISATAP Automatic Tunneling. . . . . . . . . . . . . . . . . . . . . . . . .64
View the Tunnel Status and IPv6 Addresses . . . . . . . . . . . . . . . . . . . . .66
Configure Stateless IP/ICMP Translation. . . . . . . . . . . . . . . . . . . . . . . .66
Configure Advanced WAN Options and Other Task
s. . . . . . . . . . . . . . . . .67
Configure WAN QoS Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Additional WAN-Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .78
Verify the Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
What to Do Next. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Chapter 3 LAN Configuration
Manage IPv4 Virtual LANs and DHCP Options . . . . . . . . . . . . . . . . . . . . .79
Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Assign and Manage VLAN Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
VLAN DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Configure a VLAN Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Configure VLAN MAC Addresses and LAN Advanced Settings. . . . . . .88
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN . . . . .89
Manage IPv4 Groups and Hosts (IPv4 LAN Groups). . . . . . . . . . . . . . . . .91
Manage the Network Database . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .92
Change Group Names in the Network Database . . . . . . . . . . . . . . . . . .95
Set Up DHCP Address Reservation. . . . . . .
. . . . . . . . . . . . . . . . . . . . .96
Manage the IPv6 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
DHCPv6 Server Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Configure the IPv6 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the LAN . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN . . . .108
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic. . . . . . . . .109
DMZ Port for IPv4 Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
DMZ Port for IPv6 Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . .117
Manage Static IPv4 Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Configure Static IPv4 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Configure the Routing Information Protocol . . . . . . . . . . . . . . . . . . . . .124
IPv4 Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Manage Static IPv6 Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Chapter 4 Firewall Protection
About Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Administrator Tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Overview of Rules to Block or Allow Specific K
inds of Traffic . . . . . . . . .131
Outbound Rules (Service Blocking) . . . . . . .
. . . . . . . . . . . . . . . . . . . .133
Inbound Rules (Port Forwarding) .
. . . . . . . . . . . . . . . . . . . . . . . . . . . .135
6
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Configure LAN WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Create LAN WAN Outbound Service Rules . . . . . . . . . . . . . . . . . . . . .143
Create LAN WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . .145
Configure DMZ WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Create DMZ WAN Outbound Service Rules. . . . . . . . . . . . . . . . . . . . .149
Create DMZ WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . .151
Configure LAN DMZ Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Create LAN DMZ Outbound Service Rules . . . . . . . . . . . . . . . . . . . . .155
Create LAN DMZ Inbound Service Rules. . . . . . . . . . . . . . . . . . . . . . .157
Examples of Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Examples of Inbound Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . .159
Examples of Outbound Firewall Rules . . . . .
. . . . . . . . . . . . . . . . . . . .164
Configure Other Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Attack Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Set Limits for IPv4 Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Manage the Application Level Gateway for S
IP Sessions . . . . . . . . . .171
Services, Bandwidth Profiles, and Q
oS Profiles. . . . . . . . . . . . . . . . . . . .171
Add Customized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Create IP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Create Bandwidth Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Create Quality of Service Profiles for IPv4 Firewall Rules . . . . . . . . . .179
Quality of Service Priorities for IPv6 Firewall Rules . . . . . . . . . . . . . . .181
Configure Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Set a Schedule to Block or Allow Specific Traffic
. . . . . . . . . . . . . . . . . . .185
Enable Source MAC Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Set Up IP/MAC Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Configure Port Triggering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Configure Universal Plug and Play. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Chapter 5 Virtual Private Networking
Using IPSec and L2TP Connections
Considerations for Dual WAN Port Systems (IPv4 Only). . . . . . . . . . . . .196
Use the IPSec VPN Wizard for Client and Gateway
Configurations . . . .198
Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard. . .198
Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard. . .203
Create an IPv4 Client-to-Gateway VPN
Tunnel with the Wizard . . . . .206
Test the Connection and View Connection and Status Information. . . . .221
Test the NETGEAR VPN Client Connection . . . . . . . . . . . . . . . . . . . .221
NETGEAR VPN Client Status and Log Information
. . . . . . . . . . . . . . .223
View the VPN Firewall IPSec VPN Connection Status. . . . . . . . . . . . .223
View the VPN Firewall IPSec VPN Log . . . . . . . . . . . . . . . . . . . . . . . .224
Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Manage IKE Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Manage VPN Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . .239
Configure XAUTH for VPN Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . .240
7
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
User Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
RADIUS Client and Server Configuration. . . . . . . . . . . . . . . . . . . . . . .241
Assign IPv4 Addresses to Remote Users (Mode Config)
. . . . . . . . . . . . .244
Mode Config Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Configure Mode Config Operation on the VPN Firewall. . . . . . . . . . . .244
Configure the ProSafe VPN Client for Mode
Config Operation . . . . . .251
Test the Mode Config Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Modify or Delete a Mode Config Record. . . .
. . . . . . . . . . . . . . . . . . . .259
Configure Keep-Alives and Dead Peer Detection . . . . . . . . . . . . . . . . . .259
Configure Keep-Alives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Configure Dead Peer Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261
Configure NetBIOS Bridging with IPSec VPN . . . . . . . . . . . . . . . . . . . . .262
Configure the PPTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
View the Active PPTP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264
Configure the L2TP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265
View the Active L2TP Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
Chapter 6 Virtual Private Networking
Using SSL Connections
SSL VPN Portal Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Overview of the SSL Configuration Process . .
. . . . . . . . . . . . . . . . . . . .269
Create the Portal Layout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Configure Domains, Groups, and Users. . . . . . . . . . . . . . . . . . . . . . . . . .274
Configure Applications for Port Forwarding . . . . . . . . . . . . . . . . . . . . . . .275
Add Servers and Port Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Add a New Host Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276
Configure the SSL VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Configure the Client IP Address Range . . . . . . . . . . . . . . . . . . . . . . . .278
Add Routes for VPN Tunnel Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .280
Use Network Resource Objects to Simplify Policies
. . . . . . . . . . . . . . . .281
Add New Network Resources. . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .281
Edit Network Resources to Specify Addresses
. . . . . . . . . . . . . . . . . .282
Configure User, Group, and Global Policies. . . . . . . . . . . . . . . . . . . . . . .284
View Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
Add an IPv4 or IPv6 SSL VPN Policy. . . . . . . . . . . . . . . . . . . . . . . . . .286
Access the New SSL Portal Login Screen . . . .
. . . . . . . . . . . . . . . . . . . .290
View the SSL VPN Connection Status and SSL VPN Log. . . . . . . . . . . .292
Chapter 7 Manage Users, Authentication, and VPN Certificates
The VPN Firewall’s Authentication Process and Options. . . . . . . . . . . . .294
Configure Authentication Domains, Groups, and
Users. . . . . . . . . . . . . .296
Configure Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
Configure Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300
Configure User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Set User Login Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Change Passwords and Other User Settings. . . . . . . . . . . . . . . . . . . .311
Manage Digital Certificates for VPN Connections . . . . . . . . . . . . . . . . . .313
8
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
VPN Certificates Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314
Manage VPN CA Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Manage VPN Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . .316
Manage the VPN Certificate Revocation List . . . . . . . . . . . . . . . . . . . .320
Chapter 8 Network and System Management
Performance Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Bandwidth Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Features That Reduce Traffic. . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .322
Features That Increase Traffic
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324
Use QoS and Bandwidth Assignment to Shift the Traffic Mix. . . . . . . .327
Monitoring Tools for Traffic Management. . . . . . . . . . . . . . . . . . . . . . .328
System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
Change Passwords and Administrator and Guest Settings . . . . . . . . .328
Configure Remote Management Access . . . . . . . . . . . . . . . . . . . . . . .330
Use the Command-Line Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . .334
Use a Simple Network Management Protocol Manager. . . . . . . . . . . .334
Manage the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
Configure Date and Time Service . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
Chapter 9 Monitor System Access and Performance
Configure and Enable the WAN Traffic Meter . . . . . . . . . . . . . . . . . . . . .347
Configure and Enable the LAN Traffic Meter . . . . . . . . . . . . . . . . . . . . . .350
Configure Logging, Alerts, and Event Notifications . . . . . . . . . . . . . . . . .353
How to Send Syslogs over a VPN Tunnel between Sites . . . . . . . . . .359
View Status Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
View the System Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
View the VPN Connection Status, L2TP Users, and PPTP Users. . . .370
View the VPN Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
View the Port Triggering Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
View the WAN Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
View the Attached Devices and the DHCP Log . . . . . . . . . . . . . . . . . .377
Diagnostics Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380
Send a Ping Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381
Trace a Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381
Look Up a DNS Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Display the Routing Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Capture Packets in Real Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Reboot the VPN Firewall Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Chapter 10 Troubleshooting
Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
Power LED Not On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
Test LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
LAN or WAN Port LEDs Not On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386
Troubleshoot the Web Management Interface. . .
. . . . . . . . . . . . . . . . . .386
9
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
When You Enter a URL or IP Address, a Time-Out Error Occurs . . . . . .387
Troubleshoot the ISP Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .388
Troubleshooting the IPv6 Connection . . . . . . . . . . . . . . . . . . . . . . . . . . .389
Troubleshoot a TCP/IP Network Using a Ping Utility
. . . . . . . . . . . . . . . .392
Test the LAN Path to Your VPN Firewall
. . . . . . . . . . . . . . . . . . . . . . .392
Test the Path from Your C
omputer to a Remote Device . . . . . . . . . . .393
Restore the Default Configuration and Password . . . . . . . . . . . . . . . . . .393
Address Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . .395
Access the Knowledge Base and Documentation
. . . . . . . . . . . . . . . . . .395
Appendix A Default Settings and Technical Specifications
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .396
Physical and Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . .402
Appendix B Network Planning for Multiple WAN Ports (IPv4 Only)
What to Consider Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . .404
Cabling and Computer Hardware
Requirements . . . . . . . . . . . . . . . . .406
Computer Network Configuration R
equirements . . . . . . . . . . . . . . . . .406
Internet Configuration Requirements
. . . . . . . . . . . . . . . . . . . . . . . . . .406
Overview of the Planning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408
Inbound Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409
Inbound Traffic to a Single WAN Port System . . . . . . . . . . . . . . . . . . .409
Inbound Traffic to a Dual WAN Port System . .
. . . . . . . . . . . . . . . . . .410
Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .411
VPN Road Warrior (Client-to-Gatew
ay) . . . . . . . . . . . . . . . . . . . . . . . .412
VPN Gateway-to-Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415
VPN Telecommuter (Client-to-Gatew
ay through a NAT Router) . . . . .417
Appendix C System Logs and Error Messages
System Log Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421
NTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421
Login/Logout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422
System Startup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422
Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423
Firewall Restart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423
IPSec Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423
Unicast, Multicast, and Broadcast Logs . . . . . . . . . . . . . . . . . . . . . . . .423
WAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424
Resolved DNS Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428
VPN Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Traffic Meter Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Routing Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
LAN to WAN Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
LAN to DMZ Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
DMZ to WAN Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
WAN to LAN Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
10
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
DMZ to LAN Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
WAN to DMZ Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
Other Event Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
Session Limit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
Source MAC Filter Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
Bandwidth Limit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
DHCP Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
Appendix D Two-Factor Authentication
Why Do I Need Two-Factor Authentication? . . . . . . . . . . . . . . . . . . . . . .439
What Are the Benefits of Two-Factor Authentication?
. . . . . . . . . . . . .439
What Is Two-Factor Authentic
ation? . . . . . . . . . . . . . . . . . . . . . . . . . .440
NETGEAR Two-Factor Authentication Solutions . . . . . . . . . . . . . . . . . . .440
Appendix E Notification of Compliance (Wired)
Index
11
1
1. Introduction
This chapter provides an overview of the features and capabilities of the ProSafe Gigabit Quad
WAN SSL VPN Firewall SRX5308 and explains how to log in to the device and use its web
management interface. The chapter contains the following sections:
• What Is the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308?
• Key Features and Capabilities
• Package Contents
• Hardware Features
• Choose a Location for the VPN Firewall
• Log In to the VPN Firewall
• Web Management Interface Menu Layout
• Requirements for Entering IP Addresses
Note: For more information about the topics covered in this manual, visit
the SRX5308 support website at http://support.netgear.com.
What Is the ProSafe Gigabit Quad WAN SSL VPN Firewall
SRX5308?
The ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308, hereafter referred to as the
VPN firewall, connects your local area network (LAN) to the Internet through up to four
external broadband access devices such as cable or DSL modems or satellite or wireless
Internet dishes. Four wide area network (WAN) ports allow you to increase effective data rate
to the Internet by utilizing all WAN ports to carry session traffic or to maintain backup
connections in case of failure of your primary Internet connection.
The VPN firewall routes both IPv4 and IPv6 traffic. A powerful, flexible firewall protects your
IPv4 and IPv6 networks from denial of service (DoS) attacks, unwanted traffic, and traffic
with objectionable content. IPv6 traffic is supported through 6to4 and Intra-Site Automatic
Tunnel Addressing Protocol (ISATAP) tunnels.
Introduction
12
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
The VPN firewall is a security solution that protects your network from attacks and intrusions.
For example, the VPN firewall provides support for stateful packet inspection (SPI), denial of
service (DoS) attack protection, and multi-NAT support. The VPN firewall supports multiple
web content filtering options, plus browsing activity reporting and instant alerts—both through
email. Network administrators can establish restricted access policies based on time of day,
website addresses, and address keywords.
The VPN firewall provides advanced IPSec and SSL VPN technologies for secure and simple
remote connections. The use of Gigabit Ethernet LAN and WAN ports ensures high data
transfer speeds.
The VPN firewall is a plug-and-play device that can be installed and configured within
minutes.
Key Features and Capabilities
• Quad-WAN Ports for Increased Reliability and Load Balancing
• Advanced VPN Support for Both IPSec and SSL
• A Powerful, True Firewall with Content Filtering
• Security Features
• Autosensing Ethernet Connections with Auto Uplink
• Extensive Protocol Support
• Easy Installation and Management
• Maintenance and Support
The VPN firewall provides the following key features and capabilities:
• Four 1
0/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing and failover
protection of your Internet connection, providing increased data rate and increased
system reliability.
• Built-in fo
ur-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for fast data transfer
between local network resources and support for up to 200,000 internal or external
connections.
• Both IPv4 and
IPv6 support
• Adva
nced IPSec VPN and SSL VPN support with support for up to 125 concurrent IPSec
VPN tunnels and up to 50 concurrent SSL VPN tunnels.
• Bundled with
a single-user license of the NETGEAR ProSafe VPN Client software
(VPN01L).
• L2TP tu
nnel and PPTP tunnel support
• Adva
nced stateful packet inspection (SPI) firewall with multi-NAT support.
• Qu
ality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and
multimedia.
• Exten
sive protocol support.
Introduction
13
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
• One console port for local management.
• SNMP
support with SNMPv1, SNMPv2c, and SNMPv3, and management optimized for
the NETGEAR ProSafe Network Management Software (NMS200) over a LANJ
connection.
• F
ront panel LEDs for easy monitoring of status and activity.
• F
lash memory for firmware upgrade.
• I
nternal universal switching power supply.
• Rack-mounting kit fo
r 1U rackmounting.
Quad-WAN Ports for Increased Reliability and Load Balancing
The VPN firewall provides four broadband WAN ports. These WAN ports allow you to
connect additional broadband Internet lines that can be configured to:
• L
oad-balance outbound traffic between up to four lines for maximum bandwidth
efficiency.
• Pro
vide backup and rollover if one line is inoperable, ensuring that you are never
disconnected.
See Append
ix B, Network Planning for Multiple WAN Ports (IPv4 Only) for the planning
factors to consider when implementing the following capabilities with multiple WAN port
gateways:
• Single
or multiple exposed hosts.
• V
irtual private networks (VPNs).
Advanced VPN Support for Both IPSec and SSL
The VPN firewall supports IPSec and SSL virtual private network (VPN) connections:
• I
PSec VPN delivers full network access between a central office and branch offices, or
between a central office and telecommuters. Remote access by telecommuters requires
the installation of VPN client software on the remote computer.
- I
PSec VPN with broad protocol support for secure connection to other IPSec
gateways and clients.
- Up
to 125 simultaneous IPSec VPN connections.
- Bun
dled with a 30-day trial license for the ProSafe VPN Client software (VPN01L).
• SSL VPN provide
s remote access for mobile users to selected corporate resources
without requiring a preinstalled VPN client on their computers.
- Uses th
e familiar Secure Sockets Layer (SSL) protocol, commonly used for
e-commerce transactions, to provide client-free access with customizable user
portals and support for a wide variety of user repositories.
- Up
to 50 simultaneous SSL VPN connections.
Introduction
14
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
- Allows browser-based, platform-independent remote access through a number of
popular browsers, such as Microsoft Internet Explorer, Mozilla Firefox, and Apple
Safari.
- Provides granular access to
corporate resources based on user type or group
membership.
A Powerful, True Firewall with Content Filtering
Unlike simple NAT routers, the VPN firewall is a true firewall, using stateful packet inspection
(SPI) to defend against hacker attacks. Its firewall features have the following capabilities:
• DoS protection.
Automatically detects and thwarts denial of service (DoS) attacks such
as Ping of Death and SYN flood.
• Secure firewall. Blocks un
wanted traffic from the Internet to your LAN.
• Content fil
tering. Prevents objectionable content from reaching your computers. You
can control access to Internet content by screening for web services, web addresses, and
keywords within web addresses.
• Schedul
e policies. Permits scheduling of firewall policies by day and time.
• Logs security incident
s. Logs security events such as logins and secure logins. You can
configure the firewall to email the log to you at specified intervals. You can also configure
the VPN firewall to send immediate alert messages to your email address or email pager
when a significant event occurs.
Security Features
The VPN firewall is equipped with several features designed to maintain security:
• Computers h
idden by NAT. NAT opens a temporary path to the Internet for requests
originating from the local network. Requests originating from outside the LAN are
discarded, preventing users outside the LAN from finding and directly accessing the
computers on the LAN.
• Port forwarding
with NAT. Although NAT prevents Internet locations from directly
accessing the computers on the LAN, the VPN firewall allows you to direct incoming
traffic to specific computers based on the service port number of the incoming request.
• DMZ po
rt. Incoming traffic from the Internet is usually discarded by the VPN firewall
unless the traffic is a response to one of your local computers or a service for which you
have configured an inbound rule. Instead of discarding this traffic, you can use the
dedicated demilitarized zone (DMZ) port to forward the traffic to one computer on your
network.
Autosensing Ethernet Connections with Auto Uplink
With its internal four-port 10/100/1000 Mbps switch and four 10/100/1000 WAN ports, the
VPN firewall can connect to a 10-Mbps standard Ethernet network, a 100-Mbps Fast Ethernet
Introduction
15
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
network, a 1000-Mbps Gigabit Ethernet network, or a combination of these networks. All LAN
and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.
The VPN firewall incorporates Auto Uplink
TM
technology. Each Ethernet port automatically
senses whether the Ethernet cable plugged into the port should have a normal connection
such as to a computer or an uplink connection such as to a switch or hub. That port then
configures itself correctly. This feature eliminates the need for you to think about crossover
cables, as Auto Uplink accommodates either type of cable to make the right connection.
Extensive Protocol Support
The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and
Routing Information Protocol (RIP). The VPN firewall provides the following protocol support:
• I
P address sharing by NAT. The VPN firewall allows many networked computers to
share an Internet account using only a single IP address, which might be statically or
dynamically assigned by your Internet service provider (ISP). This technique, known as
Network Address Translation (NAT), allows the use of an inexpensive single-user ISP
account.
• Automatic configuration of att
ached computers by DHCP. The VPN firewall
dynamically assigns network configuration information, including IP, gateway, and
Domain Name Server (DNS) addresses, to attached computers on the LAN using the
Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies
configuration of computers on your local network.
• DNS proxy. Whe
n DHCP is enabled and no DNS addresses are specified, the VPN
firewall provides its own address as a DNS server to the attached computers. The firewall
obtains actual DNS addresses from the ISP during connection setup and forwards DNS
requests from the LAN.
• PPP over Ethernet (PPP
oE). PPPoE is a protocol for connecting remote hosts to the
Internet over a DSL connection by simulating a dial-up connection.
• Qualit
y of Service (QoS). The VPN firewall supports QoS, including traffic prioritization
and traffic classification with Type of Service (ToS) and Differentiated Services Code
Point (DSCP) marking.
• L
ayer 2 Tunneling Protocol (L2TP). A tunneling protocol that is used to support virtual
private networks (VPNs).
• Poi
nt to Point Tunneling Protocol (PPTP). Another tunneling protocol that is used to
support VPNs.
Easy Installation and Management
You can install, configure, and operate the VPN firewall within minutes after connecting it to
the network. The following features simplify installation and management tasks:
• Browser-base
d management. Browser-based configuration allows you to easily
configure the VPN firewall from almost any type of operating system, such as Windows,
Macintosh, or Linux. Online help documentation is built into the browser-based web
management interface.
Introduction
16
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
• Auto-detection of ISP. The VPN firewall automatically senses the type of Internet
connection, asking you only for the information required for your type of ISP account.
• IPSec VPN W
izard. The VPN firewall includes the NETGEAR IPSec VPN Wizard so you
can easily configure IPSec VPN tunnels according to the recommendations of the Virtual
Private Network Consortium (VPNC). This ensures that the IPSec VPN tunnels are
interoperable with other VPNC-compliant VPN routers and clients.
• SNMP. The
VPN firewall supports the Simple Network Management Protocol (SNMP) to
let you monitor and manage log resources from an SNMP-compliant system manager.
The SNMP system configuration lets you change the system variables for MIB2.
• Diagnosti
c functions. The VPN firewall incorporates built-in diagnostic functions such
as ping, traceroute, DNS lookup, and remote reboot.
• Remote m
anagement. The VPN firewall allows you to log in to the web management
interface from a remote location on the Internet. For security, you can limit remote
management access to a specified remote IP address or range of addresses.
• V
isual monitoring. The VPN firewall’s front panel LEDs provide an easy way to monitor
its status and activity.
Maintenance and Support
NETGEAR offers the following features to help you maximize your use of the VPN firewall:
• Flash memo
ry for firmware upgrades.
• T
echnical support seven days a week, 24 hours a day. Information about support is
available on the NETGEAR website at
http://support.netgear.com/app/answers/detail/a_id/212.
Package Contents
The VPN firewall product package contains the following items:
• ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
• On
e AC power cable
• On
e Category 5 (Cat 5) Ethernet cable
• On
e rack-mounting kit
• ProSafe Giga
bit Quad WAN SSL VPN Firewall SRX5308 Installation Guide
• Resou
rce CD, including:
- Application Note
s and other helpful information
- ProSafe VPN Clie
nt software (VPN01L)
If any of the parts are incorrect, missing, o
r damaged, contact your NETGEAR dealer. Keep
the carton, including the original packing materials, in case you need to return the product for
repair.
Introduction
17
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Hardware Features
• Front Panel
• Rear Panel
• Bottom Panel with Product Label
The front panel ports and LEDs, rear panel ports, and bottom label of the VPN firewall are
d
escribed in the following sections.
Front Panel
Viewed from left to right, the VPN firewall front panel contains the following ports (see the
following figure).
• L
AN Ethernet ports. Four switched N-way automatic speed negotiating, Auto MDI/MDIX,
Gigabit Ethernet ports with RJ-45 connectors
• W
AN Ethernet ports. Four independent N-way automatic speed negotiating, Auto
MDI/MDIX, Gigabit Ethernet ports with RJ-45 connectors
The front panel also contains three groups of
status indicator light-emitting diodes (LEDs),
including Power and Test LEDs, LAN LEDs, and WAN LEDs, all of which are explained in the
following table.
Figure 1.
Power LED
Test LED
Left LAN LEDs
Right LAN LEDs
DMZ LED
Left WAN LEDs
Right WAN LEDs
LEDs
Internet
Introduction
18
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Table 1. LED descriptions
LED Activity Description
Power On (green) Power is supplied to the VPN firewall.
Off Power is not supplied to the VPN firewall.
Test On (amber) during
startup.
Test mode: The VPN firewall is initializing. After approximately 2 minutes,
when the VPN firewall has completed its initialization, the Test LED goes
off.
On (amber) during
any other time
The initialization has failed, or a hardware failure has occurred.
Blinking (amber) The VPN firewall is writing to flash memory (during upgrading or resetting
to defaults).
Off The system has booted successfully.
LAN Ports
Left LED On (green) The LAN port has detected a link with a connected Ethernet device.
Blinking (green) The LAN port receives or transmits data.
Off The LAN port has no link.
Right LED On (green) The LAN port operates at 1000 Mbps.
On (amber) The LAN port operates at 100 Mbps.
Off The LAN port operates at 10 Mbps.
DMZ LED On (green) Port 4 operates as a dedicated hardware DMZ port.
Off Port 4 operates as a normal LAN port.
WAN Ports
Left LED On (green) The WAN port has a valid connection with a device that provides an
Internet connection.
Blinking (green) The WAN port receives or transmits data.
Off The WAN port has no physical link, that is, no Ethernet cable is plugged
into the VPN firewall.
Right LED On (green) The WAN port operates at 1000 Mbps.
On (amber) The WAN port operates at 100 Mbps.
Off The WAN port operates at 10 Mbps.
Internet LED On (green) The WAN port has a valid Internet connection.
Off The WAN port is either not enabled or has no link to the Internet.
Introduction
19
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Rear Panel
The rear panel of the VPN firewall includes a console port, a Factory Defaults Reset button, a
cable lock receptacle, an AC power connection, and a power switch.
Figure 2.
Viewed from left to right, the rear panel contains the following components:
1. Cab
le security lock receptacle.
2. Console
port. Port for connecting to an optional console terminal. The port has a DB9 male
connector. The default baud rate is 115200 K. The pinouts are (2) Tx, (3) Rx, (5) and (7)
Gnd. For information about accessing the command-line interface (CLI) using the console
port, see Use the Command-Line Interface on p
age 334.
3. Factory
Defaults Reset button. Using a sharp object, press and hold this button for about
8 seconds until the front panel Test LED flashes to reset the VPN firewall to factory default
se
ttings. All configuration settings are lost, and the default password is restored.
4. AC po
wer receptacle. Universal AC input (100–240 VAC, 50–60 Hz).
5. A power on/of
f switch.
Bottom Panel with Product Label
The product label on the bottom of the VPN firewall’s enclosure displays factory default
settings, regulatory compliance, and other information.
Figure 3.
Security lock
receptacle
Console port
Factory Defaults
AC power
receptacle
Power
switch
Reset button
Introduction
20
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Choose a Location for the VPN Firewall
The VPN firewall is suitable for use in an office environment where it can be freestanding (on
its runner feet) or mounted into a standard 19-inch equipment rack. Alternatively, you can
rack-mount the VPN firewall in a wiring closet or equipment room.
Consider the following when deciding where to position the VPN firewall:
• The u
nit is accessible, and cables can be connected easily.
• Cabling is away from sources of electrical noise. Th
ese include lift shafts, microwave
ovens, and air-conditioning units.
• W
ater or moisture cannot enter the case of the unit.
• Airflow
around the unit and through the vents in the side of the case is not restricted.
Provide a minimum of 25 mm or 1-inch clearance.
• The a
ir is as free of dust as possible.
• T
emperature operating limits are not likely to be exceeded. Install the unit in a clean,
air-conditioned environment. For information about the recommended operating
temperatures for the VPN firewall, see Appendix A, Default Settings and Technical
Specifications.
Use the Rack-Mounting Kit
Use the mounting kit for the VPN firewall to install the appliance in a rack. Attach the
mounting brackets using the hardware that is supplied with the mounting kit.
Figure 4.
Before mounting the VPN firewall in a rack, verify that:
• Y
ou have the correct screws (supplied with the installation kit).
• The ra
ck onto which you plan to mount the VPN firewall is suitably located.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435
  • Page 436 436
  • Page 437 437
  • Page 438 438
  • Page 439 439
  • Page 440 440
  • Page 441 441
  • Page 442 442
  • Page 443 443
  • Page 444 444
  • Page 445 445
  • Page 446 446
  • Page 447 447
  • Page 448 448
  • Page 449 449
  • Page 450 450
  • Page 451 451
  • Page 452 452
  • Page 453 453
  • Page 454 454
  • Page 455 455
  • Page 456 456
  • Page 457 457
  • Page 458 458
  • Page 459 459
  • Page 460 460

Netgear SRX5308 User manual

Category
Routers
Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI