NETGEAR SRX5308-100NAS Switch User Manual


 
Manage Users, Authentication, and VPN Certificates
313
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
4. Click Apply to save your settings.
Manage Digital Certificates for VPN Connections
VPN Certificates Screen
Manage VPN CA Certificates
Manage VPN Self-Signed Certificates
Manage the VPN Certificate Revocation List
The VPN firewall uses digital certificates (also
known as X509 certificates) during the Internet
Key Exchange (IKE) authentication phase to authenticate connecting IPSec VPN gateways
or clients, or to be authenticated by remote entities:
On th
e VPN firewall, you can enter a digital certificate on the IKE Policies screen, on
which the certificate is referred to as an RSA signature (see Figure 155 on
page 227 and
Authentication Method on p
age 230).
On th
e VPN Client, you can enter a digital certificate on the Authentication pane in the
Configuration Panel screen (see Figure 142 on p
age 216).
Digital certificates are extended for secure we
b access connections over HTTPS (that is,
SSL connections).
Digital certificates either can be self-signed or can be
issued by certification authorities (CAs)
such as an internal Windows server or an external organization such as Verisign or Thawte.
However, if the digital certificate contains the extKeyUsage extension, the certificate needs to
b
e used for one of the purposes defined by the extension. For example, if the digital
certificate contains the extKeyUsage extension that is defined for SNMPv2, the same
certificate cannot be used for secure web management. The extKeyUsage would govern the
certificate acceptance criteria on the VPN firewall when the same digital certificate is being
used for secure web management.
On the VPN firewall, the uploaded digital certificate is checked for validity and purpose. The
d
igital certificate is accepted when it passes the validity test and the purpose matches its use.
The check for the purpose needs to correspond to its use for IPSec VPN, SSL VPN, or both.
If the defined purpose is for IPSec VPN and SSL VPN, the digital certificate is uploaded to
Check to Edit
Password
Select this check box to make the password fields accessible to modify the password.
Enter Your Password Enter the password with which you have logged in.
New Password Enter the new password.
Confirm New Password Reenter the new password for confirmation.
Idle Timeout The period after which an idle user is automa
tically logged out of the web management
interface. The default idle time-out period is 5 minutes.
Table 80. Edit User screen settings (continued)
Setting Description