6
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configure LAN WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Create LAN WAN Outbound Service Rules . . . . . . . . . . . . . . . . . . . . . 143
Create LAN WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . . 145
Configure DMZ WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Create DMZ WAN Outbound Service Rules. . . . . . . . . . . . . . . . . . . . . 149
Create DMZ WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . . 151
Configure LAN DMZ Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Create LAN DMZ Outbound Service Rules . . . . . . . . . . . . . . . . . . . . . 155
Create LAN DMZ Inbound Service Rules. . . . . . . . . . . . . . . . . . . . . . .157
Examples of Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Examples of Inbound Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Examples of Outbound Firewall Rules . . . . .
. . . . . . . . . . . . . . . . . . . .164
Configure Other Firewall Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Attack Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Set Limits for IPv4 Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Manage the Application Level Gateway for S
IP Sessions . . . . . . . . . . 171
Services, Bandwidth Profiles, and Q
oS Profiles. . . . . . . . . . . . . . . . . . . . 171
Add Customized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Create IP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Create Bandwidth Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Create Quality of Service Profiles for IPv4 Firewall Rules . . . . . . . . . .179
Quality of Service Priorities for IPv6 Firewall Rules . . . . . . . . . . . . . . . 181
Configure Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Set a Schedule to Block or Allow Specific Traffic
. . . . . . . . . . . . . . . . . . .185
Enable Source MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Set Up IP/MAC Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Configure Port Triggering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Configure Universal Plug and Play. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Chapter 5 Virtual Private Networking
Using IPSec and L2TP Connections
Considerations for Dual WAN Port Systems (IPv4 Only). . . . . . . . . . . . . 196
Use the IPSec VPN Wizard for Client and Gateway
Configurations . . . .198
Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard. . . 198
Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard. . . 203
Create an IPv4 Client-to-Gateway VPN
Tunnel with the Wizard . . . . . 206
Test the Connection and View Connection and Status Information. . . . . 221
Test the NETGEAR VPN Client Connection . . . . . . . . . . . . . . . . . . . . 221
NETGEAR VPN Client Status and Log Information
. . . . . . . . . . . . . . .223
View the VPN Firewall IPSec VPN Connection Status. . . . . . . . . . . . .223
View the VPN Firewall IPSec VPN Log . . . . . . . . . . . . . . . . . . . . . . . . 224
Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Manage IKE Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Manage VPN Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . . 239
Configure XAUTH for VPN Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240