SRX5308 Product Datasheet
Page 2
...; ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Gigabit Ethernet Fast Ethernet GSM7224-200 ProSafe 24-port Gigabit Managed Switch STM300 ProSecure Web and Email Security Appliance SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Remote Access via Kiosk or Laptop Broadband modems Internet PC with GA311 Laptop with SSL VPN 270 -10263-01 PDA with 10/100/1000 Mbps Gigabit Ethernet PCI Adapter (GA311) TECHNICAL SPECIFICATIONS PERFORMANCE LAN-to-WAN Throughput¹ IPsec VPN...
...; ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Gigabit Ethernet Fast Ethernet GSM7224-200 ProSafe 24-port Gigabit Managed Switch STM300 ProSecure Web and Email Security Appliance SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Remote Access via Kiosk or Laptop Broadband modems Internet PC with GA311 Laptop with SSL VPN 270 -10263-01 PDA with 10/100/1000 Mbps Gigabit Ethernet PCI Adapter (GA311) TECHNICAL SPECIFICATIONS PERFORMANCE LAN-to-WAN Throughput¹ IPsec VPN...
SRX5308 Product Datasheet
Page 3
... countries. Plumeria Drive San Jose, CA 95134-1911 USA 1-888-NETGEAR (638-4327) E-mail: info@NETGEAR.com www.NETGEAR.com © 2010 NETGEAR, Inc. Other brand names mentioned herein are for Each Connected PC, Network Software (e.g. ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 TECHNICAL SPECIFICATIONS VPN SSL Version Support SSL Encryption Support SSL Message Integrity SSL Certificate Support SSL VPN Platforms Supported SSLv3, TLS1.0 DES, 3DES, ARC4, AES(ECB...
... countries. Plumeria Drive San Jose, CA 95134-1911 USA 1-888-NETGEAR (638-4327) E-mail: info@NETGEAR.com www.NETGEAR.com © 2010 NETGEAR, Inc. Other brand names mentioned herein are for Each Connected PC, Network Software (e.g. ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 TECHNICAL SPECIFICATIONS VPN SSL Version Support SSL Encryption Support SSL Message Integrity SSL Certificate Support SSL VPN Platforms Supported SSLv3, TLS1.0 DES, 3DES, ARC4, AES(ECB...
SRX5308 Reference Manual
Page 5
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 4 Firewall Protection About Firewall Protection 4-1 Administrator Tips ...4-2 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-3 Order of Precedence for Rules 4-10 Setting LAN WAN Rules 4-11 Setting DMZ WAN Rules 4-14 Setting LAN DMZ Rules 4-18 Inbound Rules Examples 4-21 Outbound Rules Example 4-25 Configuring Other Firewall... to Block or Allow Specific Traffic 4-40 Content Filtering (Blocking Internet Sites 4-41 Understanding the VPN Firewall's Content Filtering 4-41 ...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 4 Firewall Protection About Firewall Protection 4-1 Administrator Tips ...4-2 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-3 Order of Precedence for Rules 4-10 Setting LAN WAN Rules 4-11 Setting DMZ WAN Rules 4-14 Setting LAN DMZ Rules 4-18 Inbound Rules Examples 4-21 Outbound Rules Example 4-25 Configuring Other Firewall... to Block or Allow Specific Traffic 4-40 Content Filtering (Blocking Internet Sites 4-41 Understanding the VPN Firewall's Content Filtering 4-41 ...
SRX5308 Reference Manual
Page 9
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System B-8 Virtual...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System B-8 Virtual...
SRX5308 Reference Manual
Page 12
...you can save paper and printer ink by selecting this reference manual. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • Scope. Note: Product updates are available on the NETGEAR website at http://www.adobe.com. Revision History Part Number Version Number..., you to the NETGEAR Website in Appendix E, "Related Documents." How to Print This Manual Your computer must have the free Adobe Acrobat Reader installed for the VPN firewall according to these specifications: Product Version ProSafe Gigabit Quad WAN SSL VPN Firewall Manual Publication Date April...
...you can save paper and printer ink by selecting this reference manual. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • Scope. Note: Product updates are available on the NETGEAR website at http://www.adobe.com. Revision History Part Number Version Number..., you to the NETGEAR Website in Appendix E, "Related Documents." How to Print This Manual Your computer must have the free Adobe Acrobat Reader installed for the VPN firewall according to these specifications: Product Version ProSafe Gigabit Quad WAN SSL VPN Firewall Manual Publication Date April...
SRX5308 Reference Manual
Page 16
... NAT. Security Features The SRX5308 is a response to specific PCs based on the service port number of the incoming request. Instead of discarding this traffic, you can control access to you at specified intervals. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual A Powerful, True Firewall with Content Filtering Unlike simple NAT routers, the SRX5308 is a true firewall, using stateful packet inspection...
... NAT. Security Features The SRX5308 is a response to specific PCs based on the service port number of the incoming request. Instead of discarding this traffic, you can control access to you at specified intervals. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual A Powerful, True Firewall with Content Filtering Unlike simple NAT routers, the SRX5308 is a true firewall, using stateful packet inspection...
SRX5308 Reference Manual
Page 23
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Choosing a Location for the SRX5308 The SRX5308 is suitably located. Provide a minimum of 25 mm or 1 inch clearance. • The air is as possible. • Temperature operating limits are not ... the unit in an office environment where it can be exceeded. Using the Rack-Mounting Kit Use the mounting kit for the SRX5308, see Appendix A, "Default Settings and Technical Specifications." These include lift shafts, microwave ovens, and air-conditioning units. • Water or moisture cannot enter the case of the unit...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Choosing a Location for the SRX5308 The SRX5308 is suitably located. Provide a minimum of 25 mm or 1 inch clearance. • The air is as possible. • Temperature operating limits are not ... the unit in an office environment where it can be exceeded. Using the Rack-Mounting Kit Use the mounting kit for the SRX5308, see Appendix A, "Default Settings and Technical Specifications." These include lift shafts, microwave ovens, and air-conditioning units. • Water or moisture cannot enter the case of the unit...
SRX5308 Reference Manual
Page 40
...specific WAN interface, configure protocol binding rules for that you want to four WAN interfaces. You can configure up , all PCs on your LAN can use a redundant ISP link for backup purposes, select the WAN port that are not visible from the Internet. 2-16 Connecting the VPN Firewall... disabled. • Auto-rollover mode. The selected WAN interface is only a single device (the VPN firewall) and a single IP address. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring the WAN Mode The VPN firewall can be configured on a mutually exclusive basis for...
...specific WAN interface, configure protocol binding rules for that you want to four WAN interfaces. You can configure up , all PCs on your LAN can use a redundant ISP link for backup purposes, select the WAN port that are not visible from the Internet. 2-16 Connecting the VPN Firewall... disabled. • Auto-rollover mode. The selected WAN interface is only a single device (the VPN firewall) and a single IP address. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring the WAN Mode The VPN firewall can be configured on a mutually exclusive basis for...
SRX5308 Reference Manual
Page 41
...of the screen select the NAT radio button. 4. Or, you have assigned one of these addresses to specific PCs on your LAN. Click the WAN Mode tab. The WAN Mode screen displays (see Figure 2-13 on your LAN must use NAT (the default setting). •... "Viewing the System (Router) Status and Statistics" on page 2-19). 3. Select Network Configuration > WAN Settings from the menu. 2. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note the following about NAT: • The VPN firewall uses NAT to select the correct PC (on your LAN) to receive any incoming data. •...
...of the screen select the NAT radio button. 4. Or, you have assigned one of these addresses to specific PCs on your LAN. Click the WAN Mode tab. The WAN Mode screen displays (see Figure 2-13 on your LAN must use NAT (the default setting). •... "Viewing the System (Router) Status and Statistics" on page 2-19). 3. Select Network Configuration > WAN Settings from the menu. 2. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note the following about NAT: • The VPN firewall uses NAT to select the correct PC (on your LAN) to receive any incoming data. •...
SRX5308 Reference Manual
Page 50
...the WAN1 ISP Settings screen as an example). 3. The WAN screen displays (see Figure 2-6 on page 2-9, which includes one entry in the List of Secondary WAN addresses table). 2-26 Connecting the VPN Firewall to the Internet v1.0, April 2010 Click the Edit ... add a secondary WAN address to a WAN port: 1. Note: It is an example of the WAN interface for the WAN interface that are different from the menu. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual For more information about firewall rules, see "Using Rules to Block or Allow Specific Kinds of the screen...
...the WAN1 ISP Settings screen as an example). 3. The WAN screen displays (see Figure 2-6 on page 2-9, which includes one entry in the List of Secondary WAN addresses table). 2-26 Connecting the VPN Firewall to the Internet v1.0, April 2010 Click the Edit ... add a secondary WAN address to a WAN port: 1. Note: It is an example of the WAN interface for the WAN interface that are different from the menu. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual For more information about firewall rules, see "Using Rules to Block or Allow Specific Kinds of the screen...
SRX5308 Reference Manual
Page 75
... Database You can just select the name of Traffic" on page 4-44). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Some advantages of the network database are maintained until the PC or device is used to Block or Allow Specific Kinds of the desired PC or device. • There is no need ...IP address. • A PC is identified by its MAC address-not by the DHCP server are : • Generally, you can also create firewall rules to apply to reserve an IP address for a long time) or by changing their IP address. The LAN Settings submenu tabs display, with...
... Database You can just select the name of Traffic" on page 4-44). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Some advantages of the network database are maintained until the PC or device is used to Block or Allow Specific Kinds of the desired PC or device. • There is no need ...IP address. • A PC is identified by its MAC address-not by the DHCP server are : • Generally, you can also create firewall rules to apply to reserve an IP address for a long time) or by changing their IP address. The LAN Settings submenu tabs display, with...
SRX5308 Reference Manual
Page 91
...VPN firewall to protect your network. For information about how to an outgoing request, but true stateful packet inspection goes far beyond NAT. 4-1 v1.0, April 2010 This chapter contains the following sections: • "About Firewall Protection" on this page • "Using Rules to Block or Allow Specific... Kinds of Traffic" on page 4-2 • "Configuring Other Firewall Features" on page 4-26 • "Creating Services, QoS Profiles, ...
...VPN firewall to protect your network. For information about how to an outgoing request, but true stateful packet inspection goes far beyond NAT. 4-1 v1.0, April 2010 This chapter contains the following sections: • "About Firewall Protection" on this page • "Using Rules to Block or Allow Specific... Kinds of Traffic" on page 4-2 • "Configuring Other Firewall Features" on page 4-26 • "Creating Services, QoS Profiles, ...
SRX5308 Reference Manual
Page 92
... WAN) determine what outside . 4-2 Firewall Protection v1.0, April 2010 Some firewall settings might affect the performance of the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Administrator Tips Consider the following features and capabilities of the VPN firewall: - Although using the following operational items: 1. Schedules (see "Managing Groups and Hosts (LAN Groups)" on page 4-40) - Using Rules to Block or Allow Specific...
... WAN) determine what outside . 4-2 Firewall Protection v1.0, April 2010 Some firewall settings might affect the performance of the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Administrator Tips Consider the following features and capabilities of the VPN firewall: - Although using the following operational items: 1. Schedules (see "Managing Groups and Hosts (LAN Groups)" on page 4-40) - Using Rules to Block or Allow Specific...
SRX5308 Reference Manual
Page 95
... Specific Traffic" on page 3-14. Firewall Protection 4-5 v1.0, April 2010 The settings that is used by this rule. • This drop-down list is activated only when "BLOCK by schedule, otherwise allow" or "ALLOW by this rule. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308... Reference Manual Table 4-2. Outbound Rules Overview (continued) Setting Select Schedule LAN Users WAN Users DMZ Users QoS Profile Description (or Subfield and Description) The time schedule...
... Specific Traffic" on page 3-14. Firewall Protection 4-5 v1.0, April 2010 The settings that is used by this rule. • This drop-down list is activated only when "BLOCK by schedule, otherwise allow" or "ALLOW by this rule. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308... Reference Manual Table 4-2. Outbound Rules Overview (continued) Setting Select Schedule LAN Users WAN Users DMZ Users QoS Profile Description (or Subfield and Description) The time schedule...
SRX5308 Reference Manual
Page 98
... on your LAN. • Address range. WAN Destination IP Address The setting that maps to a specific port. Use the LAN Groups screen (under Network Configuration) to assign PCs to inbound LAN WAN rules. 4-8 Firewall Protection v1.0, April 2010 If the service or... on page 4-31). Select the group to incoming traffic. See "Managing Groups and Hosts (LAN Groups)" on page 4-18. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • "Setting LAN DMZ Rules" on page 3-14. Inbound Rules Overview Setting Description (or Subfield and Description) ...
... on your LAN. • Address range. WAN Destination IP Address The setting that maps to a specific port. Use the LAN Groups screen (under Network Configuration) to assign PCs to inbound LAN WAN rules. 4-8 Firewall Protection v1.0, April 2010 If the service or... on page 4-31). Select the group to incoming traffic. See "Managing Groups and Hosts (LAN Groups)" on page 4-18. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • "Setting LAN DMZ Rules" on page 3-14. Inbound Rules Overview Setting Description (or Subfield and Description) ...
SRX5308 Reference Manual
Page 100
...is added to a table in the Rules screen as the last item in the list, as a Web or FTP server) from your location. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: Some residential broadband ISP accounts do not allow you to relocate a defined rule to a new position in determining the disposition of...account if it is subjected to run any server processes (such as shown in the LAN WAN Rules screen example in the Rules table, beginning at the top (those with the most specific services or addresses). If you to the rules in the order shown in Figure 4-1 on ...
...is added to a table in the Rules screen as the last item in the list, as a Web or FTP server) from your location. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: Some residential broadband ISP accounts do not allow you to relocate a defined rule to a new position in determining the disposition of...account if it is subjected to run any server processes (such as shown in the LAN WAN Rules screen example in the Rules table, beginning at the top (those with the most specific services or addresses). If you to the rules in the order shown in Figure 4-1 on ...
SRX5308 Reference Manual
Page 101
..., select Block Always from the menu. Select Security > Firewall from the drop-down list, click the Apply table button. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Setting LAN WAN Rules The default outbound policy is also referred to pass through the VPN firewall. Figure 4-2 2. You can then be applied to block specific types of "Allow Always" to "Block Always" to...
..., select Block Always from the menu. Select Security > Firewall from the drop-down list, click the Apply table button. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Setting LAN WAN Rules The default outbound policy is also referred to pass through the VPN firewall. Figure 4-2 2. You can then be applied to block specific types of "Allow Always" to "Block Always" to...
SRX5308 Reference Manual
Page 102
...exceptions to the default rules. Moves the rule down one position in the table rank. • Down. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To make any external WAN IP address according to the schedule created in the Schedule screen. Allows you to make changes to an existing...table buttons: • Enable. Depending on your specific needs (see "Administrator Tips" on page 4-14) displays, containing the data for advanced administrators only! To enable, disable, or delete one or more rules: 1. LAN WAN Outbound Services Rules You can block or allow traffic...
...exceptions to the default rules. Moves the rule down one position in the table rank. • Down. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To make any external WAN IP address according to the schedule created in the Schedule screen. Allows you to make changes to an existing...table buttons: • Enable. Depending on your specific needs (see "Administrator Tips" on page 4-14) displays, containing the data for advanced administrators only! To enable, disable, or delete one or more rules: 1. LAN WAN Outbound Services Rules You can block or allow traffic...
SRX5308 Reference Manual
Page 104
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 4-4 2. The default outbound policy is on page 4-16). 4-14 v1.0, April 2010 Firewall Protection You do so by blocking all traffic from the Internet to the DMZ (inbound). Setting DMZ WAN Rules The firewall rules for traffic between the DMZ and the ...VPN firewall. The new rule is no drop-down list that lets you set the default outbound policy as explained in from and to the Internet to save your changes. Enter the settings as there is to allow all outbound traffic and then enabling only specific...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 4-4 2. The default outbound policy is on page 4-16). 4-14 v1.0, April 2010 Firewall Protection You do so by blocking all traffic from the Internet to the DMZ (inbound). Setting DMZ WAN Rules The firewall rules for traffic between the DMZ and the ...VPN firewall. The new rule is no drop-down list that lets you set the default outbound policy as explained in from and to the Internet to save your changes. Enter the settings as there is to allow all outbound traffic and then enabling only specific...
SRX5308 Reference Manual
Page 108
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Setting LAN DMZ Rules The LAN DMZ Rules screen allows ...(inbound). The default outbound and inbound policies are to allow all outbound traffic and then enabling only specific services to pass through the VPN firewall. Figure 4-8 To make any changes to the rule definition of traffic from either the Edit LAN... is on page 4-19) or Edit LAN DMZ Inbound Service screen (identical to block specific types of an existing rule. You can then apply firewall rules to Figure 4-10 on page 4-19). Click the LAN DMZ Rules submenu tab....
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Setting LAN DMZ Rules The LAN DMZ Rules screen allows ...(inbound). The default outbound and inbound policies are to allow all outbound traffic and then enabling only specific services to pass through the VPN firewall. Figure 4-8 To make any changes to the rule definition of traffic from either the Edit LAN... is on page 4-19) or Edit LAN DMZ Inbound Service screen (identical to block specific types of an existing rule. You can then apply firewall rules to Figure 4-10 on page 4-19). Click the LAN DMZ Rules submenu tab....