SSL312 User Manual
Page 1
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, California 95134 USA 202-10208-05 November 2008 v2.1
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, California 95134 USA 202-10208-05 November 2008 v2.1
SSL312 User Manual
Page 3
...EN55022 Class B, EN55024 and EN60950. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß dasProSafe SSL VPN Concentrator 25 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. ... market and has been granted the right to U.S. iii v2.1, November 2008 EU Regulatory Compliance Statement ProSafe SSL VPN Concentrator 25 is hereby certified that the ProSafe SSL VPN Concentrator 25 has been suppressed in accordance with the conditions set out in the OpenSSL Toolkit (http://www.openssl.org/).
...EN55022 Class B, EN55024 and EN60950. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß dasProSafe SSL VPN Concentrator 25 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. ... market and has been granted the right to U.S. iii v2.1, November 2008 EU Regulatory Compliance Statement ProSafe SSL VPN Concentrator 25 is hereby certified that the ProSafe SSL VPN Concentrator 25 has been suppressed in accordance with the conditions set out in the OpenSSL Toolkit (http://www.openssl.org/).
SSL312 User Manual
Page 5
... Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 1-1 Key Features ...1-1 Web Browser Requirements 1-2 What's in the Box ...1-3 Hardware Description ...1-3 Front Panel ...1-4 Back Panel ...1-5 Steps for Deploying the SSL312 1-5 Chapter 2 Installing the SSL312 Choosing a Network Topology 2-1 Single Arm ...2-1 Routing ...2-2 Initial Connection to the SSL VPN Concentrator 2-3 Accessing the Management Interface 2-4 Configuring Basic Network Settings 2-6 Installing the SSL VPN Concentrator 2-8 Managing Certificates ...2-8 Obtaining a Certificate...
... Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 1-1 Key Features ...1-1 Web Browser Requirements 1-2 What's in the Box ...1-3 Hardware Description ...1-3 Front Panel ...1-4 Back Panel ...1-5 Steps for Deploying the SSL312 1-5 Chapter 2 Installing the SSL312 Choosing a Network Topology 2-1 Single Arm ...2-1 Routing ...2-2 Initial Connection to the SSL VPN Concentrator 2-3 Accessing the Management Interface 2-4 Configuring Basic Network Settings 2-6 Installing the SSL VPN Concentrator 2-8 Managing Certificates ...2-8 Obtaining a Certificate...
SSL312 User Manual
Page 9
... uses the following formats to highlight special messages: Note: This format is used to the equipment. -ix v2.1, November 2008 About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight information of importance or special interest. Warning: Ignoring this type of this manual is used to install and...
... uses the following formats to highlight special messages: Note: This format is used to the equipment. -ix v2.1, November 2008 About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight information of importance or special interest. Warning: Ignoring this type of this manual is used to install and...
SSL312 User Manual
Page 10
...or backwards through the manual one page at http://kbserver.netgear.com/products/SSL312.asp. website at a time •A button that displays the table of the full manual and individual chapters. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Danger: This is described in the manual. ...•A button to access the full NETGEAR, Inc. Failure to take heed of this manual includes the ...
...or backwards through the manual one page at http://kbserver.netgear.com/products/SSL312.asp. website at a time •A button that displays the table of the full manual and individual chapters. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Danger: This is described in the manual. ...•A button to access the full NETGEAR, Inc. Failure to take heed of this manual includes the ...
SSL312 User Manual
Page 11
... the manual is available on a single sheet of the chapter you can save paper and printer ink by selecting this feature. -xi v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Each page in the upper left of the window. Tip: If your printer supports printing two pages on the Adobe Web site at...
... the manual is available on a single sheet of the chapter you can save paper and printer ink by selecting this feature. -xi v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Each page in the upper left of the window. Tip: If your printer supports printing two pages on the Adobe Web site at...
SSL312 User Manual
Page 12
... firmware • Expanded feature set. • v2.0 firmware • Added two-factor authentication (WiKID) • Minor menu changes • v2.1 firmware -xii v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November...topics • Added a link to a Microsoft Word template for creating an end-user guide • Refined Portal layout behavior • Added Full Tunnel Support for VPN Tunnels • Removed references to SNMP -
... firmware • Expanded feature set. • v2.0 firmware • Added two-factor authentication (WiKID) • Minor menu changes • v2.1 firmware -xii v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November...topics • Added a link to a Microsoft Word template for creating an end-user guide • Refined Portal layout behavior • Added Full Tunnel Support for VPN Tunnels • Removed references to SNMP -
SSL312 User Manual
Page 13
..., commonly used in the Box" on page 1-3), and a description of the front and back panels of the NETGEAR® ProSafe™ SSL VPN Concentrator 25 SSL312. With support for installation ("Web Browser Requirements" on page 1-2.), package contents ("What's in the world of electronic commerce and has gone through years of popular ...
..., commonly used in the Box" on page 1-3), and a description of the front and back panels of the NETGEAR® ProSafe™ SSL VPN Concentrator 25 SSL312. With support for installation ("Web Browser Requirements" on page 1-2.), package contents ("What's in the world of electronic commerce and has gone through years of popular ...
SSL312 User Manual
Page 14
... higher, or Mozilla Firefox l.x web browser with customizable user portals and support for the SSL VPN Concentrator web management interface and the SSL VPN portal. HTTP and HTTPS proxy and reverse proxy - NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with JavaScript, cookies, and SSL enabled. Java: Sun JRE 1.1 or higher • Unix, Linux, or BSD: - supports...
... higher, or Mozilla Firefox l.x web browser with customizable user portals and support for the SSL VPN Concentrator web management interface and the SSL VPN portal. HTTP and HTTPS proxy and reverse proxy - NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with JavaScript, cookies, and SSL enabled. Java: Sun JRE 1.1 or higher • Unix, Linux, or BSD: - supports...
SSL312 User Manual
Page 15
... advantage of the full suite of Microsoft Internet Explorer. What's in Microsoft Windows Vista 64-bit Edition is 32-bit Internet Explorer. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual support JavaScript, Java, cookies, SSL and ActiveX to your region. • Straight through Category 5 Ethernet cable. • A serial cable (included for Engineering and debugging purposes only) •...
... advantage of the full suite of Microsoft Internet Explorer. What's in Microsoft Windows Vista 64-bit Edition is 32-bit Internet Explorer. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual support JavaScript, Java, cookies, SSL and ActiveX to your region. • Straight through Category 5 Ethernet cable. • A serial cable (included for Engineering and debugging purposes only) •...
SSL312 User Manual
Page 16
... to Factory Defaults button 1-4 Introduction v2.1, November 2008 LED power indicator: • Off - Power is shown below: Figure 1-1 1 2 3 4 5 The SSL VPN Concentrator front panel hardware functions are described below: 1. on . 2. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Front Panel The SSL VPN Concentrator front panel hardware is on while initializing. (~2 minutes) • Loading software - blinking while uploading software • System fault -
... to Factory Defaults button 1-4 Introduction v2.1, November 2008 LED power indicator: • Off - Power is shown below: Figure 1-1 1 2 3 4 5 The SSL VPN Concentrator front panel hardware functions are described below: 1. on . 2. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Front Panel The SSL VPN Concentrator front panel hardware is on while initializing. (~2 minutes) • Loading software - blinking while uploading software • System fault -
SSL312 User Manual
Page 17
... Remote Access Web Portal". Steps for Deploying the SSL312 Three basic steps are involved in deploying the ProSafe SSL VPN Concentrator 25 in your network: • Installing the SSL312: choosing a network topology, configuring its IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is shown below and consists of...
... Remote Access Web Portal". Steps for Deploying the SSL312 Three basic steps are involved in deploying the ProSafe SSL VPN Concentrator 25 in your network: • Installing the SSL312: choosing a network topology, configuring its IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is shown below and consists of...
SSL312 User Manual
Page 18
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1-6 Introduction v2.1, November 2008
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1-6 Introduction v2.1, November 2008
SSL312 User Manual
Page 19
... the Internet and the decrypted connection to install the ProSafe SSL VPN Concentrator 25 SSL312. As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for installing the SSL VPN Concentrator: single arm or routing. The installation includes choosing...
... the Internet and the decrypted connection to install the ProSafe SSL VPN Concentrator 25 SSL312. As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for installing the SSL VPN Concentrator: single arm or routing. The installation includes choosing...
SSL312 User Manual
Page 20
...you will use the following settings when configuring for most networks. Routing In the routing, or two port, topology, the SSL VPN Concentrator is connected to the untrusted side of your firewall, while Ethernet Port 2 connects to the appropriate corporate network servers. ....configure the firewall to forward incoming HTTPS traffic to the IP address of being protected by the SSL VPN Concentrator and relayed to your corporate network. 2-2 Installing the SSL312 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by your firewall.
...you will use the following settings when configuring for most networks. Routing In the routing, or two port, topology, the SSL VPN Concentrator is connected to the untrusted side of your firewall, while Ethernet Port 2 connects to the appropriate corporate network servers. ....configure the firewall to forward incoming HTTPS traffic to the IP address of being protected by the SSL VPN Concentrator and relayed to your corporate network. 2-2 Installing the SSL312 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by your firewall.
SSL312 User Manual
Page 21
...network may not be used in the following steps: Installing the SSL312 2-3 v2.1, November 2008 Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). Therefore, the SSL VPN Concentrator should always be as well protected since the firewall can not ...directly to Ethernet Port 1 for that user. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from your firewall. Unless these default IP addresses are decrypted by the SSL VPN Concentrator and relayed to the appropriate network servers on ...
...network may not be used in the following steps: Installing the SSL312 2-3 v2.1, November 2008 Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). Therefore, the SSL VPN Concentrator should always be as well protected since the firewall can not ...directly to Ethernet Port 1 for that user. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from your firewall. Unless these default IP addresses are decrypted by the SSL VPN Concentrator and relayed to the appropriate network servers on ...
SSL312 User Manual
Page 22
... 2 IP, the default address is referred to Ethernet Port 1 on the front of the concentrator must have administrative access to the SSL VPN Concentrator to the SSL312, turn on the concentrator and verify the following: • The PWR (power) light goes on page 1-2. The ... on immediately. • The TEST light goes off after about one minute, indicating that a connectivity link as the subnet mask. 3. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Prepare a PC with the static IP address configured, you can log into the management interface: 1. If this PC is ...
... 2 IP, the default address is referred to Ethernet Port 1 on the front of the concentrator must have administrative access to the SSL VPN Concentrator to the SSL312, turn on the concentrator and verify the following: • The PWR (power) light goes on page 1-2. The ... on immediately. • The TEST light goes off after about one minute, indicating that a connectivity link as the subnet mask. 3. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Prepare a PC with the static IP address configured, you can log into the management interface: 1. If this PC is ...
SSL312 User Manual
Page 23
... and Web Support headings on the left side of the navigation options is clicked, the corresponding management configuration screen will display. Once you to continue. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. A certificate security warning may appear. Figure 2-3 3. From the Domain drop-down menu, select geardomain. 5. A login screen with User Name and Password dialog boxes...
... and Web Support headings on the left side of the navigation options is clicked, the corresponding management configuration screen will display. Once you to continue. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. A certificate security warning may appear. Figure 2-3 3. From the Domain drop-down menu, select geardomain. 5. A login screen with User Name and Password dialog boxes...
SSL312 User Manual
Page 24
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-4 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into your existing network, you should configure the following basic settings: • Change the administrator password • Configure DNS server IP address • Configure a default route 2-6 Installing the SSL312 v2.1, November 2008
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-4 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into your existing network, you should configure the following basic settings: • Change the administrator password • Configure DNS server IP address • Configure a default route 2-6 Installing the SSL312 v2.1, November 2008
SSL312 User Manual
Page 25
...Routing Mode checkbox and enter your corporate firewall. If you plan a single arm topology, clear the Enable Routing Mode checkbox. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for Internet access. In the Users table, click on admin.... is your corporate firewall. Change the Ethernet port IP Addresses. Enter your new Password and re-type to Confirm Password. Installing the SSL312 2-7 v2.1, November 2008 On the left side of the browser window, select the Network link. d. Configure a default route for...
...Routing Mode checkbox and enter your corporate firewall. If you plan a single arm topology, clear the Enable Routing Mode checkbox. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for Internet access. In the Users table, click on admin.... is your corporate firewall. Change the Ethernet port IP Addresses. Enter your new Password and re-type to Confirm Password. Installing the SSL312 2-7 v2.1, November 2008 On the left side of the browser window, select the Network link. d. Configure a default route for...
