Managing Certificates - NETGEAR FVS336Gv1 - ProSafe Dual WAN Gigabit Firewall Reference Manual

Dual wan gigabit firewall with ssl & ipsec vpn

Hide thumbs Also See for FVS336Gv1 - ProSafe Dual WAN Gigabit Firewall:

Setup manual (9 pages)

Configuration (10 pages)

Use manual (9 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

Table of Contents

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

4. Click Apply to save your settings or Cancel to return to your previous settings.

Note: The password and time-out value you enter will be changed back to password

and 10 minutes, respectively, after a factory defaults reset.

Managing Certificates

The VPN firewall uses Digital Certificates (also known as X509 Certificates) during the Internet

Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or

to be authenticated by remote entities. The same Digital Certificates are extended for secure web

access connections over HTTPS.

Digital Certificates can be either self signed or can be issued by Certification Authorities (CA)

such as via an in-house Windows server, or by an external organization such as Verisign or

Thawte.

However, if the Digital Certificates contain the extKeyUsage extension then the certificate must be

used for one of the purposes defined by the extension. For example, if the Digital Certificate

contains the extKeyUsage extension defined to SNMPV2 then the same certificate cannot be used

for secure web management.

The extKeyUsage would govern the certificate acceptance criteria in the VPN firewall when the

same digital certificate is being used for secure web management.

In the VPN firewall, the uploaded digital certificate is checked for validity and also the purpose of

the certificate is verified. Upon passing the validity test and the purpose matches its use (has to be

SSL and VPN) the digital certificate is accepted. The additional check for the purpose of the

uploaded digital certificate must correspond to use for VPN and secure web remote management

via HTTPS. If the purpose defined is for VPN and HTTPS then the certificate is uploaded to the

HTTPS certificate repository and as well in the VPN certificate repository. If the purpose defined

is only for VPN then the certificate is only uploaded to the VPN certificate repository. Thus,

certificates used by HTTPS and IPSec will be different if their purpose is not defined to be VPN

and HTTPS.

The VPN firewall uses digital certificates to authenticate connecting VPN gateways or clients, and

to be authenticated by remote entities. A certificate that authenticates a server, for example, is a

file that contains:

•

A public encryption key to be used by clients for encrypting messages to the server.

•

Information identifying the operator of the server.

Managing Users, Authentication, and Certificates

v1.0, January 2010

7-11

Table of Contents

Troubleshooting

This manual is also suitable for:

Prosafe fvs336g

Managing Certificates - NETGEAR FVS336Gv1 - ProSafe Dual WAN Gigabit Firewall Reference Manual

Managing Certificates

Troubleshooting

Related Manuals for NETGEAR FVS336Gv1 - ProSafe Dual WAN Gigabit Firewall

Related Content for NETGEAR FVS336Gv1 - ProSafe Dual WAN Gigabit Firewall

This manual is also suitable for:

Table of Contents