Managing Certificates - NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router Reference Manual

Prosafe gigabit 8 port vpn firewall

Hide thumbs Also See for FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router:

Reference manual (422 pages)

Datasheet (3 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

Table of Contents

When specifying RADIUS domain authentication, you are presented with several authentication

protocol choices, as summarized in the following table:

Table 6-1.

Authentication

Description

Protocol

PAP

Password Authentication Protocol (PAP) is a simple protocol in which the client sends a

password in clear text.

CHAP

Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake

in which the client and server trade challenge messages, each responding with a hash of

the other's challenge message that is calculated using a shared secret value.

MIAS

Network validated PAP or CHAP password based authentication scheme.

WiKID

WiKID is a PAP or CHAP key-based two-factor authentication method using public key

cryptography. The client sends an encrypted PIN to the WiKID server and receives a one-

time passcode with a short expiration period. The client logs in with the passcode. See

tAppendix C, "Two Factor Authentication"

The chosen authentication protocol must be configured on the RADIUS server and on the

authenticating client devices.

Managing Certificates

The FVS318G uses Digital Certificates (also known as X509 Certificates) during the Internet Key

Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to be

authenticated by remote entities. The same Digital Certificates are extended for secure web access

connections over HTTPS.

Digital Certificates can be either self signed or can be issued by Certification Authorities (CA)

such as via an in-house Windows server, or by an external organization such as Verisign or

Thawte.

However, if the Digital Certificates contain the extKeyUsage extension then the certificate must be

used for one of the purposes defined by the extension. For example, if the Digital Certificate

contains the extKeyUsage extension defined to SNMPV2 then the same certificate cannot be used

for secure web management.

The extKeyUsage would govern the certificate acceptance criteria in the FVS318G when the same

digital certificate is being used for secure web management.

Managing Users, Authentication, and Certificates

ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual

1.1 November, 2009

for more on WiKID authentication.

6-7

Table of Contents

Managing Certificates - NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router Reference Manual

Managing Certificates

Troubleshooting

Related Manuals for NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router

Related Content for NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router

Table of Contents