1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Wireless Access Point
  5. SSL312 - ProSafe SSL VPN Concentrator 25
  6. Reference manual

NETGEAR ProSafe SSL312 Reference Manual

Ssl vpn concentrator 25
Hide thumbs Also See for ProSafe SSL312:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, User Manual
NETGEAR ProSafe SSL
VPN Concentrator 25
SSL312 Reference
Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10208-01
August 2006

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR ProSafe SSL312

Summary of Contents for NETGEAR ProSafe SSL312

  • Page 1 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10208-01 August 2006...

  • Page 2: Technical Support

    In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen. Product and Publication Details Model Number: SSL312 Publication Date: August 2006 Product Family:...
  • Page 4 v1.0, August 2006...

  • Page 5: Table Of Contents

    Contents About This Manual Conventions, Formats and Scope ..................ix How to Use This Manual ....................x How to Print this Manual ....................x Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 ...............1-1 Key Features ........................1-1 Web Browser Requirements ...................1-2 What’s in the Box ......................1-3 Hardware Description .....................1-3 Front Panel .......................1-3...
  • Page 6 Importing a Configuration File ..................4-3 Erasing and Restoring the Default Settings .............4-4 Upgrading the SSL VPN Concentrator Firmware .............4-4 Time and Date Settings ....................4-5 Certificate Management ....................4-7 Chapter 5 Network Settings Configuring Network Settings ..................5-1 Sample SSL VPN Concentrator Configuration ............5-1 Network Interface Configuration ................5-2 Network Route Configuration ...................5-4 Network Host Table Settings ..................5-6...
  • Page 7 LDAP Attribute Rules .....................6-21 Sample LDAP Users and Attributes Settings ............6-21 Querying an LDAP Server ..................6-21 NT and RADIUS Domain Servers for Group Policies and Bookmarks ......6-22 Chapter 7 Domains and Layouts Authentication Domains ....................7-1 Local User Database Authentication ................7-2 RADIUS Authentication ....................7-3 NT Domain Authentication ..................7-4 LDAP Authentication ....................7-5...
  • Page 8 Appendix B Related Documents Index viii v1.0, August 2006...

  • Page 9: About This Manual

    About This Manual The NETGEAR ® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to install, configure and troubleshoot the ProSafe SSL VPN Concentrator 25. The information in this manual is intended for readers with intermediate computer and Internet skills.

  • Page 10: How To Use This Manual

    • button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
  • Page 11 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents. • Printing a Chapter.
  • Page 12 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual v1.0, August 2006...

  • Page 13: Introduction

    Chapter 1 Introduction This chapter describes some of the key features of the NETGEAR ® ProSafe™ SSL VPN Concentrator 25 SSL312. It also includes the minimum prerequisites for installation and (“Web Browser Requirements” on page 1-2.), package contents (“What’s in the Box” on page...

  • Page 14: Web Browser Requirements

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Connects to the SSL VPN Concentrator through a number of popular browsers, such as Microsoft Internet Explorer or Apple Safari. • Supports 25 concurrent sessions. • Provides granular access to corporate resources based upon user type or group membership.

  • Page 15: What's In The Box

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use an Internet Explorer 6.5.1 or higher, Apple Safari 1.2 or higher, or Mozilla l.x web browser with JavaScript, cookies, and SSL-enabled.

  • Page 16: Back Panel

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. LED Power Indicator: • Off – No power • On – Power is on. 2. LED Self test Indicator. • Self test – on while initializing. (~2 minutes) • Loading Software – blinking while uploading software •...

  • Page 17: Basic Installation And Configuration

    3. Connect an Ethernet cable from your computer to Ethernet Port 1 on the front of the SSL VPN Concentrator. 4. Connect the power cord to the SSL312, turn on the concentrator and verify the following: • The PWR power light goes on.

  • Page 18: Configuring The Prosafe Ssl Vpn Concentrator 25

    Note: You must have administrative access to your network’s concentrator device to configure the Management Interface settings To log into the management interface: 1. Connect to the SSL312 by opening your browser and entering https://192.168.1.1 (for the Ethernet Port 1 IP) in the address field. . https:// 192.168.1.1 Figure 2-1 If you are connected to Ethernet Port 2 IP, the default address is https://10.0.0.1.
  • Page 19 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. Click Login to log in the SSL VPN Concentrator Management Interface. Once you have logged in, the following Status screen will display. The navigation links under System Configuration, Access Administration, Monitoring, SSL VPN Portal and Web Support menus on the left side of the browser window allow you to access and configure administrative settings.

  • Page 20: Logging In To The Management Interface

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • The Launch Portal option under SSL VPN Portal in the navigation menu opens an SSL VPN portal window for users. • In addition to the online help provided with each menu, you can access Web Support by clicking the KnowledgeBase link or the Documentation link under Web Support on the navigation menu.
  • Page 21 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual VPN Concentrator 25”. (Complete installation instructions can be found in the ProSafe SSL VPN Concentrator 25 Installation Guide or “Installing the SSL VPN Concentrator” on page 2-1.) To log in to the SSL VPN Concentrator.
  • Page 22 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Basic Installation and Configuration v1.0, August 2006...

  • Page 23: Status And Logging

    Chapter 3 Status and Logging This chapter provides an overview of the SSL VPN Concentrator administrative interface and describes the SSL VPN Concentrator status information, logging, alerting and reporting features. These settings may be viewed in the Status and Logs section of the SSL VPN Concentrator administrator interface.
  • Page 24 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 3-1 The Status window shows important state and configuration information. Be sure to check the Status window for error messages and confirm that SSL VPN Concentrator is configured properly. From the Status page, you may view: •...

  • Page 25: Event Log

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Event Log The SSL VPN Concentrator provides web based logging. It also provides the ability to send log messages to an external syslog server using the syslog protocol and to E-mail log files and alert messages to an E-mail address or pager.
  • Page 26 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • User name. The User name field shows the authenticated name of the user or administrator that generated the log event. • Log message. The message field describes the event that occurred. Examples of log messages include “Administrator login successful”...

  • Page 27: Active Users

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual By default, 50 messages are displayed per page. If more than 50 events have been logged, then a Page number menu will be displayed at the top of the event log table. Select the desired page number from the Page menu to see archived log messages.

  • Page 28: Log Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Log Settings The SSL VPN Concentrator supports web-based logging, syslog logging and e-mail alert messages. In addition, the SSL VPN Concentrator may be configured to e-mail the event log file to the SSL VPN Concentrator administrator before the log file is cleared.
  • Page 29 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. In the SysLog Settings section, enter the IP address or fully qualified domain name of your syslog server in the Primary Syslog Server field. Leave this field blank if you do not require syslog logging.
  • Page 30 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Alerts: Error 6. Click Apply to confirm your settings. Status and Logging v1.0, August 2006...

  • Page 31: General Settings

    Chapter 4 General Settings This chapter provides instructions for saving and restoring the configuration file, upgrading the firmware and for managing SSL certificate files. It also covers restarting the SSL VPN Concentrator and configuring the time and date settings. Sections include: •...

  • Page 32: Encrypting The Configuration File

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-1 Encrypting the Configuration File For security purposes, you can encrypt the configuration files. However, if the configuration files are encrypted, they cannot be edited or reviewed for troubleshooting purposes.

  • Page 33: Importing A Configuration File

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-2 3. Choose the location to save the configuration file. The file is named “conf.zip” by default, but it can be renamed. 4. Click Save to save the configuration file.

  • Page 34: Erasing And Restoring The Default Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Erasing and Restoring the Default Settings To erase your SSL VPN Concentrator configuration settings and restore the initial configuration: 1. Click Erase. 2. A dialog box will prompt you to confirm the change. Click OK to restore the initial configuration settings.

  • Page 35: Time And Date Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-5 2. Click Browse to locate the saved firmware file, ssl312-X.X.X.tar.gz, where X.X.X indicates the release version. 3. Select the file and then click Upload. 4. Once the file has been uploaded, restart the SSL VPN Concentrator server for the upgrade to be complete.
  • Page 36 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-6 2. Select your time zone from the Select Your Time Zone drop-down menu. 3. Select either the Use Network Time Protocol (NTP) radio box or the Set date and time manually radio box.

  • Page 37: Certificate Management

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual If you enabled NTP, then the NTP time settings will override the manually configured time settings. The NTP time settings will be determined by the NTP server and the time zone that is selected in the Select Your Time Zone menu.
  • Page 38 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. Fill out all of the fields with the appropriate information. Figure 4-8 4. Check the Generate a Self-signed Certificate radio box to generate a new CRT. If all information is entered correctly, a crt.zip file will be created. This file includes a server.crt and a server.key key file.
  • Page 39 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual and a certificate key file named “server.key”. If the zipped file does not contain these two files, the zipped file will not be uploaded 8. Click Upload to save the file to the Cert Description table. Once the certificate has been...
  • Page 40 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-10 2. Click Enable. The SSL VPN Concentrator software will restart using the new certificate. In order to obtain a valid certificate from a widely accepted Certificate Authority such as Verisign or Thawte, you must generate a Certificate Signing Request for your SSL VPN device.
  • Page 41 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-11 You may also delete an expired or incorrect certificate. Delete the certificate by clicking Delete . Note: The Delete button will not be displayed if the SSL certificate is active. To delete a certificate, upload and activate another SSL certificate.
  • Page 42 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-12 General Settings v1.0, August 2006...

  • Page 43: Network Settings

    Chapter 5 Network Settings This chapter describes how to configure network and IP settings. These settings should be configured by a network administrator. The Network settings to be configured include: • Configuring Network Settings • Network Interface Configuration • Network Route Configuration •...

  • Page 44: Network Interface Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Interface Ethernet Port 1 subnet mask: 255.255.255.0 (subnet: 192.168.1.0/24) • Default gateway address (Firewall/Router address): 192.168.1.2 In this configuration, the IP addresses of devices in the local network should be configured in the 192.168.1.0/24 subnet and the default gateway for these devices should be the internal IP...
  • Page 45 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 5-2 2. Enter the Ethernet Port 1 subnet mask that has been configured for your network. The subnet mask value should be the same value as the subnet mask configured on your network computers.

  • Page 46: Network Route Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. Click Apply to save your settings. Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). And the SSL VPN Concentrator only enforces access policies on SSL VPN traffic, not on other TCP/IP protocols. Therefore, the SSL VPN Concentrator should be used in conjunction with a network firewall.
  • Page 47 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 5-3 To configure a static route: 1. In the Add Static Routes section, enter the destination network address of the static route in the Destination Network field. The destination network address is an IP address in the remote network subnet.

  • Page 48: Network Host Table Settings

    4. Enter the host alias in the optional Alias field. For example, if a FQDN “www.netgear.com” has been entered in the Host Name field, then a shorter name, such as “www” or “web” may be entered in the Alias field.

  • Page 49: Configuring Dns Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Once the new Host has been added, the Host will be displayed in the Host Table. The Host Table displays a list of the configured host names and the corresponding IP addresses...
  • Page 50 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 5-5 2. Enter the Hostname for the ProSafe SSL VPN Concentrator 25 device. The hostname is used to identify the SSL VPN Concentrator device on the network. Use only letters and numbers for the hostname;...

  • Page 51: Group And User Access Policies

    Chapter 6 Group and User Access Policies This chapter describes how to define users and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapter includes the following topics: • Editing Global Policy Settings •...
  • Page 52 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. If two or more user, group or global policies are configured, the most specific policy takes precedence. For example, a policy configured for a single IP address takes precedence over a policy configured for a range of addresses.

  • Page 53: Global Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Global Policies You can view and configure the SSL VPN Concentrator Global Policies, Groups and Users by selecting Users and Groups under the Access Administration menu in the left navigation pane.

  • Page 54: Adding And Editing Global Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 6-2 2. Enter the number of minutes of inactivity to allow in the Inactivity Timeout field. 3. Click Apply to save the configuration changes. The inactivity timeout can be set at the user, group and global level. If one or more timeouts are configured for an individual user, the user timeout setting will take precedence over the group timeout and the group timeout will take precedence over the global timeout.
  • Page 55 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 6-3 2. From the Apply Policy To pull-down menu, select whether the policy will be applied to a predefined network resource, an individual host, a network or all addresses. 3. Enter a name for the policy in the Policy Name field.

  • Page 56: Defining And Editing Global Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Defining and Editing Global Bookmarks To define global bookmarks: 1. Click Add Bookmark in the Global Bookmarks section. An Add Bookmark window will be displayed. Figure 6-4 When global bookmarks are defined, all members will see the defined bookmarks from the SSL VPN portal.

  • Page 57: Adding A New Group

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual SSL VPN Concentrator Groups are also defined from the Users and Groups screen. Select the Users and Groups option under the Access and Administration menu in the left navigation pane. The Users and Groups screen will display...

  • Page 58: Editing Group Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 6-6 2. Enter a descriptive name for the group in the Group Name field. 3. Select the appropriate domain in the Domain menu. The domain will determine the authentication method for the group.

  • Page 59: Defining And Editing Group Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 6-7 The inactivity timeout can be set at the user, group and global level. Set the timeout as 0 in the user and group configuration to use the global timeout setting. If multiple timeout settings are configured, the user timeout setting will take precedence over the group timeout and the group timeout will take precedence over the global timeout.
  • Page 60 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual The most specific policy will take precedence over less specific policies. For example, a policy that applies to only one IP address will have priority over a policy that applies to a range of IP addresses.

  • Page 61: Defining And Editing Group Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • If your policy applies to a predefined network resource, select the name of the resource from the Defined Resource pull-down menu. For information about creating network resources, refer to Chapter 8, “Network Resources”.

  • Page 62: Deleting A Group

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 6-9 2. Enter a descriptive name in the Bookmark Name field. 3. Enter the domain name or the IP address of a host machine on the LAN in the Name or IP Address field.

  • Page 63: Users Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual To delete a group that is the default group for an authentication domain: 1. Delete the corresponding domain (you cannot delete the group in the Group Settings window). 2. If the group is not the default group for an authentication domain, first delete all users in the group.

  • Page 64: Adding A New User

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Adding a New User To create a new user: 1. Click Add User on the Users and Groups screen. An Add User window will display. Figure 6-11 2. Enter the user name for the user in the User Name field. This will be the name the user will enter in order to log into the SSL VPN portal.

  • Page 65: Editing A User

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual If the selected group is in a domain that uses internal database authentication, such as the default “geardomain” domain, then the following window will display: Figure 6-12 5. Enter the user password in the Password field.
  • Page 66 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 6-13 2. Enter the new user password in the Password field to modify the user password. 3. Enter the password again in the Confirm Password field. 4. Click Apply to update the configuration To change the user inactivity timeout: 1.

  • Page 67: Defining And Editing User Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Defining and Editing User Policies To define user access policies: 1. Click Add Policy on the Edit User Settings screen. An Add Policy window will display. Figure 6-14 2. In the Apply Policy To pull-down menu, select whether the policy will be applied to a predefined network resource, an individual host, a network or all addresses.

  • Page 68: Defining And Editing A User Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. Click Apply to update the configuration. Once the configuration has been updated, the new policy will be displayed in the Edit User Settings window. The user policies will be displayed in the Edit Users Settings screen in the User Policies table in the order of priority, from the highest priority policy to the lowest priority policy.

  • Page 69: Deleting A User

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Deleting a User To delete a user: 1. Click the Delete link adjacent to the users name in the Users table. The user will be removed from the table in the Users and Groups window, or 2.

  • Page 70: Ldap Authentication Domains For Group Policies And Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual LDAP Authentication Domains for Group Policies and Bookmarks LDAP (Lightweight Directory Access Protocol) is a standard for querying and updating a directory. Since LDAP supports a multilevel hierarchy (for example, groups or organizational units), the SSL VPN Concentrator can query this information and provide specific group policies or bookmarks based on LDAP attributes.

  • Page 71: Ldap Attribute Rules

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual LDAP Attribute Rules • If multiple attributes are defined for a group, ALL attributes must be met by LDAP users. • If no attributes are defined, then any user authorized by the LDAP server can be a member of the group.

  • Page 72: Nt And Radius Domain Servers For Group Policies And Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Where: • 10.0.0.5 is the IP address of the LDAP or Active Directory server • “cn=demo,cn=users,dc=netgearnetworks,dc=net” is the distinguished name of an LDAP user • demo123 is the password for the user demo •...

  • Page 73: Domains And Layouts

    Chapter 7 Domains and Layouts This chapter explains how to define authentication domains, such as RADIUS, NT Domain, LDAP, and Active Directory configuration. It describes: • Authentication Domains • Local User Database Authentication • RADIUS Authentication • NT Domain Authentication •...

  • Page 74: Local User Database Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Additional domains may be created that require authentication to remote authentication servers. The SSL VPN Concentrator supports RADIUS (PAP, CHAP, MSCHAP, and MSCHAPV2), LDAP, NT Domain, and Active Directory authentication in addition to internal user database authentication.

  • Page 75: Radius Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. Click Apply to update the configuration. Once the domain has been added, the domain will be added to the table on the Domains screen RADIUS Authentication To create a domain with Radius authentication: 1.

  • Page 76: Nt Domain Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7. Check the Require client digital certificates checkbox to force users to supply a valid digital certificate before granting access. The CNAME of the client certificate must match the user name that the user supplies to log in and the certificate must be generated by a certificate authority (CA) that is trusted by SSL VPN Concentrator.

  • Page 77: Ldap Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. Enter the IP address or host and domain name of the server in the NT Server Address field. 4. Enter the NT authentication domain in the NT Domain Name field. This is the domain name configured on the Windows authentication server for network authentication.
  • Page 78 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-5 2. Enter a descriptive name for the authentication domain in the Domain Name field. This is the domain name users will select in order to log into the SSL VPN portal. It can be the same value as the Server Address field.

  • Page 79: Active Directory Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. Check the Require client digital certificates checkbox to force users to supply a valid digital certificate before granting access. The CNAME of the client certificate must match the user name that the user supplies to log in and the certificate must be generated by a certificate authority (CA) that is trusted by SSL VPN Concentrator.
  • Page 80 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-6 3. Enter a descriptive name for the authentication domain in the Domain Name field. This is the domain name users will select in order to log into the SSL VPN portal. It can be the same value as the Server Address field or the Active Directory Domain field depending on your network configuration.

  • Page 81: Deleting A Domain

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual If your users are unable to connect via Active Directory, verify the following: 1. The time settings between the Active Directory server and the SSL VPN Concentrator must be synchronized. Kerberos authentication, used by Active Directory to authenticate clients, permits a maximum of a 15-minute time difference between the Windows server and the client (the SSL VPN Concentrator).

  • Page 82: Adding Portal Layouts

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-7 Adding Portal Layouts The SSL VPN Concentrator administrator may define individual layouts for the SSL VPN portal. The layout configuration includes the theme, menu layout, portal pages to display, portal application icons to display, and web cache control options.
  • Page 83 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-8 b. Enter the title for the web browser window in the Portal Site Title field. c. If you wish to display a banner message to users before they log in to the portal, enter the banner title text in the Banner Title field.
  • Page 84 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual e. Check the ActiveX web cache cleaner radio box to load an ActiveX cache control when users log in to the SSL VPN portal. The web cache cleaner will prompt the user to delete all temporary Internet files, cookies and browser history when the user logs out or closes the web browser window.

  • Page 85: Customizing The Banner

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-9 To add a Terminal Services Application: 1. Enter a description of the application in the Application Description field. This name will be shown beneath the application icon on the SSL VPN Portal Applications page.

  • Page 86: Duplicating And Editing Portal Layouts

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual To upload a banner image: 1. On the Portal Layout screen (see Figure 7-8 on page 7-11), click Upload Banner. The Custom Banner screen will display. Figure 7-10 2. Click Browse to locate and upload a .gif file. If upload is successful, two new buttons will appear—View Banner and Delete Banner on the Portal Layout screen.
  • Page 87 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4. Click Apply. A new portal will be created with the same features as the existing portal and will be displayed in the Portal Layouts table. Figure 7-11 To modify the features of an existing portal: 1.

  • Page 88: Advanced Portal Page Layout Specifications

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Advanced Portal Page Layout Specifications For most SSL VPN administrators, a plain text page message and a list of links to network resources will provide the prefect portal desktop page. But for the more advanced administrator that want to display additional content, please note: •...

  • Page 89: Network Resources

    Chapter 8 Network Resources This chapter explains how to define network resource groups. Network resources facilitate creating and updating access policies. Network Resources are groups of host names, IP addresses and IP address ranges. By defining resource objects, you can more quickly configure network policies. This is because you will not need to redefine the same set of IP addresses or address ranges when configuring the same access policies for multiple users.
  • Page 90 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 8-2 3. In the Resource Name field, enter a name for the Network Resource. 4. From the Services pull-down menu, select the type of service to which the Network Resource will apply.
  • Page 91 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 8-4 2. From the Object Type pull-down menu under Add Resource Addresses, select either IP Address or IP Network: • If IP Address was selected, enter an IP address or fully qualified domain name in the IP Address/Name field.
  • Page 92 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 8-5 To delete a defined resource, click Delete in the Defined Resource Addresses table adjacent to the resource you wish to delete. To create policies based on network objects, see Chapter 6, “Group and User Access...

  • Page 93: Vpn Tunnel Client

    Chapter 9 VPN Tunnel Client This chapter describes the configuration for a VPN Tunnel Client, an SSL VPN client that is deployed from the SSL VPN portal. It covers: • Adding IP Address Ranges • Adding Routes for VPN Tunnel Clients Beyond what is defined in “Logging in to the Management Interface”...

  • Page 94: Adding Ip Address Ranges

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • The VPN Tunnel Client cannot contact a server on the corporate network if the VPN Tunnel Client's Ethernet interface shares the same IP address as the server or the SSL VPN Concentrator (i.e., if your laptop has a physical interface address of 10.0.0.45, then you won't...

  • Page 95: Adding Routes For Vpn Tunnel Clients

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 9-1 Adding Routes for VPN Tunnel Clients The Add Routes for VPN Tunnel Clients section allows you to define the addresses of devices on your local network. Client routes are only required if the client address range is in a different subnet then the corporate network or if your network has multiple subnets.
  • Page 96 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual – Addresses between 128.0.0.0 and 191.255.255.255 are Class B addresses; the VPN Tunnel Client will assume that all addresses with the same first two octets are located across the VPN tunnel.
  • Page 97 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 9-2 To delete a VPN Tunnel Client Route: 1. Click the Delete link adjacent to the client route in the Configured Client Routes table. 2. Restart the SSL VPN Concentrator software if VPN Tunnel Clients are currently connected to the SSL VPN Concentrator.
  • Page 98 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual VPN Tunnel Client v1.0, August 2006...

  • Page 99: Port Forwarding

    Chapter 10 Port Forwarding This chapter describes the configuration for Port Forwarding, a web-based SSL VPN client that installs transparently and then creates a virtual, encrypted tunnel to the remote network. Using Port Forwarding, mobile users can access mission-critical applications such as email or mapped network drives as if they were located on the corporate network.
  • Page 100 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 10-1 2. In the Configured Applications for Port Forwarding section, enter the IP address of an internal server or host computer in the IP Address field. 3. Enter the TCP port number of the application to be tunneled in the TCP Port field.

  • Page 101: Configuring Host Name Resolution

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Table 10-1. Port Forwarding Applications/TCP Port Numbers (continued) TCP Application Port Number HTTP (web) POP3 (receive mail) NTP (network time protocol) Citrix 1494 Terminal Services 3389 VNC (virtual network computing) 5900 or 5800 a.
  • Page 102 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 10-4 Port Forwarding v1.0, August 2006...

  • Page 103: Default Settings And Technical Specifications

    TEST LED blinks rapidly). Your device will return to the factory configuration settings shown Table A-1 below. • Pressing the reset button for a shorter period of time will simply cause your device to reboot. Table A-1. SSL312 Default Configuration Settings Feature Description AP Login User Login URL 192.168.1.1...

  • Page 104: Technical Specifications

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Table A-1. SSL312 Default Configuration Settings Feature Description Gateway Address 0.0.0.0 Concentrator Ethernet MAC Address See bottom label. Time Zone Time Zone Adjusted for Daylight Saving Automatically enabled if DST available in area selected;...
  • Page 105 Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing Wireless Communications http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
  • Page 106 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Related Documents v1.0, August 2006...
  • Page 107 Index Numerics creating 2-4 Authentication Servers 6-19 10.0.0.1 Authentication Type 7-2 Port 2 default 5-3 192.168.1.1 Port 1 default 5-2 Banner customizing 7-13 Banner Message 7-11 Active Directory 6-14, 7-2, 7-7 synchronizing 7-9 Banner Title 7-11 Windows server config 7-9 Bookmark Name 6-6 Active Users 3-2, 3-5 user 6-18...
  • Page 108 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual management, login warning 2-4 authentication 7-1 obtaining 4-10 deleting 7-9 viewing current 4-10 domain name 2-2 CHAP 7-3 Class A addresses 9-3 Class B addresses 9-4 Edit User 6-15 Class C addresses 9-4...
  • Page 109 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Global Policies 6-1 adding 6-4 IFRAME 7-16 editing 6-4 default width 7-16 table 6-5 Inactivity Timeout 6-8 Global Policy setting 6-9 configuring 6-3 user 6-16 Group Bookmarks installation 2-1 adding 6-11...
  • Page 110 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Network Address Translation 5-4 adding Configured Applications 10-2 benefits of 10-1 network configuration configuring applications for 10-1 example 5-1 Port2 default 2-2 Network Host Table 5-6 mapping FQDNs 5-6 Portal mapping host names 5-6...
  • Page 111 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Self-signed Certificate 4-8 Send Event Logs 3-7 UDP port serial for syslog 3-6 console port 1-4 User Bookmarks DTE connection 1-4 adding 6-18 port 1-4 editing 6-18 service type User Group...
  • Page 112 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual WINS 9-1 Index-6 v1.0, August 2006...

Table of Contents