NETGEAR SSL312-100NAS - ProSafe SSL312 SSL VPN Concentrator 25 User Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Network Hardware
  5. SSL312-100NAS - ProSafe SSL312 SSL VPN Concentrator...
  6. User manual

NETGEAR SSL312-100NAS - ProSafe SSL312 SSL VPN Concentrator 25 User Manual

Ssl312 user manual
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
NETGEAR ProSafe SSL
VPN Concentrator 25
SSL312 Reference
Manual
NETGEAR, Inc.
350 East Plumeria Drive
San Jose, California 95134 USA
202-10208-05
November 2008
v2.1

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR SSL312-100NAS - ProSafe SSL312 SSL VPN Concentrator 25

Summary of Contents for NETGEAR SSL312-100NAS - ProSafe SSL312 SSL VPN Concentrator 25

  • Page 1 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, California 95134 USA 202-10208-05 November 2008 v2.1...

  • Page 2: Technical Support

    In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 EU Regulatory Compliance Statement ProSafe SSL VPN Concentrator 25 is compliant with the following EU Council Directives: 89/336/EEC and LVD 73/23/EEC. Compliance is verified by testing to the following standards: EN55022 Class B, EN55024 and EN60950. Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe SSL VPN Concentrator 25 has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992.
  • Page 4 Product and Publication Details Model Number: SSL312 Publication Date: November 2008 Product Family: Concentrator Product Name: ProSafe SSL VPN Concentrator 25 Home or Business Product: Business Language: English Publication Part Number: 202-10208-05 Publication Version Number: v2.1, November 2008...

  • Page 5: Table Of Contents

    Contents About This Manual Conventions, Formats and Scope ..................ix Using This Manual ......................x Printing this Manual ......................x Revision History ........................xii Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 ...............1-1 Key Features ........................1-1 Web Browser Requirements ...................1-2 What’s in the Box ......................1-3 Hardware Description .....................1-3 Front Panel .......................1-4...
  • Page 6 Steps for Further Configuration ..................2-15 Chapter 3 Authenticating Users Authentication Domains ....................3-1 Local User Database Authentication ................3-2 RADIUS and NT Domain Authentication ................3-3 Configuring for RADIUS Domain Authentication ............3-4 Configuring for NT Domain Authentication ...............3-5 LDAP Authentication ......................3-7 Sample LDAP Attributes ..................3-7 LDAP Attribute Rules ....................3-8 Sample LDAP Users and Attributes Settings ............3-8 Querying an LDAP Server ..................3-9...
  • Page 7 Defining and Editing a User Bookmarks ..............4-21 Deleting a User ......................4-22 Using Network Resource Objects to Simplify Policies ..........4-22 Chapter 5 Configuring the Remote Access Web Portal Creating the Portal ......................5-1 Portal Options ......................5-2 Adding Portal Layouts ....................5-3 Adding Terminal Services Applications to the Portal ..........5-6 Customizing the Banner ...................5-7 Duplicating and Editing Portal Layouts ................5-8 Preparing the Client for Using Portal Services ...............5-9...
  • Page 8 Erasing the Configuration and Restoring the Default Settings .......7-13 Upgrading the SSL VPN Concentrator Firmware ..........7-13 Additional Notes on the Management Interface ............7-14 Chapter 8 Monitoring and Logging SSL VPN Concentrator Status ..................8-1 Active Users ........................8-3 Event Log ........................8-4 Log Settings ........................8-5 Diagnostics ........................8-9 Appendix A Default Settings and Technical Specifications...

  • Page 9: About This Manual

    About This Manual The NETGEAR ® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to install and configure the SSL312. The information in this manual is intended for administrators who will configure the SSL312. You should have intermediate computer and Internet skills.

  • Page 10: Using This Manual

    • button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
  • Page 11 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents. • Printing a Chapter.

  • Page 12: Revision History

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date Description of Changes -01, v1.1 November 2006 • Restructured the contents so that common setup and configuration tasks are easier to find • Added new topics • Added a link to a Microsoft Word template for creating an end-user guide -02, v1.0...

  • Page 13: Introduction

    Chapter 1 Introduction This chapter describes some of the key features of the NETGEAR ® ProSafe™ SSL VPN Concentrator 25 SSL312. It also includes the minimum prerequisites for installation (“Web Browser Requirements” on page 1-2.), package contents (“What’s in the Box” on page...

  • Page 14: Web Browser Requirements

    – Java: Sun JRE 1.1 or higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use an Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x web browser with JavaScript, cookies, and SSL enabled.

  • Page 15: What's In The Box

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual support JavaScript, Java, cookies, SSL and ActiveX to take advantage of the full suite of applications. Note: For 64-bit support with signed CABs, you must use a 64-bit version of Microsoft Internet Explorer.

  • Page 16: Front Panel

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Front Panel The SSL VPN Concentrator front panel hardware is shown below: Figure 1-1 The SSL VPN Concentrator front panel hardware functions are described below: 1. LED power indicator: • Off – No power •...

  • Page 17: Back Panel

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is shown below and consists of the power On/ Off switch and the 110-240V power cord connection. Figure 1-2 Note: Never substitute a power cord. Only use the power cord provided with the SSL VPN Concentrator.
  • Page 18 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Introduction v2.1, November 2008...

  • Page 19: Installing The Ssl312

    Chapter 2 Installing the SSL312 This chapter describes how to install the ProSafe SSL VPN Concentrator 25 SSL312. The installation includes choosing a network topology, configuring the IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate. This chapter includes these topics: •...

  • Page 20: Routing

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by the SSL VPN Concentrator and relayed to the appropriate corporate network servers. Corporate Server IP Address 192.168.1.3 Firewall/Router IP Address 192.168.1.254 LAN Subnet 192.168.1.0/24 SSL312 IP Address 192.168.1.1...

  • Page 21: Initial Connection To The Ssl Vpn Concentrator

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from a remote user is sent directly to the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for that user.

  • Page 22: Accessing The Management Interface

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Prepare a PC with an Ethernet adapter. If this PC is already part of your network, record its TCP/IP configuration settings so that you can restore them later. 2. Configure your PC with a static IP address of 192.168.1.10 and 255.255.255.0 as the subnet mask.
  • Page 23 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. A certificate security warning may appear. Click Yes or OK to continue. A login screen with User Name and Password dialog boxes displays. Figure 2-3 3. When prompted, enter admin for the User Name and password for the Password, both in lower case letters.

  • Page 24: Configuring Basic Network Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-4 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into your existing network, you should configure the following basic settings: • Change the administrator password • Configure DNS server IP address •...
  • Page 25 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for installation: 1. Change the administrator account password. a. On the left side of the browser window, select the Users and Groups link.

  • Page 26: Installing The Ssl Vpn Concentrator

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual e. Click Apply. If you changed the IP address for the Ethernet Port to which you are connected, you will now lose your connection to the SSL VPN Concentrator. Installing the SSL VPN Concentrator You are now ready to physically install your SSL VPN Concentrator using the following steps: 1.

  • Page 27: Obtaining A Certificate From A Certificate Authority

    CA. Root certificates are signed by the Root CA itself, while Intermediate certificates depend on a verification hierarchy leading back to a Root CA. Your SSL VPN Concentrator contains a self-signed certificate from NETGEAR. NETGEAR recommends that you replace this certificate prior to deploying the SSL VPN Concentrator in your network.
  • Page 28 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-5 2. In the Digital Certificate Management section, click New CSR/CRT. The Create CSR screen displays. 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users.

  • Page 29: Generating A Self-Signed Certificate

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-6 4. Click Apply. A file download screen will display. Click Save to save the file to a disk location. You will need to provide this file to the Certificate Authority.

  • Page 30: Uploading And Enabling The New Certificate

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users. 4. Check the Generate a Self-signed Certificate checkbox to generate a new CRT.
  • Page 31 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-7 4. Click the Enable link adjacent to the new certificate. The Enable Certificate screen displays Figure 2-8 Installing the SSL312 2-13 v2.1, November 2008...

  • Page 32: Viewing And Deleting Certificates

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. Enter the Certificate Password and click Enable. The SSL VPN Concentrator software will restart using the new certificate. Note: The file server.key contains your SSL VPN Concentrator’s private encryption key, which is used to decrypt messages. It is extremely important that you safeguard this file.

  • Page 33: Steps For Further Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Steps for Further Configuration The next steps in configuring the SSL VPN Concentrator are: • Create authentication domains (Chapter 3, “Authenticating Users”). • Define user and group settings (Chapter 4, “Setting Up User and Group Access Policies”).
  • Page 34 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-16 Installing the SSL312 v2.1, November 2008...

  • Page 35: Authenticating Users

    Chapter 3 Authenticating Users Remote users connecting to the SSL VPN Concentrator must be authenticated before being allowed to access the network. The login window presented to the user requires three items: a User Name, a Password, and a Domain selection. The Domain determines the authentication method to be used and the portal layout that will be presented.

  • Page 36: Local User Database Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 3-1 All of the configured domains will be listed in the table in the Domains window. The domains are listed in the order in which they were created. By default, the geardomain authentication domain is already defined, using the SSL VPN Concentrator’s local internal user database for user...

  • Page 37: Radius And Nt Domain Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. From the Access Administration menu, select Domains. The Domains window will display. Click Add Domain. Figure 3-2 2. From the Authentication Type pull-down menu, select Local User Database. 3. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name users will select in order to log into the SSL VPN portal.

  • Page 38: Configuring For Radius Domain Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual For example, if you create a RADIUS domain in the SSL VPN Concentrator called “Miami RADIUS server”, you can add users to groups that are members of the “Miami RADIUS server”...

  • Page 39: Configuring For Nt Domain Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 3-3 3. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name users will select in order to log into the SSL VPN portal.
  • Page 40 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. From the Authentication Type menu, select NT Domain. The Add Domain window displays the fields for a domain with NT authentication: Home Directory Base Path required when “Require CIFS Bookmark” is enabled Figure 3-4 3.

  • Page 41: Ldap Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. From the Portal Layout Name pull-down menu, select the name of the layout. The default layout is SSL-VPN. You can define additional layouts in the Portal Layouts page. 7. Check the Require CIFS bookmark to home directory check box to automatically allow access to users of this domain and add the home directory path in the field provided.

  • Page 42: Ldap Attribute Rules

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual name=Administrator memberOf=CN=TerminalServerComputers,CN=Users,DC=netgear, DC=net objectClass=user msNPAllowDialin=FALSE LDAP Attribute Rules • If multiple attributes are defined for a group, all attributes must be met by LDAP users. • If no attributes are defined, then any user authorized by the LDAP server can be a member of the group.

  • Page 43: Querying An Ldap Server

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Querying an LDAP Server To query your LDAP or Active Directory server to find out the LDAP attributes of your users, you can use several different methods. From a machine with LDAPsearch tools (for example a Linux machine with OpenLDAP installed), run the following command: ldapsearch -h 10.0.0.5 -x -D...
  • Page 44 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 3-5 3. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name users will select in order to log into the SSL VPN portal. It can be the same value as the Server Address field.

  • Page 45: Kerberos Authentication (Active Directory)

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Kerberos Authentication (Active Directory) Kerberos authentication is performed by either a Kerberos authentication server or a Windows Server 2000 or later running Active Directory. Users who have been defined in the Kerberos database can log into the SSL-VPN portal by entering their Kerberos user name and password and selecting the new Kerberos authentication domain from the Domain menu on the SSL VPN login page.

  • Page 46: Troubleshooting Active Directory Authentication

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. Enter the Kerberos or Active Directory domain name in the Kerberos Domain field. 6. Enter the name of the layout in the Portal Layout Name field. The default layout is SSL-VPN.

  • Page 47: Setting Up User And Group Access Policies

    Chapter 4 Setting Up User and Group Access Policies This chapter describes how to define users and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapter includes the following topics: •...

  • Page 48: Users, Groups And Global Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • To create complex policies involving groups of host names, IP addresses or IP address ranges, you can define these groups as network objects using Network Resources as described in “Using Network Resource Objects to Simplify Policies” on page 4-22.

  • Page 49: Global Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • An FTP server at 10.0.1.5, the user would be blocked by Policy 2. • An FTP server at 10.0.0.10, the user would be granted access by Policy 3. The IP address range 10.0.0.5 - 10.0.0.20 is more specific than the IP address range defined in Policy 1.

  • Page 50: Editing Global Policy Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Editing Global Policy Settings To edit global settings: 1. In the Global Policies table, click the Edit Global Policies link. The Global Settings screen displays. Figure 4-2 2. In the Inactivity Timeout field, enter the number of minutes of inactivity to allow.
  • Page 51 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual When Terminal Services Single Sign-On (SSO) is enabled, a user with a domain account will log in only once, and can then access remote servers without being asked again for his credentials.

  • Page 52: Adding And Editing Global Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Adding and Editing Global Policies To define global access policies: 1. In the Global Policies section, click Add Policy. An Add Policy window displays. Note: User and group access policies will take precedence over global policies.

  • Page 53: Defining And Editing Global Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4. From the Service pull-down menu, select the service type. If you are applying a policy to a network resource, the service type is defined in the network resource. 5. From the Status pull-down menu, select PERMIT or DENY to either permit or deny SSL VPN connections for the specified service and host machine.

  • Page 54: Groups Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Groups Configuration When configuring Groups, remember that user policies take precedence over all group policies and group policies take precedence over all global policies, regardless of the policy definition. (A user policy that allows access to all IP addresses will take precedence over a group policy that denies access to a single IP address).

  • Page 55: Editing Group Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-6 2. In the Group Name field., enter a descriptive name for the group. 3. In the Domain menu, select the appropriate domain. The domain will determine the authentication method for the group.
  • Page 56 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-7 2. From the Terminal Services SSO pull-down menu, select Use Global, Enable, or Disable. When Terminal Services Single Sign-On (SSO) is enabled, a user with a domain account will log in only once, and can then access remote servers without being asked again for his credentials.

  • Page 57: Defining And Editing Group Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual The maximum timeout setting is 2 or over 100,000 minutes, although setting the timeout to 0 on the Global Settings page disables the inactivity timeout (if 0 is also configured as the inactivity timeout for the user and group).

  • Page 58: Defining And Editing Group Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. In the Policy Name field, define a name for the policy. Note: SSL VPN Concentrator policies apply to the destination address(es) of the SSL VPN connection, not the source address. You cannot permit or block a specific IP address on the Internet from authenticating to the SSL VPN Concentrator through the policy engine.

  • Page 59: Deleting A Group

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual To define group bookmarks: 1. In the Group Bookmarks section of the Group Settings menu, click Add Bookmark. An Add Bookmark menu displays. When group bookmarks are defined, all group members will see the defined bookmarks from the SSL VPN Portal.

  • Page 60: Users Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Click the name of the group that you wish to remove from the Groups table. The Group Settings menu displays. 2. In the Group Settings window, click Delete Group. The Users and Groups menu displays and the deleted group no longer appears in the list of defined groups.

  • Page 61: Adding A New User

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-10 Adding a New User To create a new user: 1. In the Users and Groups menu, click Add User. An Add User menu displays. Figure 4-11 2. In the User Name field, enter the user name for the user. This is the name the user will enter in order to log into the SSL VPN portal.
  • Page 62 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4. Click Apply. If the selected group is in a domain that uses external authentication, such as Kerberos, RADIUS, NT Domain, or LDAP, then the Add User menu will close and the new user will be added to the Users and Groups table.

  • Page 63: Editing A User

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-13 Editing a User To edit a user: 1. In the Users table in the Users and Groups menu, click the name of the user. The User Settings menu displays as shown in Figure 4-14.
  • Page 64 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-14 2. To modify the user password, enter the new user password in the Password field. 3. In the Confirm Password field, enter the new password again. 4. From the Terminal Services SSO pull-down menu, select Use Group, Enable, or Disable.
  • Page 65 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. In the Inactivity Timeout field, enter the number of minutes of inactivity to allow for users in the group. You can set the inactivity timeout at the user, group and global level. Set the timeout as 0 in the user and group configuration to use the global timeout setting.

  • Page 66: Defining And Editing User Policies

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Defining and Editing User Policies To define user access policies: 1. On the Edit User Settings screen, click Add Policy. An Add Policy menu displays. Figure 4-15 2. In the Apply Policy To pull-down menu, select whether the policy will be applied to a predefined network resource, an individual host, a network or all addresses.

  • Page 67: Defining And Editing A User Bookmarks

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. Click Apply to update the configuration. Once the configuration has been updated, the new policy appears in the Edit User Settings menu. The user policies will be displayed in the Edit Users Settings screen in the User Policies table in the order of priority, from the highest priority policy to the lowest priority policy.

  • Page 68: Deleting A User

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Deleting a User To delete a user: 1. Click the Delete link adjacent to the users name in the Users table. The user is removed from the table in the Users and Groups menu, or 2.
  • Page 69 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. Click Add Resource. An Add Network Resource menu similar to the following displays. Figure 4-18 3. In the Resource Name field, enter a name for the Network Resource. 4. From the Services pull-down menu, select the type of service to which the Network Resource will apply.
  • Page 70 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-20 2. From the Object Type pull-down menu under Add Resource Addresses, select either IP Address or IP Network: • If you selected IP Address, enter an IP address or fully qualified domain name in the IP Address/Name field.
  • Page 71 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 4-21 Note: You may define up to 128 addresses or address ranges per Network Resource To delete a defined resource, click Delete in the Defined Resource Addresses table adjacent to the resource you wish to delete.
  • Page 72 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-26 Setting Up User and Group Access Policies v2.1, November 2008...

  • Page 73: Configuring The Remote Access Web Portal

    Chapter 5 Configuring the Remote Access Web Portal This chapter explains how to create multiple Web portals for different users and how to customize the appearance of a portal. It describes: • Creating the Portal • Portal Options • Adding Portal Layouts •...

  • Page 74: Portal Options

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Note: The default portal address is https://<IP_Address>. If the default portal is changed from the default (SSL-VPN), you can use the URL address https://<IP_Address>/portal/SSL-VPN to access the administration domain geardomain. The administration domain, geardomain, is attached to the SSL- VPN portal layer.

  • Page 75: Adding Portal Layouts

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual The configuration of the VPN Tunnel and Port Forwarding features are described in Chapter 6, “Configuring the SSL VPN Tunnel Client and Port Forwarding”. Adding Portal Layouts The SSL VPN Concentrator administrator may define individual layouts for the SSL VPN portal.
  • Page 76 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. In the Portal Layout and Theme Name section: a. Enter a descriptive name for the portal layout in the Portal Layout Name field. This name will be part of the path of the SSL VPN portal URL.
  • Page 77 These directives help prevent clients browsers from caching SSL VPN portal pages and other web content. Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-date web pages, themes and data being stored in a user’s web browser cache.

  • Page 78: Adding Terminal Services Applications To The Portal

    Application mode. In addition, the application must be installed through the Control Panel Add/Remove Programs and must be licensed for multiple users. For more information, see the NETGEAR Support Site. 3. In the Working Directory field, enter the current working directory path for the Terminal Services application.

  • Page 79: Customizing The Banner

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4. From the Icon Image menu, select an image to appear on the Applications page. 5. Click Add Application to add the new application to the SSL VPN Portal Applications page.

  • Page 80: Duplicating And Editing Portal Layouts

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Duplicating and Editing Portal Layouts You can edit the features of an existing portal; for example, create a banner or banner message that displays at the top of the page; or show or hide all applicable bookmarks (user, group, and global) for each user.

  • Page 81: Preparing The Client For Using Portal Services

    Remote Desktop Connection. Computers running earlier Windows versions can install Remote Desktop Connection by networking to a Windows Server 2003 or later (refer to Microsoft support for instructions). NETGEAR recommends that you run at least Windows XP with Service Pack 2.

  • Page 82: Creating A User Guide For Portal Services

    Windows terminal server. Creating a User Guide for Portal Services For SSL VPN installations serving many users, it may be helpful to prepare a user guide for accessing the portal and its applications. NETGEAR makes available an application note, created in Microsoft Word, that serves as a template document that can be customized according to the way that your portal is configured.

  • Page 83: Configuring The Ssl Vpn Tunnel Client And Port Forwarding

    Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN Concentrator from a PC that allows ActiveX content, these two powerful features can be activated.

  • Page 84: Ssl Vpn Client Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to the corporate network. • Offers more fine grained management than VPN Tunnel. Administrators define individual applications and resources that will be available to remote users.

  • Page 85: Adding Ip Address Ranges

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual – Split tunnel – Sends only traffic destined for the internal network based on the specified client routes. All other traffic is sent to the internet. Split tunnel allows you to manage your company bandwidth by reserving the VPN tunnel for corporate traffic only.

  • Page 86: Adding Routes For Vpn Tunnel Clients

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual In the Client IP Address Range section of the screen, you can define the IP address range to assign to incoming VPN Tunnel clients. The default range begins with 192.168.251.1 and ends with 192.168.251.254.
  • Page 87 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual If the assigned client IP address range is in a different subnet than the corporate network or if the corporate network has multiple subnets, you must define Client Routes. To add an SSL VPN Tunnel client route: 1.

  • Page 88: Configuring Applications For Port Forwarding

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. Restart the SSL VPN Concentrator software if VPN Tunnel Clients are currently connected to the SSL VPN Concentrator. Restarting forces clients to reconnect and receive new addresses and routes. Now users are able to connect to the SSL VPN Concentrator and receive a virtual IP address from the client address range.
  • Page 89 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual To configure applications for Port Forwarding: 1. From the Access Administration menu in the left navigation pane, select the Port Forwarding option. The Port Forwarding configuration screen displays. Figure 6-3 2. In the Configured Applications for Port Forwarding section, enter the IP address of an internal server or host computer in the IP Address field.

  • Page 90: Configuring Host Name Resolution

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Table 6-1. Port Forwarding Applications/TCP Port Numbers (continued) TCP Application Port Number Telnet SMTP (send mail) HTTP (web) POP3 (receive mail) NTP (network time protocol) Citrix 1494 Terminal Services 3389 VNC (virtual network computing) 5900 or 5800 a.

  • Page 91: Additional System Configuration

    Chapter 7 Additional System Configuration This chapter describes additional network and configuration management functions provided by the Web Management Interface. The additional functions include: • Configuring Network Settings • Setting Date and Time • System Configuration Utilities • Additional Notes on the Management Interface Configuring Network Settings The IP settings and interface settings of the SSL VPN Concentrator appliance are configured through the Network screen under the System Configuration menu on the left navigation panel.

  • Page 92: Network Interface And Default Gateway Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Default gateway address (Firewall/Router address): 192.168.1.254 In the configuration shown in the diagram, the IP addresses of devices in the local network are configured in the 192.168.1.0/24 subnet and the default gateway for these devices is the internal IP address of the local firewall or router, 192.168.1.254.
  • Page 93 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-2 2. Enter the Ethernet Port 1 subnet mask that has been configured for your network. The subnet mask value should be the same value as the subnet mask configured on your network computers.

  • Page 94: Static Route Configuration

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. Enter the subnet mask. The subnet mask specifies the network number portion of an IP address. The factory default is 255.255.255.0. 6. Click Apply to save your settings. From the Network screen, you can define the default network route. The default route is required for Internet access.
  • Page 95 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual To configure a static route: 1. In the Add Static Routes section, enter the destination network address of the static route in the Destination Network field. The destination network address is an IP address in the remote network subnet.

  • Page 96: Network Host Table Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-3 Network Host Table Settings For the convenience of users, you can configure the SSL VPN Concentrator to translate host names or fully qualified domain names (FQDNs) to IP addresses. This function is configured in the Host Table menu.

  • Page 97: Configuring Dns Settings

    4. In the optional Alias field, enter the host alias. For example, if you entered the FQDN www.netgear.com in the Host Name field, then you can enter a shorter name, such as www or web in the Alias field.
  • Page 98 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. In the Network menu, check the DNS Settings radio button. The Network menu displays the fields for entering the DNS Settings. Figure 7-5 2. Enter the Hostname for the SSL VPN Concentrator. The hostname identifies the SSL VPN Concentrator on the network.

  • Page 99: Setting Date And Time

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Date and Time To configure the SSL VPN Concentrator date and time settings: 1. Under the System Configuration menu in the left navigation pane, click Date and Time. The SSL VPN Concentrator uses the date and time settings to timestamp log events, verify certificate validity, and for other internal purposes.

  • Page 100: System Configuration Utilities

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • If you selected Use default NTP servers, NETGEAR’s primary and secondary NTP servers for your time zone will appear. • If you selected Use custom NTP servers, enter an NTP server IP address or fully-qualified domain name (FQDN) in the address fields.

  • Page 101: Encrypting The Configuration File

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-2 Encrypting the Configuration File For security purposes, you can encrypt the configuration files. However, if the configuration files are encrypted, they cannot be edited or reviewed for troubleshooting purposes.

  • Page 102: Importing A Configuration File

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 7-3 3. Choose the location to save the configuration file. The file is named by default, but it CONF can be renamed. 4. Click Save to save the configuration file.

  • Page 103: Erasing The Configuration And Restoring The Default Settings

    You can download new versions of firmware from NETGEAR’s SSL312 support page at http:// kbserver.netgear.com/products/ssl312.asp. To install a new version of the SSL VPN Concentrator...

  • Page 104: Additional Notes On The Management Interface

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Download the new firmware from NETGEAR’s support site. If the file is a zip archive, extract it and save it to your PC. 2. In the Utilities menu, click Upgrade. A submenu will display.

  • Page 105: Monitoring And Logging

    Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: • SSL VPN Concentrator Status • Active Users • Event Log • Log Settings • Diagnostics SSL VPN Concentrator Status The Status window shows important state and configuration information.
  • Page 106 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 8-1 From the Status page, you may view: • The SSL VPN Concentrator software version • The amount of RAM memory in kilo Bytes (kB) • The current memory usage in percent (%).

  • Page 107: Active Users

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Active Users The Active Users screen displays the active users and administrators logged into the SSL VPN portal. To view the Active Users log file: Click Active Users under the Monitoring menu in the left navigation pane.

  • Page 108: Event Log

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Event Log The SSL VPN Concentrator provides web based logging. It also provides the ability to send log messages to an external syslog server using the syslog protocol and to E-mail log files and alert messages to an E-mail address or pager.

  • Page 109: Log Settings

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • User name. The User name field shows the authenticated name of the user or administrator that generated the log event. • Log message. The message field describes the event that occurred. Examples of log messages include Administrator login successful and SSL VPN Concentrator restarting.
  • Page 110 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual so most standard firewall and networking reporting products can accept and interpret the SSL VPN Concentrator log files. The SSL VPN Concentrator syslog service transmits syslog messages to external syslog server(s) listening on UDP port 514.
  • Page 111 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. If you have a backup or second syslog server, enter the IP address or domain name of the Secondary Syslog Server in the Secondary Syslog Server field. 4. In the E-mail Settings section: a.
  • Page 112 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Log categories are organized from most to least critical. Once a category is selected, then all events equal to or more critical than the selected log category and will be logged. The default Log and Alert levels are: •...

  • Page 113: Diagnostics

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Diagnostics Basic network diagnostic tools are available in the Diagnostics menu. Under the Monitoring menu in the left navigation menu, click Diagnostics. The Diagnostics window displays. Figure 8-5 The following diagnostic functions are available: •...
  • Page 114 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 8-10 Monitoring and Logging v2.1, November 2008...

  • Page 115: Default Settings And Technical Specifications

    Appendix A Default Settings and Technical Specifications This appendix provides the factory default settings and technical specifications for the ProSafe SSL VPN Concentrator 25 SSL312. Factory Default Settings You can use the push button located on the front of your device to reset all settings to their factory defaults.

  • Page 116: Technical Specifications

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Table A-1. SSL312 Default Configuration Settings Feature Description Concentrator Ethernet MAC Address See bottom label. Time Zone Time Zone Adjusted for Daylight Saving Automatically enabled if DST available in area selected;...

  • Page 117: Appendix B Related Documents

    Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Template for creating an http://documentation.netgear.com/ssl312/enu/202-10208-01/appnote.doc end-user guide Internet Networking and http://documentation.netgear.com/reference/enu/tcpip/index.htm...
  • Page 118 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Related Documents v2.1, November 2008...
  • Page 119 Index Numerics RADIUS 4-16 user fields 4-17 10.0.0.1 WiKID 3-4 Port 2 default 7-3 authentication domains 192.168.1.1 creating 2-15 Port 1 default 7-2 Authentication Type 3-3 64-bit support 1-3 Banner Active Directory customizing 5-7 Kerberos authentication 3-11 Banner Message 5-4 LDAP authentication 3-7 Banner Title 5-4 synchronizing 3-12...
  • Page 120 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual configuration settings IP default login 2-4 restoring defaults 7-13 Ethernet Port 2 configuration zip file name 7-12 default address 7-3 IP default login 2-4 console port A-2 Event Log 8-4 crt.zip 2-12...
  • Page 121 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Group Policy LDAP Authentication Domains 3-7 Add 4-11 LED indicators 1-4 Add Bookmark 4-13 Lightweight Directory Access Protocol, see LDAP Add Name 4-12 log categories 8-8 network resource 4-11 rules 4-12...
  • Page 122 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NT Domain 3-2, 3-3 RAM memory 8-2 NTP, custom servers 7-10 RDP 4-23 Remote Desktop Connection client for Linux 5-10 client for Macintosh 5-10 one port topology 2-1 client for Windows 5-9...
  • Page 123 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual syslog server 8-4 Virtual Network Computing (VNC) 4-23 support 8-5 VPN Tunnel system monitoring 7-14 adding IPAddress ranges 6-3 adding static route 6-5 Client address range 6-5 VPN Tunnel Client 6-1...
  • Page 124 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Index-6 v2.1, November 2008...

This manual is also suitable for:

Prosafe ssl312Prosafe ssl vpn concentrator 25

Table of Contents