NETGEAR SSL312 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung NETGEAR SSL312 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von NETGEAR SSL312, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung NETGEAR SSL312 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung NETGEAR SSL312. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung NETGEAR SSL312 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts NETGEAR SSL312
- Den Namen des Produzenten und das Produktionsjahr des Geräts NETGEAR SSL312
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts NETGEAR SSL312
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von NETGEAR SSL312 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von NETGEAR SSL312 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service NETGEAR finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von NETGEAR SSL312 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts NETGEAR SSL312, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von NETGEAR SSL312 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    202-10208-04 May 2007 v2.0 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual[...]

  • Seite 2

    ii v2.0, May 2007 © 2007 by NETGEAR, Inc. All rights reserved. T echnical Support Please register to obtain technical support. Please retain your proof of purchase and warranty information. T o register your product, get product support or obtai n product information and product documentation, go to http://www .NETGEAR.com . If you do not have acc[...]

  • Seite 3

    v2.0, May 2007 iii EU Regulatory Compliance S tatement ProSafe SSL VPN Concentrator 25 is compliant with the following EU Council Directives: 89/336/EEC and L VD 73/23/EEC. Compliance is verified by testing to the followin g standards: EN55022 Class B, EN55024 and EN60950. Certificate of the Manufacturer/Importer It is hereby certified that the Pro[...]

  • Seite 4

    v2.0, Ma y 20 07 iv Product and Publication Det ails Model Number: SSL312 Publication Date: May 2007 Product Family: Concentrator Product Name: ProSafe SSL VPN Concentrator 25 Home or Business Prod uc t: Business Language: Engl ish Publication Part Number: 202-10208-04 Publication V ersion Number: 2.0[...]

  • Seite 5

    v v2.0, May 2007 Content s About This Manual Conventions, Formats and Scope ................... ................... .................... ................... ....... ix Using This Manual .............. ................... ................... ................. ................... ................... .. x Printing this Manual .........................[...]

  • Seite 6

    vi v2.0, May 2007 S teps for Further Configuration ............. ... .... ................ ................ ................... ............. 2-14 Chapter 3 Authenticating Users Authentication Domains .. .... ... ... ... .... ... ... ... .... ... ................ ................... ................ ............ 3-1 Local User Database Au thenticat[...]

  • Seite 7

    vii v2.0, May 2007 Editing a User ........ ................ .................... ................... .................... ................... ... 4-16 Defining and Editing User Policies ............ ... ................... ................. ................... ... 4-18 Defining and Editing a User Bookmarks ... ......... ................. ..........[...]

  • Seite 8

    viii v2.0, May 2007 Erasing the Configuration a nd Restoring the Default Setti ngs .. ................... .......... 7-13 Upgrading the SSL VPN Concentrator Firmwar e .. ................ ................... ............. 7-13 Additional Notes on the Management Interf ac e ........... ................... ................... .......... 7-14 Chapter 8[...]

  • Seite 9

    ix v2.0, May 2007 About This Manual The NETGEAR ® Pr osafe™ SSL VPN Concentrator 25 S SL312 Refer ence Manual describes how to install and configure the SSL312 . The information in this manual is intended for administrators who will configure the SSL312. Y ou should have intermediate computer and Internet skills. Conventions, Format s and Scope [...]

  • Seite 10

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l x About This Manual v2.0, May 2007 • Scope. This manual is written for the S SL VP N Concentrator according to these specifications: For more information about networ k, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B , “R elated Doc um[...]

  • Seite 11

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual About This Manual xi v2.0, May 2007 Each page in the HTML version of the manu al is dedicated to a major topic. Use the Print button on the brows er toolbar to print the page contents. • Printing a Chapter . Use the PDF of This Chapter link at the top left of any page. – Click t[...]

  • Seite 12

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l xii About This Manual v2.0, May 2007 Revision History Ve r s i o n Date Descripti on of Changes -01, v1.1 November 2006 • Restructu red the contents so that comm on setup and configuration tasks are easier to find • Added new topics • Added a link to a Microsoft Word template fo[...]

  • Seite 13

    1-1 v2.0, May 2007 Chapter 1 Introduction This chapter describes some of the key features of the NETGEAR ® ProSafe™ SSL VPN Concentrator 25 SSL312. It also includes the minimum prerequisites for installation ( “W eb Browser Requirements” on page 1-2 .), package conte nts ( “What’ s in the Box” on page 1-3 ), and a description of the fr[...]

  • Seite 14

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-2 Introduction v2.0, May 2007 • Supports multiple user authenti cations, including local database , Microsoft Active Directory , LDAP , NT Domain and RADIUS. • Provides client-less access with customiz able us er portals and support for a wide variety of user repositories. Acces[...]

  • Seite 15

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Introduction 1-3 v2.0, May 2007 End Users can use Microsoft Internet Explorer 5.1 or higher , Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for VPN tunnel, VNC, Network Pl aces and Utilities). The br owsers should also support JavaScript, Java, cookies, SSL and Activ eX to take[...]

  • Seite 16

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-4 Introduction v2.0, May 2007 1. LED Power Indicator: • Of f – No power • On – Power is on. 2. LED Self test Indicator . • Self test – on while initializing. (~2 minutes) • Loading Software – bli nking while uploading software • System fault – on ( prolonged) Thi[...]

  • Seite 17

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Introduction 1-5 v2.0, May 2007 S tep s for Deploying the SSL312 Three basic steps are involved in deploying the ProSafe SSL VPN Concentrator 25 in your network. • Installing the SSL312: choosing a network topolo g y , configuring its IP add ressing scheme, connecting the SSL312, [...]

  • Seite 18

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-6 Introduction v2.0, May 2007[...]

  • Seite 19

    2-1 v2.0, May 2007 Chapter 2 Inst alling the SSL312 This chapter describes how to install the Pr oSafe SSL VPN Concent rator 25 SSL312. The installation includes choosin g a network topology , configuring the IP addressing scheme, connecting the SSL312, and pro v isioning the SSL certificate. Choosing a Network T opology The physical connection o f[...]

  • Seite 20

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-2 Installing the SSL312 v2.0, May 2007 . Single arm mode has the advantage of being protected by yo ur firewall. In later steps, you will use the following settin gs when configuring for single arm operation. • Assign Ethernet Port 1 an IP address on your local n etwo rk. • Disa[...]

  • Seite 21

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-3 v2.0, May 2007 authorized for that user . The user ’ s subsequent reques ts for network services are decrypted by the SSL VPN Concentrator and rela yed to the approp riate network servers on the corporate network. Routing mode has the ad vantage of unload[...]

  • Seite 22

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-4 Installing the SSL312 v2.0, May 2007 1. Prepare a PC with an Ethernet adapter. If this PC is already part of your n etwork, record its TCP/IP configuration settings so th at you can restore them later. 2. Configure your PC with a static IP address o f 192.168.1.10 and 255.2 55.255[...]

  • Seite 23

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-5 v2.0, May 2007 2. A certificate security warning may appear . Click Y es or OK to continue. A login screen with User Name and Pa ssword dialog boxe s displays. 3. When prompted, en ter admin for the User Name and password for the Password, both in lower cas[...]

  • Seite 24

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-6 Installing the SSL312 v2.0, May 2007 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into yo ur existing network, yo u should configure the following basic settings: • Change the administrator password • Configure DNS se rver IP addres s • Config[...]

  • Seite 25

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-7 v2.0, May 2007 T o prepare for installation: 1. Change the administrator account password. a. On the left side of the browser window , select the Users and Groups link. b. In the Users table, click on admin. c. T ype your new Password and re-typ e to Confir[...]

  • Seite 26

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-8 Installing the SSL312 v2.0, May 2007 Inst alling the SSL VPN Concentrator Y ou are now ready to physically install your SSL VPN Concentrator us ing the following steps: 1. T urn off the power to the SSL VPN Concentrat or and connect it to your network in your chosen topology . •[...]

  • Seite 27

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-9 v2.0, May 2007 strong assurance of the server ’ s identity . A self-s igned certificate will trigger a warning from most browsers as it provides no protection ag ainst identity thef t of the server . Y our SSL VPN Concentrator contains a self-signed certi[...]

  • Seite 28

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-10 Installing the SSL312 v2.0, May 2007 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users. 4. Click Apply . A file download screen will display . Click Save to save the CSR . ZIP file to a di[...]

  • Seite 29

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-11 v2.0, May 2007 2. In the Digital Certificate Management section, click Ne w CSR/CR T . The Create CSR screen will display . 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible[...]

  • Seite 30

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-12 Installing the SSL312 v2.0, May 2007 4. Click the Enable link adjacent to the new cer tificate. The Enable Certificate screen displays Figure 2-7 Figure 2-8[...]

  • Seite 31

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-13 v2.0, May 2007 5. Enter the Certificate Password and click Enab le. The SSL VPN Concentrator software will restart using the new certificate. V iewing and Deleting Certificates The Current Certificates table lists the valid S SL certificates. (The Certific[...]

  • Seite 32

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-14 Installing the SSL312 v2.0, May 2007 S tep s for Furt her Configuration The next steps in configuring the SSL VPN Concentrator are: • Create authentication domains ( Chapter 3, “Authenticating Users” ). • Define user and group settings ( Chapter 4, “Setting Up User and [...]

  • Seite 33

    3-1 v2.0, May 2007 Chapter 3 Authenticating Users Remote users conn ecting to the SSL VPN Concentrator mu st be authenticated before being allowed to access the network. The login window prese nted to the user requires three items: a User Name, a Password, and a Domain selection. The Do main determines the au thentication method to be used and the [...]

  • Seite 34

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-2 Authentic ating Users v2.0, May 2007 All of the configured domains will be listed in the table in the Domains window . The domains are listed in the order in which they were created. By default, the geardomain authentication domain is already defined, using the SSL VPN Concentrato[...]

  • Seite 35

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-3 v2.0, May 2007 1. In the Domains menu, click Add Domain. An Ad d Domain window similar to the following displays. 2. From the Authentication T ype pull-down menu, select Local User Database. 3. In the Domain Name field, enter a descriptive name for the authe[...]

  • Seite 36

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-4 Authentic ating Users v2.0, May 2007 For example, if you create a RADIUS domain in the SSL VPN Concentrator called “Miami RADIUS server”, you can add users to groups th at are members of the “Miami RADIUS server” domain. These user names must match the names configured in [...]

  • Seite 37

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-5 v2.0, May 2007 6. From the Portal Layout Name drop-down me nu, select the name of the layout. The default layout is SSL-VPN. Y ou can define additio nal layouts in the Po rtal Layouts page. 7. Click Apply to update the configuration. Once the domain has been[...]

  • Seite 38

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-6 Authentic ating Users v2.0, May 2007 2. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name selecte d by users when they authenticate to the SSL VPN portal. It may be the same value as the NT Domain Name. 3. In the NT Server Ad[...]

  • Seite 39

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-7 v2.0, May 2007 For an LDAP group, yo u can define LDAP attributes. For example, you can specify that users i n an LDAP group must be members of a certain gr oup or or ganizational unit defined on the LDAP server . Or you can specify a uniqu e LDAP distinguis[...]

  • Seite 40

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-8 Authentic ating Users v2.0, May 2007 Sample LDAP Users and Attributes Settings If you manually add a user to an LDAP group, then the user setting will take precedence over LDAP attributes. For example: An LDAP attribute objectClass=Person is defined for group Group1 and an LDAP a [...]

  • Seite 41

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-9 v2.0, May 2007 Configuring for LDAP Authentication T o configure LDAP authentication, click Add Do main. An Add Domain window displays. In the Add Domain window: 1. From the Authentication T ype menu, select LD AP . The Add D omain W i ndow displays the fiel[...]

  • Seite 42

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-10 Authentic ating Users v2.0, May 2007 5. From the Portal Layout Name drop-down me nu, select the name of the layout. The default layout is SSL-VPN. Y ou can define additio nal layouts in the Po rtal Layouts page. 6. Click Apply to update the configuration. Once the domain has been[...]

  • Seite 43

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-11 v2.0, May 2007 2. From the Authentication T ype menu, select Ac tive Directory . Fields for Active Directory configuration display: 3. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name users will selec[...]

  • Seite 44

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-12 Authentic ating Users v2.0, May 2007 7. Check the Require CIFS bookmark to home dire ct ory radio box to automatically allow access to users of this domain an d add the home direct ory path in the field provided. 8. Click Apply to update the configuration. Once the domain has bee[...]

  • Seite 45

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-13 v2.0, May 2007 5. Enter the Kerberos domain name in the Kerberos Domain field. 6. Enter the name of the layout in the Portal Lay out Name fi eld. Th e defau lt layout is S SL-VPN. (Additional layouts may be defined from the SSL VPN Portal > Port al Layou[...]

  • Seite 46

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-14 Authentic ating Users v2.0, May 2007[...]

  • Seite 47

    4-1 v2.0, May 2007 Chapter 4 Setting Up User and Group Access Policies This chapter describes how to define user s and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapte r includes the following topics: • Determine Y our Requirements • Users, Groups and Global Policies • Global[...]

  • Seite 48

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-2 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 • T o create complex policies involving groups of ho st names, IP addresse s or IP address ranges, you can define th es e groups as network object s usin g Network Resources as desc ribed in “Using Network Resource Ob[...]

  • Seite 49

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-3 v2.0, May 2007 • An FTP server at 10.0.1.5, the user would be blocked by Policy 2. • An FTP server at 10.0.0.10, the user would be granted access by Polic y 3. The IP address range 10.0.0.5 - 10.0.0.20 is more specific than the IP a[...]

  • Seite 50

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-4 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 Editing Global Policy Settings T o edit global settings: 1. In the Global Policies table, click the Edit Gl obal P olicies link. The Global Settings screen displays. 2. In the Inactivity T imeout field, enter the number o[...]

  • Seite 51

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-5 v2.0, May 2007 Adding and Editing Global Policies T o define global access polic i es: 1. In the Global Policies section, click Add Policy . An Add Policy window displays. 2. From the Apply Policy T o pull-down menu, selec t whether the[...]

  • Seite 52

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-6 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 4. From the Service pull-down menu , select the service type. If you are applying a policy to a network resource, the service type is defined in the network resource. 5. From the S tatus pull-down menu, select PERMI T or [...]

  • Seite 53

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-7 v2.0, May 2007 Group s Conf iguration When configuring Groups, remember that user policies take precedenc e over all group policies and group policies take precedence over all global po licies, regardless of th e policy definition. (A u[...]

  • Seite 54

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-8 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 . 2. In the Group Name field., enter a descriptive name for the group. 3. In the Domain menu, select the appropriat e domain. The domain will determine the authentication method for the group. 4. Click Apply to update the[...]

  • Seite 55

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-9 v2.0, May 2007 Y ou can set the inactivity timeout at the user , group and global leve l. Set the timeout as 0 in the user and group configuration to use the global timeout setting. If multiple timeout settings are configured, the user [...]

  • Seite 56

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-10 Setting Up User and Grou p Acces s Policies v2.0, May 2007 addresses. If two policies apply to a single IP ad dress, then a policy for a specific servic e (for example RDP) will take precedence over a policy that applies to all services. T o define group access policies: 1. In th[...]

  • Seite 57

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-11 v2.0, May 2007 • If your policy applies to a specific host, ente r the IP address of the local host machine in the IP Address field. • If your policy applies to a network, enter th e network address and subnet bit mask (0-32) in th[...]

  • Seite 58

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-12 Setting Up User and Grou p Acces s Policies v2.0, May 2007 . 2. In the Bookmark Name field, enter a descriptive name. 3. In the Name or IP Address field, enter the domai n name or the IP address of a host machine on the LAN. 4. From the Service pull-down me nu, select the service[...]

  • Seite 59

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-13 v2.0, May 2007 2. In the Group Settings window , click Delete Grou p. The Users and Groups menu displays and the deleted group no longer appears in th e list of defined groups. Y ou can also delete a group by clicking its Delete link. [...]

  • Seite 60

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-14 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Adding a New User T o create a new user: 1. In the Users and Groups menu, click Ad d User . An A dd User menu displays. 2. In the User Name field, enter the user name for the user . This is the name the user will enter in[...]

  • Seite 61

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-15 v2.0, May 2007 4. Click Apply . If the selected group is in a domain that uses ex terna l authentication, such as Active Directory , RADIUS, NT Domain or LDAP , then the Add Us er menu will close and the new user will be added to the U[...]

  • Seite 62

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-16 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Editing a User T o edit a user: 1. In the Users table in the Users and Groups menu, clic k the name of the user . The User Settings menu displays as shown in Figure 4-14 . • The Edit User Settings section shows the U se[...]

  • Seite 63

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-17 v2.0, May 2007 . 2. T o modify the user password, enter the new user pas sword in the Passw ord field. 3. In the Confirm Password field, enter the new password again. 4. Click Apply to update the configuration T o change the user inact[...]

  • Seite 64

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-18 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Defining and Editing User Policies T o define user access policies : 1. On the Edit User Settings screen, click Add Policy . An Add Policy menu display s. 2. In the Apply Policy T o pull-down menu, select whether the poli[...]

  • Seite 65

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-19 v2.0, May 2007 6. Click Apply to update the configuration. Once the configuration h as been updated, the new policy appears in the Edit User Setti ngs menu. The user policies will be displaye d i n the Edit Users Settings screen in the[...]

  • Seite 66

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-20 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Deleting a User T o delete a user: 1. Click the Delete link adjacent to the users name in the Users table. The user is removed from the table in the Users and Grou ps menu, or 2. Click the user name that you wish to remov[...]

  • Seite 67

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-21 v2.0, May 2007 2. Click Add Resourc e. An Add Netw ork Resource menu similar to the following displays. 3. In the Resource Name field, enter a name for the Network Resource. 4. From the Services pull-down menu, select the type of servi[...]

  • Seite 68

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-22 Setting Up User and Grou p Acces s Policies v2.0, May 2007 . 2. From the Object T ype pull-down menu under Add Resource Addresses, select either IP Address or IP Network: • If you selected IP Address, en ter an IP address or fully qualified domain name in the IP Address/Name fi[...]

  • Seite 69

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-23 v2.0, May 2007 . T o delete a defined res ource, click Delete in the Defined Resource Addresses table adjacent to the resource you wish to delete. Figure 4-21 Note: Y ou may define up to 128 addresses or address ranges per Network Reso[...]

  • Seite 70

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-24 Setting Up User and Grou p Acces s Policies v2.0, May 2007[...]

  • Seite 71

    5-1 v2.0, May 2007 Chapter 5 Configuring the Remote Access W eb Port al This chapter explains how to cr eate multiple W eb portals for different users and how to customize the appearance of a portal. It describes: • Portal Layouts • Portal Options • Adding Portal Layouts • Adding T erminal Services Applications to the Portal • Customizing[...]

  • Seite 72

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-2 Configuring th e Remote Acces s Web Portal v2.0, May 2007 T o view the Portal Layout screen: Click Portal Layouts under the S SL VPN Portal menu on the left navigation pan e. A window similar to the following will display . . Port al Options The SSL VPN Concentrator portal can pre[...]

  • Seite 73

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-3 v2.0, May 2007 The configuration of the VPN T unnel and Po rt Forwarding features are described in Chapter 6, “Configuring the SSL VPN T unnel Client and Port Forwarding” . Adding Port al Layouts The SSL VPN Concentrator administrator[...]

  • Seite 74

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-4 Configuring th e Remote Acces s Web Portal v2.0, May 2007 : b. In the Portal Site T itle field, ente r the title for the web browser window . c. T o display a banner message to users before th ey log in to the portal, enter the banner title text in the Banner T itle field. Also en[...]

  • Seite 75

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-5 v2.0, May 2007 d. Check the Enable HTTP meta tags for cache control check box to apply HTTP meta tag cache control directives to this Portal Layout. Cache control directives include: <meta http-equiv=”pragma” content=”no- cache?[...]

  • Seite 76

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-6 Configuring th e Remote Acces s Web Portal v2.0, May 2007 6. Click Apply to confirm your sett ings. Adding T erminal Services Applications to the Portal If you selected the option Applicati ons page (in the SSL VPN Portal Pages to Display section), then the Portal Layout screen wi[...]

  • Seite 77

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-7 v2.0, May 2007 2. In the Application and Path field, enter the path and application name of the T erminal Services application. 3. From the Icon Image menu, select an imag e to appear on the Applica tion s page. 4. Click Add Application t[...]

  • Seite 78

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-8 Configuring th e Remote Acces s Web Portal v2.0, May 2007 Duplicating and Editing Port al Layout s Y ou can edit the features of an existing portal; for example, create a banner or banner message that displays at the top of the page; or show or hide all applica ble bookmarks (user[...]

  • Seite 79

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-9 v2.0, May 2007 T o modify the features of an existing portal: 1. Under the SSL VPN Portal menu on the left navigation pan e, click Portal Layo uts. The Port al Layouts screen displays. 2. In the Layout Name column, click the portal you wa[...]

  • Seite 80

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-10 Configur ing the Remote Access Web Portal v2.0, May 2007[...]

  • Seite 81

    6-1 v2.0, May 2007 Chapter 6 Configuring the SSL VPN T unnel Client and Port Forwarding This chapter describes the confi guration for the SSL VPN T unnel C lient and for Port Forwarding. When a remote user accesses the SSL VPN Concentr ator from a PC that allows ActiveX content, these two powerful features can be activated. For each of these featur[...]

  • Seite 82

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-2 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to the corporate network. • Offers more fin e grained management than VPN T unnel. Ad[...]

  • Seite 83

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the SSL VPN T unnel Client and Port Forwarding 6-3 v2.0, May 2007 – Split tunnel – Sends only traffic destined fo r the internal network based on the specified client routes. All other traf fic is sent to th e internet. Split tunnel allows you to manage your company [...]

  • Seite 84

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-4 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 6. Restart the SSL VPN Concentrator software if any VPN T unnel Clients are actively connected. Restarting will force the client s to obtain a new virtual IP address. VPN T unnel Clients are now able to conn[...]

  • Seite 85

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the SSL VPN T unnel Client and Port Forwarding 6-5 v2.0, May 2007 If the assigned client IP address range is in a diff erent subnet than the corporate network or if the corporate network has multiple subnets, you must define Client Routes. T o add an SSL VPN T u nnel cli[...]

  • Seite 86

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-6 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 . T o delete a VPN T u nnel Cl ient Route: 1. In the Configured Client Routes table, clic k the Delete link adjacent to the client route. 2. Restart the SSL VPN Concentrator software if VPN T unnel Clients a[...]

  • Seite 87

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the SSL VPN T unnel Client and Port Forwarding 6-7 v2.0, May 2007 T o configure applications for Port Forwarding: 1. From the Access Administration me nu in the left navigation pane , select the Port Forwarding option. The Port Forward ing configuration screen disp lays.[...]

  • Seite 88

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-8 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 Configuring Host Name Resolution Once the server and port informa tion has been configured, remote users will be able to access private network servers using Port Forwarding . As a convenience for users, the[...]

  • Seite 89

    7-1 v2.0, May 2007 Chapter 7 Additional System Configuration This chapter describes additional network and configuration management functions provided by the W eb Management Interface. Th e additional functions include: • Configuring Network Settings • Setting Date and T ime • System Configuration Utilities • Additional Notes on the Managem[...]

  • Seite 90

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-2 Additional Syst em Config uration v2.0, May 2007 • Default gateway address (F ir ewall/Router address): 192.168.1.2 54 In the configuration shown in th e diagram, the IP addresses of devices in the local network are configured in the 192.168 .1.0/24 subnet and the defa ult gatew[...]

  • Seite 91

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-3 v2.0, May 2007 2. Enter the Ethernet Port 1 subnet mask that has been configured for your network. The subnet mask value should be the same value as th e subnet mask configured on your network computers. The factory default is 255.2 55.25 5.0 (The[...]

  • Seite 92

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-4 Additional Syst em Config uration v2.0, May 2007 5. Enter the subnet mask. The subnet mask spec ifies the network numb er portion of an IP address. The factory defau lt is 255.255.255.0. 6. Click Apply to save your settings. From the Network screen, you ca n define the default net[...]

  • Seite 93

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-5 v2.0, May 2007 T o configure a static route: 1. In the Add Static Routes section, enter the destin ation network address of the static route in the Destination Network field. The destination netw ork address is an IP address in the remote network [...]

  • Seite 94

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-6 Additional Syst em Config uration v2.0, May 2007 Network Host T able Setting s For the convenience of users, yo u can configur e the SSL VPN Concentrator to translate host names or fully qualified domain names (FQDNs) to IP addresses. This function is configured in the Host T able[...]

  • Seite 95

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-7 v2.0, May 2007 3. In the Host Name field, enter the host name or Fully Qualified Domain Name of the machine. For example, enter mycomputer or www .netge ar .com . Do not enter names with spaces or other non-alphanumeric characters such as apostrop[...]

  • Seite 96

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-8 Additional Syst em Config uration v2.0, May 2007 1. In the Network menu, check the DNS Settings radio butto n. The Network menu displays the fields for entering the DNS Settings. 2. Enter the Hostname for the SS L VPN Concentrator. The hostname identifies the SSL VPN Concentrator [...]

  • Seite 97

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-9 v2.0, May 2007 Setting Date and T ime T o configure the SSL VPN Concen trator date and time settings: 1. Under the System Configuration menu in the left navigation pane, click Date and T ime. The SSL VPN Concentrator uses the date and tim e settin[...]

  • Seite 98

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-10 Additional System Con fig ur a tion v2.0, May 2007 • If you selected Use default NTP server s, NETGEAR’ s prima ry and secondary NTP servers for your time zone will appear . • If you selected Use custom NTP servers, ente r an NTP server IP address or fully-qualified domain [...]

  • Seite 99

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7 -11 v2.0, May 2007 Encrypting the Configuration File For security purposes, you can encrypt the configura tion files. However , if the configuration files are encrypted, they cannot be edited or reviewed for troubleshooting purposes. T o encrypt the[...]

  • Seite 100

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-12 Additional System Con fig ur a tion v2.0, May 2007 3. Choose the location to save the conf iguration file. The file is named CONF . ZIP by default, but it can be renamed. 4. Click Save to save the configuration file. Importing a Configuration File T o import a saved confi guratio[...]

  • Seite 101

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7 -13 v2.0, May 2007 Erasing the Configuration and Restoring the Default Settings T wo methods are available for eras ing the configuration and restor ing the factory default settings. Y ou can press and hold the front panel Factory Defaults pu sh but[...]

  • Seite 102

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-14 Additional System Con fig ur a tion v2.0, May 2007 1. Download the new firmware from NETGEAR’ s support site. If the f ile is a zip archive, extract it and save it to your PC. 2. In the Utilities menu, click Upgrade. A submenu will display . 3. Click Browse to locate the save d[...]

  • Seite 103

    8-1 v2.0, May 2007 Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: • SSL VPN Concentrator Status • Active Users • Event Log • Log Settings • Diagnostics SSL VPN Concentrator St atus The Status window shows important state and conf [...]

  • Seite 104

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-2 Monitoring and Loggin g v2.0, May 2007 From the S tatus page, you may view: • The SSL VPN Concentrator software version • The amount of RAM memory in kilo Bytes (kB) • The current memory usage in percent (%). • The current CPU usage in percent (%). • The available flash [...]

  • Seite 105

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-3 v2.0, May 2007 Active Users The Active Users screen displays the active users and administ rators logged into the SSL VPN portal. T o view the Active Users log file: Click Active Users under the Mon itoring menu in the left nav igation pane. The Active Use[...]

  • Seite 106

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-4 Monitoring and Loggin g v2.0, May 2007 Event Log The SSL VPN Concentrator provides web based loggin g. It also provides the ability to send log messages to an external syslog serv er using the syslog protocol and to E-mail log files and alert messages to an E-mail address or pager[...]

  • Seite 107

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-5 v2.0, May 2007 • User name. The User name field shows the auth enticated name of the user or administrator that generated the log event. • Log message. The message field des cribes the ev ent that occurred. Examples of log messages include Administr at[...]

  • Seite 108

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-6 Monitoring and Loggin g v2.0, May 2007 so most standard firewall and networking repo rting products can accept and interpret the SSL VPN Concentrator log files. The SSL VPN Concentrat or syslog service transm its syslog messages to external syslog server(s) listening on UDP port 5[...]

  • Seite 109

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-7 v2.0, May 2007 3. If you have a backup o r second syslog server, enter the IP address or domain name of the Secondary Syslog Server in the Secondary Syslog Server field. 4. In the E-mail Settings section: a. T o receive e-mail notificati on, enter your ful[...]

  • Seite 110

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-8 Monitoring and Loggin g v2.0, May 2007 Log categories are organized from most to least critical. Once a category is selected, then all events equal to or more critica l than the selected log category and will be logged. The default Log and Alert levels are: • Syslog Messages: De[...]

  • Seite 111

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-9 v2.0, May 2007 Diagnostics Basic network diagnostic tools are a vailable in the Diagnostics menu. Unde r the Monitoring menu in the left navigati on menu, click Diagnostics. The Diagnost ics window displays. The following diagnostic functions are available[...]

  • Seite 112

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-10 Monitori ng and Logg ing v2.0, May 2007[...]

  • Seite 113

    Default Settings and Technical Specifications A-1 v2.0, May 2007 Appendix A Default Settings and T echnical S pecifications This appendix provides the factory default settings and techni cal specifications for the ProSafe SSL VPN Concentrator 25 SSL312. Factory Default Settings Y ou can use the push button located on the front of your device to res[...]

  • Seite 114

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l A-2 Default Settings and Technical Specifications v2.0, May 2007 T echnical Specifications Concentra tor Ethernet MAC Address See bottom label. T ime Zone GMT T ime Zone Adjusted for Daylight Saving Ti m e Automatica lly enabled if DST available in area selected; otherwise disabled. C[...]

  • Seite 115

    Related Documents B-1 v2.0, May 2007 Appendix B Related Document s This appendix provides links to reference documents you c an use to gain a more complete understanding of the technolog ies used in your NETGE AR product. Document Link T emplate for creating an end-user guide http://documentation. netgear .com/ssl312/enu/ 202-10208-01/appnote.doc I[...]

  • Seite 116

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l B-2 Related Documents v2.0, May 2007[...]

  • Seite 117

    Index-1 v2.0, May 2007 Index Numerics 10.0.0.1 Port 2 default 7-3 192.168.1.1 Port 1 default 7-2 A Active Directory 3-2 , 3-10 , 4-15 synchronizing 3-12 W indows server config 3-12 Active Users 8-2 , 8-3 ActiveX web cache control 5-5 Add Bookmark 4-6 user 4-19 Add Default Route 7-4 Add Domain 3-3 Add Group 4-7 Add Policy user 4-18 Add User 4-14 App[...]

  • Seite 118

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-2 v2.0, May 2007 console port A-2 crt.zip 2-11 CSR 2-9 csr.zip 2-10 D Date and Time setti ngs 7-9 default password 2-5 Settings A-1 user name 2-5 default authentic ati on 3-2 default domain name 2-5 , 3-2 Default Gateway Address 7-4 Defined Resource user 4-18 Deleteing a User 4-[...]

  • Seite 119

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Index-3 v2.0, May 2007 group settings defining 2-14 Groups Add Name 4-8 configuring 4-7 Domain 4-8 editing 4-8 Inactivity T i meout 4-8 H Host Name resolution, configuring 6-8 Hostname 7-8 HTTP meta ta gs 5-5 https //10.0.0.1 2-4 //192.168.1.1 2-4 I Inactivity Ti meout 4-8 setting 4[...]

  • Seite 120

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-4 v2.0, May 2007 Policy service type 4-6 policy hierarchy 4-2 Port 1 default login 2-4 port addresses 8-2 Port Forwarding 6-6 , 6-8 adding Configured Applications 6-7 configuring applications for 6-7 Port2 default 2-4 Portal add new 5-8 modify 5-9 Portal Layout Name 3-3 Portal L[...]

  • Seite 121

    NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Index-5 v2.0, May 2007 U UDP port for syslog 8-6 User Bookmarks adding 4-19 editing 4-19 User Group define 4-14 User Name define 4-14 User Policies 4-2 adding 4-18 editing 4-18 user settings defining 2-14 Users editing 4-16 Utilities 7-10 V Video Network Computing 4-21 VPN Tunnel ad[...]

  • Seite 122

    NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-6 v2.0, May 2007[...]