ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
6-18 Advanced Virtual Private Networking
v1.0, September 2007
f. The “FVG318” certificate will display in the Active Self Certificates table and the pending
“FVG318” Self Certificate Request will be deleted.
7. Associate the new certificate and the Trusted Root CA certificate on the FVG318.
a. Create a new IKE policy called Scenario_2 with all the same properties of Scenario_1,
except now select the RSA Signature radio box instead of the Pre-shared key.
b. Create a new VPN Auto Policy called scenario2a with all the same properties as
scenario1a except that it uses the IKE policy called Scenario_2.
Now, the traffic from devices within the range of the LAN subnet addresses on FVG318 A and
Gateway B will be authenticated using the certificates rather than via a pre-shared key.
8. Set up Certificate Revocation List (CRL) checking.
a. Get a copy of the CRL from the CA and save it as a text file.
b. Select VPN > Certificates from the main menu and scroll down to the Certificate
Revocation Lists (CRL) section.
c. Click Browse to locate the CRL file.
d. Click Upload. The CRL will be uploaded to the Certificate Revocation Lists (CRL) table.
Now expired or revoked certificates will not be allowed to use the VPN tunnels managed by
IKE policies which use this CA.
Note: The procedure for obtaining a CRL differs from a CA like Verisign and a
CA such as a Windows 2000 certificate server, which an organization
operates for providing certificates for its members. Follow the procedures
of your CA.
Note: You must update the CRLs regularly in order to maintain the validity of the
certificate-based VPN policies.