6
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configure LAN WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Create LAN WAN Outbound Service Rules . . . . . . . . . . . . . . . . . . . . .143
Create LAN WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . .145
Configure DMZ WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Create DMZ WAN Outbound Service Rules. . . . . . . . . . . . . . . . . . . . . 149
Create DMZ WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . .151
Configure LAN DMZ Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Create LAN DMZ Outbound Service Rules . . . . . . . . . . . . . . . . . . . . . 155
Create LAN DMZ Inbound Service Rules. . . . . . . . . . . . . . . . . . . . . . . 157
Examples of Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Examples of Inbound Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . .159
Examples of Outbound Firewall Rules. . . . . . . . . . . . . . . . . . . . . . . . .164
Configure Other Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Attack Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Set Limits for IPv4 Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Manage the Application Level Gateway for SIP Sessions . . . . . . . . . .171
Services, Bandwidth Profiles, and QoS Profiles. . . . . . . . . . . . . . . . . . . . 171
Add Customized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Create IP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Create Bandwidth Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Create Quality of Service Profiles for IPv4 Firewall Rules . . . . . . . . . .179
Quality of Service Priorities for IPv6 Firewall Rules . . . . . . . . . . . . . . .181
Configure Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Set a Schedule to Block or Allow Specific Traffic. . . . . . . . . . . . . . . . . . . 185
Enable Source MAC Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Set Up IP/MAC Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Configure Port Triggering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Configure Universal Plug and Play. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Chapter 5 Virtual Private Networking Using IPSec and L2TP ConnectionsConsiderations for Dual WAN Port Systems (IPv4 Only). . . . . . . . . . . . . 196
Use the IPSec VPN Wizard for Client and Gateway Configurations . . . . 198
Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard. . . 198
Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard. . . 203
Create an IPv4 Client-to-Gateway VPN Tunnel with the Wizard . . . . . 206
Test the Connection and View Connection and Status Information . . . . .221
Test the NETGEAR VPN Client Connection . . . . . . . . . . . . . . . . . . . .221
NETGEAR VPN Client Status and Log Information . . . . . . . . . . . . . . .223
View the VPN Firewall IPSec VPN Connection Status. . . . . . . . . . . . .2 23
View the VPN Firewall IPSec VPN Log . . . . . . . . . . . . . . . . . . . . . . . . 224
Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Manage IKE Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Manage VPN Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . .239
Configure XAUTH for VPN Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . .240