Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Set Up Virtual Private Networking with SSL Connections 439 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 17. Verify the settings. To make changes to the settings: a.Click the Back button to navigate to the screen on which you want to change the settings. b. Change the settings. c. Click the Next button to navigate back to the SSL VPN Wizard Step 6 of 6 screen. 18. Click the Apply button.
Set Up Virtual Private Networking with SSL Connections 440 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Your settings are saved. If the VPN firewall accepts the settings, the Policies screen displays with a message Operation succeeded at the top of the screen. If the VPN firewall rejects the settings, review the settings that you entered and try again. Most failures occur because of a misconfiguration. For information about how to access the new portal, see Access a Custom SSL VPN Portal on page 440. Access a Custom SSL VPN Portal After you build a custom SSL portal, either with the SSL VPN Wizard or manually, access the portal to verify that it functions correctly before you provide the portal link to users who must access the portal. Note:The first time that you attempt to connect through the VPN tunnel, the SSL VPN tunnel adapter is installed; the first time that you attempt to connect through the port-forwarding tunnel, the port-forwarding engine is installed. To access a custom SSL portal: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays.
Set Up Virtual Private Networking with SSL Connections 441 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select VPN > SSL VPN > Portal Layouts. The Portal Layouts screen displays the IPv4 portals. 7. To access an IPv6 portal instead of an IPv4 portal, in the upper right select the IPv6 radio button. The Portal Layouts screen displays the IPv6 portals. 8. In the Portal URL column of the List of Layouts table, click the URL for a portal. You can recognize a portal through the portal layout name with which a URL ends. Note:This URL is the link that you must provide to a user who needs access to the portal. The user must enter this URL in the navigation toolbar of a browser. For you to enable a user outside the VPN firewall’s local network to access the portal, the URL must have a public IP address. The login screen displays.
Set Up Virtual Private Networking with SSL Connections 442 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. In the Username field, type the name that you associated with the portal and in the Password / Passcode field, type the password that you associated with the portal. 10. From the Domain menu, select the domain that you associated with the portal. Note:Any user for whom you have set up a user account that is linked to the domain for the portal and who has knowledge of the portal URL can access the portal. For information about setting up user accounts, see Manage User Accounts on page 498. 11. Click the Login button. A portal screen displays. The format of the portal screen depends on how you set up the portal. The following figure shows a portal screen with a VPN Tunnel menu option only.
Set Up Virtual Private Networking with SSL Connections 443 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The following figure shows a portal screen with a Port Forwarding menu option only. A portal screen displays a simple menu that provides the SSL user with the following menu selections: •VPN Tunnel. Provides full network connectivity. •Port Forwarding. Provides access to the network services that you defined (see Build an SSL Portal with the SSL VPN Wizard on page 429 or Configure Applications for SSL VPN Port Forwarding on page 453). •Change Password. Allows the user to change the password. •Support. Provides access to the NETGEAR website.
Set Up Virtual Private Networking with SSL Connections 444 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 View SSL VPN Connection and Status Information The following sections provide information about viewing the SSL VPN tunnel connections and log: •View the VPN Firewall SSL VPN Connection Status and Disconnect Active Users •View the VPN Firewall SSL VPN Log View the VPN Firewall SSL VPN Connection Status and Disconnect Active Users The following procedure describes how to view the connection status of all users who are logged in to an SSL portal on the VPN firewall and disconnect active users. To view the status of all active SSL VPN users on the VPN firewall and disconnect active users: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select VPN > Connection Status > SSL VPN Connection Status. The SSL VPN Connection Status screen displays.
Set Up Virtual Private Networking with SSL Connections 445 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The SSL VPN Connection Status table lists each active connection with the information that is described in the following table. 7. To disable an active SSL user, in the SSL VPN Connection Status table, click the corresponding Disconnect button. The user is disconnected. 8. To disable another active L2TP user, repeat Step 7. View the VPN Firewall SSL VPN Log The SSL VPN log on the VPN firewall displays notifications and, if errors occur, error messages that are detected on the VPN firewall side. If problems occur during the SSL portal establishment process, these error messages can help you to determine what the problem is. (Misconfigration is the most common problem.) To display the SSL VPN log on the VPN firewall: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. ItemDescription Username The user name that is associated with the SSL session. Group The group to which the user is assigned. IP address The IP address from the user is logged in. Login Time The time that the user logged in. Action The Disconnect button lets you terminate the SSL VPN tunnel connection. (This button displays only if an active SSL connection exists.)
Set Up Virtual Private Networking with SSL Connections 446 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > VPN Logs > SSL VPN Logs. The SSL VPN Logs screen displays. Manually Set Up or Change an SSL Portal The following sections provide information about manually setting up or changing an SSL portal: •Manual SSL Configuration Overview •Manage the Portal Layout •Configure Applications for SSL VPN Port Forwarding •Configure the SSL VPN Client •Manage Network Resource Objects to Simplify Policies •Configure User, Group, and Global Policies Manual SSL Configuration Overview To configure and activate SSL connections, perform the following six basic steps in the order that they are presented:
Set Up Virtual Private Networking with SSL Connections 447 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 1. Create an SSL portal layout (see Manage the Portal Layout on page 448). When remote users log in to the VPN firewall, they see a portal screen that you can customize to present the resources and functions that you want to make available. 2. Create authentication domains, user groups, and user accounts. Remote users connecting to the VPN firewall through an SSL VPN portal must be authenticated before they are granted access to the network. The login screen that is presented to the user requires three items: a user name, a password, and a domain selection. The domain determines both the authentication method and the portal layout that are used. For an SSL portal, you must create authentication domains, user groups, and user accounts as follows: a.Create one or more authentication domains for authentication of SSL VPN users (see Manage Authentication Domains on page 488). When remote users log in to the VPN firewall, they must specify a domain to which their login account belongs. The domain determines the authentication method that is used and the portal layout that is presented, which in turn determines the network resources to which the users are granted access. Because you must assign a portal layout when creating a domain, you create the domain after you create the portal layout. b. Create one or more groups for your SSL VPN users (Manage Authentication Groups on page 494). When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can define global policies, group policies, or individual policies. Because you must assign an authentication domain when creating a group, you create the group after you create the domain. c. Create one or more SSL VPN user accounts (see Manage User Accounts on page 498). Because you must assign a group when creating an SSL VPN user account, you first must create a group and then a user account. 3. For port forwarding, define the servers and services (see Configure Applications for SSL VPN Port Forwarding on page 453). Create a list of servers and services that can be made available through user, group, or global policies. You can also associate fully qualified domain names (FQDNs) with these servers. The VPN firewall resolves the names to the servers using the list you create. 4. For SSL VPN tunnel service, configure the virtual network adapter (see Configure the SSL VPN Client on page 459). For the SSL VPN tunnel option, the VPN firewall creates a virtual network adapter on the remote computer that then functions as if it were on the local network. Configure the portal’s SSL VPN client to define a pool of local IP addresses to be issued to remote clients, as well as DNS addresses. Declare static routes or grant full access to the local network, subject to additional policies.
Set Up Virtual Private Networking with SSL Connections 448 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 5. To simplify policies, define network resource objects (see Manage Network Resource Objects to Simplify Policies on page 467). Network resource objects are groups of IP addresses, IP address ranges, and services. By defining resource objects, you can more quickly create and configure network policies. 6. Configure the SSL VPN policies (see Configure User, Group, and Global Policies on page 473). Policies determine access to network resources and addresses for individual users, groups, or everyone. Manage the Portal Layout The following sections provide information about managing the portal layout: •Portal Layouts Overview •Create a Portal Layout •Change a Portal Layout •Remove One or More Portal Layouts Portal Layouts Overview You can create a custom screen that remote users see when they log in to the SSL portal. Because the login screen is customizable, it provides an ideal way to communicate remote access instructions, support information, technical contact information, or VPN-related news updates to remote users. The login screen is also suitable as a starting screen for restricted users; if mobile users or business partners are permitted to access only a few resources, the login screen that you create presents only the resources that are relevant to these users. You apply portal layouts by selecting one from the available portal layouts in the configuration of a domain. When you have completed your portal layout, you can apply the portal layout to one or more authentication domains (see Manage Authentication Domains on page 488). You can also make the new portal the default portal for the SSL VPN gateway. The VPN firewall’s default portal address is https:///portal/SSL-VPN, in which the IP address can be either an IPv4 or an IPv6 address. Both types of addresses are supported simultaneously. The default domain geardomain is assigned to the default SSL-VPN portal. If you have enabled IPv6 (see Manage the IPv6 Routing Mode on page 88), when you create a portal with an IPv4 address, the same portal is automatically created with an IPv6 address, and the other way around; when you create a portal with an IPv6 address, the same portal is automatically created with an IPv4 address. You can define individual layouts for the SSL VPN portal. The layout configuration includes the menu layout, theme, portal pages to display, and web cache control options. The default portal layout is the SSL-VPN portal. You can add additional portal layouts. You can also make any portal the default portal for the VPN firewall.