NETGEAR SRX5308 Router Manual (Setup & Configuration)

There is no better technical help than having the manual of any given product. Fortunately, we are presenting router guide for NETGEAR SRX5308 router. If you need help on topics like web panel access for management, router hard reset, parental control settings, band width allocation, changing your router IP or password from default, port forwarding, then reading this guide is a must.

Page 1 / 469
350 East Plumeria Drive
San Jose, CA 95134
USA
April 2013
202-10536-05
ProSAFE Gigabit Quad WAN SSL
VPN Firewall SRX5308
Reference Manual
Page 2 / 469
2
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Support
Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your product and use it to register your product
at
. You must register your product before you can use NETGEAR telephone support.
NETGEAR recommends registering your product through the NETGEAR website. For product updates and web
support, visit
.
Phone (US & Canada only): 1-888-NETGEAR.
Phone (Other Countries): Check the list of phone numbers at
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. © NETGEAR, Inc. All rights reserved.
Revision History
Publication
Part Number
Version
Publish Date
Comments
202-10536-05
April 2013
Added the following features:
Auto-rollover support with failure detection for IPv6 WAN
interfaces (see
Configure Auto-Rollover for IPv6 Interfaces
and
Create an IPv6 Gateway-to-Gateway VPN Tunnel with
the Wizard
)
Multicast pass-through with alternate networks (see
Configure
Multicast Pass-Through for IPv4 Traffic
)
SNMP access from the WAN and SNMP trap events (see
Use
a Simple Network Management Protocol Manager
)
Option to define what constitutes a UCP flood attack (see
Attack Checks
)
Authentication and encryption for the PPTP server (see
Configure the PPTP Server
)
Authentication for the L2TP server (see
Configure the L2TP
Server
)
Option to select a gateway when you ping or send a trace
packet and option to select a VPN policy when you ping or
send a trace packet through a VPN tunnel (see
Send a Ping
Packet
and
Trace a Route
)
202-10536-04
1.0
July 2012
A major revision. Added the following features:
Support for IPv6 with multiple IPv6 features, including a new
general menu structure that provides both IPv4 and IPv6
radio buttons (very extensive revisions throughout the
manual)
IPSec VPN autoinitiate support (see
Manually Add or Edit a
VPN Policy
)
SNMPv3 support (see
Use a Simple Network Management
Protocol Manager
)
Option to reboot with a different firmware version (see
Select
the Firmware and Reboot the VPN Firewall
)
Extensive list of factory default settings (see
Appendix A,
Default Settings and Technical Specifications
)
Page 3 / 469
3
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
202-10536-03
1.0
November 2011
Incorporated nontechnical edits only (there are no feature
changes).
202-10536-02
1.0
July 2011
Added new features that are documented in the following
sections:
Configure WAN QoS Profiles
Inbound Rules (Port Forwarding)
and
Create LAN WAN
Inbound Service Rules
Attack Checks
Set Limits for IPv4 Sessions
Create IP Groups
Use the NETGEAR VPN Client Wizard to Create a Secure
Connection
Manually Create a Secure Connection Using the NETGEAR
VPN Client
Configure the ProSafe VPN Client for Mode Config Operation
Configure Date and Time Service
Configure and Enable the LAN Traffic Meter
202-10536-01
1.0
April 2010
Initial publication of this reference manual.
Page 4 / 469
4
Contents
Chapter 1
Introduction
What Is the ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308? .12
Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Quad-WAN Ports for Increased Reliability and Load Balancing. . . . . . .13
Advanced VPN Support for Both IPSec and SSL. . . . . . . . . . . . . . . . . .14
A Powerful, True Firewall with Content Filtering. . . . . . . . . . . . . . . . . . .14
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Autosensing Ethernet Connections with Auto Uplink . . . . . . . . . . . . . . .15
Extensive Protocol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Easy Installation and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Bottom Panel with Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Choose a Location for the VPN Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . .20
Use the Rack-Mounting Kit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Log In to the VPN Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Web Management Interface Menu Layout . . . . . . . . . . . . . . . . . . . . . . . . .23
Requirements for Entering IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . .25
IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Chapter 2
IPv4 and IPv6 Internet and WAN Settings
Internet and WAN Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Roadmap to Setting Up IPv4 Internet Connections to Your ISPs. . . . . .27
Roadmap to Setting Up IPv6 Internet Connections to Your ISPs. . . . . .28
Configure the IPv4 Internet Connection and WAN Settings. . . . . . . . . . . .29
Configure the IPv4 WAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Let the VPN Firewall Automatically Detect and
Configure an IPv4 Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . .31
Manually Configure an IPv4 Internet Connection. . . . . . . . . . . . . . . . . .34
Configure Load Balancing or Auto-Rollover for IPv4 Interfaces. . . . . . .40
Configure Secondary WAN Addresses . . . . . . . . . . . . . . . . . . . . . . . . .47
Configure Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Configure the IPv6 Internet Connection and WAN Settings. . . . . . . . . . . .52
Configure the IPv6 Routing Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Use a DHCPv6 Server to Configure an IPv6 Internet Connection . . . . .55
Page 5 / 469
5
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Configure a Static IPv6 Internet Connection. . . . . . . . . . . . . . . . . . . . . .58
Configure a PPPoE IPv6 Internet Connection . . . . . . . . . . . . . . . . . . . .61
Configure 6to4 Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Configure ISATAP Automatic Tunneling. . . . . . . . . . . . . . . . . . . . . . . . .65
View the Tunnel Status and IPv6 Addresses . . . . . . . . . . . . . . . . . . . . .67
Configure Stateless IP/ICMP Translation . . . . . . . . . . . . . . . . . . . . . . . .67
Configure Auto-Rollover for IPv6 Interfaces . . . . . . . . . . . . . . . . . . . . . .68
Configure Advanced WAN Options and Other Tasks. . . . . . . . . . . . . . . . .71
Configure WAN QoS Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Additional WAN-Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .82
Verify the Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
What to Do Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Chapter 3
LAN Configuration
Manage IPv4 Virtual LANs and DHCP Options . . . . . . . . . . . . . . . . . . . . .84
Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Assign and Manage VLAN Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
VLAN DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Configure a VLAN Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Configure VLAN MAC Addresses and LAN Advanced Settings. . . . . . .93
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN . . . . .94
Manage IPv4 Groups and Hosts (IPv4 LAN Groups). . . . . . . . . . . . . . . . .96
Manage the Network Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Change Group Names in the Network Database . . . . . . . . . . . . . . . . .100
Set Up DHCP Address Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Manage the IPv6 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
DHCPv6 Server Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Configure the IPv6 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the LAN . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN . . . .113
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic. . . . . . . . .114
DMZ Port for IPv4 Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
DMZ Port for IPv6 Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . .122
Manage Static IPv4 Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Configure Static IPv4 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Configure the Routing Information Protocol . . . . . . . . . . . . . . . . . . . . .129
IPv4 Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Manage Static IPv6 Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Chapter 4
Firewall Protection
About Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Administrator Tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Overview of Rules to Block or Allow Specific Kinds of Traffic . . . . . . . . .136
Outbound Rules (Service Blocking) . . . . . . . . . . . . . . . . . . . . . . . . . . .137