Netgear FVS318G FVS318G User Manual - Page 124
browsers as it provides no protection against identity theft of the server. - vpn issues
UPC - 606449064827
View all Netgear FVS318G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 124 highlights
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual In the FVS318G, the uploaded digital certificate is checked for validity and also the purpose of the certificate is verified. Upon passing the validity test and the purpose matches its use (has to be SSL and VPN) the digital certificate is accepted. The additional check for the purpose of the uploaded digital certificate must correspond to use for VPN and secure web remote management via HTTPS. If the purpose defined is for VPN & HTTPS then the certificate is uploaded to the HTTPS certificate repository and as well in the VPN certificate repository. If the purpose defined is ONLY for VPN then the certificate is only uploaded to the VPN certificate repository. Thus, certificates used by HTTPS and IPSec will be different if their purpose is not defined to be VPN and HTTPS. The VPN firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be authenticated by remote entities. A certificate that authenticates a server, for example, is a file that contains: • A public encryption key to be used by clients for encrypting messages to the server. • Information identifying the operator of the server. • A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified absolutely. You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a strong assurance of the server's identity. A self-signed certificate will trigger a warning from most browsers as it provides no protection against identity theft of the server. Your VPN firewall contains a self-signed certificate from NETGEAR. We recommend that you replace this certificate prior to deploying the VPN firewall in your network. From the VPN > Certificates menu, you can view the currently loaded certificates, upload a new certificate and generate a Certificate Signing Request (CSR). Your VPN firewall will typically hold two types of certificates: • CA certificate. Each CA issues its own CA identity certificate in order to validate communication with the CA and to verify the validity of certificates signed by the CA. • Self certificate. The certificate issued to you by a CA identifying your device. 6-8 Managing Users, Authentication, and Certificates 1.1 November, 2009