UTM-25 to FVS336G migration. Dialogue differences and selection of internal default NetgearVPN certs
Hi all
I have almost finished migrating the config an elderly UTM-25 to a new FVS336G FWR. However, when transferring existing VPN settings I noticed that the UTM had an option to select the internal Netgear fixed certificate (for VPN use). After wasting some time chasing up red-herrings in various posts and comments around the internets i'm still not 100% clear if the dialogue difference is merely a style difference and the FVS one still has a useable internal default cert or not. The manual seems to suggest so but the dialogue on the new unit only has relevant options to generate a CSR and upload external certs (I have to assume there might be firmware differences which mean the manual might be out of step). The old unit had a radiobutton to select the Netgear default one. It may be that the FVS does this but doesn't mention or confirm it via the interface. It could be that Netgear have decided to abandon internal certs and force the use of externally imported one I suppose. Not sure.
The question is, if I ignore the certs setttings page, and given the same PSK and all other settings which were transferred, will the unit re-make the VPN link to our remote site (which also has a working Netgear unit which is currently connected to our UTM device) and will the link come up or will I then have to reinstate the old unit and look into buying or generating a self-signed external cert and then getting remote access to our overseas unit to finish the job?
Having this clear is important when planning site outages, especially if comms offer 24/7 services so I'd like to dig around for more info before planning the change outage and having unnecessary down time
Regards
Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Simple steps for reference: 1.Get the trusted certificates,upload it to device under trusted certificates. 2.Generate self certificate on device 3.Active self certificate 4.Config IPSec VPN
Re: UTM-25 to FVS336G migration. Dialogue differences and selection of internal default NetgearVPN c
Hi Dan
Many thanks for the response.
I spotted that stuff in the manual, but I wondered if I would be correct in deducing that "trusted certificate" in this context excludes Netgear internal default ones. i.e. from an implementation point of view does this imply that I need to purchase/source a trusted cert from a CA? Does this mean I can export the existing internal trusted (?) Netgear cert from the UTM and import into the FVS?
Re: UTM-25 to FVS336G migration. Dialogue differences and selection of internal default NetgearVPN c
Hi Marksmt,
We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.
If your issue is now resolved we encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The Netgear community looks forward to hearing from you and being a helpful resource in the future!
