NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Installing third party SSL certificate?
I searched far (Google) and wide (NETGEAR forum), but could not find the answer to this question for our beloved R7000. Is there any way to install a proper PKI-chained SSL certificate from a third party like Comodo or StartCom SSL? Currently, when enabling HTTPS access for remote management, my/all browsers get angry because the R7000 is using a self-signed certificate: I have a free StartCom SSL cert all generated and ready to install. The problem is, I cannot find a way to share this certificate, intermediate cert, and private key, with my router. Thanks! - DaveBlocking HTTPS sites, truth vs lies.
Let me be clear and say that my knowledge is limited, no one knows everything about computers. I am fairly new, I have only been programming since the 1980's. Yes, I did look and yes, I see that the same issue has been brought up many times. I also keep seeing the same lame excuse that, quite frankly seams like a lie. I am going to call BS on this, ask the question again, and see if we can't get somewhere with it. The lie: "HTTPS pages are encrypted and the router can't see the content, hence, it can't block access to HTTPS pages." This same excuse keeps being used. This tired statement starts out true, about being encrypted and not seeing page content. It is also true that the ability to block the page, based on a scan of the page content, could not function. However; that claim fails to be true when it is used as an excuse for not blocking a domain name. The truth: The URL of an encrypted page is NOT encrypted or it couldn't be routed to its destination. Currently, there is no reason this router shouldn't be able to block HTTPS pages by applying the filter to the domain name. I understand that a URL mask can be applied server-side and HTTPS encryption used to hide the true destination. Yes, I know there are work-arounds for crafty programmers/hackers. That said, applying the filters to the known URL would allow a significantly effective block for many things. When we are looking at router level filters, we are not talking about national defense or stopping a truly determined expert hacker. Given a little opportunity, I doubt 1 out of 10,000 people would be able to keep a novice hacker out of their personal computer. That said, it would be most helpful to many of us if Netgear would simply apply the filters, we have already input, to the URL and stop the average person from simply typing https://facebook.com and getting what they want when we told you to block facebook.com. Ok so the next suggestion at this point might be to use the Genie app with the parental controls. That simply isn't an option. For reasons I will rant about in a future post, the Genie app is itself a security breach and not viable in its current design. So, no more lies please, even if you can't filter HTTPS pages by content scan, at least implement the filters on the URL so we can effectively block most of the things we don't want getting through. I do feel strongly about this and will not apologize for my tone. I am not a networking expert. If there is something I am missing, will someone PLEASE explain it to me because I have yet to read an explanation here that made any sence. Thank you for your consideration.
XR500 internet time setup and SSH access
Hi experts. Couple of questions for you. I recently bought the XR500 as I got seduced by the DumaOS screens. I previsouly had a Netgear R7000 which I had flashed with DD-WRT Kongo. Liked it a lot but to be honnest the idea of having fancy bandwidth graphs pushed me to the XR500. While the interface is really neat, there are number of features I miss from DD-WRT, and some other upgrades I am hoping for (more icons for the devices e.g. switches, the ability to disconnect a device from the network as the blocking feature works only if the device tries to connect...). I am running version V2.2.1.10 which I believe is the latest one. To the questions: - I must be a little tired or something... how do we change the timezone ? Programming the wifi ON/OFF on specific hours would be much easier if the router was set on my timezone... - is SSH connection blocked ? putty tells me "connection refused"? - I seem to be able to access the interface thru HTTP or HTTPS... how do I limit to HTTPS? thanks much! Arnaud
M7100-24X - No support for TLS 1.2 on management connections?
New poster here so hi everyone. :smileyhappy: Just wanted run a question by the experts here. My company has just aquired a wildcard certificate from Digicert which we're planning to use for HTTPS management connections to each of our network devices and various servers. After some trial and error, I managed to get the certificate installed on one of our M7100-24X switches and I can make a properly secured connection to its web console. However, I noticed in the HTTPS settings and in the subsequent connection information that the most up-to-date cipher suite it can use is TLS 1.0. As we are in the process of making our organisation PCI DSS compliant, I would like to be able to use TLS 1.2. Have any of you got experience in this area? Does anyone know whether it is possible to enable TLS 1.2 on Netgear switches? Pehaps Netgear are aware that this needs addressing and are working on it for a future firmware release. I've opened a support ticket but any advice from the community would be helpful in the meantime. Thanks.
