NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

srx5308

28 Topics

SRX5308 checksum on updated .cfg
I have an ISP that (too-) frequently changes the IP address of client systems. I often need to update the incoming firewall rules. This can be done by manually changing each rule for each remote system, but since the config files are saved in ASCII format, I'd like to edit that file and re-upload it to the firewall. But after doing so, re-uploading the file to the fire wall yields a checksum error on the 5308. Is there a way to: 1) regenerate the .cfg file's checksum 2) clear the checksum so the firewall's firmware knows to regenerate it? 3) is there a tool that will recalculate the checksum on an existing flat file? 4) have the firewall rules use a hostname instead of a fixed IP address? Updating many entries via the web interface is error-prone and time consuming. Is there a later firewall similar to the 5308 that has such a checksum-updating ability already implemented? Finally, I suppose an existing utility such as expect(1) could interactively update configs via the CLI interface, but I was hoping this might be an already-addressed issue. Thanks, John
secondjohn
May 23, 2025 Place Business Pro Routers
10Views
0likes
0Comments
SHA-256 signature algorithm for SRX 5308
Need firmware upgrade, if possible, for SRX 5308 to add SHA-256 or higher signature algorithm to meet PCI compliance. If this is not possible I need to know so I can replace hardware with compliant hardware.
Jonagold1
Nov 14, 2018 Place Feature Requests
45KViews
7likes
6Comments
SRX 5308 ed FQDN - Un Quad Wan che non è Quad!
Non so che esperienze abbiate avuto con quest'apparato, ma io posso dirvi che, avendolo comprato ed utilizzato da diversi anni, è un vero e proprio FLOP della Netgear. Scusate la schiettezza, ma 2 sono i motivi ed i problemi principali a cui non sembra poter trovare soluzione: l'impossiblità a farlo funzionare con più WAN (alias accessi ad internet) in contemporanea ed un servizio assistenza che non saprei come definire per rapidità e disponibilità. Veniamo al primo problema: a 15 giorni dall'acquisto ed 3 giorni dall'installazione, contatto l'assistenza perché il router si blocca e va riavviato (disalimentato, non tramite reboot) più e più volte, con prestazioni che rasentano la nullità (2-3 giorni di operatività tra in riavvio e l'altro). Contattato il servizio assistenza, scaricati i file log ed inviati, il problema sembrava essere il numero impressionante di LOG_PACKET[DROP] presente in elenco ed il fatto che il FQDN venisse riportato come irrisolvibile! Siamo andati avanti per 2-3 mesi con l'assistenza per poi dirmi che avevano mandato il tutto (file log, descrizione inconveniente, ecc.) in casa madre per essere analizzato e secondo loro emettere degli aggiornamenti che risolvessero il problema. A distanza di quasi 10 anni e numerosi aggiornamenti dopo, il problema è ancora lì e sembra irrisolvibile. Mi hanno fatto aprire ticket di assistenza ogni volta, per ritrovarmi ogni volta con il problema irrisolto. Mi hanno fatto anche registrare un dominio (attualmente con DDyn), per assegnare ad ogni WAN il suo dominio, ma non è servito a nulla. A tutt'oggi, se il router funziona in modalità "bilanciamento" o in modalità "a rotazione", dopo poco (ore o al massimo 2-3 giorni) si blocca il traffico verso l'esterno (la rete interna non è affetta, né lo è mai stata, da alcun problema). Se viene impostato per l'utilizzo di una sola porta, non si blocca mai. Ora se qualcuno ha avuto un'esperienza del genere o sa come risolvere il bug in questione, è pregato di condividerlo sperando di riuscire, se non a risolverlo, quantomeno a capirne l'origine. Veniamo al secondo problema: dopo aver segnalato il problema sin dall'acquisto, dopo anni di assistenza, più di una sostituzione (a mie spese) dell'apparato, di ticket di assistenza aperti (alcuni gratuiti ed altri a pagamento), sempre per lo stesso problema, è possibile chiedere ancora l'apertura a pagamento di nuovi ticket o rifiutare assistenza se non si paga? Quante volte bisogna pagare per NON avere la soluzione sempre allo stesso problema? Ma soprattutto, se si mette sul mercato a caro prezzo un apparato che NON fa quello che promette di fare è per cui è nato, perché far pagare ticket di assistenza per un problema che si sa già di non poter risolvere e non renderli gratuiti? Normalmente un apparato difettoso DEVE essere ritirato dal mercato e sostituito con uno funzionante o risarcito, ma se volete spendere 10.000 euro di avvocati per forse farvene risarcire 3.000 o meno, l'SRX5308 è l'apparato che fa per voi! Spero di trovare quanto prima delle risposte ad entrambi i quesiti, possibilitmente al secondo da qualcuno responsabile del servizio assistenza Netgear. Grazie a tutti!
Vikyng
Jan 28, 2018 Place Business Pro Routers
1.8KViews
0likes
2Comments
SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connections too
I saw a simlar posting from 6/2015 that was not answered and closed "due to inactivity". I have (5) SRX5308 and they all exibit the same issue. In some cases I have RIP protocol enabled and in others I am using the SRX5308 as a standard firewall with a cable modem uplink. Sporatically and completely random and apparently the higher the firmweare version the more often it happens, the router becomes completely non-responsive for 2-12 seconds, and in most cases VPN connections if any are dropped. Weirdly enough, earlier firmware versions may have had entries in the logs about an exception with register values but newer firmware has absolutely nothing in the logs. I replaced the router with a Cisco 1841 router and the problem goes away compltely but obviously my netgear clients cant VPN in. Does not appear to be volume related either as it happens when the traffic is very low as well as when its averaging 20-30 Mbps. I opened a case with netgear but so far they havent any ideas and suggested it could be a device on the network causing a problem. I agree, its the netgear on the network thats causing the porblem. I like the firewall, especially its VPN thougthput but the constant hang even with its short duration prevents me from keeping this device on the network. Any suggestions? and since I suspect many of you will immediately start asking see the notes below: Currently running firmware: 4.3.4-2, also tried 4.3.3-6, 4.3.3-5, and I beleive an earlier one that came on the router when I bought it. 3 routers have VPN configured between them and one is completely stand alone (the one running RIP is stand alone at anothe location) The 3 with VPN are setup with NAT and the RIP is setup "Classical routing" All are configured for IPv4 only One of the 3 with VPN and NAT has a cable modem on WAN 1 and is configured for failover to DSL on WAN 2, the non-resposiveness still impacts WAN and LAN ports The NAT routers have public WAN IP's and private LAN IP's, the RIP one has public WAN and public LAN ip's. None have DMZ's configured The NAT has firewall rules for specific ports from WAN to LAN, no restrictions on outbound, the RIP router has no rules, all in and out permited, working as a router not a firewall. All have "respond to pings on internet ports" enabled All have "enable stealth mode" None have any blocking enabled (UDP or TCP flood) They all have VPN pasthrough checked None have session limits or throughput/bandwidth limits set None have content filtering enabled None have DHCP server enabled Hope that eliminates most initial questions...
dajohnso
Jun 13, 2017 Place Business Pro Routers
6.2KViews
0likes
12Comments
need advise to configure SRX5308 SSL VPN access
Dear Mates, I am new to the SRX5308, I have installed an SRX5308 behind an ADSL2+ modem/Router in a small office and trying to configure SSL VPN for remote access. I have created the portal layout, domain, groups and users for SSL VPN access. Since it's behind a modem/router, the WAN port gets an IP address from the modem and thus the portal URL becomes https://192.168.1.102/portal/<PortalSite>. While the ISP IP address is different. The ISP IP address seems to be a fixed one and not changing, but not pingable I have tried accessing both the above addresses via the internet but still not able to connect. How can I configure this to allow remote users to SSL VPN connect to the site and login to access local office resources? Any advices are appreciated. Let me know if any further information is needed. Cheers
Noreadib
May 08, 2017 Place Business Pro Routers
5.3KViews
0likes
4Comments
Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Hi everyone, I've really been scratching my head on this one. Any help would be greatly appreciated. Remote users need to access remote servers through the office, which is whitelisted for access. Since the remote servers are dynamic IPs (AWS), I'm trying to send all remote traffic through the office while we investiage better solutions. SSL VPN is not an option due to compatibility issues with modern browsers and OSes. I have configured an IPSEC VPN for remote users. It connects, but only some websites load. Others will time out. DNS does not seem to be the issue, as a ping will resolve the IP (and some sites load). I thought it might be related to fragmentation, but my tests (ping with different packet sizes) indicate the MTU should be 1500. Shrew Soft Client --VPN--> Office --Whitelist--> Remote Servers Info VPN policy Local IP: Any Shrew Soft Client: Policy - Obtain Topology Automatically or Tunnel All Testing/Troubleshooting Mode Config Connects, but local traffic only. IP Ranges of Servers I backtracked the ranges the servers could use, but it was the same results as tunneling all (page times out) Netgear VPN client Internet traffic didn't flow when I tried to set the range for the entire Internet (if I remember correctly). L2TP (MSCHAPv2) with built-in Windows 10 client PSK, but blank Computers that have previously been on the internal network behind the SRX5308 will connect. Computers that have not been on the internal network behind the SRX5308 get an error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." Error 789 in event logs Certifcate Did some research, but it seemed complicated. Will likely research further. I know I'm close, since some websites do load when connected. I'm leaning towards it still being a fragmentation/MTU issue, but I can only change that in Shrew Soft with using Mode Config. I have not tested changing the MTU on the SRX5308 yet. This is the first time I've attempted a full tunnel this way. I'm open to any suggestions for getting this working, except for PPTP due to security concerns and SSL due to compatibility. Thanks in advance!
Solved
MattMS
May 01, 2017 Place Business Pro Routers
3KViews
0likes
2Comments
SRX5308 QoS Performance Drop
Model: SRX5308 Firmware: 4.3.4-2 Enabling a QoS profile in an outbound firewall rule drops download speed from 360 Mbps to under 100 Mbps. What is the point of having a Gbps firewall if QoS caps the performance at under 100 Mbps? What is being done to rectify this bottleneck?
markroe
Apr 02, 2017 Place Business Pro Routers
3.7KViews
0likes
2Comments
SRX5308 Traffic meter - what the heck?
Pictures speak a thousand words. This was open in a tab on an SRX5308 running FW 4.3.4-2, the Tab was refreshed periodically for a while. The traffic made sense, and kept growing over time within expected amounts. At one point coming back from being logged out due to inactivity (but not for the first time), this is the same screen (yes, on the same router) after logging back in: OK... We transfer way more data then that per day. The reset time hasn't changed, it has not been reset or otherwise fiddled with! So if in doubt, reboot. Guess what the screen looks like now: Anyone noticing how I managed to time it so accurately that I got 2048/4096/512? Those numbers ring any bells? Something is completely broken in this. All I want to know is how much traffic I send, and which machine(s) generate the most. If anyone could help with a clever idea that'd be great! Thank you!
externaluse
Feb 13, 2017 Place Business Pro Routers
3.9KViews
0likes
2Comments
Fritz Box 7490 to SRX5308 - VLAN over VPN
Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490. On the business side, I've got VLAN Default 10.0.0.0/24 VLAN 72 192.68.72.0/24 other VLANS of no interest VPN to another branch office SRX5308 as 192.168.55.0/24 Now ideally, I'm trying to access the default VLAN, VLAN 72 and the VPN to the 55 network from my Box at home. I've managed to get the Fritzbox to connect to the SRX (only took about a day playing with their stupid settings) but can't for example access the 72 VLAN. The setting used on the Fritzbox (from their manual) is set as accesslist = "permit ip any 10.0.0.0 255.255.255.0", "permit ip any 192.168.72.0 255.255.255.0"; Now, on the SRX I can only specify one local network in the VPN policy - how to I tell the SRX to allow access to the VLANs or VPNs? Any help would be greatly appreciated. Thanks
Solved
externaluse
Jan 26, 2017 Place Business Pro Routers
8.8KViews
0likes
12Comments
SRX5308 gets unresponsive after power failure
I have several SRX5308, all with the same problem. Sometimes they get unresponsive after a power failure. It's impossible to access the device neither through it's personalized IP address nor through it's default IP address. The only way to recover the device is a factory reset. Any ideas what can cause this problem and how to prevent it?
herrmann_daniel
Jan 11, 2017 Place Business Pro Routers
2.9KViews
0likes
1Comment