NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

srx5308

26 Topics

SRX5308 checksum on updated .cfg
I have an ISP that (too-) frequently changes the IP address of client systems. I often need to update the incoming firewall rules. This can be done by manually changing each rule for each remote system, but since the config files are saved in ASCII format, I'd like to edit that file and re-upload it to the firewall. But after doing so, re-uploading the file to the fire wall yields a checksum error on the 5308. Is there a way to: 1) regenerate the .cfg file's checksum 2) clear the checksum so the firewall's firmware knows to regenerate it? 3) is there a tool that will recalculate the checksum on an existing flat file? 4) have the firewall rules use a hostname instead of a fixed IP address? Updating many entries via the web interface is error-prone and time consuming. Is there a later firewall similar to the 5308 that has such a checksum-updating ability already implemented? Finally, I suppose an existing utility such as expect(1) could interactively update configs via the CLI interface, but I was hoping this might be an already-addressed issue. Thanks, John
secondjohn
May 23, 2025 Place Business Pro Routers
10Views
0likes
0Comments
SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connections too
I saw a simlar posting from 6/2015 that was not answered and closed "due to inactivity". I have (5) SRX5308 and they all exibit the same issue. In some cases I have RIP protocol enabled and in others I am using the SRX5308 as a standard firewall with a cable modem uplink. Sporatically and completely random and apparently the higher the firmweare version the more often it happens, the router becomes completely non-responsive for 2-12 seconds, and in most cases VPN connections if any are dropped. Weirdly enough, earlier firmware versions may have had entries in the logs about an exception with register values but newer firmware has absolutely nothing in the logs. I replaced the router with a Cisco 1841 router and the problem goes away compltely but obviously my netgear clients cant VPN in. Does not appear to be volume related either as it happens when the traffic is very low as well as when its averaging 20-30 Mbps. I opened a case with netgear but so far they havent any ideas and suggested it could be a device on the network causing a problem. I agree, its the netgear on the network thats causing the porblem. I like the firewall, especially its VPN thougthput but the constant hang even with its short duration prevents me from keeping this device on the network. Any suggestions? and since I suspect many of you will immediately start asking see the notes below: Currently running firmware: 4.3.4-2, also tried 4.3.3-6, 4.3.3-5, and I beleive an earlier one that came on the router when I bought it. 3 routers have VPN configured between them and one is completely stand alone (the one running RIP is stand alone at anothe location) The 3 with VPN are setup with NAT and the RIP is setup "Classical routing" All are configured for IPv4 only One of the 3 with VPN and NAT has a cable modem on WAN 1 and is configured for failover to DSL on WAN 2, the non-resposiveness still impacts WAN and LAN ports The NAT routers have public WAN IP's and private LAN IP's, the RIP one has public WAN and public LAN ip's. None have DMZ's configured The NAT has firewall rules for specific ports from WAN to LAN, no restrictions on outbound, the RIP router has no rules, all in and out permited, working as a router not a firewall. All have "respond to pings on internet ports" enabled All have "enable stealth mode" None have any blocking enabled (UDP or TCP flood) They all have VPN pasthrough checked None have session limits or throughput/bandwidth limits set None have content filtering enabled None have DHCP server enabled Hope that eliminates most initial questions...
dajohnso
Jun 13, 2017 Place Business Pro Routers
6.2KViews
0likes
12Comments
need advise to configure SRX5308 SSL VPN access
Dear Mates, I am new to the SRX5308, I have installed an SRX5308 behind an ADSL2+ modem/Router in a small office and trying to configure SSL VPN for remote access. I have created the portal layout, domain, groups and users for SSL VPN access. Since it's behind a modem/router, the WAN port gets an IP address from the modem and thus the portal URL becomes https://192.168.1.102/portal/<PortalSite>. While the ISP IP address is different. The ISP IP address seems to be a fixed one and not changing, but not pingable I have tried accessing both the above addresses via the internet but still not able to connect. How can I configure this to allow remote users to SSL VPN connect to the site and login to access local office resources? Any advices are appreciated. Let me know if any further information is needed. Cheers
Noreadib
May 08, 2017 Place Business Pro Routers
5.3KViews
0likes
4Comments
Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Hi everyone, I've really been scratching my head on this one. Any help would be greatly appreciated. Remote users need to access remote servers through the office, which is whitelisted for access. Since the remote servers are dynamic IPs (AWS), I'm trying to send all remote traffic through the office while we investiage better solutions. SSL VPN is not an option due to compatibility issues with modern browsers and OSes. I have configured an IPSEC VPN for remote users. It connects, but only some websites load. Others will time out. DNS does not seem to be the issue, as a ping will resolve the IP (and some sites load). I thought it might be related to fragmentation, but my tests (ping with different packet sizes) indicate the MTU should be 1500. Shrew Soft Client --VPN--> Office --Whitelist--> Remote Servers Info VPN policy Local IP: Any Shrew Soft Client: Policy - Obtain Topology Automatically or Tunnel All Testing/Troubleshooting Mode Config Connects, but local traffic only. IP Ranges of Servers I backtracked the ranges the servers could use, but it was the same results as tunneling all (page times out) Netgear VPN client Internet traffic didn't flow when I tried to set the range for the entire Internet (if I remember correctly). L2TP (MSCHAPv2) with built-in Windows 10 client PSK, but blank Computers that have previously been on the internal network behind the SRX5308 will connect. Computers that have not been on the internal network behind the SRX5308 get an error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." Error 789 in event logs Certifcate Did some research, but it seemed complicated. Will likely research further. I know I'm close, since some websites do load when connected. I'm leaning towards it still being a fragmentation/MTU issue, but I can only change that in Shrew Soft with using Mode Config. I have not tested changing the MTU on the SRX5308 yet. This is the first time I've attempted a full tunnel this way. I'm open to any suggestions for getting this working, except for PPTP due to security concerns and SSL due to compatibility. Thanks in advance!
Solved
MattMS
May 01, 2017 Place Business Pro Routers
3KViews
0likes
2Comments
SRX5308 QoS Performance Drop
Model: SRX5308 Firmware: 4.3.4-2 Enabling a QoS profile in an outbound firewall rule drops download speed from 360 Mbps to under 100 Mbps. What is the point of having a Gbps firewall if QoS caps the performance at under 100 Mbps? What is being done to rectify this bottleneck?
markroe
Apr 02, 2017 Place Business Pro Routers
3.7KViews
0likes
2Comments
SRX5308 Traffic meter - what the heck?
Pictures speak a thousand words. This was open in a tab on an SRX5308 running FW 4.3.4-2, the Tab was refreshed periodically for a while. The traffic made sense, and kept growing over time within expected amounts. At one point coming back from being logged out due to inactivity (but not for the first time), this is the same screen (yes, on the same router) after logging back in: OK... We transfer way more data then that per day. The reset time hasn't changed, it has not been reset or otherwise fiddled with! So if in doubt, reboot. Guess what the screen looks like now: Anyone noticing how I managed to time it so accurately that I got 2048/4096/512? Those numbers ring any bells? Something is completely broken in this. All I want to know is how much traffic I send, and which machine(s) generate the most. If anyone could help with a clever idea that'd be great! Thank you!
externaluse
Feb 13, 2017 Place Business Pro Routers
3.9KViews
0likes
2Comments
Fritz Box 7490 to SRX5308 - VLAN over VPN
Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490. On the business side, I've got VLAN Default 10.0.0.0/24 VLAN 72 192.68.72.0/24 other VLANS of no interest VPN to another branch office SRX5308 as 192.168.55.0/24 Now ideally, I'm trying to access the default VLAN, VLAN 72 and the VPN to the 55 network from my Box at home. I've managed to get the Fritzbox to connect to the SRX (only took about a day playing with their stupid settings) but can't for example access the 72 VLAN. The setting used on the Fritzbox (from their manual) is set as accesslist = "permit ip any 10.0.0.0 255.255.255.0", "permit ip any 192.168.72.0 255.255.255.0"; Now, on the SRX I can only specify one local network in the VPN policy - how to I tell the SRX to allow access to the VLANs or VPNs? Any help would be greatly appreciated. Thanks
Solved
externaluse
Jan 26, 2017 Place Business Pro Routers
8.8KViews
0likes
12Comments
SRX5308 gets unresponsive after power failure
I have several SRX5308, all with the same problem. Sometimes they get unresponsive after a power failure. It's impossible to access the device neither through it's personalized IP address nor through it's default IP address. The only way to recover the device is a factory reset. Any ideas what can cause this problem and how to prevent it?
herrmann_daniel
Jan 11, 2017 Place Business Pro Routers
2.9KViews
0likes
1Comment
VPN Client license key lost for SRX5308
I purchased the firewall in October of 2015 and am just now wanting to use the VPN features. Unfortunately, I cannot locate the original CD containing the license key required to activate the five VPN Client software. The serial # is XXXXXXXXXXX. Will you/can you provide me the license key so that I can activate the VPN Client software?
Solved
gimnicher
Dec 22, 2016 Place Business Pro Routers
5.2KViews
0likes
3Comments
Restrict User to VLAN after VPN - Not working
Hello, On SRX5308 I have created a IPSec VPN connection using Mode Config and IKE policy. I am able to VPN in. However, I can access all Subnets - even though I have specified the Subnet as 10.50.10.0 in the Mode Config. Little background - My setup is multi-tenant. Specific customers need access to their own servers. I have done this by creating different subnet for each customer. This makes sure that Customer A cannot see Customer B servers. We are now adding VPN capability for customers. However I am having difficulty pasing this restriction via VPN. When customer connects by VPN,its as if no VLAN rules are getting applied. In my VLAN settings, the DNS Proxy and InterVLAN routing are disabled in all VLANs. Please advise... Here are my settings. In here, I want the connection restricted to 10.50.10.0 subnet only - they should not be able to see other subnets In the Mode Config I have the Below setting: Client Pool: Record Name: modeConfig First IP Pool: 10.50.101.200 - 10.50.101.215 Second IP Pool: - Third IP Pool: - Primary WINS Server: Secondary WINS Server: Primary DNS Server: 10.50.10.1 Secondary DNS Server: Traffic Tunnel Security Level: PFS Key Group: DH Group 2 (1024 bit) SA Lifetime: 3600 SA Lifebyte: 0 Encryption Algorithm: AES-128 Integrity Algorithm: MD5 Local Subnet IP Address: 10.50.10.0 Local Subnet Mask: 255.255.255.0 My IKE Policy is:
chiragk11
Dec 08, 2016 Place Business Pro Routers
5.1KViews
0likes
5Comments