NETGEAR FVS318G manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation NETGEAR FVS318G. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel NETGEAR FVS318G ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation NETGEAR FVS318G décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation NETGEAR FVS318G devrait contenir:
- informations sur les caractéristiques techniques du dispositif NETGEAR FVS318G
- nom du fabricant et année de fabrication NETGEAR FVS318G
- instructions d'utilisation, de réglage et d’entretien de l'équipement NETGEAR FVS318G
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage NETGEAR FVS318G ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles NETGEAR FVS318G et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service NETGEAR en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées NETGEAR FVS318G, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif NETGEAR FVS318G, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation NETGEAR FVS318G. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    202-10521-02 v1.1 August 2010 NETGEAR , Inc. 350 East Plumeria Drive San Jose, CA 95134 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual[...]

  • Page 2

    ii v1.1, August 2010 © 2009–2010 by NETGEAR, Inc. All rights reserved. Technical Support Please refer to the support information card that shipped with your product. By registering your product at http://www.netgear.com/register , we can provide you with faster expert technical support and timely notices of product and software upgrades. NETGEAR[...]

  • Page 3

    v1.1, August 2010 iii Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Gigabit 8 Port VPN Firewall FVS318G gemäß der im BMPT-AmtsblVfg 243/ 1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unte[...]

  • Page 4

    v1.1, August 2010 iv Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the fo[...]

  • Page 5

    v1.1, August 2010 v Product and Publication Details PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other material[...]

  • Page 6

    v1.1, August 2010 vi[...]

  • Page 7

    vii v1.1, August 2010 Contents ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual Conventions, Formats and Scope ................................................................................... xiii How to Print This Manual ...............................................................................................[...]

  • Page 8

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual viii Contents v1.1, August 2010 Chapter 3 LAN Configuration Choosing the VPN Firewall DHCP Options .................................................................... 3-1 Configuring the LAN Setup Options ............................................................................... 3-2[...]

  • Page 9

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Contents ix v1.1, August 2010 Blocking Internet Sites (Content Filtering) .................................................................... 4-30 Configuring Source MAC Filtering ................................................................................ 4-33 Configuring IP/MAC Add[...]

  • Page 10

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual x Contents v1.1, August 2010 Configuring NetBIOS Bridging with VPN ...................................................................... 5-55 Chapter 6 VPN Firewall and Network Management Performance Management .............................................................................[...]

  • Page 11

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Contents xi v1.1, August 2010 Troubleshooting the Web Configuration Interface .......................................................... 7-3 Troubleshooting the ISP Connection .............................................................................. 7-4 Troubleshooting a TCP/IP Netwo[...]

  • Page 12

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xii Contents v1.1, August 2010[...]

  • Page 13

    xiii v1.1, August 2010 About This Manual The NETGEAR ® ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual describes how to install, configure and troubleshoot the ProSafe Gigabit 8 Port VPN Firewall FVS318G. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Sco[...]

  • Page 14

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xiv About This Manual v1.1, August 2010 • Scope . This manual is written for the VPN firewall according to these specifications. For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix C, “Related Documents .” Ho[...]

  • Page 15

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual xv v1.1, August 2010 202-10521-02 1.0 April 2010 Added the following new features for the April 2010 firmware maintenance release: • Connection reset and delay options on the Broadband ISP Settings screen (see “Manually Configuring Your Internet Connection ”). • [...]

  • Page 16

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xvi About This Manual v1.1, August 2010[...]

  • Page 17

    1-1 v1.1, August 2010 Chapter 1 Introduction The ProSafe Gigabit 8 Port VPN Firewall FVS318G with eight 10/100/1000 Mbps Gigabit Ethernet LAN ports and one 10/100/1000 Mbps Gigabit Ethernet WAN port connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. The FVS318G is a complete [...]

  • Page 18

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-2 Introduction v1.1, August 2010 • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, Web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability.[...]

  • Page 19

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Introduction 1-3 v1.1, August 2010 • Keyword Filtering. With its URL keyword filtering feature, the FVS318G prevents objectionable content from reaching your PCs. The VPN firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can co[...]

  • Page 20

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-4 Introduction v1.1, August 2010 Extensive Protocol Support The FVS318G supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protoco l (RIP). For further information about TCP/IP, see the “TCP/IP Networking Basics ” document that you can acce[...]

  • Page 21

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Introduction 1-5 v1.1, August 2010 • SNMP . The VPN firewall supports the Simple Network Management Protocol (SNMP) to let you monitor and manage log resources from an SNMP-compliant system manager. The SNMP system configuration lets you change the system variables for MIB2. • Diagnos[...]

  • Page 22

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-6 Introduction v1.1, August 2010 VPN Firewall Front and Rear Panels The FVS318G front panel includes eight LAN ports, one WAN port, and four groups of status indicator light-emitting diodes (LEDs), including Power and Test, LAN, and WAN LEDs. Table 1-1 describes each item on the front p[...]

  • Page 23

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Introduction 1-7 v1.1, August 2010 The rear panel of the FVS318G includes a cable lock receptacle, a Factory Defaults button, and a DC power connection. Viewed from left to right, the rear panel contains the following elements: 1. Cable security lock receptacle. 2. Factory Defaults button[...]

  • Page 24

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-8 Introduction v1.1, August 2010 Default IP Address, Login Name, and Password Check the label on the bottom of the FVS318G’s enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 • User name: admin • Password: password When FVS318G i[...]

  • Page 25

    2-1 v1.1, August 2010 Chapter 2 Connecting the VPN Firewall to the Internet This section provides instructions for connecting the ProSafe Gigabit 8 Port VPN Firewall FVS318G, including these topics: • “Understanding the Connection Steps ” on this page • “Logging into the VPN Firewall” on page 2-2 • “Navigating the Menus” on page 2[...]

  • Page 26

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-2 Connecting the VPN Firewall to the Internet v1.1, August 2010 6. Configure the WAN options (optional) . As an option, change the VPN firewall’s Media Access Control (MAC) address, the factory default MTU size, and the port speed. However, these are advanced features and changing the[...]

  • Page 27

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-3 v1.1, August 2010 3. Click Login . The Router Status screen displays. For more information about this screen, see “Viewing the VPN Firewall Configuration and System Status” on page 6-30 . Navigating the Menus The Web Configuration Manage[...]

  • Page 28

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-4 Connecting the VPN Firewall to the Internet v1.1, August 2010 Configuring the Internet Connection to Your ISP To automatically configure the broadband port and connect to the Internet: 1. Select Network Configuration from the main menu and Broadband ISP Settings from the submenu. The [...]

  • Page 29

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-5 v1.1, August 2010 When Auto Detect successfully detects an active Internet service, it reports which connection type it discovered. The options are described in Table 2-1 . If Auto Detect does not find a connection, you will be prompted to c[...]

  • Page 30

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-6 Connecting the VPN Firewall to the Internet v1.1, August 2010 The Connection Status window should show a valid IP address and gateway. If the configuration was not successful, skip ahead to “Manually Configuring Your Internet Connection following this section, or see “Troubleshoot[...]

  • Page 31

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-7 v1.1, August 2010 4. In the ISP Type section, select the type of ISP connection you use from the two listed options. (By default, “Other (PPPoE)” is selected.) • Other (PPPoE) . If you have installed login software such as WinPoET or E[...]

  • Page 32

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-8 Connecting the VPN Firewall to the Internet v1.1, August 2010 – Idle Timeout . Check the Keep Connected radio box to keep the connection always on. To logout after the connection is idle for a period of time, click Idle Time and enter the number of minutes to wait before disconnecti[...]

  • Page 33

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-9 v1.1, August 2010 6. Review the Domain Name Server (DNS) server options. • If your ISP has not assigned any Domain Name Servers (DNS) addresses, click Get Dynamically from ISP . • If your ISP (or your IT department) has assigned DNS addr[...]

  • Page 34

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-10 Connecting the VPN Firewall to the Internet v1.1, August 2010 The WAN Mode screen allows you to configure how the VPN firewalll uses the external Internet connection. This screen gives you two choices for accessing the external Internet connection. • Network Address Translation (NA[...]

  • Page 35

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-11 v1.1, August 2010 Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider [...]

  • Page 36

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-12 Connecting the VPN Firewall to the Internet v1.1, August 2010 2. Click the tab of the DNS service you want to enable. Each DNS service provider requires registration. After registration you can configure the required settings on the corresponding screen for the DNS service. 3. Access[...]

  • Page 37

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-13 v1.1, August 2010 Configuring the Advanced Broadband Options To configure the advanced broadband options: 1. Select Network Configuration from the main menu and Broadband ISP Settings from the submenu. The Broadband ISP Settings screen disp[...]

  • Page 38

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-14 Connecting the VPN Firewall to the Internet v1.1, August 2010 • Router's MAC Address . Each computer or router on your network has a unique 32-bit local Ethernet address. This is also referred to as the computer's MAC (Media Access Control) address. The default is Use Def[...]

  • Page 39

    3-1 v1.1, August 2010 Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Gigabit 8 Port VPN Firewall FVS318G, including the following sections: • “Choosing the VPN Firewall DHCP Options ” on this page • “Configuring the LAN Setup Options” on page 3-2 • “Managing Groups and H[...]

  • Page 40

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-2 LAN Configuration v1.1, August 2010 The VPN firewall will deliver the following settings to any LAN device that requests DHCP: • An IP address from the range that you have defined. • Subnet mask. • Gateway IP address (the VPN firewall’s LAN IP address). • Primary DNS server [...]

  • Page 41

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-3 v1.1, August 2010 To configure the LAN Setup options: 1. Select Network Configuration from the main menu and LAN Settings from the submenu. The LAN Setup screen displays. 2. In the LAN TCP/IP Setup section, configure the following settings: • IP Address . The LAN a[...]

  • Page 42

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-4 LAN Configuration v1.1, August 2010 • IP Subnet Mask . The subnet mask specifies the network number portion of an IP address. Your VPN firewall will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use 255.255.2[...]

  • Page 43

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-5 v1.1, August 2010 If you will use a Lightweight Directory Access Protocol (LDAP) authentication server for network-validated domain-based authentication, select Enable LDAP Information to enable the DHCP server to provide LDAP server information. Enter the following [...]

  • Page 44

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-6 LAN Configuration v1.1, August 2010 The Network Database is updated by these methods: • DHCP Client Requests . By default, the DHCP server in this VPN firewall is enabled, and will accept and respond to DHCP client requests from PCs and other network devices. These requests also gen[...]

  • Page 45

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-7 v1.1, August 2010 Viewing the Network Database To view the Network Database, follow these steps: 1. Select Network Configuration from the main menu and LAN Settings from the submenu. The LAN Setup screen displays. 2. Click the LAN Groups tab. The LAN Groups screen di[...]

  • Page 46

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-8 LAN Configuration v1.1, August 2010 Adding Devices to the Network Database To add devices manually to the network database: 1. To add computers to the network database manually, make the following selections: • Name : The name of the PC or device. • IP Address Type . From the pull[...]

  • Page 47

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-9 v1.1, August 2010 Changing Group Names in the LAN Groups Database By default, the LAN Groups are named Group1 through Group8. You can rename these group names to be more descriptive, such as Engineering or Marketing. To edit the names of any of the eight available gr[...]

  • Page 48

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-10 LAN Configuration v1.1, August 2010 Configuring Multi Home LAN IP Addresses If you have computers on your LAN using different IP address ranges (for example, 172.16.2.0 or 10.0.0.0), you can add “aliases” to the LAN port, giving computers on those networks access to the Internet [...]

  • Page 49

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-11 v1.1, August 2010 3. In the Add Secondary LAN IP Address section, enter the additional IP address and subnet mask to be assigned to the LAN port of the VPN firewall. 4. Click Add . The secondary LAN IP address will be added to the Available Secondary LAN IPs table. [...]

  • Page 50

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-12 LAN Configuration v1.1, August 2010 The DMZ Setup screen allows you to set up the DMZ port. It permits you to enable or disable the hardware DMZ port (LAN port 8, see “VPN Firewall Front and Rear Panels” on page 1-6 ) and configure an IP address and Mask for the DMZ port. To enab[...]

  • Page 51

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-13 v1.1, August 2010 4. In the DHCP for DMZ Connected Computers section, select one of the following three radio buttons: • Disable DHCP Server . The DHCP server is disabled, which is the default setting. Select this radio button if another device on your DMZ network[...]

  • Page 52

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-14 LAN Configuration v1.1, August 2010 If you will use a Lightweight Directory Access Protocol (LDAP) authentication server for network-validated domain-based authentication, select Enable LDAP Information to enable the DHCP server to provide LDAP server information. Enter the following[...]

  • Page 53

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-15 v1.1, August 2010 To add a static route: 1. Select Network Configuration from the main menu and Routing from the submenu. The Routing screen displays. 2. Click Add . The Add Static Route screen displays. 3. Enter a route name for this static route in the Route Name [...]

  • Page 54

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-16 LAN Configuration v1.1, August 2010 6. In the Destination IP Address field, enter the destination IP address to the host or network to which the route leads. 7. In the IP Subnet Mask field, enter the IP subnet mask for this destination. If the destination is a single host, enter 255.[...]

  • Page 55

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-17 v1.1, August 2010 • The Gateway IP Address fields specifies that all traffic for these addresses should be forwarded to the ISDN firewall at 192.168.1.100. • A Metric value of 1 will work since the ISDN firewall is on the LAN. • Private is selected only as a p[...]

  • Page 56

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-18 LAN Configuration v1.1, August 2010 3. From the RIP Direction pull-down menu, select the direction in which the VPN firewall will send and receives RIP packets. The choices are: • None . The VPN firewall neither broadcasts its routing table nor does it accept any RIP packets from o[...]

  • Page 57

    4-1 v1.1, August 2010 Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Gigabit 8 Port VPN Firewall FVS318G to protect your network. This chapter includes the following sections: • “About Firewall Protection and Content Filtering ” on this page • “Using Rule[...]

  • Page 58

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-2 Firewall Protection and Content Filtering v1.1, August 2010 A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic that can flow between the two [...]

  • Page 59

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-3 v1.1, August 2010 Services-Based Rules The rules to block traffic are based on the traffic’s category of service. • Outbound Rules (service blocking) . Outbound traffic is normally allowed unless the VPN firewall is configured to disallow [...]

  • Page 60

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-4 Firewall Protection and Content Filtering v1.1, August 2010 Select Schedule Select the desired time schedule (Schedule1, Schedule2, or Schedule3) that will be used by this rule. • This pull-down menu gets activated only when “BLOCK by schedule, otherwise Allow” or “ALLOW by sc[...]

  • Page 61

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-5 v1.1, August 2010 Inbound Rules (Port Forwarding) Because the VPN firewall uses Network Address Translation (NAT), your network presents only one IP address to the Internet and outside users cannot directly address any of your local computers.[...]

  • Page 62

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-6 Firewall Protection and Content Filtering v1.1, August 2010 Table 4-2. Inbound Rules Item Description Services Select the desired service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services[...]

  • Page 63

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-7 v1.1, August 2010 Remember that allowing inbound services opens holes in your VPN firewall. Only enable those ports that are necessary for your network. It is also advisable to turn on the server application security and invoke the user passwo[...]

  • Page 64

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-8 Firewall Protection and Content Filtering v1.1, August 2010 Viewing Rules and Order of Precedence for Rules To view the firewall rules, select Security from the main menu and Firewall from the submenu. The LAN WAN Rules screen appears ( Figure 4-1 shows some examples). As you define n[...]

  • Page 65

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-9 v1.1, August 2010 To make changes to an existing outbound or inbound service rule on the the LAN WAN Rules, DMZ WAN Rules, or LAN DMZ Rules screen, in the Action column to the right of to the rule, click on of the following table buttons: • [...]

  • Page 66

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-10 Firewall Protection and Content Filtering v1.1, August 2010 LAN WAN Outbound Services Rules You may define rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addr[...]

  • Page 67

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-11 v1.1, August 2010 LAN WAN Inbound Services Rules This Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules will be listed. By default, all inbound traffic is blocked. Remember that a[...]

  • Page 68

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-12 Firewall Protection and Content Filtering v1.1, August 2010 Configuring DMZ WAN Rules The firewall rules for traffic between the DMZ and the WAN/Internet are configured on the DMZ WAN Rules screen. The Default Outbound Policy is to allow all traffic from and to the Internet to pass t[...]

  • Page 69

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-13 v1.1, August 2010 4. Configure the settings based on the descriptions in Table 4-1 on page 4-3 . 5. Click Apply. The new rule will appear in the Outbound Services table. The rule is automatically enabled. The procedure to add a new DMZ WAN in[...]

  • Page 70

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-14 Firewall Protection and Content Filtering v1.1, August 2010 To create a new LAN DMZ outbound service policy: 1. Select Security from the main menu and Firewall Rules from the submenu. The LAN WAN Rules screen displays. 2. Select the LAN DMZ Rules tab. The LAN DMZ Rules screen display[...]

  • Page 71

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-15 v1.1, August 2010 5. Click Apply. The new rule will appear in the Outbound Services table. The rule is automatically enabled. The procedure to add a new LAN DMZ inbound service policy is similar to the procedure described above with the excep[...]

  • Page 72

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-16 Firewall Protection and Content Filtering v1.1, August 2010 LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can [...]

  • Page 73

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-17 v1.1, August 2010 The following addressing scheme is used in this example: • VPN firewall FVS318G – WAN primary public IP address: 10.1.0.1 – WAN additional public IP address: 10.1.0.5 – LAN IP address 192.168.1.1 • Web server PC on[...]

  • Page 74

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-18 Firewall Protection and Content Filtering v1.1, August 2010 To expose one of the PCs on your LAN or DMZ as this host: 1. Create an inbound rule that allows all protocols. 2. Place the rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid c[...]

  • Page 75

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-19 v1.1, August 2010 Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger, Real Audio or other non-essential sites. LAN WAN Outbound Rule: Blocking Instant Messenger If you want to block I[...]

  • Page 76

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-20 Firewall Protection and Content Filtering v1.1, August 2010 Attack Checks The Attack Checks screen allows you to specify whether or not the VPN firewall should be protected against common attacks in the DMZ, LAN and WAN networks. To enable the appropriate attack checks for your envir[...]

  • Page 77

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-21 v1.1, August 2010 – Block TCP Flood . A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system. When the system responds, the attacker does not complete the connection, thu[...]

  • Page 78

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-22 Firewall Protection and Content Filtering v1.1, August 2010 Setting Session Limits Session Limit allows you to specify the total number of sessions allowed, per user, over an IP (Internet Protocol) connection across the VPN firewall. This feature is enabled on the Session Limit scree[...]

  • Page 79

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-23 v1.1, August 2010 The Total Number of Packets Dropped due to Session Limit field shows total number of packets dropped when session limit is reached. 6. In the Session Timeout section, modify the TCP, UDP and ICMP timeout values as you requir[...]

  • Page 80

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-24 Firewall Protection and Content Filtering v1.1, August 2010 Creating Services, QoS Profiles, and Bandwidth Profiles When you create inbound and outbound firewall rules, you use firewall objects such as services, QoS profiles, bandwidth profiles, and schedules to narrow down the firew[...]

  • Page 81

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-25 v1.1, August 2010 To define a new service, first you must determine which port number or range of numbers is used by the application. This information can usually be determined by contacting the publisher of the application or from user group[...]

  • Page 82

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-26 Firewall Protection and Content Filtering v1.1, August 2010 Modifying a Service To edit the settings of a service: 1. In the Custom Services Table , click the Edit icon adjacent to the service you want to edit. The Edit Service screen displays. 2. Modify the settings you wish to chan[...]

  • Page 83

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-27 v1.1, August 2010 A ToS priority for traffic passing through the VPN firewall is one of the following: • Normal-Service . No special priority given to the traffic. The IP packets for services with this priority are marked with a ToS value o[...]

  • Page 84

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-28 Firewall Protection and Content Filtering v1.1, August 2010 To add a bandwidth profile: 1. Select Security from the main menu and Bandwidth Profile from the submenu. The Bandwidth Profile screen displays. 2. Click Add to add a new bandwidth profile. The Add New Bandwidth Profile scre[...]

  • Page 85

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-29 v1.1, August 2010 c. Depending on the direction that you selected, enter the minimum and maximum bandwidths to be allowed: • Enter the Outbound Minimum Bandwidth and Outbound Maximum Bandwidth in Kbps. • Enter the Inbound Minimum Bandwidt[...]

  • Page 86

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-30 Firewall Protection and Content Filtering v1.1, August 2010 2. Check the radio button for All Days or Specific Days . If you chose Specific Days , check the radio button for each day you want the schedule to be in effect. 3. Check the radio button to schedule the time of day: All Day[...]

  • Page 87

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-31 v1.1, August 2010 – Proxy . A proxy server (or simply, proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP address are bl[...]

  • Page 88

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-32 Firewall Protection and Content Filtering v1.1, August 2010 To enable Content Filtering: 1. Select Security from the main menu and Block Sites from the submenu. The Block Sites screen displays. Figure 4-21[...]

  • Page 89

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-33 v1.1, August 2010 2. Check the Yes radio button to enable content filtering. 3. Click Apply to activate the screen controls. 4. Check the radio boxes of any Web components you wish to block. 5. Check the radio buttons of the groups to which y[...]

  • Page 90

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-34 Firewall Protection and Content Filtering v1.1, August 2010 2. Check the Yes radio box in the MAC Filtering Enable section. 3. Select the action to be taken on outbound traffic from the listed MAC addresses: • Block this list and permit all other MAC addresses. • Permit this list[...]

  • Page 91

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-35 v1.1, August 2010 Configuring IP/MAC Address Binding IP/MAC binding allows you to bind an IP address to a MAC address and the other way around. Some devices are configured with static addresses. To prevent users from changing their static IP [...]

  • Page 92

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-36 Firewall Protection and Content Filtering v1.1, August 2010 3. Select the Yes radio box and click Apply . Make sure that you have enabled the e-maling of logs (see “Activating Notification of Events and Alerts” on page 6-23 ). 4. Add an IP/MAC Bind rule by entering: a. Name . Spe[...]

  • Page 93

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-37 v1.1, August 2010 To edit an IP/MAC binding rule, click Edit adjacent to the entry. The following fields of an existing IP/MAC binding rule can be modified: • MAC Address . Specify the MAC Address for this rule. • IP Addresses . Specify t[...]

  • Page 94

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-38 Firewall Protection and Content Filtering v1.1, August 2010 Without port triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the port forwarding rules. Note these restrictions with port trigger[...]

  • Page 95

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-39 v1.1, August 2010 a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 6. In the Incoming (Response) Port Range fields: a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 7. Clic[...]

  • Page 96

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-40 Firewall Protection and Content Filtering v1.1, August 2010 To check the status of the port triggering rules, click the Status option arrow on the Port Triggering screen. Configuring UPnP (Universal Plug and Play) The UPnP (Universal Plug and Play) feature allows the VPN Firewall to [...]

  • Page 97

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-41 v1.1, August 2010 3. Configure the following fields: – Advertisement Period . Enter the period in minutes that specified how often the VPN firewall should broadcast its UPnP information to all devices within its range. – Advertisement Tim[...]

  • Page 98

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-42 Firewall Protection and Content Filtering v1.1, August 2010 Administrator Tips Consider the following operational items: • As an option, you can enable remote management if you have to manage distant sites from a central location (see “Configuring an External Server for Authentic[...]

  • Page 99

    5-1 v1.1, August 2010 Chapter 5 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the ProSafe Gigabit 8 Port VPN Firewall FVS318G. This chapter includes the following sections: • “Using the VPN Wizard for Client and Gateway Configurations ” on this page • “Testing the Connections[...]

  • Page 100

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-2 Virtual Private Networking v1.1, August 2010 Creating Gateway to Gateway VPN Tunnels with the Wizard Follow these steps to set up a gateway VPN tunnel using the VPN Wizard. 1. Select VPN from the main menu and VPN Wizard from the submenu. The VPN Wizard screen displays. Figure 5-1 Fig[...]

  • Page 101

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-3 v1.1, August 2010 To view the wizard default settings, click the VPN Wizard Default Values option arrow. You can modify these settings after completing the wizard. 2. Select Gateway as your connection type. 3. Create a Connection Name . Enter a descriptive n[...]

  • Page 102

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-4 Virtual Private Networking v1.1, August 2010 8. Click Apply to save your settings. The VPN Policies screen shows that the policy is now enabled. 9. If you are connecting to another NETGEAR VPN firewall, use the VPN Wizard to configure the second VPN firewall to connect to the one you [...]

  • Page 103

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-5 v1.1, August 2010 Creating a Client to Gateway VPN Tunnel Follow these steps to configure the a VPN client tunnel: • Configure the client policies on the gateway. • Configure the VPN client to connect to the gateway. Use the VPN Wizard Configure the Gate[...]

  • Page 104

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-6 Virtual Private Networking v1.1, August 2010 7. Click Apply to save your settings. The VPN Policies screen (see Figure 5-7 on page 5-7 ) shows that the policy is now enabled. To view or modify the VPN policy, see “Managing VPN Policies” on page 5-15 . Tip: To assure tunnels stay a[...]

  • Page 105

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-7 v1.1, August 2010 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to connect to the VPN firewall. Follow these steps to configure your VPN [...]

  • Page 106

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-8 Virtual Private Networking v1.1, August 2010 2. In the upper left of the Policy Editor window, click the New Document icon (the first on the left) to open a New Connection. Give the New Connection a name; in this example, we are using gw1 . Fill in the other options according to the i[...]

  • Page 107

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-9 v1.1, August 2010 3. In the left frame, click My Identity . Fill in the options according to the instructions below. • From the Select Certificate pull-down menu, choose None . • Click Pre-Shared Key to enter the key you provided in the VPN Wizard; in th[...]

  • Page 108

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-10 Virtual Private Networking v1.1, August 2010 Figure 5-11[...]

  • Page 109

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-11 v1.1, August 2010 • In the left frame, click Security Policy to view the settings: no changes are needed. • In the left frame, expand Authentication (Phase 1) and click Proposal 1 : no changes are needed. • In the left frame, expand Key Exchange (Phas[...]

  • Page 110

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-12 Virtual Private Networking v1.1, August 2010 Within 30 seconds you should receive the message “Successfully connected to My Connectionsgw1”. The VPN client icon in the system tray should state On: 2. To view more detailed additional status and troubleshooting information from th[...]

  • Page 111

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-13 v1.1, August 2010 • Right-click the VPN Client icon in the system tray and select Connection Monitor. The VPN client system tray icon provides a variety of status indications, which are listed below. Figure 5-15 Note: The information in the Connection Mon[...]

  • Page 112

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-14 Virtual Private Networking v1.1, August 2010 VPN Firewall VPN Connection Status and Logs To view VPN firewall VPN connection status, select VPN from the main menu and Connection Status from the submenu. The VPN Connection Status screen displays. You can set a Poll Interval (in second[...]

  • Page 113

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-15 v1.1, August 2010 To view VPN firewall VPN logs, select Monitoring from the main menu and VPN Logs from the submenu. The VPN Logs screen displays. Managing VPN Policies When you use the VPN Wizard to set up a VPN tunnel, both a VPN policy and an IKE policy [...]

  • Page 114

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-16 Virtual Private Networking v1.1, August 2010 IKE policies are activated when: 1. The VPN Policy Selector determines that some traffic matches an existing VPN policy. If the VPN policy is of type “Auto”, then the auto policy settings that are defined in the VPN policy are accessed[...]

  • Page 115

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-17 v1.1, August 2010 Each policy that is listed in the List of IKE Policies table contains the following data: • Name . Uniquely identifies each IKE policy. The name is chosen by you and used for the purpose of managing your policies; it is not supplied to t[...]

  • Page 116

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-18 Virtual Private Networking v1.1, August 2010 Manually Adding or Editing an IKE Policy To manually add an IKE policy: 1. Select VPN from the main menu and Policies from the submenu. The Policies submenu tabs appear with the IKE Policies screen in view (see Figure 5-18 on page 5-16 ). [...]

  • Page 117

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-19 v1.1, August 2010 3. Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 5-2 . Table 5-2. Add IKE Policy Settings Item Description (or Subfield and Description) Mode Config Record Do you want t[...]

  • Page 118

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-20 Virtual Private Networking v1.1, August 2010 Local Identifier Type From the pull-down menu, select one of the following ISAKMP identifiers to be used by the VPN firewall, and then specify the identifier in the field below: • Local Wan IP . The WAN IP address of the VPN firewall. Wh[...]

  • Page 119

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-21 v1.1, August 2010 Authentication Method Select one of the following radio buttons to specify the authentication method: • Pre-shared key . A secret that is shared between the VPN firewall and the remote endpoint. • RSA-Signature . Uses the active Self C[...]

  • Page 120

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-22 Virtual Private Networking v1.1, August 2010 4. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table. To edit an IKE policy: 1. Select VPN from the main menu and Policies from the submenu. The Policies submenu tabs appear with the IKE Policies [...]

  • Page 121

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-23 v1.1, August 2010 4. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Configuring VPN Policies You can create two types of VPN policies. When using the VPN Wizard to create a VPN policy, only the Auto[...]

  • Page 122

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-24 Virtual Private Networking v1.1, August 2010 2. Click the VPN Policies tab. The VPN Policies screen is displayed. Only one client policy may configured at a time (noted by an “*” next to the policy name). The List of VPN Policies contains the following fields: • ! (Status) . In[...]

  • Page 123

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-25 v1.1, August 2010 To delete one or more VPN polices: 1. Select the checkbox to the left of the policy that you want to delete or click the select all table button to select all VPN policies. 2. Click the delete table button. To enable or disable one ore mor[...]

  • Page 124

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-26 Virtual Private Networking v1.1, August 2010 4. Complete the fields, select the radio buttons and checkboxes, and make your selections from the pull-down menus as explained Table 5-3 on page 5-27 . Figure 5-21[...]

  • Page 125

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-27 v1.1, August 2010 Table 5-3. Add VPN Policy Settings Item Description (or Subfield and Description) General Policy Name A descriptive name of the VPN policy for identification and management purposes. Note : The name is not supplied to the remote VPN endpoi[...]

  • Page 126

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-28 Virtual Private Networking v1.1, August 2010 Traffic Selection Local IP From the pull-down menu, select the address or addresses that are part of the VPN tunnel on the VPN firewall: • Any . All PCs and devices on the network. Note : You cannot select Any for both the VPN firewall a[...]

  • Page 127

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-29 v1.1, August 2010 Integrity Algorithm From the pull-down menu, select one of the following two algorithms to be used in the VPN header for the authentication process: • SHA-1 . Hash algorithm that produces a 160-bit digest. This is the default setting. ?[...]

  • Page 128

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-30 Virtual Private Networking v1.1, August 2010 5. Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table. To edit a VPN policy: 1. Select VPN from the main menu and Policies from the submenu. The Policies submenu tabs appear with the IKE Policies s[...]

  • Page 129

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-31 v1.1, August 2010 Digital Certificates can be either self signed or can be issued by Certification Authorities (CA) such as via an in-house Windows server, or by an external organization such as Verisign or Thawte. However, if the Digital Certificates conta[...]

  • Page 130

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-32 Virtual Private Networking v1.1, August 2010 Understanding the Certificates Screen To display the Certificates screen, select VPN form the main menu and Certificates from the submenu. Because of the large size of this screen, and because of the way the information is presented, the C[...]

  • Page 131

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-33 v1.1, August 2010 To view the VPN certificates: Select VPN from the main menu and Certificates from the submenu. The Certificates screen displays. The top section of the Certificates screen displays the Trusted Certificates (CACertificates) section. When yo[...]

  • Page 132

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-34 Virtual Private Networking v1.1, August 2010 There can be three reasons why a security alert is generated for a security certificate: • The security certificate was issued by a company you have not chosen to trust. • The date of the security certificate is invalid. • The name o[...]

  • Page 133

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-35 v1.1, August 2010 • Issuer Name . The name of the CA that issued the certificate. • Expiry Time . The date on which the certificate expires. You should renew the certificate before it expires. Obtaining a Self Certificate from a Certificate Authority To[...]

  • Page 134

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-36 Virtual Private Networking v1.1, August 2010 2. Configure the following fields: • Name . Enter a descriptive name that will identify this certificate. • Subject . This is the name which other organizations will see as the holder (owner) of the certificate. Since this name will be[...]

  • Page 135

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-37 v1.1, August 2010 6. In the Self Certificate Requests table, click view in the Action column to view the request. 7. Copy the contents of the Data to supply to CA text box into a text file, including all of the data contained from “----BEGIN CERTIFICATE R[...]

  • Page 136

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-38 Virtual Private Networking v1.1, August 2010 If you have not already uploaded the CA certificate, do so now, as described in “Viewing and Loading CA Certificates” on page 5-32 . You should also periodically check the Certificate Revocation Lists (CRL) table, as described in the f[...]

  • Page 137

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-39 v1.1, August 2010 Configuring Extended Authentication (XAUTH) When connecting many VPN clients to a VPN gateway router, an administrator may want a unique user authentication method beyond relying on a single common preshared key for all clients. Although t[...]

  • Page 138

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-40 Virtual Private Networking v1.1, August 2010 2. You can add XAUTH to an existing IKE policy by clicking the edit button adjacent to the policy to be modified or you can create a new IKE policy incorporating XAUTH by clicking add . ( Figure 5-29 shows the Add IKE Policy screen.) 3. In[...]

  • Page 139

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-41 v1.1, August 2010 – User Database to verify against the VPN firewall’s user database. Users must be added through the User Database screen (see “Configuring the User Database for XAUTH” on page 5-41 ). – RADIUS–CHAP or RADIUS–PAP (depending on[...]

  • Page 140

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-42 Virtual Private Networking v1.1, August 2010 2. Enter a User Name . This is the unique ID of a user which will be added to the User Name database. 3. Enter a Password for the user, and reenter the password in the Confirm Password field. 4. Click add. The user name will be added to th[...]

  • Page 141

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-43 v1.1, August 2010 3. Enable the primary RADIUS server by checking the Yes radio box. 4. Enter the primary RADIUS Server IP Address . 5. Enter a Secret Phrase . Transactions between the client and the RADIUS server are authenticated using a shared secret phr[...]

  • Page 142

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-44 Virtual Private Networking v1.1, August 2010 8. Set the Time Out Period , in seconds, that the VPN firewall should wait for a response from the RADIUS server. 9. Set the Maximum Retry Count. This is the number of attempts that the VPN firewall will make to contact the RADIUS server b[...]

  • Page 143

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-45 v1.1, August 2010 Configuring Mode Config Operation on the VPN Firewall You need to configure two screens: the ModeConfig screen and the IKE Policies screen. Configuring the Mode Config Screen To configure the Mode Config screen: 1. Select VPN from the main[...]

  • Page 144

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-46 Virtual Private Networking v1.1, August 2010 3. Enter a descriptive Record Name such as “Sales”. 4. Assign at least one range of IP pool addresses in the First IP Pool field to give to remote VPN clients. 5. If you have a WINS server on your local network, enter its IP address. 6[...]

  • Page 145

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-47 v1.1, August 2010 9. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 10. Click [...]

  • Page 146

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-48 Virtual Private Networking v1.1, August 2010 Recommended settings are: • Encryption Algorithm: 3DES • Authentication Algorithm: SHA-1 • Diffie-Hellman: Group 2 • SA Lifetime: 3600 seconds Figure 5-34[...]

  • Page 147

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-49 v1.1, August 2010 9. Enter a Pre-Shared Key that will also be configured in the VPN client. 10. XAUTH is disabled by default. To enable XAUTH, in the Extended Authentication section, select one of the following:: • Edge Device to use the VPN firewall as a[...]

  • Page 148

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-50 Virtual Private Networking v1.1, August 2010 Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in the Windows toolb[...]

  • Page 149

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-51 v1.1, August 2010 2. From the left side of the menu, click My Identity. Enter the following information: a. Click Pre-Shared Key and enter the key you configured in the VPN firewall’s Add IKE Policy screen b. From the Select Certificate pull-down menu, se[...]

  • Page 150

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-52 Virtual Private Networking v1.1, August 2010 b. Check the Enable Perfect Forward Secrecy (PFS) radio button, and select the Diffie- Hellman Group 2 from the PFS Key Group pull-down menu. c. Enable Replay Detection should be checked. 4. Click on Authentication (Phase 1) on the left-si[...]

  • Page 151

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-53 v1.1, August 2010 Enter the values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours (28800 seconds). 6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN clie[...]

  • Page 152

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-54 Virtual Private Networking v1.1, August 2010 4. In the General section of the Edit VPN Policy screen, locate the keepalive configuration settings. 5. Click the Yes radio button to enable keepalive. 6. In the Ping IP Address boxes, enter an IP address on the remote LAN. This must be t[...]

  • Page 153

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-55 v1.1, August 2010 3. In the IKE SA Parameters section of the Edit IKE Policy screen, locate the Dead Peer Detection configuration settings. 4. Click the Yes radio button to Enable Dead Peer Detection . 5. Enter the Detection Period to set the interval betwe[...]

  • Page 154

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-56 Virtual Private Networking v1.1, August 2010 2. Click the VPN Policies tab. The VPN Policies screen displays (see Figure 5-20 on page 5-24 ). 3. In the List of VPN Policies table, click the edit button to the right of the VPN policy that you want to edit. The Edit VPN Policy screen d[...]

  • Page 155

    6-1 v1.1, August 2010 Chapter 6 VPN Firewall and Network Management This chapter describes how to use the network management features of your ProSafe Gigabit 8 Port VPN Firewall FVS318G. This chapter includes the following sections: • “Performance Management ” on this page • “Configuring Users, Administrative Settings, and Remote Manageme[...]

  • Page 156

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-2 VPN Firewall and Network Management v1.1, August 2010 VPN Firewall Features That Reduce Traffic You can adjust the following features of the VPN firewall in such a way that the traffic load on the WAN side decreases: • LAN WAN outbound rules (also referred to as service blocking) ?[...]

  • Page 157

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-3 v1.1, August 2010 • WAN Users . These settings determine which Internet locations are covered by the rule, based on their IP address. – Any . The rule applies to all Internet IP address. – Single address . The rule applies to a single Internet[...]

  • Page 158

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-4 VPN Firewall and Network Management v1.1, August 2010 • Keyword (and Domain Name) Blocking . You can specify up to 32 words that, should they appear in the website name (that is, URL) or in a newsgroup name, will cause that site or newsgroup to be blocked by the VPN firewall. You ca[...]

  • Page 159

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-5 v1.1, August 2010 Port Forwarding The VPN firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it (that is, the service is u[...]

  • Page 160

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-6 VPN Firewall and Network Management v1.1, August 2010 • WAN Users . These settings determine which Internet locations are covered by the rule, based on their IP address. – Any . The rule applies to all Internet IP address. – Single address . The rule applies to a single Internet[...]

  • Page 161

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-7 v1.1, August 2010 – After a PC has finished using a port triggering application, there is a time-out period before the application can be used by another PC. This is required because the firewall cannot be sure when the application has terminated.[...]

  • Page 162

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-8 VPN Firewall and Network Management v1.1, August 2010 See “Specifying Quality of Service (QoS) Priorities” on page 4-26 for the procedure on how to use this feature. Tools for Traffic Management The VPN firewall includes several tools that can be used to monitor the traffic condit[...]

  • Page 163

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-9 v1.1, August 2010 3. In the User Selection section of the screen, select either the Edit Admin Settings or Edit Guest Settings radio box. 4. In either the Admin Settings or the Guest Settings section of the screen: a. change the password by first en[...]

  • Page 164

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-10 VPN Firewall and Network Management v1.1, August 2010 Adding External Users You can add external users for which you then can configure an authentication method (see “Configuring an External Server for Authentication” on page 6-11 ). To add an external users: 1. Select Users from[...]

  • Page 165

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-11 v1.1, August 2010 3. Configure the following fields: a. User Name . Enter a unique identifier, using any alphanumeric characters. b. User Type . Select either Admin or Guest . c. Idle Timeout . This is the period after which an idle user will be au[...]

  • Page 166

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-12 VPN Firewall and Network Management v1.1, August 2010 To configure external authentication: 1. Select Users from the main menu and External Authentication from the submenu. The External Users screen displays. 2. Select the External Authentication tab. The External Authentication scre[...]

  • Page 167

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-13 v1.1, August 2010 • Secret Phrase . Transactions between the client and the RADIUS server are authenticated using a shared secret phrase, so the same secret phrase must be configured on both client and server. • Primary Server NAS Identifier . [...]

  • Page 168

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-14 VPN Firewall and Network Management v1.1, August 2010 Enabling Remote Management Access Using the Remote Management screen, you can allow an administrator on the Internet to configure, upgrade, and check the status of your VPN firewall. You must be logged in locally to enable remote [...]

  • Page 169

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-15 v1.1, August 2010 2. Check Allow Remote Management radio box. 3. Click the Yes radio button to enable secure HTTP management (enabled by default), and configure the external IP addresses that will be allowed to connect. a. To allow access from any [...]

  • Page 170

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-16 VPN Firewall and Network Management v1.1, August 2010 . Using an SNMP Manager Simple Network Management Protocol (SNMP) lets you monitor and manage your VPN firewall from an SNMP Manager. It provides a remote means to monitor and control network devices, and to manage configurations,[...]

  • Page 171

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-17 v1.1, August 2010 To create a new SNMP configuration entry: 1. Select Administration from the main menu and SNMP from the submenu. The SNMP screen displays. 2. Under Create New SNMP Configuration Entry , enter the IP address of the SNMP manager in [...]

  • Page 172

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-18 VPN Firewall and Network Management v1.1, August 2010 When you click on the SNMP System Info option arrow on the SNMP screen, the VPN firewall’s identification information is displayed. This following identification information is available to the SNMP Manager: system contact, syst[...]

  • Page 173

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-19 v1.1, August 2010 Backing Up Settings To back up settings: 1. Select Administration from the main menu and Settings Backup & Upgrade from the submenu. The Settings Backup and Firmware Upgrade screen displays. 2. Click backup to save a copy of y[...]

  • Page 174

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-20 VPN Firewall and Network Management v1.1, August 2010 Restoring Settings To restore settings from a backup file: 1. On the Settings Backup and Firmware Upgrade screen, next to Restore save settings from file , click Browse . 2. Locate and select the previously saved backup file (by d[...]

  • Page 175

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-21 v1.1, August 2010 After downloading an upgrade file, you may need to unzip (uncompress) it before upgrading the VPN firewall. If Release Notes are included in the download, read them before continuing. 4. Select Administration from the main menu an[...]

  • Page 176

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-22 VPN Firewall and Network Management v1.1, August 2010 2. From the Date/Time pull-down menu, select the local time zone. This is required in order for scheduling to work correctly. The VPN firewall includes a Real-Time Clock (RTC), which it uses for scheduling. 3. If supported in your[...]

  • Page 177

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-23 v1.1, August 2010 Monitoring System Performance You can be alerted to important events such as WAN traffic limits reached, login failures, and attacks. You can also view status information about the VPN firewall, broadband port, LAN ports, and VPN [...]

  • Page 178

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-24 VPN Firewall and Network Management v1.1, August 2010 Figure 6-10[...]

  • Page 179

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-25 v1.1, August 2010 2. In the Log Options section, enter the name of the log in the Log Identifier field. The Log Identifier is a mandatory field used to identify which device sent the log messages. The identifier is appended to log messages. 3. In t[...]

  • Page 180

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-26 VPN Firewall and Network Management v1.1, August 2010 • LOG_ERROR (Error conditions) • LOG_WARNING (Warning conditions) • LOG_NOTICE (Normal but significant conditions) • LOG_INFO (Informational messages) • LOG_DEBUG (Debug level messages) 10. Click Reset to cancel your cha[...]

  • Page 181

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-27 v1.1, August 2010 Enabling the Traffic Meter If your ISP charges by traffic volume over a given period of time, or if you want to study traffic types over a period of time, you can activate the traffic meter for the broadband port. To monitor traff[...]

  • Page 182

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-28 VPN Firewall and Network Management v1.1, August 2010 • Increase this month limit by . Temporarily increase the traffic limit if you have reached the monthly limit, but need to continue accessing the Internet. Select the checkbox and enter the desired increase. (The checkbox will a[...]

  • Page 183

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-29 v1.1, August 2010 • Restart Traffic Counter at a Specific Time . Restart the traffic counter at a specific time and day of the month. Fill in the time fields and choose AM or PM and the day of the month from the pull-down menus. • Send e-mail r[...]

  • Page 184

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-30 VPN Firewall and Network Management v1.1, August 2010 Viewing the VPN Firewall Configuration and System Status The Router Status screen provides status and usage information. Select Monitoring from the main menu and Router Status from the submenu. The Router Status screen displays. T[...]

  • Page 185

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-31 v1.1, August 2010 Monitoring VPN Firewall Statistics To display the VPN firewall statistics: 1. Select Monitoring from the main menu and Router Status from the submenu. The Router Status screen displays (see Figure 6-14 on page 6-30 ). 2. Click the[...]

  • Page 186

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-32 VPN Firewall and Network Management v1.1, August 2010 For each interface (Broadband, LAN, and DMZ), the number of transmitted (Tx Pkts) and received (Rx Pkts) packets, the number of collided packets, the transmitted (Tx B/s) and received (Rx B/s) bytes per second, and the interface u[...]

  • Page 187

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-33 v1.1, August 2010 Monitoring Attached Devices The LAN Groups screen contains a table of all IP devices that the VPN firewall has discovered on the local network. To view the LAN Groups screen: 1. Select Network Configuration from the main menu and [...]

  • Page 188

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-34 VPN Firewall and Network Management v1.1, August 2010 The Known PCs and Devices table lists all current entries in the LAN Groups database. For each PC or device, the following data is displayed Monitoring VPN Tunnel Connection Status You can view the status of the VPN tunnels by sel[...]

  • Page 189

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-35 v1.1, August 2010 The Active IPsec (SA)s table lists each active connection with the following information Viewing the VPN Logs The VPN Logs screen gives log details for recent VPN activity. Select Monitoring from the main menu and VPN Logs from th[...]

  • Page 190

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-36 VPN Firewall and Network Management v1.1, August 2010 Viewing the DHCP Log To display the DHCP log: 1. Select Network Configuration from the main menu and LAN Settings from the submenu. The LAN Setup screen displays. 2. Click the DHCP Log option arrow in the upper right-hand section [...]

  • Page 191

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-37 v1.1, August 2010 To view the most recent entries, click refresh . Table 6-6. Port Triggering Status Data Item Description Rule The name of the rule. LAN IP Address The IP address of the PC currently using this rule. Open Ports The Incoming ports w[...]

  • Page 192

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-38 VPN Firewall and Network Management v1.1, August 2010[...]

  • Page 193

    7-1 v1.1, August 2010 Chapter 7 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe Gigabit 8 Port VPN Firewall FVS318G. This chapter includes the following sections: • “Basic Functions ” on this page • “Troubleshooting the Web Configuration Interface” on page 7-3 • “Troubleshooting the ISP Co[...]

  • Page 194

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-2 Troubleshooting v1.1, August 2010 Power LED Not On If the Power and other LEDs are off when your VPN firewall is turned on: • Make sure that the power cord is properly connected to your VPN firewall and that the power supply adapter is properly connected to a functioning power outle[...]

  • Page 195

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-3 v1.1, August 2010 Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the VPN firewall as[...]

  • Page 196

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-4 Troubleshooting v1.1, August 2010 If the VPN firewall does not save changes you have made in the Web Configuration Interface, check the following: • When entering configuration settings, be sure to click the Apply button before moving to another menu or tab, or your changes are lost[...]

  • Page 197

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-5 v1.1, August 2010 • Your ISP may check for your PC's host name. Assign the PC Host Name of your ISP account as the Account Name on the Broadband ISP Settings screen (see Figure 2-2 on page 2-4 ). • Your ISP only allows one Ethernet MAC address to connect to th[...]

  • Page 198

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-6 Troubleshooting v1.1, August 2010 Pinging < IP address > with 32 bytes of data If the path is working, you will see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you will see this message: Request timed out If the path is [...]

  • Page 199

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-7 v1.1, August 2010 – If your ISP assigned a host name to your PC, enter that host name as the Account Name on the Broadband ISP Settings screen (see Figure 2-2 on page 2-4 ). – Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many b[...]

  • Page 200

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-8 Troubleshooting v1.1, August 2010 Problems with the date and time function can include: • Date and time shown is Thu Jan 01 00:01:52 GMT 1970. Cause: The VPN firewall has not yet successfully reached a Network Time Server. Check that your Internet access settings are configured corr[...]

  • Page 201

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-9 v1.1, August 2010 Table 7-1. Diagnostics Item Description Ping or Trace an IP Address Ping. Used to send a ping packet request to a specified IP address—most often, to test a connection. If the request times out (no reply is received), it usually means that the desti[...]

  • Page 202

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-10 Troubleshooting v1.1, August 2010[...]

  • Page 203

    Default Settings and Technical Specifications A-1 v1.1, August 2010 Appendix A Default Settings and Technical Specifications Y ou can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, push and hold the reset button for approximately 5 s[...]

  • Page 204

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A-2 Default Settings and Technical Specifications v1.1, August 2010 Technical specifications for the ProSafe Gigabit 8 Port VPN Firewall FVS318G are listed in the following table. Management Time Zone GMT Time Zone Adjusted for Daylight Saving Time Disabled SNMP Disabled Remote Management[...]

  • Page 205

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default Settings and Technical Specifications A-3 v1.1, August 2010 Environmental Specifications Operating temperature: 0  to 40  C (32º to 104º F) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B[...]

  • Page 206

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A-4 Default Settings and Technical Specifications v1.1, August 2010[...]

  • Page 207

    Two Factor Authentication B-1 v1.1, August 2010 Appendix B Two Factor Authentication This appendix provides an overview of Two-Factor Authentication, and an example of how to implement the WiKID solution. This appendix contains the following sections: • “Why do I need Two-Factor Authentication? ” on this page. • “NETGEAR Two-Factor Authen[...]

  • Page 208

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual B-2 Two Factor Authentication v1.1, August 2010 • Quick to deploy and manage . The WiKID solution integrates seamlessly with the NETGEAR SSL and VPN firewall products. • Proven regulatory compliance . Two-Factor Authentication has been used as a mandatory authentication process for ma[...]

  • Page 209

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Two Factor Authentication B-3 v1.1, August 2010 The request-response architecture is capable of self-service initialization by end-users, dramatically reducing implementation and maintenance costs. Here is an example of how WiKID works. 1. The user launches the WiKID token software, enter[...]

  • Page 210

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual B-4 Two Factor Authentication v1.1, August 2010 3. The user then proceeds to the Two-Factor Authentication login page and enters the generated one-time passcode as the login password. Note: The one-time passcode is time synchronized to the authentication server so that the OTP can only be[...]

  • Page 211

    Related Documents C-1 v1.1, August 2010 Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link TCP/IP Networking Basics http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Networking Basics [...]

  • Page 212

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual C-2 Related Documents v1.1, August 2010[...]

  • Page 213

    Index-1 v1.1, August 2010 Index Numerics 3322.org 2-11 A access remote management 6-14 Add DMZ WAN Outbound Services screen 4-12 Add LAN DMZ Outbound Service screen 4-14 Add LAN WAN Inbound Service 4-11 Add LAN WAN Outbound Service screen 4-10 Add Mode Config Record screen 5-45 address reservation 3-9 Advanced Encryption Standard. See AES. Advanced[...]

  • Page 214

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-2 v1.1, August 2010 certificates CRL 5-32 management of 5-35 trusted (CA certificates) 5-32 Classical Routing definition of 2-10 command line interface 6-16 configuration automatic by DHCP 1-4 Connecting the VPN firewall 2-1 Content Filtering 4-1 about 1-2 , 4-30 Block Sites 4-30 en[...]

  • Page 215

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-3 v1.1, August 2010 Domain Name router 3-4 , 3-13 Domain Name Blocking 4-31 Domain Name Servers. See DNS. DoS about protection 1-2 attack 4-21 DPD 5-21 Dynamic DNS Configuration screen 2-11 Dynamic DNS. See DDNS DynDNS.org 2-11 E Edge Device 5-40 RADIUS Server 5-39 User Database 5-3[...]

  • Page 216

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-4 v1.1, August 2010 default definition 4-2 example 4-16 field descriptions 4-6 order of precedence 4-8 Port Forwarding 4-3 , 4-5 rules for use 4-5 Inbound Services field descriptions 4-6 increasing traffic 6-4 DMZ port 6-7 Port Forwarding 6-5 Port Triggering 6-6 VPN tunnels 6-7 inst[...]

  • Page 217

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-5 v1.1, August 2010 M MAC address 7-7 blocked, adding 4-33 configuring 2-5 format of 2-14 spoofing 7-5 main menu 2-3 MD5 IKE polices 5-20 VPN policies 5-29 ModeConfig 5-44 about 5-44 assigning remote addresses, example 5-44 Client Configuration 5-50 IKE Policies menu, configuring 5-[...]

  • Page 218

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-6 v1.1, August 2010 service blocking 4-3 Port Forwarding Inbound Rules 4-3 , 4-5 increasing traffic 6-5 rules, about 4-5 port numbers 4-24 Port Speed 2-13 Port Triggering about 4-37 adding a rule 4-38 increasing traffic 6-6 modifying a rule 4-39 rules of use 4-38 status 6-36 Port Tr[...]

  • Page 219

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-7 v1.1, August 2010 Routing Information Protocol. See RIP. Routing screen 3-15 RSA signatures 5-21 rules blocking traffic 4-2 inbound example 4-16 order of precedence 4-24 service blocking 4-3 services-based 4-3 running tracert 6-16 S SA IKE policies 5-20 VPN policies 5-28 , 5-29 sa[...]

  • Page 220

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-8 v1.1, August 2010 TCP/IP network, troubleshooting 7-5 technical specifications A-1 Time daylight savings, troubleshooting 7-8 setting 6-21 troubleshooting 7-7 Time Zone setting of 6-21 Time Zone screen 6-21 ToS. See QoS. tracert use with DDNS 6-16 traffic increasing 6-4 management[...]

  • Page 221

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-9 v1.1, August 2010 Web Components 4-30 blocking 4-33 filtering, about 4-30 Web configuration troubleshooting 7-3 WiKID 6-11 authentication, overview B-1 WinPoET 2-7 WINS server 3-4 , 3-13 X XAUTH IKE policies 5-22 IPSec Host 5-39 types of 5-39[...]

  • Page 222

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-10 v1.1, August 2010[...]