NETGEAR FVS318N manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation NETGEAR FVS318N. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel NETGEAR FVS318N ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation NETGEAR FVS318N décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation NETGEAR FVS318N devrait contenir:
- informations sur les caractéristiques techniques du dispositif NETGEAR FVS318N
- nom du fabricant et année de fabrication NETGEAR FVS318N
- instructions d'utilisation, de réglage et d’entretien de l'équipement NETGEAR FVS318N
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage NETGEAR FVS318N ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles NETGEAR FVS318N et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service NETGEAR en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées NETGEAR FVS318N, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif NETGEAR FVS318N, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation NETGEAR FVS318N. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    350 East Plumeria Drive San Jose, CA 95134 USA July , 2012 202-10836-04 v1.0 Pr oSaf e W ir ele ss -N 8-P ort Gi ga bit VPN F ir e w all FVS318N Refe ren c e M a nu a l[...]

  • Page 2

    2 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N © 201 1–2 012 NETGEAR, Inc. All rights reserved. No part of this publication may be re produced, transmitted, tran scribed, stored in a retrie val system, or translated into any langu age in any form or by any means without the written permission of NETGEAR, Inc. Te c h n i c a l S u p p o[...]

  • Page 3

    3 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N (continued) • IPv6 firewall rules (see Configure LAN WAN Rules , Configure DMZ WAN Rules , Configure LAN DMZ Rules , a nd Examples of Firewall Rules ) • IPv6 attack checks (see Attack Checks ) • IPv6/MAC bindings (see Set Up IP/MAC Bindings ) • Simplified wireless setti ngs submenus f[...]

  • Page 4

    4 Contents Chapter 1 Introduction What Is the ProSafe Wireless- N 8- Port Gigabit VPN Firewall F V S318N? . 10 Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Wireless Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Advanced VPN Support for Both IPS[...]

  • Page 5

    5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Stateless IP/ICMP Translation . . . . . . . . . . . . . . . . . . . . . . . . 49 Configure Advanced WAN Options and Other Tasks . . . . . . . . . . . . . . . . . 50 Additional WAN-Related Configuration Task s . . . . . . . . . . . . . . . . . . . . . . 53 Verify the Connection . . .[...]

  • Page 6

    6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Advanced Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Test Basic Wireless C onnectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Chapter 5 Firewall Protection About Firewall Protection . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 7

    7 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Wireless VPN Firewall I PSec VPN Log . . . . . . . . . . . . . . . . . 221 Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Manage IKE Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Manage VPN[...]

  • Page 8

    8 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Set User Login Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 Change Passwords and Other User Settings . . . . . . . . . . . . . . . . . . . . 311 Manage Dig[...]

  • Page 9

    9 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Power LED Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Test LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 LAN or WAN Port LEDs Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Tro[...]

  • Page 10

    10 1 1. Intr odu cti on This chapter provides an ove rview of the features and cap abilities of the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N and explains how to log in to the device and use it s web management interface. The chap ter contains the fo llowing sections: • What Is the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS31[...]

  • Page 11

    Introduction 11 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The wireless VPN firewall provides advanced IPSec and SSL VPN technologies with support for up to 12 IPSec VPN tunnels and 5 SSL VPN tunne ls, as well as L2TP support for easy and secure remote connections. The use of Gigabit Ethernet W AN and LAN port s ensures high dat a trans[...]

  • Page 12

    Introduction 12 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Hidden mode . The SSID is not broadcast, assuring tha t only clients configure d with the correct SSID can connect. • Secure an d economical operation . Adjust able power output allows more secure or economical operation. Advanced VPN Support for Both IPSec and SSL The wir[...]

  • Page 13

    Introduction 13 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Features The wireless VPN firewall is equipped with se veral features designed to maintain security: • Com puters hidden by NA T . NA T opens a temporary path to the Internet for request s originating from the local network. Request s originating from outside the LAN [...]

  • Page 14

    Introduction 14 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Dynamic Host Configuration Protoco l (DHCP). This feature greatly simplifies configuration of co mputers on your local n etwork. • DNS prox y . When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the att ached compu[...]

  • Page 15

    Introduction 15 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Maintenance and Support NETGEAR offers the fo llowing features to help you maximize your use of the wireless VPN firewall: • F lash memory for firmware upgrades. • T echnical support seven days a week, 24 hours a day . Information about support is available on the NETGEAR we[...]

  • Page 16

    Introduction 16 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The front panel also cont ains three groups of st atus indicator light-emitting diodes (LEDs), including Power and T est LEDs, LAN LEDs, and W AN LEDs, all of which are explained in detail in the followin g table. So me LED explanation is provided on the front p anel. Figure 1. [...]

  • Page 17

    Introduction 17 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Ports Left LED Off The LAN port ha s no link. On (green) The LAN port has dete cted a link with a connected Ethernet device. Blinking (green) Data is being transmi tted or re ceived by the LAN port. Right LED Off The LAN port is operating at 10 Mbps. On (amber) The LAN port [...]

  • Page 18

    Introduction 18 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Rea r P a ne l The rear panel of the wireless VPN firewall includes the antenna s, a cable lock recept acle, a console port, a Reset button, a DC power connectio n, and a power switch. Figure 2. Viewed from lef t to right, the rear panel cont ains the following components: 1. Di[...]

  • Page 19

    Introduction 19 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Bottom P anel with P roduct Label The product label on the bottom of the wireless VPN firewall’s en closure displays factory defaults set tings, regulatory co mpliance, and other information. Figure 3. Choose a Location for the Wireless VPN Firewall The wireless VPN firewall i[...]

  • Page 20

    Introduction 20 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Log In to the Wireless VPN Firewall Note: T o connect the wireless VPN firewall physically to your network, connect the cables and rest art your network according to the instructions in the ProSafe Wireless-N 8-Po rt Gigabit VPN Firewall FVS318N Installation Guide . A PDF of thi[...]

  • Page 21

    Introduction 21 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 4. 3. In the User Name field, type admin . Use lowercase letters. 4. In the Password / Pa sscode field, type p ass word . Here, too, use lowercase letters. Note: The wireless VPN firewall user name and p assword are not the same as any user name or p assword yo u might us[...]

  • Page 22

    Introduction 22 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 5. W eb Management Interface Menu Layout The following figure shows the menu at t he top the web management in terface: Figure 6. The web management interface menu consist s of the following components: • 1st le vel: Main navigation menu links . The main navigation menu[...]

  • Page 23

    Introduction 23 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • 2nd level: Configuration menu links . The configuration menu lin ks in the gray bar (immediately below the main navigation menu bar) chan ge according to the main navigation menu link that you se lect. When you select a configura tion menu link, the letters are displayed in [...]

  • Page 24

    Introduction 24 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Any of the following t able buttons might display onscreen: • Select All . Select all entries in the tab le. • Delete . Delete th e selected entry or entrie s from the table. • Enable . Enable the selected entry o r entries in the table. • Disable . Disable the selected [...]

  • Page 25

    25 2 2. IPv4 and IPv6 Int er net an d Br oadband Settings This chapter explains how to configure the Inte rnet and W AN settings. The chapter cont ains the following sections: • Internet and W AN Configuration T asks • Configure the IPv4 Internet Conn ection and WAN Settings • Configure the IPv6 Internet Conn ection and WAN Settings • Confi[...]

  • Page 26

    IPv4 and IPv6 Internet and Br oadband Settings 26 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. (Optional) Config ure Dynamic DNS on the W AN po rt . If required, configure your fully qualified domain names: See Configure Dynamic DNS o n page 35 . 4. ( Optio nal) Con figur e the W AN option s . If required , change the factory default M[...]

  • Page 27

    IPv4 and IPv6 Internet and Broadband Settings 27 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv4 W AN Mode By default, IPv4 is supported and functions in NA T mode but can also function in classical routing mode. IPv4 functions the same way in IPv4-only mode that it does in IPv4 / IPv6 mode. The latter mode adds IPv6 funct[...]

  • Page 28

    IPv4 and IPv6 Internet and Br oadband Settings 28 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 9. 2. Select the NA T radio button or the Classical Routing radio button. W ARNING: Changing the W AN mode causes all LAN W AN and DMZ W AN inbound rules to revert to default settings. 3. Click Apply to save your settings. Let the Wireles[...]

  • Page 29

    IPv4 and IPv6 Internet and Broadband Settings 29 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10. 2. Click the Auto Det ect button at the bottom of the screen. The autodetect process probes the W AN port for a range of connection method s and suggests one that your ISP is most likely to support. The autodetect process returns one o[...]

  • Page 30

    IPv4 and IPv6 Internet and Br oadband Settings 30 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • If the autodetect process does not find a connection, you are prompted either to check the physical connection between your wi reless VPN firewall and the cable, DSL line, or satellite or wireless Internet dish, or to check your wireless VPN[...]

  • Page 31

    IPv4 and IPv6 Internet and Broadband Settings 31 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Connection S tatus screen should show a valid IP addr ess and gat eway , and you are connected to the Internet. If the configur ation was not successful, skip ahead to Manually Configure an IPv4 Internet Connectio n on p age 31 , or see T rou[...]

  • Page 32

    IPv4 and IPv6 Internet and Br oadband Settings 32 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 13. 5. If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter t he settings as explained in the following table: T able 3. PPTP and PPPoE settings Setting Description Austria (PPTP) Note: For login and password inf[...]

  • Page 33

    IPv4 and IPv6 Internet and Broadband Settings 33 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. In the Interne t (IP) Address section of the screen (see the following figure), configure the IP address settings as explained in the following table. Click the Current IP Address link to see the currently assigned IP address. Other (PPPoE) No[...]

  • Page 34

    IPv4 and IPv6 Internet and Br oadband Settings 34 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 7. In the Domain Name Server (DNS) Se rvers section of the screen (see the following figure), specify the DNS settings as explained in the following table. Figure 14. T able 4. Internet IP address settings Setting Description Get Dynamically fro[...]

  • Page 35

    IPv4 and IPv6 Internet and Broadband Settings 35 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Apply to save your changes. 9. Click Te s t to evaluate your entries. The wireless VPN firewall attempts to make a connection according to the settings that you entered. 10. T o verify the connection, click the Broadband S t atus option [...]

  • Page 36

    IPv4 and IPv6 Internet and Br oadband Settings 36 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N After you have configured your account info rmation on the wireless VPN firewall, when your ISP-assigned IP address changes, your wirele ss VPN firewall automatically contact s your DDNS service provider , logs in to your a ccount, and registers[...]

  • Page 37

    IPv4 and IPv6 Internet and Broadband Settings 37 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Access the website of the DDNS service provi der , and regist er for an account (for example, for DynDNS.org, go to http://www .dyndns.com/ ). 5. Conf igure the DDNS service settings as explained in the following t able: 6. Click App ly to sav[...]

  • Page 38

    IPv4 and IPv6 Internet and Br oadband Settings 38 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Isolated IPv6 network . If yo ur network is an isolated IPv6 network that is not connected to an IPv6 ISP , you need to make sure that the IPv6 p ackets can travel over the IPv4 Internet backbone; you do this by enabling a utomatic 6to4 tunn[...]

  • Page 39

    IPv4 and IPv6 Internet and Broadband Settings 39 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 18. 2. Select the IPv4 / IPv6 mode radio button. By default, the IPv4 only mode radio button is selected, and IPv6 is disabled. W ARNING: Changing the IP routing mode causes the wireless VPN firewal l to reboot. 3. Click Apply to save your[...]

  • Page 40

    IPv4 and IPv6 Internet and Br oadband Settings 40 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • St ateful address autoconfiguration . The wireless VPN firewall obt ains an interface address, configuration information such as DNS server information, and other p arameters from a DHCPv6 server . The IP ad dress is a dynamic address.  T[...]

  • Page 41

    IPv4 and IPv6 Internet and Broadband Settings 41 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. As an optional step: If you have selected the S tateless Address Auto Configuration radio button, you can select the Prefix Delegation check box: • Prefix delegation check box is sele cted . A prefix is assigned by t he ISP’s st ateful DHC[...]

  • Page 42

    IPv4 and IPv6 Internet and Br oadband Settings 42 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 21. 3. In the Internet Address section of the screen, from the IPv6 drop-down list, select Stat ic IPv6 . 4. In the S tatic IP Address section of the screen, enter the settings as explained in the following table. Y ou should have receive[...]

  • Page 43

    IPv4 and IPv6 Internet and Broadband Settings 43 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. 6. T o verify the connection, click the Stat us option arrow in the upper right of the screen to display the Connection S tatus pop-up screen. (The following figure shows a static IP address configuration; the[...]

  • Page 44

    IPv4 and IPv6 Internet and Br oadband Settings 44 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 23. 3. In the Internet Address section of the screen, from the IPv6 drop-down list, select PPPoE . 4. In the PPPoE IPv6 section of the screen, enter the settings as explained in the following table. Y ou should have received PPPoE IPv6 in[...]

  • Page 45

    IPv4 and IPv6 Internet and Broadband Settings 45 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. 6. T o verify the connection, click the Stat us option arrow in the upper right of the screen to display the Connection S tatus pop-up screen (see Figure 22 on p ag e 43 , which shows a static IP address confi[...]

  • Page 46

    IPv4 and IPv6 Internet and Br oadband Settings 46 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure 6to4 Automatic T unneling If your network is an isolated IPv6 netwo rk that is not connected to an IPv6 ISP , you need to make sure that the IPv6 packet s can travel over the IPv4 Internet backbone by enabling automatic 6to4 tunneling.[...]

  • Page 47

    IPv4 and IPv6 Internet and Broadband Settings 47 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Select the Enable Automati c T unneling check box. 3. Click App ly to save your changes. Configure ISA T AP Automatic T unneling If your network is an IPv4 network or IPv6 network that consists of both IPv4 and IPv6 devices, you need to make s[...]

  • Page 48

    IPv4 and IPv6 Internet and Br oadband Settings 48 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 25. 2. Click the Add table button under the List of Available ISA T AP T unnels table. The Add ISA T AP T unnel screen displays: Figure 26. 3. S pecify the tunnel settings as explained in the following table. 4. Click Apply to save your c[...]

  • Page 49

    IPv4 and IPv6 Internet and Broadband Settings 49 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Modify the setting s as explained in the previous t able. 3. Click App ly to save your settings.  T o delete one or more tunnels: 1. On th e ISA T AP Tunne ls screen, select the check box to the left of each tunnel that you want to delete, [...]

  • Page 50

    IPv4 and IPv6 Internet and Br oadband Settings 50 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Fo r SII T to fu nc ti on, th e routing mode needs to be I Pv 4 / IP v6 . N ET GE AR ’s i mp le me nta ti on of SIIT lets you enter a single IPv4 address on the SIIT scree n. This IPv4 address is then used in the IPv4-translated address for IP[...]

  • Page 51

    IPv4 and IPv6 Internet and Broadband Settings 51 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 29. 3. Enter the setting s as explained in the following table: T able 10. Broadband Advanced Options screen settings Setting Description MTU Size Make one of the following selections: Default Select the Default radio button for the normal[...]

  • Page 52

    IPv4 and IPv6 Internet and Br oadband Settings 52 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your changes. Spee d In most cases, the wireless VPN firewall can automatically determine the connectio n speed of the W AN port of the device (modem, dish, or router) that pr ovides the WAN connection. If you cannot est a[...]

  • Page 53

    IPv4 and IPv6 Internet and Broadband Settings 53 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional W AN-Related Configuration T asks If you want the ability to ma nage the wireless VPN firewall remotely , enable remote management (see Configure Remote Manage ment Access on p age 331). If you enable remote management, NETGEAR strongl[...]

  • Page 54

    54 3 3. L AN Co nfigu r at io n This chapter describes how to configure the LA N features o f your wireless VPN firewall. The chapter conta ins the following sections: • Manage IPv4 Virtual LANs and DHCP Options • Configure IPv4 Multihome LAN IP Addresse s on the Default VLAN • Manage IPv4 Group s and Hosts (IPv4 LAN Group s) • Manage the I[...]

  • Page 55

    LAN Configuration 55 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N same segment. The resources of other dep artments can be invisible to the marketing VLAN members, accessible to all, or accessible on ly to specified individuals, depending on how the IT manager has set up the VLANs. VLANs have a number of advant ages: • It is easy to set[...]

  • Page 56

    LAN Configuration 56 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N When you create a VLAN profile, assign L AN ports to the VLAN, and enable the VLAN, the LAN ports that are members of the VLAN can send and receive both t agged and untagged packet s. Untagged packet s that enter these LAN ports are assign ed to the default PVID 1; packet s[...]

  • Page 57

    LAN Configuration 57 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 30. For each VLAN profile, the following fields disp lay in the VLAN Profiles table: • Check box . Allows you to select the VLAN pro file in the t able. • S t atus icon . Indicates the st atus of the VLAN profile: - Green c ircle . The VLAN p rofile is enabled. -[...]

  • Page 58

    LAN Configuration 58 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCP Server The default VLAN (VLAN 1) has the DHCP serv er option enabled by default, allowing the wireless VPN firewall to assign IP , DNS serv er , WINS server , and defa ult gateway addresses to all computers connected to th e wireless VPN firewall’ s LAN. The assigned[...]

  • Page 59

    LAN Configuration 59 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LDAP Server A Lightweight Directory Access Protocol (LD AP) server allows a user to query and modify directory services that run over TCP/IP . For example, clients can que ry email addresses, contact information, an d other service information using an LDAP server . For eac[...]

  • Page 60

    LAN Configuration 60 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Add table button under the VLAN Profiles t able. The Add VLAN Profile screen displays: Figure 32.[...]

  • Page 61

    LAN Configuration 61 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in the following table: T able 1 1. Add VLAN Pr ofile screen settings Setting Description VLAN Profile Profile Name Enter a unique name fo r the VLAN profile . VLAN ID Enter a unique ID number for the VL AN profile. No two VLANs can have [...]

  • Page 62

    LAN Configuration 62 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable DHCP Server Select the Enable DHCP Server radio button to enab le the wireless VPN firewall to function as a Dynamic Host Configur ation Protocol (DHCP) server , provi ding TCP/IP configuration for al l computers co nnected to th e VLAN. (For the default VLAN, the DH[...]

  • Page 63

    LAN Configuration 63 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Note: Once you have completed the LAN setup, a ll outbound traf fic is allowed and all inbound traf fic is discarded except responses to requests from the LAN side. For information about how to ch ange these default traf fic rules, see [...]

  • Page 64

    LAN Configuration 64 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o edit a VLAN profile: 1. On the LAN Setup screen for IPv4 (see Fig ure 31 on page 59 ), click the Edit button in the Action column for the VLAN profile that yo u want to modify . The Edit VLAN Profile screen displays. This screen is ide ntical to the Add VLAN Profile[...]

  • Page 65

    LAN Configuration 65 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 33. 3. From the MAC Address for VLANs drop-down list , select Unique . (The default is Same.) 4. As an option, you can disable the broadcast of ARP p ackets for the default VLAN by clearing the Enable ARP Broadcast check box. (The broa dcast of ARP packets is enabled[...]

  • Page 66

    LAN Configuration 66 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o add a secondary LAN I Pv4 address: 1. Select Network Configuration > LAN Setup > LAN Multi-homing . I n the upper right of the screen, the IPv4 radio button is selected by default. The LAN Mu lti-homing screen displays the IPv4 settings. (The fo llowing figure[...]

  • Page 67

    LAN Configuration 67 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more secondary LAN IP addre sses: 1. On the LAN Multi-homing screen for IPv4 (see the previous figure), sele ct the check box to the left of each secondary IP address that you want to delete, or click the Select All table button to se lect secondary IP[...]

  • Page 68

    LAN Configuration 68 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • There is no need to use a fixed IP address on a computer . Because the IP address allocated by the DHCP server never changes, you do not need to assign a fixed IP address to a computer to ensu re that it always has the same IP address. • A compute r is identified by i[...]

  • Page 69

    LAN Configuration 69 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Known PCs and Devices t able lists the ent ries in the network database. For each computer or device, the following fields display: • Check box . Allows you to select the comp uter or device in the ta ble. • Name . The name of the computer or device. For comp uters [...]

  • Page 70

    LAN Configuration 70 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Add table button to add the computer or device to the Known PCs and Devices table. 3. As an optional step: T o save the binding between the IP address and MAC add ress for the entry that you just added to the Known PCs and Device s table, select the check box f[...]

  • Page 71

    LAN Configuration 71 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 36. 2. Modify the setting s as explained in Ta b l e 12 on page 69 . 3. Click App ly to save your settings in the Known PCs and Devices table. Deleting Computers or Device s from the Network Database  T o delete one or more computers or devices from the network da[...]

  • Page 72

    LAN Configuration 72 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Edit Group Names option arrow to the right of the LAN sub menu tabs. The Network Database Group Names screen displays. (The following figure shows some examples.) Figure 37. 3. Select the radio button next to the group name that you want to edit. 4. T y pe a ne[...]

  • Page 73

    LAN Configuration 73 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The saved binding is also displa yed on the IP/MAC Binding screen (see Figure 99 on pag e 186 ). Manage the IPv6 LAN • DHCPv6 Server Options • Configure the IPv6 LAN • Configure the IPv6 Router Advertisement Dae mon and Advertisement Prefixes for the LAN An IPv6[...]

  • Page 74

    LAN Configuration 74 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCPv6 server . For stateless DHCPv6, you need to configure the RADVD and advertisement prefixes (see Configure the IPv6 Router Advertiseme n t Daemon and Advertisement Prefixes for the L AN on page 80). Stateless DHCPv6 Server With Prefix Delegation As an option for a st a[...]

  • Page 75

    LAN Configuration 75 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv6 LAN  T o configure the IPv6 LAN settings: 1. Select Network Configuratio n > LAN Setup . 2. In the uppe r right of the screen, select the IPv6 radio button. The LAN Setup screen displays the IPv6 settings. (The following figure contains some example[...]

  • Page 76

    LAN Configuration 76 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in the following table. The IPv6 address pools and prefixes for prefix delegation are explained in the sections following the table. T able 13. LAN Setup screen settings for IPv6 Setting Description IPv6 LAN Setup IPv6 Address Enter the LA[...]

  • Page 77

    LAN Configuration 77 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your changes. IPv6 LAN A ddress P ools If you configure a stateful DHCPv6 server for the LAN, you need to add local DHCP IPv6 address pools so the DHCPv6 server can contro l the allocation of IPv6 addresses in the LAN.  T o add an IPv6 LAN address [...]

  • Page 78

    LAN Configuration 78 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 39. 2. Enter the settings as explained in the following table: 3. Click Apply to save your changes and add the new IPv6 address pool to the Li s t of I Pv 6 Address Pools table on the LAN Setup scree n for IPv6.  T o edit an IPv6 LAN address pool: 1. On the LAN Se[...]

  • Page 79

    LAN Configuration 79 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN Pr efixes for Pr efix Delegation If you configure a stateless DHCPv6 se rver for the LAN and select the Prefix Delegation check box (both on the ISP Broadband Settings screen for IPv6 and on the LAN Setup screen for IPv6, a prefix delegation pool is autom atically [...]

  • Page 80

    LAN Configuration 80 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv6 R outer Advertisement Daemon and Advertisement P refixes for the LAN Note: If you do not configure stateful DHCPv6 for the LAN but use stateless DHCPv6, you need to conf igure the Router Advertisement Deamon (RADVD) and advertisement prefixes. The RADVD i[...]

  • Page 81

    LAN Configuration 81 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o configure the Router Advertiseme nt Daemon for the LAN: 1. Select Network Configuration > LAN Setup . 2. In the uppe r right of the screen, select the IPv6 radio button. The LAN Setup screen displays the IPv6 settings (see Figure 38 on p age 75 .) 3. T o the righ[...]

  • Page 82

    LAN Configuration 82 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. Advertisement Prefixes for the LAN Y ou need to configure the prefixes that are adv ertised in the LAN RAs. For a 6to4 address, you need to specify only t he site level aggregation identifier (SLA ID) and the pr efix lifetime. For a glob[...]

  • Page 83

    LAN Configuration 83 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 42. 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f Prefixes to Advertise t able on the RADVD screen for the LAN.  T o edit an advertisement prefix: 1. On the RA D[...]

  • Page 84

    LAN Configuration 84 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more advertisement prefixes: 1. On the R ADV D screen for the LAN (see Figure 41 on page 81 ), select the check box to the left of each advertisement prefix that you want to delete, or click the Select All t able button to select all advertisement pre [...]

  • Page 85

    LAN Configuration 85 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The A vailable Secondary LAN IPs table displays the seco ndary LAN IP addresses added to the wireless VPN firewall. 3. In the Add Secondary LAN IP Address section of the screen, enter the following sett ings: • I Pv6 Address . Enter the secondary add ress that you want to[...]

  • Page 86

    LAN Configuration 86 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N firewall can be dedicated as a hardware DMZ po rt to safely provide services to the Internet without compromising security on your LAN. By default, the DMZ port and both inb ound and outbound DMZ traf fic are disabled. Enabling the DMZ port and allowing traf fic to and from[...]

  • Page 87

    LAN Configuration 87 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 44. 2. Enter the setting s as explained in the following table: T able 18. DMZ Setup screen settings for IPv4 Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s . Enable s you to configure the DMZ po[...]

  • Page 88

    LAN Configuration 88 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Do you want to enable DMZ Port? (continued) Subnet Mask Enter the IP subnet mask of the DMZ port. The subnet mask specifies the network number portion of an IP address. The subnet mask for the DMZ port is 255.255.255.0. DHCP for DMZ Connected Computers Disable DHCP Server I[...]

  • Page 89

    LAN Configuration 89 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. DMZ P ort for IPv6 T raffic The DMZ Setup (IPv6) screen lets you set up the DMZ port for IPv6 traffic. Y ou can enable or disable the hardware DMZ port ( LAN p ort 8; see Front Panel on page 15) for IPv6 traf fic and configure an IPv6 a[...]

  • Page 90

    LAN Configuration 90 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For the DMZ, there are two DHCPv6 server options: • St ateless DHCPv6 server . The IPv6 client s in the DMZ generate their own IP address by using a combination of locall y available info rmation and router advertisement s, but receive DNS server information from the DHCP[...]

  • Page 91

    LAN Configuration 91 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in the following table: T able 19. DMZ Setup screen settings for IPv6 Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s . En ables you to configure the DMZ port settings[...]

  • Page 92

    LAN Configuration 92 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. IPv6 DMZ A ddress P ools If you configure a sta teful DHCPv6 server for the DMZ, you need to add local DHCP IPv6 address pools so the DHCPv6 server can control the allocation of IPv6 addresses in the DMZ.  T o add an IPv6 DMZ address[...]

  • Page 93

    LAN Configuration 93 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f I Pv 6 Address Pools table on the DMZ Setup (IPv6) screen.  T o edit an IPv6 DMZ addre ss pool: 1. On th e DMZ Setup scree[...]

  • Page 94

    LAN Configuration 94 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Hosts and rou ters in the LAN use NDP to de termine the link-layer addresses and relate d information of neighbors in the LAN that can forwa rd packet s on their behalf. The wireless VPN firewall periodically distributes router advertisement s (RAs) throughout the DMZ to pr[...]

  • Page 95

    LAN Configuration 95 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 47. 4. Enter the setting s as explained in the following table: T able 22 . RADVD screen settings for the DMZ Setting Description RADVD S tatus S pecify the RADVD status by ma king a selection from the drop-down list: • Enable . The RADVD is enabled, and the RADVD [...]

  • Page 96

    LAN Configuration 96 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. Advertisement Prefixes for the DMZ Y ou need to configure the prefixes that are adv ertised in the DMZ RAs. For a 6to4 address, you need to specify only t he site level aggregation identifier (SLA ID) and the pr efix lifetime. For a glob[...]

  • Page 97

    LAN Configuration 97 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 48. 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f Prefixes to Advertise t able on the RADVD screen for the DMZ.  T o edit an advertisement prefix: 1. On t he RAD[...]

  • Page 98

    LAN Configuration 98 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more advertisement prefixes: 1. On the RADVD screen for the DMZ screen (see Figu re 47 on page 95 ), s elect the check box to the left of each advertisement prefix that you want to delete, or click the Select All t able button to select all advertiseme[...]

  • Page 99

    LAN Configuration 99 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Ad d t able button unde r the S tatic Routes table. The Add S tatic Route screen displays: Figure 50. 3. Enter the setting s as explained in the following table: 4. Click App ly to save your settings. The new static route is added to the S tatic Routes table. T[...]

  • Page 100

    LAN Configuration 100 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o edit an IPv4 st atic route: 1. On the S tatic Routing screen for IPv4 (see Figure 49 on page 98 ), click the Edit button in the Action column for the route that yo u want to modify . The Edit S tatic Route screen displa ys. This screen is identical to the Add S tat[...]

  • Page 101

    LAN Configuration 101 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 51. 3. Enter the setting s as explained in the following table: T able 25. RIP Configuration screen settings Setting Description RIP RIP Direction From the RIP Direction drop-down lis t, select the direction in which the wireless VPN firewall sends and receives RIP [...]

  • Page 102

    LAN Configuration 102 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. RIP V ersion By default, the RIP version is set to Disab led. From the RIP V ersion drop-down list, select the version: • RIP-1 . Cl assful routing that does not include subnet information. This is the mo st commonly supported versio[...]

  • Page 103

    LAN Configuration 103 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Static R oute Example In this example, we assume the following: • T he wireless VPN firewall’ s primary Internet access is through a cable modem to an ISP . • T he wireless VPN firewall is on a local LAN with IP addre ss 192.168.1.100. • T he wireless VPN fire[...]

  • Page 104

    LAN Configuration 104 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 52. 3. Click the Add table button under the S tatic Routes t able. The Add IPv6 S tatic Routing screen displays: Figure 53. 4. Enter the settings as explained in the following table: T able 26. Add IPv6 St atic Routing screen settings Setting Description Route Name [...]

  • Page 105

    LAN Configuration 105 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The n ew static route is added to the L ist of IPv6 S tatic Routes table.  T o edit an IPv6 st atic route: 1. On the S tatic Routing screen for IPv6 (see Figure 52 on p age 104 ), click the Edit button in the Action column for the r[...]

  • Page 106

    106 4 4. Wir e le ss Con f ig u r at ion a nd Se cur i t y This chapter describes how to configure the wirele ss features of your ProSafe Wirele ss-N 8-Port Gigabit VPN Firewall FVS3 18N. This chapte r includes the following sections: • Overview of the Wireless Features • Configure the Basic Radio Se ttings • Wireless Data Security Option s ?[...]

  • Page 107

    Wireless Configuration and Security 107 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N (NIC) through an antenna. T ypically , an individual in-building wireless acce ss point provides a maximum connectivity area of abou t a 300-foot radius. The wireless VPN firewall can support a small group of wireless users—typica lly 10 to 32 users. Co[...]

  • Page 108

    Wireless Configuration and Security 108 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the Basic R adio Settings The radio settings apply to all wireless profile s on the wireless VPN firewall. The default wireless mode is 802.1 1ng. Y ou can change the wireless mode, country , and many other radio settings on the Radio Settings s[...]

  • Page 109

    Wireless Configuration and Security 109 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Mode S pecify the wireless mode in the 2.4-GHz band b y making a selection from the drop-down list: • g an d b . In addition to 802.1 1b- and 802.1 1g-compliant devices, 802.1 1n-compliant devices can connect to the wireless access p oint because they a[...]

  • Page 110

    Wireless Configuration and Security 11 0 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: When you have changed the country settin gs, the wireless VPN firewall will reboot when you click Apply . 3. Click Apply to save your settings. Operating Fr equency (Channel) Guidelines Y ou should not need to change the operating frequency (ch[...]

  • Page 111

    Wireless Configuration and Security 111 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Data Security Options Indoors, computers can connect over 802.1 1n wireless networks at a maximum range of 300 feet. T ypically , a wireless VPN firewall insi de a building works best with d evices within a 100 foot radius. Such dist ances can al[...]

  • Page 112

    Wireless Configuration and Security 11 2 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Cipher Block Chaining Message Authentica tion Code Protocol (CCMP) encryption. The very strong authentication along with dynamic per frame rekeying of WP A make it virtually impossible to compromise. The wireless VPN firewall support s WP A with a pre-sh[...]

  • Page 113

    Wireless Configuration and Security 11 3 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Each wireless profile provides the fo llowing features: • Cap ability to turn off the wireless profile during scheduled vacations and off ice shutdowns, on evenings, or on weekends. This a green feature that allows you to save energy . • W LAN partit[...]

  • Page 114

    Wireless Configuration and Security 11 4 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Before Y ou Change the SSID , WEP , and WP A Settings For a new wireless network, print or copy the following form and fill in the settings. For a n existing wireless network, the network administrato r can provide this information. Be su re to set the C[...]

  • Page 115

    Wireless Configuration and Security 11 5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure and Enable Wireless P rofiles  T o add a wireless profile: 1. Select Netwo rk Configuration > Wireless Settings > Wireless Profiles . The Wireless Profiles screen displays. (The followi ng fig ure shows some examples.) Figure 56. The f[...]

  • Page 116

    Wireless Configuration and Security 11 6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 57. 3. S pecify the settings as explained in the following table: T able 29. Add Wireless Profiles screen se ttings Setting Description Wireless Profile Configurati on Profile Name The name for the default wireless profil e is d efault1. Y ou cann[...]

  • Page 117

    Wireless Configuration and Security 11 7 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SSID The wireless network name (SSID) fo r the wire less profile. The default SSID name is FVS318N _1. Y ou can chan ge this name by enterin g up to 32 alphanumeric characte rs. Make sure that additional SSIDs have unique na mes. Broadcast SSID Select th[...]

  • Page 118

    Wireless Configuration and Security 11 8 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Encryption Note: WPA, WPA2, and WPA +WPA2 only. The encryption that you can select depend s on the type of WP A security that you have selected: • WP A . Y ou can select the follow ing encry ption from the drop-down list: - TKIP - TKIP+CCMP • WP A2 .[...]

  • Page 119

    Wireless Configuration and Security 11 9 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The new profile is added to the List of Available Wireless Profiles table on the Wireless Pro files screen. W ARNING: If you use a wireless computer to c onfigure wireless security settings, you will be disconnected [...]

  • Page 120

    Wireless Configuration and Security 120 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o edit a wireless profile: 1. On the Wireless Profiles screen (see Figure 56 on page 11 5 ), click the Edit button in the Action column for the wireless profile that you want to mod ify . The Edit Profiles screen displa ys. This screen is identical [...]

  • Page 121

    Wireless Configuration and Security 121 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o allow or restrict access based on MAC addresses: 1. On the Wireless Profiles screen (see Figure 56 on page 11 5 ), click the ACL button in the ACL column for the wireless profile for which you want to set up access control. The MAC Address Filteri[...]

  • Page 122

    Wireless Configuration and Security 122 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: When you configure the wireless VPN firewall from a wirele ss computer whose MAC address is not in the acces s control list and when the ACL policy st atus is set to deny access, you will lose your wireless connection when you c lick Apply . Y o[...]

  • Page 123

    Wireless Configuration and Security 123 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Wi-Fi P rotected Setup Push 'N' Connect using Wi-Fi Protected Setu p™ (WPS) allows you to connect computers to a secure wireless network with WP A or WP A2 wireless security . The wireless VPN firewall automatically sets se curity fo[...]

  • Page 124

    Wireless Configuration and Security 124 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o enable WPS and initiate the WPS process on the wireless VPN firewall: 1. Select Network Configuration > Wireless Settings > W ireless Profiles . The Wireless Profiles screen displays (see Figure 56 on page 11 5 ). 2. O n t he Wireless Profil[...]

  • Page 125

    Wireless Configuration and Security 125 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Push button configuration (PBC) method: a. Click the PBC b utton. b. W ithin 2 minutes, press the WPS button on your wireless device to enable the device to connect to the wireless VPN firewall, or follow the WPS instructio ns that came with the devic[...]

  • Page 126

    Wireless Configuration and Security 126 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. S pecify the settings as explained in the following table: 4. Click Apply to save your settings. T able 31. Advanced Wireless scre en settings Setting Description Beacon Interva l Enter an interval be twe en 40 ms and 3500 ms for each beacon transmissi[...]

  • Page 127

    Wireless Configuration and Security 127 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est Basic Wireless Connectivity After you have configured the wireless VPN fire wall as explained in the previous sections, test your wireless client s for wireless connecti vity before you place the wireless VPN firewall at it s permanent position. [...]

  • Page 128

    128 5 5. F i rewa l l P ro te c t io n This chapter describes how to use the fire wall feat ures of the wireless VPN firewall to prot ect your network. The chapter cont ains the following sections: • About Firewall Protection • Overview of Rules to Block or Allow Specific Kinds of T raffic • Configure LAN W AN Rules • Configure DMZ W AN Rul[...]

  • Page 129

    Firewall Protection 129 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N incoming p acket is in response to an outgoing req uest, but true stateful p acket inspection goes far beyond NA T . For IPv6, which in it self provides stronger securi ty than IPv4, a firewall in particular controls the exchange of traf fic between the Internet, DMZ, an[...]

  • Page 130

    Firewall Protection 130 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N A firewall has two default rules, one for inbound traffic a nd one for outbound. The default rules of the wireless VPN firewall are: • Inbound . Block all access from out side except responses to requests from the LAN side. • Out bound . Allow all access from the LAN[...]

  • Page 131

    Firewall Protection 131 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble describes the fields that define th e rules for outbound traf fic and that are common to most Outbound Service screens (see Figure 65 on page 141, Figure 71 on page 148, and Figure 7 7 on page 155). The step s to configure outbound rules ar e describ[...]

  • Page 132

    Firewall Protection 132 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W AN Users The setti ngs that determine which Internet locations are covered by the rule, based on their IP address. The optio ns are: • Any . All Internet IP addresses are covered by this rule. • Si ng le address . Enter the required address in the S tart field. •[...]

  • Page 133

    Firewall Protection 133 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Inbound R ules (P ort Forwarding) If you have enabled Network Address T ranslation (NA T), your network present s one IP address only to the Internet, and outside users cannot directly access any of your local computers (LAN users). (For information about config uring NA[...]

  • Page 134

    Firewall Protection 134 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Groups screen to keep the computer ’ s IP address constant (see Set Up DHCP Address Reservation o n p age 72 ). • Local comp uters need to access the local se rver using the computers’ local LAN address. Attempts by local computers to access the se rver using t[...]

  • Page 135

    Firewall Protection 135 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T able 34. Inbound rules overview Setting Description Inbound Rule s Service The service or application to be covered by this rule. If the service or application does not display in the list, you need to define it using the Se rvices screen (see Add Customized Services o[...]

  • Page 136

    Firewall Protection 136 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Users These settings apply to a LAN WAN inbound rule when the WAN mode is classical routing, an d determine which computers on your network ar e af fected by this rule. The op ti o ns a re: • Any . All computers and de vices on your LAN. • Single address . Enter [...]

  • Page 137

    Firewall Protection 137 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Some residential broadband ISP account s do not allow you to run any server processes (such as a web or FT P server) from your location. Y our ISP might periodically check for servers and might suspend your account if it discovers any active servers at your locatio[...]

  • Page 138

    Firewall Protection 138 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure LAN W AN Rules • Create LAN WA N Outbound Service Rules • Create LAN WA N Inbound Service Rules The default outbound policy is to allow all traf fic to the Internet to pass thr ough. Firewall rules can then be applied to block spe cific types of traf fic fr[...]

  • Page 139

    Firewall Protection 139 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Edit . Allows you to make any changes to the definition of an existing rule. Depending on your selection, one of the following scre ens displays: - Edit LAN W AN Outbound Service screen for I Pv4 (identical to Figure 65 on pa ge 141 ) - Edit LAN W AN Inbound Service [...]

  • Page 140

    Firewall Protection 140 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o enable, disable, or delete one or more IPv4 or IPv6 rules: 1. Select the check box to the lef t of each rule that you want to enable, disable, or delete, or click the Select All table button to select all rules. 2. Click one of the following table buttons: • En[...]

  • Page 141

    Firewall Protection 141 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 65. 2. Enter the setting s as explained in T able 33 on p age 13 1 . In addition to selections from the Service, Action, and Log drop-down lists, you need to make selections from the following drop-down lists: • LA N Users • W AN Users Un le ss y ou r se le ct[...]

  • Page 142

    Firewall Protection 142 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN WAN Outbound R ules  T o create a new IPv6 LAN W AN outbound rule: 1. In the upper right of the LAN W A N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 64 on page 139 ). 2. Click the Add t able button under the [...]

  • Page 143

    Firewall Protection 143 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create LAN W A N Inbound Service R ules The Inbound Services t able lists all e xisting rules for inbound traf fic. If you have not defined any rules, no rules are listed. By de fault, all inbound traf fic (from the Internet to the LAN) is blocked. Remember that allowing[...]

  • Page 144

    Firewall Protection 144 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 67. IPv6 LAN W AN Inbound R ules  T o create a new IPv6 LAN W AN inbound rule: 1. In the upper right of the LAN W A N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 64 on page 139 ). 2. Click the Add t able button [...]

  • Page 145

    Firewall Protection 145 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 68. 3. Enter the setting s as explained in T able 34 on p age 13 5 . In addition to selections from the Service, Action, and Log drop-down lists, you need to make selections from the following drop-down lists: • LA N Users • W AN Users Un le ss y ou r se le ct[...]

  • Page 146

    Firewall Protection 146 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Inbound rules on the LAN W AN Rules screen take pre cedence over inbound rules on the DMZ W AN Rules screen. When an inbound packet matches a n inbound rule on the LAN W AN Rules screen, the packet is not matched against the inbound rules on the DMZ W AN Rules scre[...]

  • Page 147

    Firewall Protection 147 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o access the DMZ W AN Rules screen for IPv6 or to change existing IPv6 rules: 1. Select Security > Firewall > DMZ W AN Rules . The Firewall submenu t abs display with the DMZ W AN Rules screen for IPv4 in view . 2. In the upper right of the screen, select the[...]

  • Page 148

    Firewall Protection 148 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Disable . Disables the rule or rules. T he ! st at us icon changes from a green circle to a gray circle, indicating that the selected rule or rules are disabled. • Delete . Deletes the sele cted rule or rules. Create DMZ W A N Outbound Service R ules Y ou can ch an[...]

  • Page 149

    Firewall Protection 149 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in T able 33 on p age 13 1 . In addition to selections from the Service, Action, and Log drop-down lists, you need to make selections from the following drop-down lists: • DMZ Users • W AN Users Un le ss y ou r se le ct io n fr om [...]

  • Page 150

    Firewall Protection 150 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in T able 33 on page 131 . In addition to selections from the Service, Action, and Log drop-down lists, you need to make selections from the following drop-do wn lists: • DMZ Users • WA N U se r s Un le ss y ou r se le ct io n fr om[...]

  • Page 151

    Firewall Protection 151 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 73. 2. Enter the setting s as explained in T able 34 on p age 13 5 . In addition to selections from the Service, Action, and Log drop-down lists, you need to make selections from the following drop-down lists: • W AN Destination IP Address • DMZ Users (This dr[...]

  • Page 152

    Firewall Protection 152 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 DMZ WAN Inbound Service R ules  T o create a new IPv6 DMZ W AN inbound rule: 1. In the upper right of the DMZ WA N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 70 on page 147 ). 2. Click the Add t able button under[...]

  • Page 153

    Firewall Protection 153 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure LAN DMZ R u les • Create LAN DMZ Outbound Service Rules • Create LAN DMZ Inbound Service Rules The LAN DMZ Rules screen allows you to crea te rules th at define the movement of traf fic between the LAN and the DMZ. The de fault outbound and inbound policies[...]

  • Page 154

    Firewall Protection 154 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Edit . Allows you to make any changes to the definition of a n existing rule. Depending on your selection, one of the following screens displa ys: - Edit LAN DMZ Ou tbound Service screen for IPv4 (identical to Figure 77 on p age 155 ) - Edit L AN DMZ Inbound Service [...]

  • Page 155

    Firewall Protection 155 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click one of the following table buttons: • Enable . Enab les the rule or rules. The ! st atus icon changes from a gray circle to a green circle, indicating th at the selected rule or rules are enabled. (By defa ult, when a rule is added to the t able, it is automat[...]

  • Page 156

    Firewall Protection 156 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the settings as explained in T able 33 on page 131 . In addition to selections from the Service, Action, and Log drop-down lists, you need to make selections from the following drop-do wn lists: • LAN Users • DMZ Users Un le ss y ou r se le ct io n fr om t h[...]

  • Page 157

    Firewall Protection 157 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Un le ss y ou r se le ct io n fr om t he Action drop-do wn list is BLOCK always, you also need t o m ak e a s e l e c t i o n f r o m t he following drop-down list: • Select Schedule 4. Click App ly . The new rule is now added to the Outbound Services table. The rule i[...]

  • Page 158

    Firewall Protection 158 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Un le ss y ou r se le ct io n fr om t he Actio n drop-down list is BLOCK always, you also need to ma k e a s e l e c t i o n f r o m t he following drop-down list: • Select Sch edule 3. Click Apply to save your changes. The new rule is now added to the I nbound Service[...]

  • Page 159

    Firewall Protection 159 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Examples of Firewall R ules • Examples of Inbound Firewall Rules • Examples of Outbound Firewall Rules Examples of Inbound Firewall R ules IPv4 LAN W AN Inbound Rule: Host a L ocal Public W eb Server If you host a public web se rver on your local ne twork, you can de[...]

  • Page 160

    Firewall Protection 160 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN W AN Inbound R u le: Allow a Videoconfere nce from Restricted Addresses If you want to allow incoming videoconferencing to be initiated fro m a restricted range of outside IP addresses, such as from a branch of fice, you can create an inbound rule (see the follo[...]

  • Page 161

    Firewall Protection 161 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN W AN or IPv4 DMZ WAN Inbound R ule: Set Up One -to- One NA T Mapping In this example, multi-NA T is configured to support multiple pub lic IP addresses on one W AN interface. An inbound rule configures the wireless VPN firewall to host an additional public IP ad[...]

  • Page 162

    Firewall Protection 162 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 83. 4. From the Service drop-down list, select HTTP for a web server . 5. From the Action drop-down list, select ALLOW Always . 6. In the Send to LAN Server field, enter the lo cal IP address of your web server computer (192.168.1.2 in this example). 7. In the WA [...]

  • Page 163

    Firewall Protection 163 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN W AN or IPv4 DMZ WAN Inboun d Rule: Specifying an Exposed Host S pecifying an exposed host allows you to set up a comp uter or server that is available to anyone on the Internet for services that you have not yet defined. W ARNING: Do not set up an exposed hos t[...]

  • Page 164

    Firewall Protection 164 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN WAN Inbound R ule: Restrict R T elnet from a Single WAN User to a Single LAN User If you want to restrict incoming R T elnet sessions from a single IPv6 W AN user to a single IPv6 LAN user , specify the initiating IPv6 W AN address and the receiving IPv6 LAN add[...]

  • Page 165

    Firewall Protection 165 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 86. IPv6 DMZ W AN Outbound Rule: Allow a Group of DMZ User to Access an FTP Site on the Internet If you want to allow a group of DMZ users to access a p articular FTP site on the Internet during working hours, you can create an outbound rule to allow such traf fic[...]

  • Page 166

    Firewall Protection 166 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 87. Configure Other Firewall Features • Attack Checks • Set Limits for IPv4 Sessions • Manage the Application Level Ga teway for SIP Sessions Y ou can co nfigure attack checks, set session limit s, and manage the application level gateway (ALG) for SIP sessi[...]

  • Page 167

    Firewall Protection 167 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 A ttack Checks  T o enable IPv4 att ack checks for your network environment: 1. Select Se curity > Firewa ll > Att ack Checks . In the upper right of the screen, the IPv4 radio button is selected by default. The Att ack Checks screen displays the IPv4 setti[...]

  • Page 168

    Firewall Protection 168 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Security Checks Block UDP flood Select the Block UDP flood check box (wh ich is the default setting) to prevent the wireless VPN firewall from accepting more than 20 simultaneous, active User Datagram Protocol (UDP) connection s from a single device on the LAN. A UDP[...]

  • Page 169

    Firewall Protection 169 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. IPv6 A ttack Checks  T o enable IPv6 att ack checks for your network environment: 1. Select Se curity > Firewall > Att ack Checks . 2. In the upper right of the screen, select the IPv6 radio button. The Attack Checks screen [...]

  • Page 170

    Firewall Protection 170 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Set Limits for IPv4 Sessions The session limits featu re allows y ou to specify the total nu mber of sessions that ar e allowed, per user , over an IPv4 connection across the wi reless VPN firewall. The session limit s feature is disabled by default.  T o enable and c[...]

  • Page 171

    Firewall Protection 171 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Manage the Application Level Gateway for SIP Sessions The application level gateway (ALG) fa cilitates multimedia sessions such as voice over IP (V oIP) sessions that use the Session Initiation Protocol (SIP) acro ss the firewall and[...]

  • Page 172

    Firewall Protection 172 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Services, Bandwidth P rof iles, and QoS Profiles • Add Customized Services • Create Bandwid th Profiles • Preconfigured Quality of Service Profiles When you create inbound a nd outbound firewall rules, you use firewall object s such as services, QoS profiles, bandw[...]

  • Page 173

    Firewall Protection 173 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o define a new service, you need to determine first which port number or range of numbers is used by the application. Y ou can usually determine this informa tion by contacting th e publisher of the application, user groups, o r newsgroup s. When you have the port numb[...]

  • Page 174

    Firewall Protection 174 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click App ly to save your settings. The new custom service is added to the Custom Services table.  T o edit a service: 1. In the Custom Services table, click the Edit table butto n to the right of the service that you want to edit. The Edit Service screen disp lays[...]

  • Page 175

    Firewall Protection 175 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create Bandwidth P rofiles Bandwid th profiles determine the wa y in whic h data is communicated with the hosts. The purpose of bandwid th profiles is to provide a me tho d for allocating and limiting traf fic, thus allocating LAN users suf ficient bandwid th wh ile prev[...]

  • Page 176

    Firewall Protection 176 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays: Figure 95. 3. Enter the settings as explained in the following table: T able 38. Add Bandwid th Profile screen settings Setting Description Profile Name [...]

  • Page 177

    Firewall Protection 177 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The new bandwidth profile is added to the List of Bandwidth Profiles t able. 5. In the Ban dwidth Profiles section of the screen, select the Ye s radio button under Enable Bandwidth Profiles? (By default the No radio button is select[...]

  • Page 178

    Firewall Protection 178 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N These are the default QoS profile s that are preconfigured and that cannot be edited: • Normal-Service . Used when no special priority is gi ven to the traffic. IP p ackets are marked with a T oS value of 0. • Min imize-Cost . Used when data needs to be transferred o[...]

  • Page 179

    Firewall Protection 179 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - ActiveX . Similar to Java applet s, ActiveX controls are installed on a Windows computer running Internet Explorer . A ma licious ActiveX control can be used to compromise or infect computers. Enabli ng this setting blocks ActiveX applet s from being downloaded. - Cook[...]

  • Page 180

    Firewall Protection 180 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 96. 2. In the Content Filtering section of the screen, select the Ye s radio button.[...]

  • Page 181

    Firewall Protection 181 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Web Components section of the screen, select the components that you want to block (by default, none of these components are blocked, that is, none of these check boxes are selected): • Proxy . Bl ocks proxy servers. • J ava . Blocks Java applet s from bein[...]

  • Page 182

    Firewall Protection 182 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Set a Schedule to Block or Allow Specific T raffic Schedules define the time frames under which firewall rule s can be applied. Three schedules, Schedule 1, Schedule 2, and Schedule 3, can be defined, and you can select any one of these when defining firewall rules.  [...]

  • Page 183

    Firewall Protection 183 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable Source MA C Filtering The Source MAC Filter screen enables you to pe rmit or block traf fic coming from certain known computers or devices. By default, the source MAC address filte r is dis abled. All the traf fic received from computers with any MAC address is al[...]

  • Page 184

    Firewall Protection 184 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the same section, from the Policy for MA C Addresses listed below drop-down list, select one of the following options: • Block and Permit the rest . T raffic coming from all addresses in the MAC Addresses table is blocked. T raffic from all other MAC addresses is[...]

  • Page 185

    Firewall Protection 185 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Y ou ca n bind IP addresses to MAC addresses fo r DHCP assignment on the LAN Groups submen u. See Manage the Network Database o n page 68 . As an example, assume that three computers on the LAN are set up as follows, and that their I Pv4 and MAC addresses are adde [...]

  • Page 186

    Firewall Protection 186 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 99. 2. In the Email IP/MAC Violations section of the screen, specify if you want to enable email logs for IP/MAC binding violations. (Y ou have to do this only once.) Select one of the following radio buttons: • Ye s . IP/MAC binding violations are emailed. Clic[...]

  • Page 187

    Firewall Protection 187 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o edit an IP/MAC binding: 1. In the IP/MAC Bindings table, click the Edit table bu tton to the right of the IP/MAC binding that you want to edit. The Ed it IP/MAC Binding scre en displays. 2. Mo dify the setting s that you wish to change (see the previous table; yo[...]

  • Page 188

    Firewall Protection 188 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10 1. 3. In the Email IP/MAC Violations section of the screen, specify if you want to enable email logs for IP/MAC binding violations. (Y ou have to do this only once.) Select one of the following radio buttons: • Ye s . IP/MAC binding violations are emailed. Cl[...]

  • Page 189

    Firewall Protection 189 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o edit an IP/MAC binding: 1. In the IP/MAC Bindings table, click the Edit table bu tton to the right of the IP/MAC binding that you want to edit. The Ed it IP/MAC Binding scre en displays. 2. Mo dify the setting s that you wish to change (see the previous table; yo[...]

  • Page 190

    Firewall Protection 190 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure P ort T riggering Port triggering allows some applications running on a LAN network to be available to external applications that would otherwise be partia lly bloc ked by the firewall. Using the port triggering feature requires that you know the po rt numbers [...]

  • Page 191

    Firewall Protection 191 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 103. 2. In the Add Port T riggering Rule section, enter the settings as explained in the following table: 3. Click the Add t able button. The new port triggering rule is added to the Port T riggering Rules tab le .  T o edit a port triggering rule: 1. I n the P[...]

  • Page 192

    Firewall Protection 192 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o remove one or more port triggering rules from the table: 1. Select the check box to the left of each port trig gering rule that you want to delete, or click the Select All table button to select all rules. 2. Click the Delete t able button.  T o display the st[...]

  • Page 193

    Firewall Protection 193 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The UPnP Portmap T able in the lower p art of the screen shows the IP addresses and other settings of UPnP devices that h ave accessed the wireless VPN firewall and that have been automatically detected by the wireless VPN firewall: • Active . A Y es or No indicates if[...]

  • Page 194

    194 6 6. Vi r t u a l P r iva t e N e t work i ng Us in g IP Se c an d L2TP Co nnecti ons This chapter describes how to use the IP se cu rity (IPSec) virtual private networking (VPN) features of the wireless VPN firewall to provide se cure, encrypted communications between your local network and a remote network o r computer . The chapter contains [...]

  • Page 195

    Virtual Private Networking Us ing IPSec and L2TP Connections 195 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configuring a VPN tunnel connection requ ires that you specify all se ttings on both sides of the VPN tunnel to match or mirror each other precisely , which can be a daunting task. The VPN Wizard efficien tly guides you through th[...]

  • Page 196

    Virtual Private Networking Usin g IPSec and L2TP Connections 196 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10 7. T o view the wizard default settings, click the VPN Wizard d efault values option arrow in the upper right of the screen. A pop-u p screen displays (see the following figure), showing the wizard default values. The de[...]

  • Page 197

    Virtual Private Networking Us ing IPSec and L2TP Connections 197 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 108. 2. Complete the settings as explained in the following table: T able 42. IPSec VPN W izard settings for an IPv4 gateway- to-gateway tunnel Setting Description About VPN Wizard This VPN tunnel w ill connect to the follo[...]

  • Page 198

    Virtual Private Networking Usin g IPSec and L2TP Connections 198 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: T o ensure that tunnels st ay active, af ter completing the wizard, man ually edit the VPN policy to enable keep-ali ves, which periodically sends pin g packet s to the host on the peer side of the network to keep the tunnel [...]

  • Page 199

    Virtual Private Networking Us ing IPSec and L2TP Connections 199 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 10. b. Locate the policy in the table, and click the Connec t table button. The IPSec VPN connection becomes active. Note: When using FQDNs, if the Dynamic DNS service is slow to update its servers when your DHCP W AN add[...]

  • Page 200

    Virtual Private Networking Usin g IPSec and L2TP Connections 200 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 12. T o view the wizard default settings, click the VPN Wizard d efault values option arrow in the upper right of the screen. A pop-u p screen displays (see the following figure), showing the wizard default values. The de[...]

  • Page 201

    Virtual Private Networking Us ing IPSec and L2TP Connections 201 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 13. 3. Complete the settings as explained in the following table: T able 43. IPSec VPN W izard settings for an IPv6 gateway- to-gateway tunnel Setting Description About VPN Wizard This VPN tunnel w ill connect to the foll[...]

  • Page 202

    Virtual Private Networking Usin g IPSec and L2TP Connections 202 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: T o ensure that tunnels st ay active, af ter completing the wizard, man ually edit the VPN policy to enable keep-ali ves, which periodically sends pin g packet s to the host on the peer side of the network to keep the tunnel [...]

  • Page 203

    Virtual Private Networking Us ing IPSec and L2TP Connections 203 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 15. b. Locate the policy in the table, and click the Connec t table button. The IPSec VPN connection becomes active. Note: When using FQDNs, if the Dynamic DNS service is slow to update its servers when your DHCP W AN add[...]

  • Page 204

    Virtual Private Networking Usin g IPSec and L2TP Connections 204 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Use the VPN Wizard to Configure the Gateway for a Client T unnel  T o set up a client-to-gateway VPN tunnel using the VPN W izard: 1. Select VPN > IPSec VPN > VPN Wizard . In the upper right of the screen, the IPv4 radio [...]

  • Page 205

    Virtual Private Networking Us ing IPSec and L2TP Connections 205 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Complete the settings as explained in the following table: 3. Click App ly to save your settings. The IPSec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen for IPv4. By default, the VPN poli[...]

  • Page 206

    Virtual Private Networking Usin g IPSec and L2TP Connections 206 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 18. Note: When you are using FQDNs, if th e Dynamic DNS service is slow to update its servers when your DHCP WAN addre ss changes, the VPN tunnel will fail because the FQDNs do not resolve to your new address. If you have[...]

  • Page 207

    Virtual Private Networking Us ing IPSec and L2TP Connections 207 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Perform these tasks from a computer th at has the NETGEAR ProSafe VPN Client inst alled. The VPN Client supports IPv4 only; an upcoming release of the VPN Clie nt will support IPv6.  T o use the Configuration Wiza rd to s[...]

  • Page 208

    Virtual Private Networking Usin g IPSec and L2TP Connections 208 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 12 0. 3. Select the A router or a VPN gateway radio b utton, and click Next . The VPN tunnel parameters wizard screen (screen 2 of 3) displays: Figure 12 1. 4. S pecify the following VPN tunnel parameters: • IP or DNS pub[...]

  • Page 209

    Virtual Private Networking Us ing IPSec and L2TP Connections 209 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Next . The Configuration Summary wizard screen (screen 3 of 3) displays : Figure 122. 6. This screen is a summary screen of the new VPN configuration. Click Finish . 7. S pecify the local and remote IDs: a. I n the tree l[...]

  • Page 210

    Virtual Private Networking Usin g IPSec and L2TP Connections 210 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N c. S pecify the settings that are explained in the following ta ble. 8. Configu re the global parameters: a. Click Global Pa rameters in the lef t c olumn of the Configuration Panel screen. Th e Global Parameters pan e displays in[...]

  • Page 211

    Virtual Private Networking Us ing IPSec and L2TP Connections 21 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 124. b. S pecify the default lifetimes in seconds: • Authentication (IKE) , Default . Th e default lifetime valu e is 3600 seconds. Change this setting to 28800 seconds to match the config uration of the wireless VPN fir[...]

  • Page 212

    Virtual Private Networking Usin g IPSec and L2TP Connections 212 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the Authentication Settings (Phase 1 Settings)  T o create new authentication settings: 1. Right-click th e VPN client icon in your Windows system tray , and select Configuration Panel . The Configuration Panel scree [...]

  • Page 213

    Virtual Private Networking Us ing IPSec and L2TP Connections 213 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: This is the name for the authentication phase tha t is used only for the VPN client, not during IKE negotiation. You can view and change this name in the tree list pane. This name needs t o be a unique name. The Authenticati[...]

  • Page 214

    Virtual Private Networking Usin g IPSec and L2TP Connections 214 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to use the new settin gs immediately , and click Save to keep the settings for future use. 6. Click the Advanced t ab in the Authent ication pane. The Adv a nc ed pa ne d i sp l ay s : Figure 12 8. 7. S pecify the s[...]

  • Page 215

    Virtual Private Networking Us ing IPSec and L2TP Connections 215 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Apply to use the new settings immediately , and click Save to ke ep the settings for future use. Create the IPSec Configuration (Phase 2 Settings) Note: On the wireless VPN firewall, the IPSec configuration (phase 2 setti[...]

  • Page 216

    Virtual Private Networking Usin g IPSec and L2TP Connections 216 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 12 9. 3. S pecify the settings that are explained in the following table. T able 49. VPN client IPSec configuration settings Setting Description VPN Client address Either enter 0.0.0.0 as the IP address, or enter a virtua l[...]

  • Page 217

    Virtual Private Networking Us ing IPSec and L2TP Connections 217 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to use the new settings immediately , and click Save to ke ep the settings for future use. Configure the Global Parameters  T o specify the global p arameters: 1. Click Glob al Parameters in the le ft column of t[...]

  • Page 218

    Virtual Private Networking Usin g IPSec and L2TP Connections 218 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est the Connection and View Connection and Status Information • T est the NETGEAR VPN Clien t Connection • NETGEAR VPN Client S tatus and Log Information • View the W ireless VPN Firewall IPSec VPN Connection S tatus • V[...]

  • Page 219

    Virtual Private Networking Us ing IPSec and L2TP Connections 219 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Use the Connection Panel screen . On the ma in menu of the Configuration Pan el screen, select T ools > Connection Panel to open the Connection Panel screen. Perform one of the following tasks: - Dou ble-click Gateway-T unn[...]

  • Page 220

    Virtual Private Networking Usin g IPSec and L2TP Connections 220 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N NETGEAR VPN Client Status and Log Information  T o view det ailed negotiation and error information on the NETGEAR VPN client: Right-click the VPN client icon in th e system tray , and select Consol e . The VPN Client Console A[...]

  • Page 221

    Virtual Private Networking Us ing IPSec and L2TP Connections 221 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Active IPSec SA(s) t able lists each active conne ction with the information th at is described in the following t able. The default poll interval is 10 se conds. T o change the poll interval period, enter a new value in th e [...]

  • Page 222

    Virtual Private Networking Usin g IPSec and L2TP Connections 222 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Manage IPSec VPN P olicies • Manage IKE Policies • Manage VPN Policies After you have used the VPN Wizard to set up a VPN tunn el, a VPN policy and an IKE po licy are stored in separate p olicy tables. The name that you select[...]

  • Page 223

    Virtual Private Networking Us ing IPSec and L2TP Connections 223 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IKE P olicies Screen  T o access the IKE Policies screen: Select VP N > IPSec VPN . The IPSec VPN submenu tabs display with the IKE Policies screen in view . In the upper right of the screen, the IPv4 ra dio button is select[...]

  • Page 224

    Virtual Private Networking Usin g IPSec and L2TP Connections 224 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more IKE polices: 1. Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all IKE policies. 2. Click the Delete t able button. For informatio[...]

  • Page 225

    Virtual Private Networking Us ing IPSec and L2TP Connections 225 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 140.[...]

  • Page 226

    Virtual Private Networking Usin g IPSec and L2TP Connections 226 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 52. Add IKE Policy screen settings Setting Description Mode Config Record Do you want to use Mod e Config Record? S pe cify whether the IKE policy uses a Mode Co[...]

  • Page 227

    Virtual Private Networking Us ing IPSec and L2TP Connections 227 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Local Identifier From the drop-down list, sele ct one of th e following ISAKMP identi fiers to be used by the wireless VPN fire wall , and then spec ify the identifier in the Identifier field: • Lo cal W an IP . The WAN IP addre[...]

  • Page 228

    Virtual Private Networking Usin g IPSec and L2TP Connections 228 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication Method Select one of the foll owing radio butt ons to specify the authentica ti on method: • Pr e-shared key . A secret that is shared between the wireless VPN firewall and the remote endpoint. • RSA-Signa ture [...]

  • Page 229

    Virtual Private Networking Us ing IPSec and L2TP Connections 229 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The I KE policy is added to the List of IKE Policies table.  T o edit an IKE policy: 1. Select VPN > IPSec VPN . The IPSec VPN sub menu tab s display with the IKE Policies screen for IPv[...]

  • Page 230

    Virtual Private Networking Usin g IPSec and L2TP Connections 230 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Modify the settings that you wish to change (see the previous table). 5. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Manage VPN P olicies Y ou can cre ate two types [...]

  • Page 231

    Virtual Private Networking Us ing IPSec and L2TP Connections 231 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 141. Each policy cont ains the data that are explai ned in the following t able. These fields are explained in more det ail in T able 54 on p age 235 . T able 53 . VPN Polic ie s scree n inf ormati on fo r IPv4 and IPv6 Ite[...]

  • Page 232

    Virtual Private Networking Usin g IPSec and L2TP Connections 232 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more VPN polices: 1. Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all VPN po licies. 2. Click the Delete t able button.  T o enabl[...]

  • Page 233

    Virtual Private Networking Us ing IPSec and L2TP Connections 233 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 142. Add New VPN Policy screen for IPv4[...]

  • Page 234

    Virtual Private Networking Usin g IPSec and L2TP Connections 234 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 143. Add New VPN Policy s creen for IPv6[...]

  • Page 235

    Virtual Private Networking Us ing IPSec and L2TP Connections 235 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table. The only differences between IPv4 and IPv6 settings are the subnet mask (IPv4) and prefix length (IPv6). T able 54 . Add New VPN Pol ic y sc reen settings for IPv4 and [...]

  • Page 236

    Virtual Private Networking Usin g IPSec and L2TP Connections 236 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T raffic Selection Local IP From the drop-down list, select the address or addresses th at are part of the VPN tunnel on the wireless VPN firewall: • Any . All computers and devices on the network. Y ou cannot select Any for bot[...]

  • Page 237

    Virtual Private Networking Us ing IPSec and L2TP Connections 237 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Key-Out The encryption key for the outbound policy . The length of the key depends on the selected encryption alg orithm: • 3DES . Enter 24 characters. • None . Key does not apply . • DES . Enter 8 characters. • AES-128 . [...]

  • Page 238

    Virtual Private Networking Usin g IPSec and L2TP Connections 238 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The VPN policy is added to th e List of VPN Policies table.  T o edit a VPN policy: 1. Select VPN > IPSec VPN > VPN Policies . The VPN Policies screen displays the IPv4 settings (see [...]

  • Page 239

    Virtual Private Networking Us ing IPSec and L2TP Connections 239 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N authenticate users from a stored list of user account s. XAUTH provides the mechanism for requesting individual authen tication informatio n from the user . A local user databa se or an external authentication server , such as a R[...]

  • Page 240

    Virtual Private Networking Usin g IPSec and L2TP Connections 240 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. In the Extended Authentication section on the screen, comple te the settings as explained in the following table: 5. Click Apply to save your settings. User Database Configuration When XAUTH is enabled in an Edge Device configu[...]

  • Page 241

    Virtual Private Networking Us ing IPSec and L2TP Connections 241 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N information such as a user name and pa ssword or some encrypted response u sing his or her user name and p assword information. The gateway then attempts to verify this inf ormation first against a local user da tabase (if RADIUS-[...]

  • Page 242

    Virtual Private Networking Usin g IPSec and L2TP Connections 242 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: Y ou can select the RADIUS auth entication protocol (P AP or CHAP) on the Edit IKE Policy screen or Add IKE Policy screen (see Configure XAUTH for VPN Clients on p age 239 ). Secret Phra[...]

  • Page 243

    Virtual Private Networking Us ing IPSec and L2TP Connections 243 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Assign IPv4 Addresses to R emote Users (Mode Config) • Mode Config Operation • Configure Mode Config Ope ration on the Wireless VPN Firewall • Configure the ProSafe VPN Client for Mo de Config Operation • T est th e Mode C[...]

  • Page 244

    Virtual Private Networking Usin g IPSec and L2TP Connections 244 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Mode Config Operation on the Wireless VPN Firewall T o configure Mode Config on the wireless VPN firewall, first create a Mode Config record, and then select the Mode Config reco rd for an IKE policy .  T o configure [...]

  • Page 245

    Virtual Private Networking Us ing IPSec and L2TP Connections 245 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 146. 3. Complete the settings as explained in the following table: T able 57. Add Mode Conf ig Record screen settings Setting Description Client Pool Record Name A descriptive name of the Mode Config reco rd for identificat[...]

  • Page 246

    Virtual Private Networking Usin g IPSec and L2TP Connections 246 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N WINS Server If there is a WINS server on the local netw ork, enter its IP address in the Primary field. Y ou can en ter the IP address of a second WINS server in the Secondary field. DNS Server Enter the IP address of the DNS serv[...]

  • Page 247

    Virtual Private Networking Us ing IPSec and L2TP Connections 247 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Appl y to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedu re by configuring an IKE policy . 5. Select VP N > IP Sec VPN .[...]

  • Page 248

    Virtual Private Networking Usin g IPSec and L2TP Connections 248 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 14 7. 8. On the Add IKE Policy screen, complete the settings as explained in the following table.[...]

  • Page 249

    Virtual Private Networking Us ing IPSec and L2TP Connections 249 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The IKE policy settings that are explained i n th e fo llo wi ng t abl e are specifically for a Mode Config configuratio n. T able 52 o n page 226 explains the general IKE policy settings. T able 58. Add IKE Policy screen se[...]

  • Page 250

    Virtual Private Networking Usin g IPSec and L2TP Connections 250 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IKE SA Parameters Note: Generally, the default settings wo rk we l l for a Mode Config configuration. Encryption Algorithm T o negotiate the security association ( SA), from the drop-down list, select the 3DES algorithm. Authentic[...]

  • Page 251

    Virtual Private Networking Us ing IPSec and L2TP Connections 251 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 9. Click Apply to save your settings. The I KE policy is added to the List of IKE Policies table. Configure the ProSafe VPN Client for Mode Config Operation When the Mode Config feature is enab led, the following information is ne[...]

  • Page 252

    Virtual Private Networking Usin g IPSec and L2TP Connections 252 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Perform these t asks from a computer that has the NETGEAR ProSafe VPN Client inst alled. T o configure the VPN client for Mode Conf ig operation, creat e authentication settings (phase 1 settings), create an associa ted IPSe[...]

  • Page 253

    Virtual Private Networking Us ing IPSec and L2TP Connections 253 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 149. 3. Change the name of the aut hentication phase (the default is Gateway): a. R i gh t- cl ic k t he authentication phase na m e . b. Select Rename . c. T ype GW _ModeConfig . d. Click anywh ere in the tree list pane. N[...]

  • Page 254

    Virtual Private Networking Usin g IPSec and L2TP Connections 254 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. S pecify the settings that are explained in the following table. 5. Click Apply to use the new settin gs immediately , and click Save to keep the settings for future use. 6. Click the Advanced t ab in the Authent ication pane. [...]

  • Page 255

    Virtual Private Networking Us ing IPSec and L2TP Connections 255 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 7. S pecify the settings that are explained in the following table. 8. Click App ly to use the new settings immediately , and click Save to ke ep the settings for future use. Create the Mode Config IPSec Configuration (Ph ase 2 Se[...]

  • Page 256

    Virtual Private Networking Usin g IPSec and L2TP Connections 256 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: This is the name for the IPSec configura tion that is used only for the VPN client, not during IPSec negotiati on. You can view and chang e this name in the tree list pane. This name needs to be a unique name. The IPSec pane[...]

  • Page 257

    Virtual Private Networking Us ing IPSec and L2TP Connections 257 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to use the new settings immediately , and click Save to ke ep the settings for future use. Configure the Mode Config Global Parameters  T o specify the global p arameters: 1. Click Glob al Parameters in the le ft[...]

  • Page 258

    Virtual Private Networking Usin g IPSec and L2TP Connections 258 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. S pecify the following default lifetime s in seconds t o m a tch t he c on fi gu ra ti on o n th e wi re le ss VPN firewall: • Authentica tion (IKE) , Default . Enter 3600 se conds. Note: The default setting is 28800 second s[...]

  • Page 259

    Virtual Private Networking Us ing IPSec and L2TP Connections 259 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. V er if y t hat th e wireless VPN firewall iss ued an IP address to the VPN client. This IP address displays in the VPN Client address fi eld on the IPSec p ane of the VPN client. (The following figure shows the upper p art of [...]

  • Page 260

    Virtual Private Networking Usin g IPSec and L2TP Connections 260 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N establishmen t time. If you require a VPN tunnel to remain connected, you can use the keep-alive and Dead Peer Detection (DPD) features to prevent the tunnel from be ing disconnected and to force a reconn ection if the tunnel disc[...]

  • Page 261

    Virtual Private Networking Us ing IPSec and L2TP Connections 261 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Enter the setting s as explained in the following table: 5. Click App ly to save your settings. Configure Dead P eer Detection The Dead Peer Detection (DPD) feature le ts the wireless VPN fire wall maintain the IKE SA by exchan[...]

  • Page 262

    Virtual Private Networking Usin g IPSec and L2TP Connections 262 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 15 8. 4. In the IKE SA Pa rameters section of the screen, locate the DPD fields, an d complete the settings as explained the following table: 5. Click Apply to save your settings. Configure NetBIOS Bridging with IPSec VPN W[...]

  • Page 263

    Virtual Private Networking Us ing IPSec and L2TP Connections 263 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o enable NetBIOS bridging on a configured VPN tunnel: 1. Select VPN > IPSec VPN > VPN Policies . The VPN Policies screen displays (see Figure 141 on p age 231 ). 2. S pecify the IP version for which you want to edit a [...]

  • Page 264

    Virtual Private Networking Usin g IPSec and L2TP Connections 264 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N is established, the L2TP u ser can connect to an L2TP client that is located be hind the wireless VPN firewall. Note: IPSec VPN provides stronger authentication and encryption than L2TP . (Packets that traverse the L2TP tunne l ar[...]

  • Page 265

    Virtual Private Networking Us ing IPSec and L2TP Connections 265 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Active L2TP Users T o view the active L2TP tunnel users, select VPN > Conne ction St atus > L2TP Active Users . The L2TP Active Users screen displays: Figure 161. The List of L2TP Active Users table list s each ac t[...]

  • Page 266

    266 7 7. Vi r t u a l P r iva t e N e t work i ng Us in g SS L Con ne ction s The wireless VPN firewall provides a hardware-b ased SSL VPN solution designed specif ically to provide remote access for mobile users to thei r corporate re sources, bypassing the need for a preinstalled VPN client o n their computers. Us ing the familiar Secure Socket s[...]

  • Page 267

    Virtual Private Networking Using SSL Connections 267 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The SSL VPN client provides a point-to- point (PPP) connection between the client and the wireless VPN firewall, and a virtual net work inte rface is created on the user ’ s computer . The wireless VPN firewall assigns the computer an IP ad[...]

  • Page 268

    Virtual P rivate Networking Using SSL Connections 268 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Because you need to assign a group when creating an SSL VPN user account, the user account is created af ter you have created the group. 3. Fo r port forwarding, define the servers and services (see Configu re Applications for Port Forwardin[...]

  • Page 269

    Virtual Private Networking Using SSL Connections 269 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can define individual layouts for the SSL VPN port al. The layout configuration includes the menu layout, theme, port al pages to displa y , and web cache control options. The default portal la yout is the SSL-VPN portal. Y ou can add ad[...]

  • Page 270

    Virtual P rivate Networking Using SSL Connections 270 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The List of Layout s table disp lays the fo llowing fields: • Layout Name . The descrip tive name of the portal. • Description . The ba nner message that is displayed at the top of the portal (see Figure 175 on p age 290 ). • Use Count[...]

  • Page 271

    Virtual Private Networking Using SSL Connections 271 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 66 . Add Port al Layout screen settings Setting Description Port al La yo ut a nd Th eme Name Portal Layout Name A descriptive name for the portal layout. Th is name is part[...]

  • Page 272

    Virtual P rivate Networking Using SSL Connections 272 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The new port al layout is added to the List of Layouts table. For information about how to display the new portal layout, see Access the New SSL Portal Login Screen on p age 288 .  T o edit a port al [...]

  • Page 273

    Virtual Private Networking Using SSL Connections 273 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N access policies. When you create a group, you need to specify a domain. Therefore, you should create any domains first, then group s, and then user accounts. For information about how to configure domains, groups, and users, see Configure Aut[...]

  • Page 274

    Virtual P rivate Networking Using SSL Connections 274 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Add New Application for Port Forwarding section of the screen, specify information in the following fields: • IP Address . The IP address of an intern al server or host computer that a remo te user has access to. • TCP Port . T[...]

  • Page 275

    Virtual Private Networking Using SSL Connections 275 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o add servers and host names for c lient name resolution: 1. Select VPN > SSL VPN > Port Forwarding . The Port Forwarding screen displays (see Figure 165 on p age 273 ). 2. In the Add New Ho st Name for Port Forward ing section of[...]

  • Page 276

    Virtual P rivate Networking Using SSL Connections 276 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - A split tunnel sends only tr affic that is destined for the local netwo rk based on the specified client routes. All oth er traffic is sent to the Internet. A split tunnel a llows you to manage bandwidth by re serving the VPN tunnel for lo[...]

  • Page 277

    Virtual Private Networking Using SSL Connections 277 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • IPv6 . Select the IPv6 radio button. The SSL VPN Client screen displays the I Pv6 settings (the following screen shows some examples). Figure 167. SSL VPN Client screen for IPv6 3. Complete the settings as explained in the following table[...]

  • Page 278

    Virtual P rivate Networking Using SSL Connections 278 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. VPN tunnel clients are now able to connect to the wireless VPN firewall and receive a virtual IP address in the client address range. Add R outes for VPN T unnel Clients The VPN tunnel client s assume th[...]

  • Page 279

    Virtual Private Networking Using SSL Connections 279 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Add Routes for VPN T unn el Client s section of the screen, specify information in the following fields: • Des tination Network . The destination network I Pv4 or IPv6 address of a local network or subnet. For example , for an IPv[...]

  • Page 280

    Virtual P rivate Networking Using SSL Connections 280 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 16 8. 2. In the Add New Resource section of the screen, specify informat ion in the following fields: • Resource Nam e . A descriptive name of the resource for identification and management purposes. • Service . F rom the Service [...]

  • Page 281

    Virtual Private Networking Using SSL Connections 281 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. S pecify the IP version for which you want to add a portal layout: • IP v4 . In the upper right of the screen, the IPv4 radio button is already selected by default. Go to S tep 4 . • IPv6 . Select the IPv6 radio button. Th e screen th [...]

  • Page 282

    Virtual P rivate Networking Using SSL Connections 282 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply t o save your settings. The new configurat ion is added to the Def ined Resource Addresses table. T o delete a configuration from the Defi ned Resource Addresse s table, click the De lete table button to the right of the con f[...]

  • Page 283

    Virtual Private Networking Using SSL Connections 283 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For example, a policy that is configu red fo r a single IP address t akes precedence over a policy that is configured for a range of addresses. And a policy that applies to a range of IP addresses takes precedence over a p olicy that is appli[...]

  • Page 284

    Virtual P rivate Networking Using SSL Connections 284 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 17 0. 2. Make your selection from the following Query options: • T o view all global policies, select the Global rad io button. • T o view group policies, select the Group radio bu tton, and then select the relevant group’s name[...]

  • Page 285

    Virtual Private Networking Using SSL Connections 285 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N . Figure 171. Add SSL VPN Policy screen for IPv4 • IPv6 . Select the IPv6 radio button. The Add SSL VPN Po licy screen displays the IPv6 settings: . Figure 172. Add SSL VPN Policy screen for IPv6[...]

  • Page 286

    Virtual P rivate Networking Using SSL Connections 286 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 70. Add SSL VPN Policy screen settings Setting Description Policy For Select one of the following radio buttons to s pecify the type of SSL VPN policy: • Gl obal . T he n[...]

  • Page 287

    Virtual Private Networking Using SSL Connections 287 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The policy is added to the List of SSL VPN Policies table on the Policies screen. The new policy goes into effect immediately . Apply Policy to? (continued) IP Address (continued) Permission From the drop[...]

  • Page 288

    Virtual P rivate Networking Using SSL Connections 288 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: If you have configured SSL VPN us er policies, ma ke sure that secure HTTP remote management is ena bled (see Configure Remote Management Access on p age 331 ). If secure HTTP remote management is not enabled, all SSL VPN user connecti[...]

  • Page 289

    Virtual Private Networking Using SSL Connections 289 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. S pecify the IP version for which you want to open the SSL portal login screen: • IP v4 . In the upper right of the screen, the IPv4 radio button is already selected by default. Go to S tep 3 . Figure 173. Port al Layouts scre en fo r IP[...]

  • Page 290

    Virtual P rivate Networking Using SSL Connections 290 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 17 5. 4. Enter a user name and password that are associated with a domain, that, in turn, is associated with the portal. For information ab out creating login credentials to access a portal, see Configure Domains, Groups, and Users on[...]

  • Page 291

    Virtual Private Networking Using SSL Connections 291 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 176. Figure 177. The User Port al screen displays a simple menu that, depending on the resour ces allocated, provides the SSL user with the following menu selections: • VPN T unnel . Provides full n etwork connectivity . • Port Fo [...]

  • Page 292

    Virtual P rivate Networking Using SSL Connections 292 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Change Password . Allows the user to change his or her password. • Support . Provides access to the NETGEAR website. Note: The first time that a user attempt s to connect through the VPN tunnel, the NETGEAR SSL VPN tunnel adapte r is i[...]

  • Page 293

    Virtual Private Networking Using SSL Connections 293 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 179.[...]

  • Page 294

    294 8 8. M anage User s, Authenti c ation , and VPN Cer tif icates This chapter describes how to manage users, aut henticat ion, and security certificates for IPSec VPN and SSL VPN. The chapter cont ains the following sections: • The Wireless VPN Firewall’ s Authentication Process and Options • Configure Authentication Domains, Groups, and Us[...]

  • Page 295

    Manage Users, Authenticat ion, and VPN Certificates 295 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Except in the case of IPSec VPN users, when you create a user account, you need to specify a group. When you create a grou p, you need to specify a doma in. The following ta ble summarizes the external authentication pro tocols and methods[...]

  • Page 296

    Manage Users, Authentication, and VPN Certificates 296 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Authentication Do mains, Groups, and Users • Configure Domains • Configure Groups • Configure User Account s • Set User Login Policies • Change Passwords and Other User Setting s Configure Domains The domain determines t[...]

  • Page 297

    Manage Users, Authenticat ion, and VPN Certificates 297 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The List of Domains t able displays the domains with the following fields: • Che ck box . Allows you to select the d omain in the table. • Domain Name . The name of the domain. The name of the default domain (geardomain) to which the d[...]

  • Page 298

    Manage Users, Authentication, and VPN Certificates 298 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication T ype (continued) Note: If you select an y type of RADIUS authentication, make sure that one or more RADIUS servers are configured (see RADIUS Client and Server Configuration on page 240 ). • Ra dius-CHAP . RADIUS Challenge[...]

  • Page 299

    Manage Users, Authenticat ion, and VPN Certificates 299 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The domain is added to the List of Domains table. 5. If you use local authent ication, make sure that it is not disabled: in the Local Authentication section of the Domain screen (see Figure 180 on p a[...]

  • Page 300

    Manage Users, Authentication, and VPN Certificates 300 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Edit Domains  T o edit a domain: 1. Select Users > Domains . The Doma ins screen displays (see Figure 180 on page 296 ). 2. In the Action column of the List of Domains table, click the Edit table button for the domain that you want to[...]

  • Page 301

    Manage Users, Authenticat ion, and VPN Certificates 301 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create Groups  T o create a VPN group: 1. Select Us ers > Groups . The Group s screen displays. (The following figure shows the wireless VPN firewall’ s default group—geardomain—and, as an example, several other groups in the L[...]

  • Page 302

    Manage Users, Authentication, and VPN Certificates 302 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 18 3. 3. Complete the settings as explained in the following table: 4. Click Apply to save your changes. The new group is added to the List of Groups table.  T o delete one or more group s: 1. In the List of Grou ps t able, select[...]

  • Page 303

    Manage Users, Authenticat ion, and VPN Certificates 303 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Edit Groups For groups th at were automatically crea ted wh en you created a domain, you can modify only the idle time-out settings but not the group name or associated domain. For groups that you created on the Add Groups scree n, you can[...]

  • Page 304

    Manage Users, Authentication, and VPN Certificates 304 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • IPSec VPN user . A user who can make an IPSec VPN connection only through a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see Configure Extended Authentication (XAUTH) on p age 238 ). • L2TP us er . A user wh[...]

  • Page 305

    Manage Users, Authenticat ion, and VPN Certificates 305 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 185. 3. Enter the setting s as explained in the following table: 4. Click App ly to save your settings. The user is added to the List of Users table. T able 74. Add Users screen settings Setting Description User Name A descriptive ([...]

  • Page 306

    Manage Users, Authentication, and VPN Certificates 306 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more user account s: 1. In the List of Users t able, select the check box to the lef t of each user account that you want to delete, or click the Select All t able button to select all account s. Y ou cannot delete a d[...]

  • Page 307

    Manage Users, Authenticat ion, and VPN Certificates 307 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Make the following optional selections: • T o prohibit the user from logging in to the wireless VPN fire wall, select the Disable Login check box. • T o prohibit the user from logging in from t he W AN interface, select the Deny Log[...]

  • Page 308

    Manage Users, Authentication, and VPN Certificates 308 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. In the Defined Addresses S tatus section of the screen, select one of the following radio buttons: • Deny Login from Defined Addresses . Deny logging in fro m the IP ad dresses in the Defined Addresses table . • Allow Login only from[...]

  • Page 309

    Manage Users, Authenticat ion, and VPN Certificates 309 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 188. 5. In the Defined Ad dresses S tatus section of the screen, select one of the followin g radio buttons: • Den y Login from Defined Addresses . Deny log ging in from the IP addresses in the Defined Addresses t ab le. • Allo [...]

  • Page 310

    Manage Users, Authentication, and VPN Certificates 310 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 9. Repeat St e p 7 and St ep 8 for any oth er addresses that you want to add to the Defined Addresses table.  T o delete one or more IPv6 addresses: 1. In the Defined Addresses t able, select the check box to the le ft of each address th[...]

  • Page 311

    Manage Users, Authenticat ion, and VPN Certificates 31 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. 6. In the Add Defined Browser section of the screen, add a browser to the Defined Browsers table by selecting one of the following browsers from the drop-down list: • I nternet Explorer . • Opera [...]

  • Page 312

    Manage Users, Authentication, and VPN Certificates 312 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o modify user settings, including p asswords: 1. Select Users > Users . The Users screen displays (see Figure 184 on page 304 ). 2. In the Action column of the List of Users table, click the Edit t able button for the user for whic[...]

  • Page 313

    Manage Users, Authenticat ion, and VPN Certificates 313 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Manage Digital Certific ates for VPN Connections • VPN Certificates Screen • Manage VPN CA Certificates • Manage VPN Self-Signed Certifica tes • Manage the VPN Certificate Revocation List The w[...]

  • Page 314

    Manage Users, Authentication, and VPN Certificates 314 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N certificate repository . However , if the defined purpose is for IPSec VPN only , the certificate is uploaded only to the IPSec VPN certificate repository . The wireless VPN firewall uses digit al certif icate s to authent icate connecting [...]

  • Page 315

    Manage Users, Authenticat ion, and VPN Certificates 315 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Self Certificate Request s t able . Contains the self-signed certificate request s that you generated. These request s might or might not have been submitted to CAs, and CAs might or might not have issued digit al certific ates for the[...]

  • Page 316

    Manage Users, Authentication, and VPN Certificates 316 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click the Upload table button. If the verification process on the wireless VPN firewall approves the digital certificate for validity and purpose, the digital certificate is added to the T rusted Certificates (CA Certificate s) t able . [...]

  • Page 317

    Manage Users, Authenticat ion, and VPN Certificates 317 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Generate a CSR and Obtain a Se lf-Signed Certificate from a CA T o use a self-signed certificate, you first need to request the digit al certificate from a CA, and then download and activate th e digital certificat e on the wireless VPN fi[...]

  • Page 318

    Manage Users, Authentication, and VPN Certificates 318 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Generate Self Certificate Request section of the screen, enter the settings a s explained in the following table: 3. Click the Generate t able button. A new SCR is created and added to the Self Certificate Requests t able. 4. In t[...]

  • Page 319

    Manage Users, Authenticat ion, and VPN Certificates 319 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 194. 5. Copy the contents of the Data to supply to CA text field into a text file, including all of the data cont ained from “-----BEGIN CERTIFICA TE REQUEST -----” to “ -----END CERTIFICA TE REQUEST -- ---.” 6. Submit your [...]

  • Page 320

    Manage Users, Authentication, and VPN Certificates 320 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more SCRs: 1. In the Self Certificate Requests table, select the check box to the lef t of each SCR that you want to delete, or click the Se lect All table button to select all SCRs. 2. Click the Delete t able button. [...]

  • Page 321

    Manage Users, Authenticat ion, and VPN Certificates 321 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 195. Certific at es, screen 3 of 3 The Certificate Revocation List s (CRL) t able li sts the active CAs and their critical release dates: • CA Identity . The of ficial name of the CA that issued the CRL. • L ast Up date . The da[...]

  • Page 322

    322 9 9. Net w or k and S y stem Managemen t This chapter describes the tools for managing th e network traf fic to optimize its performance and the system management features of the wireless VPN firewall. The chapter contains the following sections: • Performance Manageme nt • System Management P erformance Management • Bandwid th Capacity ?[...]

  • Page 323

    Network and System Management 323 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Features That R educe T raffic Y ou can adjust the followin g features of the wireless VPN firewall in such a way that the traf fic load on the W AN side decreases: • L AN W AN outbound rules (also referred to as service blocking) • DMZ W AN outbound rules [...]

  • Page 324

    Network and System Management 324 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - Single address . The rule applies to the address o f a particular computer . - Address range . The ru le applies to a rang e of addresses. - Group s . The rule app lies to a group of computers. (Y ou can configure groups for LAN W AN outbound rules but not fo[...]

  • Page 325

    Network and System Management 325 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Source MAC Fi ltering If you want to reduce outgoing traf fic by preventing Internet access by certain computers on the LAN, you can use the source MAC filtering feature to drop the traff ic received from the computers with the specified MAC addresses. By defau[...]

  • Page 326

    Network and System Management 326 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N rules, see Configure LAN W AN Rules on page 138 and Configure DMZ WAN Rules on page 145 . When you define inbound f i rewall rule s, you c an furth er refine their application according to the following criteria: • Services . Y ou can specif y the se rvices o[...]

  • Page 327

    Network and System Management 327 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N P ort T riggering Port triggering allows some applicatio ns running on a LAN network to be available to external applications that would otherwise be p artially bl ocked by the firewall. Using the port triggering feature requires that yo u know the port numbers[...]

  • Page 328

    Network and System Management 328 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Use QoS and Bandwidth Assignment to Shift the T raffic Mix By setting the QoS priority and assigning bandwid th profiles to firewall rules, you can shif t the traffic mix to aim for optimum perform ance of the wireless VPN firewall. Set QoS Priori ties The QoS [...]

  • Page 329

    Network and System Management 329 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N System Management • Change Passwords and Administ rator and Guest Settings • Configure Remote Management Access • Use the Command-Line Interface • Use a Simple Network Management Protocol Manager • Manage the Configu ration File • Update the Firmwar[...]

  • Page 330

    Network and System Management 330 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Action co lumn of the List of Users table, click the Edit table button for the u ser with the name admin. The Edit Users screen displays: Figure 19 7. Y ou cannot modify th e administrator user name, user type, or group assignment. 3. Select the Check[...]

  • Page 331

    Network and System Management 331 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can also change the administrator login policies: • Disable lo gin. Deny login access. Note: Y ou obviously do not want to deny logi n access to yourself if you are logged in as an administrator . • Deny login access from a W AN interface. By default, [...]

  • Page 332

    Network and System Management 332 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o configure the wireless VPN firewall for remote management: 1. Select Administration > Remote Management . The Remote Management screen displays the IPv4 settings (see the next figure). 2. S pecify the IP version for which you want to configure remote[...]

  • Page 333

    Network and System Management 333 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 199. Remote Management scr een for IPv6 3. Enter the setting s as explained in the following table: T able 79. Remote Management scr een settings for IPv4 and IPv6 Setting Description Secure HTTP Manage ment Allow Secure HTTP Ma nagement? T o enable secu[...]

  • Page 334

    Network and System Management 334 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: If you are remotely connected to the wireless VPN firewall and you select the No radio button to disable secure HTTP ma nagement, you and all other SSL VPN users are disconnected when you click Apply . 4. Click Apply to save your changes. About Remote[...]

  • Page 335

    Network and System Management 335 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • T o maintain security , the wireless VPN firewall reject s a login that uses http:// address rather than the SSL http s:// address . • T he first time that you remotely co nnect to the wireless VPN firewall with a browser through an SSL connection, you mi[...]

  • Page 336

    Network and System Management 336 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP lets you monitor and manage your wireless VPN firewall from an SNMP manager . It provides a remote means to monitor and control network de vices, and to manage configurations, st atistics collection, performance, and security . The wireless VPN firewall su[...]

  • Page 337

    Network and System Management 337 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. T o specify a new SNMP configuration, in the Create New SNMP Configuration Entry section of the screen, enter the settings as explained in the following table: 3. Click Add to add the new SNMP configuration to the SN M P Co n fi gu r at i on tab l e.  T o[...]

  • Page 338

    Network and System Management 338 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o delete one or more SNMP configurations: 1. On the SNMP screen (see Figure 200 on p age 336 ), select the check box to the lef t of each SNMP configuration that you wa nt to del ete, or click the Select All table button to select all SNMP configurations.[...]

  • Page 339

    Network and System Management 339 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your changes.  T o configure the SNMP system information: 1. On the SNMP scre en (see Figure 200 on p age 336 ), click the SNMP System Info option arrow in the upper right of the screen. The SNMP SysConfiguration screen displays: Figur[...]

  • Page 340

    Network and System Management 340 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your changes. Manage the Configuration File The configuration settings of the wireless VPN firewall a re stored in a configuration file on the wireless VPN firewall. This file can be saved (backed up) to a comput er , retrieved (restored)[...]

  • Page 341

    Network and System Management 341 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Back Up Settings The backup feature saves all wireless VPN fire wall settings to a file. Back up your settings periodically , and store the backup file in a safe place. Tip: Y ou can use a backup file to export all settings to an other wireless VPN firewall tha[...]

  • Page 342

    Network and System Management 342 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: Once you st art restoring settings, do not interrupt the process. Do not try to go online, turn off the wireless VPN fire wall, shut down the computer , or do anything else to the wire less VPN firewall until the settings have been fully restore d. Re[...]

  • Page 343

    Network and System Management 343 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Update the Firmware Y ou can install a different version of the wireless VPN firewall fir mware from the Settings Backup and Firmware Upgrade screen. T o view the current version of the firmware that t he wireless VPN firewall is running, from the main menu , s[...]

  • Page 344

    Network and System Management 344 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Date and Time Service Configure date, time, and NTP server desig nations on the System Date & T ime screen. Network T ime Protocol (NTP) is a protocol that is used to synchronize comput er clock times in a network of computers. Setting the correct[...]

  • Page 345

    Network and System Management 345 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: If you select the default NTP servers or if you enter a custom serve r FQDN, the wireless VPN firewall determines the IP address of the NTP server by performing a DNS lookup. Before the wireless VPN firewall can perfo[...]

  • Page 346

    346 10 10. M on ito r S ystem Ac ces s a nd P e rfor m an ce This chapter describes the system-monitoring featur es of the wireless VPN firewall. Y ou can be alerted to importan t events such W AN traffic limit s reached, login failures, and att acks. Y ou can also view status information ab out the firewa ll, W AN ports, LAN port s, active VPN use[...]

  • Page 347

    Monitor System Access and Performance 347 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 206. 2. Enter the setting s as explained in the following table:[...]

  • Page 348

    Monitor System Access and Performance 348 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T able 84. Broadband T raffic Meter scre en settings Setting Description Enable T raffic Meter Do you want to en able Traffic Metering on Broadband? Select one of the following radio buttons to configure traffic metering: • Ye s . T raffic metering is[...]

  • Page 349

    Monitor System Access and Performance 349 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. T o display a report of the Internet traf fic by type, click the T raffic by Protocol option arrow in the upper right of the Broadband T raffic Meter screen. The T raffic by Protocol pop-up scre en displays. The inc[...]

  • Page 350

    Monitor System Access and Performance 350 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 20 8.[...]

  • Page 351

    Monitor System Access and Performance 351 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in the following table: T able 85. Firewall Logs & E-mail screen se ttings Setting Description Log Options Log Identifier Enter the name of the log identifier. The ident ifier is appended to log me ssages to ident[...]

  • Page 352

    Monitor System Access and Performance 352 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable E-mail Logs Do you want logs to be emailed to you? Select the Ye s radio button to enable the wireless VPN firewall to email logs to a specified email address. Complete the fields that are shown on the right side of the screen. Select the No radi[...]

  • Page 353

    Monitor System Access and Performance 353 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: Enabling routing and other event logs might gen erate a significant volume of log messages. NETGEAR recommend s that you enable firewall logs for debugging p urposes only . How to Send Syslogs over a VPN T unn[...]

  • Page 354

    Monitor System Access and Performance 354 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following sections describe step s 2 through 4, using the topology that is described in the following tab le: Configure Gateway 1 at Site 1  T o create a gateway-to-gateway VPN tunnel to Gateway 2, using th e IPSec VPN wizard: 1. Select VPN > [...]

  • Page 355

    Monitor System Access and Performance 355 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Gateway 2 at Site 2  T o create a gateway-to-gateway VPN tunnel to Ga teway 1, using the IPSec VPN wiza rd: 1. Select VPN > IPSec VPN > VPN Wizard . The VPN Wizard screen displays. 2. Conf igure a gate way-to-gateway VPN tunnel using [...]

  • Page 356

    Monitor System Access and Performance 356 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View Status Screens • View t he System S tatus • View t he VPN Connection S tatus and L2TP Users • View t he VPN Logs • View t he Port T riggering S tatus • View the W AN Port S tatus • View the Att ached Devices and the DHCP Log • View th[...]

  • Page 357

    Monitor System Access and Performance 357 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 209. The following ta ble explains the fields of the Route r S tatus screen: T able 86. Router S tatus s creen information Item Description System Info System Name The NETGEAR system name. Firmware V ersion The installed firmwa re version. LAN (V[...]

  • Page 358

    Monitor System Access and Performance 358 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Ro ute r S ta t ist ic s S cr ee n  T o view the Router St atistics screen: 1. Select Mon itoring > Router St atus . The Router S tatus screen displays (see the previous figure). 2. Click the Show S t atistics option arrow in the upper righ t of t[...]

  • Page 359

    Monitor System Access and Performance 359 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 210. The following ta ble explains the fields of the Router S tatistics screen. T o change the poll interval period, enter a new va lue (in seconds) in the Poll Interval field, and then click Set interval . T o stop polling, click Sto p . Detaile[...]

  • Page 360

    Monitor System Access and Performance 360 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 21 1.[...]

  • Page 361

    Monitor System Access and Performance 361 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble explains the fields of the Det ailed S tatus screen: T able 88. Det ailed Status screen informatio n Item Description LAN Port Configuration The following fields are shown for ea ch of the LAN ports. VLAN Profile T he name of the VL[...]

  • Page 362

    Monitor System Access and Performance 362 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N NA T (IPv4 only) The NA T state can be either Enabled or Disabled, depending on whether NA T is enabled (see Network Address T ranslation on page 27 ) or classical routing is enabled (see Classical Routing on p age 27 ). IPv4 Connection T ype The connec[...]

  • Page 363

    Monitor System Access and Performance 363 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T unnel Status Screen The IPv6 T unnel S tatus screen displays the sta t us o f all active 6 to4 and ISA T AP tunnels and their IPv6 addresses.  T o view the st atus of the tunnels and IPv6 addresses: Select Monit oring > Router S t atus > T un[...]

  • Page 364

    Monitor System Access and Performance 364 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the VPN Connection Status and L2TP Users The Connection S tatus screens display a list of IPSec VPN connections, SSL VPN connections, and L2TP users who are currently logged in to the wireless VPN firewall.  T o view the active IPSec VPN connect[...]

  • Page 365

    Monitor System Access and Performance 365 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o disconnect an active user , click the Disconnect table button to the right of the user’s table entry .  T o view the active L2TP tunnel users: Select VPN > Conn ection St atus > L2TP Active Users . The L2TP Active Users screen displays : [...]

  • Page 366

    Monitor System Access and Performance 366 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  T o display the SSL VPN log: Select Monitoring > VPN Logs > SSL VPN Logs . The SSL VPN Logs screen displays: Figure 21 7. View the P ort T riggering Status  T o view the st atus of the port triggering feature: 1. Select Secu rity > Port [...]

  • Page 367

    Monitor System Access and Performance 367 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Sta tus option arrow in the upper right of the Port T r iggering screen. The Port T riggering S tatus pop-up screen displays. Figure 219. The Port T riggering S tatus screen displays the information that is described in the following t able[...]

  • Page 368

    Monitor System Access and Performance 368 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 22 0. The type of connection d etermines the information that is displayed on the Conne ction S tatus screen. The scre en can display the information tha t is described in the following table: Click Disc onnect to disconnect the connection ; clic[...]

  • Page 369

    Monitor System Access and Performance 369 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 W AN P ort Status  T o view the IPv6 st atus of the W AN port: 1. Select Network Configuratio n > W AN Settings > Broadband ISP Settings (IPv6) . The Broadband ISP Settings (IPv6) scr een displays (see Figure 19 on p age 40 ). 2. Click the[...]

  • Page 370

    Monitor System Access and Performance 370 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Attached Devi ces and the DHCP Log The LAN Group s screen shows the network database, which is the Known PCs and Device s table, wh ich contains all IP devices that wireless VPN firewall h as discovered on the local network. The LAN Setup scree[...]

  • Page 371

    Monitor System Access and Performance 371 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N assigned a st atic IP addre ss, you need to update this entry manua lly af te r the IP ad dress on the computer or device has changed. • M AC Addre s s . The MAC address of the computer ’s or device’ s network interface. • Group . Each compu ter[...]

  • Page 372

    Monitor System Access and Performance 372 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Status of a Wireless P rofile  T o view the st atus of a specific wireless profile: 1. Select Network Con figuration > Wireless Settings > W ireless Profiles . The Wireless Profiles screen displays. 2. Click the St atu s button in the [...]

  • Page 373

    Monitor System Access and Performance 373 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Diagnostics Utilities • Send a Ping Packet • T race a Route • Look Up a DNS Ad dress • Display the Routing T ables • Capture Packets in Real Time • Reboot the Wirele ss VPN Firewall Remotely The wireless VPN firewall provides diagnostic tool[...]

  • Page 374

    Monitor System Access and Performance 374 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 22 5. • IPv6 . Select the IPv6 radio button. The Diagnostics screen displays the IPv6 settings: Figure 22 6. The various tasks that you can per form on the Diagnostics screen are explained in the following sections.[...]

  • Page 375

    Monitor System Access and Performance 375 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Send a Ping P acket Use the ping utility to se nd a ping packet r equest in order to check the connection between the wireless VPN firewall and a specific I P address or FQDN. If the request times out (no reply is received), it usually means th at the d[...]

  • Page 376

    Monitor System Access and Performance 376 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Display the R outing T ables Displaying the internal routing t able can as sist NETGEAR technical support in diagnosing routing problems.  T o display the routing t able: On the Diagnostics screen for IPv4, in th e Rout er Options section of the scre[...]

  • Page 377

    Monitor System Access and Performance 377 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N R eboot the Wireless VPN Firewall Remotely Y ou can perform a remote reboot, for example, when the wireless VPN firewall seems to have become unst able or is not operating normally . Rebooting breaks any e xisting connections either to th e wireless VPN[...]

  • Page 378

    378 11 11 . T r oubles hooti ng This chapter provides trouble shooting tips an d information for the wireless VPN firewall. Af ter each problem description, instructions are provid ed to help you diagnose and solve the problem. For the common problems listed, go to t he section indicated. • Is the wireless VPN firewall on? Go to Basic Functioning[...]

  • Page 379

    T roubleshooting 379 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The wireless VPN firewall’ s diagno stic tools are explained in Diagnostics Utilities on page 37 3 . Basic F unctioning • Power LED No t On • T est LED Never T urns Off • LAN or WAN Port LEDs Not On  Af ter you turn on power to the wireless VPN firewall, ve[...]

  • Page 380

    T roubleshooting 380 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N  If all LEDs are still on more than several minutes minute after power-up, do the following: • T urn off the power , and then turn it on again to see if th e wireless VPN firewall recovers. • Reset the wireless VPN firewall’ s configuration to factory default setti[...]

  • Page 381

    T roubleshooting 381 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Make sure that you are using the SSL http s:// address login rather than the http:// address login. • Make sure that your browser has Java, JavaScript, or ActiveX enab led. If you are using Internet Explorer , click Refresh to be sure that the Java applet is loaded. ?[...]

  • Page 382

    T roubleshooting 382 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T roubleshoot the ISP Connection If your wireless VPN firewall is unable to ac cess the Internet , you should first determine whether the wireless VPN firewall is able to obt ain a W AN IP address from the ISP . Unless you have been assigned a st atic IP address, your wirel[...]

  • Page 383

    T roubleshooting 383 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N system name, or account name that was assi gned to you by your ISP . Y ou might also have to enter the assigned domain name or workgroup name in the Domain Name field, and you might have to enter additiona l information. For more information, see Manually Configure an IPv4 [...]

  • Page 384

    T roubleshooting 384 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Check the computer: • Make sure tha t the operating system suppor t s IPv6. Normally , the following operating systems support IPv6: - Wind ows 7, all 32- and 64-bit ver s ions - Wind ows Vi sta, all 32- and 64-bit versions - Wind ows XP Professional SP3 (32- and 64-bit) [...]

  • Page 385

    T roubleshooting 385 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N c. Make sure that Internet Protocol V ersion 6 (TCP/IPv6) displays, as is shown in the previous figure. • Make sure that the computer has an IPv6 add ress. If the computer has a link-lo cal address only , it cannot reach the wireless VPN firewall or the Internet. On a com[...]

  • Page 386

    T roubleshooting 386 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 23 0. f. Make sure that an IPv6 address shows. The previous figure does not show an IPv6 address for the computer but only a link-l ocal IPv6 address and an IPv6 default gateway address, both of which start , in this case, with FE80. T roubleshoot a T CP/IP Network U[...]

  • Page 387

    T roubleshooting 387 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click OK . A message similar to the follo wing should display: Pinging <IP address> wit h 32 bytes of data If the p ath is working, you see this message: Reply from <IP address>: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message: Re[...]

  • Page 388

    T roubleshooting 388 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N information. For more information, see Manually Co nfigure an IPv4 Internet Connection on page 31 . • Y our ISP could be rejecting the Ethernet MAC addresses of all but one of your computers. Many broadband ISPs restrict access by allowing traf fic only from the MAC addre[...]

  • Page 389

    T roubleshooting 389 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The reboot process t akes about 165 sec onds. (If you can see the unit: The reboot process is complete when the T est LED on the front p anel goes off.) W ARNING: When you press the hardware fac tory default Reset button or click the sof tware Default button, the wireless V[...]

  • Page 390

    390 A A. De fa ult Settings and T echni cal Sp ecificat ion s This appendix provides the de fault settings and th e physical and technical specifications of the wireless VPN firewall in the following sections: • Factory Default Settings • Physical and T echnical Specifications Factory Default Settings Y ou can use th e factory default Reset but[...]

  • Page 391

    Default Settings and T echnical S pecifications 391 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N S tateless IP/ICMP Translation (SIIT) Disabled W AN MAC addre ss Use default MAC address of the wireless VPN firewall W AN MTU size 1500 bytes 1492 bytes for PPPoE connections Port speed AutoSense Dynamic DNS for IPv4 Disabled IPv4 LAN, DMZ, a[...]

  • Page 392

    Default Settings and T echnical Specifications 392 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DMZ port for IPv6 Disabled DMZ IPv6 address (Port 8) 176::1 DMZ IPv6 prefix length (Port 8) 64 DMZ DHCPv6 server Disabled Firewall and security settings Inbound LAN W AN rules (communications coming in from the Internet) All traffic is blocked,[...]

  • Page 393

    Default Settings and T echnical S pecifications 393 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N UPnP Disabled Bandwidth profiles None QoS profiles Normal-Service Minimize-Cost Maximize-Reliability Maximize-Throughput Minimize-Delay Content filtering Disabled Proxy server blocking Disabled Java applets blocking Disabled ActiveX controls b[...]

  • Page 394

    Default Settings and T echnical Specifications 394 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Encryption None Authentication None T ran smission rate Best 1 Default transmit power Full 802.1 1 wireless mode 802.1 1ng (for most countries) 802.1 1b/g/n radi o fr equency channel Auto 802.1 1n cha nnel sp a cing 20 MHz Beacon interval 100 m[...]

  • Page 395

    Default Settings and T echnical S pecifications 395 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Key group DH-Group 2 (1024 bit) NetBIOS Enabled VPN IPsec Wizard: IKE policy settings for IPv4 gateway- to-client tunnels Exchange mode Aggressive ID type FQDN Local W AN ID remote.com Remote W AN ID local.com Encryption alg orithm 3DES Authen[...]

  • Page 396

    Default Settings and T echnical Specifications 396 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Physical and T echnical Specifications The following t able shows the physical and techni cal specifications for the wireless VPN firewall: default users, default passwords admin, password guest, password Administrative and monitoring settings [...]

  • Page 397

    Default Settings and T echnical S pecifications 397 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Power plu g (localized to the country of sale) North America 120V , 60 Hz, input United Kingdom, Australia 240V , 50 Hz, input Europe 230V , 50 Hz, input Input, for all regions 12VDC @ 1A output Dimensions and weight Dimensions (W x H x D) 19 [...]

  • Page 398

    Default Settings and T echnical Specifications 398 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following t able shows the IPSec VPN specif ications for the wireless VPN firewall: The following t able shows the SSL VPN specifications fo r the wireless VPN firewall: T able 95. Wireless VPN fire wall IPSec VPN specifications Setting Spe[...]

  • Page 399

    Default Settings and T echnical S pecifications 399 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble shows the wireless spec ifications for the wireless VPN firewall: T able 97. W ireless VPN firewall wi reless spec ifications Setting Specification 802.1 1bg data rates 1, 2, 5.5, 6, 9, 1 1, 12, 18, 24, 36, 48, 54 Mbps, an[...]

  • Page 400

    400 B B. T w o - F act or A uthe nti cati on This appendix provides an overview of two-factor authentication, and an example of how to implement the WiKID solution. This appendi x cont ains the fo llowing sections: • Why Do I Need T wo-Factor Authent ication? • NETGEAR T wo-Factor Authentication Solutions Why Do I Need T wo -Factor Authenticati[...]

  • Page 401

    T wo-Factor Authentication 401 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N What Is T wo-Factor Authentication? T wo-factor authentication is a security solution that enhance s and strengthens security by implementing multiple factors of the authentica tion process that challenge and confirm the users’ identities before they can gain ac[...]

  • Page 402

    T wo-Factor Authentication 402 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 23 2. 2. A one-time passcode ( something the user has ) is generated. Figure 23 3. Note: The one-time passcode is time-syn chronized to the authentication server so that the OTP can be used only once and needs to be used before the expiration time. If a use[...]

  • Page 403

    T wo-Factor Authentication 403 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 234.[...]

  • Page 404

    404 C C. No tif ica tion o f Com pli ance (W ir ed) NET GEAR W ir ed Pr oducts Regulatory Compliance Information This section includes user requirement s for oper ating this p roduct in accordance with National laws for usage of radio spectrum and ope ration of radio devices. Failure of the end-user to comply with the applicable re quirements may r[...]

  • Page 405

    Notification of Compliance (Wired) 405 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N FCC Radio Frequency Interference W arnings & Instructions This equipment has been tested and found to comply with the limits for a Class B digit al device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection[...]

  • Page 406

    Notification of Compliance (Wired) 406 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional Copyrights AES Copyright (c) 2001, Dr . Bri an Gl adman, brg@gladman.uk.net , W orceste r , UK. All rights reserved. TERMS Redistribution and use in source and binary fo rms, w ith or without modification, are permitted subject to the following [...]

  • Page 407

    Notification of Compliance (Wired) 407 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N MD5 Copyrig ht (C) 1990, RSA Data Secu rity , Inc. All rights reserved. License to copy and use this software is granted provi ded that it is ident ified as the “RSA Data Security , In c. MD5 Message-Digest Algorithm” in all material mentioning or refe[...]

  • Page 408

    408 D D. Notif i cati on of C ompli ance (W ir el ess) NET GEAR W ir eless R oute r s, Gate wa y s, AP s Regulatory Compliance Information Note: This section includes use r requirements for operating this product in a ccordance with National l aws for usage of radio spectrum and op eration of radio devices. Failure of the e nd-user to comply with t[...]

  • Page 409

    Notification of Compliance (Wireless) 409 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Español [S panish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposicione s aplicables o exigibles de la Directiva 1999/5/CE. Ελληνική [Greek] ΜΕ ΤΗΝ ΠΑΡΟ Υ[...]

  • Page 410

    Notification of Compliance (Wireless) 410 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N This device is a 2.4 GHz wideband transmi ssion system (transceiver), intended for use in all EU member states and EFT A co untries, except in Fran ce and It a ly where restri ctive use applies. In Italy the end-user should apply for a license at the na[...]

  • Page 411

    Notification of Compliance (Wireless) 41 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • For product available in the USA market, only channel 1~ 1 1 can be operated. Selectio n of other channels is not possible. • Thi s device and it s antenna(s) must not be co-located or op eration in conjunct ion with any other antenna or transmit[...]

  • Page 412

    412 Inde x Numerics 10BASE-T , 100BASE-T , and 1000BASE-T speeds 52 2.4-GHz wireless mode 109 20- and 40-MHz channel spacing 109 3322.org 35 – 37 64-bit and 128-bit WEP 119 6to4 tunnels configuring globally 46 DMZ, configuring for 97 LAN, configuring for 83 802.1 1b/bg /ng/n data rates and frequen cies 399 802.1 1b/bg /ng/n modes 109 A AAA (authe[...]

  • Page 413

    413 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Auto Uplink, autosensi ng Ethernet connections 13 autodetecting IPv4 Internet settings 29 autoinitiating VPN tunnels 235 autosensing port speed 52 B b mode, wireless 109 backing up configuration fi le 341 bandwidth capacity 322 bandwidth limits, logging dropped packet s 35 1 bandwidth profi[...]

  • Page 414

    414 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N crossover cable 13 , 380 CSMA (Carrier Sens e Multiple Access) 126 CSR (certificate signing request) 317 CTS (Clear to Send) packets and self-protection 126 custom services, firewall 172 D Data Encryption S tandard. See DES. data rates, 802.1 1b/bg/ng/n 399 database, local users 297 date an[...]

  • Page 415

    415 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dipole antenna 18 direction, bandwidth profiles 176 DMZ (demilitarized zone) configuring 85 – 98 increasing traffic 327 port 13 , 17 DNS (Domain Name Server) automatic configurat i on of computers 13 dynamic 35 – 37 looking up an address 375 Mode Config address allocation 246 proxy 14 ,[...]

  • Page 416

    416 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N G g mode, wireless 10 9 gateway , ISP IPv4 address 34 IPv6 address 42 generating keys, WEP 119 global addresses, IPv6 47 global IPv6 tunnels DMZ, configurin g for 97 LAN, configuring for 83 group and global policies, configuring for SSL VPN 282 groups LAN group s 69 – 72 VPN policies 300 [...]

  • Page 417

    417 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N ISA T AP tunnel address 48 LAN, secondary 65 – 67 MAC bindings 185 port forwarding, SSL VPN 274 require ments 24 reserved 72 secondary LAN 65 SIIT address 50 SSL VPN clients, configurin g 278 policies, configuring 286 resources, configuring 28 2 static or permanent 30 , 34 subnet mask, de[...]

  • Page 418

    418 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N key generation, WEP 119 keyword blocking 179 knowledge base 389 L L2TP (Layer 2 T unneling Protocol) server 26 3 L2TP Access Concentrator (LAC) 263 L2TP user s 305 LAC (L2TP Access Concen trator) 263 LAN address pools (IPv6) 77 , 92 bandwidth cap acity 322 default settings 391 groups, assig[...]

  • Page 419

    419 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N monitoring default settin gs 396 MTU (maximum transmission unit) default 51 IPv6 DMZ packet s 96 IPv6 LAN packets 82 multicast pass-through 16 8 multihome LAN addresses IPv4, configuring 65 – 67 IPv6, configuring 84 – 85 N n and ng modes, wireless 109 names, changing DDNS host and domai[...]

  • Page 420

    420 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N PFS (Perfect Forward Secrecy) 238 , 246 physical specifications 396 PIN method, WPS 124 pinging checking connections 375 responding on Interne t ports 167 responding on L AN port s 16 8 troubleshooting TCP/IP 386 using the ping utility 375 placement of wireless VPN firewall 19 , 107 plug an[...]

  • Page 421

    421 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLANs 56 – 63 wireless security 112 , 115 – 119 protection from common attacks 166 – 169 protocols compatibilities 396 RIP 13 service numbers 172 traffic volume by protocol 349 PSK. See pre-sha red key . public web server , hostin g (ru le example) 159 Push ’N’ Connect 123 Push bu[...]

  • Page 422

    422 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security lock receptacle 18 Security Parameters Index (SPI) 236 security profiles, wireless creating and configuring 115 – 119 described 111 – 114 separation, wireless 118 server preference, DHCPv6 77 , 91 service blocking reducing traffic 323 rules, firewall 130 service numbers, common[...]

  • Page 423

    423 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N status, viewing 356 – 363 updating firmw are 34 3 T table buttons (web management interface) 23 tabs, submenu (web management interface) 23 TCP (T ransmission Control Proto col) 191 TCP flood, blocki ng 167 TCP time-out 171 TCP/IP network, troubles hootin g 386 technical specifications 39[...]

  • Page 424

    424 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N V vendor class identifier (VCI) 34 version, SNMP 337 videoconferencing DMZ port 86 from restricted address (rule example) 160 violations, IP/MAC binding 186 – 188 virtual LAN. See VLANs. Virtual Private Network Consortium (VPNC) 14 , 195 VLANs advant ages 55 described 54 DHCP options 57 ?[...]

  • Page 425

    425 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N testing 127 wireless equipment, placement and rang e 107 wireless mode 109 wireless networ k name (SSID) broadcasting 11 7 broadcasting and security 111 wireless radio advanced settings, configuring 125 basic settings, configuring 108 wireless security 111 – 120 wireless separation 118 wi[...]