NETGEAR FVG318NA manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of NETGEAR FVG318NA, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of NETGEAR FVG318NA one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of NETGEAR FVG318NA. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of NETGEAR FVG318NA should contain:
- informations concerning technical data of NETGEAR FVG318NA
- name of the manufacturer and a year of construction of the NETGEAR FVG318NA item
- rules of operation, control and maintenance of the NETGEAR FVG318NA item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of NETGEAR FVG318NA alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of NETGEAR FVG318NA, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the NETGEAR service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of NETGEAR FVG318NA.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the NETGEAR FVG318NA item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    202-10318-01 September 2007 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA ProSafe 802.1 1g Wireless VPN Firewall FVG318 Reference Manual[...]

  • Page 2

    ii v1.0, September 2007 © 2007 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR and the NETGEAR l ogo are registered trademarks and ProSaf e is a trademark of NETGEAR, Inc. Microsoft, W indows, and W indows NT ar e registered trademarks of Microsof t Corporation. Other brand and pr oduct names are registered trad emarks or tradema rks of [...]

  • Page 3

    v1.0, September 2007 iii Europe – Declaration of Conf ormity in Languages of the European Community Cesky [Czech] NETGEAR Inc. tímto prohlašuje, že tento Radiol an je ve shod e se základními požadavky a dalšími príslušnými ustanoveními smernice 1999/5 /ES.. Dansk [Danish] Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr[...]

  • Page 4

    v1.0, Septembe r 2007 iv FCC Requirement s for Operation in the United St ates FCC Information to User This product does not contain an y user serviceable co mponents and is to be us ed with approved an tenn as only . Any product changes or modifications wi ll invalidate all applicable regul atory certifications and approvals FCC Guidelines for Hum[...]

  • Page 5

    v1.0, September 2007 v interference will not occur in a pa rtic ula r installation. If this equipment does cause harm ful interference to radio or television reception, which ca n be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following methods: • Reorient or relo[...]

  • Page 6

    v1.0, Septembe r 2007 vi Product and Publication Det ails Model Number: FVG318 Publication Date: September 2007 Product Family: Wireless Router Product Name: ProSafe 802.1 1g Wireless VPN Firewall Home or Business Prod uc t: Business Language: Engl ish Publication Part Number: 202-10318-01 Publication V ersion Number: 1.0[...]

  • Page 7

    vii v1.0, September 2007 Content s About This Manual Conventions, Formats, and Scope ............... ................ ................ ................ ................ ... xiii How to Use This Manual ................. ................ ................ ............. ................ ................ ...xiv How to Print this Manual . ............. .[...]

  • Page 8

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual viii Contents v1.0, September 2007 Chapter 3 Configuring Wirele ss Connectivity Observing Performance, Placem ent, and Range Guidelines ............. ................ ............ 3-1 Implementing Appropriate Wirele ss Security ... ............. ................ ................ .......[...]

  • Page 9

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Contents ix v1.0, September 2007 Setting Up a Client-to-Gateway VPN Configurat ion ..... ................ ................ ............. ..... 5-5 S tep 1: Configuring the Client-to-Gateway VPN Tu nnel on the FVG318 ................. 5-5 S tep 2: Configuring the NETGEAR ProSafe VPN Clie[...]

  • Page 10

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual x Contents v1.0, September 2007 Configuring S tatic Routes ................ ................ ................ ................ ............. ................ .. 8-5 Configuring RIP ............... ................ ............. ................ ................ ............. ...........[...]

  • Page 11

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Contents xi v1.0, September 2007 The FVG318-to-FVS318v2 Case ................. ................ ............. ................ ................ .... C-7 Configuring the VPN T u nnel ........... ... .... ... ... ... ... .... ... ... ... .... ... ... ............. ... ... .... ... ... . C[...]

  • Page 12

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual xii Contents v1.0, September 2007[...]

  • Page 13

    xiii v1.0, September 2007 About This Manual The NETGEAR ® Pr oSafe™ 802.1 1g W ir eless VPN Fir ewall FVG318 Refer ence Manual describes how to install, configure and troubleshoot th e ProSafe 802.1 1g W ireless VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Forma[...]

  • Page 14

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual xiv About This Manual v1.0, September 2007 • Scope. This manual is written for the VPN fir ewall according to these specifications: For more information about networ k, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents .[...]

  • Page 15

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual About This Manual xv v1.0, September 2007 • Printing from PDF . Y our computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe W eb site at http://www .adobe .com . – Printing a PDF Chapter . Use th[...]

  • Page 16

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual xvi About This Manual v1.0, September 2007[...]

  • Page 17

    1-1 v1.0, September 2007 Chapter 1 Introduction This chapter describes the features of the NETG EAR® ProSafe 802.11g W ireless VPN Firewall, Model FVG318. Key Features of the VPN Firewall Router The ProSafe 802.1 1g W ireless VPN Firewa ll with eight-port switch connects your local area network (LAN) to the Internet through an extern al access dev[...]

  • Page 18

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-2 Introduction v1.0, September 2007 802.1 1g and 802.1 1b Wireless Networking The VPN firewall includes an 802.1 1g-compliant wireless access point. The access point provides: • 802.1 1b standards-based wireless networking at up to 11 Mbps. • 802.1 1g wireless network i ng at up t[...]

  • Page 19

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Introduction 1-3 v1.0, September 2007 The FVG318 logs security events such as blocke d incoming traf fic, port scans, attacks, and administrator logins. Y ou can configure the fi rewall to email the log to you at specified intervals. Y ou can also configure the firewall to send immediat[...]

  • Page 20

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-4 Introduction v1.0, September 2007 • IP Address Sharing by NA T . The VPN firewall allows severa l networked PCs to share an Internet account using only a single IP addr ess, which may be statically or dynamically assigned by your Internet service pro vider (ISP). This technique, k[...]

  • Page 21

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Introduction 1-5 v1.0, September 2007 Maintenance and Support NETGEAR offers the following features to help you maximize yo ur use of the VPN firewall: • Flash memory for firmware upgrade. • Free technical support seven days a week, 24 hours a day . Package Content s The product pac[...]

  • Page 22

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-6 Introduction v1.0, September 2007 Y ou can use some of the LEDs to verify connections. V iewed fro m left to right, Ta b l e 1 - 1 describes the LEDs on the front panel of th e firewall. These LEDs are green when lit. The FVG318 Rear Panel The rear panel of the VPN firewal l cont ai[...]

  • Page 23

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Introduction 1-7 v1.0, September 2007 V iewed from left to right, the rear panel contains the following features: • Detachable wireless antenna • Factory default reset p ush button • Eight Ethernet L AN ports • Internet Ethernet W AN port for connecti ng the firewall to a ca ble[...]

  • Page 24

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-8 Introduction v1.0, September 2007[...]

  • Page 25

    Connecting the Fire wa ll to the Internet 2-1 v1.0, September 2007 Chapter 2 Connecting the Firewall to the Internet This chapter describes how to set up the firewall on your LAN, connect to the In ternet, perform basic configuration of yo ur ProSafe 802.1 1g W irele ss VPN Fire wall using the Setup W izard, or how to manually configure your Intern[...]

  • Page 26

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-2 Connecting the Firewall to the In ternet v1.0, September 2007 d. Securely insert the Ethernet cable from your mo dem into the FVG318 Internet port (point B in the illustration). e. Securely insert one end of the NETGEAR cable that came with your FVG318 into a Local port on the route[...]

  • Page 27

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -3 v1.0, September 2007 2. Restart your network in the co rre ct se qu ence a. First, plug in and turn o n the cable or DSL modem.W ait about 2 min utes. b. Now , plug in the power cord to yo ur FVG318 and wait about 30 secon ds. c. Last, tu[...]

  • Page 28

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-4 Connecting the Firewall to the In ternet v1.0, September 2007 • Power: The power light should be lit. If after 2 minutes the power light turns solid amber, see the T roubleshooting T ips in this guide. • Te s t : The test light blinks when the FVG318 is first turned on. If after[...]

  • Page 29

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -5 v1.0, September 2007 2. When prompted, en ter admin for the firewall User Name and password for the firewall Password. Both fields are case-sensitive. (For sec urity reasons , the firewall has its own User Name and Password.) 3. Click Log[...]

  • Page 30

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-6 Connecting the Firewall to the In ternet v1.0, September 2007 4. Select Network Configuration. The W AN ISP Settings screen will display . Click Auto Detect at the bottom of the W AN ISP Settings screen. The router will automatica lly attempt to detect your connection t ype. A messa[...]

  • Page 31

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -7 v1.0, September 2007 Manually Configuring your Internet Connection Unless your ISP assigns your configuration automatically via DHCP , you will need the configuration parameters from your ISP . For exam ple, if your router detected a PPPo[...]

  • Page 32

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-8 Connecting the Firewall to the In ternet v1.0, September 2007 – Password . Enter the password you use to log in to your ISP . • Enter your ISP T ype information: – Austria (PP TP ): If your ISP is Austria T elecom or any other ISP that uses PP TP to log in, fill in the followi[...]

  • Page 33

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -9 v1.0, September 2007 • IP Subnet Mask : This is usually provided by the ISP o r your network administrator . • Gateway IP Address : IP address of your ISP’ s gatewa y . This is usually provided by the ISP or your network administrat[...]

  • Page 34

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-10 Connecting the Firewall to th e Internet v1.0, September 2007 The gateway conta in s a clie n t that ca n co nn ect to a dynamic DNS service provider . T o use this feature, you must select a service provider and obtain an account with them. After you have configured your acco un t[...]

  • Page 35

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to th e Int er n et 2-11 v1.0, September 2007 5. Click Apply to save y our configuration. Configuring Y our T ime Zone The VPN firewall uses the Network T ime Protocol (NTP) to obtain the cu rrent time and date from one of several Network T ime Servers on the [...]

  • Page 36

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-12 Connecting the Firewall to th e Internet v1.0, September 2007 • Select the Use Custom NTP Servers if you prefer to use a particular NTP server . – Enter the name or IP address of an NTP Server in the Server 1 Name/IP Address field. – If required, you can also enter the addres[...]

  • Page 37

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to th e Int er n et 2-13 v1.0, September 2007 • Some cable modem ISPs require you to use the MAC address of the computer registere d on the account. If so, in the Router MAC Addre ss section of the Basic Settings menu, select, “Use this Computer ’ s MAC [...]

  • Page 38

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-14 Connecting the Firewall to th e Internet v1.0, September 2007 Configuration Settings Have Been Applied Enter the standard URL to access the VPN firewall router Connect to the VPN firewall ro uter by typing the d efault router IP address in the address field of your brow ser , then [...]

  • Page 39

    Configuring Wireless Connectivity 3-1 v1.0, September 2007 Chapter 3 Configuring Wireless Connectivity This chapter describes how to configure the wire less features of your FVG318 VPN firewall. Observing Performance, Placem ent, and Range Guidelines In planning your wire less network, you sh ou ld consider the level of se curity required. Y ou sho[...]

  • Page 40

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-2 Configuring Wireless Con nectivity v1.0, September 2007 Implementing Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapte r . For this reason, use the security fe[...]

  • Page 41

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-3 v1.0, September 2007 • Wi- Fi Protected Access (WP A and WP A2) . The very strong auth entication along with dynamic per frame rekeyin g o f WP A and WP A2 make it virtually im po ssible to compromise. Because this is a new standard, wireless de v[...]

  • Page 42

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-4 Configuring Wireless Con nectivity v1.0, September 2007 • Wir eless Ne twork. The station name of the FVG318. – Wir eless Network Name (SSID). The SSID is also kn own as the wireless network name. Enter a value of up to 32 alphanumeric characters. In a se tting where there is mo[...]

  • Page 43

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-5 v1.0, September 2007 – Region. This field identifies the region where the FVG318 can be used. It may no t be legal to operate the wireless features of the VPN fi rewall router in a region other than one of those identified in this field. Unless yo[...]

  • Page 44

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-6 Configuring Wireless Con nectivity v1.0, September 2007 – WP A2-PSK : WP A2 is a later version of WP A. Only select this if all clients support WP A2. If selected, you must use AES encryption – WP A-PSK and WP A2-PSK : This selection allows clients to use either WP A (with TKIP [...]

  • Page 45

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-7 v1.0, September 2007 Security Check List for SSID and WEP Settings For a new wireless network, print or copy this form and fill in the configuration parameters. For an existing wireless network, the person who set up or is responsible for the networ[...]

  • Page 46

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-8 Configuring Wireless Con nectivity v1.0, September 2007 Setting Up and T esting Basic Wireless Connectivity Follow the instructions below to set up and te st basic wireless conne ctivity . Once you have established basic wireless connectivity , you can enable security settin gs appr[...]

  • Page 47

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-9 v1.0, September 2007 7. For initial configuration and test, leave the W i reless Card Access List set to “All W ireless Stat ions” and the Encryption St rength set to “Disable.” 8. Click Apply to save your changes. 9. Configure and test your[...]

  • Page 48

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-10 Configuring Wireless Connectivity v1.0, September 2007 3. Check the Y es radio box to enable MAC filtering and tu rn on the Access Control List. Then click Apply . An “Operation Succeed” m essage will display . Only T rusted W ireless Stations will be able to connect to the VPN[...]

  • Page 49

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-11 v1.0, September 2007 3. In the W ireless Security T ype section, select the WEP radio bo x. The WEP fields section will be highlight ed. 4. Choose the Authentication T ype (Automatic, Open System or Shared Key) and Encryption St re n g t h options.[...]

  • Page 50

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-12 Configuring Wireless Connectivity v1.0, September 2007 • Manual Entry Mode : Enter ten hexadecimal digits (any combin ation of 0-9, a-f, or A-F). These hex values are not case sensitive. Select which of the four keys will be used and enter the matching WEP key inform ation for yo[...]

  • Page 51

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-13 v1.0, September 2007 3. Select the WP A radio box and then select RADIUS from the WP A with: pull-down menu in the W ireless Security T ype section. The RADIUS settings fields in the Radius Server Settings section will be highlighted. 4. Enter the [...]

  • Page 52

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-14 Configuring Wireless Connectivity v1.0, September 2007 Configuring WP A2 with RADIUS T o configure WP A2 with RADIUS: 1. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of password , or using whatever LAN addr ess and[...]

  • Page 53

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-15 v1.0, September 2007 4. Enter the Radius Server Settings. • Primary Server Name/IP Addr ess : This field is required. Enter the name or IP address of the primary Radius Serve r on your LAN. • Radius Port : Enter the port number used for connect[...]

  • Page 54

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-16 Configuring Wireless Connectivity v1.0, September 2007 3. Select the WP A and WP A2 radio box and then select RADIUS from the WP A with: pull- down menu in the W ireless Security T ype section. The RADIUS settings fields in the Radius Server Settings sectio n will be highlighted. 4[...]

  • Page 55

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-17 v1.0, September 2007 Configuring WP A-PSK T o configure WP A-PSK: 1. Log in at the default LAN address of http://192.168.0.1 , with the default user name of admin and default password of password , or using whatever LAN addr ess and password you ha[...]

  • Page 56

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-18 Configuring Wireless Connectivity v1.0, September 2007 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Ent er a word or group of printable characters in the Passphrase b ox. The Passphra se must be 8 to 63 characters in length. The 256 Bit key [...]

  • Page 57

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-19 v1.0, September 2007 3. Select the WP A2 radio box and then select PSK from the WP A with: pull-down menu in the W ireless Security T ype section. The PSK settings fields in th e PSK Settings section will be highlighted. 4. In the PSK Settings sect[...]

  • Page 58

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-20 Configuring Wireless Connectivity v1.0, September 2007 Configuring WP A-PSK and WP A2-PSK T o configure WP A-PSK and WP A2-PSK: 1. Log in at the default LAN address of http://192.168.0.1 , with the default user name of admin and default password of password , or using whatever LAN [...]

  • Page 59

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-21 v1.0, September 2007 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Ent er a word or group of printable characters in the Passphrase b ox. The Passphra se must be 8 to 63 characters in length. The 256 Bit key [...]

  • Page 60

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-22 Configuring Wireless Connectivity v1.0, September 2007[...]

  • Page 61

    Firewall Protection and Conten t Filtering 4-1 v1.0, September 2007 Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe 802.11g W ireless VPN Firewall to protect your n etwork. These features can be found by clicking on the Security heading in the main menu of the brows[...]

  • Page 62

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-2 Firewall Protection and Content Filtering v1.0, September 2007 Certain commonly used web compon ents can also be blocked for inc reased security . Some of these components can be used by malic ious websites to infect computers that access them. For example: • Proxy . A proxy serve[...]

  • Page 63

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 3 v1.0, September 2007 2. Check the Y es radio box in the Content Filtering section and click Apply . This will enable content filtering an d allow you to specify W eb Compon ents to be blocked. 3. Check the radio box for each W eb Component [...]

  • Page 64

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-4 Firewall Protection and Content Filtering v1.0, September 2007 1. In the appropriate field add the IP Address or Domain Name. 2. Click Add. The IP Address or Domain Name will appear in the appropriate table. 3. Click Edit adjacent to th e entry to modify or change the selected IP Ad[...]

  • Page 65

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 5 v1.0, September 2007 A firewall has two default rules, one for inbound traf fic and one for outbound. The default rules of the FVG318 are: • Inbound : Block all access from outside except re sponses to requests from the LAN side. • Outb[...]

  • Page 66

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-6 Firewall Protection and Content Filtering v1.0, September 2007 An example of th e menu for defining or edi ting a rule is shown in Figure 4-3 . The parameters are: • Service . From this list, select the application or service to be allowed or blocked. The list already displays man[...]

  • Page 67

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 7 v1.0, September 2007 Inbound Rule Example: A Local Public W eb Server If you host a public W eb server on your local network, you can define a rule to allow inbound W eb (HTTP) requests from any outside IP address to the IP address of your [...]

  • Page 68

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-8 Firewall Protection and Content Filtering v1.0, September 2007 Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP , the IP address may change periodically as the DHCP lease expires. Cons ider using the Dynamic DNS feature in the Adva[...]

  • Page 69

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 9 v1.0, September 2007 . Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules table, as shown below: For any traffic attempting to pass through the fire wall, the packet informa tion is subjected to[...]

  • Page 70

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-10 Firewall Protection and Content Filtering v1.0, September 2007 Default DMZ Server Incoming traf fic from the Internet is normally discarded by th e firewall unless the traffic is a response to one of your local computers or a service for which you h ave configured an inboun d rule.[...]

  • Page 71

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -11 v1.0, September 2007 . Att ack Checks The Attack Check screen allows you to specify if the router should be protected against common attacks from the LAN an d W A N networks. The various types o f attack checks are defi ned below . T o acc[...]

  • Page 72

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-12 Firewall Protection and Content Filtering v1.0, September 2007 Services Services are functions performed by server computers at the request of client computers. For example, W eb servers serve W eb page s, time serve rs serve time and date information, and game hosts serve data abo[...]

  • Page 73

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -13 v1.0, September 2007 b. From the Ty p e pull-down menu, select whether the se rvice uses TCP , UDP or ICMP as its transport protocol. c. Enter the lowest port number used by the service in the St a r t P o r t field. a. Enter the highest p[...]

  • Page 74

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-14 Firewall Protection and Content Filtering v1.0, September 2007 . T o bloc k keywords or Internet d omains based on a sche dule: 1. Select Security > Schedule from the menu . The Schedule 1 scre en will display . 2. In the Scheduled Days section, select the All Days or Specific D[...]

  • Page 75

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -15 v1.0, September 2007 2. Enter the Log Identifier in the Log Options sections. Every logged message will contain a prefix for easier identification of the source of the message. The Log Identifier w ill be prefixed to both e- mail and Syslo[...]

  • Page 76

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-16 Firewall Protection and Content Filtering v1.0, September 2007 5. Enable E-Mail Logs. Check the Ye s radio box if you wish to receive e-mail lo gs fro m the firewall. 6. Enter your E-Mail Address information. If you enabled e-mail notificat ion, these boxes cannot be blank. • Ent[...]

  • Page 77

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -17 v1.0, September 2007 • Enter the Return E-Mail Addr ess to which logs and alerts are sent. This e-mail address will also be used as the Send T o E-mail addre ss. If you leave this box blank, log and alert messages will not be sent via e-[...]

  • Page 78

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-18 Firewall Protection and Content Filtering v1.0, September 2007 Log entries are described in T able 4-1 Log action buttons are described in Ta b l e 4 - 2 T able 4-1. Log entry descrip tions Field Description Date and T ime The date and time the log entry was recorded. Description o[...]

  • Page 79

    Basic Virtual Private Ne tworking 5-1 v1.0, September 2007 Chapter 5 Basic V irtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the VPN firewall. VPN communications paths are called tu nnels. VPN tunnels provide secure, encrypted communications betwee n your local network and a remote networ[...]

  • Page 80

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-2 Basic Virtual Private Networking v1.0, September 2007 Overview of VPN Configuration T wo common scena rios for config uring VPN tunnels are between a remote personal computer and a network gateway and between two or more netw ork gateways. The FVG318 supports b oth of these types of[...]

  • Page 81

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 3 v1.0, September 2007 A VPN between two or more NETGEAR VPN-enabled firewalls is a good way to connect branch or home offices and business partners over the In ternet. VPN tunnels also enable ac cess to network resources across the Internet. In this [...]

  • Page 82

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-4 Basic Virtual Private Networking v1.0, September 2007 • What level of IPSec VPN encryption will you use? – DE – The Data Encryption Standard (DES) pr ocesses input data that is 64 bits wide, encrypting these values using a 56 bit key . Faster but less secure than 3DES. – 3DE[...]

  • Page 83

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 5 v1.0, September 2007 Setting Up a Client-to-Gateway VPN Configuration Setting up a VPN between a remote PC runn ing the NETGEAR ProSafe VPN Client and a network gateway (see Figure 5-3 ) involves the following two steps: • “Step 1: Configuring t[...]

  • Page 84

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-6 Basic Virtual Private Networking v1.0, September 2007 2. Select VPN > VPN Wizard from the menu. The WPN W izard screen will display . 3. Check the VPN Client radio b utton and enter th e Connection Name and the pre-shared key . The End Point Information will be populated au tomat[...]

  • Page 85

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 7 v1.0, September 2007 4. Click the VPN W izard Default V alues link on the VPN W izard scree n to display the VPN default values shown below . The W izard sets most parameters to defaults as proposed by the VPN Consortium. 5. Click Apply on the VPN W[...]

  • Page 86

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-8 Basic Virtual Private Networking v1.0, September 2007 The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR W eb site ( http://www .netgear . com ) and select VPN01L_VPN05L in the Product Quick Find drop-down menu for information on[...]

  • Page 87

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 9 v1.0, September 2007 3. Enter the connection settin gs for the new connection: a. Select Secure in the Conn ection Security check box b. Select IP Subnet in the ID T ype menu. In this example, typ e 192 .168.0.0 in the Subnet field as the network ad[...]

  • Page 88

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-10 Basic Virtual Priva te Networking v1.0, September 2007 f. Select Domain Name in the ID T ype menu below the check bo x. g. Enter the public W AN IP Domain Name of the FVG318 in the field di rectly below the ID T ype menu. In this example, fvg_local.com would be used. The resulting [...]

  • Page 89

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-11 v1.0, September 2007 5. Configure the VPN Client Identity . Provide info rmation about the remote VPN client PC. Y ou will need to provide: – The Pre-Shared Key that you co nfigured in the FVG318. – Either a fixed IP address or a “fixed vi r[...]

  • Page 90

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-12 Basic Virtual Priva te Networking v1.0, September 2007 b. Choose None in the Select Certificate box. c. Select IP Address in the ID T ype box. If you are using a virtual fixed IP a ddress, enter this address in the Internal Network IP Addres s box. Otherwise , leave this box empty [...]

  • Page 91

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-13 v1.0, September 2007 c. In the Authentication Method menu, select Pre-Shared key . d. In the Encrypt Alg menu, select the type of en cryption. In this example, use T riple DES. e. In the Hash Alg menu, select SHA-1. f. In the SA Life menu, select [...]

  • Page 92

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-14 Basic Virtual Priva te Networking v1.0, September 2007 8. Save the VPN Client Settings. From the File me nu at the top of the Security Policy Editor window , click Save . After you have configured and saved th e VPN client information, your PC will automatically open the VPN conn e[...]

  • Page 93

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-15 v1.0, September 2007 This will cause a continuous ping to be sent to the first FVG318. After between several seconds and two minutes, the ping response should change from “timed out” to “reply”, as shown below . Once the connection is esta[...]

  • Page 94

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-16 Basic Virtual Priva te Networking v1.0, September 2007 2. The Connection Monitor sc reen for a similar connection is shown below: In this example you can see the following: • The FVG3 18 has a public IP W AN address of 22.23.24.25. • The FVG318 has a LAN IP address of 192.168.3[...]

  • Page 95

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-17 v1.0, September 2007 T ransferring a Security Policy to Another Client This section explains how t o export and import a security policy as an .spd file so that an existing NETGEAR ProSafe VPN Client configuration can be copied to other PCs ru nni[...]

  • Page 96

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-18 Basic Virtual Priva te Networking v1.0, September 2007 T o import an existing Security Policy: 1. Invoke the NETGEAR ProSafe VPN Client and select Import Security Policy from the File pull-down menu. 2. Select the security policy to import. In this example, the security policy file[...]

  • Page 97

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-19 v1.0, September 2007 Setting Up a Gateway-to-G ateway VPN Configuration The following procedure will show how to set the LAN IPs on each FVG318 to dif ferent subnets and configure each properly for the Internet. • The LAN IP address ranges of ea[...]

  • Page 98

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-20 Basic Virtual Priva te Networking v1.0, September 2007 5. In the End Point Information s ection, enter the Remote W ANs IP Address or Internet Name and the Local W AN’ s IP Addres s or Internet Name. Both local and re mote ends must be defined as either IP addresses or Internet N[...]

  • Page 99

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-21 v1.0, September 2007 7. Click Apply to complete the configuration procedure. The IKE Policies menu will display the local and remote W AN connection points as shown below . 8. Click the VPN Policy to displa y the VPN Policies showing that the new [...]

  • Page 100

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-22 Basic Virtual Priva te Networking v1.0, September 2007 T o configure a gate way-to-gatew ay VPN tu nnel using the VPN W iz ard on LAN B:. 1. Log in to the FVG318 on LAN B at its default LAN address of http://192.168.0.1 with its default user name of ad min and password of pa s s w [...]

  • Page 101

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-23 v1.0, September 2007 Activating a VPN T unnel There are three ways to activate a VPN tunnel: • S tart using the VPN tunnel. • Use the IPSec Connection S tatus screen. • Activate the VPN t unnel by pinging the remo te endpoint. T o use a VPN [...]

  • Page 102

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-24 Basic Virtual Priva te Networking v1.0, September 2007 T o activate the VPN tunnel by pinging the remote endpoint, select your configuration (either client-to-gateway or gateway-to-gateway): • Client-to-Gateway Configuration – to check the VPN Connection, you can initiate a req[...]

  • Page 103

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-25 v1.0, September 2007 Once the connection is establish ed, yo u can op en the browser of the PC and enter the LAN IP address of the remote FVG318. Afte r a short wa it, you should see the login screen of the VPN Firewall Router (unless another PC a[...]

  • Page 104

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-26 Basic Virtual Priva te Networking v1.0, September 2007 T o Use the IPSec Connec tion Status screen to change the status of a VPN connection: 3. Click VPN > Connecti on S tatus ( Figure 5-26 ) to get the IPSec Connection S tatus screen ( Figure 5-27 ). This page lists the followi[...]

  • Page 105

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-27 v1.0, September 2007 3. Select the checkbox adjace nt to the policy you want t o disable and click disable. The VPN Policy will be disabled. Using the VPN St atus Page to Deactivate a VPN T unnel T o use the VPN Connection Status screen to deactiv[...]

  • Page 106

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-28 Basic Virtual Priva te Networking v1.0, September 2007[...]

  • Page 107

    Advanced Virtual Private Networking 6-1 v1.0, September 2007 Chapter 6 Advanced V irtual Private Networking This chapter describes how to use the advanced virtual private networking (VPN) features of the VPN firewall. See Chapter 5, “Basic V irtual Private Networking ” for a description on ho w to use the basic VP N fea t u res. The FVG318 uses[...]

  • Page 108

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-2 Advanced Virtual Private Networking v1.0, September 2007 • VPN Policies . Apply the IKE policy to specific traffic that requires a VPN tunnel. Or , you can create a VPN policy that does not use an IKE policy but in which you manually enter all the authentication and key parameters[...]

  • Page 109

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-3 v1.0, September 2007 The IKE Policy Configuration fields are defined in the following tabl e. VPN Policy Configuration for Auto Key and Manual Negotiation Click the Add New VPN Policy link on the Add IKE Policy screen or select VPN > Policies a[...]

  • Page 110

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-4 Advanced Virtual Private Networking v1.0, September 2007 The VPN Manual and Auto Po licy f ields are defined in the following table. Figure 6-3 T able 6-1. VPN Manual and Auto Policy Configuration Fields Field Description General These se ttings identify this policy and determine it[...]

  • Page 111

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-5 v1.0, September 2007 Policy Name The descri ptive name of the VPN policy . Each policy should have a unique policy name. This name is not supplied to the remote VPN endpoint. It is only used to h elp you identify VPN policie s. Policy T ype: A pol[...]

  • Page 112

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-6 Advanced Virtual Private Networking v1.0, September 2007 Manual Policy Parameters The Manual Policy creates an SA (Sec urity Association) based on static inputs SPI-Incoming; SPI-Ou tg o ing T akes a hexadec imal va lue between 3 and 8 characters; for example: 0x1234 Encryption Algo[...]

  • Page 113

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-7 v1.0, September 2007 Using Digit al Certificates for IKE Auto-Policy Authentication Digital certificates are strings gene rated using encryption and authenticatio n sche mes that cannot be duplicated by anyone without access to the diff erent valu[...]

  • Page 114

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-8 Advanced Virtual Private Networking v1.0, September 2007 Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVG318 obtained fro m the corre sponding CA. If the certificate is not present in the CRL it means that the certific[...]

  • Page 115

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-9 v1.0, September 2007 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secret s The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Gateway A connects the internal LAN 10.5.6.0/24 to the In[...]

  • Page 116

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-10 Advanced Virtual Private Networking v1.0, September 2007 FVG318 Gateway A to FVG318 Gateway B ( IKE and VPN Policies) Note : Use this scenario illustration and configuration scr een s as a model to build your configuration. 1. Log in to the FVG318 labeled Ga teway A as in the illus[...]

  • Page 117

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-11 v1.0, September 2007 b. Configure the W AN Internet Address acco rding to the settings above and click Ap ply to save your settings. For more information on configuring the W AN IP settings, please see “Manually Configuring y our Internet Conne[...]

  • Page 118

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-12 Advanced Virtual Private Networking v1.0, September 2007 d. Configure the LAN IP address according to the settings above and click Apply to save your settings. For more information on LAN TCP/IP setup topics, please see “Configuring LAN TCP/IP Setup Parameters” on page 8-2 . 3.[...]

  • Page 119

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-13 v1.0, September 2007 a. Select VPN > Policies and click the VPN Policies tab. The VPN Policies screen will display . Click Add to display the Add VPN Policy screen. b. Configure the VPN Policy according to the se ttings in the illustration abo[...]

  • Page 120

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-14 Advanced Virtual Private Networking v1.0, September 2007 T o test the Gateway A FVG318 L AN and the Gateway B LAN connection: 1. Using our example, from a PC attached to the FVG318 on LAN A, on a W indows PC click t he Star t button on the task bar and then click Run. 2. Ty p e pin[...]

  • Page 121

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-15 v1.0, September 2007 VPN Consortium Scenar io 2: FVG318 Gateway to Gateway with Digit al Certificates The following is a typical gate way-to-gateway VPN that uses Public Key Infrastructure x.509 (PKIX) certificates for authentication. The netw or[...]

  • Page 122

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-16 Advanced Virtual Private Networking v1.0, September 2007 • Hash Algorithm. Select the desired option : MD5 or SHA1. • Signature Algorit hm. Select the desired option: DSS or RSA. • Signatu re Key Length. Select the desired option: 512 , 1024, or 2048. f. Fill in any opti onal[...]

  • Page 123

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-17 v1.0, September 2007 g. Click Generate The FVG318 generates a pending Self Certificate Request as shown below . Click view to display the data. 4. T ransmit the Self Certificate Request data to the T rusted Root CA. a. Highlight the text in the D[...]

  • Page 124

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-18 Advanced Virtual Private Networking v1.0, September 2007 f. The “FVG318” certific ate will display in the Active Self Cer tificates table and the pending “FVG318” Self Certificate Request will be deleted. 7. Associate the new certificate and the Trus ted Root CA certificate[...]

  • Page 125

    Maintenance 7-1 v1.0, September 2007 Chapter 7 Maintenance This chapter describes how to use the maintenance features of your ProSafe 802.1 1g W ireless VPN Firewall. These features can be found by selec ting Monitoring > Router Status from the main menu of the browser interface. V iewing VPN Firewall Router St atus Information The Router S tatu[...]

  • Page 126

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 7-2 Maintenance v1.0, September 2007 This screen shows the following parameters: T able 7-1. FVG318 St atus fields Field Description System Name The System Name assign ed to the firewall. Firmware V ersion The firewall firmware version. Wireless Configuration The wireless setti ngs of t[...]

  • Page 127

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Maintenanc e 7-3 v1.0, September 2007 Click Show S tatistics to display the W AN connection status, This screen shows the data transfer statistics for the W AN and LAN ports, including the duration they were enable d. The foll owing data is displayed:. IP Address The IP address used b y[...]

  • Page 128

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 7-4 Maintenance v1.0, September 2007 Upgrading the Firewall Sof tware The routing software of the FVG318 VPN firewa ll is stored in FL ASH memory , and can be upgraded as new software is released by NETG EAR. Upgrade files ca n be downloaded from NETGEAR's W eb site. If the upgrade[...]

  • Page 129

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Maintenanc e 7-5 v1.0, September 2007 3. Highlight the file and click Upload . In some cases, you may need to reco nfigure the firewall after upgrading. Backing Up and Restoring Settings The configuration settings of the VPN firewall are st ored within the firewall in a configuration fi[...]

  • Page 130

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 7-6 Maintenance v1.0, September 2007 Changing the Administrator Password The default password for the firewa ll’ s W e b Configuration Manager is password . NETGEAR recommends that you ch ange this password to a more secure password. Select Administration > Set Password to display [...]

  • Page 131

    Advanced Configuration 8-1 v1.0, September 2007 Chapter 8 Advanced Configuration This chapter describes how to configure the advan ced features of your ProSafe 802.1 1g W ireless VPN Firewall FVG318. Configuring Dynamic DNS If your network has a pe rman ently assigned IP addr ess, you ca n register a domain name and have that name linked with y our[...]

  • Page 132

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-2 Advanced Configuration v1.0, September 2007 8. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.dyndns.or g to be aliased to th[...]

  • Page 133

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-3 v1.0, September 2007 These addresses are part of the IETF-designated private address range for use in private networks, and should be suitabl e in most applications. If yo ur network has a requirement to use a different IP addressing scheme, you can make those[...]

  • Page 134

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-4 Advanced Configuration v1.0, September 2007 • Primary DNS server (if you entered a primar y DNS address in the W AN Settings menu; otherwise, the firewall’ s LAN IP address) • Secondary DNS server (if you entered a seco ndary DNS address in the W AN Settings menu Using Address[...]

  • Page 135

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-5 v1.0, September 2007 Configuring S t atic Routes Stat ic Routes provide additional routing info rmation to your firewall. Under normal circumstances, the firewall has adequate routing info rmation after it has be en configured for Internet access, and you do n[...]

  • Page 136

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-6 Advanced Configuration v1.0, September 2007 5. T ype the Destination IP Address of the final destination. 6. T ype the IP Subnet Mask for this destination. If the destination is a single host, type 255.255.255.2 55 . 7. T ype the Gateway IP Address, which must be a firewall on the s[...]

  • Page 137

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-7 v1.0, September 2007 – When set to Both or In Only , it incorpor ates the RIP information that it receives. – When set to None, it will not send any RIP packets and ignores any RIP packets rece ived. 3. Enable the RIP V ersion. This controls the fo rmat an[...]

  • Page 138

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-8 Advanced Configuration v1.0, September 2007 • Y ou have an ISDN firewall on your home network for connecti ng to the company where you are employed. This firewall’ s address on your LAN is 192.168.0.100. • Y ou r company’ s network is 13 4.177.0.0. When you first con figured[...]

  • Page 139

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-9 v1.0, September 2007 2. Select the Y es radio box for Allow Remote Ma nagement. • Specify what external addresses will be allowed to access the firewall’ s remote management. • T o allow access from any IP address on the Internet, select Everyone . • T[...]

  • Page 140

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-10 Advanced C onfiguration v1.0, September 2007 SNMP Administration Simple Network Manage ment Protocol (SNMP) lets you monito r and manage you r router from an SNMP Manager . SNMP provides a remote means to monitor and control network de vices, and to manage configurations, statisti [...]

  • Page 141

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-11 v1.0, September 2007 T o create a new SNMP configuration entry: 1. Enter the IP address of an SNMP trap agent. 2. Enter the Subnet Mask. The network mask used to determine the list of allowed SNMP managers. • T o allow any IP on the n etwork to manager the [...]

  • Page 142

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-12 Advanced C onfiguration v1.0, September 2007 Enabling Universal Plug and Play (UPnP) UPnP (Universal Plug and Play) allows for auto matic d iscovery of de vices that ca n communicate with this router . This feature should be used with caution as it breaches firewall security . Sele[...]

  • Page 143

    Troubleshooting 9-1 v1.0, September 2007 Chapter 9 T roubleshooting This chapter gives informatio n about troubleshootin g your ProSafe 802.1 1g W ireless VPN Firewall. After each problem description, instructio ns are provided to help you dia gnose and solve the problem. Basic Functioning After you turn on power to th e firewall, the following seq[...]

  • Page 144

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-2 Troubleshooting v1.0, September 2007 LEDs Never T urn Off When the firewall is turned on, the LEDs turn on brief ly and th en turn of f. If all the LEDs stay on, there is a fault within the firewall. If all LEDs are still on one minute after power up: • Cycle the power to see if t[...]

  • Page 145

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Troubleshooting 9-3 v1.0, September 2007 Note: If your PC’ s IP address is sh own as 169.254.x.x: Recent versions of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server . These auto-generated addresses are in the range of 169.254.x.x. If[...]

  • Page 146

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-4 Troubleshooting v1.0, September 2007 If your firewall is unable to obtain an IP address from the ISP , you may need to force your cable o r DSL modem to recognize your new firewall by performing the fo llowing procedure: 1. T urn off power to th e cable or DSL modem. 2. T urn off po[...]

  • Page 147

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Troubleshooting 9-5 v1.0, September 2007 T roubleshooting a TCP/IP Ne twork Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility th at sends an echo request packet to the designated device. The device then respond s with an echo reply . T roubleshooting[...]

  • Page 148

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-6 Troubleshooting v1.0, September 2007 – V erify that the IP addres s for your firewa ll and your workstation are correct and that the addresses are on the same subnet. T esting the Path from Y our PC to a Remote Device After verifying that the LAN path works correctly , test the pa[...]

  • Page 149

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Troubleshooting 9-7 v1.0, September 2007 • Use the Reset button on the rear panel of the firewa ll. Use this method for cases when the administration password or IP address are not known. a. Press and hold the Reset button until the T est LED turns on and begins blinking (about 10 sec[...]

  • Page 150

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-8 Troubleshooting v1.0, September 2007[...]

  • Page 151

    Default Settings and Technical Specifications A-1 v1.0, September 2007 Appendix A Default Settings and T echnical Specifications Default Settings Y ou can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset. • T o perform a hard reset, push and hold the reset button[...]

  • Page 152

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual A-2 Default Settings and Technical Specifications v1.0, September 2007 DHCP S tarting IP Addre s s 192.168.0.2 DHCP Ending IP Address 192.168.0.100 DMZ Disabled T ime Zone GMT T ime Zone Adj usted for Daylight Saving Ti m e Disabled SNMP Disabled Firewall Inbound (communications coming [...]

  • Page 153

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Default Settings and Technical Specifications A-3 v1.0, September 2007 T echnical S pecifications This appendix provides techni cal specifications for the ProSafe 802.1 1g W ireless VPN Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP , RIP-1, RI[...]

  • Page 154

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual A-4 Default Settings and Technical Specifications v1.0, September 2007[...]

  • Page 155

    Related Documents B-1 v1.0, September 2007 Appendix B Related Document s This appendix provides links to reference documents you c an use to gain a more comple te understanding of the technolog ies used in your NETGEAR prod uct. Document Link Windows XP and Vista Wireless Configuration Utilities http://documentation.netgear .com/refer ence/enu/winz[...]

  • Page 156

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual B-2 Related Documents v1.0, September 2007[...]

  • Page 157

    VPN Configuration of NETGEAR FVG318 C-1 v1.0, September 2007 Appendix C VPN Configuration of NETGEAR FVG318 This is a case study on how to configure a s ecure IPSec VPN tunnel on a NETGEAR FVS318v3. This case study follows the VP N Consortium interoperability profile guidelines (found at http://www .vpnc.or g/Inter opPr ofiles/Inter op-01.html ). T[...]

  • Page 158

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-2 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Configuring the Gateways Configure each gateway: 1. Configure Gate A. a. Log in to the r outer at Gateway A. b. Use the VPN Wizard to configur e this router . Enter the requested information as prompted by the VPN W izard: •[...]

  • Page 159

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-3 v1.0, September 2007 Activating the VPN T unnel Y ou can activate the VPN tunnel by testing co nnectivity and viewing the VPN tunnel stat us information as described in the following flowchart: Figure C-2 All traffic from the range of LAN IP addr[...]

  • Page 160

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-4 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Configuring the VPN T unnel This scenario assumes all ports are open on the FVG318. Use this scenario illustration and configuration scr een s as a model to build your configuration. 1. Log in to the FVG318 labeled Gateway A. [...]

  • Page 161

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-5 v1.0, September 2007 – Subnet Mask: 255.255.255.0 (in this example) 3. Log in to the FVG318 labeled Gateway B. Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of password (or using wh[...]

  • Page 162

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-6 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Initiating and Checki ng the VPN Connections Y ou can test connectivity and view VPN status information on the FVG3 18 according to the testing flowchart shown in Figure C-2 . T o test the VPN tunnel from the Gateway A LAN, do[...]

  • Page 163

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-7 v1.0, September 2007 The FVG318-to-FVS318v2 Case Configuring the VPN T unnel This scenario assumes all ports ar e open on the FVG318 an d FVS318v2. Use this scenario illustration and configuration scr een s as a model to build your configuration.[...]

  • Page 164

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-8 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 • Connection Name: Scenario_1 (in this example) • Pre-Shared Key: 123456 78 (in this example), must be the same at both VPN tunnel endpoints • Remote W AN IP address: 22.23.24.25 (in this example), must be un ique at eac[...]

  • Page 165

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-9 v1.0, September 2007 • The remote W AN and LAN IP addresse s for one VPN tunnel endpoint will be the local W AN and LAN IP addresses for the other VPN tunnel endpoint. • The VPN W izard ensures the other VPN parameters are the sa me at both V[...]

  • Page 166

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-10 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 The FVG318-to-FVL328 Case Configuring the VPN T unnel This scenario assumes all ports ar e open on the FVG318 an d FVL328. Use this scenario illustration and configuration scr een s as a model to build your configuration. 1. [...]

  • Page 167

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-11 v1.0, September 2007 • Pre-Shared Key: 123456 78 (in this example), must be the same at both VPN tunnel endpoints • Remote W AN IP address: 22.23.24.25 (in this example), must be un ique at each VP N tunnel endpoin t • Remote LAN IP Subnet [...]

  • Page 168

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-12 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 • The remote W AN and LAN IP addresse s for one VPN tunnel endpoint will be the local W AN and LAN IP addresses for the other VPN tunnel endpoint. • The VPN W izard ensures the other VPN parameters are the sa me at both V[...]

  • Page 169

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-13 v1.0, September 2007 The FVG318-to-VPN Client Case Client-to-Gateway VPN T unnel Overview The operational differences between gateway-to-g atew ay and client-to-gateway VPN tunnels are summarized as follows: T able C-4. Policy Summary VPN Consort[...]

  • Page 170

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-14 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Configuring the VPN T unnel This scenario assumes all ports are open on the FVG318. Use this scenario illustration and configuration scr een s as a model to build your configuration. 1. Log in to the FVG318 labeled Gateway A [...]

  • Page 171

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-15 v1.0, September 2007 b. Add a new connection using the Edit /Add/Connection menu and rename it Scenario_1 . ( Scenario_1 is used in this example to reflect the fact that the co nnection uses the Pre- Shared Key security scheme and encryption para[...]

  • Page 172

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-16 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 d. Select Security Policy on the left hierarchy menu and then select Aggressive Mode under Select Phase 1 Negotiation Mode (see Figure C-9 ). (The Select Phas e 1 Negotiation Mode choice must match the Exchange Mode setting f[...]

  • Page 173

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-17 v1.0, September 2007 •U n d e r My Identity , select Domain Name for the ID T ype and then enter fvs_remote . ( Domain Name must match the Remote Identity Data parameter of the IKE Policy Configuration screen shown in Figure C-10 for the gatewa[...]

  • Page 174

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-18 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Y ou are new ready to activate the tunnel, but you must do it from the client endpoint (see “Initiating and Checking the VP N Conn ections” on pa ge C-18 ). In the client-to-gateway scenario, the gateway router will not k[...]

  • Page 175

    ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-19 v1.0, September 2007 2. T est 2: Ping Remote W AN IP Address (if T est 1 fails): T o test co nnectivity between the Gateway A and Gateway B W AN ports, follow these steps: a. From a W indows Client PC, click the St a r t button on the task bar an[...]

  • Page 176

    ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-20 VPN Configuration of NETGEAR FVG318 v1.0, September 2007[...]