NETGEAR ProSafe FVS338 Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Firewall
  5. FVS338 - ProSafe VPN Firewall 50 Router
  6. Reference manual
NETGEAR ProSafe FVS338 Reference Manual

NETGEAR ProSafe FVS338 Reference Manual

Vpn firewall 50
Hide thumbs Also See for ProSafe FVS338:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Installation Manual
FVS338 ProSafe VPN
Firewall 50 Reference
Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
September 2006
202-10046-03
v1.0

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR ProSafe FVS338

Summary of Contents for NETGEAR ProSafe FVS338

  • Page 1 FVS338 ProSafe VPN Firewall 50 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA September 2006 202-10046-03 v1.0...
  • Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations. Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
  • Page 4 Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Page 5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.
  • Page 6 Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS338 September 2006 VPN firewall ProSafe VPN Firewall 50 Business English 202-10046-03 v1.0, September 2006...

  • Page 7: Table Of Contents

    Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network ...2-1 Logging in to the VPN Firewall ...2-1 Configuring your Internet Connection ...2-2 Setting the Router’s MAC Address (Advanced Options) ...2-7 v1.0, September 2006 Contents...
  • Page 8 Manually Configuring Your Internet Connection ...2-9 Programming the Traffic Meter (if Desired) ...2-12 Configuring the WAN Mode ...2-15 Configuring Dynamic DNS (If Needed) ...2-16 Chapter 3 LAN Configuration Configuring Your LAN (Local Area Network) ...3-1 Using the VPN Firewall as a DHCP Server ...3-1 Configuring Multi-Home LAN IPs ...3-4 Managing Groups and Hosts ...3-5 Creating the Network Database ...3-5...
  • Page 9 Specifying Quality of Service (QoS) Priorities ...4-19 Setting a Schedule to Block or Allow Traffic ...4-20 Setting Block Sites (Content Filtering) ...4-21 Enabling Source MAC Filtering ...4-23 Setting Up Port Triggering ...4-24 E-Mail Notifications of Event Logs and Alerts ...4-27 Administrator Information ...4-31 Chapter 5 Virtual Private Networking...
  • Page 10 Enabling the Traffic Meter ...6-16 Setting Login Failures and Attacks Notification ...6-18 Monitoring Attached Devices ...6-20 Viewing Port Triggering Status ...6-21 Viewing Router Configuration and System Status ...6-22 Monitoring WAN Ports Status ...6-23 Monitoring VPN Tunnel Connection Status ...6-24 VPN Logs ...6-25...
  • Page 11 DHCP Log ...6-25 Performing Diagnostics ...6-26 Chapter 7 Troubleshooting Basic Functions ...7-1 Power LED Not On ...7-1 LEDs Never Turn Off ...7-2 LAN or Internet Port LEDs Not On ...7-2 Troubleshooting the Web Configuration Interface ...7-2 Troubleshooting the ISP Connection ...7-4 Troubleshooting a TCP/IP Network Using a Ping Utility ...7-5 Testing the LAN Path to Your Firewall ...7-5 Testing the Path from Your PC to a Remote Device ...7-6...
  • Page 12 v1.0, September 2006...

  • Page 13: About This Manual

    The NETGEAR ® ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to install, configure and troubleshoot the ProSafe VPN Firewall 50. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in the following paragraphs.

  • Page 14: How To Use This Manual

    For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Note: Updates to this product are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/FVS338.asp. How to Use This Manual The HTML version of this manual includes the following: •...

  • Page 15: Revision History

    • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. • Click the print icon in the upper left of your browser window. –...
  • Page 16 FVS338 ProSafe VPN Firewall 50 Reference Manual v1.0, September 2006...

  • Page 17: Introduction

    The ProSafe VPN Firewall 50 with 8 port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. The FVS338 is a complete security solution that protects your network from attacks and intrusions.

  • Page 18: Full Routing On Both The Broadband And Serial Wan Ports

    FVS338 ProSafe VPN Firewall 50 Reference Manual Full Routing on Both the Broadband and Serial WAN Ports You can install, configure, and operate the FVS338 to take full advantage of a variety of routing options on both the serial and broadband WAN ports, including: •...

  • Page 19: Autosensing Ethernet Connections With Auto Uplink

    • Port Forwarding with NAT. Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request. You can specify forwarding of single ports or ranges of ports.

  • Page 20: Trend Micro Integration

    ISP account. • VPN Wizard. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the VPN tunnels are interoperable with other VPNC-compliant VPN routers and clients.

  • Page 21: Maintenance And Support

    • Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. Router Hardware Components Following is a description of the front and rear panels of the FVS338, including instructions for installing the FVS338 using the rack mounting hardware.

  • Page 22: Router Front Panel

    LEDs Description Power is supplied to the router. Power is not supplied to the router. Test mode: The system is initializing or the initialization has failed. Writing to Flash memory (during upgrading or resetting to defaults). The system has booted successfully.

  • Page 23: Router Rear Panel

    Activity Local LEDs Link/Act LED On (Green) Blinking (Green) 100 LED On (Green) Router Rear Panel The rear panel of the ProSafe VPN Firewall 50 power connection. MODEM FACTORY DEFAULTS Figure 1-2 Viewed from left to right, the rear panel contains the following elements: •...

  • Page 24: Rack Mounting Hardware

    FVS338 ProSafe VPN Firewall 50 Reference Manual Rack Mounting Hardware The FVS338 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in Figure 1-3 Factory Default Login Check the label on the bottom of the FVS338’s enclosure if you forget the following factory default information: •...
  • Page 25 To log in to the FVS338 once it is connected: 1. Open a Web browser. 2. Enter http://192.168.1.1 as the URL. Figure 1-5 3. Once the login screen displays • admin for User Name • password for Password Introduction FVS338 ProSafe VPN Firewall 50 Reference Manual (Figure 1-5), enter the following: v1.0, September 2006...
  • Page 26 FVS338 ProSafe VPN Firewall 50 Reference Manual 1-10 Introduction v1.0, September 2006...

  • Page 27: Connecting The Fvs338 To The Internet

    Chapter 5, “Virtual Private 1. Connect the firewall physically to your network. Connect the cables, turn on your router and wait for the Test LED to go out. Make sure your Ethernet and LAN LEDs are lit. (See the FVS338 ProSafe VPN Firewall 50 Installation Guide on your Resource CD.)

  • Page 28: Configuring Your Internet Connection

    FVS338 ProSafe VPN Firewall 50 Reference Manual To log in to the VPN firewall: 1. Open a Internet Explorer, Netscape® Navigator, or Firefox browser. In the browser window, enter http://192.168.1.1 in the address field. The FVS338 login screen will display. Figure 2-1 2.
  • Page 29 Figure 2-2 2. Click Auto Detect at the bottom of the screen to automatically detect the type of Internet connection provided by your ISP. Auto Detect will probe for different connection methods and suggest one that your ISP will most likely support. When Auto Detect successfully detects an active Internet service, it reports which connection type it discovered.
  • Page 30 ISP serial WAN interface. The Dialup Settings screen will assist you in setting up the router to access the Internet connection using a dialup modem. Since the Dialup ISP Settings must be configured manually, you will need all of your ISP settings information before you begin.
  • Page 31 1. Select Network Configuration from the main menu, WAN Settings from the submenu and click the Dialup ISP Settings tab to display the Dialup settings screen. Figure 2-4 2. Enter the following Dialup Account settings: a. Account/User name: Enter the account name or the user name provided by your ISP. This name will be used to log in to the ISP server.
  • Page 32 7. Enter any modem specific parameters to tune the router for different modems: c. Serial Line Speed: Select the baud rate with which the serial port of the router and the modem connect. Available speeds range from 4.8Kbps to 460.8Kbps.

  • Page 33: Setting The Router's Mac Address (Advanced Options)

    Setting the Router’s MAC Address (Advanced Options) Each computer or router on your network has a unique 48-bit local Ethernet address. This is also referred to as the computer's MAC (Media Access Control) address. The default is set to Use Default Address.
  • Page 34 FVS338 ProSafe VPN Firewall 50 Reference Manual This could occur on some older broadband modems. If you know that the Ethernet port on your broadband modem supports 100BaseT, select 100BaseT; otherwise, select 10BaseT. Use the half-duplex settings if full-duplex modes do not work. Figure 2-5 You can also change the standard MTU (Maximum Transmit Unit) value for dialup modems from the Dialup ISP Settings screen.

  • Page 35: Manually Configuring Your Internet Connection

    If you know your Broadband ISP connection type, you can bypass the Auto Detect feature and connect your router manually. Ensure that you have all of the relevant connection information such as IP Addresses, account information, type of ISP connection, etc., before you begin. Unless your...
  • Page 36 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 2-7 To manually configure your WAN1 ISP settings: 1. Does your Internet connection require a login? If you need to enter login information every time you connect to the Internet through your ISP, select Yes. Otherwise, select No. 2.
  • Page 37 Address radio box and fill in the following fields: a. IP Address: Static IP address assigned to you. This will identify the router to your ISP. b. Subnet Mask: This is usually provided by the ISP or your network administrator.

  • Page 38: Programming The Traffic Meter (If Desired)

    5. Click Apply to save the settings or click Cancel to revert to the previous settings. 6. Click Test to try and connect to the NETGEAR Web site. If you connect successfully and your settings work, then you may click Logout or go on and configure additional settings.
  • Page 39 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 2-8 Connecting the FVS338 to the Internet 2-13 v1.0, September 2006...
  • Page 40 Enable Traffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's Broadband or Dialup port. Broadband or Dialup can be selected by clicking the appropriate tap; the entire configuration is specific to each interface.

  • Page 41: Configuring The Wan Mode

    2. Check either the NAT or Classical Routing radio box. NAT is the default. 3. Select the Port Mode. The Port Mode settings allow you to configure your router to use only one WAN port or to select the Dialup port as a backup.

  • Page 42: Configuring Dynamic Dns (If Needed)

    Broadband with Dialup as backup for auto-rollover. 4. The WAN Failure Detection Method must be configured to notify the router of a link failure if you are using Dialup as a backup to engage auto-rollover. The router checks the connection of the primary link at regular intervals to detect its status.
  • Page 43 This router firmware includes software that notifies dynamic DNS servers of changes in the WAN IP address, so that the services running on this network can be accessed by others on the Internet. After you have configured your account information in the firewall, whenever your ISP-assigned IP address changes, your firewall will automatically contact your dynamic DNS service provider, log in to your account, and register your new IP address.
  • Page 44 FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Check the Dynamic DNS Service radio box you want to enable. The fields corresponding to the selection you have selected will be highlighted. Each DNS service provider requires its own parameters. 3. Access the Web site of one of the DDNS service providers and set up an account. A link to each DDNS provider is opposite the DNS Configuration screen name.

  • Page 45: Lan Configuration

    WINS Server (if you entered a WINS server address in the DHCP Setup menu) • Lease Time (date obtained and duration of lease). The LAN Setup screen allows you to configure the LAN on your router. The default values are suitable for most users and situations. LAN Configuration LAN Configuration v1.0, September 2006...
  • Page 46 Unless you are implementing subnetting, use 255.255.255.0 as the subnet mask (computed by the router). 4. Check the Enable DHCP Server radio button. By default, the router will function as a DHCP (Dynamic Host Configuration Protocol) server, providing TCP/IP configuration for all computers connected to the router's LAN.
  • Page 47 Note: The Starting and Ending DHCP addresses should be in the same “network” as the LAN TCP/IP address of the router (the IP Address in LAN TCP/IP Setup section). d. Enter a WINS Server IP address. This box can specify the Windows NetBios Server IP if one is present in your network.

  • Page 48: Configuring Multi-Home Lan Ips

    IP and DNS server IP addresses. Figure 3-2 Tip: The Secondary LAN IP address will be assigned to the LAN interface of the router and can be used as a gateway by the secondary subnet. Figure 3-2 on page v1.0, September 2006...

  • Page 49: Managing Groups And Hosts

    The Known PCs and Devices table on the Groups and Hosts screen contains a list of all known PCs and network devices, as well as hosts, that are assigned dynamic IP addresses by this router. Collectively, these entries make up the Network Database. The Network Database is created in two ways: •...
  • Page 50 Name will be appended by an asterisk. • IP Address: The current IP address of the computer. For DHCP clients of the router, this IP address will not change. If a computer is assigned a static IP addresses, you will need to update this entry manually if the IP address on the computer has been changed.
  • Page 51 To edit an entry in the Known PCs and Devices table: 1. Click Edit adjacent to the entry you want to modify. The Edit Known PCs and Devices screen will display. Make your modifications to the entry. 2. Click Apply to save your settings. The changes will appear the Known PCs and Devices table.

  • Page 52: Setting Up Address Reservation

    FVS338 ProSafe VPN Firewall 50 Reference Manual Setting Up Address Reservation When you specify a reserved IP address for a device on the LAN (based on the MAC address of the device), that computer or device will always receive the same IP address each time it accesses the firewall’s DHCP server.

  • Page 53: Static Route Example

    5. Type the Destination IP Address or network of the route’s final destination. 6. Enter the IP Subnet Mask for this destination. If the destination is a single host, enter 255.255.255.255. Figure 3-4 7. From the Interface pull-down menu, selection the physical network interface (Broadband, Dialup, or LAN) through which this route is accessible.

  • Page 54: Rip Configuration

    RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) and is commonly used in internal networks. It allows a router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.
  • Page 55 1. Select Network Configuration from the main menu and Routing from the submenu. The Routing screen will display. 2. Click the RIP Configuration link. The RIP Configuration screen will display. 3. From the RIP Direction pull-down menu, select the direction for the router to send and receive RIP packets: •...

  • Page 56: Enabling Trend Micro Antivirus Enforcement

    FVS338 ProSafe VPN Firewall 50 Reference Manual • None – the router neither broadcasts its route table nor does it accept any RIP packets from other routers. This effectively disables RIP. 4. Select the RIP Version from the pull-down menu: •...
  • Page 57 3. Enter the IP address of the OfficeScan Server on your local network. 4. Enter the 5-digit port number used for communications between the OfficeScan clients and the server. 5. Click Apply to enable Trend Micro. The Host Exclusion List table lists PCs that are allowed to access the WAN without OfficeScan client.
  • Page 58 FVS338 ProSafe VPN Firewall 50 Reference Manual 3-14 LAN Configuration v1.0, September 2006...

  • Page 59: Firewall Protection And Content Filtering

    About Firewall Security A firewall is a special category of router that protects one network (the “trusted” network, such as your LAN) from another (the untrusted network, such as the Internet), while allowing communication between the two.

  • Page 60: Services-Based Rules

    FVS338 ProSafe VPN Firewall 50 Reference Manual • Outbound: Allow all access from the LAN side to the outside. Services-Based Rules The rules to block traffic are based on the traffic’s category of service. • Inbound Rules (port forwarding). Inbound traffic is normally blocked by the firewall unless the traffic is in response to a request from the LAN side.
  • Page 61 Table 4-1. Outbound Rules Fields Item Description Services Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see Action Select the desired action for outgoing connections covered by this rule: •...

  • Page 62: Inbound Rules (Port Forwarding)

    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-1. Outbound Rules Fields (continued) Item Description QoS Priority This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. By default, the priority shown is that of the selected service.
  • Page 63 Table 4-2. Inbound Rules Fields Item Description Services Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see Action Select the desired action for packets covered by this rule: •...

  • Page 64: Order Of Precedence For Firewall Rules

    FVS338 ProSafe VPN Firewall 50 Reference Manual Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.

  • Page 65: Setting Lan Wan Rules

    LAN to the Internet (Outbound) or coming in from the Internet to the LAN (Inbound). The default policy can be changed to block all outbound traffic and enable only specific services to pass through the router. To change the Default Outbound Policy: 1.

  • Page 66: Lan Wan Outbound Services Rules

    FVS338 ProSafe VPN Firewall 50 Reference Manual • Down – to move the rule down one position in the table rank. 2. Check the radio box adjacent to the rule and click: • Click Disable to disable the rule. The “!” Status icon will change from green to grey, indicating that the rule is disabled.

  • Page 67: Lan Wan Inbound Services Rules

    Figure 4-3 LAN WAN Inbound Services Rules This Inbound Services Rules table lists all existing rules for inbound traffic. If you have not defined any rules, no rules will be listed. By default, all inbound traffic is blocked. WAN Users: Whether all WAN addresses or specific IP addresses are included in the rule.

  • Page 68: Attack Checks

    Figure 4-4 Attack Checks This screen allows you to specify whether or not the router should be protected against common attacks in the LAN and WAN networks. The various types of attack checks are listed on the Attack Checks screen and defined below: •...
  • Page 69 Gateway are first filtered through NAT and then encrypted per the VPN policy. For example, if a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN endpoint on the WAN (placing this router between two VPN end points), encrypted packets will be sent to this router.

  • Page 70: Inbound Rules Examples

    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-5 Inbound Rules Examples Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day.

  • Page 71: Allowing Videoconference From Restricted Addresses

    IP addresses to map to servers on your LAN. One of these public IP addresses will be used as the primary IP address of the router. This address will be used to provide Internet access to your LAN PCs through NAT. The other addresses are available to map to your servers.
  • Page 72 FVS338 ProSafe VPN Firewall 50 Reference Manual 3. From the service pull-down menu, select the HTTP service for a Web server. 4. From the Action pull-down menu, select Allow Always. 5. In the Send to LAN Server field, enter the local IP address of your Web server PC. 6.

  • Page 73: Specifying An Exposed Host

    1. Create an inbound rule that allows all protocols. 2. Place the rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.

  • Page 74: Outbound Rules Example - Blocking Instant Messenger

    FVS338 ProSafe VPN Firewall 50 Reference Manual 1. Select All protocols and ALLOW Always (or Allow by Schedule) 2. Place rule below all other inbound rules Figure 4-10 Outbound Rules Example – Blocking Instant Messenger Outbound rules let you prevent users from using applications such as AOL Instant Messenger, Real Audio or other non-essential sites.

  • Page 75: Adding Customized Services

    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-11 Adding Customized Services Services are functions performed by server computers at the request of client computers. You can configure up to 125 custom services. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’...
  • Page 76 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-12 To add a service: 1. Select Security from the main menu and Services from the submenu. The Services screen will display. 2. In the Add Custom Service table, enter a descriptive name for the service (this is for your convenience).

  • Page 77: Specifying Quality Of Service (Qos) Priorities

    To edit the parameters of a service: 1. In the Custom Services Table, click the Edit icon adjacent to the service you want to edit. The Edit Service screen will display. 2. Modify the parameters you wish to change. 3. Click Reset to cancel the changes and restore the previous settings. 4.

  • Page 78: Setting A Schedule To Block Or Allow Traffic

    FVS338 ProSafe VPN Firewall 50 Reference Manual Setting a Schedule to Block or Allow Traffic If you defined an outbound or inbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The firewall allows you to specify when blocking will be enforced by configuring one of the Schedules—Schedule 1, Schedule 2 or Schedule 3.

  • Page 79: Setting Block Sites (Content Filtering)

    Web site is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message. Several types of blocking are available: •...
  • Page 80 FVS338 ProSafe VPN Firewall 50 Reference Manual 5. Build your list of blocked Keywords or Domain Names in the Blocked Keyword fields. After each entry, click Add. The Keyword or Domain name will be added to the Blocked Keywords table. (You can also edit an entry by clicking Edit in the Action column adjacent to the entry.) 6.

  • Page 81: Enabling Source Mac Filtering

    Enabling Source MAC Filtering Source MAC Filter allows you to filter out traffic coming from certain known machines or devices. • By default, the source MAC address filter is disabled. All the traffic received from PCs with any MAC address is allowed by default. •...

  • Page 82: Setting Up Port Triggering

    • After a PC has finished using a Port Triggering application, there is a Time-out period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated. Note: For additional ways of allowing inbound traffic, see Services Rules”...
  • Page 83 To add a Port triggering rule: 1. Select Security from the main menu and Port Triggering from the submenu. The Port Triggering screen will display. 1. Enter a user-defined name for this rule in the Name field. 2. From the Enable pull-down menu, indicate if the rule is enabled or disabled. Figure 4-16 3.
  • Page 84 FVS338 ProSafe VPN Firewall 50 Reference Manual b. Enter the End Port range (1 - 65534). 5. In the Incoming (Response) Port Range fields: a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 6.

  • Page 85: E-Mail Notifications Of Event Logs And Alerts

    FVS338 ProSafe VPN Firewall 50 Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be configured to log and then e-mail denial of access, general attack information, and other information to a specified email address. For example, your VPN firewall will log security-related events such as: accepted and dropped packets on different segments of your LAN;...
  • Page 86 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-18 To set up Firewall Logs and E-mail alerts: 1. Select Monitoring from the main menu and then Firewall Logs & E-mail from the submenu. The Firewall Logs & E-mail screen will display. 2.
  • Page 87 4. In the Security Logs section, check the network segments radio box for which you would like logs to be sent (for example, LAN to WAN under Dropped Packets). 5. In the System Logs section, check the radio box for the type of system events to be logged. 6.
  • Page 88 FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-3. SysLog Facility Message Levels (continued) Numerical Code Severity Notice: Normal but significant conditions Informational: Informational messages Debug: Debug level messages To view the Firewall logs: 1. Click on the View Log icon opposite the Firewall Logs & E-mail tab. The Logs screen will display.

  • Page 89: Administrator Information

    Table 4-4. Log Entry Descriptions Field Description Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address of the initiating device for this log entry. Source port and The service port number of the initiating device, and whether it originated from the interface...
  • Page 90 FVS338 ProSafe VPN Firewall 50 Reference Manual 4-32 Firewall Protection and Content Filtering v1.0, September 2006...

  • Page 91: Virtual Private Networking

    Fixed (client-to-gateway through a Dynamic NAT router) a. All tunnels must be re-established after a rollover using the new WAN IP address. The use of fully qualified domain names is mandatory when the WAN ports are in rollover mode (“Configuring the WAN Mode” on page When using rollover mode, you must configure a Dynamic DNS service (see Dynamic DNS (If Needed)”...

  • Page 92: Setting Up A Vpn Connection Using The Vpn Wizard

    FVS338 ProSafe VPN Firewall 50 Reference Manual Setting up a VPN Connection using the VPN Wizard Setting up a VPN tunnel connection requires that all settings and parameters on both sides of the VPN tunnel match or mirror each other precisely, which can be a daunting task. The VPN Wizard can assist in guiding you through the setup procedure by asking you a series of questions that will determine the IPSec keys and VPN policies it sets up.

  • Page 93: Creating A Vpn Tunnel Connection To A Vpn Client

    1 to 25. As an example, if the client-type policy on the router is configured with “home” as the policy name, and if two users are required to connect using this policy, then the “Local Identity” in their policy should be configured as “home1.fvs_remote.com”...

  • Page 94: Ike Policies

    FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Click Apply. The VPN Client screen will display showing that the VPN Client has been enabled. Click the IKE Policies tab to view the corresponding IKE Client Policy. IKE Policies The IKE (Internet Key Exchange) protocol performs negotiations between the two VPN Gateways, and provides automatic management of the Keys used in IPSec.

  • Page 95: Ike Policy Table

    IKE Policy Table When you use the VPN Wizard to set up a VPN tunnel, an IKE Policy is established and populated in the Policy Table and is given the same name as the new VPN connection name. You can also edit exiting policies or add new IKE policies directly on the Policy Table Screen.

  • Page 96: Vpn Policy Operation

    FVS338 ProSafe VPN Firewall 50 Reference Manual • Manual. All settings (including the keys) for the VPN tunnel are manually input at each end (both VPN endpoints). No third party server or organization is involved. • Auto. Some parameters for the VPN tunnel are generated automatically by using the IKE (Internet Key Exchange) protocol to perform negotiations between the two VPN endpoints (the Local ID Endpoint and the Remote ID Endpoint).

  • Page 97: Vpn Tunnel Connection Status

    • Local. IP address (either a single address, range of address or subnet address) on your local LAN. Traffic must be from (or to) these addresses to be covered by this policy. (Subnet address is the default IP address when using the VPN Wizard). •...

  • Page 98: Creating A Vpn Gateway Connection: Between Fvs338 And Fvx538

    Creating a VPN Gateway Connection: Between FVS338 and FVX538 This section describes how to configure a VPN connection between a NETGEAR FVS338 VPN Firewall and a NETGEAR FVX538 VPN Firewall. Using each firewall's VPN Wizard, we will create a set of policies (IKE and VPN) that will allow the two firewalls to connect from locations with fixed IP addresses.
  • Page 99 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-1 The IKE Policies screen will display showing the new “to_fvx” policy. Figure 5-2 You can view the IKE parameters by clicking Edit in the Action column adjacent to the “to- fvs” policy. It should not be necessary to make any changes. Virtual Private Networking v1.0, September 2006...
  • Page 100 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-3 Click the IKE Policies tab to view the corresponding IKE Policy. The IKE Policies screen will display. Figure 5-4 You can view the VPN parameters by clicking Edit in the Actions column adjacent to “to_fvx”.

  • Page 101: Configuring The Fvx538

    Figure 5-5 Configuring the FVX538 To configure the FVX538 using the VPN Wizard: 1. Select VPN from the main menu. The Policies screen will display. Click the VPN Wizard link. The VPN Wizard screen will display. 2. Check the Gateway radio box to establish a remote VPN gateway. 3.

  • Page 102: Testing The Connection

    FVX538 or FVS338. Creating a VPN Client Connection: VPN Client to FVS338 This section describes how to configure a VPN connection between a Windows PC (the client) installed with the NETGEAR ProSafe VPN Client and the VPN firewall. 5-12 v1.0, September 2006...

  • Page 103: Configuring The Fvs338

    PCs are to be connected, an additional policy or policies must be created. Each PC will use the NETGEAR VPN Client. Since the PC’s IP address is assumed to be unknown, the PC must always be the Initiator of the connection.

  • Page 104: Configuring The Vpn Client

    Figure 5-7 Configuring the VPN Client On a remote PC that has a NETGEAR ProSafe VPN Client installed, configure the client using the FVS338 VPN Client default parameters (displayed in both the IKE Policy table and the VPN Policy table of the FVS338 under the name “home”): •...
  • Page 105 To configure the VPN Client: 1. Right-click on the VPN client icon Editor. The Security Policy Editor screen will display. 2. In the upper left of the Policy Editor window, click the New Document icon to open a New Connection. Figure 5-8 3.
  • Page 106 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-9 8. In the left frame, click on My Identity (shown in 9. From the Select Certificate pull-down menu, select None. 10. From the ID Type pull-down menu, select Domain Name. The value entered under Domain Name will be in the form “<name><XY>.fvs_remote.com”, where each user must use a different variation on the Domain Name entered here.
  • Page 107 Figure 5-10 12. Before leaving the My Identity menu, click Pre-Shared Key. 13. Click Enter Key, and type your preshared key. Click OK. This key will be shared by all users of the FVS338 policy “home”. Figure 5-11 Virtual Private Networking FVS338 ProSafe VPN Firewall 50 Reference Manual home11.fvs_remote.com 10.0.0.12...
  • Page 108 FVS338 ProSafe VPN Firewall 50 Reference Manual 14. In the left frame, click Security Policy (shown in 15. Select Phase 1 Negotiation Mode by checking the Aggressive Mode radio box. 16. PFS Key Group should be disabled, and Enable Replay Detection should be enabled. Figure 5-12 17.

  • Page 109: Testing The Connection

    18. In the left frame, expand Key Exchange (Phase 2) and select Proposal 1. Compare with the figure below. No changes should be necessary. 19. In the upper left of the window, click the disk icon to save the policy. Figure 5-14 Testing the Connection To test your VPN connection:...

  • Page 110: Extended Authentication (Xauth) Configuration

    XAUTH is enabled when adding or editing an IKE Policy. Two types of XAUTH are available: • Edge Device. If this is selected, the router is used as a VPN concentrator where one or more gateway tunnels terminate. If this option is chosen, you must specify the authentication type to be used in verifying credentials of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP.

  • Page 111: Configuring Xauth For Vpn Clients

    Select • Edge Device to use this router as a VPN concentrator where one or more gateway tunnels terminate. When this option is chosen, you will need to specify the authentication type to be used in verifying credentials of the remote VPN gateways.

  • Page 112: User Database Configuration

    FVS338 ProSafe VPN Firewall 50 Reference Manual • IPSec Host if you want to be authenticated by the remote gateway. In the adjacent Username and Password fields, type in the information user name and password associated with the IKE policy for authenticating this gateway (by the remote gateway). 4.

  • Page 113: Radius Client Configuration

    3. Enter a Password for the user, and reenter the password in the Confirm Password field. 4. Click Add. The User Name will be added to the Configured Hosts table. Figure 5-17 To edit the user name or password: 1. Click Edit opposite the user’s name. The Edit User screen will display. 2.
  • Page 114 RADIUS Server. 6. Enable a Backup RADIUS Server (if required) by following steps 2 through 5. 7. Set the Time Out Period, in seconds, that the router should wait for a response from the RADIUS server. 8. Set the Maximum Retry Count. This is the number of tries the router will make to the RADIUS server before giving up.

  • Page 115: Manually Assigning Ip Addresses To Remote Users (Modeconfig)

    IP addresses to remote users, including a network access IP address, subnet mask, and name server addresses from the router. Remote users are given IP addresses available in secured network space so that remote users appear as seamless extensions of the network.

  • Page 116: Modeconfig Operation

    VPN client, 8. Specify the Local IP Subnet to which the remote client will have access. Typically, this is your router’s LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to the LAN subnet of the device.) 5-26 v1.0, September 2006...
  • Page 117 9. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 10. Click Apply. The new record should appear in the VPN Remote Host Mode Config Table (a sample record is shown below).
  • Page 118 8. XAUTH is disabled by default. To enable XAUTH, select: • the Edge Device radio button to use this router as a VPN concentrator where one or more gateway tunnels terminate. (If selected, you must specify the Authentication Type to be used in verifying credentials of the remote VPN gateways.)
  • Page 119 5-22 “RADIUS Client Configuration” on page Note: If RADIUS-PAP is selected, the router will first check the User Database to see if the user credentials are available. If the user account is not present, the router will then connect to the RADIUS server.

  • Page 120: Configuring The Prosafe Vpn Client For Modeconfig

    FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in the Windows toolbar. In the upper left of the Policy Editor window, click the New Policy editor icon.
  • Page 121 b. From the Select Certificate pull-down menu, select None. c. From the ID Type pull-down menu, select Domain Name and create an identifier based on the name of the IKE policy you created; for example “salesperson11.remote_id.com”. d. Under Virtual Adapter pull-down menu, select Preferred. The Internal Network IP Address should be 0.0.0.0.
  • Page 122 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-23 5. Click on Key Exchange (Phase 2) on the left-side of the menu and select Proposal 1. Enter the values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours (28800 seconds)).

  • Page 123: Certificates

    CAs (Certification Authorities). Digital Certificates are used by this router during the IKE (Internet Key Exchange) authentication phase as an alternative authentication method. Trusted Certificates are issued to you by various CAs (Certification Authorities).

  • Page 124: Self Certificates

    FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Click Browse to locate the trusted certificate on your computer and then click Upload. The certificate will be stored on the router and will display in the Trusted Certificates table. Figure 5-25...
  • Page 125 This information must be submitted in the following format: C=<country>, ST=<state>, L=<city>, O=<organization>, OU=<department>, CN=<device name>. In the following example: C=USA, ST=CA, L=Santa Clara, O=NETGEAR, OU=XX, CN=FVS338) • From the pull-down menus, select the following values: –...
  • Page 126 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-26 To submit your Self Certificate request to a CA: 1. Connect to the web site of the CA. 2. Start the Self Certificate request procedure. 3. When prompted for the requested data, copy the data from your saved data file (including “--- -BEGIN CERTIFICATE REQUEST---”...

  • Page 127: Managing Your Certificate Revocation List (Crl)

    When you obtain the certificate from the CA, you can then upload it to your computer. Click Browse to locate the Certificate file and then click Upload. The certificate will display in the Active Self Certificates table (see Certificates are updated by their issuing CA authority on a regular basis. You should track all of your CAs to ensure that you have the latest version and/or that your certificate has not been revoked.
  • Page 128 FVS338 ProSafe VPN Firewall 50 Reference Manual 5-38 Virtual Private Networking v1.0, September 2006...

  • Page 129: Router And Network Management

    Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows: • Service Blocking • Block Sites • Source MAC Filtering Router and Network Management Router and Network Management v1.0, September 2006 Chapter 6...

  • Page 130: Service Blocking

    Schedule – You can specify whether the rule is to be applied on the Schedule 1, Schedule 2, or Schedule 3 time schedule (see 3-5). 4-2). “Setting a Schedule to Block or Allow Traffic” on page Router and Network Management v1.0, September 2006 4-20).

  • Page 131: Block Sites

    PCs and network devices. PCs and devices become known by the following methods: • DHCP Client Request – By default, the DHCP server in this Router is enabled, and will accept and respond to DHCP client requests from PCs and other network devices. These requests also generate an entry in the Network Database.

  • Page 132: Source Mac Filtering

    Warning: This feature is for Advanced Administrators only! Incorrect configuration will cause serious problems. for the procedure on how to use this for the procedure on how to use this feature. Router and Network Management v1.0, September 2006...
  • Page 133 UDP Flooding – Enable this to limit the number of UDP sessions created from one LAN machine. • TCP Flooding – Enable this to protect the router from Syn flood attack. • Enable DNS Proxy – Enable this to allow the incoming DNS queries.

  • Page 134: Port Triggering

    • This Router matches the response to the previous request and forwards the response to the PC. Without Port Triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the Port Forwarding rules.

  • Page 135: Using Qos To Shift The Traffic Mix

    Changing Passwords and Settings The default passwords for the firewall’s Web Configuration Manager is password. Netgear recommends that you change this password to a more secure password. You can also configure a separate password for guests.
  • Page 136 Note: If you make the administrator login time-out value too large, you will have to wait a long time before you are able to log back into the router if your previous login was disrupted (i.e., you did not click Logout on the Main Menu bar to log out).

  • Page 137: Enabling Remote Management Access

    Figure 6-2 To configure your firewall for Remote Management: 1. Select the Turn Remote Management On check box. Router and Network Management FVS338 ProSafe VPN Firewall 50 Reference Manual for the procedure on how to do this. v1.0, September 2006 2-1).
  • Page 138 (:) and the custom port number. For example, if your WAN IP address is 134.177.0.123 and you use port number 8080, enter the following in your browser: https://134.177.0.123:8080 The remote URL login of the router is https://IP_address:port_number or https://FullyQualifiedDomainName:port_number. If you do not use the SSL https://address, but rather use http://address, the FVS338 will automatically attempt to redirect to https://address.

  • Page 139: Using A Snmp Manager

    IP address your ISP assigned to the FVS338. Using a SNMP Manager Simple Network Management Protocol (SNMP) lets you monitor and manage your router from an SNMP Manager. It provides a remote means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security.

  • Page 140: Settings Backup And Firmware Upgrade

    You can then restore the VPN firewall settings from this file. The Settings Backup & Upgrade screen allows you to: • Back up and save a copy of your current settings • Restore saved settings from the backed-up file. 6-12 Router and Network Management v1.0, September 2006...

  • Page 141: Backup And Restore Settings

    To restore settings from a backup file: 1. Click Browse. Locate and select the previously saved backup file (by default, netgear.cfg). 2. When you have located the file, click restore.

  • Page 142: Router Upgrade

    To download a firmware version: 1. Go to the NETGEAR Web site at http://www.netgear.com/support and click on Downloads. 2. From the Product Selection pull-down menu, select your product. Select the software version and follow the To Install steps to download your software.

  • Page 143: Setting The Time Zone

    2. Click Browse in the Router Upgrade section. 3. Locate the downloaded file and click upload. This will start the software upgrade to your VPN firewall router. This may take some time. At the conclusion of the upgrade, your router will reboot.

  • Page 144: Monitoring The Router

    Address field. If you select this option and leave either the Server 1 or Server 2 fields empty, they will be set to the Default Netgear NTP servers. 5. Click Apply to save your settings or click Cancel to revert to your previous settings.
  • Page 145 Traffic counters are updated in MBytes scale and the counter starts only when traffic passed is at least 1 MB Router and Network Management FVS338 ProSafe VPN Firewall 50 Reference Manual v1.0, September 2006...

  • Page 146: Setting Login Failures And Attacks Notification

    You can send a System log of firewall activities to an email address or a log of the firewall activities can be viewed, saved to a syslog server, and then sent to an email address. You can view the logs by clicking View Logs. 6-18 Router and Network Management v1.0, September 2006...
  • Page 147 Figure 6-8 Router and Network Management FVS338 ProSafe VPN Firewall 50 Reference Manual v1.0, September 2006 View System Logs Select the types of events to email. Select the segments to track for System Log events. Enable email alerts. Syslog Server...

  • Page 148: Monitoring Attached Devices

    PCs and devices become known by the following methods: • DHCP Client Requests – By default, the DHCP server in this Router is enabled, and will accept and respond to DHCP client requests from PCs and other network devices. These requests also generate an entry in the network database.

  • Page 149: Viewing Port Triggering Status

    You can view the status of Port Triggering by selecting Security from the main menu and Port Triggering from the submenu. When the Port Triggering screen display, click the Status link. Figure 6-10 Router and Network Management FVS338 ProSafe VPN Firewall 50 Reference Manual v1.0, September 2006...

  • Page 150: Viewing Router Configuration And System Status

    This timer is restarted whenever incoming or outgoing traffic is received. Viewing Router Configuration and System Status The Router Status menu provides status and usage information. From the main menu of the browser interface, click on Management, then select Router Status, The Router Status screen will display.

  • Page 151: Monitoring Wan Ports Status

    System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will change if you upgrade your router. LAN Port Displays the current settings for MAC address, IP address, DHCP role and IP Subnet Mask that you set in the LAN IP Setup page.

  • Page 152: Monitoring Vpn Tunnel Connection Status

    Connection Status from the submenu. The IPSec Connection Status screen will display. Figure 6-13 Table 6-3. IPSec Connection Status Fields Item Description Policy Name The name of the VPN policy associated with this SA. Endpoint The IP address on the remote VPN Endpoint. 6-24 Router and Network Management v1.0, September 2006...

  • Page 153: Vpn Logs

    You can view the DHCP log from the LAN Setup screen. Select Network Configuration from the main menu and Lan Setup from the submenu. When the LAN Setup screen displays, click the DHCP Log link. Router and Network Management FVS338 ProSafe VPN Firewall 50 Reference Manual v1.0, September 2006...

  • Page 154: Performing Diagnostics

    Select Monitoring from the main menu and Diagnostics from the submenu. The Diagnostics screen will display. Note: For normal operation, diagnostics are not required. 6-26 Router and Network Management v1.0, September 2006...
  • Page 155 “Back” on the Windows menu bar to return to the Diagnostics screen. Perform a DNS Lookup A DNS (Domain Name Server) converts the Internet name (e.g. www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can do a DNS lookup to find the IP address.
  • Page 156 Description Reboot the Router Used to perform a remote reboot (restart). You can use this if the Router seems to have become unstable or is not operating normally. Note: Rebooting will break any existing connections either to the Router (such as this one) or through the Router (for example, LAN users accessing the Internet).

  • Page 157: Troubleshooting

    • Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 158: Leds Never Turn Off

    FVS338 ProSafe VPN Firewall 50 Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turns on for about 10 seconds and then turn off. If all the LEDs stay on, there is a fault within the firewall. If all LEDs are still on one minute after power up: •...
  • Page 159 Tip: If you don’t want to revert to the factory default settings and lose your configuration settings, you can reboot the router and use sniffer to capture packets sent during the reboot. Look at the ARP packets to locate the router’s LAN interface address.

  • Page 160: Troubleshooting The Isp Connection

    Web Configuration Manager. To check the WAN IP address: 1. Launch your browser and select an external site such as www.netgear.com 2. Access the Main Menu of the firewall’s configuration at http://192.168.1.1 3. Under the Monitoring menu, select Router Status 4.

  • Page 161: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    – Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to If your firewall can obtain an IP address, but your PC is unable to load any Web pages from the Internet: •...

  • Page 162: Testing The Path From Your Pc To A Remote Device

    FVS338 ProSafe VPN Firewall 50 Reference Manual If the path is not functioning correctly, you could have one of the following problems: • Wrong physical connections – Make sure the LAN port LED is on. If the LED is off, follow the instructions in or Internet Port LEDs Not –...

  • Page 163: Restoring The Default Configuration And Password

    Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall’s administration password to password and the IP address to 192.168.1.1. You can erase the current configuration and restore factory defaults in two ways: •...
  • Page 164 FVS338 ProSafe VPN Firewall 50 Reference Manual Troubleshooting v1.0, September 2006...

  • Page 165: Default Settings And Technical Specifications

    • Pressing the reset button for a shorter period of time will simply cause your device to reboot. Table A-1. FVS338 Default Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection...
  • Page 166 FVS338 ProSafe VPN Firewall 50 Reference Manual Table A-1. FVS338 Default Settings (continued) Feature Time Zone Time Zone Adjusted for Daylight Saving Time SNMP Remote Management Firewall Inbound (communications coming in from the Internet) Outbound (communications going out to the Internet) Source MAC filtering Stealth Mode Technical Specifications for the ProSafe VPN Firewall 50 are listed in the following table.
  • Page 167 Table A-2. VPN firewall Default Technical Specifications Feature Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: Default Settings and Technical Specifications FVS338 ProSafe VPN Firewall 50 Reference Manual Specification 0° to 40° C (32º...
  • Page 168 FVS338 ProSafe VPN Firewall 50 Reference Manual Default Settings and Technical Specifications v1.0, September 2006...

  • Page 169: Appendix B Related Documents

    This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and http://documentation.netgear.com/reference/enu/tcpip/index.htm TCP/IP Addressing: Wireless http://documentation.netgear.com/reference/enu/wireless/index.htm Communications: Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
  • Page 170 FVS338 ProSafe VPN Firewall 50 Reference Manual Related Documents v1.0, September 2006...

  • Page 171: Index

    Add LAN WAN Inbound Service screen 4-9, 4-13 Add LAN WAN Outbound Service screen 4-8 address reservation 3-8 VPN Policies, use with 5-7 antivirus scanning Trend Micro 3-12 ARP 3-5 Attached Devices monitoring of 6-20 Attack Checks Block TCP Flood 4-10 Respond To Ping On Internet 4-10 Stealth Mode 4-10 Attack Checks screen 4-10, 4-11...
  • Page 172 6-25 DHCP Server using VPN firewall as 3-1 Diagnostics DNS lookup 6-26 Packet Trace 6-28 pinging an IP address 6-26 Reboot the Router 6-28 Diagnostics Fields descriptions of 6-27 Diagnostics screen 6-26 Dialup ISP Status monitoring 6-23 Diffie-Hellman Group...
  • Page 173 by MAC address Source MAC filtering 4-23 firewall alerts, emailing of 4-27 connecting 2-1, 2-2 features 1-2 logging in to 2-1 rear panel 1-7 security, about 4-1 status 6-22 technical specifications A-1 firewall access remote management 6-9 Firewall Logs configuring 4-28 emailing of 4-27 Firewall Logs &...
  • Page 174 FVS338 ProSafe VPN Firewall 50 Reference Manual IPSec Connection Status Fields, description of 6-24 VPN Tunnel, use with 4-11 IPSec Connection Status screen 5-7, 6-24 IPSec Host authentication 5-22 XAUTH, use with 5-20, 5-22 ISP connection troubleshooting 7-4 Keyword Blocking 6-3 Content Filtering 4-21 examples of 4-21 Known PCs and Devices 3-6...
  • Page 175 RADIUS Client screen 5-24 RADIUS server configuring 5-23 RADIUS-CHAP XAUTH, use with 5-21 RADIUS-PAP XAUTH, use with 5-21 Reboot the Router 6-28 reducing traffic Block Sites 6-1 Service Blocking 6-1 Source MAC filtering 6-1 remote management 6-9 access 6-9 configuration 6-9...
  • Page 176 RIP 1-3 about 3-10 enabling 3-11 multicasting guidelines 3-12 RIP Configuration screen 3-11 rollover 5-1 Router Status 6-22 Router Status screen 6-22 Router Upgrade 6-14 Routing Information Protocol. See RIP Routing screen 3-8 rules allowing traffic 4-1 blocking traffic 4-1...
  • Page 177 Power LED Not On 7-1 Web configuration 7-2 Trusted Certificates 5-33 about 5-33 UDP flood denial of service attack 4-11 upgrade firmware 6-12 upgrade router steps to 6-14 User Database configuring 5-22 XAUTH, use with 5-21 User Database screen 5-22 Videoconferencing...
  • Page 178 FVS338 ProSafe VPN Firewall 50 Reference Manual content filtering 4-21 Web configuration troubleshooting 7-2 Windows NetBios Server IP. See WINS Server IP. WINS Server IP LAN Setup 3-3 with 1-2 XAUTH 5-13 about 5-20 configuring 5-21 Edge Device 5-20 IPSec Host 5-20 RADIUS-CHAP 5-21 RADIUS-PAP 5-21 User Database 5-21...

This manual is also suitable for:

Fvs338na

Table of Contents