1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Network Router
  5. FVS318G - ProSafe Gigabit VPN Firewall Data Sheet...
  6. Reference manual

NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router Reference Manual

Prosafe gigabit 8 port vpn firewall
Hide thumbs Also See for FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Installation Manual
ProSafe Gigabit 8 Port
VPN Firewall FVS318G

Reference Manual

NETGEAR, Inc.
350 East Plumeria Drive
San Jose, CA 95134
202-10521-01
v1.1
November, 2009

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router

Summary of Contents for NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router

  • Page 1: Reference Manual

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10521-01 v1.1 November, 2009...

  • Page 2: Technical Support

    In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Model Number: FVS318G Publication Date: November, 2009 Product Family: VPN Firewall Router Product Name: ProSafe VPN Firewall Home or Business Product: Business Language: English Publication Part Number: 202-10521-01 Publication Version Number: 1.1 November, 2009...
  • Page 4 1.1 November, 2009...

  • Page 5: Table Of Contents

    Contents About This Manual Conventions, Formats, and Scope ................... xi How to Print This Manual ....................xii Revision History ....................... xii Chapter 1 Introduction Key Features of the VPN Firewall ..................1-1 Advanced VPN Support for Both IPsec and SSL .............1-2 A Powerful, True Firewall with Content Filtering ............1-2 Autosensing Ethernet Connections with Auto Uplink ..........1-3 Extensive Protocol Support ..................1-3...
  • Page 6 Classical Routing ....................2-12 Configuring Dynamic DNS (Optional) ................2-13 Configuring the Advanced WAN Options (Optional) .............2-15 Chapter 3 LAN Configuration Choosing the Firewall DHCP Options ................3-1 Configuring the LAN Setup Options .................3-2 Managing Groups and Hosts (LAN Groups) ..............3-5 Viewing the LAN Groups Database ................3-6 Changing Group Names in the LAN Groups Database ...........3-9 Configuring DHCP Address Reservation ................3-9 Configuring Multi Home LAN IP Addresses ..............3-10...
  • Page 7 Creating Gateway to Gateway VPN Tunnels with the Wizard .........5-2 Creating a Client to Gateway VPN Tunnel ...............5-5 Testing the Connections and Viewing Status Information ..........5-11 NETGEAR VPN Client Status and Log Information ..........5-11 FVS318G VPN Connection Status and Logs ............5-13 Managing VPN Policies ....................5-14 Managing IKE Policies ...................5-14...
  • Page 8 RADIUS Server External Authentication ..............6-7 Managing Certificates ....................6-8 Viewing and Loading CA Certificates ..............6-10 Viewing Active Self Certificates ................6-11 Obtaining a Self Certificate from a Certificate Authority ........6-11 Managing your Certificate Revocation List (CRL) ..........6-14 Chapter 7 Router and Network Management Performance Management .....................7-1...
  • Page 9 Appendix B Related Documents Appendix C Two Factor Authentication Why do I need Two-Factor Authentication? ..............C-1 What are the benefits of Two-Factor Authentication? ........... C-1 What is Two-Factor Authentication ................C-2 NETGEAR Two-Factor Authentication Solutions ............C-2 Contents 1.1November, 2009...
  • Page 10 Contents 1.1 November, 2009...

  • Page 11: About This Manual

    About This Manual The NETGEAR ® FVS318G ProSafe™ Gigabit 8 Port VPN Firewall Reference Manual describes how to install, configure and troubleshoot the ProSafe VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills.

  • Page 12: How To Print This Manual

    NETGEAR website in Appendix B, “Related Documents.” Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/FVS318G.asp. How to Print This Manual To print this manual, your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files.
  • Page 13 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual xiii 1.1 November, 2009...
  • Page 14 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual 1.1 November, 2009...

  • Page 15: Introduction

    Chapter 1 Introduction The ProSafe VPN Firewall connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. The FVS318G is a complete security solution that protects your network from attacks and intrusions.

  • Page 16: A Powerful, True Firewall With Content Filtering

    • IPsec VPN with broad protocol support for secure connection to other IPsec gateways and clients. • Bundled with the single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks.

  • Page 17: Autosensing Ethernet Connections With Auto Uplink

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs.

  • Page 18: Easy Installation And Management

    Visual monitoring. The VPN firewall’s front panel LEDs provide an easy way to monitor its status and activity. Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade.

  • Page 19: Package Contents

    • Warranty Information and Technical Support card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. Front Panel Features...
  • Page 20 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The function of each LED is described in the following table: Table 1-1. LED Descriptions Object Activity Description Power On (Green) Power is supplied to the VPN firewall. Power is not supplied to the VPN firewall. Test On (Amber) Test mode: The system is initializing or the initialization has failed.

  • Page 21: Rear Panel Features

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Rear Panel Features The rear panel of the ProSafe VPN Firewall includes a cable lock receptacle, and reset factory defaults switch, and a DC power connection. Figure 1-2 Viewed from left to right, the rear panel contains the following elements: •...

  • Page 22: Default Ip Address, Login Name, And Password Location

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS318G’s enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3...

  • Page 23: Connecting The Fvs318G To The Internet

    1. Connect the firewall physically to your network. Connect the cables and restart your network according to the instructions in the installation guide. See the installation guide for complete steps. A PDF of the Installation Guide is on the NETGEAR website at: http:// kbserver.netgear.com.

  • Page 24: Logging Into The Vpn Firewall Router Router

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. Configure the WAN options (optional). Optionally, you can enable each WAN port to respond to a ping, and you can change the factory default MTU size and port speed. However, these are advanced features and changing them is not usually required.

  • Page 25: Navigating The Menus

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5. Click Login. The Web Configuration Manager appears, displaying the Router Status menu: Figure 2-2 Navigating the Menus The Web Configuration Manager menus are organized in a layered structure of main categories and submenus: Connecting the FVS318G to the Internet 1.1 November, 2009...

  • Page 26: Configuring The Internet Connections

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Main menu. The horizontal orange bar near the top of the page is the main menu, containing the primary configuration categories. Clicking on a primary category changes the contents of the submenu bar.

  • Page 27: Automatically Detecting And Connecting

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Automatically Detecting and Connecting To automatically configure the WAN port for connection to the Internet: Figure 2-3 1. Select Network Configuration > WAN Settings from the menu. The Broadband ISP Settings tab appears.
  • Page 28 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click Auto Detect at the bottom of the menu. Auto Detect will probe the WAN port for a range of connection methods and suggest one that your ISP appears to support. Figure 2-4 a.

  • Page 29: Manually Configuring The Internet Connection

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. To verify the connection, click the Broadband Status option arrow at the top right of the screen. A popup window appears, displaying the connection status of the WAN port. Figure 2-5 The Connection Status window should show a valid IP address and gateway.
  • Page 30 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To manually configure your Broadband ISP Settings: 1. Select Network Configuration > WAN Settings > Broadband ISP Settings and enter the following: 2. In the ISP Login options, choose one of these options: Figure 2-6 •...
  • Page 31 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5. If you have installed login software such as WinPoET or Enternet, then your connection type is PPPoE. If your ISP uses PPPoE as a login protocol: Figure 2-8 a. Select Other (PPPoE). b.
  • Page 32 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Server IP Address. IP address of the PPTP server. 7. Review the Internet (IP) Address options. Figure 2-9 These options are inactive if BigPond Cable is selected. 8. If your ISP has assigned a fixed (static) IP address, select Use Static IP Address, and configure the following fields: •...

  • Page 33: Configuring The Wan Mode

    12. Click Test to evaluate your entries. The VPN firewall will attempt to connect to the NETGEAR Web site. If a successful connection is made, NETGEAR’s Web site appears. When you are finished, click Logout or proceed to additional setup and management tasks.

  • Page 34: Classical Routing

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • If your ISP has provided you with multiple public IP addresses, you can use one address as the primary shared address for Internet access by your PCs, and you can map incoming traffic on the other public IP addresses to specific PCs on your LAN.

  • Page 35: Configuring Dynamic Dns (Optional)

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Configuring Dynamic DNS (Optional) Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, TZO.com Oray.net, or 3322.org.
  • Page 36 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To configure Dynamic DNS: 1. Select Network Configuration > Dynamic DNS from the main menu and click the Dynamic DNS Configuration tab. The Dynamic DNS Configuration screen is displayed. Figure 2-12 2.

  • Page 37: Configuring The Advanced Wan Options (Optional)

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Enter the account information for the service you have chosen (for example, user name, password, key, or domain). b. If your DDNS provider allows the use of wild cards in resolving your URL, you may select the Use wildcards check box to activate this feature.
  • Page 38 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. MTU Size. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs, you may need to reduce the MTU. This is rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

  • Page 39: Lan Configuration

    Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe VPN Firewall. This chapter contains the following sections • “Choosing the Firewall DHCP Options” on page 3-1 • “Managing Groups and Hosts (LAN Groups)” on page 3-5 •...

  • Page 40: Configuring The Lan Setup Options

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the range you have defined. • Subnet Mask. • Gateway IP Address (the firewall’s LAN IP address). • Primary DNS Server (the firewall’s LAN IP address). •...
  • Page 41 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Go to Network Configuration > LAN Settings to display the LAN Setup tab page. Figure 3-1 LAN Configuration 1.1 November, 2009...
  • Page 42 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the LAN TCP/IP Setup section, configure the following settings: • IP Address. The LAN address of your VPN firewall (factory default: 192.168.1.1). Note: If you change the LAN IP address of the firewall while connected through the browser, you will be disconnected.

  • Page 43: Managing Groups And Hosts (Lan Groups)

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Lease Time. This specifies the duration for which IP addresses will be leased to clients. b. Enable LDAP Information. This enables the DHCP server to provide LDAP server information. • Enable DNS Proxy.

  • Page 44: Viewing The Lan Groups Database

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • No need to use a fixed IP on PCs. Because the address allocated by the DHCP server will never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP address.
  • Page 45 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The Known PCs and Devices table lists the entries in the LAN Groups Database. For each computer or device, the following fields are displayed: • Name. The name of the PC or device. For computers that do not support the NetBIOS protocol, this will be listed as “Unknown”...

  • Page 46: Adding Devices To The Lan Groups Database

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Adding Devices to the LAN Groups Database To add devices manually to the LAN Groups Database, follow these steps: 1. In the Add Known PCs and Devices section, make the following entries: •...

  • Page 47: Changing Group Names In The Lan Groups Database

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing Group Names in the LAN Groups Database By default, the LAN Groups are named Group1 through Group8. You can rename these group names to be more descriptive, such as Engineering or Marketing. To edit the names of any of the eight available groups: 1.

  • Page 48: Configuring Multi Home Lan Ip Addresses

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To reserve an IP address, manually enter the device in the LAN Groups tab, specifying Reserved (DHCP Client). Note: The reserved address will not be assigned until the next time the PC contacts the VPN firewall’s DHCP server.

  • Page 49: Configuring Static Routes

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the Add Secondary LAN IP Address section, enter the additional IP address and subnet mask to be assigned to the LAN port of the VPN firewall. 3. Click Add. The new Secondary LAN IP address will appear in the Available Secondary LAN IPs table.
  • Page 50 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click Add. The Add Static Route tab is displayed. Figure 3-6 3. Enter a route name for this static route in the Route Name field (for identification and management). 4. Select Active to make this route effective. 5.

  • Page 51: Configuring Routing Information Protocol (Rip)

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Configuring Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks (LANs). It allows a router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.
  • Page 52 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Both. The VPN firewall broadcasts its routing table and also processes RIP information received from other routers. • Out Only. The VPN firewall broadcasts its routing table periodically but does not accept RIP information from other routers.

  • Page 53: Firewall Protection And Content Filtering

    Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe VPN Firewall to protect your network. This chapter contains the following sections: • “About Firewall Protection and Content Filtering” on page 4-1 •...

  • Page 54: Using Rules To Block Or Allow Specific Kinds Of Traffic

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network from attacks and intrusions.

  • Page 55: About Services-Based Rules

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About Services-Based Rules The rules to block traffic are based on the traffic’s category of service. • Outbound Rules (service blocking). Outbound traffic is normally allowed unless the firewall is configured to disallow it. •...
  • Page 56 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Outbound Rules (continued) Item Description Action (Select Select the desired time schedule (Schedule1, Schedule2, or Schedule3) that will be Schedule) used by this rule. • This drop down menu gets activated only when “BLOCK by schedule, otherwise Allow”...
  • Page 57 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note: See “Configuring Source MAC Filtering” on page 4-24 for yet another way to block outbound traffic from selected PCs that would otherwise be allowed by the firewall. Inbound Rules (Port Forwarding) When the FVS318G uses Network Address Translation (NAT), your network presents only one IP address to the Internet and outside users cannot directly address any of your local computers.
  • Page 58 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Inbound Rules Item Description Service Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see “Adding Customized Services”...
  • Page 59 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Inbound Rules (continued) Item Description Specifies whether packets covered by this rule are logged. Select the desired action: • Always – Always log traffic considered by this rule, whether it matches or not. This is useful when debugging your rules.

  • Page 60: Viewing The Rules

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Viewing the Rules To view the firewall rules: Select Security > Firewall from the main menu. The LAN WAN Rules tab appears: Figure 4-1 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu as the last item in the list, as shown in Figure 4-1.

  • Page 61: Setting The Default Outbound Policy

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual and proceeding to the bottom, before applying the default rule. In some cases, the order of precedence of two or more rules may be important in determining the disposition of a packet. For example, you should place the most strict rules at the top (those with the most specific services or addresses).

  • Page 62: Creating A Lan Wan Inbound Services Rule

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Click Add under the Outbound Services Table. The Add LAN WAN Outbound Service screen is displayed.. Figure 4-2 2. Configure the parameters based on the descriptions in Table 4-1 on page 4-3.
  • Page 63 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 4-3 2. Configure the parameters based on the descriptions in Table 4-2 on page 4-6. 3. Click Apply to save your changes and reset the fields on this screen. The new rule will be listed on the Inbound Services table.
  • Page 64 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Click Down to move the rule down one position in the table rank. Note: Since rules are applied in the order listed (from top to bottom), the order of the rules may make a difference in how traffic is handled. 2.

  • Page 65: Inbound Rules Examples

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day.
  • Page 66 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 4-5 LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN.
  • Page 67 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual In the example shown in Figure 4-6, we have configured multi-NAT to support multiple public IP addresses on one WAN interface. The inbound rule instructs the VPN firewall to host an additional public IP address (10.1.0.5) and to associate this address with the Web server on the LAN (at 192.168.1.2).

  • Page 68: Outbound Rules Example

    1. Create an inbound rule that allows all protocols. 2. Place the new rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer on your LAN is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.
  • Page 69 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Although the FVS318G already holds a list of many service port numbers, you are not limited to these choices. Use the Services screen to add additional services and applications to the list for use in defining firewall rules.

  • Page 70: Setting Quality Of Service (Qos) Priorities

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Modifying a Service To edit the parameters of an existing service: 1. In the Custom Services Table, click the Edit button adjacent to the service you want to edit. The Edit Service screen is displayed. 2.

  • Page 71: Attack Checks

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The QoS priority definition for a service determines the queue that is used for the traffic passing through the VPN firewall. A priority is assigned to IP packets using this service. Priorities are defined by the “Type of Service (ToS) in the Internet Protocol Suite”...
  • Page 72 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Check the boxes for the Attack Checks you wish to monitor. The various types of attack checks are listed and defined below. 3. Click Apply to save your settings. The various types of attack checks listed on the Attack Checks screen are: •...

  • Page 73: Blocking Internet Sites (Content Filtering)

    Web site is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message. Several types of blocking are available: •...
  • Page 74 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual – Cookies. Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits. Enabling this option filters out cookies from being created by a website.. Note: Many websites require that cookies be accepted in order for the site to be accessed properly.
  • Page 75 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To enable Content Filtering: 1. Select Security > Block Sites to display he Block Sites screen. Figure 4-10 2. Select Yes to enable Content Filtering. Firewall Protection and Content Filtering 4-23 1.1 November, 2009...

  • Page 76: Configuring Source Mac Filtering

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Click Apply to activate the menu controls. 4. Select any Web Components you wish to block and click Apply. 5. Select the groups to which Keyword Blocking will apply, then click Enable to activate Keyword blocking (or disable to deactivate Keyword Blocking).
  • Page 77 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To enable MAC filtering and add MAC addresses to be blocked: 1. Select Security > Address Filter > Source MAC Filter to display the Source MAC Filter tab page. Figure 4-11 2.

  • Page 78: Configuring Ip/Mac Address Binding Alerts

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Configuring IP/MAC Address Binding Alerts You can configure the FVS318G to drop packets and generate an alert when a device appears to have hijacked or spoofed another device’s IP address. An IP address can be bound to a specific MAC address either by using a DHCP reserved address (see “Configuring DHCP Address Reservation”...

  • Page 79: Configuring Port Triggering

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. To add a manual binding entry, enter the following data in the Add IP/MAC Bindings section: a. Enter a Name for the bound host device. b. Enter the MAC Address and IP Address to be bound. A valid MAC address is six colon- separated pairs of hexadecimal digits (0 to 9 and a to f).
  • Page 80 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note these restrictions with Port Triggering: • Only one PC can use a port triggering application at any time. • After a PC has finished using a port triggering application, there is a time-out period before the application can be used by another PC.

  • Page 81: Setting A Schedule To Block Or Allow Specific Traffic

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. In the Incoming (Response) Port Range fields: a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 7. Click Add. The port triggering rule will be added to the Port Triggering Rules table. To check the status of the port triggering rules, click the Status option arrow to the right of the tab on the Port Triggering screen.

  • Page 82: Configuring A Bandwidth Profile

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of these can be selected when defining firewall rules. To invoke rules based on a schedule, follow these steps: 1.

  • Page 83: Configuring Session Limits

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. To create a new bandwidth profile, click add. The Add Bandwidth Profile menu will display. Figure 4-16 3. Enter the following data in the Bandwidth Profile section: a. Enter a Profile Name. This name will become available in the firewall rules definition menus.
  • Page 84 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Select Security > Firewall > Session Limit to display the Session Limit tab page. Figure 4-17 2. Click Yes to enable Session Limits. 3. In the pull-down menu, select whether you will limit sessions by percentage or by absolute number.

  • Page 85: E-Mail Notifications Of Event Logs And Alerts

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be configured to log and then e-mail denial of access, general attack information, and other information to a specified e-mail address. For example, your VPN firewall router will log security-related events such as: accepted and dropped packets on different segments of your LAN;...
  • Page 86 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-34 Firewall Protection and Content Filtering 1.1 November, 2009...

  • Page 87: Virtual Private Networking Using Ipsec

    “Configuring NetBIOS Bridging with VPN” on page 5-29 Using the VPN Wizard for Client and Gateway Configurations You use the VPN Wizard to configure multiple gateway or client VPN tunnel policies. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following scenarios: •...

  • Page 88: Creating Gateway To Gateway Vpn Tunnels With The Wizard

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Creating Gateway to Gateway VPN Tunnels with the Wizard Figure 5-1 Follow these steps to set up a gateway VPN tunnel using the VPN Wizard. 1. Select VPN > VPN Wizard to display the VPN Wizard tab page. To view the wizard default settings, click the VPN Default values link.
  • Page 89 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Create a Connection Name. Enter a descriptive name for the connection. This name used to help you manage the VPN settings; is not supplied to the remote VPN endpoint. 4. Enter a Pre-shared Key. The key must be entered both here and on the remote VPN gateway, or the remote VPN client.
  • Page 90 7. Click Apply to save your settings: the VPN Policies page shows the policy is now enabled. Figure 5-3 8. If you are connecting to another NETGEAR VPN firewall, use the VPN Wizard to configure the second VPN firewall to connect to the one you just configured.

  • Page 91: Creating A Client To Gateway Vpn Tunnel

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The tunnel will automatically establish when both the local and target gateway policies are appropriately configured and enabled, Note: When using FQDN, if the dynamic DNS service is slow to update their servers when your DHCP WAN address changes, the VPN tunnel will fail because the FQDN does not resolve to your new address.
  • Page 92 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Client connection Connection name Pre-shared key: r3m0+eC1ient Remote identifier Local identifier Figure 5-6 2. Select VPN Client as your VPN tunnel connection. 3. Create a Connection Name like “Client to GW1”. This descriptive name is not supplied to the remote VPN client;...
  • Page 93 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to the FVS318G. Follow these steps to configure your VPN client.
  • Page 94 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the upper left of the Policy Editor window, click the New Document icon (the first on the left) to open a New Connection. Give the New Connection a name; in this example, we are using gw1.
  • Page 95 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the left frame, click My Identity. Fill in the options according to the instructions below. Pre-shared Figure 5-10 • From the Select Certificate pull-down menu, choose None. • Click Pre-Shared Key to enter the key you provided in the VPN Wizard; in this example, we are using Pre-shared key:r3m0+eC1ient.
  • Page 96 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. Verify the Security Policy settings. Figure 5-11 • By default TF1 routers use PFS with Group 2, so we need to click on Security Policy to make this change on the Client software to match the policy on the router. •...

  • Page 97: Testing The Connections And Viewing Status Information

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS318G provide VPN connection and status information. This information is useful for verifying the status of a connection and troubleshooting problems with a connection.
  • Page 98 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. To view more detailed additional status and troubleshooting information from the NETGEAR VPN client, follow these steps. • Right-click the VPN Client icon in the system tray and select Log Viewer.

  • Page 99: Fvs318G Vpn Connection Status And Logs

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The VPN client system tray icon provides a variety of status indications, which are listed below. Table 5-1. System Tray Icon Status The client policy is deactivated. The client policy is activated but not connected. The client policy is activated and connected.

  • Page 100: Managing Vpn Policies

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To view FVS318G VPN logs, go to Monitoring > VPNLogs. Figure 5-17 Managing VPN Policies After you use the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables.
  • Page 101 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. If the VPN Policy is a “Manual” policy, then the Manual Policy Parameters defined in the VPN policy are accessed and the first matching IKE policy is used to start negotiations with the remote VPN gateway.

  • Page 102: Managing Vpn Policies

    To gain a more complete understanding of the encryption, authentication and DH algorithm technologies, see Appendix B, “Related Documents” for a link to the NETGEAR website. Managing VPN Policies You can create two types of VPN policies. When using the VPN Wizard to create a VPN policy, only the Auto method is available.

  • Page 103: Configuring Extended Authentication (Xauth)

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). Indicates whether the policy is enabled (green circle) or disabled (grey circle). To Enable or Disable a Policy, check the box adjacent to the circle and click Enable or Disable, as required.

  • Page 104: Configuring Xauth For Vpn Clients

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. If you want authentication by the remote gateway, enter a User Name and Password to be associated with this IKE policy. If this option is chosen, the remote gateway must specify the user name and password used for authenticating this gateway.

  • Page 105: User Database Configuration

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to use this VPN firewall as a VPN concentrator where one or more gateway tunnels terminate. When this option is chosen, you will need to specify the authentication type to be used in verifying credentials of the remote VPN gateways.
  • Page 106 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click the RADIUS Client tab. The RADIUS Client screen is displayed. Figure 5-19 3. To activate (enable) the Primary RADIUS server, click the Yes radio button. The primary server options become active. 4.

  • Page 107: Assigning Ip Addresses To Remote Users (Modeconfig)

    PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall – WAN IP address: 172.21.4.1 – LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Virtual Private Networking Using IPsec 5-21 1.1 November, 2009...

  • Page 108: Mode Config Operation

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration parameters such as IP address, subnet mask and name server addresses. The Mode Config module will allocate an IP address from the configured IP address pool and will activate a temporary IPsec policy using the template security proposal information configured in the Mode Config record.
  • Page 109 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 5-21 4. Enter a descriptive Record Name such as “Sales”. 5. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN clients.
  • Page 110 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 11.

  • Page 111: Configuring The Prosafe Vpn Client For Modeconfig

    10. Click Apply. The new policy will appear in the IKE Policies Table. Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1.
  • Page 112 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. From the ID Type pull-down menu, choose Domain name and enter the FQDN of the VPN firewall; in this example it is “local_id.com”. Choose Gateway IP Address from the second pull-down menu and enter the WAN IP address of the VPN firewall;...

  • Page 113: Configuring Keepalives And Dead Peer Detection

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click on the connection. Within 30 seconds the message “Successfully connected to MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read “On”. 3. From the client PC, ping a computer on the VPN firewall LAN. Configuring Keepalives and Dead Peer Detection In some cases, it may not be desirable to have a VPN tunnel drop when traffic is idle;...
  • Page 114 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the General menu frame of the Edit VPN Policy menu, locate the keepalive configuration settings, as shown in Figure 5-22: Figure 5-22 4. Click the Yes radio button to enable keepalive. 5.

  • Page 115: Configuring Netbios Bridging With Vpn

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the IKE SA Parameters menu frame of the Edit IKE Policy menu, locate the Dead Peer Detection configuration settings, as shown in Figure 5-23. Figure 5-23 4. Click the Yes radio button to Enable Dead Peer Detection. 5.
  • Page 116 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the General menu frame of the Edit VPN Policy menu, click the Enable NetBIOS check box, as shown in Figure 5-24. Figure 5-24 4. Click Apply at the bottom of the menu. 5-30 Virtual Private Networking Using IPsec 1.1 November, 2009...

  • Page 117: Managing Users, Authentication, And Certificates

    Chapter 6 Managing Users, Authentication, and Certificates This chapter contains the following sections: • “Managing Users” on page 6-1 • “Managing Certificates” on page 6-7 Managing Users The VPN Firewall has one administrator account and one guest account. The administrator can login and reconfigure the VPN firewall.

  • Page 118: Changing The Administrator Login

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Administrator Login To change the administrator name or password: 1. Select Users. The Users screen will display. 2. Select Edit Admin Settings in the User Selection window. Figure 6-1 3.

  • Page 119: Changing The Guest Login

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Guest Login To change the guest login name or password:: 1. Select Users. The Users screen will display. 2. Select Edit Guest Settings in the User Selection window. Figure 6-2 3.

  • Page 120: Setting Administrator Timeout And Domain Display Name

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Setting administrator timeout and domain display name You can set the timeout for the administrator. After a persiod of no activity in the user interface, the admiisrator will automatically be logged out. You can also enter a domain name to be displayed in the login window.
  • Page 121 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Select Users from the main menu and Local Authentication from the submenu. Figure 6-4 2. Select the Settings you wish to edit by checking either the Edit Admin Settings or Edit Guest Settings radio box.

  • Page 122: Radius Server External Authentication

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note: The password and time-out value you enter will be changed back to password and 5 minutes, respectively, after a factory defaults reset. RADIUS Server External Authentication For authentication to RADIUS or WIKID, you can define the authentication type. Figure 6-5 When a user logs in, the VPN firewall will validate with the appropriate RADIUS or WIKID server that the user is authorized to log in.

  • Page 123: Managing Certificates

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual When specifying RADIUS domain authentication, you are presented with several authentication protocol choices, as summarized in the following table: Table 6-1. Authentication Description Protocol Password Authentication Protocol (PAP) is a simple protocol in which the client sends a password in clear text.
  • Page 124 A self-signed certificate will trigger a warning from most browsers as it provides no protection against identity theft of the server. Your VPN firewall contains a self-signed certificate from NETGEAR. We recommend that you replace this certificate prior to deploying the VPN firewall in your network.

  • Page 125: Viewing And Loading Ca Certificates

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Viewing and Loading CA Certificates The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the following data: • CA Identity (Subject Name). The organization or person to whom the certificate is issued. •...

  • Page 126: Viewing Active Self Certificates

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Viewing Active Self Certificates The Active Self Certificates table in the Certificates screen shows the certificates issued to you by a CA and available for use. Figure 6-7 For each self certificate, the following data is listed: •...
  • Page 127 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Subject – This is the name which other organizations will see as the holder (owner) of the certificate. Since this name will be seen by other organizations, you should use your registered business name or official company name.
  • Page 128 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. Click Generate. A new certificate request is created and added to the Self Certificate Requests table. Figure 6-9 5. In the Self Certificate Requests table, click View under the Action column to view the request.

  • Page 129: Managing Your Certificate Revocation List (Crl)

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual d. Submit the CA form. If no problems ensue, the certificate will be issued. 8. Store the certificate file from the CA on your computer. 9. Return to the Certificates screen and locate the Self Certificate Requests section. Figure 6-11 10.
  • Page 130 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 6-12 The CRL table lists your active CAs and their critical release dates: • CA Identify – The official name of the CA which issued this CRL. • Last Update – The date when this CRL was released. •...

  • Page 131: Router And Network Management

    Chapter 7 Router and Network Management This chapter describes how to use the network management features of your ProSafe VPN Firewall. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The ProSafe VPN Firewall offers many tools for managing the network traffic to optimize its performance.

  • Page 132: Features That Reduce Traffic

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • WAN side: 1000 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are used to connect to the Internet. As a result and depending on the traffic being carried, the WAN side of the firewall will be the limiting factor to throughput for most installations.
  • Page 133 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual – Groups. The rule is applied to a Group (see “Managing Groups and Hosts (LAN Groups)” on page 3-5 to assign PCs to a Group using the LAN Groups Database). • WAN Users.
  • Page 134 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Manual Entry. You can manually enter information about a device. “Managing Groups and Hosts (LAN Groups)” on page 3-5 for the procedure on how to use this feature. Schedule If you have set firewall rules on the Rules screen, you can configure three different schedules (for example, schedule 1, schedule 2, and schedule 3) for when a rule is to be applied.

  • Page 135: Features That Increase Traffic

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Source MAC Filtering If you want to reduce outgoing traffic by preventing Internet access by certain PCs on the LAN, you can use the source MAC filtering feature to drop the traffic received from the PCs with the specified MAC addresses.
  • Page 136 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Passthrough. Passes the VPN traffic without any filtering, specially used when this firewall is between two VPN tunnel end points. • Drop fragmented IP packets. Drops any fragmented IP packets. •...

  • Page 137: Using Qos To Shift The Traffic Mix

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Port Triggering Port triggering allows some applications to function correctly that would otherwise be partially blocked by the firewall. Using this feature requires that you know the port numbers used by the application.

  • Page 138: Tools For Traffic Management

    Changing Passwords and Administrator Settings The default administrator and guest password for the Web Configuration Manager is password. Netgear recommends that you change this password to a more secure password. You can also configure a separate password for the guest account.
  • Page 139 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Select the checkbox adjacent to admin in the Name column, then click Edit in the Action column. The Edit User screen is displayed, with the current settings for Administrator displayed in the Select User Type pull-down menu.

  • Page 140: Enabling Remote Management Access

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your VPN firewall. You must be logged in locally to enable remote management (see “Logging into the VPN Firewall Router Router”...
  • Page 141 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 7-3 2. Click the Yes radio button to enable HTTPS remote management (enabled by default). 3. To enable remote management by the command line interface (CLI) over Telnet, click Yes to Allow Telnet Management, and configure the external IP addresses that will be allowed to connect.
  • Page 142 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual c. To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access. Note: For enhanced security, restrict access to as few external IP addresses as practical.

  • Page 143: Using The Command Line Interface

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Using the Command Line Interface Note: The command line interface is not supported at this time. Check the NETGEAR Web site for the latest status. You can access the command line interface (CLI) using Telnet from the LAN or, if enabled in the Remote Management menu, from the WAN.
  • Page 144 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 7-4 2. Configure the following fields in the Create New SNMP Configuration Entry section: a. Enter the IP Address of the SNMP manager in the IP Address field and the Subnet Mask in the Subnet Mask field.

  • Page 145: Configuration File Management

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 7-5 You can edit the System Contact, System Location, and System name. Configuration File Management The configuration settings of the VPN firewall are stored within the firewall in a configuration file. This file can be saved (backed up) to a user’s PC, retrieved (restored) from the user’s PC, or cleared to factory default settings.
  • Page 146 To restore settings from a backup file: 1. Next to Restore save settings from file, click Browse. 2. Locate and select the previously saved backup file (by default, netgear.cfg). 3. When you have located the file, click restore. An Alert page will appear indicating the status of the restore operation. You must manually restart the VPN firewall router for the restored settings to take effect.

  • Page 147: Upgrading The Firmware

    Status screen, the System Info frame shows the firmware version. When you upgrade your firmware, this frame will change to reflect the new version. To download a firmware version: 1. Go to the NETGEAR Web site at http://www.netgear.com/support and click Downloads.

  • Page 148: Configuring Date And Time Service

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Locate the downloaded file and click upload. This will start the software upgrade to your VPN firewall router. This may take some time. At the conclusion of the upgrade, your VPN firewall will reboot.
  • Page 149 NTP Server in the Server 1 Name/IP Address field. You can enter the address of a backup NTP server in the Server 2 Name/IP Address field. If you select this option and leave either the Server 1 or Server 2 fields empty, they will be set to the default Netgear NTP servers.
  • Page 150 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-20 Router and Network Management 1.1 November, 2009...

  • Page 151: Troubleshooting

    Chapter 8 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe VPN Firewall. After each problem description, instructions are provided to help you diagnose and solve the problem. This chapter contains the following sections: • “Basic Functions” on page 8-1 •...

  • Page 152: Power Led Not On

    • Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 153: Troubleshooting The Web Configuration Interface

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the VPN firewall as described in the previous section.

  • Page 154: Troubleshooting The Isp Connection

    Web Configuration Manager. To check the WAN IP address: 1. Launch your browser and navigate to an external site such as www.netgear.com 2. Access the Main Menu of the VPN firewall’s configuration at https://192.168.1.1 3.

  • Page 155: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Your ISP may check for your PC's host name. Assign the PC Host Name of your ISP account as the Account Name in the Basic Settings menu. • Your ISP only allows one Ethernet MAC address to connect to the Internet, and may check for your PC’s MAC address.

  • Page 156: Testing The Path From Your Pc To A Remote Device

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Click Ok. A message, similar to the following, should display: Pinging <IP address> with 32 bytes of data If the path is working, you will see this message: Reply from <IP address>: bytes=32 time=NN ms TTL=xxx If the path is not working, you will see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems:...

  • Page 157: Restoring The Default Configuration And Password

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • If your ISP assigned a host name to your PC, enter that host name as the Account Name in the Basic Settings menu. • Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem.

  • Page 158: Problems With Date And Time

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Problems with Date and Time The Administration | Time Zone menu displays the current date and time of day. The VPN firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet.

  • Page 159: Using The Diagnostics Utilities

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Using the Diagnostics Utilities You can perform diagnostics such as pinging an IP address, performing a DNS lookup, displaying the routing table, rebooting the firewall, and capturing packets. Select Monitoring > Diagnostics from the main menu.
  • Page 160 A DNS (Domain Name Server) converts the Internet name (for example, lookup www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can request a DNS lookup to find the IP address.
  • Page 161 Appendix A Technical Specifications and Factory Default Settings You can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, push and hold the reset button for approximately 5 seconds (until the Test LED blinks rapidly).
  • Page 162 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table A-1. Business Router Default Configuration Settings Feature Default Behavior DHCP Starting IP Address 192.168.1.2 DHCP Ending IP Address 192.168.1.254 Disabled Time Zone Time Zone Adjusted for Daylight Saving Disabled Time SNMP Disabled Firewall...
  • Page 163 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual This appendix provides technical specifications for the ProSafe VPN Firewall. Table A-2. Technical Specificaions Specification Description Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz, input...

  • Page 164: Technical Specifications And Factory Default Settings

    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Technical Specifications and Factory Default Settings 1.1 November, 2009...

  • Page 165: Appendix B Related Documents

    Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing Wireless Communications http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
  • Page 166 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Related Documents 1.1 November, 2009...

  • Page 167: Two Factor Authentication

    NETGEAR has also recognized the need to provide more than just a firewall to protect the networks. As part the new maintenance firmware release,...

  • Page 168: What Is Two-Factor Authentication

    NETGEAR Two-Factor Authentication Solutions NETGEAR has implemented 2 Two-Factor Authentication solutions from WiKID. WiKID is the software-based token solution. So instead of using Windows Active Directory or LDAP as the authentication server, administrators now have the option to use WiKID to do Two-Factor Authentication on NETGEAR SSL and VPN firewall products.
  • Page 169 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The WiKID solution is based on a request-response architecture where a one-time passcode (OTP), that is time synchronized with the authentication server, is generated and sent to the user once the validity of a user credential has been confirmed by the server. The request-response architecture is capable of self-service initialization by end-users, dramatically reducing implementation and maintenance costs.
  • Page 170 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. A one-time passcode (something they have) is generated for this user. Figure C-2 Note: The one-time passcode is time synchronized to the authentication server so that the OTP can only be used once and must be used before the expiration time. If a user does not use this passcode before it is expired, the user will need to go through the request process again to generate a new OTP.
  • Page 171 Two-Factor Authentication is a new and easy way to enhance networking security products without having to replace the existing hardware. To obtain and try the new Two-Factor Authentication solution on your products, visit NETGEAR Support website at http://kbserver.netgear.com. Two Factor Authentication...
  • Page 172 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Two Factor Authentication 1.1 November, 2009...
  • Page 173 Index Block TCP Flood4-20 block traffic access with schedule4-29 remote management 7-10 Blocking Instant Messenger Add LAN WAN Inbound Service4-10 example of4-16 Add LAN WAN Outbound Service4-10 Content4-21 Adding4-16 Content Filtering4-1 Add Mode Config Record screen 5-22 about4-21 address reservation Block Sites4-21 enabling4-23...
  • Page 174 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual crossover cable server IP address 6-11 DNS proxy enable Disable DNS Proxy4-20 Date DMZ WAN Rule troubleshooting example of4-14 Date DNS proxy setting 7-18 disable4-20 Daylight Savings Time adjusting for 7-19 ISP server addresses 2-11 DNS proxy...
  • Page 175 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual IPSec Host 5-19 IPsec Host factory default login XAUTH, with ModeConfig 5-25 factory default settings IPsec host revert to 7-15 Inbound Rules firmware default definition4-2 downloading 7-17 field descriptions upgrade 7-17 order of precedence Flash memory, for firmware upgrade Port...
  • Page 176 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual definition of 2-11 logging in keepalive, VPN 5-27 default login Keep Connected login policy Idle Timeout restrict by IP address Keyword Blocking4-22 restrict by port applying4-24 Known PCs and Devices list of MAC addresses blocked, adding4-25...
  • Page 177 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual NetBIOS bridging over VPN 5-29 troubleshooting TCP/IP Network Access Server. See NAS. ping 8-10 Network Address Translation. See NAT.Network Ping On Internet Ports4-20 Database port filtering table service blocking4-3 Network Database Group Names screen Port Forwarding Network Time Protocol.
  • Page 178 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual protocol numbers4-16 router administration RADIUS Server tips on4-33 configuring 5-19 Router Status 2-12 RADIUS-CHAP 5-17 5-19 Router’s MAC Address 2-16 AUTH, using with 5-18 rules RADIUS-PAP 5-17 blocking traffic4-2 XAUTH, using with 5-18 inbound RADIUS...
  • Page 179 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Settings Backup and Firmware Upgrade 7-16 TCP/IP network, troubleshooting Simple Network Management Protocol. See SNMP. Time Setting Up One-to-One NAT Mapping troubleshooting example of4-14 time sniffer daylight savings, troubleshooting SNMP TCP flood about 7-13 special rule...
  • Page 180 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual connecting VPN Client XAUTH configuring IPsec host 5-18 VPN Policies screen types of 5-17 VPN Policy Auto 5-16 Manual 5-16 VPN tunnels about VPN Wizard Gateway tunnel 5-1 VPN Client, configuring VPNC VPN passthrough 4-21...

Table of Contents