Instruction/ maintenance manual of the product FVS318G NETGEAR
Go to page of 222
202-10521-02 v1.1 August 2010 NETGEAR , Inc. 350 East Plumeria Drive San Jose, CA 95134 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual.
ii v1.1, August 2010 © 2009–2010 by NETGEAR, Inc. All rights reserved. Technical Support Please refer to the support information card that shipped with your product. By registering your product at http://www.netgear.com/register , we can provide you with faster expert technical support and timely notices of product and software upgrades.
v1.1, August 2010 iii Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Gigabit 8 Port VPN Firewall FVS318G gemäß der im BMPT-AmtsblVfg 243/ 1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.
v1.1, August 2010 iv Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1.
v1.1, August 2010 v Product and Publication Details PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided tha.
v1.1, August 2010 vi.
vii v1.1, August 2010 Contents ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual Conventions, Formats and Scope ................................................................................... xiii How to Print This Manual .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual viii Contents v1.1, August 2010 Chapter 3 LAN Configuration Choosing the VPN Firewall DHCP Options .................................................................... 3-1 Configuring the LAN Setup Options .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Contents ix v1.1, August 2010 Blocking Internet Sites (Content Filtering) .................................................................... 4-30 Configuring Source MAC Filtering .........
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual x Contents v1.1, August 2010 Configuring NetBIOS Bridging with VPN ...................................................................... 5-55 Chapter 6 VPN Firewall and Network Management Performance Management .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Contents xi v1.1, August 2010 Troubleshooting the Web Configuration Interface .......................................................... 7-3 Troubleshooting the ISP Connection ..............
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xii Contents v1.1, August 2010.
xiii v1.1, August 2010 About This Manual The NETGEAR ® ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual describes how to install, configure and troubleshoot the ProSafe Gigabit 8 Port VPN Firewall FVS318G. The information in this manual is intended for readers with intermediate computer and Internet skills.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xiv About This Manual v1.1, August 2010 • Scope . This manual is written for the VPN firewall according to these specifications. For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix C, “Related Documents .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual xv v1.1, August 2010 202-10521-02 1.0 April 2010 Added the following new features for the April 2010 firmware maintenance release: • Connection reset and delay options on the Broadband ISP Settings screen (see “Manually Configuring Your Internet Connection ”).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xvi About This Manual v1.1, August 2010.
1-1 v1.1, August 2010 Chapter 1 Introduction The ProSafe Gigabit 8 Port VPN Firewall FVS318G with eight 10/100/1000 Mbps Gigabit Ethernet LAN ports and one 10/100/1000 Mbps Gigabit Ethernet WAN port connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-2 Introduction v1.1, August 2010 • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, Web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Introduction 1-3 v1.1, August 2010 • Keyword Filtering. With its URL keyword filtering feature, the FVS318G prevents objectionable content from reaching your PCs. The VPN firewall allows you to control access to Internet content by screening for keywords within Web addresses.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-4 Introduction v1.1, August 2010 Extensive Protocol Support The FVS318G supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protoco l (RIP).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Introduction 1-5 v1.1, August 2010 • SNMP . The VPN firewall supports the Simple Network Management Protocol (SNMP) to let you monitor and manage log resources from an SNMP-compliant system manager.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-6 Introduction v1.1, August 2010 VPN Firewall Front and Rear Panels The FVS318G front panel includes eight LAN ports, one WAN port, and four groups of status indicator light-emitting diodes (LEDs), including Power and Test, LAN, and WAN LEDs.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Introduction 1-7 v1.1, August 2010 The rear panel of the FVS318G includes a cable lock receptacle, a Factory Defaults button, and a DC power connection. Viewed from left to right, the rear panel contains the following elements: 1.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1-8 Introduction v1.1, August 2010 Default IP Address, Login Name, and Password Check the label on the bottom of the FVS318G’s enclosure if you forget the following factory default information: • IP Address: http://192.
2-1 v1.1, August 2010 Chapter 2 Connecting the VPN Firewall to the Internet This section provides instructions for connecting the ProSafe Gigabit 8 Port VPN Firewall FVS318G, including these topics: .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-2 Connecting the VPN Firewall to the Internet v1.1, August 2010 6. Configure the WAN options (optional) . As an option, change the VPN firewall’s Media Access Control (MAC) address, the factory default MTU size, and the port speed.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-3 v1.1, August 2010 3. Click Login . The Router Status screen displays. For more information about this screen, see “Viewing the VPN Firewall Configuration and System Status” on page 6-30 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-4 Connecting the VPN Firewall to the Internet v1.1, August 2010 Configuring the Internet Connection to Your ISP To automatically configure the broadband port and connect to the Internet: 1.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-5 v1.1, August 2010 When Auto Detect successfully detects an active Internet service, it reports which connection type it discovered. The options are described in Table 2-1 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-6 Connecting the VPN Firewall to the Internet v1.1, August 2010 The Connection Status window should show a valid IP address and gateway.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-7 v1.1, August 2010 4. In the ISP Type section, select the type of ISP connection you use from the two listed options. (By default, “Other (PPPoE)” is selected.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-8 Connecting the VPN Firewall to the Internet v1.1, August 2010 – Idle Timeout . Check the Keep Connected radio box to keep the connection always on.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-9 v1.1, August 2010 6. Review the Domain Name Server (DNS) server options. • If your ISP has not assigned any Domain Name Servers (DNS) addresses, click Get Dynamically from ISP .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-10 Connecting the VPN Firewall to the Internet v1.1, August 2010 The WAN Mode screen allows you to configure how the VPN firewalll uses the external Internet connection. This screen gives you two choices for accessing the external Internet connection.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-11 v1.1, August 2010 Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-12 Connecting the VPN Firewall to the Internet v1.1, August 2010 2. Click the tab of the DNS service you want to enable. Each DNS service provider requires registration. After registration you can configure the required settings on the corresponding screen for the DNS service.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Connecting the VPN Firewall to the Internet 2-13 v1.1, August 2010 Configuring the Advanced Broadband Options To configure the advanced broadband options: 1. Select Network Configuration from the main menu and Broadband ISP Settings from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2-14 Connecting the VPN Firewall to the Internet v1.1, August 2010 • Router's MAC Address . Each computer or router on your network has a unique 32-bit local Ethernet address. This is also referred to as the computer's MAC (Media Access Control) address.
3-1 v1.1, August 2010 Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Gigabit 8 Port VPN Firewall FVS318G, including the following section.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-2 LAN Configuration v1.1, August 2010 The VPN firewall will deliver the following settings to any LAN device that requests DHCP: • An IP address from the range that you have defined. • Subnet mask.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-3 v1.1, August 2010 To configure the LAN Setup options: 1. Select Network Configuration from the main menu and LAN Settings from the submenu. The LAN Setup screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-4 LAN Configuration v1.1, August 2010 • IP Subnet Mask . The subnet mask specifies the network number portion of an IP address. Your VPN firewall will automatically calculate the subnet mask based on the IP address that you assign.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-5 v1.1, August 2010 If you will use a Lightweight Directory Access Protocol (LDAP) authentication server for network-validated domain-based authentication, select Enable LDAP Information to enable the DHCP server to provide LDAP server information.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-6 LAN Configuration v1.1, August 2010 The Network Database is updated by these methods: • DHCP Client Requests . By default, the DHCP server in this VPN firewall is enabled, and will accept and respond to DHCP client requests from PCs and other network devices.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-7 v1.1, August 2010 Viewing the Network Database To view the Network Database, follow these steps: 1. Select Network Configuration from the main menu and LAN Settings from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-8 LAN Configuration v1.1, August 2010 Adding Devices to the Network Database To add devices manually to the network database: 1. To add computers to the network database manually, make the following selections: • Name : The name of the PC or device.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-9 v1.1, August 2010 Changing Group Names in the LAN Groups Database By default, the LAN Groups are named Group1 through Group8. You can rename these group names to be more descriptive, such as Engineering or Marketing.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-10 LAN Configuration v1.1, August 2010 Configuring Multi Home LAN IP Addresses If you have computers on your LAN using different IP address ranges (for example, 172.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-11 v1.1, August 2010 3. In the Add Secondary LAN IP Address section, enter the additional IP address and subnet mask to be assigned to the LAN port of the VPN firewall. 4.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-12 LAN Configuration v1.1, August 2010 The DMZ Setup screen allows you to set up the DMZ port. It permits you to enable or disable the hardware DMZ port (LAN port 8, see “VPN Firewall Front and Rear Panels” on page 1-6 ) and configure an IP address and Mask for the DMZ port.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-13 v1.1, August 2010 4. In the DHCP for DMZ Connected Computers section, select one of the following three radio buttons: • Disable DHCP Server . The DHCP server is disabled, which is the default setting.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-14 LAN Configuration v1.1, August 2010 If you will use a Lightweight Directory Access Protocol (LDAP) authentication server for network-validated domain-based authentication, select Enable LDAP Information to enable the DHCP server to provide LDAP server information.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-15 v1.1, August 2010 To add a static route: 1. Select Network Configuration from the main menu and Routing from the submenu. The Routing screen displays. 2. Click Add . The Add Static Route screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-16 LAN Configuration v1.1, August 2010 6. In the Destination IP Address field, enter the destination IP address to the host or network to which the route leads. 7. In the IP Subnet Mask field, enter the IP subnet mask for this destination.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN Configuration 3-17 v1.1, August 2010 • The Gateway IP Address fields specifies that all traffic for these addresses should be forwarded to the ISDN firewall at 192.168.1.100. • A Metric value of 1 will work since the ISDN firewall is on the LAN.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3-18 LAN Configuration v1.1, August 2010 3. From the RIP Direction pull-down menu, select the direction in which the VPN firewall will send and receives RIP packets. The choices are: • None .
4-1 v1.1, August 2010 Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Gigabit 8 Port VPN Firewall FVS318G to protect your network.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-2 Firewall Protection and Content Filtering v1.1, August 2010 A firewall incorporates the functions of a NAT (Network Address Translation.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-3 v1.1, August 2010 Services-Based Rules The rules to block traffic are based on the traffic’s category of service. • Outbound Rules (service blocking) .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-4 Firewall Protection and Content Filtering v1.1, August 2010 Select Schedule Select the desired time schedule (Schedule1, Schedule2, or Schedule3) that will be used by this rule.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-5 v1.1, August 2010 Inbound Rules (Port Forwarding) Because the VPN firewall uses Network Address Translation (NAT), your network presents only one IP address to the Internet and outside users cannot directly address any of your local computers.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-6 Firewall Protection and Content Filtering v1.1, August 2010 Table 4-2. Inbound Rules Item Description Services Select the desired service or application to be covered by this rule.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-7 v1.1, August 2010 Remember that allowing inbound services opens holes in your VPN firewall. Only enable those ports that are necessary for your network.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-8 Firewall Protection and Content Filtering v1.1, August 2010 Viewing Rules and Order of Precedence for Rules To view the firewall rules, select Security from the main menu and Firewall from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-9 v1.1, August 2010 To make changes to an existing outbound or inbound service rule on the the .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-10 Firewall Protection and Content Filtering v1.1, August 2010 LAN WAN Outbound Services Rules You may define rules that will specify exceptions to the default rules.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-11 v1.1, August 2010 LAN WAN Inbound Services Rules This Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules will be listed.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-12 Firewall Protection and Content Filtering v1.1, August 2010 Configuring DMZ WAN Rules The firewall rules for traffic between the DMZ and the WAN/Internet are configured on the DMZ WAN Rules screen.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-13 v1.1, August 2010 4. Configure the settings based on the descriptions in Table 4-1 on page 4-3 . 5. Click Apply. The new rule will appear in the Outbound Services table.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-14 Firewall Protection and Content Filtering v1.1, August 2010 To create a new LAN DMZ outbound service policy: 1. Select Security from the main menu and Firewall Rules from the submenu. The LAN WAN Rules screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-15 v1.1, August 2010 5. Click Apply. The new rule will appear in the Outbound Services table.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-16 Firewall Protection and Content Filtering v1.1, August 2010 LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses I.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-17 v1.1, August 2010 The following addressing scheme is used in this example: • VPN firewall FVS318G – WAN primary public IP address: 10.1.0.1 – WAN additional public IP address: 10.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-18 Firewall Protection and Content Filtering v1.1, August 2010 To expose one of the PCs on your LAN or DMZ as this host: 1. Create an inbound rule that allows all protocols. 2. Place the rule below all other inbound rules.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-19 v1.1, August 2010 Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger, Real Audio or other non-essential sites.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-20 Firewall Protection and Content Filtering v1.1, August 2010 Attack Checks The Attack Checks screen allows you to specify whether or not the VPN firewall should be protected against common attacks in the DMZ, LAN and WAN networks.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-21 v1.1, August 2010 – Block TCP Flood . A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-22 Firewall Protection and Content Filtering v1.1, August 2010 Setting Session Limits Session Limit allows you to specify the total number of sessions allowed, per user, over an IP (Internet Protocol) connection across the VPN firewall.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-23 v1.1, August 2010 The Total Number of Packets Dropped due to Session Limit field shows total number of packets dropped when session limit is reached.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-24 Firewall Protection and Content Filtering v1.1, August 2010 Creating Services, QoS Profiles, and Bandwidth Profiles When you create in.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-25 v1.1, August 2010 To define a new service, first you must determine which port number or range of numbers is used by the application.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-26 Firewall Protection and Content Filtering v1.1, August 2010 Modifying a Service To edit the settings of a service: 1. In the Custom Services Table , click the Edit icon adjacent to the service you want to edit.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-27 v1.1, August 2010 A ToS priority for traffic passing through the VPN firewall is one of the following: • Normal-Service . No special priority given to the traffic.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-28 Firewall Protection and Content Filtering v1.1, August 2010 To add a bandwidth profile: 1. Select Security from the main menu and Bandwidth Profile from the submenu. The Bandwidth Profile screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-29 v1.1, August 2010 c. Depending on the direction that you selected, enter the minimum and maximum bandwidths to be allowed: • Enter the Outbound Minimum Bandwidth and Outbound Maximum Bandwidth in Kbps.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-30 Firewall Protection and Content Filtering v1.1, August 2010 2. Check the radio button for All Days or Specific Days . If you chose Specific Days , check the radio button for each day you want the schedule to be in effect.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-31 v1.1, August 2010 – Proxy . A proxy server (or simply, proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-32 Firewall Protection and Content Filtering v1.1, August 2010 To enable Content Filtering: 1. Select Security from the main menu and Block Sites from the submenu. The Block Sites screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-33 v1.1, August 2010 2. Check the Yes radio button to enable content filtering. 3. Click Apply to activate the screen controls. 4. Check the radio boxes of any Web components you wish to block.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-34 Firewall Protection and Content Filtering v1.1, August 2010 2. Check the Yes radio box in the MAC Filtering Enable section. 3. Select the action to be taken on outbound traffic from the listed MAC addresses: • Block this list and permit all other MAC addresses.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-35 v1.1, August 2010 Configuring IP/MAC Address Binding IP/MAC binding allows you to bind an IP address to a MAC address and the other way around.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-36 Firewall Protection and Content Filtering v1.1, August 2010 3. Select the Yes radio box and click Apply . Make sure that you have enabled the e-maling of logs (see “Activating Notification of Events and Alerts” on page 6-23 ).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-37 v1.1, August 2010 To edit an IP/MAC binding rule, click Edit adjacent to the entry. The following fields of an existing IP/MAC binding rule can be modified: • MAC Address .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-38 Firewall Protection and Content Filtering v1.1, August 2010 Without port triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the port forwarding rules.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-39 v1.1, August 2010 a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 6. In the Incoming (Response) Port Range fields: a.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-40 Firewall Protection and Content Filtering v1.1, August 2010 To check the status of the port triggering rules, click the Status option arrow on the Port Triggering screen.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Firewall Protection and Content Filtering 4-41 v1.1, August 2010 3. Configure the following fields: – Advertisement Period . Enter the period in minutes that specified how often the VPN firewall should broadcast its UPnP information to all devices within its range.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-42 Firewall Protection and Content Filtering v1.1, August 2010 Administrator Tips Consider the following operational items: • As an opt.
5-1 v1.1, August 2010 Chapter 5 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the ProSafe Gigabit 8 Port VPN Firewall FVS318G.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-2 Virtual Private Networking v1.1, August 2010 Creating Gateway to Gateway VPN Tunnels with the Wizard Follow these steps to set up a gateway VPN tunnel using the VPN Wizard. 1. Select VPN from the main menu and VPN Wizard from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-3 v1.1, August 2010 To view the wizard default settings, click the VPN Wizard Default Values option arrow. You can modify these settings after completing the wizard.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-4 Virtual Private Networking v1.1, August 2010 8. Click Apply to save your settings. The VPN Policies screen shows that the policy is now enabled.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-5 v1.1, August 2010 Creating a Client to Gateway VPN Tunnel Follow these steps to configure the a VPN client tunnel: • Configure the client policies on the gateway.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-6 Virtual Private Networking v1.1, August 2010 7. Click Apply to save your settings. The VPN Policies screen (see Figure 5-7 on page 5-7 ) shows that the policy is now enabled. To view or modify the VPN policy, see “Managing VPN Policies” on page 5-15 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-7 v1.1, August 2010 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to connect to the VPN firewall.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-8 Virtual Private Networking v1.1, August 2010 2. In the upper left of the Policy Editor window, click the New Document icon (the first on the left) to open a New Connection. Give the New Connection a name; in this example, we are using gw1 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-9 v1.1, August 2010 3. In the left frame, click My Identity . Fill in the options according to the instructions below. • From the Select Certificate pull-down menu, choose None .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-10 Virtual Private Networking v1.1, August 2010 Figure 5-11.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-11 v1.1, August 2010 • In the left frame, click Security Policy to view the settings: no changes are needed. • In the left frame, expand Authentication (Phase 1) and click Proposal 1 : no changes are needed.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-12 Virtual Private Networking v1.1, August 2010 Within 30 seconds you should receive the message “Successfully connected to My Connectionsgw1”. The VPN client icon in the system tray should state On: 2.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-13 v1.1, August 2010 • Right-click the VPN Client icon in the system tray and select Connection Monitor. The VPN client system tray icon provides a variety of status indications, which are listed below.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-14 Virtual Private Networking v1.1, August 2010 VPN Firewall VPN Connection Status and Logs To view VPN firewall VPN connection status, select VPN from the main menu and Connection Status from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-15 v1.1, August 2010 To view VPN firewall VPN logs, select Monitoring from the main menu and VPN Logs from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-16 Virtual Private Networking v1.1, August 2010 IKE policies are activated when: 1. The VPN Policy Selector determines that some traffic matches an existing VPN policy.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-17 v1.1, August 2010 Each policy that is listed in the List of IKE Policies table contains the following data: • Name .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-18 Virtual Private Networking v1.1, August 2010 Manually Adding or Editing an IKE Policy To manually add an IKE policy: 1. Select VPN from the main menu and Policies from the submenu. The Policies submenu tabs appear with the IKE Policies screen in view (see Figure 5-18 on page 5-16 ).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-19 v1.1, August 2010 3. Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 5-2 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-20 Virtual Private Networking v1.1, August 2010 Local Identifier Type From the pull-down menu, select one of the following ISAKMP identifiers to be used by the VPN firewall, and then specify the identifier in the field below: • Local Wan IP .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-21 v1.1, August 2010 Authentication Method Select one of the following radio buttons to specify the authentication method: • Pre-shared key . A secret that is shared between the VPN firewall and the remote endpoint.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-22 Virtual Private Networking v1.1, August 2010 4. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table. To edit an IKE policy: 1. Select VPN from the main menu and Policies from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-23 v1.1, August 2010 4. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Configuring VPN Policies You can create two types of VPN policies.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-24 Virtual Private Networking v1.1, August 2010 2. Click the VPN Policies tab. The VPN Policies screen is displayed. Only one client policy may configured at a time (noted by an “*” next to the policy name).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-25 v1.1, August 2010 To delete one or more VPN polices: 1. Select the checkbox to the left of the policy that you want to delete or click the select all table button to select all VPN policies.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-26 Virtual Private Networking v1.1, August 2010 4. Complete the fields, select the radio buttons and checkboxes, and make your selections from the pull-down menus as explained Table 5-3 on page 5-27 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-27 v1.1, August 2010 Table 5-3. Add VPN Policy Settings Item Description (or Subfield and Description) General Policy Name A descriptive name of the VPN policy for identification and management purposes.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-28 Virtual Private Networking v1.1, August 2010 Traffic Selection Local IP From the pull-down menu, select the address or addresses that are part of the VPN tunnel on the VPN firewall: • Any .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-29 v1.1, August 2010 Integrity Algorithm From the pull-down menu, select one of the following two algorithms to be used in the VPN header for the authentication process: • SHA-1 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-30 Virtual Private Networking v1.1, August 2010 5. Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table. To edit a VPN policy: 1. Select VPN from the main menu and Policies from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-31 v1.1, August 2010 Digital Certificates can be either self signed or can be issued by Certification Authorities (CA) such as via an in-house Windows server, or by an external organization such as Verisign or Thawte.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-32 Virtual Private Networking v1.1, August 2010 Understanding the Certificates Screen To display the Certificates screen, select VPN form the main menu and Certificates from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-33 v1.1, August 2010 To view the VPN certificates: Select VPN from the main menu and Certificates from the submenu. The Certificates screen displays. The top section of the Certificates screen displays the Trusted Certificates (CACertificates) section.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-34 Virtual Private Networking v1.1, August 2010 There can be three reasons why a security alert is generated for a security certificate: • The security certificate was issued by a company you have not chosen to trust.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-35 v1.1, August 2010 • Issuer Name . The name of the CA that issued the certificate. • Expiry Time . The date on which the certificate expires. You should renew the certificate before it expires.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-36 Virtual Private Networking v1.1, August 2010 2. Configure the following fields: • Name . Enter a descriptive name that will identify this certificate. • Subject . This is the name which other organizations will see as the holder (owner) of the certificate.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-37 v1.1, August 2010 6. In the Self Certificate Requests table, click view in the Action column to view the request.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-38 Virtual Private Networking v1.1, August 2010 If you have not already uploaded the CA certificate, do so now, as described in “Viewing and Loading CA Certificates” on page 5-32 .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-39 v1.1, August 2010 Configuring Extended Authentication (XAUTH) When connecting many VPN clients to a VPN gateway router, an administrator may want a unique user authentication method beyond relying on a single common preshared key for all clients.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-40 Virtual Private Networking v1.1, August 2010 2. You can add XAUTH to an existing IKE policy by clicking the edit button adjacent to the policy to be modified or you can create a new IKE policy incorporating XAUTH by clicking add .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-41 v1.1, August 2010 – User Database to verify against the VPN firewall’s user database. Users must be added through the User Database screen (see “Configuring the User Database for XAUTH” on page 5-41 ).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-42 Virtual Private Networking v1.1, August 2010 2. Enter a User Name . This is the unique ID of a user which will be added to the User Name database. 3. Enter a Password for the user, and reenter the password in the Confirm Password field.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-43 v1.1, August 2010 3. Enable the primary RADIUS server by checking the Yes radio box. 4. Enter the primary RADIUS Server IP Address . 5. Enter a Secret Phrase .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-44 Virtual Private Networking v1.1, August 2010 8. Set the Time Out Period , in seconds, that the VPN firewall should wait for a response from the RADIUS server. 9. Set the Maximum Retry Count.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-45 v1.1, August 2010 Configuring Mode Config Operation on the VPN Firewall You need to configure two screens: the ModeConfig screen and the IKE Policies screen. Configuring the Mode Config Screen To configure the Mode Config screen: 1.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-46 Virtual Private Networking v1.1, August 2010 3. Enter a descriptive Record Name such as “Sales”. 4. Assign at least one range of IP pool addresses in the First IP Pool field to give to remote VPN clients.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-47 v1.1, August 2010 9. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 10.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-48 Virtual Private Networking v1.1, August 2010 Recommended settings are: • Encryption Algorithm: 3DES • Authentication Algorithm: SH.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-49 v1.1, August 2010 9. Enter a Pre-Shared Key that will also be configured in the VPN client.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-50 Virtual Private Networking v1.1, August 2010 Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-51 v1.1, August 2010 2. From the left side of the menu, click My Identity. Enter the following information: a. Click Pre-Shared Key and enter the key you configured in the VPN firewall’s Add IKE Policy screen b.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-52 Virtual Private Networking v1.1, August 2010 b. Check the Enable Perfect Forward Secrecy (PFS) radio button, and select the Diffie- Hellman Group 2 from the PFS Key Group pull-down menu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-53 v1.1, August 2010 Enter the values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours (28800 seconds).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-54 Virtual Private Networking v1.1, August 2010 4. In the General section of the Edit VPN Policy screen, locate the keepalive configuration settings. 5. Click the Yes radio button to enable keepalive.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Virtual Private Networking 5-55 v1.1, August 2010 3. In the IKE SA Parameters section of the Edit IKE Policy screen, locate the Dead Peer Detection configuration settings. 4. Click the Yes radio button to Enable Dead Peer Detection .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5-56 Virtual Private Networking v1.1, August 2010 2. Click the VPN Policies tab. The VPN Policies screen displays (see Figure 5-20 on page 5-24 ). 3. In the List of VPN Policies table, click the edit button to the right of the VPN policy that you want to edit.
6-1 v1.1, August 2010 Chapter 6 VPN Firewall and Network Management This chapter describes how to use the network management features of your ProSafe Gigabit 8 Port VPN Firewall FVS318G.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-2 VPN Firewall and Network Management v1.1, August 2010 VPN Firewall Features That Reduce Traffic You can adjust the following features o.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-3 v1.1, August 2010 • WAN Users . These settings determine which Internet locations are covered by the rule, based on their IP address. – Any . The rule applies to all Internet IP address.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-4 VPN Firewall and Network Management v1.1, August 2010 • Keyword (and Domain Name) Blocking . You can specify up to 32 words that, should they appear in the website name (that is, URL) or in a newsgroup name, will cause that site or newsgroup to be blocked by the VPN firewall.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-5 v1.1, August 2010 Port Forwarding The VPN firewall always blocks DoS (Denial of Service) attacks.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-6 VPN Firewall and Network Management v1.1, August 2010 • WAN Users . These settings determine which Internet locations are covered by the rule, based on their IP address. – Any . The rule applies to all Internet IP address.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-7 v1.1, August 2010 – After a PC has finished using a port triggering application, there is a time-out period before the application can be used by another PC.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-8 VPN Firewall and Network Management v1.1, August 2010 See “Specifying Quality of Service (QoS) Priorities” on page 4-26 for the procedure on how to use this feature.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-9 v1.1, August 2010 3. In the User Selection section of the screen, select either the Edit Admin Settings or Edit Guest Settings radio box. 4. In either the Admin Settings or the Guest Settings section of the screen: a.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-10 VPN Firewall and Network Management v1.1, August 2010 Adding External Users You can add external users for which you then can configure an authentication method (see “Configuring an External Server for Authentication” on page 6-11 ).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-11 v1.1, August 2010 3. Configure the following fields: a. User Name . Enter a unique identifier, using any alphanumeric characters. b. User Type . Select either Admin or Guest .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-12 VPN Firewall and Network Management v1.1, August 2010 To configure external authentication: 1. Select Users from the main menu and External Authentication from the submenu. The External Users screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-13 v1.1, August 2010 • Secret Phrase . Transactions between the client and the RADIUS server are authenticated using a shared secret phrase, so the same secret phrase must be configured on both client and server.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-14 VPN Firewall and Network Management v1.1, August 2010 Enabling Remote Management Access Using the Remote Management screen, you can allow an administrator on the Internet to configure, upgrade, and check the status of your VPN firewall.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-15 v1.1, August 2010 2. Check Allow Remote Management radio box. 3. Click the Yes radio button to enable secure HTTP management (enabled by default), and configure the external IP addresses that will be allowed to connect.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-16 VPN Firewall and Network Management v1.1, August 2010 . Using an SNMP Manager Simple Network Management Protocol (SNMP) lets you monitor and manage your VPN firewall from an SNMP Manager.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-17 v1.1, August 2010 To create a new SNMP configuration entry: 1. Select Administration from the main menu and SNMP from the submenu. The SNMP screen displays.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-18 VPN Firewall and Network Management v1.1, August 2010 When you click on the SNMP System Info option arrow on the SNMP screen, the VPN firewall’s identification information is displayed.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-19 v1.1, August 2010 Backing Up Settings To back up settings: 1. Select Administration from the main menu and Settings Backup & Upgrade from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-20 VPN Firewall and Network Management v1.1, August 2010 Restoring Settings To restore settings from a backup file: 1. On the Settings Backup and Firmware Upgrade screen, next to Restore save settings from file , click Browse .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-21 v1.1, August 2010 After downloading an upgrade file, you may need to unzip (uncompress) it before upgrading the VPN firewall. If Release Notes are included in the download, read them before continuing.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-22 VPN Firewall and Network Management v1.1, August 2010 2. From the Date/Time pull-down menu, select the local time zone. This is required in order for scheduling to work correctly. The VPN firewall includes a Real-Time Clock (RTC), which it uses for scheduling.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-23 v1.1, August 2010 Monitoring System Performance You can be alerted to important events such as WAN traffic limits reached, login failures, and attacks.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-24 VPN Firewall and Network Management v1.1, August 2010 Figure 6-10.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-25 v1.1, August 2010 2. In the Log Options section, enter the name of the log in the Log Identifier field. The Log Identifier is a mandatory field used to identify which device sent the log messages.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-26 VPN Firewall and Network Management v1.1, August 2010 • LOG_ERROR (Error conditions) • LOG_WARNING (Warning conditions) • LOG_NOTICE (Normal but significant conditions) • LOG_INFO (Informational messages) • LOG_DEBUG (Debug level messages) 10.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-27 v1.1, August 2010 Enabling the Traffic Meter If your ISP charges by traffic volume over a given period of time, or if you want to study traffic types over a period of time, you can activate the traffic meter for the broadband port.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-28 VPN Firewall and Network Management v1.1, August 2010 • Increase this month limit by . Temporarily increase the traffic limit if you have reached the monthly limit, but need to continue accessing the Internet.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-29 v1.1, August 2010 • Restart Traffic Counter at a Specific Time . Restart the traffic counter at a specific time and day of the month. Fill in the time fields and choose AM or PM and the day of the month from the pull-down menus.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-30 VPN Firewall and Network Management v1.1, August 2010 Viewing the VPN Firewall Configuration and System Status The Router Status screen provides status and usage information. Select Monitoring from the main menu and Router Status from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-31 v1.1, August 2010 Monitoring VPN Firewall Statistics To display the VPN firewall statistics: 1. Select Monitoring from the main menu and Router Status from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-32 VPN Firewall and Network Management v1.1, August 2010 For each interface (Broadband, LAN, and DMZ), the number of transmitted (Tx Pkts.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-33 v1.1, August 2010 Monitoring Attached Devices The LAN Groups screen contains a table of all IP devices that the VPN firewall has discovered on the local network.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-34 VPN Firewall and Network Management v1.1, August 2010 The Known PCs and Devices table lists all current entries in the LAN Groups database.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-35 v1.1, August 2010 The Active IPsec (SA)s table lists each active connection with the following information Viewing the VPN Logs The VPN Logs screen gives log details for recent VPN activity.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-36 VPN Firewall and Network Management v1.1, August 2010 Viewing the DHCP Log To display the DHCP log: 1. Select Network Configuration from the main menu and LAN Settings from the submenu.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual VPN Firewall and Network Management 6-37 v1.1, August 2010 To view the most recent entries, click refresh . Table 6-6. Port Triggering Status Data Item Description Rule The name of the rule.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6-38 VPN Firewall and Network Management v1.1, August 2010.
7-1 v1.1, August 2010 Chapter 7 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe Gigabit 8 Port VPN Firewall FVS318G.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-2 Troubleshooting v1.1, August 2010 Power LED Not On If the Power and other LEDs are off when your VPN firewall is turned on: • Make su.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-3 v1.1, August 2010 Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall’s Web .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-4 Troubleshooting v1.1, August 2010 If the VPN firewall does not save changes you have made in the Web Configuration Interface, check the.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-5 v1.1, August 2010 • Your ISP may check for your PC's host name. Assign the PC Host Name of your ISP account as the Account Name on the Broadband ISP Settings screen (see Figure 2-2 on page 2-4 ).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-6 Troubleshooting v1.1, August 2010 Pinging < IP address > with 32 bytes of data If the path is working, you will see this message:.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-7 v1.1, August 2010 – If your ISP assigned a host name to your PC, enter that host name as the Account Name on the Broadband ISP Settings screen (see Figure 2-2 on page 2-4 ).
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-8 Troubleshooting v1.1, August 2010 Problems with the date and time function can include: • Date and time shown is Thu Jan 01 00:01:52 GMT 1970. Cause: The VPN firewall has not yet successfully reached a Network Time Server.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting 7-9 v1.1, August 2010 Table 7-1. Diagnostics Item Description Ping or Trace an IP Address Ping. Used to send a ping packet request to a specified IP address—most often, to test a connection.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-10 Troubleshooting v1.1, August 2010.
Default Settings and Technical Specifications A-1 v1.1, August 2010 Appendix A Default Settings and Technical Specifications Y ou can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A-2 Default Settings and Technical Specifications v1.1, August 2010 Technical specifications for the ProSafe Gigabit 8 Port VPN Firewall FVS318G are listed in the following table.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default Settings and Technical Specifications A-3 v1.1, August 2010 Environmental Specifications Operating temperature: 0 to 40 C (.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A-4 Default Settings and Technical Specifications v1.1, August 2010.
Two Factor Authentication B-1 v1.1, August 2010 Appendix B Two Factor Authentication This appendix provides an overview of Two-Factor Authentication, and an example of how to implement the WiKID solution. This appendix contains the following sections: • “Why do I need Two-Factor Authentication? ” on this page.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual B-2 Two Factor Authentication v1.1, August 2010 • Quick to deploy and manage . The WiKID solution integrates seamlessly with the NETGEAR SSL and VPN firewall products. • Proven regulatory compliance .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Two Factor Authentication B-3 v1.1, August 2010 The request-response architecture is capable of self-service initialization by end-users, dramatically reducing implementation and maintenance costs.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual B-4 Two Factor Authentication v1.1, August 2010 3. The user then proceeds to the Two-Factor Authentication login page and enters the generated one-time passcode as the login password.
Related Documents C-1 v1.1, August 2010 Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link TCP/IP Networking Basics http://documentation.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual C-2 Related Documents v1.1, August 2010.
Index-1 v1.1, August 2010 Index Numerics 3322.org 2-11 A access remote management 6-14 Add DMZ WAN Outbound Services screen 4-12 Add LAN DMZ Outbound Service screen 4-14 Add LAN WAN Inbound Service 4-11 Add LAN WAN Outbound Service screen 4-10 Add Mode Config Record screen 5-45 address reservation 3-9 Advanced Encryption Standard.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-2 v1.1, August 2010 certificates CRL 5-32 management of 5-35 trusted (CA certificates) 5-32 Classical Routing definition of 2-10 comm.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-3 v1.1, August 2010 Domain Name router 3-4 , 3-13 Domain Name Blocking 4-31 Domain Name Servers. See DNS. DoS about protection 1-2 attack 4-21 DPD 5-21 Dynamic DNS Configuration screen 2-11 Dynamic DNS.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-4 v1.1, August 2010 default definition 4-2 example 4-16 field descriptions 4-6 order of precedence 4-8 Port Forwarding 4-3 , 4-5 rule.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-5 v1.1, August 2010 M MAC address 7-7 blocked, adding 4-33 configuring 2-5 format of 2-14 spoofing 7-5 main menu 2-3 MD5 IKE polices .
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-6 v1.1, August 2010 service blocking 4-3 Port Forwarding Inbound Rules 4-3 , 4-5 increasing traffic 6-5 rules, about 4-5 port numbers.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-7 v1.1, August 2010 Routing Information Protocol. See RIP. Routing screen 3-15 RSA signatures 5-21 rules blocking traffic 4-2 inbound.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-8 v1.1, August 2010 TCP/IP network, troubleshooting 7-5 technical specifications A-1 Time daylight savings, troubleshooting 7-8 setting 6-21 troubleshooting 7-7 Time Zone setting of 6-21 Time Zone screen 6-21 ToS.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-9 v1.1, August 2010 Web Components 4-30 blocking 4-33 filtering, about 4-30 Web configuration troubleshooting 7-3 WiKID 6-11 authenti.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Index-10 v1.1, August 2010.
An important point after buying a device NETGEAR FVS318G (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought NETGEAR FVS318G yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data NETGEAR FVS318G - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, NETGEAR FVS318G you will learn all the available features of the product, as well as information on its operation. The information that you get NETGEAR FVS318G will certainly help you make a decision on the purchase.
If you already are a holder of NETGEAR FVS318G, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime NETGEAR FVS318G.
However, one of the most important roles played by the user manual is to help in solving problems with NETGEAR FVS318G. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device NETGEAR FVS318G along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center