Instruction/ maintenance manual of the product FVS318N-100NAS NETGEAR
Go to page of 414
350 East Plumeria Drive San Jose, CA 95134 USA March 16, 2012 202-10836-02 v1.0 Pr oSaf e W ir eless -N 8-P ort Gi gab it VPN F ir e w all FVS318N Refe ren c e M a nu a l.
2 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N © 201 1–2012 NETGEAR, Inc. All right s reserv ed. No part of this publication may be re produced, transmitted, tran scribed, stored in a retrie val system, or translated into any langu age in any form or by any means without the written permission of NETGEAR, Inc.
3 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N (continued) • User login restricti ons based on IPv6 addresses (see Config ure Login Restrictions Based on IPv6 Addresses ) • IPv6 remote m.
4 Contents Chapter 1 Introduction What Is the ProSafe Wireless- N 8- Port Gigabit VPN Fire wall FVS318N? . 10 Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Wireless Features . . . . . . . . . . . .
5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional WAN-Related Configuration Task s . . . . . . . . . . . . . . . . . . . . 50 Verify the Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 What to Do Next .
6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Chapter 5 Firewall Protection About Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Administrator Tips. . . . . . . . . . . . . . . . . . . . . .
7 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Manage VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . . 233 Configure XAUTH for VPN C lients .
8 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Manage Digital Certificates for VPN Connections . . . . . . . . . . . . . . . . . . 3 06 VPN Certificates Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Manage VPN CA Certificates .
9 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N When You Enter a URL or IP Address, a Time-Out Erro r Occurs . . . . . . 370 Troubleshoot the ISP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Troubleshooting the IPv6 Connection .
10 1 1. Intr oduc ti on This chapter provides an ove rview of the features and cap abilities of the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N and explains how to log in to the device and use it s web management interface.
Introduction 11 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N K ey Features and Capabilities The wireless VPN firewall provides the following key feature s and capabilities: • A sing le 10/.
Introduction 12 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • SSL VPN provides remote access for mobi le users to se lected corporate resources without requiring a preinst alled VPN client on their computers.
Introduction 13 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Autosensing Ethernet Connections with Auto Uplink With its internal e ight-port 10/100/1000 Mbps switch an d 10/100/1000 W AN por.
Introduction 14 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Easy Installation and Management Y ou can install, configure, and operate the wireless VPN firewall within minutes af ter connecting it to the network. The following fe atures simplify inst allation and management task s: • Bro wser-based management .
Introduction 15 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N P ackage Contents The wireless VPN firewall product p ackage cont ains the following items: • ProSafe Wireless-N 8-Port Gigabit.
Introduction 16 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1. The following t able describes t he function of each LED. T able 1. LED descriptions LED Activity Description Power LED On (green) Power is supplied to the wireless VPN firewall.
Introduction 17 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Ports Left LED Off The LAN port ha s no link. On (green) The LAN p ort has detected a l ink with a connected Ethernet device. Blinking (green) Data is being transmi tted or re ceived by the LAN port.
Introduction 18 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Rea r P a ne l The rear panel of the wireless VPN firewall includes the antenna s, a cable lock recept acle, a console port, a Reset button, a DC power connectio n, and a power switch.
Introduction 19 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Bottom P anel with Product Label The product label on the bottom of the wireless VPN firewall’s en closure displays factory defaults set tings, regulatory co mpliance, and other information.
Introduction 20 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Log In to the Wireless VPN Firewall Note: T o connect the wireless VPN firewall physically to your network, connect the cables and rest art your network according to the instructions in the Installa tion Guide .
Introduction 21 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 4. 3. In the User Name field, type admin . Use lowercase letters. 4. In the Password / Pa sscode field, type p assword .
Introduction 22 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 5. W eb Management Interface Menu Layout The following figure shows the menu at t he top the web management in terface: Figure 6. The web management interface menu consist s of the following compo nents: • 1st le vel: Main navigation menu links .
Introduction 23 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • 2nd level: Configuration menu links . The configuration menu lin ks in the gray bar (immediately below the main navigation menu bar) chan ge according to the main navigation menu link that you se lect.
Introduction 24 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Any of the following t able buttons might display onscreen: • Select All . Select all entries in the tab le. • Delete . Delete th e selected entry or entrie s from the table. • Enable .
25 2 2. Int e r net and Br oadband Setting s This chapter explains how to configu re the Intern et an d W AN settings. This chapter cont ains th e following sections: • Internet and W AN Configu rat.
Internet and Broadband Settings 26 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Configure the W AN options (optio nal) . If required, change the factory default MTU size, port speed, and MAC address of the wireless VPN firewall: see Configure Advanced WAN Options and Other T asks on p age 47 .
Internet and Broadband Sett ings 27 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Network A ddress T ranslation Network Address T ranslation (NA T) allows all co mputers on your LAN to share a single public Internet IP address. From t he Internet, there is only a single device (the wireless VPN firewall) and a single IP address.
Internet and Broadband Settings 28 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 9. 2. Select the NA T radio button or the Classical Rou ting radio button. W ARNING: Changing the W AN mode causes all LAN W AN and DMZ W AN inbound rules to revert to default settings.
Internet and Broadband Sett ings 29 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10. 2. Click the Auto Det ect button at the bottom of the screen. The autodetect process probes the W AN port for a range of connection methods and suggests one that your ISP is most likely to support.
Internet and Broadband Settings 30 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • If the autodetect process does not find a connection, you are prompted either to check the physical connec.
Internet and Broadband Sett ings 31 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Connection S tatus screen should show a valid IP addr ess and gat eway , and you are connected to the Internet.
Internet and Broadband Settings 32 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 13. 5. If your connection is PPTP or PPPoE, your ISP requires an initial login.
Internet and Broadband Sett ings 33 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. In the Interne t (IP) Address section of the screen (see the following figure), configure the IP address settings as explained in the following table. Click the Current IP Address link to see the currently assigned IP address.
Internet and Broadband Settings 34 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 7. In the Domain Name Server (DNS) Se rvers section of the screen (see the following figure), specify the DNS settings as explained in the following table. Figure 14.
Internet and Broadband Sett ings 35 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Te s t to evaluate your entries. The wireless VPN firewall attempts to make a connection according to the settings that you entered. 9. Click App ly to save your changes.
Internet and Broadband Settings 36 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N travel over the IPv4 intranet; you do this by enabling and configuring ISA T AP tunneling (see Configure ISA T AP Automatic T unnelling on p age 42 ). Note: A network can be both and isolat ed IPv6 network and a mixed network with IPv4 and IPv6 devices.
Internet and Broadband Sett ings 37 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 16. 2. Select the IPv4 / IPv6 mode radio button. By default, the IPv4 only mode radio button is selected, and IPv6 is disabled. W ARNING: Changing the IP routing mode causes the wireless VPN firewal l to reboot.
Internet and Broadband Settings 38 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o automatically configure the W AN port for an IPv6 connection to the Internet: 1. Select Network Configuration > W AN Settings > Broadband ISP Settings .
Internet and Broadband Sett ings 39 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 7. T o verify t he connection, click the Sta tu s option arrow in the upper right of the screen to display the Connection S t atus pop-up screen. (The following figure shows a dynamic IP address configuration.
Internet and Broadband Settings 40 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 19. 3. In the Internet Address section of the screen, from the IPv6 drop-down list, select Stat ic IPv6 . 4. In the S t atic IP Address section of the screen, enter the settings as explained in the f ollowing table.
Internet and Broadband Sett ings 41 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. T o verify t he connection, click the Sta tu s option arrow in the upper right of the screen to display the Connection S tatus pop-up screen.
Internet and Broadband Settings 42 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N With 6to4 tunnels, IPv6 p ackets are emb edded within the IPv4 p acket and then transported over the IPv4 network. Y ou do not need to specify remote tunnel end point s, which are automatically determined by relay routers on the Inte rnet.
Internet and Broadband Sett ings 43 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N enabling and configuring Intra-Site Automa tic T unnel Addressing Protocol (ISA T AP) tunneling. ISA T AP is a LAN tunnel mechanism in which the IPv4 network functions as a virtual IPv6 local link.
Internet and Broadband Settings 44 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Add table button under the List of Available ISA T AP Tunnels t able. The Add ISA T AP T unnel screen displays: Figure 23. 3. S pecify the tun nel settings as explained in the following table.
Internet and Broadband Sett ings 45 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the T unnel Status and IPv6 Addresses The IPv6 T unnel S t atus screen displays the st a t us o f all active 6 to4 and ISA T AP tunnels and their IPv6 addresses.
Internet and Broadband Settings 46 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: If your ISP assigns a private W AN IP address such a s 192.168.x.x or 10.x.x.x, the DDNS service does not work because private addresses are not routed on the Internet.
Internet and Broadband Sett ings 47 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Configure the DDNS service settings as explained in the following t able: 6.
Internet and Broadband Settings 48 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 27. 3. Enter the settings as explained in the following table: T able 9.
Internet and Broadband Sett ings 49 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your changes. Spe ed In most cases, the wireless VPN firewall can autom atically determine the conn ection spee d of the W AN port of the device (modem, dish, or router) that prov ides the W AN connection.
Internet and Broadband Settings 50 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional WA N-Related Configuration T asks • If you want the ability to manage the wireless VPN firewall re motely , enable remote management (see Configure Remote Management Access on p age 322 ).
51 3 3. L AN Co nfigu r a tio n This chapter describes how to configure the advanced LAN features of you r wireless VPN firewall. This chapter contains t he following sections: • Manage IPv4 Virtual.
LAN Configuration 52 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLANs have a number of advant ages: • It is easy to set up networ k segmenta tion. Users who communicate most f requently with each other can be grouped into common VLANs, regardless of physical location.
LAN Configuration 53 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N This is a typical scenario for a configuration with an IP phone that has two Ethernet ports, one of which is connected to the wireless VPN f irewall, the other one to another device: Packets coming from the IP phone to the wireless VPN firewall LAN port are tagged.
LAN Configuration 54 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For each VLAN profile, the following fields displa y in the VLAN Profiles table: • Check box . Allows you to select the VLAN profile in the table. • St atus icon . Indicates the status of the VLAN profile: - Green circle .
LAN Configuration 55 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • WINS server (if you entered a WINS server address in the DHCP Setup screen) • Lease time (the date obt ained and the duration of the lease) DHCP Re lay DHCP relay options allow you to make the wi reless VPN firewall a DHCP relay agent for a VLAN.
LAN Configuration 56 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure a VLAN P rofile For each VLAN on the wireless VPN firewall, y ou can configure it s profile, po rt membership, LAN TCP/IP settings, DHCP options, DNS se rver , and inter-VLAN routing capab ility .
LAN Configuration 57 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 30..
LAN Configuration 58 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in the following table: T able 10. Add VLAN Profile screen settings Setting Description VLAN Profile Profile Name Enter a unique name for the VLAN profile.
LAN Configuration 59 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable DHCP Server Select the Enable DHCP Server radio button to e na b l e t he w i rel e ss VPN fi re w all to function as a Dynamic Host Configur ation Protocol (DHCP) server , providing TCP/IP configuration for all computers c onnected to the VLAN.
LAN Configuration 60 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Note: Once you have completed the LAN setup, all outbound tra ffic is allowed and all inbound traf fic is discarded except responses to requests fro m the LAN side.
LAN Configuration 61 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit a VLAN profile: 1. On the LAN Setup screen for IPv4 (see Figure 29 on p age 56 ), click the Edit button in the Action column for the VLAN profile that you want to mod ify .
LAN Configuration 62 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 31. 3. From the MAC Address for VLANs drop-down list, select Unique . (The default is Same.) 4. As an option, you can disable the broadcast of ARP packet s for the default VLAN by clearing the Enable ARP Broadcast check box.
LAN Configuration 63 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Primary LAN IP address. 192.168.1.1 with subnet 255.25 5.255.0 • Secondary LAN IP address. 192.168.20.1 with subnet 255.255.255.0 T o add a secondary LAN IPv4 address: 1.
LAN Configuration 64 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. T o delete one or more secondary LAN IP addresses : 1.
LAN Configuration 65 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • There is no need to use a fixed IP a ddress on a computer . Because the IP address allocated by the DHCP serve r never changes , you do not need to assign a fixed IP address to a computer to en sure that it always has the same IP address.
LAN Configuration 66 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Known PCs and Devices t able list s the entries in the network dat abase. For each computer or device, the following fields display: • Check box . Allows you to select the computer or device in t he table.
LAN Configuration 67 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Ad d t able button to add the computer or device to the Known PCs and Devices tab le .
LAN Configuration 68 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 34. 2. Modify the settings as explained in T able 11 on page 66 . 3.
LAN Configuration 69 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Edit Group Names option arrow to the right of the LAN submenu tabs. The Network Database Group Names screen displays. (The following figure shows some examples.) Figure 35.
LAN Configuration 70 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The saved binding is also displa yed on the IP/MAC Binding screen (see Figure 97 on p age 181 ). Manage the IPv6 LAN An IPv6 LAN typically functions with site-local and link-local unicast addresses.
LAN Configuration 71 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Stateless DHCPv6 Server With Prefix Delegatio n As an option for a stateless DHCPv6 server , you can enable prefix delegation.
LAN Configuration 72 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv6 LAN T o configure the IPv6 LAN settings: 1. Select Netwo rk Configuration > LAN Setup . 2. In the upper right of the screen, select the IPv6 radio button.
LAN Configuration 73 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in the following table. The IPv6 address pools and prefixes for prefix delegation are explained in the sections following the table. T a ble 12.
LAN Configuration 74 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your changes. IPv6 LAN A ddress P ools If you configure a st ateful DHCPv6 server for the LAN, you need to add local DHCP IPv6 address pools so the DHCPv6 server can control the allocation of IPv6 ad dresses in the LAN.
LAN Configuration 75 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 37. 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f I Pv 6 Address Pools table on the LAN Setup screen for IPv6.
LAN Configuration 76 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN Prefixes fo r P refix Delegation If you configure a st ateless DHCPv6 server for the LAN and select the Prefix Dele.
LAN Configuration 77 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv6 R outer Advertisement Daemon and Advertisement P refixes for the LAN Note: If you do not configure stateful DHCPv6 for the LAN but use stateless DHCPv6, you ne ed to configure the Router Advertisement Deamon (RADVD) and advertise ment prefixes.
LAN Configuration 78 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the upper right of the screen, select the IPv6 radio button. The LAN Setup screen displays the IPv6 settings (see Figure 36 on p age 72 .) 3. T o the right of the LAN Setu p t ab, click the RADVD option arrow .
LAN Configuration 79 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. Advert isement P refixes for the LAN Y ou need to configure the prefixes that are adver tised in the LAN RAs. For a 6to4 address, you need to specify only the site level a ggregation identifier (SLA ID) and th e prefix lifetime.
LAN Configuration 80 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 40. 2. Enter the settings as explained in the following table: 3. Click Apply to save your changes and add the new IPv6 address pool to the Li st o f Pr ef ix es to Advertise table on the RADVD screen fo r the LAN.
LAN Configuration 81 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more advertisement prefixes: 1. On the RA DV D screen for the LAN (see Figure 39 on p age 78 ), select.
LAN Configuration 82 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Add Secondary LAN IP Address section of the screen, enter the following settings: • IPv6 Address . Enter the se condary address that you want to assign to the LAN port s.
LAN Configuration 83 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Using a DMZ port is also helpf ul with onli ne games and videoco nferencing applications that are incompatible with NA T .
LAN Configuration 84 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 42. 2. Enter the settings as explained in the following table: T able 17. DMZ Setup screen settings for IPv4 Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s .
LAN Configuration 85 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Do you want to enable DMZ Port? (continued) Subnet Mask Enter the IP subnet mask of the DMZ port. The subnet mask specifies the network n umber portion of an IP address. The subnet mask for the DMZ port is 255.
LAN Configuration 86 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. DMZ P ort for IPv6 T raffic The DMZ Setup (IPv6) screen let s you se t up the DMZ port for IPv6 traf fic.
LAN Configuration 87 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For the DMZ, there are two DHCPv6 server options: • St ateless DHCPv6 server .
LAN Configuration 88 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in the following table: T able 18. DMZ Setup screen settings for IPv6 Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s .
LAN Configuration 89 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. IPv6 DMZ A ddress P ools If you configure a stateful DHCPv6 server fo r the DMZ, you need to add local DHCP IPv6 address pools so the DHCPv6 server can contro l the a llocation of IPv6 addresses in the DMZ.
LAN Configuration 90 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the settings as explained in the following table: 3. Click Apply to save your changes and add the new IPv6 address pool to the Li s t of I Pv 6 Address Pools table on the DMZ Setup (IPv6) screen.
LAN Configuration 91 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Hosts and routers in the LAN use NDP to determine the link-layer ad dresses and related information of neighbors in the LAN t hat can forward packe ts on their be half.
LAN Configuration 92 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 45. 4. Enter the settings as explained in the following table: T able 21. RADVD scree n settings for the DMZ Setting Description RADVD S t atus S pecify the RADVD status by ma king a selection from the drop-down list: • Enable .
LAN Configuration 93 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. Ad vertisement P refixes for the DMZ Y ou need to configure the prefixes that are adver tised in the DMZ RAs. For a 6to4 address, you need to specify only the site level a ggregation identifier (SLA ID) and th e prefix lifetime.
LAN Configuration 94 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 46. 2. Enter the settings as explained in the following table: 3. Click Apply to save your changes and add the new IPv6 address pool to the Li st o f Pr ef ix es to Advertise table on the RADVD screen fo r the DMZ.
LAN Configuration 95 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more advertisement prefixes: 1. On the RADVD screen for the DMZ screen (see Figure 45 on page 92 ), se.
LAN Configuration 96 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 48. 3. Enter the settings as explained in the following table: 4. Click Apply to save your settings. The new static route is added to the S tatic Routes t able. T able 23.
LAN Configuration 97 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit an IPv4 st atic route: 1. On the S t atic Routing screen for IPv4 (see Figure 47 on p age 95 ), click the Edit button in the Action column for the route that you want to modify .
LAN Configuration 98 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 49. 3. Enter the settings as explained in the following table: T able 24.
LAN Configuration 99 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. RIP V ersion By default, the RIP version is set to Disabled. From th e RIP V ersion drop-down list, select the version: • RIP-1 . Classful routing that does not include subnet information.
LAN Configuration 100 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Static R oute Example In this example, we assume the fo llowing: • The wireless VPN fire wall’ s primary Int ernet a ccess is through a cable modem to an ISP . • The wireless VPN fire wall is on a local LAN with IP address 192.
LAN Configuration 101 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 50. 3. Click the Ad d t able button under the S tatic Routes table. The Add IPv6 S tatic Routing screen displays: Figure 51. 4. Enter the setting s as explained in the following table: T abl e 25.
LAN Configuration 102 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The new static route is added to the List of IPv6 S t atic Routes table.
103 4 4. Wir el ess Co nfigu r a tio n an d S ecu r i t y This chapter describes how to configure the wirele ss features of your ProSafe Wirele ss-N 8-Port Gigabit VPN Firewall FVS3 18N.
Wireless Configuration and Security 104 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N (NIC) through an antenna. T ypically , an individual in-building wireless access point provides a maximum connectivity area of about a 300-foot radius. The wireless VPN firewall can support a small group of wireless users—typically 10 to 32 users.
Wireless Configuration and Security 105 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the Basic R adio Settings The radio settings apply to all wireless prof iles on th e wireless VPN firewall. The default wireless mode is 802.1 1ng.
Wireless Configuration and Security 106 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Mode S pecify the wireless mode in the 2.4-GHz band by making a selection from the drop-down list: • g an d b . In a ddition to 802.1 1b- and 802.1 1 g-compliant devices, 802.
Wireless Configuration and Security 107 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: When you have changed the count ry settings, the wireless VPN firewall will reboot when you c lick Apply .
Wireless Configuration and Security 108 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security features that are covered in de tail in this chapter . Deploy the security features appropriate to your needs. Figure 53. There are several ways you can enha nce the security of your wireless network: • Restrict ac cess based by MAC address .
Wireless Configuration and Security 109 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N provides the most reliable secu rity . Use WP A2 only if all clients in your network support WP A2. The wireless VPN firewall supports WP A2 with PSK, RADIUS, or a combination of PSK and RADIUS.
Wireless Configuration and Security 11 0 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o set up a wireless profile, specify a name for the profile and the SSID, type of security with authentication and dat a encryption, and whether or not the SSID is broad cast.
Wireless Configuration and Security 111 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N ______________________ __________________________ _________________________ S tore this information in a safe place: • SSID The service set identifier (SSID) identifies t he wireless local area network.
Wireless Configuration and Security 11 2 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure and Enable Wireless P rofiles T o add a wireless profile: 1. Select Network Con figuration > Wireless Settings > W ireless Profiles . The Wireless Profiles screen displays.
Wireless Configuration and Security 11 3 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 55. 3. S pecify the settings as explained in the following table: T able 28. Add Wireless Profiles screen settings Setting Description Wireless Profile Configuration Profile Name The name for the default wireless profil e is default1.
Wireless Configuration and Security 11 4 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SSID The wireless network name (SSID) for t he wirel ess profi le. The default SSID name is FVS318N_1. Y ou can ch ange this name by entering up to 32 alphanumeric characters.
Wireless Configuration and Security 11 5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Encryp tion Note: WPA, WPA2, and WPA+WPA2 only. The encryption that you can select depends on the type of WP A security that you have selected: • WP A . Y ou can select the following encryption fro m the drop-down list: - TKIP - TKIP+CCMP • WP A2 .
Wireless Configuration and Security 11 6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your setting s. The new profile is adde d to the List of Available Wireless Profiles table on the Wireless Profiles screen.
Wireless Configuration and Security 11 7 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit a wireless profile: 1. On the Wireless Profiles screen (see Figure 54 on page 11 2 ), click the Edit button in the Action column for the wireless profile that you want to modify .
Wireless Configuration and Security 11 8 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: For wireless adapters, you can u sually find the MAC address printed on the wireless adapter . T o allow or restrict access based on MAC addresses: 1.
Wireless Configuration and Security 11 9 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: When configuring the wireless VPN fire wall from a wireless computer whose MAC address is not in the access control list and when the ACL policy st atus is set to deny access, you will lose your wireless connection when you clic k Apply .
Wireless Configuration and Security 120 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following t able explains the fields of the A c ce ss P o i nt S t at u s screen. T o change the poll interval period, ent er a new va lu e in the Poll Interval field, and then click Set interval .
Wireless Configuration and Security 121 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: For a list of other Wi-Fi-certified product s available from NETGEAR, go to http://www .wi-fi.org . T o enable WPS and initiate the WPS process on the wireless VPN firewa ll: 1.
Wireless Configuration and Security 122 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. In the WPS Setup Method section of the screen, use one of the following methods to initiat e the WPS process for a wireless device: • PIN meth od: a. Colle ct the pin of the wireless device.
Wireless Configuration and Security 123 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. S pecify the settings as explained in the following table: 4.
Wireless Configuration and Security 124 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est Basic Wireless Connectivity After you have configured the wireless VPN fi rewall as explained in the previous sections, test your wirele ss client s for wireless connectivi ty before you pla ce the wireless VPN firewall at its permanent position.
125 5 5. F i rewa l l P ro te c t io n This chapter describes how to use the fire wall feat ures of the wireless VPN firewall to prot ect your network.
Firewall Protection 126 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N the incoming packet is in response to an outgo i ng request, but true st ateful p acket inspection goes far beyond NA T .
Firewall Protection 127 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N A firewall has two default rules, one for inbo und traffic and one for outbound. The default rules of the wireless VPN firewall are: • Inbound . Block all access from out side except re sponses to requests from the LA N side.
Firewall Protection 128 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following t able describes the fi elds that define the rules for outbound traf fic and that are common to most Outbound Service screens (see Fig ure 63 on page 1 38, Figure 69 on page 145, and Figure 75 on p age 152).
Firewall Protection 129 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W AN Users The settings that determine which Internet locations are covered by the rule, based on thei r IP address. The options are: • Any . All Internet IP address ar e covered by this rule.
Firewall Protection 130 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Inbound R ules (P ort Forwarding) If you have enabled Network Address T ranslation (NA T), your network presents one IP address only to the Internet, and out side users cannot directly access an y of your local computers (LAN users).
Firewall Protection 131 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Groups screen to keep the computer ’ s IP address constan t (see Set Up DHCP Address Reservation on p age 69 ). • L ocal computers need to access the local server using the computers’ local LAN address.
Firewall Protection 132 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T able 33. Inbound rules overview Setting Description Inbound Rules Service The service or application to be covered by this rule.
Firewall Protection 133 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Users These settings apply to a LAN WAN inbound rule when the WAN mode is classical routing, and determine which compu ters on your network are affected by this rule. The options are: • Any .
Firewall Protection 134 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Some residential broadband ISP account s do not allow you to run any server processes (such as a web or FTP server) from your location.
Firewall Protection 135 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure LAN W AN R ules The default outbound policy is to allow all traf fic to the Internet to p ass through. Firewa ll rules can then be applied to block spec ific types o f traf fic from going out from the LAN to the Internet (outbound).
Firewall Protection 136 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Edit . Allows you to make any changes to the definition of a n existing rule.
Firewall Protection 137 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o enable, disable, or delete one or more IPv4 or IPv6 rules : 1. select the check box to the left of each rule that you want to enable, disable, or delete, or click the Select All table butto n to select all rules.
Firewall Protection 138 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 63. 3. Enter the settings as explained in T able 32 on page 128 .
Firewall Protection 139 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN W AN Outbound R ules T o create a new IPv6 LAN W A N outbound rule: 1. In the upper right of the LAN WA N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 62 on p age 136 ).
Firewall Protection 140 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N blocked. Remember that allowing in bound services opens potential secu rity holes in your firewall.
Firewall Protection 141 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in T able 33 on page 132 . In addition to selections from the Service, Action, and Lo.
Firewall Protection 142 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in T able 33 on page 132 . In addition to selections f rom the Service, Action, and Lo.
Firewall Protection 143 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 67. T o make changes to an existing outbound or inbound service rule, in the Action column to the right of to the rule, click one of the fo llowing table butto ns: • Up .
Firewall Protection 144 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 68. T o make changes to an existing outbound or inbound service rule, in the Action column to the right of to the rule, click one of the following table buttons: • Up .
Firewall Protection 145 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create DMZ W AN Outbound Service R ules Y ou can change the default outbound policy or define rules that specify e xceptions to the default outbound policy .
Firewall Protection 146 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Un le ss y ou r se le ct io n fr om t he Actio n drop-down list is BLOCK always, you also need to ma k e s e l e c t i o .
Firewall Protection 147 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Un le ss y ou r se le ct io n fr om t he Action drop-do wn list is BLOCK always, you also need t o m ak e se lec tio ns f r o m the following drop-down list s: • Select Schedule • QoS Priority 4.
Firewall Protection 148 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 71. 3. Enter the settings as explained in T able 33 on page 132 .
Firewall Protection 149 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 DMZ WAN Inbound Service R ules T o create a new IPv6 DMZ W AN inbound rule: 1. In the upper right of the DMZ W AN Rules screen, select the IPv 6 radio button. The screen displays the IPv6 settings (see Figure 68 on p age 144 ).
Firewall Protection 150 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure LAN DMZ R ules The LAN DMZ Rules screen allows you to create rules that d efine the movement of traf fic between the LAN and the DMZ. The defau lt outbound and inbound policies are to block all traffic between the local LAN and DMZ network.
Firewall Protection 151 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o access the LAN DMZ Rules screen for IPv6 or to ma ke changes to existing IPv6 rules: 1. Select Security > Firewall > LAN DMZ Rules . The Firewall submenu tabs display with the LAN DMZ Rules screen for IPv4 in view .
Firewall Protection 152 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create LAN DMZ Outbound Service R ules Y ou can change the default outbound policy or define rules that specify exceptions to the default outbound policy .
Firewall Protection 153 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN DMZ Outbound Service R ules T o create a new IPv6 LAN DMZ outbound rule: 1. In the upper right of the LAN DMZ Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 74 on p age 151 ).
Firewall Protection 154 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN DMZ Inbound Service Rules T o create a new IPv4 LAN DMZ inbound rule: 1. In the upper right of the LAN DMZ Rules screen, select the IPv4 radio button. The screen displays the IPv4 settings (see Figure 73 on page 150 ).
Firewall Protection 155 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Ad d t able button under the Inbound Services table. The Add LAN DMZ Inbound Service screen for IPv6 displays: Figure 78. 3. Enter the setting s as explained in T able 33 on page 132 .
Firewall Protection 156 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 79. IPv4 LAN W AN Inbound R u le: Allow a Videoconfere nce from R estricted Addresses If you want to allow incomin.
Firewall Protection 157 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 80. IPv4 LAN W AN or IPv4 DMZ W AN Inbound R ule: Set Up One -to - One NA T Mapping In this example, multi-NA T is configured to support multiple public IP addresses on one W AN interface.
Firewall Protection 158 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: If you arrange with your ISP to have more than one pub lic IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ.
Firewall Protection 159 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. In the Send to LAN Server field, enter the local IP address of your web server computer (192.168.1.2 in this example ). 7. In the W AN Destination IP Address fields, enter 10.
Firewall Protection 160 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: For security , NETGEAR strongly recommends that you avoid creating an exposed host. When a compu ter is designated as the exposed host, it loses much of the prote ction of the firewall and is exposed to many exploit s from the Internet.
Firewall Protection 161 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can also enable the wireless VPN firewall to log any attempt to use Inst ant Messenger during the blocked period.
Firewall Protection 162 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 85. Configure Other Firewall Features Y ou can configure attack checks, set session limit s, and manage t he application level gateway (ALG) for SIP sessions.
Firewall Protection 163 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 A ttack Checks T o enable IPv4 att ack checks for your network environment: 1. Select Se curity > Firewa ll > Att ack Checks . In the upper rig ht of the screen, the IPv4 radio button is selected by default.
Firewall Protection 164 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Security Checks Block UDP flood Select the Block UDP flood check box (which is the default settin g) to prevent the wireless VPN firewall from accepting more than 20 simultaneous, active User Datagram Protocol (UDP) connection s from a single device on the LAN.
Firewall Protection 165 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. IPv6 A ttack Checks T o enable IPv6 att ack checks for your network environment: 1. Select Se curity > Firewall > Att ack Checks .
Firewall Protection 166 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Set Limits for IPv4 Sessions The session limits featu re allows y ou to specify the total nu mber of sessions that ar e allowed, per user , over an IPv4 connection across the wi reless VPN firewall.
Firewall Protection 167 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Manage the Application Level Gateway for SIP Sessions The application level gateway.
Firewall Protection 168 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Services, Bandwidth P rof iles, and QoS P rofiles When you create inbound a nd outbound firewall rules, you use firewall object s such as services, QoS profiles, bandwid th profiles, an d schedules to narrow down the firewall rules: • Services .
Firewall Protection 169 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o add a customized service: 1. Select Security > Services . The Services screen displays. The Custom Services table shows the user-defined services. (The fo llowing figure shows some examples.
Firewall Protection 170 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click App ly to save your settings. The new custom service is added to the Custom Services table. T o edit a service: 1. In the Custom Services table, click the Edit table butto n to the right of the service that you want to edit.
Firewall Protection 171 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create Bandwidth P rofiles Bandwid th profiles determine the wa y in whic h dat a is communicated with the host s.
Firewall Protection 172 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays: Figure 93. 3. Enter the settings as explained in the following table: T able 37.
Firewall Protection 173 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The new bandwidth profile is added to the List of Bandwidth Profiles t able.
Firewall Protection 174 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N These are the default QoS profile s that are preconfigured and t hat cannot be edited: • Normal-Service . Used when no special priority is gi ven to the traffic. IP p ackets are marked with a T oS value of 0.
Firewall Protection 175 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - ActiveX . Similar to Java applet s, ActiveX controls are inst alled on a Windows computer running Internet Explorer . A ma licious ActiveX control can be used to compromise or infect computers.
Firewall Protection 176 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 94. 2. In the Content Filtering section of the screen, select the Ye s radio button.
Firewall Protection 177 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Web Components section of the screen, select the components that you want to block (by default, none of these components are blocked, that is, none of these check boxes are selected): • Proxy .
Firewall Protection 178 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Set a Schedule to Block or Allow Specific T raffic Schedules define the time frames under which firewall rule s can be applied. Three schedules, Schedule 1, Schedule 2, and Schedule 3, can be defined, and you can select any one of these when defining firewall rules.
Firewall Protection 179 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable Source MA C Filtering The Source MAC Filter screen enables you to pe rmit or block traf fic coming from certain known computers or devices. By default, the source MAC address filte r is dis abled.
Firewall Protection 180 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The MAC Address field in the Add Source MAC Address section of the screen now becomes available. 5. Build your list of source MAC addresses to be permitted or blocked by entering the first MAC address in the MAC Address field.
Firewall Protection 181 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Host 3. MAC address (00:01:02:03:04:07) and IP add ress (192.168.10.12) There are three possible scenarios in relation to the ad dresses in the IP/MAC Bindings t able: • Host 1 h as not changed it s IP and MAC addresses.
Firewall Protection 182 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Email IP/MAC Violations section of the screen, specify if you want to enable email logs for IP/MAC binding violations. (Y ou have to do this only once.) Select one of the following radio buttons: • Ye s .
Firewall Protection 183 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 98. 2. Click the St op button. W ait unt il the Poll Interval field becomes available. 3. Ente r new poll inte rval in seconds. 4. Click the Set I nterval button. Wait for the confirmation that the operation has succeeded before you close the window .
Firewall Protection 184 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Email IP/MAC Violations section of the screen, specify if you want to enable email logs for IP/MAC binding violations. (Y ou have to do this only once.) Select one of the following radio buttons: • Ye s .
Firewall Protection 185 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 100. 2. Click the St op button. W ait unt il the Poll Interval field becomes available. 3. Ente r new poll inte rval in seconds. 4. Click the Set I nterval button. Wait for the confirmation that the operation has succeeded before you close the window .
Firewall Protection 186 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note these restrictions on port tr iggering: • Only one computer can use a por t-triggering application at any time.
Firewall Protection 187 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click the Add table button. The new port-triggering rule is add ed to the Port T riggerin g Rules tab le .
Firewall Protection 188 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o configure UPnP: 1. Select Security > UPnP . The UPnP screen displays: Figure 10 3.
189 6 6. Vi r t u a l P r iva t e N e t work i ng Us in g IP Sec an d L2TP C onn ecti ons This chapter describes how to use the IP se cu rity (IPSec) virtual private networking (VPN) features of the wireless VPN firewall to provide se cure, encrypted communications between your local network and a remote network o r computer .
Virtual Private Networking Usin g IPSec and L2TP Connections 190 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configuring a VPN tunnel connection re quires that you specify all se ttings on both sides of the VPN tunnel to match or mirror each other precisely , which can be a daunting task.
Virtual Private Networking Us ing IPSec and L2TP Connections 191 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 105. T o view the wizard default settings, click the VPN Wizard default values option arrow in the upper right of the screen.
Virtual Private Networking Usin g IPSec and L2TP Connections 192 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10 6. 2. Complete the settings as explained in the following table: T able 41.
Virtual Private Networking Us ing IPSec and L2TP Connections 193 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: T o ensure that tunnels stay active, after completing th e wizard, manually.
Virtual Private Networking Usin g IPSec and L2TP Connections 194 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10 8. b. Locate the policy in the table, and click the Connect t able button.
Virtual Private Networking Us ing IPSec and L2TP Connections 195 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 10. T o view the wizard default settings, click the VPN Wizard default values option arrow in the upper right of the screen.
Virtual Private Networking Usin g IPSec and L2TP Connections 196 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 1 1. 3. Complete the settings as explained in the following table: T able 42.
Virtual Private Networking Us ing IPSec and L2TP Connections 197 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: T o ensure that tunnels stay active, after completing th e wizard, manually.
Virtual Private Networking Usin g IPSec and L2TP Connections 198 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 13. b. Locate the policy in the table, and click the Connect t able button.
Virtual Private Networking Us ing IPSec and L2TP Connections 199 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Use the VPN Wizard to Configure the Gateway for a Client T unnel T o set up a client-to-gateway VPN tunnel using the VPN Wizard: 1.
Virtual Private Networking Usin g IPSec and L2TP Connections 200 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Complete the settings as explained in the following table: 3. Click Apply to save your settings. The IPSec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen for IPv4.
Virtual Private Networking Us ing IPSec and L2TP Connections 201 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 16. Note: When you are using FQDNs, if the Dy namic DNS service is slow to update its servers when your DHCP W AN address changes, the VPN tunnel will fail because th e FQDNs do not resolve to your new address.
Virtual Private Networking Usin g IPSec and L2TP Connections 202 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Perform these t asks from a computer that has the NETGEAR ProSafe VPN Client installed. The VPN Client support s IPv4 only; an upcoming release of the VPN Client will support IPv6.
Virtual Private Networking Us ing IPSec and L2TP Connections 203 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 18. 3. Select the A router or a VPN ga teway radio button, and click Next . The VPN tunnel paramete rs wizard screen (screen 2 of 3) displays: Figure 1 19.
Virtual Private Networking Usin g IPSec and L2TP Connections 204 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Next . The Configuration Summary wizard screen (screen 3 of 3) displays : Figure 12 0. 6. This screen is a summary screen of the new VPN conf iguration.
Virtual Private Networking Us ing IPSec and L2TP Connections 205 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N c. S pecify the settings that are exp lained in the following table. 8. Conf igure the global p arameters: a. Click Gl obal Parameters in the lef t column of the Conf iguration Panel screen.
Virtual Private Networking Usin g IPSec and L2TP Connections 206 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 12 2. b. S pecify the default lifetimes in seconds: • Authentica tion (IKE) , Default . The default lifetime va lue is 3600 seconds.
Virtual Private Networking Us ing IPSec and L2TP Connections 207 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the Authentication Settings (Pha se 1 Settings) T o create new authentication settings: 1. Right-click the VPN client icon in yo ur Windows system tray , and select Configuration Panel .
Virtual Private Networking Usin g IPSec and L2TP Connections 208 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: This is the name for the authentication ph ase that is used only for the VPN client, not during IKE negotiation. You can view and change this name in the tree list pane.
Virtual Private Networking Us ing IPSec and L2TP Connections 209 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to use the new settings immediately , and click Sa ve to keep the settings for future use. 6. Click the Advan ced tab in the Authentication pane.
Virtual Private Networking Usin g IPSec and L2TP Connections 210 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Apply to use the new settin gs immediately , and click Save to keep th e settings for future use.
Virtual Private Networking Us ing IPSec and L2TP Connections 21 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 127. 3. S pecify the settings that are explained in the following table. T abl e 48. VPN client IP Sec configuration settings Setting Description VPN Client addre ss Either enter 0 .
Virtual Private Networking Usin g IPSec and L2TP Connections 212 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to use the new settin gs immediately , and click Save to keep th e settings for future use. Configure the Global Parameters T o specify the global p arameters: 1.
Virtual Private Networking Us ing IPSec and L2TP Connections 213 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est the Connection and View Connection and Status Information Both the NETGEAR ProSafe VPN Client and th e wireless VPN firewall provide VPN connection and st atus information.
Virtual Private Networking Usin g IPSec and L2TP Connections 214 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Use the system-tray icon . Right-click th e system tray icon, and select Ope n tunnel ‘T unnel’ .
Virtual Private Networking Us ing IPSec and L2TP Connections 215 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N NETGEAR VPN Client Status and Log Information T o view det ailed negotiation and error inform ation on the NETGEAR VPN client: Right-click the VPN client icon in the system tray , and select Console .
Virtual Private Networking Usin g IPSec and L2TP Connections 216 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Active IPSec SA(s) table list s each active connection with the information that is described in the following t able. The default pol l in terval is 10 seconds.
Virtual Private Networking Us ing IPSec and L2TP Connections 217 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Manage IPSec VPN P o licies After you have used th e VPN Wiza rd to se t up a VPN tu nnel, a VPN policy and an IKE policy are stored in sep arate policy t ables.
Virtual Private Networking Usin g IPSec and L2TP Connections 218 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IKE P o licies Screen T o access the IKE Policies screen: Select VPN > IPSec VPN . The I PSec VPN submenu t abs display with the IKE Policies screen in view .
Virtual Private Networking Us ing IPSec and L2TP Connections 219 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more IKE polices: 1. Select the check box to the lef t of each pol icy that yo u want to delete, or click the Select All table button to se lect all IKE policies.
Virtual Private Networking Usin g IPSec and L2TP Connections 220 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 13 8..
Virtual Private Networking Us ing IPSec and L2TP Connections 221 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T abl e 51.
Virtual Private Networking Usin g IPSec and L2TP Connections 222 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Local Identifie r From the drop-down list, select one of t he following ISAKMP identifiers to be used by the wireless VPN firewall, and then specif y the identifier in the Identifier field: • Lo cal Wan IP .
Virtual Private Networking Us ing IPSec and L2TP Connections 223 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication Metho d Select one of the following rad io buttons to specify the aut hentication method: • Pre-sh ared key . A secret that is shared betw een the wirel ess VPN firewall and the remote endpoint.
Virtual Private Networking Usin g IPSec and L2TP Connections 224 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table. T o edit an IKE policy: 1. Select VPN > IPSec VPN .
Virtual Private Networking Us ing IPSec and L2TP Connections 225 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Manage VPN P olicies Y ou can create two types of VPN policies.
Virtual Private Networking Usin g IPSec and L2TP Connections 226 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 13 9. Each policy contains t he data that are e xplained in the following t able. These fields are explained in more det ail in Ta b l e 53 on p age 230 .
Virtual Private Networking Us ing IPSec and L2TP Connections 227 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o enable or disable one or more VPN policies: 1. Select the check box to the left of each policy that you want to enable or disable, or click the Select All table button to sel ect all VPN Policies.
Virtual Private Networking Usin g IPSec and L2TP Connections 228 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 140. Add New VPN Policy s creen for IPv4.
Virtual Private Networking Us ing IPSec and L2TP Connections 229 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 141. Add New VPN Policy screen for IPv6.
Virtual Private Networking Usin g IPSec and L2TP Connections 230 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table. The only differences between IPv4 and IPv6 settings are the subnet mask (IPv4) and prefix length (IPv6).
Virtual Private Networking Us ing IPSec and L2TP Connections 231 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T raffic Selection Local IP From the drop-down list, select the addr ess or addresses that are part of the VPN tunnel on the wi reless VPN firewall: • Any .
Virtual Private Networking Usin g IPSec and L2TP Connections 232 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Key-Out The encryption key for the outbo und polic y . The length of the key depends on the selected encryption a lgorithm: • 3D ES .
Virtual Private Networking Us ing IPSec and L2TP Connections 233 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table. T o edit a VPN policy: 1. Select VPN > IPSec VPN > VPN Policies .
Virtual Private Networking Usin g IPSec and L2TP Connections 234 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can enable XAUTH when you manually add or edit an IKE policy . T wo types of XAUTH are available: • Edge Devic e . The wireless VPN firewall is used as a VPN concentrator on which one or more gateway tunnels terminate.
Virtual Private Networking Us ing IPSec and L2TP Connections 235 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. User Database Configuration When XAUTH is enabled in an Edge Device c onfiguration, users need to be authenticat ed either by a local user database account or by an external RADIUS server .
Virtual Private Networking Usin g IPSec and L2TP Connections 236 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N first against a local user dat abase (if RADIUS-P AP is enabled) and then by relaying the information to a central authen tication server such as a RADIUS server .
Virtual Private Networking Us ing IPSec and L2TP Connections 237 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: Y ou can select the RADIUS authentication protocol (P AP or CHAP) on the Edit IKE Policy scr een or Add IKE Policy screen (see Configure XAUTH for VPN Clients on p age 234 ).
Virtual Private Networking Usin g IPSec and L2TP Connections 238 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can use the Mode Config feature in combi nation with an IPv6 IKE policy to assign IPv4 addresses to client s, but you cannot assign IPv6 addresses to clients.
Virtual Private Networking Us ing IPSec and L2TP Connections 239 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N As an example, the screen shows two Mode Config record s with the name s EMEA Sales and NA Sales: • F or EMEA Sales, a first pool (172.
Virtual Private Networking Usin g IPSec and L2TP Connections 240 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Complete the settings as explained in the following table: T able 56.
Virtual Private Networking Us ing IPSec and L2TP Connections 241 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Appl y to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedu re by configuring an IKE policy .
Virtual Private Networking Usin g IPSec and L2TP Connections 242 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 14 5. 8. On the Add IKE Policy screen, complete the settings as explained in the following table.
Virtual Private Networking Us ing IPSec and L2TP Connections 243 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The IKE policy settings that are explained i n t h e fo l l ow ing t abl e are specifically for a Mode Config configuratio n.
Virtual Private Networking Usin g IPSec and L2TP Connections 244 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IKE SA Parameters Note: Generally, the default settings wo rk we l l for a Mode Config configuration. Encryption Algorithm T o negotiate the security association ( SA), from the drop-down list, select the 3DES algorithm.
Virtual Private Networking Us ing IPSec and L2TP Connections 245 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 9. Click Apply to save your settings.
Virtual Private Networking Usin g IPSec and L2TP Connections 246 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Perform these t asks from a computer that has the NETGEAR ProSafe VPN Client inst alled.
Virtual Private Networking Us ing IPSec and L2TP Connections 247 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Change the name of the aut hentication phase (the default is Gateway): a. R i gh t- cl ic k t he authentication phase na m e . b.
Virtual Private Networking Usin g IPSec and L2TP Connections 248 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to use the new settin gs immediately , and click Save to keep th e settings for future use. 6. Click the Advanced t ab in the Authentication pane.
Virtual Private Networking Us ing IPSec and L2TP Connections 249 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Apply to use the new settings immediately , and click Sa ve to keep the settings for future use.
Virtual Private Networking Usin g IPSec and L2TP Connections 250 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 15 0. 3. S pecify the settings that are explained in the following t able.
Virtual Private Networking Us ing IPSec and L2TP Connections 251 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to use the new settings immediately , and click Sa ve to keep the settings for future use. Configure the Mode Config Global Parameters T o specify the global p arameters: 1.
Virtual Private Networking Usin g IPSec and L2TP Connections 252 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Select the Dead Peer Detection (DPD) check box, and configure the following DPD set tings to match the configuration on the wireless VPN firewall: • Check In terval .
Virtual Private Networking Us ing IPSec and L2TP Connections 253 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 154. 3. From the client computer , ping a computer on the wireless VPN firewall LAN. Modify or Delete a Mode Config R ecord Note: Before you modify or delete a Mode Config record, make sure it is not used in an IKE policy .
Virtual Private Networking Usin g IPSec and L2TP Connections 254 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure K eep-Alives The keep-alive feature maint ains the IPSec SA by sending periodic ping request s to a host across the tunnel and monitoring the replies.
Virtual Private Networking Us ing IPSec and L2TP Connections 255 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Enter the setting s as explained in the following table: 5.
Virtual Private Networking Usin g IPSec and L2TP Connections 256 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 15 6. 4. In the IKE SA Pa rameters section of the screen, locate the DPD fields, an d complete the settings as explained the following table: 5.
Virtual Private Networking Us ing IPSec and L2TP Connections 257 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o enable NetBIOS bridging on a configured VPN tunnel: 1. Select VPN > IPSec VPN > VPN Policies . The VPN Policies screen displays (see Figure 139 on p age 226 ).
Virtual Private Networking Usin g IPSec and L2TP Connections 258 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N is established, the L2TP u ser can connect to an L2TP client that is located be hind the wireless VPN firewall. Note: IPSec VPN provides stronger authentication and encryption than L2TP .
Virtual Private Networking Us ing IPSec and L2TP Connections 259 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Active L2TP Users T o view the active L2TP tunnel users, select VPN > Conne ction St atus > L2TP Active Users . The L2TP Active Users screen displays: Figure 159.
260 7 7. Vi r t u a l P r iva t e N e t work i ng Us in g SS L Con ne ct i on s The wireless VPN firewall provides a hardware-b ased SSL VPN solution designed specif ically to provide remote access for mobile users to thei r corporate re sources, byp assing the need for a preinstalled VPN client o n their computers.
Virtual Private Networking Using SSL Connections 261 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N computer . The wireless VPN firewall assigns the computer an IP address and DNS server IP ad.
Virtual P rivate Networking Using SSL Connections 262 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. For port forwarding, define the servers and services (see Configu re Applications for Port Forwarding on p age 267 ). Create a list of servers and services that can be made available th rough user , group, or glo bal policies.
Virtual Private Networking Using SSL Connections 263 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can define individual layouts for the SSL VPN port al. The layout con figuration includes the menu layout, theme, port al pages to displa y , and web cache control options.
Virtual P rivate Networking Using SSL Connections 264 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The List of Layout s table disp lays the fo llowing fields: • Layout Name . The descrip tive name of the portal. • Description . The ba nner message that is displayed at the top of the portal (see Figure 171 on p age 283 ).
Virtual Private Networking Using SSL Connections 265 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T a bl e 65 . Add Port al Layout screen settings Setting Description Port al Layout and Theme Name Portal Layout Name A descriptive name fo r the portal layout.
Virtual P rivate Networking Using SSL Connections 266 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The new port al layout is added to the List of Layouts table. For information about how to display the new portal layout, see Access the New SSL Portal Login Screen on p age 282 .
Virtual Private Networking Using SSL Connections 267 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N access policies. When you create a group, you need to specify a domain. Therefore, you should create any domains first, then group s, and then use r accounts.
Virtual P rivate Networking Using SSL Connections 268 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • TCP Port . The TCP port number of the app lication that is accessed through the SSL VPN tunnel. The follo wing tab le lists some co mmonly used TCP applica tions and port numbers.
Virtual Private Networking Using SSL Connections 269 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Add New Host Name for Port Forward ing section of th e screen, specify information in the following fields: • L ocal Server IP Ad dress .
Virtual P rivate Networking Using SSL Connections 270 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N route to ensure that a VPN tunnel client con nects to the local ne twork over the VPN tunnel. Configure the Client IP Address Range First determine the address range to be assigned to VPN tunnel clients, and then define the address range.
Virtual Private Networking Using SSL Connections 271 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 165. SSL VPN Client screen for IPv6 3.
Virtual P rivate Networking Using SSL Connections 272 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. VPN tunnel clients are now able to connect to the wireless VPN firewall and receive a virtual IP address in the client address range.
Virtual Private Networking Using SSL Connections 273 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Add Routes for VPN T unnel Clients section of the screen, specify information in the following fields: • Des tination Network . The destination network I Pv4 or IPv6 address of a local network or subnet.
Virtual P rivate Networking Using SSL Connections 274 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 16 6. 2. In the Add New Resource section of the screen, specify informat ion in the following fields: • Resource Nam e . A descriptive name of the resource for identification and management purposes.
Virtual Private Networking Using SSL Connections 275 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. S pecify the IP version for which you want to add a portal layout: • IP v4 . In the upper right of the screen, the IPv4 radio button is already selected by default.
Virtual P rivate Networking Using SSL Connections 276 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply t o save your settings. The new configurat ion is added to the Def ined Resource Addresses table.
Virtual Private Networking Using SSL Connections 277 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IP address ranges are config ured, then the smallest address range t akes precedence. Host names are treated the same as individu al IP addresses.
Virtual P rivate Networking Using SSL Connections 278 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 16 8. 2. Make your selection from the following Query options: • T o view all global policies, select the Global rad io button.
Virtual Private Networking Using SSL Connections 279 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N . Figure 169. Add SSL VPN Policy screen for IPv4 • IPv6 . Select the IPv6 radio button. The Add SSL VPN Po licy screen displays the IPv6 settings: .
Virtual P rivate Networking Using SSL Connections 280 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 69. Add SSL VPN Policy scre en settings Setting Description Policy For Select one of the following radio buttons to s pecify the type of SSL VPN policy: • Gl obal .
Virtual Private Networking Using SSL Connections 281 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The policy is added to the List of SSL VPN Policies table on the Policies screen. The new policy goes into effect immediately .
Virtual P rivate Networking Using SSL Connections 282 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: If you have configured SSL VPN us er policies, ma ke sure that secure HTTP remote management is ena bled (see Configure Remote Management Access on p age 322 ).
Virtual Private Networking Using SSL Connections 283 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 171. 3. Enter the user name and password that you just created with the help of the SSL VPN Wizard. 4. Click L ogin . The User Portal screen displays.
Virtual P rivate Networking Using SSL Connections 284 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 17 2. Figure 17 3. The User Portal screen displa ys a simple menu that, dependin g on the resources allocated, provides the SSL user with th e following menu selections: • VPN T unnel .
Virtual Private Networking Using SSL Connections 285 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Change Password . Allows the user to change his or her password.
Virtual P rivate Networking Using SSL Connections 286 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 17 5..
287 8 8. M anage User s , Authenti cat i on , a nd VPN Cer tif icates This chapter describes how to manage users, aut henticat ion, and security certificates for IPSec VPN and SSL VPN.
Manage Users, Authentication, and VPN Certificates 288 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Except in the case of IPSec VPN users, when you create a use r account, you need to spe cify a group. When you create a g roup, you need to specify a domain.
Manage Users, Authenticat ion, and VPN Certificates 289 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Authentication Domains, Groups, and Users This section cont ains the following .
Manage Users, Authentication, and VPN Certificates 290 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The List of Domains t able displays the doma ins with the following fields: • Check b ox . Allows you to select the domain in the t able. • Domain Name .
Manage Users, Authenticat ion, and VPN Certificates 291 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication T ype (continued) Note: If you select any typ e of RADIUS authenticati on, make sure that one or more RADIUS servers are config ured (see RADIUS Client and Server Configuration on page 235 ).
Manage Users, Authentication, and VPN Certificates 292 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The domain is added to the List of Domains table.
Manage Users, Authenticat ion, and VPN Certificates 293 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Edit Domains T o edit a domain: 1. Select Us ers > Domai ns .
Manage Users, Authentication, and VPN Certificates 294 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create Groups T o create a VPN group: 1.
Manage Users, Authenticat ion, and VPN Certificates 295 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 179. 3. Complete the settings as explained in the following table: 4. Click App ly to save your changes. The new group is added to the List of Groups t able.
Manage Users, Authentication, and VPN Certificates 296 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit a VPN group: 1. Select Users > Groups . The Group s screen displays (see Figure 17 8 on page 294 ). 2. In the Action column of the List of Groups table, click the Edit table button for the group tha t you want to edit.
Manage Users, Authenticat ion, and VPN Certificates 297 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o create a user account: 1. Select Users > User s .
Manage Users, Authentication, and VPN Certificates 298 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 18 1. 3. Enter the settings as explained in the following table: 4. Click Apply to save your settings. The user is added to the List of Users table.
Manage Users, Authenticat ion, and VPN Certificates 299 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more user account s: 1. In the List of Users t able, select the check bo x to the left of each user account that you want to delete, or click the Select All t able button to select all account s.
Manage Users, Authentication, and VPN Certificates 300 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • T o prohibit the user from logg ing in from the W AN interface, select the Deny Login from W AN Interface check box. In this case, the user can log in only from the LAN interface.
Manage Users, Authenticat ion, and VPN Certificates 301 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. In the Defined Ad dresses S tatus section of the screen, select one of the following radio buttons: • Den y Login from Defined Addresses .
Manage Users, Authentication, and VPN Certificates 302 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 18 4. 5. In the Defined Addresses S tatus section of the screen, select one of the following radio buttons: • Deny Login from Defined Addresses .
Manage Users, Authenticat ion, and VPN Certificates 303 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 9. Repeat St e p 7 and St ep 8 for any other addresses that you want to add to the Defined Addresses table. T o delete one or more IPv6 addresses: 1.
Manage Users, Authentication, and VPN Certificates 304 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. In the Add Defined Browser section of the screen, add a browser to the Defined Browsers table by selecting one of the following browsers from the drop-down list: • Internet Exp lorer .
Manage Users, Authenticat ion, and VPN Certificates 305 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o modify user settings, including p asswords: 1. Select Users > User s . The User s screen displays (see Figure 180 on p age 297 ).
Manage Users, Authentication, and VPN Certificates 306 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Manage Digital Certificates for VPN Connections The .
Manage Users, Authenticat ion, and VPN Certificates 307 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The wireless VPN firewall uses digit al cert ificates to authenticate connecting VPN gateways or clients, and to b e authent icated by remo te entities.
Manage Users, Authentication, and VPN Certificates 308 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N certificates in the Active Self Certificates t able are active on the wireless VPN firewall (see Manage VPN Self-Signed Certificates on p age 309 ).
Manage Users, Authenticat ion, and VPN Certificates 309 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more digit al certificates: 1.
Manage Users, Authentication, and VPN Certificates 310 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o generate a new CSR file, obt ain a digit al certificate from a CA, and upload it to the wireless VPN firewall: 1. Select VPN > Certificates .
Manage Users, Authenticat ion, and VPN Certificates 31 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click the Generate table button. A new SCR is created and added to the Self Certificate Requests table. 4. In the Self Certificate Re quests table, click the Vie w table button in the Action column to view the new SCR.
Manage Users, Authentication, and VPN Certificates 312 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Copy the contents of the Dat a to supply to CA text field into a text file, including all of the data cont ained from “-----BEGIN CERTIFICA TE REQUEST -----” to “-----END CERTIFICA TE REQUEST -----.
Manage Users, Authenticat ion, and VPN Certificates 313 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Dele te t able button. Manage the VPN Certificate R evocation List A Certificate Revocation List (CRL) file shows digit al certificates that have be en revoked and are no longer valid.
314 9 9. Net w or k and S y stem Manageme nt This chapter describes the tools for managing th e network traf fic to optimize its performance and the system management features of the wireless VPN firewall.
Network and System Management 315 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Content filtering • Sou rce MAC filtering LAN W AN Outbound Ru les and DMZ WAN Outbound R ules (Service Blocking) Y ou can control specific outbound traffic (from LAN to W AN and from the DMZ to W AN).
Network and System Management 316 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • W AN users . Y ou can specify which Internet locations are covered by an outbound rule, based on their IP address: - Any . The rule applies to all Internet IP address.
Network and System Management 317 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Features That Increase T r affic The following features of the wire less VPN firewall tend to increase the traf.
Network and System Management 318 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • LAN users . Y ou can specify which computers on your network ar e affecte d by an inbound rule. There are several options: - Any . The rule app lies to all computers and devices on your LAN.
Network and System Management 319 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N safely provide services to the I nternet without compromising security on yo ur LAN. By default, the DMZ port and both inbound and outbou nd DMZ traf fic are disa bled.
Network and System Management 320 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Assign Bandwidth Profiles When you set the QoS priority , the W AN bandwidth does n ot change. Y ou change the W AN bandwidth that is assigned to a service or appl ication by applying a bandwid th profile to a LAN W AN inbound or o utbound rule.
Network and System Management 321 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o modify the administrator and guest p asswords and idle time-out settings: 1.
Network and System Management 322 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The ideal p assword should contain no dictionary words from any language, and should be a mixture of let ters (both uppercase and lowercase), numbers, and symbols.
Network and System Management 323 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: When remote management is enabled and administrative access through a W AN interface is granted (see Conf.
Network and System Management 324 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • IPv6 . Select the IPv6 radio button . The Remote Management screen displays the IPv6 settings: Figure 195.
Network and System Management 325 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in the following table: W ARNING: If you are remotely connected to the wire.
Network and System Management 326 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N About Remote Access When remote management is enable d, you need to use an SSL connection to acce ss the wireless VPN firewall from the Internet.
Network and System Management 327 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o configure the SNMP settings: 1. Select Administration > SNMP . The SNMP screen displays. (The following figure contains an example.) Figure 196. The SNMP Configuration table sh ows the following columns: • IP Addre ss .
Network and System Management 328 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit an SNMP configuration: 1. On the SNMP screen (see the previous figure), click th e Edit button in the Action column for the SNMP configuration that you want to modify .
Network and System Management 329 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes. Manage the Configuration File The configuration settings of the wirele ss VPN firewall are stored in a configuration file on the wireless VPN firewall.
Network and System Management 330 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 19 9. Back Up Settings The backup feature saves all wireless VPN firewa ll settings to a file . Back up your settings periodically , and store the backup file in a safe place.
Network and System Management 331 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N R estore Settings W ARNING: Restore only settings that were backed up from th e same soft ware version. Restoring settings from a di fferent sof tware version can corrupt your backup file or th e wireless VPN firewall system software.
Network and System Management 332 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N process is complete. The reboot process t akes about 165 seconds. (If you can see the unit: The reboot process is complete whe n the T est LED on the front pan el goes of f.
Network and System Management 333 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: Af ter you have st arted the firmware insta llation process, do not interrupt the process.
Network and System Management 334 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The bottom of the screen display the current weekday , date, time, time zone, and year (in the example in the previous figure: Current T ime: T ue Mar 6 22:48:17 GMT -0800 2012).
335 10 10. M on ito r S yste m Ac ce ss an d P er for ma nc e This chapter describes the system-monitoring featur es of the wireless VPN firewall. Y ou can be alerted to importan t events su ch W AN traf fic limit s reached, login failur es, and attacks.
Monitor System Access and Performance 336 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 20 1. 2. Enter the settings as explained in the following table:.
Monitor System Access and Performance 337 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T a bl e 82 . Broadb an d T raffic Meter screen se tt in g s Setting Description Enable T raffic Meter Do you want to enab le T raffic Metering on Broadband? Select one of the following radio buttons to configure traf fic metering: • Ye s .
Monitor System Access and Performance 338 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. T o display a report of the Internet traf fic by type , click the T raffic by Protocol option arrow in the upper right of the Broadband T raf fic Meter screen.
Monitor System Access and Performance 339 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o configure and activate logs: 1. Select Monitoring > F irewall Logs & E-mail .
Monitor System Access and Performance 340 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the settings as explained in the following table: T able 83. Firewall Logs & E-mail screen settings Setting Description Log Options Log Identifier Enter the name of the log identifier .
Monitor System Access and Performance 341 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable E-ma il Logs Do you want logs to be emailed to you? Select the Ye s radio button to enable the wireless VPN firewall to email logs to a specified email address.
Monitor System Access and Performance 342 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: Enabling routing and other even t l ogs might generate a significant volume of log messa ges. NETGEAR recommends that you ena ble firewall logs for debugging purposes only .
Monitor System Access and Performance 343 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N This section describes step s 2 through 4, using the to pology that is described in the follo wing table: Configure Gateway 1 at Site 1 T o create a gateway-to-gateway VPN tunnel to Gateway 2, using the IPSec VPN wizard : 1.
Monitor System Access and Performance 344 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Remote W AN IP address. 10.0.0.1 • Local W AN IP address. 10.0.0.2 • Remot e LAN IP Address. 192.168.10.0 • Remot e LAN subnet mask. 255.255.255.
Monitor System Access and Performance 345 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View Status Screens The wireless VPN firewall provides real-time in forma tion in a variety of st atus .
Monitor System Access and Performance 346 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 20 4. The following t able explains the fiel ds of the Router S tatus screen: T able 84. Router St atus scr een information Item Description System Info System Name The NETGEAR system name.
Monitor System Access and Performance 347 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N R outer Statistics Screen T o view the Router St atistics screen: 1. Select Monitoring > Router St atus . The Router S t atus screen displays (see the previous figure).
Monitor System Access and Performance 348 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 20 5. The following t able explains the fields of the Ro uter S tatistics screen. T o change the poll interval period, enter a new va lu e (in seconds) in the Poll Inte rval field, and then click Set interval .
Monitor System Access and Performance 349 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 206..
Monitor System Access and Performance 350 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following t able explains the fiel ds of the Det ailed S tatus screen: T able 86. Detailed S t atus scree n in formation Item Description LAN Port Configuration The following fields are shown for each of the LAN ports.
Monitor System Access and Performance 351 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 Address The IPv6 address of the W AN port. For information about configurin g the IPv4 address of the W AN port, see Configure the IPv6 Internet Connection and WAN Settings on page 35 .
Monitor System Access and Performance 352 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T unnel Status Screen The IPv6 T unnel S ta tus screen displays the st atus of all act ive 6to4 and ISA T AP tunnels and their IPv6 addresses.
Monitor System Access and Performance 353 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The IPv6 T unnel S tatu s table shows the following fields: • T unnel Name .
Monitor System Access and Performance 354 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o view the active L2TP tunnel users: Select VPN > Connection S t atus > L2TP Active Users . The L2TP Active Users screen displays: Figure 20 9.
Monitor System Access and Performance 355 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o display the SSL VPN log: Select Monitoring > VPN Logs > SSL VPN Logs . The SSL VPN Logs screen displays: Figure 21 1. View the P ort T riggering Status T o view the st atus of the port-trig gering feature: 1.
Monitor System Access and Performance 356 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Statu s option arrow in the upp er right of the Port T riggering screen. The Port T riggering S tatus screen displays in a pop-up screen. Figure 21 3.
Monitor System Access and Performance 357 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 214. The type of connection determines th e inform ation that is displayed on the Connection S tatus screen. The screen can disp lay the info rmation that is described in the following table: Click Disconn ect to disconnect the connect ion.
Monitor System Access and Performance 358 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 WAN P ort Status T o view the IPv6 status of the W AN port: 1. Select Netwo rk Configuration > W AN Settings > Broadband ISP Settings (IPv6) .
Monitor System Access and Performance 359 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Attached Devices and the DHCP Log The LAN Groups screen shows the network dat abase, which is the Known PCs and Devices table, which cont ains all IP dev ices that wireless VPN firewall has discovered on the local network.
Monitor System Access and Performance 360 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • MAC Address . The MAC address of the compu ter ’ s or device’ s network interface. • Group . Each computer or device can b e assigned to a single LAN group.
Monitor System Access and Performance 361 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Status of a Wireless P rofile T o view the st atus of a specific wireless profile: 1. Select Netwo rk Configuration > Wireless Settings > Wireless Profiles .
Monitor System Access and Performance 362 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Diagnostics Utilities The wireless VPN firewall provides diagn ostic tools that help you an alyze the status of th e network and traffic conditions. T wo types of tools are available: • Network diagnost ic tools .
Monitor System Access and Performance 363 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. S pecify the IP version for which you want to display the Diagnostics screen: • IP v4 . In the upper right of the screen, the IPv4 radio button is already selected by default.
Monitor System Access and Performance 364 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Send a Ping P acket Use the ping utility to send a ping p acket request in order to ch eck the connection between the wireless VPN firewall and a specific IP addr ess or FQDN.
Monitor System Access and Performance 365 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Display the R outing T ables Displaying the internal routing t able can assi st NETGEAR technical support in diagnosing routing problems.
Monitor System Access and Performance 366 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Reboot the Wireless VPN Firewall R emotely Y ou can perform a remote reboot, for example, when the wireless VPN firewa ll seems to have become unstable or is not operating normally .
367 11 11 . T r oubles hooting This chapter provides trouble shooting tips an d information for the wireless VPN firewall. Af ter each problem description, instructions are provid ed to help you diagnose and solve the problem. For the common problems listed, go to t he section indicated.
T roubleshooting 368 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The wireless VPN firewall’ s diagnostic tools are expla ined in Diagnostics Utilities on page 362 . Basic F unctioning Af ter you turn on power to the wireless VPN firewall, verify that the following sequence of event s occurs: 1.
T roubleshooting 369 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN or WA N P ort LEDs Not On If either the LAN LEDs or W AN LEDs do not light when the Ethernet connection is made, check the following: • Make sure that the Ethernet cable conne ctions are secure at the wireless VPN fire wall and at the hub, router , or workstation.
T roubleshooting 370 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Make sure that you are using the correct login information. The fa ctory default login name is admin, and the password is password. Make sure tha t Caps Lock is of f when entering this information.
T roubleshooting 371 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o check the W AN IP address: 1. Launch your browser and navigate to an ex ternal site such as www .netgear .com. 2. Access the web management interface of the wireless VPN fire wall’ s configuration at https://192.
T roubleshooting 372 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - Configure your wireless VPN firewall to s poof your compute r ’s MAC address. Y ou can do this in the Router’s MAC Address section on the Broadband Ad vanced Options screen.
T roubleshooting 373 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Make sure that IPv6 is enabled on the computer . On a computer that runs a Windows-based operating system, do t he followin g (note that the steps might dif fer on the various Windows operating systems): a.
T roubleshooting 374 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N c. Click or double-click V iew st atus of this connection . The Lo cal Area Connection S tatus screen displays: Figure 22 3. d. Make sure that Internet access shows for the IPv6 connection.
T roubleshooting 375 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N f. Make sure that an IPv6 address shows. The previous screen does not show an IPv6 address for the computer but only a link-local IPv6 address and an IPv6 default gateway address, both of which st art, in this case, with FE80.
T roubleshooting 376 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est the P ath from Y our Co mputer to a Remote Device After verifying that the LAN path works correctly , test the path from your computer to a remote device.
T roubleshooting 377 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 225. b. Click the Default button. The wireless VPN firewall reboot s.
T roubleshooting 378 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Problems with the date and time function can in clude: • Date shown is Ja nuary 1, 2000. Cause: The wireless VPN firewall has not yet successfully reached a n etwork time server .
379 A A. De f ault Se tt ing s and T echni cal Sp ecificat ion s This appendix provides the de fault settings and th e physical and technical specifica tions of the wireless VPN firewall in the follow.
Default Settings and T echnical Specifications 380 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W AN MAC address Use def ault MAC address of the wireless VPN firewall W AN MTU size 1500 bytes 1492 bytes for PPPoE connections Port speed AutoSense IPv4 LAN, DMZ, and routi ng settings LAN IPv4 address for the default VLAN 192.
Default Settings and T echnical S pecifications 381 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firewall and security settings Inbound LAN W AN rules (communications coming in from the Internet) All traffic is blocked, except for traffic in response to requ e st s from the LAN.
Default Settings and T echnical Specifications 382 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Proxy server blocking Disabled Java applets blocking Disabled ActiveX controls blocking Disabl.
Default Settings and T echnical S pecifications 383 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Beacon inte rval 100 ms DTIM interval 2 RTS threshold 2346 bytes Fragmentation threshold 2346.
Default Settings and T echnical Specifications 384 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication algorithm SHA-1 Authentication method Pre-shared Key Key group DH-Group 2 (1024.
Default Settings and T echnical S pecifications 385 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Physical and T echnical Specifications The following ta ble shows the physical and technica l.
Default Settings and T echnical Specifications 386 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following t able shows the IPSec VPN specif ications for the wireless VPN firewall: Dimensions and w eight Dimensions (W x H x D) 19 x 12.5 x 3.
Default Settings and T echnical S pecifications 387 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble shows the SSL VPN specifications for th e wireless VPN firewall: The fol.
Default Settings and T echnical Specifications 388 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 802.1 1 b/bg/ng/n encryption 6 4-bit s and 128-bits WEP , TKIP , CCMP data encryption Network managemen t Web-based config uration and st atus monitoring T able 95.
389 B B. T w o -F act or A ut hen ti cation This appendix provides an overview of two-factor authentication, and an example of how to implement the WiKID solution.
T wo-Factor Authentication 390 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N What Is T wo -Factor Authentication? T wo-factor authentication is a security solution that enhances and strength .
T wo-Factor Authentication 391 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 226. 2. A one-time passcode ( something the user has ) is generated. Figure 227. Note: The one-time passco de is time-synchronized to the authentication server so that the OTP can be used only once and needs to be used before the expiration time.
T wo-Factor Authentication 392 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 22 8..
393 C C. No tif i cati on of C om pli ance (W ir ed) NET GEAR W ir ed Pr oduc ts Regulatory Compliance Information This section includes user requirement s for oper ating this p roduct in acco rdance with National laws for usage of radio spectrum and ope ration of radio devices.
Notification of Compliance (Wired) 394 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N FCC Radio Frequency Interference W arnings & Instructions This equipment has been tested and foun d to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
Notification of Compliance (Wired) 395 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional Copyrights AES Copyright (c) 2001, Dr . Brian Gladman, brg@gladman.
Notification of Compliance (Wired) 396 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N MD5 Copyright (C) 1990, RSA Dat a Secu rity , Inc. All rights reserved. License to copy and use this software is grant ed provided that it is identified as the “RSA Data Security , Inc.
397 D D. Notif i cati on of C om pli ance (W ir ele ss) NET GEAR Wir eless R o ute r s, Gate w ay s, AP s Regulatory Compliance Information Note: This section includes use r requirements for operating this product in a ccordance with National l aws for usage of radio spectrum and op eration of radio devices.
Notification of Compliance (Wireless) 398 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Es pañol [S pan ish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cuales quie ra otras disposiciones aplicables o exigibles de la Dire ctiva 1999/5/CE.
Notification of Compliance (Wireless) 399 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N This device is a 2.4 GHz wideband transmission system (tra nsceiver), intende d for use in all EU member states and EFT A countries, except in France and Italy where restrictive use applies.
Notification of Compliance (Wireless) 400 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • For product available in the USA market, only channel 1~ 1 1 can be operated.
Notification of Compliance (Wireless) 401 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Cordless phone - Digital 30 feet / 9 meters Bluetooth devices 20 feet / 6 meters ZigBee 20 feet / 6 met.
402 Inde x Numerics 10BASE-T , 100BASE-T , and 1000 BASE-T speeds 49 2.4-GHz wireless mode 106 20- and 40-MHz channel spacing 106 3322.org 45 – 47 64-bit and 128-bit WEP 116 6to4 tunnels configuring globally 41 DMZ, configuring for 94 LAN, configuring for 80 802.
403 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N autodetecting IPv4 Internet settings 29 autoinitiating VPN tunnels 230 autosensing port speed 49 B b mode, wireless 106 backing up configurat.
404 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N D Data Encryption S tandard. See DES. data rates, 802.1 1b/bg/ng /n 38 7 database, local users 290 date and daylight saving time settings 334.
405 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N event logs 340 examples of firewall ru les 155 – 162 exchange mode, IKE policies 21 8 , 221 exposed hosts increasing traffic 319 specifying.
406 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 DMZ-to-WAN rules 14 9 LAN-to-DMZ rules 154 LAN-to-WAN rules 141 order of precedence 134 overview 130 scheduling 178 settings 132 – 133.
407 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 Internet connection manually configuring 39 setting u p 26 IPv6 mode, configuring 36 IPv6 prefix length DMZ address 88 DMZ advertisement.
408 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N login polici es, user 299 – 304 login time-out changing 304 , 320 default 21 logs, configuring 340 long preamb l e 123 looking up DNS addre.
409 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N order of precedence, firewall rules 134 OTP (one-time passcode) 389 – 391 outbound rules default 127 examples 160 – 162 IPv4 DMZ-to-WAN r.
410 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N power plug receptacle and Power On/Off switch 18 power specifications 385 PPP connection 260 PPPoE (PPP over Ethernet) description 13 setting.
41 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N RFC 2865 235 RIP (Routi ng Information Protocol ), configur ing 97 – 99 roaming 110 Router Advertisement Deamon (RADVD) DMZ, configurin g .
412 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N policie s managing 276 settings 280 port forwarding configuring 267 – 269 description 261 portal s accessing 282 configuring 262 – 266 op.
413 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N WiKID-P AP and WiKID-CHAP 29 1 T ype of Se rvice (T o S), QoS profile 129 TZO.com 45 – 47 U UDP (User Datagram Protocol) 186 UDP flood , bl.
414 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCPv6 client, prefix delegation 38 W AN LEDs 17 , 369 WA N p o r ts 15 W AN traffic meter (or counter) 335 web component blocking 174 web ma.
An important point after buying a device NETGEAR FVS318N-100NAS (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought NETGEAR FVS318N-100NAS yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data NETGEAR FVS318N-100NAS - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, NETGEAR FVS318N-100NAS you will learn all the available features of the product, as well as information on its operation. The information that you get NETGEAR FVS318N-100NAS will certainly help you make a decision on the purchase.
If you already are a holder of NETGEAR FVS318N-100NAS, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime NETGEAR FVS318N-100NAS.
However, one of the most important roles played by the user manual is to help in solving problems with NETGEAR FVS318N-100NAS. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device NETGEAR FVS318N-100NAS along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center