Instruction/ maintenance manual of the product FVG318NA NETGEAR
Go to page of 176
202-10318-01 September 2007 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA ProSafe 802.1 1g Wireless VPN Firewall FVG318 Reference Manual.
ii v1.0, September 2007 © 2007 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR and the NETGEAR l ogo are registered trademarks and ProSaf e is a trademark of NETGEAR, Inc. Microsoft, W indows, and W indows NT ar e registered trademarks of Microsof t Corporation.
v1.0, September 2007 iii Europe – Declaration of Conf ormity in Languages of the European Community Cesky [Czech] NETGEAR Inc. tímto prohlašuje, že tento Radiol an je ve shod e se základními požadavky a dalšími príslušnými ustanoveními smernice 1999/5 /ES.
v1.0, Septembe r 2007 iv FCC Requirement s for Operation in the United St ates FCC Information to User This product does not contain an y user serviceable co mponents and is to be us ed with approved an tenn as only .
v1.0, September 2007 v interference will not occur in a pa rtic ula r installation. If this equipment does cause harm ful interference to radio or television reception, which ca n be determined by tur.
v1.0, Septembe r 2007 vi Product and Publication Det ails Model Number: FVG318 Publication Date: September 2007 Product Family: Wireless Router Product Name: ProSafe 802.1 1g Wireless VPN Firewall Home or Business Prod uc t: Business Language: Engl ish Publication Part Number: 202-10318-01 Publication V ersion Number: 1.
vii v1.0, September 2007 Content s About This Manual Conventions, Formats, and Scope ............... ................ ................ ................ ................ ... xiii How to Use This Manual ................. ................ ...............
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual viii Contents v1.0, September 2007 Chapter 3 Configuring Wirele ss Connectivity Observing Performance, Placem ent, and Range Guidelines ............. ................ ............ 3-1 Implementing Appropriate Wirele ss Security .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Contents ix v1.0, September 2007 Setting Up a Client-to-Gateway VPN Configurat ion ..... ................ ................ ............. ..... 5-5 S tep 1: Configuring the Client-to-Gateway VPN Tu nnel on the FVG318 .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual x Contents v1.0, September 2007 Configuring S tatic Routes ................ ................ ................ ................ ............. ................ .. 8-5 Configuring RIP .......
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Contents xi v1.0, September 2007 The FVG318-to-FVS318v2 Case ................. ................ ............. ................ ................ .... C-7 Configuring the VPN T u nnel ......
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual xii Contents v1.0, September 2007.
xiii v1.0, September 2007 About This Manual The NETGEAR ® Pr oSafe™ 802.1 1g W ir eless VPN Fir ewall FVG318 Refer ence Manual describes how to install, configure and troubleshoot th e ProSafe 802.1 1g W ireless VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual xiv About This Manual v1.0, September 2007 • Scope. This manual is written for the VPN fir ewall according to these specifications: For more information about networ k, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual About This Manual xv v1.0, September 2007 • Printing from PDF . Y our computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe W eb site at http://www .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual xvi About This Manual v1.0, September 2007.
1-1 v1.0, September 2007 Chapter 1 Introduction This chapter describes the features of the NETG EAR® ProSafe 802.11g W ireless VPN Firewall, Model FVG318.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-2 Introduction v1.0, September 2007 802.1 1g and 802.1 1b Wireless Networking The VPN firewall includes an 802.1 1g-compliant wireless access point. The access point provides: • 802.1 1b standards-based wireless networking at up to 11 Mbps.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Introduction 1-3 v1.0, September 2007 The FVG318 logs security events such as blocke d incoming traf fic, port scans, attacks, and administrator logins. Y ou can configure the fi rewall to email the log to you at specified intervals.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-4 Introduction v1.0, September 2007 • IP Address Sharing by NA T . The VPN firewall allows severa l networked PCs to share an Internet account using only a single IP addr ess, which may be statically or dynamically assigned by your Internet service pro vider (ISP).
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Introduction 1-5 v1.0, September 2007 Maintenance and Support NETGEAR offers the following features to help you maximize yo ur use of the VPN firewall: • Flash memory for firmware upgrade.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-6 Introduction v1.0, September 2007 Y ou can use some of the LEDs to verify connections. V iewed fro m left to right, Ta b l e 1 - 1 describes the LEDs on the front panel of th e firewall.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Introduction 1-7 v1.0, September 2007 V iewed from left to right, the rear panel contains the following features: • Detachable wireless.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 1-8 Introduction v1.0, September 2007.
Connecting the Fire wa ll to the Internet 2-1 v1.0, September 2007 Chapter 2 Connecting the Firewall to the Internet This chapter describes how to set up the firewall on your LAN, connect to the In ternet, perform basic configuration of yo ur ProSafe 802.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-2 Connecting the Firewall to the In ternet v1.0, September 2007 d. Securely insert the Ethernet cable from your mo dem into the FVG318 Internet port (point B in the illustration).
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -3 v1.0, September 2007 2. Restart your network in the co rre ct se qu ence a. First, plug in and turn o n the cable or DSL modem.W ait about 2 min utes.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-4 Connecting the Firewall to the In ternet v1.0, September 2007 • Power: The power light should be lit. If after 2 minutes the power light turns solid amber, see the T roubleshooting T ips in this guide.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -5 v1.0, September 2007 2. When prompted, en ter admin for the firewall User Name and password for the firewall Password. Both fields are case-sensitive.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-6 Connecting the Firewall to the In ternet v1.0, September 2007 4. Select Network Configuration. The W AN ISP Settings screen will display . Click Auto Detect at the bottom of the W AN ISP Settings screen.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -7 v1.0, September 2007 Manually Configuring your Internet Connection Unless your ISP assigns your configuration automatically via DHCP , you will need the configuration parameters from your ISP .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-8 Connecting the Firewall to the In ternet v1.0, September 2007 – Password . Enter the password you use to log in to your ISP .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to the Int ernet 2 -9 v1.0, September 2007 • IP Subnet Mask : This is usually provided by the ISP o r your network administrator . • Gateway IP Address : IP address of your ISP’ s gatewa y .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-10 Connecting the Firewall to th e Internet v1.0, September 2007 The gateway conta in s a clie n t that ca n co nn ect to a dynamic DNS service provider . T o use this feature, you must select a service provider and obtain an account with them.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to th e Int er n et 2-11 v1.0, September 2007 5. Click Apply to save y our configuration.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-12 Connecting the Firewall to th e Internet v1.0, September 2007 • Select the Use Custom NTP Servers if you prefer to use a particular NTP server . – Enter the name or IP address of an NTP Server in the Server 1 Name/IP Address field.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Connecting th e Fir ew all to th e Int er n et 2-13 v1.0, September 2007 • Some cable modem ISPs require you to use the MAC address of the computer registere d on the account.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 2-14 Connecting the Firewall to th e Internet v1.0, September 2007 Configuration Settings Have Been Applied Enter the standard URL to acc.
Configuring Wireless Connectivity 3-1 v1.0, September 2007 Chapter 3 Configuring Wireless Connectivity This chapter describes how to configure the wire less features of your FVG318 VPN firewall. Observing Performance, Placem ent, and Range Guidelines In planning your wire less network, you sh ou ld consider the level of se curity required.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-2 Configuring Wireless Con nectivity v1.0, September 2007 Implementing Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapte r .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-3 v1.0, September 2007 • Wi- Fi Protected Access (WP A and WP A2) . The very strong auth entication along with dynamic per frame rekeyin g o f WP A and WP A2 make it virtually im po ssible to compromise.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-4 Configuring Wireless Con nectivity v1.0, September 2007 • Wir eless Ne twork. The station name of the FVG318. – Wir eless Network Name (SSID). The SSID is also kn own as the wireless network name.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-5 v1.0, September 2007 – Region. This field identifies the region where the FVG318 can be used. It may no t be legal to operate the wireless features of the VPN fi rewall router in a region other than one of those identified in this field.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-6 Configuring Wireless Con nectivity v1.0, September 2007 – WP A2-PSK : WP A2 is a later version of WP A.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-7 v1.0, September 2007 Security Check List for SSID and WEP Settings For a new wireless network, print or copy this form and fill in the configuration parameters.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-8 Configuring Wireless Con nectivity v1.0, September 2007 Setting Up and T esting Basic Wireless Connectivity Follow the instructions below to set up and te st basic wireless conne ctivity .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-9 v1.0, September 2007 7. For initial configuration and test, leave the W i reless Card Access List set to “All W ireless Stat ions” and the Encryption St rength set to “Disable.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-10 Configuring Wireless Connectivity v1.0, September 2007 3. Check the Y es radio box to enable MAC filtering and tu rn on the Access Control List. Then click Apply . An “Operation Succeed” m essage will display .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-11 v1.0, September 2007 3. In the W ireless Security T ype section, select the WEP radio bo x. The WEP fields section will be highlight ed. 4. Choose the Authentication T ype (Automatic, Open System or Shared Key) and Encryption St re n g t h options.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-12 Configuring Wireless Connectivity v1.0, September 2007 • Manual Entry Mode : Enter ten hexadecimal digits (any combin ation of 0-9, a-f, or A-F). These hex values are not case sensitive.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-13 v1.0, September 2007 3. Select the WP A radio box and then select RADIUS from the WP A with: pull-down menu in the W ireless Security T ype section. The RADIUS settings fields in the Radius Server Settings section will be highlighted.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-14 Configuring Wireless Connectivity v1.0, September 2007 Configuring WP A2 with RADIUS T o configure WP A2 with RADIUS: 1.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-15 v1.0, September 2007 4. Enter the Radius Server Settings. • Primary Server Name/IP Addr ess : This field is required. Enter the name or IP address of the primary Radius Serve r on your LAN.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-16 Configuring Wireless Connectivity v1.0, September 2007 3. Select the WP A and WP A2 radio box and then select RADIUS from the WP A with: pull- down menu in the W ireless Security T ype section.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-17 v1.0, September 2007 Configuring WP A-PSK T o configure WP A-PSK: 1.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-18 Configuring Wireless Connectivity v1.0, September 2007 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Ent er a word or group of printable characters in the Passphrase b ox.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-19 v1.0, September 2007 3. Select the WP A2 radio box and then select PSK from the WP A with: pull-down menu in the W ireless Security T ype section. The PSK settings fields in th e PSK Settings section will be highlighted.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-20 Configuring Wireless Connectivity v1.0, September 2007 Configuring WP A-PSK and WP A2-PSK T o configure WP A-PSK and WP A2-PSK: 1. Log in at the default LAN address of http://192.168.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Configuring Wireless Connectivity 3-21 v1.0, September 2007 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Ent er a word or group of printable characters in the Passphrase b ox.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 3-22 Configuring Wireless Connectivity v1.0, September 2007.
Firewall Protection and Conten t Filtering 4-1 v1.0, September 2007 Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe 802.11g W ireless VPN Firewall to protect your n etwork.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-2 Firewall Protection and Content Filtering v1.0, September 2007 Certain commonly used web compon ents can also be blocked for inc reased security . Some of these components can be used by malic ious websites to infect computers that access them.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 3 v1.0, September 2007 2. Check the Y es radio box in the Content Filtering section and click Apply . This will enable content filtering an d allow you to specify W eb Compon ents to be blocked.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-4 Firewall Protection and Content Filtering v1.0, September 2007 1. In the appropriate field add the IP Address or Domain Name. 2. Click Add. The IP Address or Domain Name will appear in the appropriate table.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 5 v1.0, September 2007 A firewall has two default rules, one for inbound traf fic and one for outbound. The default rules of the FVG318 are: • Inbound : Block all access from outside except re sponses to requests from the LAN side.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-6 Firewall Protection and Content Filtering v1.0, September 2007 An example of th e menu for defining or edi ting a rule is shown in Figure 4-3 . The parameters are: • Service . From this list, select the application or service to be allowed or blocked.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 7 v1.0, September 2007 Inbound Rule Example: A Local Public W eb Server If you host a public.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-8 Firewall Protection and Content Filtering v1.0, September 2007 Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP , the IP address may change periodically as the DHCP lease expires.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4- 9 v1.0, September 2007 . Order of Precedence for Rules As you define new rules, they are add.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-10 Firewall Protection and Content Filtering v1.0, September 2007 Default DMZ Server Incoming traf fic from the Internet is normally discarded by th e firewall unless the traffic is a response to one of your local computers or a service for which you h ave configured an inboun d rule.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -11 v1.0, September 2007 . Att ack Checks The Attack Check screen allows you to specify if the router should be protected against common attacks from the LAN an d W A N networks.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-12 Firewall Protection and Content Filtering v1.0, September 2007 Services Services are functions performed by server computers at the request of client computers.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -13 v1.0, September 2007 b. From the Ty p e pull-down menu, select whether the se rvice uses TCP , UDP or ICMP as its transport protocol. c. Enter the lowest port number used by the service in the St a r t P o r t field.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-14 Firewall Protection and Content Filtering v1.0, September 2007 . T o bloc k keywords or Internet d omains based on a sche dule: 1. Select Security > Schedule from the menu . The Schedule 1 scre en will display .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -15 v1.0, September 2007 2. Enter the Log Identifier in the Log Options sections. Every logged message will contain a prefix for easier identification of the source of the message.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-16 Firewall Protection and Content Filtering v1.0, September 2007 5. Enable E-Mail Logs. Check the Ye s radio box if you wish to receive e-mail lo gs fro m the firewall. 6. Enter your E-Mail Address information.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Firewall Protection and Content Filtering 4 -17 v1.0, September 2007 • Enter the Return E-Mail Addr ess to which logs and alerts are sent. This e-mail address will also be used as the Send T o E-mail addre ss.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 4-18 Firewall Protection and Content Filtering v1.0, September 2007 Log entries are described in T able 4-1 Log action buttons are described in Ta b l e 4 - 2 T able 4-1. Log entry descrip tions Field Description Date and T ime The date and time the log entry was recorded.
Basic Virtual Private Ne tworking 5-1 v1.0, September 2007 Chapter 5 Basic V irtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the VPN firewall.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-2 Basic Virtual Private Networking v1.0, September 2007 Overview of VPN Configuration T wo common scena rios for config uring VPN tunnels are between a remote personal computer and a network gateway and between two or more netw ork gateways.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 3 v1.0, September 2007 A VPN between two or more NETGEAR VPN-enabled firewalls is a good way to connect branch or home offices and business partners over the In ternet.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-4 Basic Virtual Private Networking v1.0, September 2007 • What level of IPSec VPN encryption will you use? – DE – The Data Encryption Standard (DES) pr ocesses input data that is 64 bits wide, encrypting these values using a 56 bit key .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 5 v1.0, September 2007 Setting Up a Client-to-Gateway VPN Configuration Setting up a VPN between a re.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-6 Basic Virtual Private Networking v1.0, September 2007 2. Select VPN > VPN Wizard from the menu. The WPN W izard screen will display . 3. Check the VPN Client radio b utton and enter th e Connection Name and the pre-shared key .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 7 v1.0, September 2007 4. Click the VPN W izard Default V alues link on the VPN W izard scree n to display the VPN default values shown below . The W izard sets most parameters to defaults as proposed by the VPN Consortium.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-8 Basic Virtual Private Networking v1.0, September 2007 The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR W eb site ( http://www .netgear .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Private Networking 5- 9 v1.0, September 2007 3. Enter the connection settin gs for the new connection: a. Select Secure in the Conn ection Security check box b. Select IP Subnet in the ID T ype menu.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-10 Basic Virtual Priva te Networking v1.0, September 2007 f. Select Domain Name in the ID T ype menu below the check bo x. g. Enter the public W AN IP Domain Name of the FVG318 in the field di rectly below the ID T ype menu.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-11 v1.0, September 2007 5. Configure the VPN Client Identity . Provide info rmation about the remote VPN client PC. Y ou will need to provide: – The Pre-Shared Key that you co nfigured in the FVG318.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-12 Basic Virtual Priva te Networking v1.0, September 2007 b. Choose None in the Select Certificate box. c. Select IP Address in the ID T ype box. If you are using a virtual fixed IP a ddress, enter this address in the Internal Network IP Addres s box.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-13 v1.0, September 2007 c. In the Authentication Method menu, select Pre-Shared key . d. In the Encrypt Alg menu, select the type of en cryption. In this example, use T riple DES.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-14 Basic Virtual Priva te Networking v1.0, September 2007 8. Save the VPN Client Settings.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-15 v1.0, September 2007 This will cause a continuous ping to be sent to the first FVG318. After between several seconds and two minutes, the ping response should change from “timed out” to “reply”, as shown below .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-16 Basic Virtual Priva te Networking v1.0, September 2007 2. The Connection Monitor sc reen for a similar connection is shown below: In this example you can see the following: • The FVG3 18 has a public IP W AN address of 22.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-17 v1.0, September 2007 T ransferring a Security Policy to Another Client This section explains how t o export and import a security policy as an .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-18 Basic Virtual Priva te Networking v1.0, September 2007 T o import an existing Security Policy: 1. Invoke the NETGEAR ProSafe VPN Client and select Import Security Policy from the File pull-down menu.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-19 v1.0, September 2007 Setting Up a Gateway-to-G ateway VPN Configuration The following procedure will show how to set the LAN IPs on each FVG318 to dif ferent subnets and configure each properly for the Internet.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-20 Basic Virtual Priva te Networking v1.0, September 2007 5. In the End Point Information s ection, enter the Remote W ANs IP Address or Internet Name and the Local W AN’ s IP Addres s or Internet Name.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-21 v1.0, September 2007 7. Click Apply to complete the configuration procedure. The IKE Policies menu will display the local and remote W AN connection points as shown below .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-22 Basic Virtual Priva te Networking v1.0, September 2007 T o configure a gate way-to-gatew ay VPN tu nnel using the VPN W iz ard on LAN B:. 1. Log in to the FVG318 on LAN B at its default LAN address of http://192.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-23 v1.0, September 2007 Activating a VPN T unnel There are three ways to activate a VPN tunnel: • S tart using the VPN tunnel. • Use the IPSec Connection S tatus screen.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-24 Basic Virtual Priva te Networking v1.0, September 2007 T o activate the VPN tunnel by pinging the remote endpoint, select your confi.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-25 v1.0, September 2007 Once the connection is establish ed, yo u can op en the browser of the PC and enter the LAN IP address of the remote FVG318.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-26 Basic Virtual Priva te Networking v1.0, September 2007 T o Use the IPSec Connec tion Status screen to change the status of a VPN connection: 3. Click VPN > Connecti on S tatus ( Figure 5-26 ) to get the IPSec Connection S tatus screen ( Figure 5-27 ).
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Basic Virtual Priv ate Networkin g 5-27 v1.0, September 2007 3. Select the checkbox adjace nt to the policy you want t o disable and click disable.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 5-28 Basic Virtual Priva te Networking v1.0, September 2007.
Advanced Virtual Private Networking 6-1 v1.0, September 2007 Chapter 6 Advanced V irtual Private Networking This chapter describes how to use the advanced virtual private networking (VPN) features of the VPN firewall. See Chapter 5, “Basic V irtual Private Networking ” for a description on ho w to use the basic VP N fea t u res.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-2 Advanced Virtual Private Networking v1.0, September 2007 • VPN Policies . Apply the IKE policy to specific traffic that requires a VPN tunnel.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-3 v1.0, September 2007 The IKE Policy Configuration fields are defined in the following tabl e.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-4 Advanced Virtual Private Networking v1.0, September 2007 The VPN Manual and Auto Po licy f ields are defined in the following table.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-5 v1.0, September 2007 Policy Name The descri ptive name of the VPN policy . Each policy should have a unique policy name. This name is not supplied to the remote VPN endpoint.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-6 Advanced Virtual Private Networking v1.0, September 2007 Manual Policy Parameters The Manual Policy creates an SA (Sec urity Associat.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-7 v1.0, September 2007 Using Digit al Certificates for IKE Auto-Policy Authentication Digital certi.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-8 Advanced Virtual Private Networking v1.0, September 2007 Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVG318 obtained fro m the corre sponding CA.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-9 v1.0, September 2007 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secret s The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-10 Advanced Virtual Private Networking v1.0, September 2007 FVG318 Gateway A to FVG318 Gateway B ( IKE and VPN Policies) Note : Use this scenario illustration and configuration scr een s as a model to build your configuration.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-11 v1.0, September 2007 b. Configure the W AN Internet Address acco rding to the settings above and click Ap ply to save your settings.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-12 Advanced Virtual Private Networking v1.0, September 2007 d. Configure the LAN IP address according to the settings above and click Apply to save your settings. For more information on LAN TCP/IP setup topics, please see “Configuring LAN TCP/IP Setup Parameters” on page 8-2 .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-13 v1.0, September 2007 a. Select VPN > Policies and click the VPN Policies tab. The VPN Policies screen will display . Click Add to display the Add VPN Policy screen.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-14 Advanced Virtual Private Networking v1.0, September 2007 T o test the Gateway A FVG318 L AN and the Gateway B LAN connection: 1. Using our example, from a PC attached to the FVG318 on LAN A, on a W indows PC click t he Star t button on the task bar and then click Run.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-15 v1.0, September 2007 VPN Consortium Scenar io 2: FVG318 Gateway to Gateway with Digit al Certificates The following is a typical gate way-to-gateway VPN that uses Public Key Infrastructure x.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-16 Advanced Virtual Private Networking v1.0, September 2007 • Hash Algorithm. Select the desired option : MD5 or SHA1. • Signature Algorit hm. Select the desired option: DSS or RSA. • Signatu re Key Length.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Virtual Private Networking 6-17 v1.0, September 2007 g. Click Generate The FVG318 generates a pending Self Certificate Request as shown below . Click view to display the data. 4. T ransmit the Self Certificate Request data to the T rusted Root CA.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 6-18 Advanced Virtual Private Networking v1.0, September 2007 f. The “FVG318” certific ate will display in the Active Self Cer tificates table and the pending “FVG318” Self Certificate Request will be deleted.
Maintenance 7-1 v1.0, September 2007 Chapter 7 Maintenance This chapter describes how to use the maintenance features of your ProSafe 802.1 1g W ireless VPN Firewall. These features can be found by selec ting Monitoring > Router Status from the main menu of the browser interface.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 7-2 Maintenance v1.0, September 2007 This screen shows the following parameters: T able 7-1. FVG318 St atus fields Field Description System Name The System Name assign ed to the firewall. Firmware V ersion The firewall firmware version.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Maintenanc e 7-3 v1.0, September 2007 Click Show S tatistics to display the W AN connection status, This screen shows the data transfer statistics for the W AN and LAN ports, including the duration they were enable d.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 7-4 Maintenance v1.0, September 2007 Upgrading the Firewall Sof tware The routing software of the FVG318 VPN firewa ll is stored in FL ASH memory , and can be upgraded as new software is released by NETG EAR.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Maintenanc e 7-5 v1.0, September 2007 3. Highlight the file and click Upload . In some cases, you may need to reco nfigure the firewall after upgrading.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 7-6 Maintenance v1.0, September 2007 Changing the Administrator Password The default password for the firewa ll’ s W e b Configuration Manager is password . NETGEAR recommends that you ch ange this password to a more secure password.
Advanced Configuration 8-1 v1.0, September 2007 Chapter 8 Advanced Configuration This chapter describes how to configure the advan ced features of your ProSafe 802.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-2 Advanced Configuration v1.0, September 2007 8. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-3 v1.0, September 2007 These addresses are part of the IETF-designated private address range for use in private networks, and should be suitabl e in most applications.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-4 Advanced Configuration v1.0, September 2007 • Primary DNS server (if you entered a primar y DNS address in the W AN Settings menu; .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-5 v1.0, September 2007 Configuring S t atic Routes Stat ic Routes provide additional routing info rmation to your firewall.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-6 Advanced Configuration v1.0, September 2007 5. T ype the Destination IP Address of the final destination. 6. T ype the IP Subnet Mask for this destination. If the destination is a single host, type 255.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-7 v1.0, September 2007 – When set to Both or In Only , it incorpor ates the RIP information that it receives. – When set to None, it will not send any RIP packets and ignores any RIP packets rece ived.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-8 Advanced Configuration v1.0, September 2007 • Y ou have an ISDN firewall on your home network for connecti ng to the company where you are employed. This firewall’ s address on your LAN is 192.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-9 v1.0, September 2007 2. Select the Y es radio box for Allow Remote Ma nagement. • Specify what external addresses will be allowed to access the firewall’ s remote management.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-10 Advanced C onfiguration v1.0, September 2007 SNMP Administration Simple Network Manage ment Protocol (SNMP) lets you monito r and manage you r router from an SNMP Manager .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Advanced Configuration 8-11 v1.0, September 2007 T o create a new SNMP configuration entry: 1. Enter the IP address of an SNMP trap agent. 2. Enter the Subnet Mask. The network mask used to determine the list of allowed SNMP managers.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 8-12 Advanced C onfiguration v1.0, September 2007 Enabling Universal Plug and Play (UPnP) UPnP (Universal Plug and Play) allows for auto matic d iscovery of de vices that ca n communicate with this router .
Troubleshooting 9-1 v1.0, September 2007 Chapter 9 T roubleshooting This chapter gives informatio n about troubleshootin g your ProSafe 802.1 1g W ireless VPN Firewall. After each problem description, instructio ns are provided to help you dia gnose and solve the problem.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-2 Troubleshooting v1.0, September 2007 LEDs Never T urn Off When the firewall is turned on, the LEDs turn on brief ly and th en turn of f. If all the LEDs stay on, there is a fault within the firewall.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Troubleshooting 9-3 v1.0, September 2007 Note: If your PC’ s IP address is sh own as 169.254.x.x: Recent versions of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-4 Troubleshooting v1.0, September 2007 If your firewall is unable to obtain an IP address from the ISP , you may need to force your cable o r DSL modem to recognize your new firewall by performing the fo llowing procedure: 1.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Troubleshooting 9-5 v1.0, September 2007 T roubleshooting a TCP/IP Ne twork Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility th at sends an echo request packet to the designated device.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-6 Troubleshooting v1.0, September 2007 – V erify that the IP addres s for your firewa ll and your workstation are correct and that the addresses are on the same subnet.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Troubleshooting 9-7 v1.0, September 2007 • Use the Reset button on the rear panel of the firewa ll. Use this method for cases when the administration password or IP address are not known.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual 9-8 Troubleshooting v1.0, September 2007.
Default Settings and Technical Specifications A-1 v1.0, September 2007 Appendix A Default Settings and T echnical Specifications Default Settings Y ou can use the reset button located on the front of your device to reset all settings to their factory defaults.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual A-2 Default Settings and Technical Specifications v1.0, September 2007 DHCP S tarting IP Addre s s 192.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual Default Settings and Technical Specifications A-3 v1.0, September 2007 T echnical S pecifications This appendix provides techni cal specifications for the ProSafe 802.1 1g W ireless VPN Firewall.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual A-4 Default Settings and Technical Specifications v1.0, September 2007.
Related Documents B-1 v1.0, September 2007 Appendix B Related Document s This appendix provides links to reference documents you c an use to gain a more comple te understanding of the technolog ies used in your NETGEAR prod uct. Document Link Windows XP and Vista Wireless Configuration Utilities http://documentation.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual B-2 Related Documents v1.0, September 2007.
VPN Configuration of NETGEAR FVG318 C-1 v1.0, September 2007 Appendix C VPN Configuration of NETGEAR FVG318 This is a case study on how to configure a s ecure IPSec VPN tunnel on a NETGEAR FVS318v3. This case study follows the VP N Consortium interoperability profile guidelines (found at http://www .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-2 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Configuring the Gateways Configure each gateway: 1. Configure Gate A. a. Log in to the r outer at Gateway A. b. Use the VPN Wizard to configur e this router .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-3 v1.0, September 2007 Activating the VPN T unnel Y ou can activate the VPN tunnel by testing co n.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-4 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Configuring the VPN T unnel This scenario assumes all ports are open on the FVG318. Use this scenario illustration and configuration scr een s as a model to build your configuration.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-5 v1.0, September 2007 – Subnet Mask: (in this example) 3. Log in to the FVG318 labeled Gateway B. Log in at the default address of http://192.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-6 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Initiating and Checki ng the VPN Connections Y ou can test connectivity and view VPN status information on the FVG3 18 according to the testing flowchart shown in Figure C-2 .
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-7 v1.0, September 2007 The FVG318-to-FVS318v2 Case Configuring the VPN T unnel This scenario assumes all ports ar e open on the FVG318 an d FVS318v2.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-8 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 • Connection Name: Scenario_1 (in this example) • Pre-Shared Key: 123456 78 (in this example), must be the same at both VPN tunnel endpoints • Remote W AN IP address: 22.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG3 18 C-9 v1.0, September 2007 • The remote W AN and LAN IP addresse s for one VPN tunnel endpoint will be the local W AN and LAN IP addresses for the other VPN tunnel endpoint.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-10 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 The FVG318-to-FVL328 Case Configuring the VPN T unnel This scenario assumes all ports ar e open on the FVG318 an d FVL328. Use this scenario illustration and configuration scr een s as a model to build your configuration.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-11 v1.0, September 2007 • Pre-Shared Key: 123456 78 (in this example), must be the same at both VPN tunnel endpoints • Remote W AN IP address: 22.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-12 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 • The remote W AN and LAN IP addresse s for one VPN tunnel endpoint will be the local W AN and LAN IP addresses for the other VPN tunnel endpoint.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-13 v1.0, September 2007 The FVG318-to-VPN Client Case Client-to-Gateway VPN T unnel Overview The operational differences between gateway-to-g atew ay and client-to-gateway VPN tunnels are summarized as follows: T able C-4.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-14 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Configuring the VPN T unnel This scenario assumes all ports are open on the FVG318. Use this scenario illustration and configuration scr een s as a model to build your configuration.
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-15 v1.0, September 2007 b. Add a new connection using the Edit /Add/Connection menu and rename it Scenario_1 .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-16 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 d. Select Security Policy on the left hierarchy menu and then select Aggressive Mode under Select Phase 1 Negotiation Mode (see Figure C-9 ).
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-17 v1.0, September 2007 •U n d e r My Identity , select Domain Name for the ID T ype and then enter fvs_remote .
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-18 VPN Configuration of NETGEAR FVG318 v1.0, September 2007 Y ou are new ready to activate the tunnel, but you must do it from the client endpoint (see “Initiating and Checking the VP N Conn ections” on pa ge C-18 ).
ProSafe 802.11g Wireless VPN Firewall FVG31 8 Reference Manual VPN Configuration of NETGEAR FVG318 C-19 v1.0, September 2007 2. T est 2: Ping Remote W AN IP Address (if T est 1 fails): T o test co nnectivity between the Gateway A and Gateway B W AN ports, follow these steps: a.
ProSafe 802.11g Wireless VPN Fi rewall FVG318 Reference Manual C-20 VPN Configuration of NETGEAR FVG318 v1.0, September 2007.
An important point after buying a device NETGEAR FVG318NA (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought NETGEAR FVG318NA yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data NETGEAR FVG318NA - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, NETGEAR FVG318NA you will learn all the available features of the product, as well as information on its operation. The information that you get NETGEAR FVG318NA will certainly help you make a decision on the purchase.
If you already are a holder of NETGEAR FVG318NA, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime NETGEAR FVG318NA.
However, one of the most important roles played by the user manual is to help in solving problems with NETGEAR FVG318NA. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device NETGEAR FVG318NA along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center