Instruction/ maintenance manual of the product FVS336G-300EUS Netgear
Go to page of 693
350 East Plumeria Drive San Jose, C A 95134 USA December 2014 202-11413-01 P r oSAFE Dual W AN Gigabit S SL VPN Fir ew all Model F VS336Gv3 R ef erenc e Manual.
2 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Suppor t Thank you f or selec ting NET GE AR pr oduc ts. After inst alling your device, locat e the serial number on the label of your pr oduc t and use it to r egister your pr oduct at https ://my .
3 Cont ents Chapter 1 Get an Overview of the Features and Hardware and Log In What Is the Pr oSAFE Dual W AN Gigabit SSL VPN Fir ewall?. . . . . . . . . . . . . . . . . 13 K ey Featur es and C apabilities . . . . . . . . . . . . . . . . . . . . . . . .
4 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Method f or IPv4 Interfac es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Manage Sec ondary IPv4 W AN Addr esses . . . . . . . . . . . . . . . . . . .
5 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Chapter 4 Configure the IPv4 LAN Settings Manage IPv4 Virtual L ANs and DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . 116 IPv4 L ANs and VL ANs. . . . . . . . . . . . . .
6 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage a St ateful DHCPv6 Server and IPv6 Addr ess P ools f or the DMZ . 198 Manage St atic IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Add a St atic IPv6 Rout e .
7 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Chapter 7 Protect Your Network Manage Cont ent Filt ering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Cont ent Filtering Ov er view . . . . .
8 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T est the Mode C onfig Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Change a Mode Config R ecor d . . . . . . . . . . . . . . . . . . . . . . . . . . .
9 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage User Login P olicies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 Change P asswor ds and Automatic Logout P eriod . . . . . . . . . . . . . . .
10 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View the A ttached Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603 View the DHCP Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Login and L ogout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Syst em St ar tup . . . . . . . . . . . . . . . . . . . . . . . . . .
12 1 1. Get an Ov er view of the Fe atur es and Har dwar e and Log In This chapter provides an overview of the features and capabilities of the NETGEAR ProSAFE ® Dual W AN Gigabit SSL VPN Firewall for model FVS336Gv3 and explains how to log in to the device and use its web management interface.
Get an Over view of the Featur es and Hardwar e and Log In 13 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 What Is the Pr oSAFE Dual W AN Gigabit SSL VPN Fir ewall? The ProSAFE Dual W A.
Get an Overview of the Features and Har dware and Log In 14 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for fast dat.
Get an Over view of the Featur es and Hardwar e and Log In 15 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Advanc ed VPN Suppor t f or Both IPSec and SSL The VPN firewall supports IPSec.
Get an Overview of the Features and Har dware and Log In 16 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Security Featur es The VPN firewall is equipped with several features designed to maintain security: • Computers hidden by NA T .
Get an Over view of the Featur es and Hardwar e and Log In 17 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN. • PPP over Ethernet (PPPoE) .
Get an Overview of the Features and Har dware and Log In 18 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 P ack age Cont ents The VPN firewall product package contains the following item.
Get an Over view of the Featur es and Hardwar e and Log In 19 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 1. Front panel T able 1. LED descriptions LED Activity Description Power Green Power is supplied to the VPN firewall. Off Power is not supplied to the VPN firewall.
Get an Overview of the Features and Har dware and Log In 20 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Back P anel The back panel of the VPN firewall includes a console port, a cable security lock receptacle, a recessed Factory Defaults reset button, and an AC power connection.
Get an Over view of the Featur es and Hardwar e and Log In 21 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Factory Defaults reset button . T o reset the VPN firewall to factory default settings, use a sharp object to press and hold this button for about eight seconds until the front panel T est LED blinks.
Get an Overview of the Features and Har dware and Log In 22 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Rack- Mount the VPN Fir ewall with the Mounting Kit Use the mounting kit for the VPN firewall to install the appliance in a rack. Attach the mounting brackets using the hardware that is supplied with the mounting kit.
Get an Over view of the Featur es and Hardwar e and Log In 23 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W eb Management Interf ace Ov er view The following figure shows the menu at the top the web management interface: Figure 5.
Get an Overview of the Features and Har dware and Log In 24 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 - Both radio buttons are disabled . IP functionality does not apply . The bottom of each screen provides action buttons. The nature of a screen determines which action buttons are shown.
Get an Over view of the Featur es and Hardwar e and Log In 25 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o log in to the VPN firewall: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Get an Overview of the Features and Har dware and Log In 26 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: After five minutes of inactivity (the default login time-out), you are automatically logged out. Y ou are now ready to configure the VPN firewall for your specific network environment.
Get an Over view of the Featur es and Hardwar e and Log In 27 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Users > Users . The Users screen displays. 7. In the List of Users table, click the Edit button for the admin default user .
28 2 2. Configur e the IPv4 Int ernet and W AN Settings This chapter explains how to configure the IPv4 Internet and W AN settings. The chapter contains the following sections: • Roadmap to Setting .
Configur e the IPv4 Internet and W AN Settings 29 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Roadmap t o Setting Up IPv4 Internet C onnec tions t o Y our ISPs T ypically , the VPN fir.
Configur e the IPv4 Internet and W AN Settings 30 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 This task is described in Manage Dynamic DNS Connections on page 63.
Configur e the IPv4 Internet and W AN Settings 31 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note the following about NA T : • The VPN firewall uses NA T to select the correct computer (on your LAN) to receive any incoming data. • If you have only a single public Internet IP address, you must use NA T (the default setting).
Configur e the IPv4 Internet and W AN Settings 32 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the NA T (Network Address T ranslation) section, select the NA T radio button or the Classical Routing radio button. W ARNING: Changing the W AN mode causes all LAN W AN and DMZ W AN inbound rules to revert to default settings.
Configur e the IPv4 Internet and W AN Settings 33 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: If your ISP requires MAC authentication and another MAC address was previously regis.
Configur e the IPv4 Internet and W AN Settings 34 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Failure Detection Method . The failure detection method that is active for the W AN interface (see Configure the Auto-Rollover Mode and Failure Detection Method for IPv4 Interfaces on page 56 ).
Configur e the IPv4 Internet and W AN Settings 35 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Auto Detect button. The autodetect process probes the W AN port for a range of connection methods and suggests one that your ISP is most likely to support.
Configur e the IPv4 Internet and W AN Settings 36 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Connection Status screen shows a valid IP address and gateway .
Configur e the IPv4 Internet and W AN Settings 37 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Configur e the IPv4 Internet and W AN Settings 38 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Locate the Domain Name Server (DNS) Servers section. Note: When you selected the Use Static IP Address radio button i n Step 8 , the Use These DNS Servers radio button was selected automatically.
Configur e the IPv4 Internet and W AN Settings 39 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN firewall attempts to make a connection according to the settings that you entered. 16. V erify the connection: a. Select Network Configuration > W AN Settings > W AN Setup .
Configur e the IPv4 Internet and W AN Settings 40 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: If your ISP requires MAC authentication and another MAC address was previously regis.
Configur e the IPv4 Internet and W AN Settings 41 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the login name in the Login field and the password in the Password field. This information is provided by your ISP and is specific for the PPPoE service.
Configur e the IPv4 Internet and W AN Settings 42 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 13. Configure the IP address settings as described in the following table. 14. Locate the Domain Name Server (DNS) Servers section. 15. Specify the DNS settings as described in the following table.
Configur e the IPv4 Internet and W AN Settings 43 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 17. T o configure an automatic connection reset, specify the settings as described in the following table. 18. Click the Apply button. Y our settings are saved.
Configur e the IPv4 Internet and W AN Settings 44 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manually Configur e a PPTP IPv4 Internet Connection T o configure a PPTP IPv4 Internet connection, enter the PPTP IPv4 information that your IPv4 ISP gave you.
Configur e the IPv4 Internet and W AN Settings 45 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the WAN IPv4 Settings table, c lick the Edit button for the W AN interface that you want to configure. The W AN IPv4 ISP Settings screen displays.
Configur e the IPv4 Internet and W AN Settings 46 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 12. Locate the Internet (IP) Address section. 13. Configure the IP address settings as described in the following table. 14. Locate the Domain Name Server (DNS) Servers section.
Configur e the IPv4 Internet and W AN Settings 47 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 15. Specify the DNS settings as described in the following table. 16. Locate the Connection Reset section. 17. T o configure an automatic connection reset, specify the settings as described in the following table.
Configur e the IPv4 Internet and W AN Settings 48 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Connection Status pop-up screen displays. The IP addresses that are shown in this figure are not related to any other examples in this manual.
Configur e the IPv4 Internet and W AN Settings 49 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 firewall supports weighted load balancing and round-robin load balancing (see Configure Load Balancing Mode and Optional Protocol Binding for IPv4 Interfaces on page 49).
Configur e the IPv4 Internet and W AN Settings 50 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Pr otoc ol Binding When a protocol is bound to a particular W AN port, all outgoing traffic of that protocol is directed to the bound W AN port.
Configur e the IPv4 Internet and W AN Settings 51 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Load Balancing Settings section, configure the following settings: a. Select the Load Balancing Mode radio button. b. From the corresponding menu on the right, select a load balancing method: • Weighted LB .
Configur e the IPv4 Internet and W AN Settings 52 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Configur e the IPv4 Internet and W AN Settings 53 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Configure the protocol binding settings as described in the following table. 9. Click the Apply button. Setting Description Service From the menu, select a service or application to be covered by this rule.
Configur e the IPv4 Internet and W AN Settings 54 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. The protocol binding rule is added to the Protocol Binding table. The rule is automatically enabled, which is indicated by a green circle in the ! status icon column.
Configur e the IPv4 Internet and W AN Settings 55 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o enable, disable, or remove one or more protocol binding rules: 1.
Configur e the IPv4 Internet and W AN Settings 56 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e the Auto-R ollover Mode and F ailure Det ec tion Method f or IPv4 Int erfac es .
Configur e the IPv4 Internet and W AN Settings 57 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Configur e the IPv4 Internet and W AN Settings 58 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. Configur e the F ailure Det ec tion Method f or IPv4 W AN Interf aces The following procedure describes how to configure the failure detection method for IPv4 W AN interfaces that function in auto-rollover mode.
Configur e the IPv4 Internet and W AN Settings 59 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: The default time to roll over after the primary W AN interface fails is two minutes. The minimum test period is 30 seconds, and the minimum number of tests is 2.
Configur e the IPv4 Internet and W AN Settings 60 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Remove One or More Secondary WAN Addresses Secondary IPv4 W AN Addr esses Y ou can set up a single W AN Ethernet port to be accessed through multiple IPv4 addresses by adding aliases to the port.
Configur e the IPv4 Internet and W AN Settings 61 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv4 Internet and W AN Settings 62 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Add button. The secondary IP address is added to the List of Secondary W AN addresses table. 1 1. Repeat Step 9 and Step 10 for each secondary IP address that you want to add to the List of Secondary W AN addresses table.
Configur e the IPv4 Internet and W AN Settings 63 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage Dynamic DNS Connec tions The following sections provide information about managing .
Configur e the IPv4 Internet and W AN Settings 64 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o configure DDNS for both W AN interfaces: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Configur e the IPv4 Internet and W AN Settings 65 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The W AN Mode section reports the configured W AN mode (for example, Single Port W AN1, Load Balancing, or Auto Rollover). Only those options that match the configured W AN mode are accessible on the screen.
Configur e the IPv4 Internet and W AN Settings 66 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. Managing Advanc ed W AN Options The following sections provide i.
Configur e the IPv4 Internet and W AN Settings 67 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the W AN IPv4 Settings table, click the Edit button for the WAN interface that you want to configure. The W AN IPv4 ISP Settings screen displays.
Configur e the IPv4 Internet and W AN Settings 68 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change the P or t Speed and Duplex Settings In most cases, the VPN firewall can automatically determine the connection speed of the W AN port of the device (modem, dish, or router) that provides the W AN connection.
Configur e the IPv4 Internet and W AN Settings 69 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the Speed section, if you know the Ethernet port speed of the modem, dish, or router , select it from the Port Speed menu. • AutoSense .
Configur e the IPv4 Internet and W AN Settings 70 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change the Advertised MAC Addr ess of the VPN Fir ewall Each computer or router on your network has a unique 48-bit local Ethernet address. This is also referred to as the computer ’s Media Access Control (MAC) address.
Configur e the IPv4 Internet and W AN Settings 71 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the Router ’s MAC Address section, enter the settings as described in the following table.
Configur e the IPv4 Internet and W AN Settings 72 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. Set the W AN Connec tion Type and Cor r esponding Speeds The W A.
Configur e the IPv4 Internet and W AN Settings 73 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the Upload/Download Settings section, enter the settings as described in the following table.
Configur e the IPv4 Internet and W AN Settings 74 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage W AN QoS and W AN QoS Pr ofiles The following sections provide information about ma.
Configur e the IPv4 Internet and W AN Settings 75 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: T o configure and apply QoS profiles successfully , familiarity with QoS concepts such QoS priority queues, IP precedence, DHCP , and their values is helpful.
Configur e the IPv4 Internet and W AN Settings 76 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description QoS T ype From the menu, select Rate Control . For information about the Priority selection, see Add a Priority Queue WAN QoS Profile on page 78.
Configur e the IPv4 Internet and W AN Settings 77 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved.
Configur e the IPv4 Internet and W AN Settings 78 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Add a Priority Queue W AN QoS Pr ofile The following procedure describes how to add a priority queue QoS profile for a W AN interface. T o add a priority queue W AN QoS profile: 1.
Configur e the IPv4 Internet and W AN Settings 79 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description QoS T ype From the menu, select Priority . For information about the Rate Control selection, see Add a Rate Control WAN QoS Profile on page 75).
Configur e the IPv4 Internet and W AN Settings 80 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved.
Configur e the IPv4 Internet and W AN Settings 81 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Configur e the IPv4 Internet and W AN Settings 82 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • QoS T ype . The type of profile, either Rate Control or Priority . • Interface Name . The W AN interface to which the profile applies (W AN1 or W AN2).
Configur e the IPv4 Internet and W AN Settings 83 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Change the settings. For information about the settings, see Add a Rate Control WAN QoS Profile on page 75 and Add a Priority Queue WAN QoS Profile on page 78.
Configur e the IPv4 Internet and W AN Settings 84 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The ! status icons change from green circles to gray circles, indicating that the selected profiles are disabled. • Delete . Removes the selected W AN QoS profiles.
85 3 3. Configur e the IPv6 Int ernet and W AN Settings This chapter explains how to configure the IPv6 Internet and W AN settings. The chapter contains the following sections: • Roadmap to Setting .
Configur e the IPv6 Internet and W AN Settings 86 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Roadmap t o Setting Up an IPv6 Internet Connection to Y our ISP T ypically , the VPN firew.
Configur e the IPv6 Internet and W AN Settings 87 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 5. (Optional) Configure auto-rollover and failure detection . By default, the W AN interfaces are configured for primary (single) W AN mode. Y ou can enable auto-rollover and configure the failure detection settings.
Configur e the IPv6 Internet and W AN Settings 88 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 After you configured the IPv6 routing mode, you must configure a W AN interface with a global unicast address to enable secure IPv6 Internet connections on your VPN firewall.
Configur e the IPv6 Internet and W AN Settings 89 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Enable the IPv6 Routing Mode The following procedure describes how to enable the IPv6 routing mode. T o enable the IPv6 routing mode: 1. On your computer , launch an Internet browser .
Configur e the IPv6 Internet and W AN Settings 90 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ARNING: Changing the IP routing mode causes the VPN firewall to reboot.
Configur e the IPv6 Internet and W AN Settings 91 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: If your ISP requires MAC authentication and another MAC address was previously regis.
Configur e the IPv6 Internet and W AN Settings 92 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Status . The status of the W AN interface (UP or DOWN).
Configur e the IPv6 Internet and W AN Settings 93 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Prefix delegation check box is selected . A prefix is assigned by the ISP DHCPv6 server through prefix delegation, for example, 2001:db8:: /64.
Configur e the IPv6 Internet and W AN Settings 94 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manually Configur e a Static IPv6 Int ernet Connec tion T o configure a static IPv6 Internet connection, enter the IPv6 address information that your IPv6 ISP gave you.
Configur e the IPv6 Internet and W AN Settings 95 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the I Pv6 W AN Settings table, c lick the Edit button for the W AN interface that you want to configure. The W AN IPv6 ISP Settings screen displays.
Configur e the IPv6 Internet and W AN Settings 96 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: If you do not know your static IPv6 address information, contact your IPv6 ISP. 1 1. Click the Apply button. Y our settings are saved. 12.
Configur e the IPv6 Internet and W AN Settings 97 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Connection Status screen shows a valid IP address and gateway .
Configur e the IPv6 Internet and W AN Settings 98 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Configur e the IPv6 Internet and W AN Settings 99 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the Internet Address section, from the IPv6 menu, select PPPoE . 10. In the PPPoE IPv6 section, enter the settings as described in the following table.
Configur e the IPv6 Internet and W AN Settings 100 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 1 1. Click the Apply button. Y our settings are saved. 12. V erify the connection: a. Select Network Configuration > W AN Settings > W AN Setup .
Configur e the IPv6 Internet and W AN Settings 101 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Connection Status screen shows a valid IP address and gateway .
Configur e the IPv6 Internet and W AN Settings 102 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6to4 is a W AN tunnel mechanism for automatic tunneling of IPv6 traf fic between a device with an IPv6 address and a device with an IPv4 address, or the other way around.
Configur e the IPv6 Internet and W AN Settings 103 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 Internet and W AN Settings 104 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: If you do not use a stateful DHCPv6 server in your LAN, you must configure the Rout.
Configur e the IPv6 Internet and W AN Settings 105 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Click the Add button under the List of Available ISA T AP T unnels table. The Add ISA T AP T unnel screen displays. 8. Specify the tunnel settings as described in the following table.
Configur e the IPv6 Internet and W AN Settings 106 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv6 Internet and W AN Settings 107 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Configur e the IPv6 Internet and W AN Settings 108 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The IPv6 T unnel Status table shows the following fields: • T unnel Name .
Configur e the IPv6 Internet and W AN Settings 109 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv6 Internet and W AN Settings 110 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Aut o-Rollover f or IPv6 W AN Interf aces Y ou can configure the VPN firewall’ s IPv6 interfaces for auto-rollover for increased system reliability .
Configur e the IPv6 Internet and W AN Settings 111 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv6 Internet and W AN Settings 112 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The other W AN interface becomes disabled. c. Select the Auto Rollover check box. d. From the corresponding menu on the right, select a W AN interface to function as the backup W AN interface.
Configur e the IPv6 Internet and W AN Settings 113 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the I Pv6 W AN Settings table, c lick the Edit button for the W AN interface that you selected as the primary W AN interface. The W AN IPv6 ISP Settings screen displays.
Configur e the IPv6 Internet and W AN Settings 114 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: Y ou can configure the VPN firewall to generate a WAN status log and email this log to a specified address (see Manage Logging, Alerts, and Event Notifications on page 571).
115 4 4. Configur e the IPv4 L AN Settings This chapter describes how to configure the IPv4 LAN features of your VPN firewall. The chapter contains the following sections: • Manage IPv4 Virtual LANs.
Configur e the IPv4 L AN Settings 116 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage IPv4 Vir tual L ANs and DHCP Options The following sections provide information about managing .
Configur e the IPv4 L AN Settings 117 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 P or t-Based VL ANs The VPN firewall supports port-based VLANs.
Configur e the IPv4 L AN Settings 118 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o assign VLAN profiles to LAN ports: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Configur e the IPv4 L AN Settings 119 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • VLAN ID . The unique ID (or tag) assigned to the VLAN profile. • Subnet IP . The subnet IP address for the VLAN profile. • DHCP Status . The DHCP server status for the VLAN profile, which can be either Enabled or Disabled.
Configur e the IPv4 L AN Settings 120 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For most applications, the default DHCP server and TCP/IP settings of the VPN firewall are satisfactory .
Configur e the IPv4 L AN Settings 121 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage VL AN Pr ofiles For each VLAN on the VPN firewall, you can configure its profile, port membership, LAN TCP/IP settings, DHCP options, DNS server , and inter-VLAN routing capability .
Configur e the IPv4 L AN Settings 122 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Click the Add button. The Add VLAN Profile screen displays.
Configur e the IPv4 L AN Settings 123 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description VLAN Profile Profile Name Enter a unique name for the VLAN profile. VLAN ID Enter a unique ID number for the VLAN profile.
Configur e the IPv4 L AN Settings 124 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Start IP Address Enter the start IP address. This address specifies the first of the contiguous addresses in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address between this address and the end IP address.
Configur e the IPv4 L AN Settings 125 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. Change a VL AN Pr ofile The following procedure describes how to change an existing VLAN profile. T o change a VLAN profile: 1.
Configur e the IPv4 L AN Settings 126 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The modified VLAN profile displays in the VLAN Profiles table on the LAN Setup screen.
Configur e the IPv4 L AN Settings 127 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The ! status icons change from green circles to gray circles, indicating that the selected profiles are disabled. • Delete . Removes the selected VLAN profiles.
Configur e the IPv4 L AN Settings 128 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. From the MAC Address for VLANs menu, select Unique . The default setting is Same . 9. Click the Apply button. Y our settings are saved. VLANs have unique MAC addresses.
Configur e the IPv4 L AN Settings 129 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv4 L AN Settings 130 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 access to the Internet, but you can do so only for the default VLAN. The IP address that is assigned as a secondary IP address must be unique and cannot be assigned to a VLAN.
Configur e the IPv4 L AN Settings 131 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Available Secondary LAN IPs table displays the secondary LAN IP addresses that you added to the VPN firewall. 7. In the Add Secondary LAN IP Address section, enter the following settings: • IP Address .
Configur e the IPv4 L AN Settings 132 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Configur e the IPv4 L AN Settings 133 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select Network Configuration > LAN Settings > LAN Multi-homing . The LAN Multi-homing screen displays the IPv4 settings.
Configur e the IPv4 L AN Settings 134 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Y ou do not need to reserve an IP address for a computer in the DHCP server .
Configur e the IPv4 L AN Settings 135 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Remove One or More Devices from the Network Database View or Add Devices Manually t o the Network Database The following procedure describes how to view or add devices manually to the network database.
Configur e the IPv4 L AN Settings 136 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Known PCs and Devices table lists the entries in the network database. For each computer or device, the following fields display: • Check box . Allows you to select the computer or device in the table.
Configur e the IPv4 L AN Settings 137 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Add button. The computer or device is added to the Known PCs and Devices table. 9. (Optional) Save the binding between the IP address and MAC address for the entry that you just added: a.
Configur e the IPv4 L AN Settings 138 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The LAN Groups screen displays. The following figure shows some manually added devices in the Known PCs and Devices table as an example. 7. In the Known PCs and Devices table, click the Edit button for the device that you want to change.
Configur e the IPv4 L AN Settings 139 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e Devices fr om the Network Database The following procedure describes how to remove one or more devices from the network database. T o remove one or more devices from the network database: 1.
Configur e the IPv4 L AN Settings 140 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change Gr oup Names in the Network Dat abase By default, the groups are named Group1 through Group8. Y ou can change these group names to be more descriptive, for example, GlobalMarketing and GlobalSales.
Configur e the IPv4 L AN Settings 141 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Select the radio button next to the group name that you want to change. Note: You can change only one group name at a time. 9. T ype a new name in the field.
Configur e the IPv4 L AN Settings 142 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 some cases, local computers can run the application correctly if those computers are used on the DMZ port. Note the following about the DMZ port: • The VPN firewall has a separate firewall security profile for the DMZ port.
Configur e the IPv4 L AN Settings 143 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Enter the settings as described in the following table. Setting Description DMZ Port Setup Select the Ye s radio button to configure the DMZ port settings.
Configur e the IPv4 L AN Settings 144 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 DHCP for DMZ Connected Computers Select one of the following radio buttons: • Disable DHCP Server .
Configur e the IPv4 L AN Settings 145 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. Manage St atic IPv4 Routing The following section.
Configur e the IPv4 L AN Settings 146 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 and you do not need to configure additional static routes. Configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets on your network.
Configur e the IPv4 L AN Settings 147 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Add Static Route screen displays. 8. Enter the settings as described in the following table. 9. Click the Apply button. Y our settings are saved. The new static route is added to the Static Routes table.
Configur e the IPv4 L AN Settings 148 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change a St atic IPv4 Rout e The following procedure describes how to change an existing IPv4 static route. T o change an IPv4 static route: 1. On your computer , launch an Internet browser .
Configur e the IPv4 L AN Settings 149 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv4 L AN Settings 150 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Configur e the IPv4 L AN Settings 151 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. 9. Click the Apply button. Setting Description RIP RIP Direction From the RIP Direction menu, select the direction in which the VPN firewall sends and receives RIP packets: • None .
Configur e the IPv4 L AN Settings 152 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. IPv4 St atic Rout e Example In this example, we assume the following: • The VPN firewall’ s primary Internet access is through a cable modem to an ISP .
153 5 5. Configur e the IPv6 L AN Settings This chapter describes how to configure the IPv6 LAN features of your VPN firewall. The chapter contains the following sections: • Manage the IPv6 LAN • .
Configur e the IPv6 L AN Settings 154 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage the IPv6 L AN The following sections provide information about managing the IPv6 LAN: • IPv6 .
Configur e the IPv6 L AN Settings 155 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN firewall provides three DHCPv6 options for the LAN.
Configur e the IPv6 L AN Settings 156 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For stateless DHCPv6 with prefix delegation, you must enable and configure the RADVD, but you do not need to add advertisement prefixes to the RADVD because the DHCPv6 server assigns the prefixes that you specify for the DHCPv6 server .
Configur e the IPv6 L AN Settings 157 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv6 L AN Settings 158 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description IPv6 LAN Setup IPv6 Address Enter the LAN IPv6 address. The default address is fc00::1.
Configur e the IPv6 L AN Settings 159 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. Manage a St at eless DHCPv6 Ser ver with P r efix.
Configur e the IPv6 L AN Settings 160 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 St ateless DHCPv6 Ser ver and P r efix Delegation f or the L AN As an option for a stateless DHCPv6 server , you can enable prefix delegation. Note that this is prefix delegation by the DHCPv6 server in the LAN, not by the ISP DHCPv6 sever in the W AN.
Configur e the IPv6 L AN Settings 161 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The W AN Setup screen displays the IPv4 settings. b. In the upper right, select the IPv6 radio button. The W AN Setup screen displays the IPv6 settings. c.
Configur e the IPv6 L AN Settings 162 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 f. Make sure that the Prefix Delegation check box is selected. g. If you made any changes, click the Apply button. Y our settings are saved. 7. Select Network Configuration > LAN Settings .
Configur e the IPv6 L AN Settings 163 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved. DHCPv6 DHCP Status Enable the DHCPv6 server by selecting Enable DHCPv6 Server from the DHCP Status menu.
Configur e the IPv6 L AN Settings 164 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manually Add IPv6 L AN Pr efixes f or Pr efix Delegation As an option, you can also manually add prefixes to enable the DHCPv6 server to assign these prefixes to its IPv6 LAN clients.
Configur e the IPv6 L AN Settings 165 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved. The new prefix is added to the List of Prefixes for Prefix Delegation table on the LAN Setup screen for IPv6.
Configur e the IPv6 L AN Settings 166 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e IPv6 L AN Pr efixes f or Pr efix Delegation The following procedure describes how to remove one or more prefixes that you no longer need for prefix delegation.
Configur e the IPv6 L AN Settings 167 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Change an IPv6 LAN Address Pool • Remove One or More IPv6 LAN Address Pools St ateful DHCPv6 Ser.
Configur e the IPv6 L AN Settings 168 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description IPv6 LAN Setup IPv6 Address Enter the LAN IPv6 address. The default address is fc00::1.
Configur e the IPv6 L AN Settings 169 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. Add an IPv6 L AN Addr ess P ool If you configure .
Configur e the IPv6 L AN Settings 170 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 171 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Configur e the IPv6 L AN Settings 172 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Configur e the IPv6 L AN Settings 173 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv6 Rout er Advertisement Daemon f or the L AN The RADVD is an application that uses the Neighbor Discovery Protocol (NDP) to collect link-local advertisements of IPv6 addresses and IPv6 prefixes in the LAN.
Configur e the IPv6 L AN Settings 174 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Configur e the IPv6 L AN Settings 175 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. Setting Description RADVD Status From the RADVD Status menu, select Enable . The RADVD is enabled, and the RADVD fields are available.
Configur e the IPv6 L AN Settings 176 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved.
Configur e the IPv6 L AN Settings 177 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 178 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you enabled the ISP DHCPv6 server to assign a prefix through prefix delegation to the VPN firewall .
Configur e the IPv6 L AN Settings 179 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Enter the settings as described in the following table. 1 1. Click the Apply button. Y our settings are saved. The new advertisement prefix is added to the List of Prefixes to Advertise table on the RADVD screen for the LAN.
Configur e the IPv6 L AN Settings 180 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 181 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 182 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Secondary LAN IP address . 2001:db8:3000::2192 with a prefix length of 10 Add a Secondary L AN IPv6 Addr ess The following procedure describes how to add a secondary LAN IPv6 address.
Configur e the IPv6 L AN Settings 183 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Available Secondary LAN IPs table displays the secondary LAN IP addresses added to the VPN firewall. 8. In the Add Secondary LAN IP Address section, enter the following settings: • IPv6 Address .
Configur e the IPv6 L AN Settings 184 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the upper right, select the IPv6 radio button. The LAN Multi-homing screen displays the IPv6 settings. 8. In the Available Secondary LAN IPs table, click the Edit button for the secondary IP address that you want to change.
Configur e the IPv6 L AN Settings 185 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the A vailable Secondary LAN IPs table, s elect the check box to the left of each secondary IP address that you want to remove or click the Select All button to select all secondary IP addresses.
Configur e the IPv6 L AN Settings 186 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the IPv6 DMZ, the VPN firewall provides two DHCPv6 server options: • Stateless DHCPv6 server .
Configur e the IPv6 L AN Settings 187 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Configur e the IPv6 L AN Settings 188 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description DMZ Port Setup Select the Ye s radio button to configure the DMZ port settings.
Configur e the IPv6 L AN Settings 189 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. Manage the IPv6 Rout er Advertisement Daemon f or.
Configur e the IPv6 L AN Settings 190 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 firewall periodically distributes router advertisements (RAs) throughout the DMZ to provide such information to the hosts and routers in the DMZ.
Configur e the IPv6 L AN Settings 191 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Configur e the IPv6 L AN Settings 192 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. Setting Description RADVD Status From the RADVD Status menu, select Enable . The RADVD is enabled and the RADVD fields are available.
Configur e the IPv6 L AN Settings 193 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved. Add an Advertisement Pr efix f or the DMZ Y ou must configure the prefixes that are advertised in the DMZ router advertisements (RAs).
Configur e the IPv6 L AN Settings 194 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. The following figure shows an example. 8. Click the RADVD option arrow in the upper right.
Configur e the IPv6 L AN Settings 195 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Under the List of Prefixes to Advertise table, click the Add button.
Configur e the IPv6 L AN Settings 196 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Enter the settings as described in the following table. 1 1. Click the Apply button. Y our settings are saved. The new IPv6 address pool is added to the List of Prefixes to Advertise table on the RADVD screen for the DMZ.
Configur e the IPv6 L AN Settings 197 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 198 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 199 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e a St ateful DHCPv6 Ser ver f or the DMZ The following procedure describes how to configure a stateful DHCPv6 server and corresponding IPv6 settings for the DMZ.
Configur e the IPv6 L AN Settings 200 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description DMZ Port Setup Select the Ye s radio button to configure the DMZ port settings.
Configur e the IPv6 L AN Settings 201 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. Add an IPv6 DMZ Addr ess P ool If you use a state.
Configur e the IPv6 L AN Settings 202 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Configur e the IPv6 L AN Settings 203 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The new IPv6 address pool is added to the List of IPv6 Address Pools table on the DMZ Setup (IPv6) screen.
Configur e the IPv6 L AN Settings 204 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup . The DMZ Setup screen displays the IPv4 settings.
Configur e the IPv6 L AN Settings 205 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The DMZ Setup screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. 8.
Configur e the IPv6 L AN Settings 206 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Configur e the IPv6 L AN Settings 207 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved. The new static route is added to the List of IPv6 Static Routes table on the Static Routing screen for IPv6.
Configur e the IPv6 L AN Settings 208 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Static Routing screen displays the IPv6 settings. 8. In the List of IPv6 Static Routes table, click the Edit button for the route that you want to change.
Configur e the IPv6 L AN Settings 209 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Delete button. The selected routes are removed from the List of IPv6 Static Routes table.
210 6 6. Cust omize Fir ewall P r ot ec tion This chapter describes how to use the firewall features of the VPN firewall to protect your network. The chapter contains the following sections: • Firew.
Customiz e Firew all Pr otection 211 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Fir ewall P r ot ec tion A firewall protects one network (the trusted network, such as your LAN) from another (the untrusted network, such as the Internet) while allowing communication between the two.
Customiz e Firew all Pr otection 212 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Ov er view of Rules t o Block or Allow Specific Kinds of T r affic The following sections provide overv.
Customiz e Firew all Pr otection 213 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Def ault DMZ W AN Rules For DMZ W AN traffic, the default policy is to block all traf fic from and to the Internet.
Customiz e Firew all Pr otection 214 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Profiles for IPv4 Firewall Rules on page 295 and Default Quality of Service Priorities for IPv6 Firewall Rules on page 300).
Customiz e Firew all Pr otection 215 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T able 5. Outbound rules overview Setting Description Outbound Rules Service The service or application to be covered by this rule.
Customiz e Firew all Pr otection 216 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W AN Users The settings that determine which Internet locations are covered by the rule, based on their IP address. The options are as follows: • Any . All Internet IP addresses are covered by this rule.
Customiz e Firew all Pr otection 217 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Inbound Rules — P or t For war ding The VPN firewall has a default inbound LAN W AN rule, which blocks all access from outside except responses to requests from the LAN side.
Customiz e Firew all Pr otection 218 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 rule informs the firewall to direct inbound traffic for a particular service to one local server based on the destination port number . This process is known as port forwarding.
Customiz e Firew all Pr otection 219 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Settings f or Inbound Rules The following table describes the components that let you configure rules for inbound traffic.
Customiz e Firew all Pr otection 220 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W AN Destination IP Address The setting that determines the destination IP address applicable to incoming traffic. This is the public IP address that maps to the internal LAN server .
Customiz e Firew all Pr otection 221 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 DMZ Users The settings that determine which DMZ computers on the DMZ network are covered by this rule. The options are as follows: • Any . All computers and devices on your DMZ network are covered by this rule.
Customiz e Firew all Pr otection 222 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change the Def ault Outbound P olic y f or L AN W AN T r affic The default outbound policy allows all traffic to the Internet to pass through.
Customiz e Firew all Pr otection 223 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Customiz e Firew all Pr otection 224 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change the Def ault L AN W AN Outbound P olic y f or IPv6 T r affic The following procedure describes how to change the default outbound policy for IPv6 traffic from the LAN to the W AN.
Customiz e Firew all Pr otection 225 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. From the Default Outbound Policy menu, select Block Always . By default, Allow Always is selected. 9. Click the Apply button. Y our settings are saved.
Customiz e Firew all Pr otection 226 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Add an IPv6 LAN WAN Outbound Rule Add an IPv4 L AN W AN Outbound Rule The following procedure describes how to add an IPv4 LAN W AN outbound rule. T o add an IPv4 LAN W AN outbound rule: 1.
Customiz e Firew all Pr otection 227 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Under the Outbound Services table, click the Add button. The Add LAN W AN Outbound Service screen for IPv4 displays. 8. Make your selections from the menus and enter the settings.
Customiz e Firew all Pr otection 228 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table lists the menus that apply to an IPv4 LAN W AN outbound rule. 9. Click the Apply button. Y our settings are saved. The new rule is added to the Outbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 229 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Firewall submenu tabs display with the LAN W AN Rules screen in view , displaying the IPv4 settings. 7. In the upper right, select the IPv6 radio button.
Customiz e Firew all Pr otection 230 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table lists the menus that apply to an IPv6 LAN W AN outbound rule. 10. Click the Apply button. Y our settings are saved. The new rule is added to the Outbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 231 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Add an IPv4 L AN W AN Inbound Rule The following procedure describes how you can add an IPv4 LAN W AN inbound rule. T o add an IPv4 LAN W AN inbound rule: 1.
Customiz e Firew all Pr otection 232 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Under the Inbound Services table, click the Add button. The Add LAN W AN Inbound Service screen for IPv4 displays. 8. Make your selections from the menus and enter the settings.
Customiz e Firew all Pr otection 233 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the LAN W AN Rules screen. Add an IPv6 L AN W AN Inbound Rule The following procedure describes how to add an IPv6 LAN W AN inbound rule.
Customiz e Firew all Pr otection 234 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Under the Inbound Services table, click the Add button. The Add LAN W AN Inbound Service screen for IPv6 displays. 9. Make your selections from the menus and enter the settings.
Customiz e Firew all Pr otection 235 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 236 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Customiz e Firew all Pr otection 237 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Outbound Rules on page 214.
Customiz e Firew all Pr otection 238 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Customiz e Firew all Pr otection 239 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Outbound Rules on page 214.
Customiz e Firew all Pr otection 240 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: Inbound LAN W AN rules take precedence over inbound DMZ WAN rules. When an inbound packet matches an inbound LAN W AN rule, the VPN firewall does not match the packet against inbound DMZ W AN rules.
Customiz e Firew all Pr otection 241 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Under the Inbound Services table, click the Add button. The Add DMZ W AN Inbound Service screen for IPv4 displays. 8. Make your selections from the menus and enter the settings.
Customiz e Firew all Pr otection 242 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table lists the menus that apply to an IPv4 DMZ W AN inbound rule. 9. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the DMZ W AN Rules screen.
Customiz e Firew all Pr otection 243 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select Security > Firewall > DMZ W AN Rules . The DMZ W AN Rule screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button.
Customiz e Firew all Pr otection 244 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table lists the menus that apply to an IPv6 DMZ W AN inbound rule. 10. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the DMZ W AN Rules screen.
Customiz e Firew all Pr otection 245 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o add an IPv4 LAN DMZ outbound rule: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Customiz e Firew all Pr otection 246 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Outbound Rules on page 214.
Customiz e Firew all Pr otection 247 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Customiz e Firew all Pr otection 248 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Outbound Rules on page 214.
Customiz e Firew all Pr otection 249 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following sections provide information about adding LAN DMZ inbound service rules: • Add an IPv4 .
Customiz e Firew all Pr otection 250 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Under the Inbound Services table, click the Add button. The Add LAN DMZ Inbound Service screen for IPv4 displays. 8. Make your selections from the menus and enter the settings.
Customiz e Firew all Pr otection 251 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Customiz e Firew all Pr otection 252 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Inbound Rules on page 219.
Customiz e Firew all Pr otection 253 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Remove the rule T o manage an existing rule: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Customiz e Firew all Pr otection 254 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. T ake one of the actions that are described in the following table. Examples of Fir ewall Rules The following sections provide examples of firewall rules: Action Steps Change a rule 1.
Customiz e Firew all Pr otection 255 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Examples of Inbound Firewall Rules • Examples of Outbound Firewall Rules Examples of Inbound Fir .
Customiz e Firew all Pr otection 256 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. 9. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 257 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv4 L AN W AN Inbound Rule: Allow a Videoconf erenc e fr om Restricted Addr esses If you want to allow.
Customiz e Firew all Pr otection 258 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description Service From the menu, select CU-SEEME:UDP . Action From the menu, select ALLOW by schedule, otherwise block .
Customiz e Firew all Pr otection 259 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 260 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Customiz e Firew all Pr otection 261 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 13. Enter the settings as described in the following table. 14. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 262 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv6 L AN W AN Inbound Rule: Restrict RT elnet fr om a Single W AN User t o a Single L AN User If you w.
Customiz e Firew all Pr otection 263 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The new rule is added to the Inbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 264 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv4 L AN W AN Outbound Rule: Block Instant Messenger If you want to block Instant Messenger usage by e.
Customiz e Firew all Pr otection 265 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. 9. Click the Apply button. Y our settings are saved. The new rule is added to the Outbound Services table on the LAN W AN Rules screen.
Customiz e Firew all Pr otection 266 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv6 DMZ W AN Outbound Rule: Allow a Gr oup of DMZ User to Ac cess an FTP Sit e on the Internet If you .
Customiz e Firew all Pr otection 267 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The new rule is added to the Outbound Services table on the DMZ W AN Rules screen.
Customiz e Firew all Pr otection 268 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Set Limits for IPv4 Sessions • Manage Time-Out Periods for TCP , UDP , and ICMP Sessions • Mana.
Customiz e Firew all Pr otection 269 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Attack Checks screen displays the IPv4 settings. 7.
Customiz e Firew all Pr otection 270 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. Manage the Ping Settings f or the IPv6 W AN Ports The following procedure describes how to manage a W AN security check for IPv6 traffic by specifying the ping settings for the W AN ports.
Customiz e Firew all Pr otection 271 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Customiz e Firew all Pr otection 272 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Manage VPN Pass-Through in the IPv4 Network • Manage VPN Pass-Through in the IPv6 Network VPN P a.
Customiz e Firew all Pr otection 273 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. T o block VPN pass-through, clear any of the following check boxes, which are selected by default to allow VPN pass-through: • IPSec . Clearing this check box disables NA T filtering for IPSec tunnels.
Customiz e Firew all Pr otection 274 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Customiz e Firew all Pr otection 275 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Customiz e Firew all Pr otection 276 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table.
Customiz e Firew all Pr otection 277 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Customiz e Firew all Pr otection 278 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • ICMP Timeout . For ICMP traffic, the default time-out period is 8 seconds. 8. Click the Apply button. Y our settings are saved. Manage Multicast P ass- Through Multicast pass-through is supported for IPv4 traffic only .
Customiz e Firew all Pr otection 279 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Customiz e Firew all Pr otection 280 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 b. Click the Add button. The multicast source address is added to the Alternate Networks table. c. Repeat Step a and Step b for each multicast source address that you must add to the Alternate Networks table.
Customiz e Firew all Pr otection 281 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o enable ALG for SIP: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Customiz e Firew all Pr otection 282 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Manage Quality of Service Profiles for IPv4 Firewall Rules • Default Quality of Service Prioritie.
Customiz e Firew all Pr otection 283 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Ser vices Ov er view Examples of web servers that provide web services include the following: web servers provide web pages, time servers provide time and date information, and game hosts provide data about players’ moves.
Customiz e Firew all Pr otection 284 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Security > Services . The Services screen displays. The Custom Services T able shows the user-defined services. The following figure shows some examples.
Customiz e Firew all Pr otection 285 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Customiz e Firew all Pr otection 286 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o remove one or more customized services: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Customiz e Firew all Pr otection 287 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 single firewall rule. For example, in a configuration with 10 web servers, each of which requires the s.
Customiz e Firew all Pr otection 288 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the Name field, enter a name for the service. 9. Specify the services for the group by use the move buttons ( << and >> ) to move services between the A vailable Services field and the List of Selected Services field.
Customiz e Firew all Pr otection 289 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Network Security > Services > Service Groups . The Service Group screen displays. 7. In the Custom Service Group T able, click the Edit button for the service group that you want to change.
Customiz e Firew all Pr otection 290 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage IP Addr ess Gr oups Y ou can combine individual IP addresses into IP address groups.
Customiz e Firew all Pr otection 291 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Security > Services > IP Groups . The IP Groups screen displays. The following figure shows two groups in the Custom IP Groups T able as examples.
Customiz e Firew all Pr otection 292 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 12. Repeat the previous two steps to add more IP addresses to the IP Addresses Grouped table. 13. Click the Edit button again. The IP Groups screen displays.
Customiz e Firew all Pr otection 293 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The selected IP addresses are removed from the IP Addresses Grouped table. c. In the IP Address field, type an IP address. d. Click the Add button. The IP address is added to the IP Addresses Grouped table.
Customiz e Firew all Pr otection 294 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Define a Schedule Schedules define the time frames under which firewall rules are applied. Three schedules, Schedule 1, Schedule 2, and Schedule 3, can be defined, and you can select any one of these when defining firewall rules.
Customiz e Firew all Pr otection 295 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Scheduled Days section, select a radio button: • All Days . The schedule is in effect all days of the week. • Specific Days . The schedule is in ef fect only on specific days.
Customiz e Firew all Pr otection 296 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Change an IPv4 QoS Profile • Remove One or More IPv4 QoS Profiles IPv4 QoS Pr ofiles Over view A .
Customiz e Firew all Pr otection 297 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Customiz e Firew all Pr otection 298 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. 9. Click the Apply button. Y our settings are saved. The new QoS profile is added to the List of QoS Profiles table.
Customiz e Firew all Pr otection 299 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Customiz e Firew all Pr otection 300 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Customiz e Firew all Pr otection 301 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage Bandwidth Pr ofiles f or IPv4 T r affic Bandwidth profiles determine how fast or slow data is communicated with the hosts.
Customiz e Firew all Pr otection 302 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Add and Enable a Bandwidth Pr ofile The following procedure describes how to add and enable a bandwidth profile that you then can use as an object for a firewall rule.
Customiz e Firew all Pr otection 303 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Under the List of Bandwidth Profiles table, click the Add button. The Add Bandwidth Profile screen displays. 8. Enter the settings as described in the following table.
Customiz e Firew all Pr otection 304 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The new bandwidth profile is added to the List of Bandwidth Profiles table.
Customiz e Firew all Pr otection 305 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Customiz e Firew all Pr otection 306 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 5. Click the Login button. The Router Status screen displays.
307 7 7. P r ot ec t Y our Network This chapter describes how to protect your network through features other than the firewall. The chapter contains the following sections: • Manage Content Filterin.
Pr otect Y our Network 308 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage Cont ent Filt ering T o restrict internal LAN users from access to certain sites on the Internet, you can use the content filtering and web component blocking features of the VPN firewall.
Pr otect Y our Network 309 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: Many websites require that cookies be accepted for the site to be accessed correctly . Blocking cookies might interfere with useful functions provided by these websites.
Pr otect Y our Network 310 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Pr otect Y our Network 311 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the Web Components section, select the check boxes for the components that you want to block: • Proxy . Blocks proxy servers. • Java . Blocks Java applets from being downloaded.
Pr otect Y our Network 312 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. T o compose the list of blocked keywords and domain names, add, change, or remove keywords and domain names: • Add . T o add a keyword or domain name, do the following: a.
Pr otect Y our Network 313 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Pr otect Y our Network 314 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Pr otect Y our Network 315 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o enable MAC filtering and manage MAC addresses to be permitted or blocked: 1.
Pr otect Y our Network 316 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Permit and Block the rest . T raffic coming from all addresses in the MAC Addresses table is permitted. T raffic from all other MAC addresses is blocked. 9. Click the Apply button.
Pr otect Y our Network 317 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 detects packets with an IP address that matches the IP address in the IP/MAC Bindings table but does not match the related MAC address in the IP/MAC Bindings table (or the other way around), the packets are dropped.
Pr otect Y our Network 318 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View and Set Up an IPv4/MAC Binding The following procedure describes how to view existing IPv4/MAC bindings and set up a binding between a MAC address and an IPv4 address.
Pr otect Y our Network 319 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Email IP/MAC Violations section, specify if you want to enable email logs for IP/MAC binding violations by selecting one of the following radio buttons: • Ye s .
Pr otect Y our Network 320 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Pr otect Y our Network 321 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding . The IP/MAC Binding screen displays the IPv4 settings.
Pr otect Y our Network 322 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The pop-up screen displays the dropped IPv4 packets. 8. Click the Stop button. 9. W ait for the confirmation that the operation succeeded. 10. In the Poll Interval field, enter new poll interval in seconds.
Pr otect Y our Network 323 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Pr otect Y our Network 324 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: Y ou must specify only once whether you want IP/MAC binding violations for IPv6 traffic to be logged and emailed. Y our selection applies to all IPv6 IP/MAC bindings.
Pr otect Y our Network 325 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding . The IP/MAC Binding screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button.
Pr otect Y our Network 326 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the upper right, select the IPv6 radio button. The IP/MAC Binding screen displays the IPv6 settings.
Pr otect Y our Network 327 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The pop-up screen displays the dropped IPv6 packets. 9. Click the Stop button. 10. W ait for the confirmation that the operation succeeded. 1 1. In the Poll Interval field, enter new poll interval in seconds.
Pr otect Y our Network 328 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. The remote system receives the computer ’s request and responds using the incoming port or ports that are associated with the port triggering rule on the VPN firewall.
Pr otect Y our Network 329 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Port T riggering screen displays. The following figure shows a rule in the Port T riggering Rules table as an example. 7. In the Add Port T riggering Rule section, enter the settings as described in the following table.
Pr otect Y our Network 330 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change a P or t T riggering Rule The following procedure describes how to change an existing port triggering rule. T o change a port triggering rule: 1. On your computer , launch an Internet browser .
Pr otect Y our Network 331 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Pr otect Y our Network 332 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Pr otect Y our Network 333 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Pr otect Y our Network 334 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Click the Refresh button. The content of the UPnP Portmap T able refreshes. Any UPnP devices that accessed the VPN firewall and that were automatically detected by the VPN firewall display in the UPnP Portmap T able.
335 8 8. Set Up Vir tual P rivat e Networking With IPSec Connec tions This chapter describes how to use the IP security (IPSec) virtual private networking (VPN) features of the VPN firewall to provide secure, encrypted communications between your local network and a remote network or computer .
Set Up Virtual Private Netw orking With IPSec Connec tions 336 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Dual W AN P or t S yst ems If two W AN ports are configured for either IPv4 or IPv6, you can enable either auto-rollover mode for increased system reliability or load balancing mode for optimum bandwidth efficiency .
Set Up Virtual Private Netw orking With IPSec Connec tions 337 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 7. W AN load balancing: FQDN required or optional for VPN The following table summarizes the W AN addressing requirements (FQDN or IP address) for a VPN tunnel in either dual W AN mode.
Set Up Virtual Private Netw orking With IPSec Connec tions 338 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: Although the VPN firewall supports IPv6, the NETGEAR ProSAFE VPN Client supports IPv4 only; a future release of the VPN Client might support IPv6.
Set Up Virtual Private Netw orking With IPSec Connec tions 339 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Set Up Virtual Private Netw orking With IPSec Connec tions 340 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Cr eat e an IPv4 Gatew ay-t o-Gatew ay VPN T unnel with the Wizar d The follo.
Set Up Virtual Private Netw orking With IPSec Connec tions 341 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Enter the settings as described in the following table. Setting Description About VPN Wizard This VPN tunnel will connect to the following peers Select the Gateway radio button.
Set Up Virtual Private Netw orking With IPSec Connec tions 342 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. The VPN Policies screen displays the IPv4 settings with the new , automatically generated VPN policy in the List of VPN Policies table.
Set Up Virtual Private Netw orking With IPSec Connec tions 343 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The configuration steps depend on the remote gateway . 10. On the VPN firewall, activate the IPSec VPN connection: a. Select VPN > Connection Status .
Set Up Virtual Private Netw orking With IPSec Connec tions 344 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o set up an IPv6 gateway-to-gateway VPN tunnel using the VPN Wizard: 1. On your computer , launch an Internet browser . 2.
Set Up Virtual Private Netw orking With IPSec Connec tions 345 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description About VPN Wizard This VPN tunnel will connect to the following peers Select the Gateway radio button.
Set Up Virtual Private Netw orking With IPSec Connec tions 346 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The VPN Policies screen displays the IPv6 settings with the new , automatically generated VPN policy in the List of VPN Policies table.
Set Up Virtual Private Netw orking With IPSec Connec tions 347 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 1 1. On the VPN firewall, activate the IPSec VPN connection: a. Select VPN > Connection Status . b. Locate the policy in the table and click the Connect button.
Set Up Virtual Private Netw orking With IPSec Connec tions 348 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 10. Example of an IPv4 client-to-gateway IPSec VPN connection The VPN firewall supports client connections with the NETGEAR ProSAFE VPN Client, which is an application that you can install on a computer .
Set Up Virtual Private Netw orking With IPSec Connec tions 349 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o set up the VPN firewall for a client-to-gateway VPN tunnel using the VPN Wizard: 1. On your computer , launch an Internet browser .
Set Up Virtual Private Netw orking With IPSec Connec tions 350 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Enter the settings as described in the following table. Setting Description About VPN Wizard This VPN tunnel will connect to the following peers Select the VPN Client radio button.
Set Up Virtual Private Netw orking With IPSec Connec tions 351 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. The VPN Policies screen displays the IPv4 settings with the new , automatically generated VPN policy in the List of VPN Policies table.
Set Up Virtual Private Netw orking With IPSec Connec tions 352 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Collect the information that you must use to configure the VPN client. Y ou can print the following table to keep track of this information.
Set Up Virtual Private Netw orking With IPSec Connec tions 353 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. From the main menu, select Configuration > Wizard . 3. Select the A router or a VPN gateway radio button. 4. Click the Next button.
Set Up Virtual Private Netw orking With IPSec Connec tions 354 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 5. Specify the following VPN tunnel parameters: • IP or DNS public (external) address of the remote equipment . Enter the remote IP address or DNS name of the VPN firewall.
Set Up Virtual Private Netw orking With IPSec Connec tions 355 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Specify the local and remote IDs: a. In the tree list pane of the Configuration Panel screen, click Gateway (the default name given to the authentication phase).
Set Up Virtual Private Netw orking With IPSec Connec tions 356 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Configure the global parameters: a. In the tree list pane of the Configuration Panel screen, click Global Parameters . b. Specify the default lifetimes in seconds: • Authentication (IKE) , Default .
Set Up Virtual Private Netw orking With IPSec Connec tions 357 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Save button. Y our settings are saved and the VPN client configuration is complete.
Set Up Virtual Private Netw orking With IPSec Connec tions 358 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the tree list pane of the Configuration Panel screen, right-click VPN Configuration , and select New Phase 1 . 3. Change the name of the authentication phase (the default name is Gateway): a.
Set Up Virtual Private Netw orking With IPSec Connec tions 359 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. Specify the settings that are described in the following table. 5. Click the Save button. Y our settings are saved. 6. Click the Advanced tab in the Authentication pane.
Set Up Virtual Private Netw orking With IPSec Connec tions 360 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Specify the settings that are described in the following table.
Set Up Virtual Private Netw orking With IPSec Connec tions 361 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. Continue the manual configuration of the VPN client with the IPSec configuration.
Set Up Virtual Private Netw orking With IPSec Connec tions 362 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 1 1. Specify the settings that are described in the following table. 12. Click the Save button. Y our settings are saved. Continue the manual configuration of the VPN client with the global parameters.
Set Up Virtual Private Netw orking With IPSec Connec tions 363 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 14. Specify the default lifetimes in seconds: • Authentication (IKE) , Default . The default lifetime value is 3600 seconds. Change this setting to 28800 seconds to match the configuration of the VPN firewall.
Set Up Virtual Private Netw orking With IPSec Connec tions 364 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T est the NET GE AR Pr oSAFE VPN Client VPN T unnel Connec tion Note: In this section, the NETGEAR ProSAFE VPN Client is referred to as the VPN client.
Set Up Virtual Private Netw orking With IPSec Connec tions 365 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 1 1. VPN client system tray color codes Both the NETGEAR ProSAFE VPN Client and the VPN firewall provide VPN connection and status information.
Set Up Virtual Private Netw orking With IPSec Connec tions 366 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View the VPN Fir ewall IPSec VPN Connec tion St atus and T erminat e or Establish T unnels Y ou can view the connection status of all IPSec VPN tunnel sessions on the VPN firewall.
Set Up Virtual Private Netw orking With IPSec Connec tions 367 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Connection Status submenu tabs display with the IPSec VPN Connection Status screen in view . The following figure shows an IPSec security association (SA) as an example.
Set Up Virtual Private Netw orking With IPSec Connec tions 368 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o display the IPSec VPN log on the VPN firewall: 1.
Set Up Virtual Private Netw orking With IPSec Connec tions 369 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y ou can change existing policies or manually add new VPN and IKE policies directly in the policy tables.
Set Up Virtual Private Netw orking With IPSec Connec tions 370 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o view the IKE policies: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Set Up Virtual Private Netw orking With IPSec Connec tions 371 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Each policy contains the settings that are described in the following table. These settings apply to both IPv4 and IPv6 IKE policies.
Set Up Virtual Private Netw orking With IPSec Connec tions 372 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select VPN > IPSec VPN . The IPSec VPN submenu tabs display with the IKE Policies screen for IPv4 in view . 7. T o add an IKE policy for IPv6 instead of IPv4, in the upper right, select the IPv6 radio button.
Set Up Virtual Private Netw orking With IPSec Connec tions 373 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. Other than the nature of the IP addresses, the settings that you must enter for IPv4 and IPv6 settings are identical.
Set Up Virtual Private Netw orking With IPSec Connec tions 374 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Setting Description Mode Config Record Do you want to use Mode Config Record? Specify whether the IKE policy uses a Mode Config record.
Set Up Virtual Private Netw orking With IPSec Connec tions 375 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Identifier T ype From the menu, select an ISAKMP identifier to be used by the VPN firewall and specify the identifier in the Identifier field: • Local W an IP .
Set Up Virtual Private Netw orking With IPSec Connec tions 376 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Diffie-Hellman (DH) Group The DH Group sets the strength of the algorithm in bits. The higher the group, the more secure the exchange.
Set Up Virtual Private Netw orking With IPSec Connec tions 377 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved.
Set Up Virtual Private Netw orking With IPSec Connec tions 378 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. T o change a VPN policy for IPv6 instead of IPv4, in the upper right, select the IPv6 radio button. The VPN Policies screen displays the IPv6 settings.
Set Up Virtual Private Netw orking With IPSec Connec tions 379 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 a. Select VPN > IPSec VPN > VPN Policies . The VPN Policies screen displays the IPv4 settings. b. T o disable a VPN policy for IPv6 instead of IPv4, in the upper right, select the IPv6 radio button.
Set Up Virtual Private Netw orking With IPSec Connec tions 380 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e IKE P olicies The following procedure describes how you can remove one or more IKE policies that you no longer need.
Set Up Virtual Private Netw orking With IPSec Connec tions 381 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: When you use the VPN IPsec Wizard, the VPN and IKE policies that are added automatically have the same name. d. Click the Disable button.
Set Up Virtual Private Netw orking With IPSec Connec tions 382 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Auto . Some settings for the VPN tunnel are generated automatically through the use of the IKE protocol to perform negotiations between the two VPN endpoints (the local ID endpoint and the remote ID endpoint).
Set Up Virtual Private Netw orking With IPSec Connec tions 383 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button.
Set Up Virtual Private Netw orking With IPSec Connec tions 384 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manually Add a VPN P olic y The following procedure describes how to add a VPN policy manually . T o manually add a VPN policy: 1.
Set Up Virtual Private Netw orking With IPSec Connec tions 385 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN Policies screen displays the IPV6 settings. 8. Under the List of VPN Policies table, click the Add button. The Add New VPN Policy screen displays.
Set Up Virtual Private Netw orking With IPSec Connec tions 386 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Other than the nature of the IP addresses, the settings that you must enter for IPv4 and IPv6 are identical with one exception. The IPv4 settings require a subnet mask but the IPv6 settings require a prefix length.
Set Up Virtual Private Netw orking With IPSec Connec tions 387 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Enable Keepalive Select a radio button to specify if keep-alive is enabled: • No . Keep-alive requests are disabled for the VPN tunnel.
Set Up Virtual Private Netw orking With IPSec Connec tions 388 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Encryption Algorithm From the menu, select the algorithm to negotiate the security association (SA): • 3DES . T riple DES. This is the default algorithm.
Set Up Virtual Private Netw orking With IPSec Connec tions 389 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved.
Set Up Virtual Private Netw orking With IPSec Connec tions 390 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Set Up Virtual Private Netw orking With IPSec Connec tions 391 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Set Up Virtual Private Netw orking With IPSec Connec tions 392 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Ex tended Authentication Ov er view When many VPN clients connect to a VPN firewall, you might want to use a unique user authentication method beyond relying on a single common pre-shared key for all clients.
Set Up Virtual Private Netw orking With IPSec Connec tions 393 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Set Up Virtual Private Netw orking With IPSec Connec tions 394 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Locate the Extended Authentication section. 1 1. Enter the settings as described in the following table. 12. Click the Apply button.
Set Up Virtual Private Netw orking With IPSec Connec tions 395 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 c. In the List of VPN policies table, select the VPN policy that is associated with the IKE policy that you changed. d. Click the Enable button.
Set Up Virtual Private Netw orking With IPSec Connec tions 396 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button.
Set Up Virtual Private Netw orking With IPSec Connec tions 397 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved.
Set Up Virtual Private Netw orking With IPSec Connec tions 398 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 to remote users IP addresses from a secured network space so that the remote users appear as seamless extensions of the network.
Set Up Virtual Private Netw orking With IPSec Connec tions 399 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select VPN > IPSec VPN > Mode Config .
Set Up Virtual Private Netw orking With IPSec Connec tions 400 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table. Setting Description Client Pool Record Name A descriptive name of the Mode Config record for identification and management purposes.
Set Up Virtual Private Netw orking With IPSec Connec tions 401 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The new Mode Config record is added to the List of Mode Config Records table.
Set Up Virtual Private Netw orking With IPSec Connec tions 402 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 13. Enter the settings as described in the following table. Note: The IKE policy settings that are described in the following table are specifically for a Mode Config configuration.
Set Up Virtual Private Netw orking With IPSec Connec tions 403 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 General Policy Name A descriptive name of the IKE policy for identification and management purposes. This example uses ModeConfigAME_Sales.
Set Up Virtual Private Netw orking With IPSec Connec tions 404 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 14. Click the Apply button. Y our settings are saved. The IKE policy that includes the Mode Config record is added to the List of IKE Policies table.
Set Up Virtual Private Netw orking With IPSec Connec tions 405 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e the NE T GEAR Pr oSAFE VPN Client f or Mode Config Oper ation Note: In this section, the NETGEAR ProSAFE VPN Client is referred to as the VPN client.
Set Up Virtual Private Netw orking With IPSec Connec tions 406 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the tree list pane of the Configuration Panel screen, right-click VPN Configuration , and select New Phase 1 . 3. Change the name of the authentication phase (the default is Gateway): a.
Set Up Virtual Private Netw orking With IPSec Connec tions 407 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. Specify the settings that are described in the following table. 5. Click the Save button. Y our settings are saved. 6. In the Authentication pane, c lick the Advanced tab.
Set Up Virtual Private Netw orking With IPSec Connec tions 408 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Specify the settings that are described in the following table. 8. Click the Save button. Y our settings are saved. Continue the Mode Config configuration of the VPN client with the IPSec configuration.
Set Up Virtual Private Netw orking With IPSec Connec tions 409 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the tree list pane of the Configuration Panel screen, right-click the GW_ModeConfig authentication phase name and select New Phase 2 .
Set Up Virtual Private Netw orking With IPSec Connec tions 410 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 12. Click the Save button. Y our settings are saved. Continue the Mode Config configuration of the VPN client with the global parameters.
Set Up Virtual Private Netw orking With IPSec Connec tions 411 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 14. Specify the following default lifetimes in seconds to match the configuration on the VPN firewall: • Authentication (IKE) , Default .
Set Up Virtual Private Netw orking With IPSec Connec tions 412 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 After you have set up the Mode Config configuration on both the VPN client and the VPN firewall, test the configuration to make sure that the VPN firewall does assign an IP address to the VPN client.
Set Up Virtual Private Netw orking With IPSec Connec tions 413 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change a Mode Config R ecor d The following procedure describes how to change an existing Mode Config record. Note: Before you change a Mode Config record, make sure that it is not used in an IKE policy .
Set Up Virtual Private Netw orking With IPSec Connec tions 414 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e Mode Config R ecor ds The following procedure describes how to remove one or more Mode Config records that you do no longer need in IKE policies.
Set Up Virtual Private Netw orking With IPSec Connec tions 415 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Keep-Alive and Dead Peer Detection Overview • Configure Keep-Alives •.
Set Up Virtual Private Netw orking With IPSec Connec tions 416 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN Policies screen displays the IPv4 settings. 7. T o change a VPN policy for IPv6 instead of IPv4, in the upper right, select the IPv6 radio button.
Set Up Virtual Private Netw orking With IPSec Connec tions 417 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e Dead P eer Detection The following procedure describes how to configure Dead Peer Detection for an existing IKE policy .
Set Up Virtual Private Netw orking With IPSec Connec tions 418 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. T o change an IKE policy for IPv6 instead of IPv4, in the upper right, select the IPv6 radio button. The IKE Policies screen for IPv6 displays.
Set Up Virtual Private Netw orking With IPSec Connec tions 419 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 b. T o reenable a VPN policy for IPv6 instead of IPv4, in the upper right, select the IPv6 radio button. The VPN Policies screen displays the IPv6 settings.
Set Up Virtual Private Netw orking With IPSec Connec tions 420 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the List of VPN Policies table, click the Edit button for the VPN policy that you want to change. The Edit VPN Policy screen displays.
Set Up Virtual Private Netw orking With IPSec Connec tions 421 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 A PPTP user typically initiates a tunnel request; the PPTP server accommodates the tunnel request and assigns an IP address to the user .
Set Up Virtual Private Netw orking With IPSec Connec tions 422 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Enter the settings as described in the following table. 8. Click the Apply button. Setting Description PPTP Server Enable T o enable the PPTP server , select the Enable check box.
Set Up Virtual Private Netw orking With IPSec Connec tions 423 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. View the Ac tive PPTP User s and Disconnec t Ac tive User s The following procedure describes how to view all active PPTP users and disconnect active PPTP users.
Set Up Virtual Private Netw orking With IPSec Connec tions 424 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. T o disable an active PPTP user , in the List of PPTP Active Users table, click the corresponding Disconnect button. The user is disconnected.
Set Up Virtual Private Netw orking With IPSec Connec tions 425 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o enable the L2TP server and configure the L2TP server pool: 1.
Set Up Virtual Private Netw orking With IPSec Connec tions 426 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. View the Ac tive L2TP User s and Disconnec t Ac tive User s The following procedure describes how to view all active L2TP users and disconnect active L2TP users.
Set Up Virtual Private Netw orking With IPSec Connec tions 427 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The List of L2TP Active Users table lists each active connection with the information that is described in the following table. 7.
428 9 9. Set Up Vir tual P rivat e Networking with S SL Connec tions This chapter describes how to use the SSL VPN solution of the VPN firewall to provide remote access for mobile users to their corporate resources.
Set Up Virtual Private Netw orking with SSL Connections 429 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 SSL VPN P or tals Ov er view The following sections provide concept information .
Set Up Virtual Private Netw orking with SSL Connections 430 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Port forwarding detects and reroutes individual data streams on the user ’s computer to the port forwarding connection rather than opening up a full tunnel to the corporate network.
Set Up Virtual Private Netw orking with SSL Connections 431 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 SSL VPN Wizar d Over view This section provides an overview of the SSL VPN Wizard. For more information about how to set up a portal, see Build an SSL Portal with the SSL VPN Wizard on page 432.
Set Up Virtual Private Netw orking with SSL Connections 432 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Add SSL VPN users that are allowed to access the SSL portal (see Manage User Accounts on page 502.
Set Up Virtual Private Netw orking with SSL Connections 433 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Enter the settings as described in the following table. W ARNING: Do not enter an existing portal layout name in the Portal Layout Name field; otherwise, the SSL VPN Wizard fails when you attempt to apply the settings.
Set Up Virtual Private Netw orking with SSL Connections 434 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Setting Description Portal Layout and Theme Name Portal Layout Name A descriptive name for the portal layout. This name is part of the path of the SSL VPN portal URL.
Set Up Virtual Private Netw orking with SSL Connections 435 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: For more information about portal settings, see Manage the Portal Layout on page 451. 8. Click the Next button. The SSL VPN Wizard Step 2 of 6 screen displays.
Set Up Virtual Private Netw orking with SSL Connections 436 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Setting Description Domain Name A descriptive (alphanumeric) name of the domain for identification and management purposes.
Set Up Virtual Private Netw orking with SSL Connections 437 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: For more information about domains, see Manage Authentication Domains on page 492. 10. Click the Next button. The SSL VPN Wizard Step 3 of 6 screen displays.
Set Up Virtual Private Netw orking with SSL Connections 438 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ARNING: Do not enter an existing user name in the User Name field; otherwise, the SSL VPN Wizard fails when you attempt to apply the settings.
Set Up Virtual Private Netw orking with SSL Connections 439 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 13. Enter the settings as described in the following table.
Set Up Virtual Private Netw orking with SSL Connections 440 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: For more information about client IP address ranges and route settings, see Configure the SSL VPN Client on page 462. 14. Click the Next button.
Set Up Virtual Private Netw orking with SSL Connections 441 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ARNING: In the upper Local Server IP Address field, do not enter an IP address.
Set Up Virtual Private Netw orking with SSL Connections 442 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 17. V erify the settings. T o make changes to the settings: a. Click the Back button to navigate to the screen on which you want to change the settings.
Set Up Virtual Private Netw orking with SSL Connections 443 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. If the VPN firewall accepts the settings, the Policies screen displays with a message Operation succeeded at the top of the screen.
Set Up Virtual Private Netw orking with SSL Connections 444 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Set Up Virtual Private Netw orking with SSL Connections 445 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the Username field, type the name that you associated with the portal and in the Password / Passcode field, type the password that you associated with the portal.
Set Up Virtual Private Netw orking with SSL Connections 446 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following figure shows a portal screen with a Port Forwarding menu option only . A portal screen displays a simple menu that provides the SSL user with the following menu selections: • VPN T unnel .
Set Up Virtual Private Netw orking with SSL Connections 447 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View SSL VPN C onnec tion and St atus Inf ormation The following sections provid.
Set Up Virtual Private Netw orking with SSL Connections 448 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The SSL VPN Connection Status table lists each active connection with the information that is described in the following table.
Set Up Virtual Private Netw orking with SSL Connections 449 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Monitoring > VPN Logs > SSL VPN Logs .
Set Up Virtual Private Netw orking with SSL Connections 450 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 selection. The domain determines both the authentication method and the portal layout that are used. For an SSL portal, you must create authentication domains, user groups, and user accounts as follows: a.
Set Up Virtual Private Netw orking with SSL Connections 451 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Policies determine access to network resources and addresses for individual users, groups, or everyone.
Set Up Virtual Private Netw orking with SSL Connections 452 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Set Up Virtual Private Netw orking with SSL Connections 453 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you have enabled IPv6, you can see the IPv6 URL by selecting the IPv6 radio button. • Action . The buttons, which allow you to change the portal layout or set it as the default.
Set Up Virtual Private Netw orking with SSL Connections 454 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The new portal layout is added to the List of Layouts table. For information about how to display the new portal layout, see Access a Custom SSL VPN Portal on page 443.
Set Up Virtual Private Netw orking with SSL Connections 455 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 way around. For this reason, the following procedure describes how to change an IPv4 portal layout only . T o change a portal layout: 1.
Set Up Virtual Private Netw orking with SSL Connections 456 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 corresponding IPv4 portal is removed automatically . For this reason, the following procedure describes the removal of IPv4 portal layouts only .
Set Up Virtual Private Netw orking with SSL Connections 457 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 SSL VPN P or t For war ding Over view Note: SSL port forwarding does not apply if you configure full VPN tunnel capability for an SSL portal.
Set Up Virtual Private Netw orking with SSL Connections 458 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Add a Ser ver and P or t Number f or SSL P or t For war ding T o configure port .
Set Up Virtual Private Netw orking with SSL Connections 459 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Add New Application for Port Forwarding section, complete the following fields: • IP Address .
Set Up Virtual Private Netw orking with SSL Connections 460 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Set Up Virtual Private Netw orking with SSL Connections 461 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove a Ser ver and P or t Number Configur ation f or SSL P or t For war ding .
Set Up Virtual Private Netw orking with SSL Connections 462 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Set Up Virtual Private Netw orking with SSL Connections 463 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 192.168.1.100 are assigned to devices on the local network, start the client address range at 192.168.1.101, or choose an entirely different subnet altogether .
Set Up Virtual Private Netw orking with SSL Connections 464 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Client IP Address Range section, enter the settings as described in the following table. 8. Click the Apply button. Setting Description Enable Full T unnel Support Select this check box to enable full-tunnel support.
Set Up Virtual Private Netw orking with SSL Connections 465 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. VPN tunnel clients are now able to connect to the VPN firewall and receive a virtual IPv4 address in the client address range.
Set Up Virtual Private Netw orking with SSL Connections 466 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Add Routes for VPN T unnel Clients section, complete the following fields: • Destination Network .
Set Up Virtual Private Netw orking with SSL Connections 467 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Set Up Virtual Private Netw orking with SSL Connections 468 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. In the Client IP Address Range section, enter the settings as described in the following table. 9. Click the Apply button. Y our settings are saved.
Set Up Virtual Private Netw orking with SSL Connections 469 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the upper right, select the IPv6 radio button. The SSL VPN Client screen displays the IPv6 settings. The following figure shows examples.
Set Up Virtual Private Netw orking with SSL Connections 470 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Set Up Virtual Private Netw orking with SSL Connections 471 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 resources. But for most organizations, NETGEAR recommends that you use network resources.
Set Up Virtual Private Netw orking with SSL Connections 472 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Add New Resource section, specify the following information: • Resource Name . A descriptive name of the resource for identification and management purposes.
Set Up Virtual Private Netw orking with SSL Connections 473 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button.
Set Up Virtual Private Netw orking with SSL Connections 474 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Click the Apply button. Y our settings are saved.
Set Up Virtual Private Netw orking with SSL Connections 475 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Resources screen displays. 7. In the List of Resources table, s elect the check box to the left of each network resource that you want to remove or click the Select All button to select all network resources.
Set Up Virtual Private Netw orking with SSL Connections 476 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. In the Defined Resource Addresses table, click the Delete button to the right of the resource address configuration that you want to remove.
Set Up Virtual Private Netw orking with SSL Connections 477 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Assuming that no conflicting user or group policies are configured, if a user attempts to access FTP servers at the following addresses, the following actions occur: • 10.
Set Up Virtual Private Netw orking with SSL Connections 478 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Query section, select a radio button: • Global . View all global policies. • Group . T o view group policies: a. Select the Group radio button.
Set Up Virtual Private Netw orking with SSL Connections 479 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Set Up Virtual Private Netw orking with SSL Connections 480 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The policy is added to the List of SSL VPN Policies table on the Policies screen.
Set Up Virtual Private Netw orking with SSL Connections 481 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Set Up Virtual Private Netw orking with SSL Connections 482 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The policy is added to the List of SSL VPN Policies table on the Policies screen.
Set Up Virtual Private Netw orking with SSL Connections 483 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Set Up Virtual Private Netw orking with SSL Connections 484 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The policy is added to the List of SSL VPN Policies table on the Policies screen.
Set Up Virtual Private Netw orking with SSL Connections 485 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Set Up Virtual Private Netw orking with SSL Connections 486 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Enter the settings as described in the following table. 10. Click the Apply button. Y our settings are saved. The policy is added to the List of SSL VPN Policies table on the Policies screen.
Set Up Virtual Private Netw orking with SSL Connections 487 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Set Up Virtual Private Netw orking with SSL Connections 488 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. The modified policy displays in the List of SSL VPN Policies table on the Policies screen.
Set Up Virtual Private Netw orking with SSL Connections 489 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The selected policies are removed from the List of SSL VPN Policies table.
490 10 10. Manage User s, Authentication, and VPN Cer tificat es This chapter describes how to manage users, authentication, and security certificates for IPSec VPN and SSL VPN.
Manage Users, Authentication, and VPN Cer tificates 491 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 VPN Fir ewall’ s Authentication Users are assigned to a group, and a group is assigned to a domain. Therefore, first create any domains, then groups, then user accounts.
Manage Users, Authentication, and VPN Cer tificates 492 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e Authentication Domains, Gr oups, and User Acc ounts The following section.
Manage Users, Authentication, and VPN Cer tificates 493 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Remove One or More Authentication Domains Authentication Domains Ov er view An authentication domain specifies the authentication method for users that are assigned to the domain.
Manage Users, Authentication, and VPN Cer tificates 494 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The List of Domains table lists the following information: • Check box . Allows you to select the domain in the table. • Domain Name .
Manage Users, Authentication, and VPN Cer tificates 495 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Setting Description Domain Name A descriptive (alphanumeric) name of the domain for identification and management purposes. Note: If you leave the Domain Name field blank, the SSL VPN Wizard uses the default domain name geardomain.
Manage Users, Authentication, and VPN Cer tificates 496 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved.
Manage Users, Authentication, and VPN Cer tificates 497 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Manage Users, Authentication, and VPN Cer tificates 498 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Manage Users, Authentication, and VPN Cer tificates 499 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IMPORT ANT : When you add a domain, the VPN firewall creates a group with the same name as the new domain automatically . Y ou cannot remove such a group.
Manage Users, Authentication, and VPN Cer tificates 500 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The List of Groups table lists the following information: • Check box . Allows you to select the group in the table. • Name . The name of the group.
Manage Users, Authentication, and VPN Cer tificates 501 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change an Authentication Gr oup For a group that was automatically created when you added an authentication domain, you can modify only the idle time-out settings but not the group name or associated domain.
Manage Users, Authentication, and VPN Cer tificates 502 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For a group that you created manually , if the group has users assigned to it, you first must assign the users to another group; otherwise, you cannot remove the group (see Change a User Account on page 506).
Manage Users, Authentication, and VPN Cer tificates 503 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 User Acc ounts Over view When you create a user account, you must assign the user to a user group. When you create a group, you must assign the group to a domain that specifies the authentication method.
Manage Users, Authentication, and VPN Cer tificates 504 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Add a User Acc ount The following procedure describes how to manually add a user account. T o add a user account: 1. On your computer , launch an Internet browser .
Manage Users, Authentication, and VPN Cer tificates 505 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Name . The name of the user . If the user name is appended by an asterisk, the user is a default user that is preconfigured on the VPN firewall and you cannot remove the user .
Manage Users, Authentication, and VPN Cer tificates 506 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. The user is added to the List of Users table. Change a User Acc ount The following procedure describes how to change an existing user account.
Manage Users, Authentication, and VPN Cer tificates 507 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The password fields become accessible. 10. Change the password. 1 1. Click the Apply button. Y our settings are saved. The modified user account displays in the List of Users table on the Users screen.
Manage Users, Authentication, and VPN Cer tificates 508 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage User Login P olicies Y ou can restrict the ability of defined users to log in to the VPN firewall’ s web management interface.
Manage Users, Authentication, and VPN Cer tificates 509 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Select one or both check boxes: • Disable Login . Prohibits the user from logging in to the VPN firewall. • Deny Login from W AN Interface .
Manage Users, Authentication, and VPN Cer tificates 510 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select Users > Users . The Users screen displays. 7. In the List of Users table, to the right of the user for which you want to set login policies, click the corresponding Policies button.
Manage Users, Authentication, and VPN Cer tificates 511 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ARNING: If you allow login only from the defined IP addresses, add your own IP address to the Defined Addresses table; otherwise, you are locked out.
Manage Users, Authentication, and VPN Cer tificates 512 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Manage Users, Authentication, and VPN Cer tificates 513 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select Users > Users . The Users screen displays. 7. In the List of Users table, to the right of the user for which you want to set login policies, click the corresponding Policies button.
Manage Users, Authentication, and VPN Cer tificates 514 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 12. Click the Add button. The browser is added to the Defined Browsers table. 13. Repeat Step 11 and Step 12 for any other browsers that you want to add to the Defined Browsers table.
Manage Users, Authentication, and VPN Cer tificates 515 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change P asswor ds and Automatic L ogout P eriod For any user , you can change the password and automatic logout period. Only administrators have read/write access and can change these settings.
Manage Users, Authentication, and VPN Cer tificates 516 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the List of Users table, to the right of the user for which you want to change the settings, click the corresponding Edit button.
Manage Users, Authentication, and VPN Cer tificates 517 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 VPN Cer tificat es Over view The VPN firewall uses digital certificates (also known .
Manage Users, Authentication, and VPN Cer tificates 518 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y ou can view loaded digital certificates, upload a new digital certificate, and generate a certificate signing request (CSR). The VPN firewall typically holds two types of digital certificates: • CA certificates .
Manage Users, Authentication, and VPN Cer tificates 519 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Manage Users, Authentication, and VPN Cer tificates 520 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove a C A Certificate The following procedure describes how to remove one or more CA certificates that you no longer need. T o remove one or more CA certificates: 1.
Manage Users, Authentication, and VPN Cer tificates 521 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Gener ate a Certificate Signing R equest and Obtain a Self-Signed Certificate fr om .
Manage Users, Authentication, and VPN Cer tificates 522 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Generate Self Certificate Request section, enter the settings as described in the following table. Setting Description Name A descriptive name of the domain for identification and management purposes.
Manage Users, Authentication, and VPN Cer tificates 523 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Generate button. A new SCR is created and added to the Self Certificate Requests table. 9. T o view the new SCR, in the Self Certificate Requests table, click the View button.
Manage Users, Authentication, and VPN Cer tificates 524 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 16. Click the Upload button. The VPN firewall verifies the certificate for validity and purpose. If the VPN firewall approves the certificate, it is added to the Active Self Certificates table.
Manage Users, Authentication, and VPN Cer tificates 525 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e Self-Signed Cer tificat es The following procedure describes how to remove one or more self-signed certificates that you no longer need.
Manage Users, Authentication, and VPN Cer tificates 526 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Manage Users, Authentication, and VPN Cer tificates 527 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Manage Users, Authentication, and VPN Cer tificates 528 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e Cer tificat e Rev ocation Lists The following procedure describes how to remove one or more Certificate Revocation Lists (CRLs) that you no longer need.
Manage Users, Authentication, and VPN Cer tificates 529 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 12. Security alert A security alert can be generated for a security certificate for three reasons: • The security certificate was issued by a company you have not chosen to trust.
530 11 1 1. Optimize P er f ormance and Manage Y our S yst em This chapter describes the tools for managing the network traffic to optimize its performance and the system management features of the VPN firewall.
Optimize P er formanc e and Manage Y our System 531 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 P er f ormance Management Performance management consists of controlling the traffic through the VPN firewall so that the necessary traffic gets through if a bottleneck occurs.
Optimize P er formanc e and Manage Y our System 532 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Fe atur es That R educe T r affic The following sections provide information about featu.
Optimize P er formanc e and Manage Y our System 533 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 - Address range . The rule applies to a range of addresses. - Groups . The rule applies to a group of computers. (Y ou can configure groups for LAN W AN outbound rules but not for DMZ W AN outbound rules.
Optimize P er formanc e and Manage Y our System 534 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o further narrow down the content filtering, you can configure groups to which the content-filtering rules apply and trusted domains for which the content-filtering rules do not apply .
Optimize P er formanc e and Manage Y our System 535 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Add LAN WAN Rules on page 225 and Add DMZ WAN Rules on page 235. When you define inbound firewall rules, you can further refine their application according to the following criteria: • Services .
Optimize P er formanc e and Manage Y our System 536 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 P or t T riggering Port triggering allows some applications running on a LAN network to be available to external applications that would otherwise be partially blocked by the firewall.
Optimize P er formanc e and Manage Y our System 537 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Use QoS and Bandwidth A ssignment t o Shif t the T r affic Mix By setting the Quality of.
Optimize P er formanc e and Manage Y our System 538 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 S yst em Management The following sections provide information about system management: .
Optimize P er formanc e and Manage Y our System 539 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Tip: If you are using a Dynamic DNS service such as TZO, you can identify the W AN IP address of your VPN firewall by running tracert from the Windows Run menu option.
Optimize P er formanc e and Manage Y our System 540 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. T o configure remote management for IPv6, in the upper right, select the IPv6 radio button. The Remote Management screen displays the IPv6 settings.
Optimize P er formanc e and Manage Y our System 541 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ARNING: If you are remotely connected to the VPN firewall and you select the No radio button to disable secure HTTP management, you and all other SSL VPN users are disconnected when you click the Apply button.
Optimize P er formanc e and Manage Y our System 542 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Use a Simple Network Management P r ot ocol Manager Simple Network Management Protocol (SNMP) lets you monitor and manage the VPN firewall from an SNMP manager .
Optimize P er formanc e and Manage Y our System 543 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Optimize P er formanc e and Manage Y our System 544 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the Create New SNMP Configuration Entry section, enter the settings as described in the following table. 8. Click the Add button. Y our settings are saved and the new SNMP configuration is added to the SNMP Configuration table.
Optimize P er formanc e and Manage Y our System 545 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o change an SNMP configuration: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Optimize P er formanc e and Manage Y our System 546 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R emove One or Mor e SNMP Configur ations The following procedure describes how to remove one or more SNMP configurations that you no longer need.
Optimize P er formanc e and Manage Y our System 547 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Optimize P er formanc e and Manage Y our System 548 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Access T ype . Read-write user (RWUSER) or read-only user (ROUSER). By default, the user Admin is an RWUSER and the user guest is an ROUSER.
Optimize P er formanc e and Manage Y our System 549 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved. If you changed the security level, the new level displays in the SNMPv3 User table on the SNMP screen.
Optimize P er formanc e and Manage Y our System 550 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Enter the settings as described in the following table.
Optimize P er formanc e and Manage Y our System 551 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Back Up Settings The backup feature saves all VPN firewall settings to a file. Back up your settings periodically and store the backup file in a safe place.
Optimize P er formanc e and Manage Y our System 552 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Click the Back Up button. A screen displays, showing the file name of the backup file ( FVS336GV3.cfg ). 8. Follow the directions of your browser to save the file.
Optimize P er formanc e and Manage Y our System 553 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Optimize P er formanc e and Manage Y our System 554 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Upgr ade the Firmwar e Y ou can install a dif ferent version of the VPN firewall firmware.
Optimize P er formanc e and Manage Y our System 555 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. T o the left of the Upgrade button, click the Browse button. 1 1. Follow the directions of your browser to locate and select the downloaded firmware file.
Optimize P er formanc e and Manage Y our System 556 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ARNING: When you press the hardware Factory Defaults reset button or use the web management interface to reset the VPN firewall to factory default settings, all custom VPN firewall settings are erased.
Optimize P er formanc e and Manage Y our System 557 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.
Optimize P er formanc e and Manage Y our System 558 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 number of seconds left until the reboot process is complete. The reboot process takes about 160 seconds. (If you can see the unit: The reboot process is complete when the T est LED on the front panel turns off.
Optimize P er formanc e and Manage Y our System 559 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The bottom of the screen displays the current weekday , date, time, time zone, and year . In the example in the previous figure, the following displays: Current T ime: Wednesday , May 28, 2014, 01:03:52 (GMT +0000).
Optimize P er formanc e and Manage Y our System 560 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. Select NTP Mode In all three NTP modes, the VPN firewall functions both as a client and a server .
561 12 12. Monit or S yst em Acc ess and P er f ormanc e This chapter describes the system-monitoring features of the VPN firewall. Y ou can be alerted to important events such W AN traffic limits reached, login failures, and attacks.
Monitor S ystem Ac cess and P erformanc e 562 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e and Enable the W AN IPv4 T r affic Meter If your ISP charges by traffic volume over a given period, or if you want to study traf fic types over a period, you can activate the traffic meter for IPV4 traf fic on a W AN interface.
Monitor S ystem Ac cess and P erformanc e 563 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. If you want to configure the settings for the W AN2 interface, click the W AN2 T raffic Meter tab. 8. Enter the settings as described in the following table.
Monitor S ystem Ac cess and P erformanc e 564 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Click the Apply button. Y our settings are saved.
Monitor S ystem Ac cess and P erformanc e 565 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Configur e and Enable the T r affic Met er f or a L AN IPv4 Addres s Acc ount If your ISP char.
Monitor S ystem Ac cess and P erformanc e 566 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. Click the Advanced option arrow in the upper right. The IPv4 LAN Advanced screen displays. 8. Click the LAN T raffic Meter tab. The LAN T raffic Meter screen displays.
Monitor S ystem Ac cess and P erformanc e 567 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 10. Enter the settings as described in the following table. 1 1. Click the Apply button. Setting Description Add LAN T raffic Meter Account LAN IP Address The LAN IP address for the account.
Monitor S ystem Ac cess and P erformanc e 568 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y our settings are saved. The new account is added to the LAN T raffic Meter T able on the LAN T raffic Meter screen.
Monitor S ystem Ac cess and P erformanc e 569 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Change the T r affic Meter f or a L AN Account The following procedure describes how to change the traffic meter for an existing LAN IPv4 address account.
Monitor S ystem Ac cess and P erformanc e 570 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For more information about the settings, see Configure and Enable the T raffic Meter for a LAN IPv4 Address Account on page 565. 1 1. Click the Apply button.
Monitor S ystem Ac cess and P erformanc e 571 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Manage Logging, Alerts, and Event Notifications The following sections provide information abo.
Monitor S ystem Ac cess and P erformanc e 572 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Monitor S ystem Ac cess and P erformanc e 573 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. Enable and Schedule Emailing of Logs Although you can view the logs onscreen, the VPN firewall provides the convenience of emailing the logs to a specific email address.
Monitor S ystem Ac cess and P erformanc e 574 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Monitor S ystem Ac cess and P erformanc e 575 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. Enable the S yslogs If you have a syslog server , you can enable the syslog of the VPN firewall.
Monitor S ystem Ac cess and P erformanc e 576 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Monitor S ystem Ac cess and P erformanc e 577 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved. View the Routing L ogs, Syst em Logs, and Other Ev ent Logs Y ou can view the routing logs, system logs, and other event logs onscreen.
Monitor S ystem Ac cess and P erformanc e 578 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Monitoring > Firewall Logs & E-mail . The Firewall Logs & E-mail screen displays. 7. Click the View Log option arrow in the upper right.
Monitor S ystem Ac cess and P erformanc e 579 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Monitor S ystem Ac cess and P erformanc e 580 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Monitor S ystem Ac cess and P erformanc e 581 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. At Site 2, set up a VPN tunnel between Gateway 2 and Gateway 1 at Site 1 (see Configure the VPN T unnel on Gateway 2 at Site 2 on page 583 ) 5.
Monitor S ystem Ac cess and P erformanc e 582 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select VPN > IPSec VPN > VPN Wizard . The VPN Wizard screen displays. 7. Configure a gateway-to-gateway VPN tunnel using the following information: • Connection name .
Monitor S ystem Ac cess and P erformanc e 583 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. In the General section, clear the Enable NetBIOS check box. 8. In the T raffic Selector section, make the following changes: • From the Remote IP menu, select Single .
Monitor S ystem Ac cess and P erformanc e 584 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. Click the Apply button. Y our settings are saved.
Monitor S ystem Ac cess and P erformanc e 585 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 On the Gat eway at Sit e 2, Specif y the Syslog Ser ver on Sit e 1 The following procedure describes how to specify that Gateway 2 at Site 2 must send the syslogs to the syslog server that is connected to Gateway 1 at Site 1.
Monitor S ystem Ac cess and P erformanc e 586 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • View the VPN Connection Status, L2TP Users, and PPTP Users • View the VPN Logs • View .
Monitor S ystem Ac cess and P erformanc e 587 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Monitor S ystem Ac cess and P erformanc e 588 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View the T r affic Statistics f or the Interf aces and Change the P olling Int er val The following procedure describes how to view the traffic statistics for the interfaces of the VPN firewall and change the polling interval.
Monitor S ystem Ac cess and P erformanc e 589 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Monitor S ystem Ac cess and P erformanc e 590 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W ait for the counter to stop. b. In the Poll Interva l field, enter a new value in seconds.
Monitor S ystem Ac cess and P erformanc e 591 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table explains the fields of the Detailed Status screen. Item Description LAN Port Configuration The following fields are shown for each of the LAN ports.
Monitor S ystem Ac cess and P erformanc e 592 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 VLAN ID The VLAN ID that you assigned to the LAN port (see Manage VLAN Profiles on page 121). If the default VLAN profile is used, the VLAN ID is 1, which means that all tagged and untagged traffic can pass on the LAN port.
Monitor S ystem Ac cess and P erformanc e 593 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W AN Configuration W AN Mode The W AN mode can be Single Port, Load Balancing, or Auto Rollover . For information about configuring the W AN mode, see Manage the IPv4 WAN Routing Mode on page 30.
Monitor S ystem Ac cess and P erformanc e 594 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View the VL AN Status Y ou can view information about the VLANs that are enabled. Disabled VLANs are not displayed. For information about enabling and disabling VLANs, see Assign VLAN Profiles on page 11 7 .
Monitor S ystem Ac cess and P erformanc e 595 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain . 5. Click the Login button. The Router Status screen displays.
Monitor S ystem Ac cess and P erformanc e 596 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password .
Monitor S ystem Ac cess and P erformanc e 597 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View the VPN Logs The following sections provide information about viewing the IPSec VPN and S.
Monitor S ystem Ac cess and P erformanc e 598 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Port T riggering Status screen displays the information that is described in the following table.
Monitor S ystem Ac cess and P erformanc e 599 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain .
Monitor S ystem Ac cess and P erformanc e 600 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. T o terminate an active connection, click the Disconnect button.
Monitor S ystem Ac cess and P erformanc e 601 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Select Network Configuration > W AN Settings > W AN Setup . The W AN Setup screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button.
Monitor S ystem Ac cess and P erformanc e 602 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. T o terminate an active connection, click the Disconnect button.
Monitor S ystem Ac cess and P erformanc e 603 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The incoming and outgoing volume of traffic for each protocol and the total volume of traffic are displayed. Traf fic counters are updated in MBs; the counter starts only when traffic passed is at least 1 MB.
Monitor S ystem Ac cess and P erformanc e 604 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The Router Status screen displays. 6. Select Network Configuration > LAN Settings > LAN Groups . The LAN Groups screen displays. The following figure shows some examples in the Known PCs and Devices table.
Monitor S ystem Ac cess and P erformanc e 605 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 View the DHCP Log The following procedure describes how to view and clear the DHCP log. Note: For information about how to change the DHCP settings, see Manage VLAN Profiles on page 121.
Monitor S ystem Ac cess and P erformanc e 606 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 8. T o view the most recent entries, click the Refresh Log button. The information onscreen is updated. 9. T o remove all existing log entries, click the Clear Log button.
607 13 13. Diagnostic s and T r oubleshooting This chapter provides troubleshooting tips and information for the VPN firewall. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated.
Diagnostics and Tr oubleshooting 608 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Use the Diagnostic s Utilities The following sections provide information about using the diagnostic ut.
Diagnostics and Tr oubleshooting 609 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Diagnostics and Tr oubleshooting 610 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 9. Select either a gateway or a VPN policy: • Clear the Ping through VPN tunnel? check box and select a gateway from the Select Local Gateway menu. The Select VPN Policy menu is masked out.
Diagnostics and Tr oubleshooting 611 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 7. T o trace the route to an IPv6 location instead of an IPv4 location, in the upper right, select the IPv6 radio button. The Diagnostics screen displays the IPv6 settings.
Diagnostics and Tr oubleshooting 612 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Look Up a DNS Addr ess A Domain Name Server (DNS) converts the Internet name (for example, www .
Diagnostics and Tr oubleshooting 613 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o display the routing table: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Diagnostics and Tr oubleshooting 614 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For the default administrative account, the default user name is admin and the default password is password . 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Diagnostics and Tr oubleshooting 615 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R eboot the VPN Fir ewall R emot ely Y ou can perform a remote reboot, for example, when the VPN firewall seems to have become unstable or is not operating normally .
Diagnostics and Tr oubleshooting 616 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T o schedule the VPN firewall to reboot: 1. On your computer , launch an Internet browser . 2. In the address field of your browser , enter the IP address that was assigned to the VPN firewall during the installation process.
Diagnostics and Tr oubleshooting 617 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 If a port’s left LED lights, a link is established to the connected device. The port’s right LED indicates the connection speed: • If the port is connected to a 1000 Mbps device, the right LED lights green.
Diagnostics and Tr oubleshooting 618 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 cannot reach a DHCP server . These autogenerated addresses are in the range of 169.254.x.x. If your IP address is in this range, check the connection from the computer to the VPN firewall and reboot your computer .
Diagnostics and Tr oubleshooting 619 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • If the computer is configured correctly but still not working, ensure that the VPN firewall is connected and turned on. Connect to the web management interface and check the VPN firewall’s settings.
Diagnostics and Tr oubleshooting 620 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The W AN Setup screen for IPv4 displays. 7. T o check the W AN IPv6 address instead of the W AN IPv4 address, in the upper right, select the IPv6 radio button.
Diagnostics and Tr oubleshooting 621 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • If your ISP allows only one Ethernet MAC address to connect to the Internet and checks for your com.
Diagnostics and Tr oubleshooting 622 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 - Windows Server 2003 R2, all versions - Linux and other UNIX-based systems with a correctly configured kernel - MAC OS X • Make sure that IPv6 is enabled on the computer .
Diagnostics and Tr oubleshooting 623 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 c. Click or double-click View status of this connection . The Local Area Connection Status screen displays. d. Make sure that Internet access shows for the IPv6 connection.
Diagnostics and Tr oubleshooting 624 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 f. Make sure that an IPv6 address shows. The previous figure does not show an IPv6 address for the computer but only a link-local IPv6 address and an IPv6 default gateway address, both of which start, in this case, with fe80.
Diagnostics and Tr oubleshooting 625 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 - V erify that the Ethernet card driver software and TCP/IP software are both installed and configured on your computer or workstation.
Diagnostics and Tr oubleshooting 626 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 correctly . If you have just completed configuring the VPN firewall, wait at least five minutes, and check the date and time again. • T ime is off by one hour .
Diagnostics and Tr oubleshooting 627 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
628 A A. Network Planning f or Multiple W AN P or ts This appendix describes the factors to consider when planning a network using a firewall that has more than one W AN port.
Network Planning f or Multiple W AN Ports 629 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 What t o Consider Bef or e Y ou Begin The following sections provide information about plannin.
Network Planning f or Multiple W AN Ports 630 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • If your ISP charges by the volume of data traffic each month, consider enabling the VPN firewall’s traf fic meter to monitor or limit your traffic.
Network Planning f or Multiple W AN Ports 631 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Int ernet Configur ation R equirements Depending on how your ISP sets up your Internet account.
Network Planning f or Multiple W AN Ports 632 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 W AN 1 gateway IP address: ______.______.______.______ W AN 1 subnet mask: ______.______.______.______ W AN 2 fixed or static Internet IP address: ______.
Network Planning f or Multiple W AN Ports 633 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Y ou can configure two W AN ports on a mutually exclusive basis to do either of the following:.
Network Planning f or Multiple W AN Ports 634 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 15. Dual W AN ports in load balancing mode Planning f or Inbound T r affic Incoming tra.
Network Planning f or Multiple W AN Ports 635 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Inbound T r affic to a Single W AN P or t Syst em The Internet IP address of the VPN firewall’s W AN port must be known to the public so that the public can send incoming traffic to the exposed host when this feature is supported and enabled.
Network Planning f or Multiple W AN Ports 636 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Note: Load balancing is implemented for outgoing traffic and not for incoming traffic. T o maintain better control of W AN port traffic, consider making one of the W AN port Internet addresses public and to keep the other one private.
Network Planning f or Multiple W AN Ports 637 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 For a single W AN gateway configuration, use an FQDN when the IP address is dynamic and either an FQDN or the IP address itself when the IP address is fixed.
Network Planning f or Multiple W AN Ports 638 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 VPN T elecommut er - Client-to-Gat eway The following situations exemplify the requirements fo.
Network Planning f or Multiple W AN Ports 639 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The IP addresses of the W AN ports can be either fixed or dynamic, but you always must use an FQDN because the active W AN port could be either W AN1 or WAN2 (that is, the IP address of the active W AN port is not known in advance).
Network Planning f or Multiple W AN Ports 640 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 VPN Gat eway-t o-Gatew ay The following situations exemplify the requirements for a gateway VP.
Network Planning f or Multiple W AN Ports 641 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 26. Gateway-to-gateway example in a dual W AN port configuration before auto-rollover T.
Network Planning f or Multiple W AN Ports 642 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 28. Gateway-to-gateway example in a dual W AN port configuration with load balancing The IP addresses of the gateway W AN ports can be either fixed or dynamic.
Network Planning f or Multiple W AN Ports 643 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 29. T elecommuter example in a single W AN port configuration with NA T The IP address of the gateway W AN port can be either fixed or dynamic.
Network Planning f or Multiple W AN Ports 644 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Figure 31. T elecommuter example in a dual W AN port configuration with NA T after auto-rollov.
645 B B. S yst em L ogs and Err or Messages This appendix provides examples and explanations of system logs and error message. When applicable, a recommended action is provided.
Syst em Logs and Err or Messages 646 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Log Mes sage T erms This appendix uses the following log message terms.
Syst em Logs and Err or Messages 647 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 These sections describe log messages that belong to one of the following categories: • Logs generated by traffic that is meant for the VPN firewall. • Logs generated by traffic that is routed or forwarded through the VPN firewall.
Syst em Logs and Err or Messages 648 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 S yst em Startup This section describes the log message generated during system startup. R eboot This section describes the log message generated during system reboot.
Syst em Logs and Err or Messages 649 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPSec R estar t This section describes logs that are generated when IPSec restarts. Unicast , Multicast , and Broadcast L ogs ICMP R edirect Logs T able 19.
Syst em Logs and Err or Messages 650 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Multicast and Br oadcast Logs W AN Status This section describes the logs generated by the W AN component. If you have several ISP links for Internet connectivity , you can configure the VPN firewall either in auto-rollover or load balancing mode.
Syst em Logs and Err or Messages 651 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 becomes active only until the primary link comes back up. The VPN firewall monitors the status of the primary link using the configured W AN failure detection method.
Syst em Logs and Err or Messages 652 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 PPP Logs This section describes the W AN PPP connection logs. The PPP type can be configured from the web management interface (see Manually Configure a PPPoE IPv4 Internet Connection on page 39).
Syst em Logs and Err or Messages 653 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • PPTP idle time-out logs • PPP authentication logs T able 26.
Syst em Logs and Err or Messages 654 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R esolved DNS Names This section describes the logs of DNS name resolution messages. VPN Log Mes sages This section explains logs that are generated by IPSec VPN and SSL VPN policies.
Syst em Logs and Err or Messages 655 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T able 29. System logs: IPSec VPN tunnel, tunnel establishment Messages 1 through 5 Messages 6 and 7 Me.
Syst em Logs and Err or Messages 656 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Recommended action None T able 30. System logs: IPSec VPN tunnel, SA lifetime (150 sec in phase 1; 300 .
Syst em Logs and Err or Messages 657 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T able 31. System logs: IPSec VPN tunnel, SA lifetime (150 sec in phase 1; 300 sec in phase 2), VPN tunnel not reestablished Message 2000 Jan 1 04:52:33 [FVS336Gv3] [IKE] Using IPSec SA configuration: 192.
Syst em Logs and Err or Messages 658 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T able 33. System logs: IPSec VPN tunnel, Dead Peer Detection and keep-alive (default 30 sec), VPN tunnel torn down Message 1 Message 2 Message 3 2000 Jan 1 06:01:18 [FVS336Gv3] [VPNKA] Keep alive to peer 192.
Syst em Logs and Err or Messages 659 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 SSL VPN L ogs This section describes the log messages that are generated by SSL VPN policies.
Syst em Logs and Err or Messages 660 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 T r affic Meter L ogs Routing L ogs The following sections provide information about routing log messag.
Syst em Logs and Err or Messages 661 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 L AN to W AN Logs L AN to DMZ L ogs DMZ t o W AN Logs W AN to L AN Logs T able 40. Routing logs: LAN to W AN Message Nov 29 09:19:43 [FVS336Gv3] [kernel] LAN2W AN[ACCEPT] IN=LAN OUT=W AN SRC=192.
Syst em Logs and Err or Messages 662 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 DMZ t o L AN Logs W AN to DMZ L ogs Other Event L ogs The following sections provide information about .
Syst em Logs and Err or Messages 663 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Sour ce MA C Filter L ogs Bandwidth Limit Logs T able 47. Other event logs: source MAC filter logs Message 2000 Jan 1 06:40:10 [FVS336Gv3] [kernel] SRC_MAC_MA TCH[DROP] SRC MAC = 00:12:3f:34:41:14 IN=LAN OUT=W AN SRC=192.
Syst em Logs and Err or Messages 664 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 DHCP Logs This section explains the log messages that are generated when a host is assigned a dynamic IP address. These messages are displayed on the DHCP Log screen (see View the DHCP Log on page 605).
665 C C. T wo-F ac tor A uthentication This appendix provides an overview of two-factor authentication and an example of how to implement the WiKID solution.
Tw o-Factor Authentication 666 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Why Do I Need T wo-F ac t or Authentication? This section includes the following topics: • What Are the Ben.
Tw o-Factor Authentication 667 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 • Something the user is—for example, biometrics such as a fingerprint or retinal print. This appendix focuses on and discusses only the first two factors, something you know and something you have.
Tw o-Factor Authentication 668 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The WiKID authentication server generates the one-time passcode (“ something the user has” ).
Tw o-Factor Authentication 669 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 6. Enter the OTP as the login password. 7. Click the Login button.
670 D D. Def ault Settings and T echnical Specifications This appendix provides the default settings and the physical and technical specifications of the VPN firewall in the following sections: • Fa.
Def ault Settings and T echnical Specifications 671 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 F ac tory Def ault Settings For information about restoring the VPN firewall to factory default settings, see Revert to Factory Default Settings on page 555.
Def ault Settings and T echnical Specifications 672 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv4 LAN, DMZ, and routing settings LAN IPv4 address for the default VLAN 192.168.1.1 LAN IPv4 subnet mask for the default VLAN 255.255.255.
Def ault Settings and T echnical Specifications 673 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Firewall and security settings Inbound LAN W AN rules (communications coming in from the Internet) All traffic is blocked, except for traf fic in response to requests from the LAN.
Def ault Settings and T echnical Specifications 674 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 QoS priorities (for IPv6 firewall rules) Normal-Service Minimize-Cost Maximize-Reliabili.
Def ault Settings and T echnical Specifications 675 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 VPN IPsec Wizard: IKE policy settings for IPv4 gateway-to-client tunnels Exchange mode Aggressive ID type FQDN Local W AN ID remote.com Remote W AN ID local.
Def ault Settings and T echnical Specifications 676 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 Physical and T echnical Specifications The following table shows the physical and techni.
Def ault Settings and T echnical Specifications 677 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table shows the IPSec VPN specifications for the VPN firewall: Environment.
Def ault Settings and T echnical Specifications 678 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 The following table shows the SSL VPN specifications for the VPN firewall: T able 54.
679 Inde x Numeric s 10BASE- T , 100BASE- T , and 1000BASE-T speeds 69 3322.or g 63 – 65 6to4 tunnels configuring globally 101 DMZ , configuring f or 196 L AN, configuring f or 179 A A A A (authenti.
680 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 configuring 56 – 58 described 49 IPv6 configuring 110 described 110 VPN IPSec 336 , 342 , 346 , 351 autosensing port speed 69 B backin.
681 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 configur ation settings 671 – 676 DMZ port IPv4 address and subnet mask 143 IPv6 address and prefix length 188 , 200 settings 141 , 18.
682 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 pr oxy, VL ANs 120 , 124 queries, auto-r ollover 56 ser ver IP addr esses SSL VPN settings 439 ser ver IPv4 addr esses broadband setting.
683 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 fr ont panel LEDs 19 ports 18 FTP acces s, allowing from D MZ (rule example) 266 full tunnel, SSL VPN 463 fully qualified domain names.
684 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IP pr ecedenc e, QoS 298 IP /MAC bindings 316 – 326 IPSec hosts, XAUTH 392 – 394 IPSec VPN Wizar d client-to-gat eway tunnels, setting up 349 def ault settings 338 described 17 gatew ay-to-gat eway tunnels, setting up 340 , 344 IPSec VPN.
685 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 IPv6 tunnel status and addr esses, viewing 107 IPv6 tunnels configuring globally 101 – 108 DMZ , configuring f or 196 L AN, configurin.
686 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 login time-out changing 515 def ault 26 looking up DNS addr ess 612 M MAC addr esses blocked or permitt ed, adding 315 configuring 70 de.
687 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 NT domain 492 NTP (Network T ime Pr ot ocol) modes and ser vers, settings 560 tr oubleshooting 625 O one-time passcode (O TP) 666 – 668 online documentation 626 online games, DMZ port 141 , 185 option arr ows (web management int erfac e) 23 Oray .
688 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 cust omized services 283 port triggering 327 SSL VPN port f orwarding 441 , 457 port ranges port triggering 329 SSL VPN policies 482 , 4.
689 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 R rack-mounting kit 22 RADIUS CHAP and P AP domain authentication 436 , 495 MSCHAP(v2), domain authentication 436 , 495 RADIUS authentic.
690 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 shar ed bandwidth allocation, W AN traffic 77 shutting down 615 signatur e key length 522 SIIT (St ateless IP / ICMP T ranslation) 108 S.
691 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 technic al support 2 , 613 telec ommuter (client-t o-gatew ay) 638 T elnet and RT elnet , restricting acc ess (rule ex ample) 262 T elne.
692 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 versions SNMP 544 videoconf erencing DMZ port 141 , 185 fr om res tric ted addr ess (rule example) 257 violations, IP /MAC binding 319 , 323 virtual L AN. See VL ANs. Virtual Privat e Network Consortium (VPNC) 17 , 338 virtual private netw ork .
693 Pr oSAFE Dual W AN Gigabit W AN SSL VPN Fir ewall FVS336Gv3 classical r outing (IPv4), configuring 31 connection speed 73 connection status IPv4, viewing 35 , 39 , 43 , 47 , 599 IPv6, viewing 93 ,.
An important point after buying a device Netgear FVS336G-300EUS (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Netgear FVS336G-300EUS yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Netgear FVS336G-300EUS - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Netgear FVS336G-300EUS you will learn all the available features of the product, as well as information on its operation. The information that you get Netgear FVS336G-300EUS will certainly help you make a decision on the purchase.
If you already are a holder of Netgear FVS336G-300EUS, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Netgear FVS336G-300EUS.
However, one of the most important roles played by the user manual is to help in solving problems with Netgear FVS336G-300EUS. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Netgear FVS336G-300EUS along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center