Netgear FVG318 FVG318 Reference Manual

Netgear FVG318 - ProSafe 802.11g Wireless VPN Firewall 8 Router Manual

Get Netgear FVG318 - ProSafe 802.11g Wireless VPN Firewall 8 Router PDF manuals and user guides
UPC - 606449041668
View all Netgear FVG318 manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVG318 manual content summary:

  • Netgear FVG318 | FVG318 Reference Manual - Page 1
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10318-01 September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 2
    this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe 802.11g Wireless VPN Firewall gemäß der im BMPT
  • Netgear FVG318 | FVG318 Reference Manual - Page 3
    tento Radiolan je ve shode se základními požadavky a dalšími príslušnými ustanoveními smernice 1999/5/ES.. Dansk [Danish] Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Deutsch [German] Hiermit
  • Netgear FVG318 | FVG318 Reference Manual - Page 4
    user serviceable components and is to be used with NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that the model FVG318 ProSafe 802.11g Wireless VPN Firewall Radio Frequency Interference Warnings & Instructions This equipment has been tested
  • Netgear FVG318 | FVG318 Reference Manual - Page 5
    residential areas. When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling. Canadian Department of Communications Radio Interference Regulations This digital apparatus (ProSafe 802.11g Wireless VPN Firewall) does not exceed the
  • Netgear FVG318 | FVG318 Reference Manual - Page 6
    Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number: FVG318 September 2007 Wireless Router ProSafe 802.11g Wireless VPN Firewall Business English 202-10318-01 1.0 vi v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 7
    , and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Features of the VPN Firewall Router 1-1 802.11g and 802.11b Wireless Networking 1-2 Wireless Multimedia (WMM) Support 1-2 A Powerful, True Firewall with Content Filtering
  • Netgear FVG318 | FVG318 Reference Manual - Page 8
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Chapter 3 Configuring Wireless Connectivity Observing Performance, Placement, and Range Guidelines 3-1 Implementing Appropriate Wireless Security 3-2 Understanding Wireless Settings 3-3 Security Check List for SSID and WEP Settings
  • Netgear FVG318 | FVG318 Reference Manual - Page 9
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Setting Up a Client-to-Gateway VPN Configuration 5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVG318 5-5 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ...........5-7 Monitoring the Progress and
  • Netgear FVG318 | FVG318 Reference Manual - Page 10
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes 8-5 Configuring RIP ...8-6 Static Route Example 8-7 Enabling Remote Management Access 8-8 SNMP Administration 8-10 Enabling Universal Plug and Play (UPnP 8-12 Chapter 9 Troubleshooting Basic Functioning
  • Netgear FVG318 | FVG318 Reference Manual - Page 11
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case C-7 Configuring the VPN Tunnel C-7 Viewing and Editing the VPN Parameters C-8 Initiating and Checking the VPN Connections C-9 The FVG318-to-FVL328 Case C-10 Configuring the VPN Tunnel C-10 Viewing and
  • Netgear FVG318 | FVG318 Reference Manual - Page 12
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual xii Contents v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 13
    About This Manual The NETGEAR® ProSafe™ 802.11g Wireless VPN Firewall FVG318 Reference Manual describes how to install, configure and troubleshoot the ProSafe 802.11g Wireless VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills.
  • Netgear FVG318 | FVG318 Reference Manual - Page 14
    Scope. This manual is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe 802.11g Wireless VPN Firewall September 2007 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in
  • Netgear FVG318 | FVG318 Reference Manual - Page 15
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com. - Printing a PDF Chapter. Use the
  • Netgear FVG318 | FVG318 Reference Manual - Page 16
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual xvi About This Manual v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 17
    the features of the NETGEAR® ProSafe 802.11g Wireless VPN Firewall, Model FVG318. Key Features of the VPN Firewall Router The ProSafe 802.11g Wireless VPN Firewall with eight-port switch connects your local area network (LAN) to the Internet through an external access device such as a cable
  • Netgear FVG318 | FVG318 Reference Manual - Page 18
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 802.11g and 802.11b Wireless Networking The VPN firewall includes an 802.11g-compliant wireless access point. The access point provides: • 802.11b standards-based wireless networking at up to 11 Mbps. • 802.11g wireless networking at up
  • Netgear FVG318 | FVG318 Reference Manual - Page 19
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318 logs security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send
  • Netgear FVG318 | FVG318 Reference Manual - Page 20
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Address Sharing by NAT. The VPN firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This
  • Netgear FVG318 | FVG318 Reference Manual - Page 21
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade. • Free technical support seven days a week, 24 hours a day. Note: The FVS318v3 firmware
  • Netgear FVG318 | FVG318 Reference Manual - Page 22
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual You can use some of the LEDs to verify connections. Viewed from left to right, Table 1-1 describes the LEDs on the front panel of the firewall. These LEDs are green when lit. Table 1-1. LED Descriptions LED Label PWR TEST INTERNET 100
  • Netgear FVG318 | FVG318 Reference Manual - Page 23
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Viewed from left to right, the rear panel contains the following features: • Detachable wireless antenna • Factory default reset push button • Eight Ethernet LAN ports • Internet Ethernet WAN port for connecting the firewall to a cable or
  • Netgear FVG318 | FVG318 Reference Manual - Page 24
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 1-8 Introduction v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 25
    firewall on your LAN, connect to the Internet, perform basic configuration of your ProSafe 802.11g Wireless VPN Firewall using the Setup Wizard, or how to manually configure your Internet connection. Follow these instructions to set up your firewall. Installing Your FVG318 • For Cable Modem Service
  • Netgear FVG318 | FVG318 Reference Manual - Page 26
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A Figure 2-1 d. Securely insert the Ethernet cable from your modem into the FVG318 Internet port (point B in the illustration). B Figure 2-2 e. Securely insert one end of the NETGEAR cable that came with your FVG318 into a Local port on
  • Netgear FVG318 | FVG318 Reference Manual - Page 27
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual D C Figure 2-3 2. Restart your network in the correct sequence Warning: Failure to restart your network in the correct sequence could prevent you from connecting to the Internet. a. First, plug in and turn on the cable or DSL modem.Wait
  • Netgear FVG318 | FVG318 Reference Manual - Page 28
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Power: The power light should be lit. If after 2 minutes the power light turns solid amber, see the Troubleshooting Tips in this guide. • Test: The test light blinks when the FVG318 is first turned on. If after 2 minutes it is still on,
  • Netgear FVG318 | FVG318 Reference Manual - Page 29
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. When prompted, enter admin for the firewall User Name and password for the firewall Password. Both fields are case-sensitive. (For security reasons, the firewall has its own User Name and Password.) Figure 2-6 3. Click Login. You will
  • Netgear FVG318 | FVG318 Reference Manual - Page 30
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 4. Select Network Configuration. The WAN ISP Settings screen will display. Click Auto Detect at the bottom of the WAN ISP Settings screen. The router will
  • Netgear FVG318 | FVG318 Reference Manual - Page 31
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: When you enable remote management, we strongly advise that you change your password. See "Changing the Administrator Password" on page 7-6 for the procedure on how to do this. Manually Configuring your Internet Internet Service use
  • Netgear FVG318 | FVG318 Reference Manual - Page 32
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - Password. Enter the password you use to log in to your ISP. • Enter your ISP Type information: - Austria (PPTP): If your ISP is Austria Telecom or any other ISP that uses Timeout field. 2. Enter your Internet (IP) Address. - Select the
  • Netgear FVG318 | FVG318 Reference Manual - Page 33
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Subnet Mask: This is Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently. In this case, you can use a commercial dynamic DNS service
  • Netgear FVG318 | FVG318 Reference Manual - Page 34
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The gateway contains a client that can connect to a dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with them. After you have configured your account information in the gateway,
  • Netgear FVG318 | FVG318 Reference Manual - Page 35
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. Click Apply to save your configuration. Configuring Your Time Zone The VPN firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. In order to localize
  • Netgear FVG318 | FVG318 Reference Manual - Page 36
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Select the Use Custom NTP Servers if you prefer to use a particular NTP server. - Enter the name or IP address of an NTP Server in the Server 1 Name/IP Address field. - If required, you can also
  • Netgear FVG318 | FVG318 Reference Manual - Page 37
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Some cable modem ISPs require you to use the MAC address of the computer registered on the account. If so, in the Router MAC Address section of the Basic Settings menu, select, "Use this Computer's MAC Address." The router will then
  • Netgear FVG318 | FVG318 Reference Manual - Page 38
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 2-2. Accessing the firewall router (continued) Firewall State Access Options Description Configuration Enter the standard Settings Have Been URL to access the Applied VPN firewall router Enter the IP address of the VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 39
    Connectivity This chapter describes how to configure the wireless features of your FVG318 VPN firewall. Observing Performance, Placement, and Range Guidelines In planning your wireless network, you should consider the level of security required. You should also select the physical placement of
  • Netgear FVG318 | FVG318 Reference Manual - Page 40
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Implementing Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of
  • Netgear FVG318 | FVG318 Reference Manual - Page 41
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Wi-Fi Protected Access (WPA and WPA2). The very strong authentication along with dynamic per frame rekeying of WPA and WPA2 make it virtually impossible to compromise. Because this is a new standard, wireless device driver and software
  • Netgear FVG318 | FVG318 Reference Manual - Page 42
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-2 Note: The 802.11b and 802.11g wireless networking protocols are configured in exactly the same fashion. The FVG318 will automatically adjust to the 802.11g or 802.11b protocol as the device requires without compromising the
  • Netgear FVG318 | FVG318 Reference Manual - Page 43
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - Region. This field identifies the region where the FVG318 can be used. It may not be legal to operate the wireless features of the VPN firewall router in a region other than one of those identified in this field. Unless you select a
  • Netgear FVG318 | FVG318 Reference Manual - Page 44
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - WPA2-PSK: WPA2 is a later version of WPA. Only select this if all clients support WPA2. If selected, you must use AES encryption - WPA-PSK and WPA2-PSK: This selection allows clients to use either WPA (with TKIP encryption) or WPA2 (
  • Netgear FVG318 | FVG318 Reference Manual - Page 45
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Security Check List for SSID and WEP Settings For a new wireless network, print or copy this form and fill in the configuration parameters. For an existing wireless network, the person who set up or is responsible for the network will be
  • Netgear FVG318 | FVG318 Reference Manual - Page 46
    in the ProSafe 802.11g Wireless VPN Firewall. If they do not match, you will not get a wireless connection to the FVG318. 5. Set the Channel. It should not be necessary to change the wireless channel unless you notice interference problems with another nearby wireless router or access point. Select
  • Netgear FVG318 | FVG318 Reference Manual - Page 47
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 7. For initial configuration and test, leave the Wireless Card Access List set to "All Wireless Stations" and the Encryption Strength set to "Disable." 8. Click Apply to save your changes. Note: If you are configuring the FVG318 from a
  • Netgear FVG318 | FVG318 Reference Manual - Page 48
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. Check the Yes radio box to enable MAC filtering and turn on the Access Control List. Then click Apply. An "Operation Succeed" message will display. Only Trusted Wireless Stations will be able to connect to the VPN firewall router. 4.
  • Netgear FVG318 | FVG318 Reference Manual - Page 49
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-5 3. In the Wireless Security Type section, select the WEP Keys: If using WEP, you can manually or automatically program the four data encryption keys. These values must be identical on all PCs and Access Points in your network
  • Netgear FVG318 | FVG318 Reference Manual - Page 50
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Manual Entry Mode: Enter ten hexadecimal digits (any combination of 0-9, a-f, or A-F). These hex values are not case sensitive. Select which of the four keys will be used and enter the matching WEP key information for your network in
  • Netgear FVG318 | FVG318 Reference Manual - Page 51
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-6 3. Select the WPA radio box and then select RADIUS from the WPA with: pull-down menu in the Wireless of the primary Radius Server on your LAN. • Radius Port: Enter the port number used for connecting to the Radius Server. •
  • Netgear FVG318 | FVG318 Reference Manual - Page 52
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA2 with RADIUS Note: Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA2.
  • Netgear FVG318 | FVG318 Reference Manual - Page 53
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be AES by default. For WPA2 with RADIUS, AES is used. 4. Enter the Radius Server Settings. • Primary Server Name/IP Address: This field is required. Enter the name or IP address of the primary Radius
  • Netgear FVG318 | FVG318 Reference Manual - Page 54
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-8 3. Select the WPA and WPA2 radio box and then select RADIUS from the WPA with: pulldown menu in the Wireless the primary Radius Server on your LAN. • Radius Port: Enter the port number used for connecting to the Radius Server.
  • Netgear FVG318 | FVG318 Reference Manual - Page 55
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK Note: Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the
  • Netgear FVG318 | FVG318 Reference Manual - Page 56
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be TKIP by default. For WPA+PSK, TKIP is used. 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Enter a word or group of printable characters in the Passphrase box.
  • Netgear FVG318 | FVG318 Reference Manual - Page 57
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-10 3. Select the WPA2 radio box and then select PSK from the WPA with: pull-down menu in the Wireless must be 8 to 63 characters in length. The 256 Bit key used for encryption is generated from this passphrase. • Enter a value in
  • Netgear FVG318 | FVG318 Reference Manual - Page 58
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK and WPA2-PSK Note: Not all wireless adapters support WPA and WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports
  • Netgear FVG318 | FVG318 Reference Manual - Page 59
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be TKIP+AES by default. For WPA and WPA2+PSK, TKIP+AES is used. Passphrase must be 8 to 63 characters in length. The 256 Bit key used for encryption is generated from this passphrase. • Enter a value in the
  • Netgear FVG318 | FVG318 Reference Manual - Page 60
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3-22 v1.0, September 2007 Configuring Wireless Connectivity
  • Netgear FVG318 | FVG318 Reference Manual - Page 61
    Protection and Content Filtering Overview The ProSafe 802.11g Wireless VPN Firewall FVG318 provides you with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. Parents and network administrators can establish restricted access policies based on time-of-day
  • Netgear FVG318 | FVG318 Reference Manual - Page 62
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Certain commonly used web components can also be blocked for increased security. Some of these components can be used by malicious websites to infect computers that access running Internet Explorer. A malicious ActiveX control can be used
  • Netgear FVG318 | FVG318 Reference Manual - Page 63
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Check the Yes radio box in the Content add Trusted IP Addresses, Blocked Keywords and Trusted Domains. Trusted Internet Addresses and Trusted Domains are Internet addresses and sites for which content filtering maybe bypassed. The
  • Netgear FVG318 | FVG318 Reference Manual - Page 64
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 1. In the appropriate field add the IP • If you wish to block all Internet browsing access, enter the keyword ".". Using Rules to Block or Allow Specific Kinds of Traffic Firewall rules are used to block or allow specific traffic passing
  • Netgear FVG318 | FVG318 Reference Manual - Page 65
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the FVG318 are: • Inbound: Block all access from outside except responses to requests from the LAN side. • Outbound: Allow all access
  • Netgear FVG318 | FVG318 Reference Manual - Page 66
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual An example of the menu for defining or editing a rule is shown in Figure 4-3. The parameters are: • Service. From this list, select the application or service to be allowed or blocked. The list already displays many common services, but
  • Netgear FVG318 | FVG318 Reference Manual - Page 67
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Inbound Rule Example: A Local Public Web Server If you host a public Web server on any incoming CU-SeeMe requests that do not match the allowed parameters. Figure 4-5 Firewall Protection and Content Filtering 4-7 v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 68
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the Advanced menus so that
  • Netgear FVG318 | FVG318 Reference Manual - Page 69
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Figure 4-6 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules table, as shown below: Figure 4-7 For any traffic attempting to pass through the firewall, the packet information is subjected
  • Netgear FVG318 | FVG318 Reference Manual - Page 70
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Default DMZ Server Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service for which you have configured an inbound rule. Instead of discarding
  • Netgear FVG318 | FVG318 Reference Manual - Page 71
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Note: For security, NETGEAR strongly recommends that you avoid using the Default DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses much of the protection of the firewall, and is exposed to many
  • Netgear FVG318 | FVG318 Reference Manual - Page 72
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Attack Check Type Description VPN Pass through IPSec/PPTP/L2TPa Typically, the router is used as a VPN Client or Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets going to the Remote VPN Gateway
  • Netgear FVG318 | FVG318 Reference Manual - Page 73
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual b. From the Type pull-down menu, select whether the service uses TCP, UDP or ICMP as its transport protocol. c. Enter the lowest port number used by the service in the Start Port field. a. Enter the highest port number used by the service
  • Netgear FVG318 | FVG318 Reference Manual - Page 74
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Figure 4-9 To block keywords or Internet days that you want to limit access. 3. If you want to limit access during certain times for the selected Firewall Logs The VPN firewall can be configured to log and e-mail denial of service
  • Netgear FVG318 | FVG318 Reference Manual - Page 75
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Enter the Log LAN network. Both, successful and failed login attempts will be logged. • Secure Login Attempt. Logs a message when a login is attempted using the Secure Remote Management URL (see "Enabling Remote Management Access
  • Netgear FVG318 | FVG318 Reference Manual - Page 76
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 4-10 5. Enable E-Mail Logs. Check the Yes radio box if you wish to receive e-mail logs from the firewall. 6. Enter your E-Mail Address information. If you enabled e-mail notification, these boxes cannot be blank. • Enter the E-
  • Netgear FVG318 | FVG318 Reference Manual - Page 77
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Enter the Return E-Mail Address to which logs and alerts are sent. This e-mail address will also be used as the Send To E-mail address. If you leave this box blank, log and alert messages will not be sent via e-mail. 7. If the SMTP
  • Netgear FVG318 | FVG318 Reference Manual - Page 78
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Log entries are described in Table 4-1 Table initiating device for this log entry. Source port and interface The service port number of the initiating device, and whether it originated from the LAN or WAN. Destination The name or IP
  • Netgear FVG318 | FVG318 Reference Manual - Page 79
    ) and Advanced (see Chapter 6, "Advanced Virtual Private Networking). • "Setting Up a Client-to-Gateway VPN Configuration" on page 5-5 provides the steps needed to configure a VPN tunnel between a remote PC and a network gateway using the VPN Wizard and the NETGEAR ProSafe VPN Client. • "Setting
  • Netgear FVG318 | FVG318 Reference Manual - Page 80
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Overview of VPN Configuration Two common scenarios for configuring VPN tunnels are between a remote personal computer and a network gateway and between two or more network gateways. The FVG318 supports both of these types of VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 81
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN between two or more NETGEAR VPN-enabled firewalls is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use
  • Netgear FVG318 | FVG318 Reference Manual - Page 82
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 5-1. Parameters recommended by the VPNC and used in the VPN Wizard Parameter Authentication Protocol Diffie-Hellman (DH) Group Key Life IKE Life Time NETBIOS Factory Default SHA-1 Group 2 (1024 bit) 8 hours 24 hours Enabled •
  • Netgear FVG318 | FVG318 Reference Manual - Page 83
    802.11g Wireless VPN Firewall FVG318 Reference Manual Setting Up a Client-to-Gateway VPN Configuration Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway (see Figure 5-3) involves the following two steps: • "Step 1: Configuring the Client-to-Gateway VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 84
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Select VPN > VPN Wizard from the menu. The WPN Wizard screen will display. Select the radio button: A remote VPN client (single PC) Enter the new Connection Name: (RoadWarrior in this example) Enter the pre-shared key: (12345678 in
  • Netgear FVG318 | FVG318 Reference Manual - Page 85
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 4. Click the VPN Wizard Default Values link on the VPN Wizard screen to display the VPN default values shown below. The Wizard sets most parameters to defaults as proposed by the VPN Consortium. Figure 5-5 5. Click Apply on the VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 86
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR Web site (http://www.netgear.com) and select VPN01L_VPN05L in the Product Quick Find drop-down menu for information on how to
  • Netgear FVG318 | FVG318 Reference Manual - Page 87
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: In this example, the Connection Name used on the client side of the VPN tunnel is NETGEAR_VPN_router and it does not have to match the RoadWarrior Connection Name used on the gateway side of the VPN tunnel (see Figure 5-8) because
  • Netgear FVG318 | FVG318 Reference Manual - Page 88
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual f. Select Domain Name in the ID Type menu below the check box. g. Enter the public WAN IP Domain Name of the FVG318 in the field directly below the ID Type menu. In this example, fvg_local.com would be used. The resulting Connection
  • Netgear FVG318 | FVG318 Reference Manual - Page 89
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-9 5. Configure the VPN Client Identity. Provide information about the remote VPN client PC. You will need to provide: - The Pre-Shared Key that you configured in the FVG318. - Either a fixed IP address or a "fixed virtual" IP
  • Netgear FVG318 | FVG318 Reference Manual - Page 90
    802.11g Wireless VPN Firewall FVG318 Reference Manual b. Choose None in the Select Certificate box. c. Select IP Address in the ID Type box. If you are using a virtual fixed IP address, enter this address in the Internal Network IP Address box. Otherwise, leave this box empty. d. In the Internet
  • Netgear FVG318 | FVG318 Reference Manual - Page 91
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-12 c. In the Authentication Method menu, select Pre-Shared key. d. In the Encrypt Alg menu, select the type of encryption. In this example, use Triple DES. e. In the Hash Alg menu, select SHA-1. f. In the SA Life menu, select
  • Netgear FVG318 | FVG318 Reference Manual - Page 92
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-13 8. Save the VPN Client Settings. From the File menu at the top of the Security Policy Editor window, click Save. After you have configured and saved the VPN client information, your PC will automatically open the VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 93
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-14 This will cause a continuous ping to be sent to the first FVG318. After between several seconds and two minutes, the ping response should change from "timed out" to "reply", as shown below. Figure 5-15 Once the connection
  • Netgear FVG318 | FVG318 Reference Manual - Page 94
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-16 Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel. 2. The Connection Monitor screen for a similar connection is shown
  • Netgear FVG318 | FVG318 Reference Manual - Page 95
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access. If this is the case, you will need to close the VPN connection in order to have normal Internet access. Transferring a Security
  • Netgear FVG318 | FVG318 Reference Manual - Page 96
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To import an existing Security Policy: 1. Invoke the NETGEAR ProSafe VPN Client and select Import Security Policy from the File pull-down menu. Figure 5-20 2. Select the security policy to import. In this example, the security
  • Netgear FVG318 | FVG318 Reference Manual - Page 97
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Setting Up a Gateway-to-Gateway VPN Configuration Note: This section uses the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 5-1 on page 5-4. If you have special requirements not covered by these
  • Netgear FVG318 | FVG318 Reference Manual - Page 98
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. In the End Point Information section, enter the Remote WANs IP Address or Internet Name and the Local WAN's IP Address or Internet Name. Both local and remote ends must be defined as either IP addresses or Internet Names (FQDNs). Note:
  • Netgear FVG318 | FVG318 Reference Manual - Page 99
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-24 7. Click Apply to complete the configuration procedure. The IKE Policies menu will display the local and remote WAN connection points as shown below. Figure 5-25 8. Click the VPN Policy to display the VPN Policies showing
  • Netgear FVG318 | FVG318 Reference Manual - Page 100
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To configure a gateway-to-gateway VPN tunnel using the VPN Wizard on LAN B:. 1. Log in to the FVG318 on LAN B at its default LAN address of http://192.168.0.1 with its default user name of admin and password of password. 2. Repeat the VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 101
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-28 Activating a VPN Tunnel There are three ways to activate a VPN tunnel: • Start using the VPN tunnel. • Use the IPSec Connection Status screen. • Activate the VPN tunnel by pinging the remote endpoint. To use a VPN tunnel: 1.
  • Netgear FVG318 | FVG318 Reference Manual - Page 102
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To activate the VPN tunnel by pinging the remote endpoint, select your configuration (either client-to-gateway or gateway-to-gateway): Note: This section uses 192.168.3.1 for an example remote endpoint LAN IP address. • Client-to-Gateway
  • Netgear FVG318 | FVG318 Reference Manual - Page 103
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-30 Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote FVG318. After a short wait, you should see the login screen of the VPN Firewall Router (unless another PC
  • Netgear FVG318 | FVG318 Reference Manual - Page 104
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To Use the IPSec Connection Status screen to change the status of a VPN connection: 3. Click VPN > Connection Status (Figure 5-26) to get the IPSec Connection Status screen (Figure 5-27). This page lists the following data for each active
  • Netgear FVG318 | FVG318 Reference Manual - Page 105
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. Select the checkbox adjacent to the policy you want to disable and click disable. The VPN Policy will be disabled. Figure 5-32 Using the VPN Status Page to Deactivate a VPN Tunnel To use the VPN Connection Status screen to deactivate
  • Netgear FVG318 | FVG318 Reference Manual - Page 106
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5-28 v1.0, September 2007 Basic Virtual Private Networking
  • Netgear FVG318 | FVG318 Reference Manual - Page 107
    This chapter describes how to use the advanced virtual private networking (VPN) features of the VPN firewall. See Chapter 5, "Basic Virtual Private Networking" for a description on how to use the basic VPN features. The FVG318 uses state-of-the-art firewall and security technology to facilitate
  • Netgear FVG318 | FVG318 Reference Manual - Page 108
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • VPN Policies. Apply the IKE policy to specific traffic that requires a VPN tunnel. Or, you can create a VPN policy that does not use an IKE policy but in which you manually enter all the authentication and key parameters. Since VPN
  • Netgear FVG318 | FVG318 Reference Manual - Page 109
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The IKE Policy Configuration fields are defined in the following table. Click to create VPN policy. Figure 6-2 VPN Policy Configuration for Auto Key and Manual Negotiation Click the Add New VPN Policy link on the Add IKE Policy screen or
  • Netgear FVG318 | FVG318 Reference Manual - Page 110
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 6-3 The VPN Manual and Auto Policy fields are defined in the following table. Table 6-1. VPN Manual and Auto Policy Configuration Fields Field General Description These settings identify this policy and determine its major
  • Netgear FVG318 | FVG318 Reference Manual - Page 111
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued) Field Policy Name Policy Type: Remote End Point: NetBIOS Traffic Selection Local IP Remote IP Description The descriptive name of the VPN policy. Each policy should
  • Netgear FVG318 | FVG318 Reference Manual - Page 112
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued) Field Description Manual Policy Parameters The Manual as for the inbound policy. Integrity Algorithm: Algorithm used to verify the integrity of the data. •
  • Netgear FVG318 | FVG318 Reference Manual - Page 113
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued) Field PFS Key Group Select IKE Policy Description Perfect Forward Secrecy (PFS) improves security. While this is slower, it will ensure that a Diffie-Hellman
  • Netgear FVG318 | FVG318 Reference Manual - Page 114
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVG318 obtained from the corresponding CA. If the certificate is not present in the CRL it means that the certificate is not
  • Netgear FVG318 | FVG318 Reference Manual - Page 115
    802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 6-4 Gateway A connects the internal LAN 10.5.6.0/24 to the Internet
  • Netgear FVG318 | FVG318 Reference Manual - Page 116
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual FVG318 Gateway A to FVG318 Gateway B (IKE and VPN Policies) Note: This scenario assumes all ports are open on the FVG318. You can verify this by reviewing the security settings as seen in Figure 6-5 Note: FVG318 FVG318 Figure 6-5 Use
  • Netgear FVG318 | FVG318 Reference Manual - Page 117
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual WAN IP addresses ISP provides these addresses Figure 6-6 b. Configure the WAN Internet Address according to the settings above and click Apply to save your settings. For more information on configuring the WAN IP settings, please see "
  • Netgear FVG318 | FVG318 Reference Manual - Page 118
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual d. Configure the LAN IP address according to the settings above and click Apply to save your settings. For more information on LAN TCP/IP setup topics, please see "Configuring LAN TCP/IP Setup Parameters" on page 8-2. Note: After you
  • Netgear FVG318 | FVG318 Reference Manual - Page 119
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual a. Select VPN > Policies and click the VPN Policies tab. The VPN Policies screen will display. Click Add to display the Add VPN Policy screen. Figure 6-9 b. Configure the VPN Policy according to the settings in the illustration above and
  • Netgear FVG318 | FVG318 Reference Manual - Page 120
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To test the Gateway A FVG318 LAN and the Gateway B LAN connection: 1. Using our example, from a PC attached to the FVG318 on LAN A, on a Windows PC click the Start button on the task bar and then click Run. 2. Type ping -t 172.23.9.1, and
  • Netgear FVG318 | FVG318 Reference Manual - Page 121
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 2: FVG318 Gateway to Gateway with Digital Certificates The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509 (PKIX) certificates for authentication. The network setup is
  • Netgear FVG318 | FVG318 Reference Manual - Page 122
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Hash Algorithm. Select the desired option: MD5 in any optional fields on the Add Self Certificate screen that may apply. • IP Address. If you use "IP type" in the IKE policy, you should input the IP Address here. Otherwise, you should
  • Netgear FVG318 | FVG318 Reference Manual - Page 123
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual g. Click Generate The FVG318 generates a pending Self Certificate Request as shown below. Click view to display the data. Highlight, copy, and paste this data into a text file. Figure 6-11 4. Transmit the Self Certificate Request data
  • Netgear FVG318 | FVG318 Reference Manual - Page 124
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual f. The "FVG318" certificate will display in the Active Self Certificates table and the pending "FVG318" Self Certificate Request will be deleted. 7. Associate the new certificate and the Trusted Root CA certificate on the FVG318. a.
  • Netgear FVG318 | FVG318 Reference Manual - Page 125
    7 Maintenance This chapter describes how to use the maintenance features of your ProSafe 802.11g Wireless VPN Firewall. These features can be found by selecting Monitoring > Router Status from the main menu of the browser interface. Viewing VPN Firewall Router Status Information The Router Status
  • Netgear FVG318 | FVG318 Reference Manual - Page 126
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual This screen shows the following parameters: Table 7-1. FVG318 Status fields Field System Name Firmware Version Wireless Configuration SSID: Mode Security Settings Region Channel AP MAC Address WAN Port WAN State NAT DHCP Connection
  • Netgear FVG318 | FVG318 Reference Manual - Page 127
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 7-1. FVG318 Status fields Field IP Address IP Subnet Mask DHCP Description The IP address used by the Local (LAN) port of the firewall. The default is 192.168.0.1 The IP Subnet Mask used by the Local (LAN) port of the firewall.
  • Netgear FVG318 | FVG318 Reference Manual - Page 128
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Upgrading the Firewall Software The routing software of the FVG318 VPN firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's Web site. If the upgrade
  • Netgear FVG318 | FVG318 Reference Manual - Page 129
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. Highlight the file and click Upload. Note: When uploading software to the VPN firewall, it is important not to interrupt the Web browser by closing the window, clicking a link, or loading a new page. If the browser is interrupted, it
  • Netgear FVG318 | FVG318 Reference Manual - Page 130
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Changing the Administrator Password The default password for the firewall's Web Configuration Manager is password. NETGEAR recommends that you change this password to a more secure password. Select Administration > Set Password to display
  • Netgear FVG318 | FVG318 Reference Manual - Page 131
    the advanced features of your ProSafe 802.11g Wireless VPN Firewall FVG318. Configuring Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet
  • Netgear FVG318 | FVG318 Reference Manual - Page 132
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 8. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to
  • Netgear FVG318 | FVG318 Reference Manual - Page 133
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual These addresses are part of the IETF-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing scheme, you can make those
  • Netgear FVG318 | FVG318 Reference Manual - Page 134
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Primary DNS server (if you entered a primary DNS address in the WAN Settings menu; otherwise, the firewall's LAN IP address) • Secondary DNS server (if you entered a secondary DNS address in the WAN Settings menu Using Address
  • Netgear FVG318 | FVG318 Reference Manual - Page 135
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not
  • Netgear FVG318 | FVG318 Reference Manual - Page 136
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. Type the Destination IP Address of the final destination. 6. Type the IP Subnet Mask for this destination. If the destination is a single host, type 255.255.255.255. 7. Type the Gateway IP Address, which must be a firewall used adapt to
  • Netgear FVG318 | FVG318 Reference Manual - Page 137
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - When firewall sends. (It recognizes both formats when receiving.) - RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you have an unusual network setup. - RIP-2 carries more information. - RIP-2B uses
  • Netgear FVG318 | FVG318 Reference Manual - Page 138
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • You have an ISDN firewall on your home network for connecting to the company where you are employed. This firewall's address on your LAN is 192.168.0.100. • Your company's network is 134.177.0.0. When you first configured your firewall,
  • Netgear FVG318 | FVG318 Reference Manual - Page 139
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 8-6 2. Select the Yes radio box for Allow Remote Management. • Specify what external addresses will be allowed to access the firewall's remote management. Note: For enhanced security, restrict access to as few external IP
  • Netgear FVG318 | FVG318 Reference Manual - Page 140
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Tip: If you are using a dynamic DNS service such as TZO, you can always identify the IP address of your FVG318 supports the SNMPv2c protocol version and can send traps to a specified community. Select Administration > SNMP to access
  • Netgear FVG318 | FVG318 Reference Manual - Page 141
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To create a new SNMP configuration entry: 1. Enter the IP address of an SNMP trap agent. 2. Enter the Subnet Mask. The network mask used to determine the list of allowed SNMP managers. • To allow any IP on the network to manager the
  • Netgear FVG318 | FVG318 Reference Manual - Page 142
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Enabling Universal Plug and Play (UPnP) UPnP (Universal Plug and Play) allows for automatic discovery of devices that can communicate with this router. This feature should be used with caution as it breaches firewall security. Select
  • Netgear FVG318 | FVG318 Reference Manual - Page 143
    This chapter gives information about troubleshooting your ProSafe 802.11g Wireless VPN Firewall. After each problem description, instructions are provided to help you diagnose and solve the problem. Basic Functioning After you turn on power to the firewall, the following sequence of events
  • Netgear FVG318 | FVG318 Reference Manual - Page 144
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turn on briefly and then turn off. If all the LEDs stay on, there is a fault within the firewall. If all LEDs are still on one minute after power up: • Cycle the power to see if
  • Netgear FVG318 | FVG318 Reference Manual - Page 145
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: If your PC's IP address is shown as 169.254.x.x: Recent versions of Windows and MacOS will generate and assign an IP address if
  • Netgear FVG318 | FVG318 Reference Manual - Page 146
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual If your firewall is unable to obtain an IP address from the ISP, you may need to force your cable or DSL modem to recognize your new firewall by performing the following procedure: 1. Turn off power to the cable or DSL modem. 2. Turn off
  • Netgear FVG318 | FVG318 Reference Manual - Page 147
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls problems: • Wrong physical connections - Make sure the LAN port LED is on. If the LED is off, follow the instructions in "LAN or Internet Port
  • Netgear FVG318 | FVG318 Reference Manual - Page 148
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - Verify that the IP address for your firewall and your workstation are correct and that the addresses are on the same subnet. Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the
  • Netgear FVG318 | FVG318 Reference Manual - Page 149
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Use the Reset button on the rear panel of the firewall. Use this method for cases when the administration password or IP address are not known. a. Press and hold the Reset button until the Test LED turns
  • Netgear FVG318 | FVG318 Reference Manual - Page 150
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 9-8 Troubleshooting v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 151
    the VPN firewall, use the procedures below to customize any of the settings to better meet your networking needs. Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Local Network (LAN) Lan IP
  • Netgear FVG318 | FVG318 Reference Manual - Page 152
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Feature Default Behavior DHCP Starting IP Address 192.168.0.2 DHCP Ending IP Address 192.168.0.100 DMZ Disabled Time Zone GMT Time Zone Adjusted for Daylight Saving Disabled Time SNMP Disabled Firewall Inbound (
  • Netgear FVG318 | FVG318 Reference Manual - Page 153
    Firewall FVG318 Reference Manual Technical Specifications This appendix provides technical specifications for the ProSafe 802.11g Wireless VPN Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter
  • Netgear FVG318 | FVG318 Reference Manual - Page 154
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A-4 Default Settings and Technical Specifications v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 155
    to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Windows XP and Vista Wireless http://documentation.netgear.com/reference/enu/winzerocfg/index.htm Configuration Utilities Internet Networking and TCP/IP http
  • Netgear FVG318 | FVG318 Reference Manual - Page 156
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual B-2 Related Documents v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 157
    you begin the configuration process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and all of the parameters that need to be set on both sides. Check that there are no firewall restrictions. VPN Configuration of NETGEAR FVG318 C-1 v1.0, September 2007
  • Netgear FVG318 | FVG318 Reference Manual - Page 158
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure C-1 Configuring the Gateways Configure each gateway: 1. Configure Gate A. a. Log in to the router at Gateway A. b. Use the VPN Wizard to configure this router. Enter the requested information as prompted by the VPN Wizard: •
  • Netgear FVG318 | FVG318 Reference Manual - Page 159
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The default log in address for the FVG318 router is http://192.168.0.1 with the default user name of admin and default password of password. The login address will change to the local LAN IP subnet address after you configure the
  • Netgear FVG318 | FVG318 Reference Manual - Page 160
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table C-1. Policy Summary Security Scheme: IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B IKE with Preshared Secret/Key Static IP address Static IP address Configuring the VPN Tunnel This scenario assumes all ports are open on the
  • Netgear FVG318 | FVG318 Reference Manual - Page 161
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - Subnet Mask: 255.255.255.0 (in this example) 3. Log in to the FVG318 labeled Gateway B. Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of password (or using whatever password
  • Netgear FVG318 | FVG318 Reference Manual - Page 162
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Initiating and Checking the VPN Connections You can test connectivity and view VPN status information on the FVG318 according to the testing flowchart shown in Figure C-2. To test the VPN tunnel from the Gateway A LAN, do the following:
  • Netgear FVG318 | FVG318 Reference Manual - Page 163
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case Table C-2. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: Date Tested: IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B Scenario 1 LAN-to-LAN or Gateway-to-Gateway IKE with Preshared
  • Netgear FVG318 | FVG318 Reference Manual - Page 164
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Connection Name: Scenario_1 (in this example) • Pre-Shared Key: 12345678 (in this example), must be the same at both VPN tunnel endpoints • Remote WAN IP address: 22.23.24.25 (in this example), must be unique at each VPN tunnel
  • Netgear FVG318 | FVG318 Reference Manual - Page 165
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • The remote WAN and LAN IP addresses for one VPN tunnel endpoint will be the local WAN and LAN IP addresses for the other VPN tunnel endpoint. • The VPN Wizard ensures the other VPN parameters are the same at both VPN tunnel endpoints.
  • Netgear FVG318 | FVG318 Reference Manual - Page 166
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVL328 Case Table C-3. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B Scenario 1 LAN-to-LAN or Gateway-to-Gateway IKE with Preshared Secret/Key
  • Netgear FVG318 | FVG318 Reference Manual - Page 167
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Pre-Shared Key: 12345678 (in this example), must be the same at both VPN tunnel endpoints • Remote WAN IP address: 22.23.24.25 (in this example), must be unique at each VPN tunnel endpoint • Remote LAN IP Subnet - IP Address: 172.23.9.1
  • Netgear FVG318 | FVG318 Reference Manual - Page 168
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • The remote WAN and LAN IP addresses for one VPN tunnel endpoint will be the local WAN and LAN IP addresses for the other VPN tunnel endpoint. • The VPN Wizard ensures the other VPN parameters are the same at both VPN tunnel endpoints.
  • Netgear FVG318 | FVG318 Reference Manual - Page 169
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-VPN Client Case Table C-4. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: Date Tested: IP Addressing: NETGEAR-Gateway A NETGEAR-Client B Scenario 1 PC/Client-to-Gateway IKE with Preshared Secret/Key
  • Netgear FVG318 | FVG318 Reference Manual - Page 170
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring the VPN Tunnel This scenario assumes all ports are open on the FVG318. Figure C-6 Use this scenario illustration and configuration screens as a model to build your configuration. 1. Log in to the FVG318 labeled Gateway A Log
  • Netgear FVG318 | FVG318 Reference Manual - Page 171
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual b. Add a new connection using the Edit/Add/Connection menu and rename it Scenario_1. (Scenario_1 is used in this example to reflect the fact that the connection uses + signs. VPN Configuration of NETGEAR FVG318 v1.0, September 2007 C-15
  • Netgear FVG318 | FVG318 Reference Manual - Page 172
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure C-8 d. Select Security Policy on the left hierarchy menu and then select Aggressive Mode under Select Phase 1 Negotiation Mode (see Figure C-9). (The Select Phase 1 Negotiation
  • Netgear FVG318 | FVG318 Reference Manual - Page 173
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 11 for the gateway router. Figure C-11 g. Save the Scenario_1 connection using Save under the File menu. You can also export the connection parameters using Export Security Policy under the File menu. VPN Configuration of NETGEAR FVG318
  • Netgear FVG318 | FVG318 Reference Manual - Page 174
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual You are new ready to activate the tunnel, but you must do it from the client endpoint (see "Initiating and Checking the VPN Connections" on page C-18). In the client-to-gateway scenario, the gateway router will not know the client's IP
  • Netgear FVG318 | FVG318 Reference Manual - Page 175
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Test 2: Ping Remote WAN IP Address (if Test 1 fails): To test connectivity between the Gateway A and Gateway B WAN ports, follow these steps: a. From a Windows Client PC, click the Start button on the task bar and then click Run. b.
  • Netgear FVG318 | FVG318 Reference Manual - Page 176
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual C-20 VPN Configuration of NETGEAR FVG318 v1.0, September 2007
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
202-10318-01
September 2007
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
ProSafe 802.11g Wireless
VPN Firewall FVG318
Reference Manual