Netgear FVG318NA FVG318 Reference Manual

Netgear FVG318NA Manual

Get Netgear FVG318NA PDF manuals and user guides View all Netgear FVG318NA manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVG318NA manual content summary:

  • Netgear FVG318NA | FVG318 Reference Manual - Page 1
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10318-01 September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 2
    NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe 802.11g Wireless VPN Please refer to the notes in the operating instructions.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 3
    tento Radiolan je ve shode se základními požadavky a dalšími príslušnými ustanoveními smernice 1999/5/ES.. Dansk [Danish] Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Deutsch [German] Hiermit
  • Netgear FVG318NA | FVG318 Reference Manual - Page 4
    any user serviceable components NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that the model FVG318 ProSafe 802.11g Wireless VPN Firewall complies with Part 15 of FCC Rules. Operation is subject to the following two conditions: • This device
  • Netgear FVG318NA | FVG318 Reference Manual - Page 5
    radio receiver is connected • Consult the dealer or an experienced radio/TV technician for help. ProSafe 802.11g Wireless VPN Firewall Tested to instructions for correct handling. Canadian Department of Communications Radio Interference Regulations This digital apparatus (ProSafe 802.11g Wireless VPN
  • Netgear FVG318NA | FVG318 Reference Manual - Page 6
    Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number: FVG318 September 2007 Wireless Router ProSafe 802.11g Wireless VPN Firewall Business English 202-10318-01 1.0 vi v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 7
    this Manual xiv Revision History ...xv Chapter 1 Introduction Key Features of the VPN Firewall Router 1-1 802.11g and 802.11b Wireless Networking 1-2 Wireless Multimedia (WMM) Support 1-2 A Powerful, True Firewall with Content Filtering 1-2 Security ...1-3 Autosensing Ethernet Connections with
  • Netgear FVG318NA | FVG318 Reference Manual - Page 8
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Chapter 3 Configuring Wireless Connectivity Observing Performance, Placement, and Range Guidelines 3-1 Implementing Appropriate Wireless Security 3-2 Understanding Wireless Settings 3-3 Security Check List for SSID and WEP Settings
  • Netgear FVG318NA | FVG318 Reference Manual - Page 9
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Setting Up a Client-to-Gateway VPN Configuration 5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVG318 5-5 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ...........5-7 Monitoring the Progress and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 10
    the ISP Connection 9-3 Troubleshooting a TCP/IP Network Using a Ping Utility 9-5 Testing the LAN Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-6 Problems with Date and Time 9-7 Appendix A Default Settings and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 11
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case C-7 Configuring the VPN Tunnel C-7 Viewing and Editing the VPN Parameters C-8 Initiating and Checking the VPN Connections C-9 The FVG318-to-FVL328 Case C-10 Configuring the VPN Tunnel C-10 Viewing and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 12
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual xii Contents v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 13
    About This Manual The NETGEAR® ProSafe™ 802.11g Wireless VPN Firewall FVG318 Reference Manual describes how to install, configure and troubleshoot the ProSafe 802.11g Wireless VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 14
    Scope. This manual is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe 802.11g Wireless VPN Firewall September 2007 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in
  • Netgear FVG318NA | FVG318 Reference Manual - Page 15
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is
  • Netgear FVG318NA | FVG318 Reference Manual - Page 16
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual xvi About This Manual v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 17
    the features of the NETGEAR® ProSafe 802.11g Wireless VPN Firewall, Model FVG318. Key Features of the VPN Firewall Router The ProSafe 802.11g Wireless VPN Firewall with eight-port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem
  • Netgear FVG318NA | FVG318 Reference Manual - Page 18
    security. • WEP keys can be generated manually or by passphrase. • Wireless access can be restricted by MAC Address. • Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect. Wireless Multimedia (WMM) Support WMM is a subset of the 802
  • Netgear FVG318NA | FVG318 Reference Manual - Page 19
    type of cable to make the right connection. Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to Appendix B, "Related Documents." Introduction 1-3 v1
  • Netgear FVG318NA | FVG318 Reference Manual - Page 20
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Address Sharing by NAT. The VPN firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This
  • Netgear FVG318NA | FVG318 Reference Manual - Page 21
    802.11g Wireless VPN Firewall FVG318 Reference Manual Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade. • Free technical support seven days a week, 24 hours a day. Note: The FVS318v3 firmware is not
  • Netgear FVG318NA | FVG318 Reference Manual - Page 22
    802.11g Wireless VPN Firewall FVG318 Reference Manual You can use some of the LEDs to verify connections. Viewed from left to right, Table 1-1 describes the LEDs on the front panel of the firewall. These LEDs are green when lit. Table 1-1. LED Descriptions LED Label PWR TEST INTERNET 100 (100
  • Netgear FVG318NA | FVG318 Reference Manual - Page 23
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Viewed from left to right, the rear panel contains the following features: • Detachable wireless antenna • Factory default reset push button • Eight Ethernet LAN ports • Internet Ethernet WAN port for connecting the firewall to a cable or
  • Netgear FVG318NA | FVG318 Reference Manual - Page 24
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 1-8 Introduction v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 25
    configuration of your ProSafe 802.11g Wireless VPN Firewall using the Setup Wizard, or how to manually configure your Internet connection. Follow these instructions to set up your firewall. Installing Your FVG318 • For Cable Modem Service: When you set up the VPN firewall router, be sure to use the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 26
    .11g Wireless VPN Firewall FVG318 Reference Manual A Figure 2-1 d. Securely insert the Ethernet cable from your modem into the FVG318 Internet port (point B in the illustration). B Figure 2-2 e. Securely insert one end of the NETGEAR cable that came with your FVG318 into a Local port on the router
  • Netgear FVG318NA | FVG318 Reference Manual - Page 27
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual D C Figure 2-3 2. Restart your network in the correct sequence Warning: Failure to restart your network in the correct sequence could prevent you from connecting to the Internet. a. First, plug in and turn on the cable or DSL modem.Wait
  • Netgear FVG318NA | FVG318 Reference Manual - Page 28
    lit. If the Wireless light is not lit, see the Troubleshooting Tips in this guide. • LOCAL: A LOCAL light should be lit. Configuring the FVG318 for Internet Access with Auto Detect To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP, which
  • Netgear FVG318NA | FVG318 Reference Manual - Page 29
    11g Wireless VPN Firewall FVG318 Reference Manual 2. When prompted, enter admin for the firewall User Name and password for the firewall Password. Both fields are case-sensitive. (For security reasons, the firewall has its own User Name and Password.) Figure 2-6 3. Click Login. You will be connected
  • Netgear FVG318NA | FVG318 Reference Manual - Page 30
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 4. Select Network Configuration. The WAN ISP Settings screen will display. Click Auto Detect at the bottom of the WAN ISP Settings screen. The router will automatically attempt to detect your connection type. A message will display
  • Netgear FVG318NA | FVG318 Reference Manual - Page 31
    Internet Service Connections Connection Method PPPoE PPPoA DHCP (Dynamic IP) Static (Fixed) IP IPoA Data Required Login (Username, Password). Login (Username, Password). No data is required. Internet IP address, Subnet Mask and Gateway IP Address supplied by your ISP; and the Router's DNS Address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 32
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - Password. Enter the password you use to log in to your ISP. • Enter your ISP Type information: - Austria (PPTP): If your ISP is Austria Telecom or any other ISP
  • Netgear FVG318NA | FVG318 Reference Manual - Page 33
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Subnet Mask: This is usually provided by the ISP or your network administrator. • Gateway IP Address: IP address of your ISP's gateway. This is usually provided by the ISP or your network administrator. 3. Select your Domain Name
  • Netgear FVG318NA | FVG318 Reference Manual - Page 34
    FVG318 Reference Manual The gateway contains a client that can connect to a dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with them. After you have configured your account information in the gateway, whenever your ISP-assigned IP address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 35
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. Click Apply to save your configuration. Configuring Your Time Zone The VPN firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. In order to localize
  • Netgear FVG318NA | FVG318 Reference Manual - Page 36
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Select the Use Custom NTP Servers if you prefer to use a particular NTP server. - Enter the name or IP address of an NTP Server in the Server 1 Name/IP Address field. - If required, you can also enter the address of another NTP server
  • Netgear FVG318NA | FVG318 Reference Manual - Page 37
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Some cable modem ISPs require you to use the MAC address of the computer registered on the account. If so, in the Router MAC Address section of the Basic Settings menu, select, "Use this Computer's MAC Address." The router will then
  • Netgear FVG318NA | FVG318 Reference Manual - Page 38
    router in the address field of your browser, then press Enter. 192.168.0.1 is the default IP address of the VPN firewall router. The VPN firewall router will prompt you to enter the user name of admin and the password. The default password is password. 2-14 Connecting the Firewall to the Internet
  • Netgear FVG318NA | FVG318 Reference Manual - Page 39
    wireless networking, refer to in "Wireless Communications" in Appendix B. Note: Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the VPN firewall router. For complete range and performance specifications, please see "Default
  • Netgear FVG318NA | FVG318 Reference Manual - Page 40
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Implementing Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of
  • Netgear FVG318NA | FVG318 Reference Manual - Page 41
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Wi-Fi Protected Access (WPA and WPA2). The very strong authentication along with dynamic per frame rekeying of WPA and WPA2 make it virtually impossible to compromise. Because this is a new standard, wireless device driver and software
  • Netgear FVG318NA | FVG318 Reference Manual - Page 42
    than one wireless network, different wireless network names provide a means for separating the traffic. Any device you want to participate in the 802.11b/g wireless network will need to use this SSID for that network. The FVG318 default SSID is: NETGEAR. 3-4 Configuring Wireless Connectivity v1
  • Netgear FVG318NA | FVG318 Reference Manual - Page 43
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - Region. This field identifies the region where the FVG318 can be used. It may not be legal to operate the wireless features of the VPN firewall router in a region other than one of those identified in this field. Unless you select a
  • Netgear FVG318NA | FVG318 Reference Manual - Page 44
    802.11g Wireless VPN Firewall FVG318 Reference Manual - WPA2-PSK: WPA2 is a later version of WPA. Only select this if all clients support WPA2. If (Wireless Client) must have a "user" login on the Radius Server-normally done via a digital certificate. Also, this device must have a "client" login
  • Netgear FVG318NA | FVG318 Reference Manual - Page 45
    local area network. Wireless is the default FVG318 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below. Note: The SSID in the VPN firewall router is the SSID you configure in the wireless adapter card. All wireless nodes in the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 46
    Reference Manual Setting Up and Testing Basic Wireless Connectivity Follow the instructions below to set up and test basic wireless connectivity. Once you have established basic wireless connectivity, you can enable security settings appropriate to your needs. 1. Log in using the default LAN address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 47
    your PCs for wireless connectivity. Program the wireless adapter of your PCs to have the same SSID that you configured in the FVG318. Check that they have a wireless link and are able to obtain an IP address by DHCP from the VPN firewall router. Once your PCs have basic wireless connectivity to the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 48
    be able to connect to the VPN firewall router. 4. You can add trusted devices by selecting a device from the list of available wireless cards the FVG318 has discovered in your area, or you can manually enter the MAC address. • Add a wireless station manually be entering the device MAC Address in the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 49
    .11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-5 3. In the Wireless Security Type section, select the WEP radio box. The WEP fields section will be highlighted. 4. Choose the Authentication Type (Automatic, Open System or Shared Key) and Encryption Strength options. You can manually or
  • Netgear FVG318NA | FVG318 Reference Manual - Page 50
    driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings. To configure WPA with RADIUS: 1. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password
  • Netgear FVG318NA | FVG318 Reference Manual - Page 51
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-6 3. Select the WPA radio box and then select RADIUS from the WPA with: pull-down menu in the Wireless Security Type section. The RADIUS settings fields in the Radius Server Settings section will be highlighted. Note: The
  • Netgear FVG318NA | FVG318 Reference Manual - Page 52
    802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA2 with RADIUS Note: Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA2. Nevertheless
  • Netgear FVG318NA | FVG318 Reference Manual - Page 53
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be AES by default. For WPA2 with RADIUS, AES is used. 4. Enter the Radius Server Settings. • Primary Server Name/IP Address: This field is required. Enter the name or IP address of the primary Radius
  • Netgear FVG318NA | FVG318 Reference Manual - Page 54
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-8 3. Select the WPA and WPA2 radio box and then select RADIUS from the WPA with: pulldown menu in the Wireless Security Type section. The RADIUS settings fields in the Radius Server Settings section will be highlighted. Note:
  • Netgear FVG318NA | FVG318 Reference Manual - Page 55
    and driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings. To configure WPA-PSK: 1. Log in at the default LAN address of http://192.168.0.1, with the default user name of admin and default password of
  • Netgear FVG318NA | FVG318 Reference Manual - Page 56
    and driver must also support WPA2. Consult the product document for your wireless adapter and WP2 client software for instructions on configuring WPA2 settings. To configure WPA2-PSK: 1. Log in at the default LAN address of http://192.168.0.1, with the default user name of admin and default password
  • Netgear FVG318NA | FVG318 Reference Manual - Page 57
    VPN Firewall FVG318 Reference Manual Figure 3-10 3. Select the WPA2 radio box and then select PSK from the WPA with: pull-down menu in the Wireless Security Type section. The PSK settings fields in the PSK Settings section will be highlighted. Note: The Encryption choice will be AES by default
  • Netgear FVG318NA | FVG318 Reference Manual - Page 58
    802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK and WPA2-PSK Note: Not all wireless adapters support WPA and WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 59
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be TKIP+AES by default. For WPA and WPA2+PSK, TKIP+AES is If desired, you can change the default value. 5. Click Apply to save your settings. Configuring Wireless Connectivity v1.0, September 2007 3-21
  • Netgear FVG318NA | FVG318 Reference Manual - Page 60
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3-22 v1.0, September 2007 Configuring Wireless Connectivity
  • Netgear FVG318NA | FVG318 Reference Manual - Page 61
    and Content Filtering Overview The ProSafe 802.11g Wireless VPN Firewall FVG318 provides you with Web content filtering options, plus addresses and Web address keywords. You can also block Internet access by applications and services, such as chat or games. A firewall is a special category of router
  • Netgear FVG318NA | FVG318 Reference Manual - Page 62
    Wireless VPN Firewall FVG318 Reference Manual Certain commonly used web components can also be blocked for increased security. Some of these components can be used by malicious websites to infect computers that access them. For example: • Proxy. A proxy server allows computers to route connections
  • Netgear FVG318NA | FVG318 Reference Manual - Page 63
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Check the Yes radio box in the IP Addresses, Blocked Keywords and Trusted Domains. Trusted Internet Addresses and Trusted Domains are Internet addresses and sites for which content filtering maybe bypassed. The Trusted IP Addresses
  • Netgear FVG318NA | FVG318 Reference Manual - Page 64
    Wireless VPN Firewall FVG318 Reference Manual 1. In the appropriate field add the IP Address or Domain Name. 2. Click Add. The IP Address or Domain Name will appear in the appropriate table. 3. Click Edit adjacent to the entry to modify or change the selected IP Address all Internet browsing access
  • Netgear FVG318NA | FVG318 Reference Manual - Page 65
    Wireless VPN Firewall FVG318 Reference Manual A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the FVG318 default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses,
  • Netgear FVG318NA | FVG318 Reference Manual - Page 66
    802.11g Wireless VPN Firewall FVG318 Reference Manual An example of the menu for defining or editing a rule is shown in Figure 4-3. The parameters are: • Service. From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you
  • Netgear FVG318NA | FVG318 Reference Manual - Page 67
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Inbound Rule Example: A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time
  • Netgear FVG318NA | FVG318 Reference Manual - Page 68
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the Advanced menus so that
  • Netgear FVG318NA | FVG318 Reference Manual - Page 69
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Figure 4-6 Order of Precedence for Rules As you define new rules in the order shown in the Rules table, beginning at the top and proceeding to the default rules at the bottom. In some cases, the order of precedence of two or more rules
  • Netgear FVG318NA | FVG318 Reference Manual - Page 70
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Default DMZ Server Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service for which you have configured an inbound rule. Instead of discarding
  • Netgear FVG318NA | FVG318 Reference Manual - Page 71
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Note: For security, NETGEAR strongly recommends that you avoid using the Default DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses much of the protection of the firewall, and is exposed to many
  • Netgear FVG318NA | FVG318 Reference Manual - Page 72
    802.11g Wireless VPN Firewall FVG318 Reference Manual Attack Check Type Description VPN Pass through IPSec/PPTP/L2TPa Typically, the router is used as a VPN Client or Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets going to the Remote VPN Gateway are
  • Netgear FVG318NA | FVG318 Reference Manual - Page 73
    802.11g Wireless VPN Firewall FVG318 Reference Manual b. From the Type pull-down menu, select whether the service uses TCP, UDP or ICMP as its transport protocol. c. Enter the lowest port number used by the service in the Start Port field. a. Enter the highest port number used by the service in the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 74
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Figure 4-9 To block keywords or Internet domains based VPN firewall can be configured to log and e-mail denial of service attacks, general attack information, login attempts, dropped packets, and so forth, to a specified e-mail address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 75
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Enter the Log Identifier in the Log Options sections Access" on page 8-8). Both, successful and failed login attempts will be logged. • Reboots. Record a message when the device has been rebooted through the Web interface. • All
  • Netgear FVG318NA | FVG318 Reference Manual - Page 76
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 4-10 5. Enable E-Mail Logs. Check the Yes radio box if you wish to receive e-mail logs from the firewall. 6. Enter your E-Mail Address information. If you enabled e-mail notification, these boxes cannot be blank. • Enter the E-
  • Netgear FVG318NA | FVG318 Reference Manual - Page 77
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Enter the Return E-Mail Address to which logs and alerts are sent. This e-mail address will also be used as the Send To E-mail address. If you leave this box blank, log and alert messages will not be sent via e-mail. 7. If the SMTP
  • Netgear FVG318NA | FVG318 Reference Manual - Page 78
    VPN Firewall FVG318 Reference Manual Log entries are described in Table 4-1 Table 4-1. Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 79
    Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. • Appendix C, "VPN Configuration of NETGEAR FVG318" presents a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR
  • Netgear FVG318NA | FVG318 Reference Manual - Page 80
    Wireless VPN Firewall FVG318 Reference Manual Overview of VPN Configuration Two common scenarios for configuring VPN tunnels are between a remote personal computer and a network gateway and between two or more network gateways. The FVG318 supports both of these types of VPN configurations. The VPN
  • Netgear FVG318NA | FVG318 Reference Manual - Page 81
    802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN between two or more NETGEAR VPN-enabled firewalls is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use FVG318s on
  • Netgear FVG318NA | FVG318 Reference Manual - Page 82
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 5-1. Parameters recommended by the VPNC and used in the VPN Wizard Parameter Authentication Protocol Diffie-Hellman (DH) Group Key Life IKE Life Time NETBIOS Factory Default SHA-1 Group 2 (1024 bit) 8 hours 24 hours Enabled •
  • Netgear FVG318NA | FVG318 Reference Manual - Page 83
    , refer to Chapter 6, "Advanced Virtual Private Networking" to set up the VPN tunnel. Follow this procedure to configure a client-to-gateway VPN tunnel using the VPN Wizard. 1. Log in to the FVG318 at its LAN address of http://192.168.0.1 with its default user name of admin and password of password
  • Netgear FVG318NA | FVG318 Reference Manual - Page 84
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Select VPN > VPN Wizard from the menu. The WPN Wizard screen will display. Select the radio button: A remote VPN client (single PC) Enter the new Connection Name: (RoadWarrior in this example) Enter the pre-shared key: (12345678 in
  • Netgear FVG318NA | FVG318 Reference Manual - Page 85
    802.11g Wireless VPN Firewall FVG318 Reference Manual 4. Click the VPN Wizard Default Values link on the VPN Wizard screen to display the VPN default values shown below. The Wizard sets most parameters to defaults as proposed by the VPN Consortium. Figure 5-5 5. Click Apply on the VPN Wizard screen
  • Netgear FVG318NA | FVG318 Reference Manual - Page 86
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR Web site (http://www.netgear.com) and select VPN01L_VPN05L in the Product Quick Find drop-down menu for information on how to
  • Netgear FVG318NA | FVG318 Reference Manual - Page 87
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: In this example, the Connection Name used on the client side of the VPN tunnel is NETGEAR_VPN_router and it does not have to match the RoadWarrior Connection Name used on the gateway side of the VPN tunnel (see Figure 5-8) because
  • Netgear FVG318NA | FVG318 Reference Manual - Page 88
    802.11g Wireless VPN Firewall FVG318 Reference Manual f. Select Domain Name in the ID Type menu below the check box. g. Enter the public WAN IP Domain Name of the FVG318 in the field directly below the ID Type menu. In this example, fvg_local.com would be used. The resulting Connection Settings are
  • Netgear FVG318NA | FVG318 Reference Manual - Page 89
    Wireless VPN Firewall FVG318 Reference Manual Figure 5-9 5. Configure the VPN Client Identity. Provide information about the remote VPN client PC. You will need to provide: - The Pre-Shared Key that you configured in the FVG318. - Either a fixed IP address or a "fixed virtual" IP address of the VPN
  • Netgear FVG318NA | FVG318 Reference Manual - Page 90
    Wireless VPN Firewall FVG318 Reference Manual b. Choose None in the Select Certificate box. c. Select IP Address in the ID Type box. If you are using a virtual fixed IP address, enter this address in the Internal Network IP Address box. Otherwise, leave this box empty. d. In the Internet Interface
  • Netgear FVG318NA | FVG318 Reference Manual - Page 91
    Wireless VPN Firewall FVG318 Reference Manual VPN Client Key Exchange Proposal. Provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the FVG318 the Encapsulation menu, select Tunnel. h. Leave the Authentication Protocol (AH) check
  • Netgear FVG318NA | FVG318 Reference Manual - Page 92
    open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN firewall's LAN. To check the VPN connection. Initiate a request from the remote PC to the FVG318's network by using the "Connect" option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client
  • Netgear FVG318NA | FVG318 Reference Manual - Page 93
    PC and enter the LAN IP address of the remote FVG318. After a short wait, you should see the login screen of the VPN Firewall Router (unless another PC already has the FVG318 management interface open). Monitoring the Progress and Status of the VPN Client Connection Information on the progress and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 94
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-16 Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel. 2. The Connection Monitor screen for a similar connection is shown
  • Netgear FVG318NA | FVG318 Reference Manual - Page 95
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access. If this is the case, you will need to close the VPN connection in order to have normal Internet access. Transferring a Security
  • Netgear FVG318NA | FVG318 Reference Manual - Page 96
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To import an existing Security Policy: 1. Invoke the NETGEAR ProSafe VPN Client and select Import Security Policy imported. In this example, the connection name is Scenario_1 5-18 v1.0, September 2007 Basic Virtual Private Networking
  • Netgear FVG318NA | FVG318 Reference Manual - Page 97
    will show how to set the LAN IPs on each FVG318 to different subnets and configure each properly for the Internet. • The LAN IP address ranges of each VPN endpoint must be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x. • In this example
  • Netgear FVG318NA | FVG318 Reference Manual - Page 98
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. In the End Point Information section, enter the Remote WANs IP Address or Internet Name and the Local WAN's IP Address or Internet Name. Both local and remote ends must be defined as either IP addresses or Internet Names (FQDNs). Note:
  • Netgear FVG318NA | FVG318 Reference Manual - Page 99
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-24 7. Click Apply to complete the configuration procedure. The IKE Policies menu will display the local and remote WAN connection points as shown below. Figure 5-25 8. Click the VPN Policy to display the VPN Policies showing
  • Netgear FVG318NA | FVG318 Reference Manual - Page 100
    802.11g Wireless VPN Firewall FVG318 Reference Manual To configure a gateway-to-gateway VPN tunnel using the VPN Wizard on LAN B:. 1. Log in to the FVG318 on LAN B at its default LAN address of http://192.168.0.1 with its default user name of admin and password of password. 2. Repeat the VPN Wizard
  • Netgear FVG318NA | FVG318 Reference Manual - Page 101
    802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-28 Activating a VPN Tunnel There are three ways to activate a VPN tunnel: • Start using the VPN tunnel. • Use the IPSec Connection Status screen. • Activate the VPN tunnel by pinging the remote endpoint. To use a VPN tunnel: 1. Open
  • Netgear FVG318NA | FVG318 Reference Manual - Page 102
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To activate the VPN tunnel by pinging the remote endpoint, select your configuration (either client-to-gateway or gateway-to-gateway): Note: This section uses 192.168.3.1 for an example remote endpoint LAN IP address. • Client-to-Gateway
  • Netgear FVG318NA | FVG318 Reference Manual - Page 103
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-30 Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote FVG318. After a short wait, you should see the login screen of the VPN Firewall Router (unless another PC
  • Netgear FVG318NA | FVG318 Reference Manual - Page 104
    .11g Wireless VPN Firewall FVG318 Reference Manual To Use the IPSec Connection Status screen to change the status of a VPN connection: 3. Click VPN > Connection Status (Figure 5-26) to get the IPSec Connection Status screen (Figure 5-27). This page lists the following data for each active VPN Tunnel
  • Netgear FVG318NA | FVG318 Reference Manual - Page 105
    11g Wireless VPN Firewall FVG318 Reference Manual 3. Select the checkbox adjacent to the policy you want to disable and click disable. The VPN Policy will be disabled. Figure 5-32 Using the VPN Status Page to Deactivate a VPN Tunnel To use the VPN Connection Status screen to deactivate a VPN tunnel
  • Netgear FVG318NA | FVG318 Reference Manual - Page 106
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5-28 v1.0, September 2007 Basic Virtual Private Networking
  • Netgear FVG318NA | FVG318 Reference Manual - Page 107
    controlled and actively monitored VPN connectivity. Since the FVG318 strictly conforms to IETF standards, it is interoperable with devices from major network equipment vendors. FVG318 VPN Firewall FVG318 VPN Firewall Figure 6-1 Using IKE and VPN Policies to Manage VPN Traffic You create policy
  • Netgear FVG318NA | FVG318 Reference Manual - Page 108
    802.11g Wireless VPN Firewall FVG318 Reference Manual • VPN Policies. Apply the IKE policy to specific traffic that requires a VPN tunnel. Or, you can create a VPN policy that does not use an IKE policy but in which you manually enter all the authentication and key parameters. Since VPN policies use
  • Netgear FVG318NA | FVG318 Reference Manual - Page 109
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The IKE Policy Configuration fields are defined in the following table. Click to create VPN policy. Figure 6-2 VPN Policy Configuration for Auto Key and Manual Negotiation Click the Add New VPN Policy link on the Add IKE Policy screen or
  • Netgear FVG318NA | FVG318 Reference Manual - Page 110
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 6-3 The VPN Manual and Auto Policy fields are defined in the following table. Table 6-1. VPN Manual and Auto Policy Configuration Fields Field General Description These settings identify this policy and determine its major
  • Netgear FVG318NA | FVG318 Reference Manual - Page 111
    the 2 VPN Endpoints. The IP address or Internet name (FQDN) of the remote gateway or client PC. Conversely, the remote VPN endpoint must have the FVG318 local IP values entered as it's Remote VPN Endpoint. If enabled, it will allow NetBIOS broadcast to travel over the VPN tunnel The IP addresses on
  • Netgear FVG318NA | FVG318 Reference Manual - Page 112
    Wireless VPN Firewall FVG318 Reference Manual Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued) Field Description Manual Policy Parameters The Manual algorithm used to encrypt the data: • DES - the default • 3DES - more secure Integrity Algorithm Algorithm used to verify the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 113
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued) Field PFS Key Group Select IKE Policy Description Perfect Forward Secrecy (PFS) improves security. While this is slower, it
  • Netgear FVG318NA | FVG318 Reference Manual - Page 114
    Wireless VPN Firewall FVG318 Reference Manual Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVG318 must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR Web site (http://www.netgear.com) and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 115
    Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 6-4 Gateway A connects the internal LAN 10.5.6.0/24 to the Internet tunnel
  • Netgear FVG318NA | FVG318 Reference Manual - Page 116
    . Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of password, or using whatever password and LAN address you have chosen. 2. Configure the WAN (Internet) and LAN IP addresses of the FVG318. a. Select Network Configuration > WAN
  • Netgear FVG318NA | FVG318 Reference Manual - Page 117
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual WAN IP addresses ISP provides these addresses Figure 6-6 b. Configure the WAN Internet Address according to the settings above and click Apply to save your settings. For more information on configuring the WAN IP settings, please see "
  • Netgear FVG318NA | FVG318 Reference Manual - Page 118
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual d. Configure the LAN IP address according to the settings above and click Apply to save your settings. For more information on LAN TCP/IP setup topics, please see "Configuring LAN TCP/IP Setup Parameters" on page 8-2. Note: After you
  • Netgear FVG318NA | FVG318 Reference Manual - Page 119
    for Auto Key and Manual Negotiation" on page 6-3. 5. After applying these changes, all traffic from the range of LAN IP addresses specified on FVG318 A and FVG318 B will flow over a secure VPN tunnel. Checking Your VPN Connections You can test connectivity and view VPN status information on the
  • Netgear FVG318NA | FVG318 Reference Manual - Page 120
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To test the Gateway A FVG318 LAN and the Gateway B LAN connection: 1. Using our example, from a PC attached to the FVG318 on LAN A, on a Windows PC click the Start button on the task bar and then click Run. 2. Type ping -t 172.23.9.1, and
  • Netgear FVG318NA | FVG318 Reference Manual - Page 121
    802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 2: FVG318 Gateway to Gateway with Digital Certificates The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509 (PKIX) certificates for authentication. The network setup is identical
  • Netgear FVG318NA | FVG318 Reference Manual - Page 122
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Hash Algorithm. Select the desired option: on the Add Self Certificate screen that may apply. • IP Address. If you use "IP type" in the IKE policy, you should input the IP Address here. Otherwise, you should leave this blank. • Domain
  • Netgear FVG318NA | FVG318 Reference Manual - Page 123
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual g. Click Generate The FVG318 generates a pending Self Certificate Request as shown below. Click view to display the data. Highlight, copy, and paste this data into a text file. Figure 6-11 4.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 124
    802.11g Wireless VPN Firewall FVG318 Reference Manual f. The "FVG318" certificate will display in the Active Self Certificates table and the pending "FVG318" Self Certificate Request will be deleted. 7. Associate the new certificate and the Trusted Root CA certificate on the FVG318. a. Create a new
  • Netgear FVG318NA | FVG318 Reference Manual - Page 125
    the maintenance features of your ProSafe 802.11g Wireless VPN Firewall. These features can be found by selecting Monitoring > Router Status from the main menu of the browser interface. Viewing VPN Firewall Router Status Information The Router Status menu provides status and usage information. From
  • Netgear FVG318NA | FVG318 Reference Manual - Page 126
    Wireless VPN Firewall FVG318 Reference Manual This screen shows the following parameters: Table 7-1. FVG318 Status fields Field System Name Firmware Version Wireless Configuration SSID: Mode Security Settings Region Channel AP MAC Address WAN Port WAN State NAT DHCP Connection State IP Address IP
  • Netgear FVG318NA | FVG318 Reference Manual - Page 127
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 7-1. FVG318 Status fields Field IP Address IP Subnet Mask DHCP Description The IP address used by the Local (LAN) port of the firewall. The default is 192.168.0.1 The IP Subnet Mask used by the Local (LAN) port of the firewall.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 128
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Upgrading the Firewall Software The routing software of the FVG318 VPN firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's Web site. If the upgrade
  • Netgear FVG318NA | FVG318 Reference Manual - Page 129
    After reverting to the factory default setting, the firewall password will be password, the LAN IP address will be 192.168.0.1, and the firewall DHCP client will be enabled. To restore the factory default configuration settings without knowing the login password or IP address, you must use the reset
  • Netgear FVG318NA | FVG318 Reference Manual - Page 130
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Changing the Administrator Password The default password for the firewall's Web Configuration Manager is password. NETGEAR recommends that you change this password to a more secure password. Select Administration > Set Password to display
  • Netgear FVG318NA | FVG318 Reference Manual - Page 131
    Wireless VPN Firewall FVG318. Configuring Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 132
    VPN Firewall FVG318 Reference Manual 8. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same IP address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 133
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual These addresses are part of the IETF-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing scheme, you can make those
  • Netgear FVG318NA | FVG318 Reference Manual - Page 134
    802.11g Wireless VPN Firewall FVG318 Reference Manual • Primary DNS server (if you entered a primary DNS address in the WAN Settings menu; otherwise, the firewall's LAN IP address) • Secondary DNS server (if you entered a secondary DNS address in the WAN Settings menu Using Address Reservation When
  • Netgear FVG318NA | FVG318 Reference Manual - Page 135
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not
  • Netgear FVG318NA | FVG318 Reference Manual - Page 136
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. Type the Destination IP Address of the final destination. 6. Type the IP Subnet Mask for this destination. If the destination is a single host, type 255.255.255.255. 7. Type the Gateway IP Address, which must be a firewall on the same
  • Netgear FVG318NA | FVG318 Reference Manual - Page 137
    Wireless VPN Firewall FVG318 Reference Manual supported. RIP-1 is probably adequate for most networks, unless you have an unusual network setup routers. Figure 8-5 5. Click Apply. Static Route Example As an example of when a static route is needed, consider the following case: • Your primary Internet
  • Netgear FVG318NA | FVG318 Reference Manual - Page 138
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • You have an ISDN firewall on your home network for connecting to the company where you are employed. This firewall's address on your LAN is 192.168.0.100. • Your company's network is 134.177.0.0. When you first configured your firewall,
  • Netgear FVG318NA | FVG318 Reference Manual - Page 139
    802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 8-6 2. Select the Yes radio box for Allow Remote Management. • Specify what external addresses will be allowed to access the firewall's remote management. Note: For enhanced security, restrict access to as few external IP addresses as
  • Netgear FVG318NA | FVG318 Reference Manual - Page 140
    Wireless VPN Firewall FVG318 Reference Manual Tip: If you are using a dynamic DNS service such as TZO, you can always identify the IP address of your FVG318 by running TRACERT from the Windows Start menu Run option. For example, type tracert yourFVG318.mynetgear.net and you will see the IP address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 141
    Wireless VPN Firewall FVG318 Reference Manual To create a new SNMP configuration entry: 1. Enter the IP address of an SNMP trap agent. 2. Enter the Subnet Mask. The network mask used to determine the list of allowed SNMP managers. • To allow any IP on the network to manager the device the router: 1.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 142
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Enabling Universal Plug and Play (UPnP) UPnP (Universal Plug and Play) allows for automatic discovery of devices that can communicate with this router. This feature should be used with caution as it breaches firewall security. Select
  • Netgear FVG318NA | FVG318 Reference Manual - Page 143
    the power supply adapter is properly connected to a functioning power outlet. • Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support. Troubleshooting 9-1 v1.0, September
  • Netgear FVG318NA | FVG318 Reference Manual - Page 144
    802.11g Wireless VPN Firewall FVG318 Reference Manual LEDs Never IP address to 192.168.0.1. This procedure is explained in "Restoring the Default Configuration and Password" on page 9-6. If the error persists, you might have a hardware problem and should contact technical support. LAN or Internet
  • Netgear FVG318NA | FVG318 Reference Manual - Page 145
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: If your PC's IP address is shown as 169.254.x.x: Recent versions of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server. These auto-generated addresses are in the range of 169.254.x.x.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 146
    a new network device, and ask them to use the firewall's MAC address. OR Configure your firewall to spoof your PC's MAC address. This can be done in the Basic Settings menu. Refer to "Manually Configuring your Internet Connection" on page 2-7. If your firewall can obtain an IP address, but your PC
  • Netgear FVG318NA | FVG318 Reference Manual - Page 147
    .11g Wireless VPN Firewall FVG318 Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP
  • Netgear FVG318NA | FVG318 Reference Manual - Page 148
    PC. Refer to "Manually Configuring your Internet Connection" on page 2-7. Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall's administration password to password and the IP address to 192
  • Netgear FVG318NA | FVG318 Reference Manual - Page 149
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Use the Reset button on the rear panel of the firewall. Use this method for cases when the administration password or IP address are not known. a. Press and hold the Reset button until the Test LED turns on and begins blinking (about 10
  • Netgear FVG318NA | FVG318 Reference Manual - Page 150
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 9-8 Troubleshooting v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 151
    cause your device to reboot. After you install the VPN firewall, use the procedures below to customize any of the settings to better meet your networking needs. Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU
  • Netgear FVG318NA | FVG318 Reference Manual - Page 152
    11g Wireless VPN Firewall FVG318 Reference Manual Feature Default Behavior DHCP Starting IP Address 192.168.0.2 DHCP Ending IP Address 192. the Internet) Outbound (communications going out to Enabled (all) the Internet) Source MAC filtering Disabled Wireless SSID Name NETGEAR Security
  • Netgear FVG318NA | FVG318 Reference Manual - Page 153
    Firewall FVG318 Reference Manual Technical Specifications This appendix provides technical specifications for the ProSafe 802.11g Wireless VPN Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter
  • Netgear FVG318NA | FVG318 Reference Manual - Page 154
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A-4 Default Settings and Technical Specifications v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 155
    Vista Wireless http://documentation.netgear.com/reference/enu/winzerocfg/index.htm Configuration Utilities Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing Wireless Communications http://documentation.netgear.com/reference/enu/wireless/index
  • Netgear FVG318NA | FVG318 Reference Manual - Page 156
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual B-2 Related Documents v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 157
    you begin the configuration process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and all of the parameters that need to be set on both sides. Check that there are no firewall restrictions. VPN Configuration of NETGEAR FVG318 C-1 v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 158
    B. a. Log in to the router at Gateway B. b. Use the VPN Wizard to configure this router. Enter the requested information as prompted by the VPN Wizard. Note: The WAN and LAN IP addresses must be unique at each end of the VPN tunnel. C-2 VPN Configuration of NETGEAR FVG318 v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 159
    .11g Wireless VPN Firewall FVG318 Reference Manual Note: The default log in address for the FVG318 router is http://192.168.0.1 with the default user name of admin and default password of password. The login address will change to the local LAN IP subnet address after you configure the router. The
  • Netgear FVG318NA | FVG318 Reference Manual - Page 160
    Wireless VPN Firewall FVG318 Reference Manual Table C-1. Policy Summary Security Scheme: IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B IKE with Preshared Secret/Key Static IP address Static IP address Configuring the VPN Tunnel This scenario assumes all ports are open on the FVG318. FVG318
  • Netgear FVG318NA | FVG318 Reference Manual - Page 161
    802.11g Wireless VPN Firewall FVG318 Reference Manual - Subnet Mask: 255.255.255.0 (in this example) 3. Log in to the FVG318 labeled Gateway B. Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of password (or using whatever password and LAN
  • Netgear FVG318NA | FVG318 Reference Manual - Page 162
    FVG318 Reference Manual Initiating and Checking the VPN Connections You can test connectivity and view VPN status information on the FVG318 according to the testing flowchart shown in Figure C-2. To test the VPN tunnel from the Gateway A LAN, do the following: 1. Test 1: Ping Remote LAN IP Address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 163
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case Table C-2. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: Date Tested: IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B Scenario 1 LAN-to-LAN or Gateway-to-Gateway IKE with Preshared
  • Netgear FVG318NA | FVG318 Reference Manual - Page 164
    802.11g Wireless VPN Firewall FVG318 Reference Manual • Connection Name: Scenario_1 (in this example) • Pre-Shared Key: 12345678 (in this example), must be the same at both VPN tunnel endpoints • Remote WAN IP address: 22.23.24.25 (in this example), must be unique at each VPN tunnel endpoint
  • Netgear FVG318NA | FVG318 Reference Manual - Page 165
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • The remote WAN and LAN IP addresses for one VPN tunnel endpoint will be the local WAN and LAN IP addresses for the other VPN tunnel endpoint. • The VPN Wizard ensures the other VPN parameters are the same at both VPN tunnel endpoints.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 166
    Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVL328 Case Table C-3. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B Scenario 1 LAN-to-LAN or Gateway-to-Gateway IKE with Preshared Secret/Key Static IP address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 167
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Pre-Shared Key: 12345678 (in this example), must be the same at both VPN tunnel endpoints • Remote WAN IP address: 22.23.24.25 (in this example), must be unique at each VPN tunnel endpoint • Remote LAN IP Subnet - IP Address: 172.23.9.1
  • Netgear FVG318NA | FVG318 Reference Manual - Page 168
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • The remote WAN and LAN IP addresses for one VPN tunnel endpoint will be the local WAN and LAN IP addresses for the other VPN tunnel endpoint. • The VPN Wizard ensures the other VPN parameters are the same at both VPN tunnel endpoints.
  • Netgear FVG318NA | FVG318 Reference Manual - Page 169
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-VPN Client Case Table C-4. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: Date Tested: IP Addressing: NETGEAR-Gateway A NETGEAR-Client B Scenario 1 PC/Client-to-Gateway IKE with Preshared Secret/Key
  • Netgear FVG318NA | FVG318 Reference Manual - Page 170
    VPN Firewall FVG318 Reference Manual Configuring the VPN Tunnel This scenario assumes all ports are open on the FVG318. Figure C-6 Use this scenario illustration and configuration screens as a model to build your configuration. 1. Log in to the FVG318 labeled Gateway A Log in at the default address
  • Netgear FVG318NA | FVG318 Reference Manual - Page 171
    and Mask parameters entered here must match the Start IP address and Subnet Mask parameters of the Local IP Traffic Selector on the VPN Auto policy screen shown in Figure C-9 for the gateway router.) • Enable Connect Using Secure Gateway Tunnel; select Domain Name for ID_Type; enter fvs_local for
  • Netgear FVG318NA | FVG318 Reference Manual - Page 172
    11g Wireless VPN Firewall FVG318 Reference Manual Configuration parameters shown in Figure C-9 for the gateway router.) Figure C-9 e. Select My Identity on the VPN Wizard for the gateway Pre-Shared Key value shown in Figure C-10.) C-16 VPN Configuration of NETGEAR FVG318 v1.0, September 2007
  • Netgear FVG318NA | FVG318 Reference Manual - Page 173
    802.11g Wireless VPN Firewall FVG318 Reference Manual • Under My Identity, select Domain Name for the ID Type and then enter fvs_remote. (Domain Name must match the Remote Identity Data parameter of the IKE Policy Configuration screen shown in Figure C-10 for the gateway router.) Preshared Key
  • Netgear FVG318NA | FVG318 Reference Manual - Page 174
    .11g Wireless VPN Firewall FVG318 Reference Manual You are new ready to activate the tunnel, but you must do it from the client endpoint (see "Initiating and Checking the VPN Connections" on page C-18). In the client-to-gateway scenario, the gateway router will not know the client's IP address until
  • Netgear FVG318NA | FVG318 Reference Manual - Page 175
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Test 2: Ping Remote WAN IP Address (if Test 1 fails): To test connectivity between the Gateway A and Gateway B WAN ports, follow these steps: a. From a Windows Client PC, click the Start button on the task bar and then click
  • Netgear FVG318NA | FVG318 Reference Manual - Page 176
    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual C-20 VPN Configuration of NETGEAR FVG318 v1.0, September 2007
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
202-10318-01
September 2007
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
ProSafe 802.11g Wireless
VPN Firewall FVG318
Reference Manual