Home » Netgear Manuals » Bridges & Routers » Netgear FVL328 » Manual Viewer

Netgear FVL328 FVL328 Reference Manual - Page 225

Glossary

UPC - 606449025811

Add to My Manuals
Save this manual to your list of manuals

Page 225 highlights

Glossary 10BASE-T 100BASE-Tx 3DES 802.11b AH CA CRL Denial of Service attack DES Deffie Helman IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three different, unrelated keys. IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed radio spectrum at 2.5GHz. Authentication Header Certificate Authority. A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be. Certificate Revocation List. Each Certificate Authority (CA) maintains a revoked certificates list. DoS. A hacker attack designed to prevent your computer or network from operating or communicating. The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. See also 3DES. Deffie Helman shared secret algorithm.Deffie Helman shared secret algorithm is a method for securely exchanging a shared secret between two parties, in real-time, over an untrusted network. A shared secret allows two parties, who may not have ever communicated previously, to encrypt their communications. As such, it is used by several protocols, including Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec). Glossary 1 May 2004, 202-10030-02

Section	Page
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2	1
Trademarks	2
Statement of Conditions	2
EN 55 022 Declaration of Conformance	2
Certificate of the Manufacturer/Importer	2
Bestätigung des Herstellers/Importeurs	3
Voluntary Control Council for Interference (VCCI) Statement	3
Technical Support	3
World Wide Web	3
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVL328	17
Summary of New Features in the FVL328	17
Key Features	18
Virtual Private Networking	18
A Powerful, True Firewall	19
Content Filtering	19
Configurable Auto Uplink™ Ethernet Connection	19
Protocol Support	20
Easy Installation and Management	21
What’s in the Box?	22
The Firewall’s Front Panel	22
The Firewall’s Rear Panel	23
Chapter 3 Connecting the FVL328 to the Internet	25
Connecting the FVL328 to Your LAN	25
How to Connect the FVL328 to Your LAN	25
Configuring for a Wizard-Detected Login Account	30
Configuring for a Wizard-Detected Dynamic IP Account	32
Configuring for a Wizard-Detected Fixed IP (Static) Account	32
Testing Your Internet Connection	33
Manually Configuring Your Internet Connection	34
How to Complete a Manual Configuration	35
Chapter 4 WAN and LAN Configuration	37
Configuring LAN IP Settings	37
Using the Router as a DHCP Server	38
How to Configure LAN TCP/IP Settings and View the DHCP Log	39
How to Configure Reserved IP Addresses	40
Configuring WAN Settings	41
Connect Automatically, as Required	42
Setting Up a Default DMZ Server	43
How to Assign a Default DMZ Server	43
Multi-DMZ Servers	43
Responding to Ping on Internet WAN Port	44
MTU Size	44
Port Speed	44
Port Triggering	45
Port Triggering Rules	46
Adding a new Rule	46
Checking Operation and Status	47
Configuring Dynamic DNS	47
How to Configure Dynamic DNS	48
Using Static Routes	48
Static Route Example	48
How to Configure Static Routes	49
Chapter 5 Protecting Your Network	51
Firewall Protection and Content Filtering Overview	51
Using the Block Sites Menu to Screen Content	51
Apply Keyword Blocking to Groups	53
Services and Rules Regulate Inbound and Outbound Traffic	53
Defining a Service	54
Using Inbound/Outbound Rules to Block or Allow Services	55
Examples of Using Services and Rules to Regulate Traffic	57
Inbound Rules (Port Forwarding)	57
Example: Port Forwarding to a Local Public Web Server	58
Example: Port Forwarding for Videoconferencing	58
Example: Port Forwarding for VPN Tunnels when NAT is Off	59
Outbound Rules (Service Blocking or Port Filtering)	60
Outbound Rule Example: Blocking Instant Messaging	60
Other Rules Considerations	61
Order of Precedence for Rules	61
Rules Menu Options	62
Using a Schedule to Block or Allow Content or Traffic	63
Setting the Time Zone	64
Set Clock	64
Enable NTP (Network Time Protocol)	64
User-defined NTP Server	65
Getting E-Mail Notifications of Event Logs and Alerts	65
Viewing Logs of Web Access or Attempted Web Access	67
What to Include in the Event Log	69
Chapter 6 Virtual Private Networking	71
Overview of FVL328 Policy-Based VPN Configuration	71
Using Policies to Manage VPN Traffic	71
Using Automatic Key Management	72
IKE Policies’ Automatic Key and Authentication Management	73
VPN Policy Configuration for Auto Key Negotiation	76
VPN Policy Configuration for Manual Key Exchange	79
Using Digital Certificates for IKE Auto-Policy Authentication	84
Certificate Revocation List (CRL)	85
How to Use the VPN Wizard to Configure a VPN Tunnel	85
Walk-Through of Configuration Scenarios	88
VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets	89
FVL328 Scenario 1: How to Configure the IKE and VPN Policies	91
How to Check VPN Connections	96
FVL328 Scenario 2: Authenticating with RSA Certificates	97
Chapter 7 Managing Your Network	105
Protecting Access to Your FVL328 Firewall	105
How to Change the Built-In Password	105
How to Change the Administrator Login Timeout	106
Internet Traffic	107
Internet Traffic Limit	107
Enable Monthly Limit	108
Internet Traffic Statistics	108
Traffic by Protocol	109
Network Database	109
Advantages of the Network Database	110
Known PCs and Devices	111
Operations	111
Network Management	112
How to Configure Remote Management	112
Viewing Router Status and Usage Statistics	113
Viewing Attached Devices	116
Viewing, Selecting, and Saving Logged Information	117
Changing the Include in Log Settings	118
Enabling the Syslog Feature	119
Enabling Security Event E-mail Notification	119
Backing Up, Restoring, or Erasing Your Settings	121
How to Back Up the FVL328 Configuration to a File	121
How to Restore a Configuration from a File	122
How to Erase the Configuration	122
Running Diagnostic Utilities and Rebooting the Router	123
Upgrading the Router’s Firmware	124
How to Upgrade the Router	124
Chapter 8 Troubleshooting	127
Basic Functions	127
Power LED Not On	128
Test LED Never Turns On or Test LED Stays On	128
Local or Internet Port Link LEDs Not On	129
Troubleshooting the Web Configuration Interface	129
Troubleshooting the ISP Connection	130
Troubleshooting a TCP/IP Network Using a Ping Utility	131
How to Test the LAN Path to Your Firewall	132
How to Test the Path from Your PC to a Remote Device	132
Restoring the Default Configuration and Password	133
How to Use the Default Reset Button	133
Problems with Date and Time	134
Appendix A Technical Specifications	135
Appendix B Networks, Routing, and Firewall Basics	137
Related Publications	137
Basic Router Concepts	137
What is a Router?	137
Routing Information Protocol	138
IP Addresses and the Internet	138
Netmask	140
Subnet Addressing	140
Private IP Addresses	143
Single IP Address Operation Using NAT	143
MAC Addresses and Address Resolution Protocol	144
Related Documents	145
Domain Name Server	145
IP Configuration by DHCP	145
Internet Security and Firewalls	146
What is a Firewall?	146
Stateful Packet Inspection	146
Denial of Service Attack	147
Ethernet Cabling	147
Category 5 Cable Quality	147
Inside Twisted Pair Cables	148
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	149
Appendix C Preparing Your Network	151
What You Will Need Before You Begin	151
LAN Hardware Requirements	151
LAN Configuration Requirements	152
Internet Configuration Requirements	152
Where Do I Get the Internet Configuration Parameters?	152
Worksheet for Recording Your Internet Connection Information	153
Preparing Your Computers for TCP/IP Networking	154
Configuring Windows 95, 98, and Me for TCP/IP Networking	155
Install or Verify Windows Networking Components	155
Enabling DHCP to Automatically Configure TCP/IP Settings	156
Selecting Windows’ Internet Access Method	157
Verifying TCP/IP Properties	157
Configuring Windows NT, 2000 or XP for IP Networking	158
Installing or Verifying Windows Networking Components	158
Verifying TCP/IP Properties	158
Configuring the Macintosh for TCP/IP Networking	159
MacOS 8.6 or 9.x	159
MacOS X	160
Verifying TCP/IP Properties for Macintosh Computers	160
Restarting the Network	161
Appendix D Firewall Log Formats	163
Action List	163
Field List	163
Outbound Log	163
Inbound Log	164
Other IP Traffic	164
Router Operation	165
Other Connections and Traffic to this Router	166
DoS Attack/Scan	166
Access Block Site	168
All Web Sites and News Groups Visited	168
System Admin Sessions	168
Policy Administration LOG	169
Appendix E Virtual Private Networking	171
What is a VPN?	171
What is IPSec and How Does It Work?	172
IPSec Security Features	172
IPSec Components	172
Encapsulating Security Payload (ESP)	173
Authentication Header (AH)	174
IKE Security Association	174
Mode	175
Key Management	176
Understand the Process Before You Begin	176
VPN Process Overview	177
Network Interfaces and Addresses	177
Interface Addressing	177
Firewalls	178
Setting Up a VPN Tunnel Between Gateways	178
VPNC IKE Security Parameters	180
VPNC IKE Phase I Parameters	180
VPNC IKE Phase II Parameters	181
Testing and Troubleshooting	181
Additional Reading	181
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328	183
Configuration Template	183
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	184
Step-By-Step Configuration of FVL328 Gateway B	187
Test the VPN Connection	192
Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router	195
Configuration Profile	195
Step-By-Step Configuration of FVL328 or FWAG114 Gateway	196
Step-By-Step Configuration of the FVL328 Firewall B	201
Testing the VPN Connection	208
From the Client PC to the FVL328	208
From the FVL328 to the Client PC	209
Monitoring the PC VPN Connection	209
Viewing the FVL328 VPN Status and Log Information	211
Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328	213
Configuration Template	213
Using DDNS and Fully Qualified Domain Names (FQDN)	214
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	215
Step-By-Step Configuration of FVL328 Gateway B	219
Test the VPN Connection	224
Glossary	225

Match case Limit results 1 per page

May 2004, 202-10030-02

Glossary

10BASE-T

IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring.

100BASE-Tx

IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring.

3DES

3DES (Triple DES) achieves a high level of security by encrypting the data

three times using DES with three different, unrelated keys.

802.11b

IEEE specification for wireless networking at 11 Mbps using direct-sequence

spread-spectrum (DSSS) technology and operating in the unlicensed radio

spectrum at 2.5GHz.

Authentication Header

Certificate Authority. A trusted third-party organization or company that

issues digital certificates used to create digital signatures and public-private

key pairs. The role of the CA in this process is to guarantee that the individual

granted the unique certificate is, in fact, who he or she claims to be. Usually,

this means that the CA has an arrangement with a financial institution, such as

a credit card company, which provides it with information to confirm an

individual's claimed identity. CAs are a critical component in data security

and electronic

commerce because they guarantee that the two parties

exchanging information are really who they claim to be.

CRL

Certificate Revocation List. Each Certificate Authority (CA) maintains a

revoked certificates list.

Denial of Service

attack

DoS. A hacker attack designed to prevent your computer or network from

operating or communicating.

DES

The Data Encryption Standard (DES) processes input data that is 64 bits wide,

encrypting these values using a 56 bit key.

See

also 3DES.

Deffie Helman

Deffie Helman shared secret algorithm.Deffie Helman shared secret algorithm

is a method for securely exchanging a shared secret between two parties, in

real-time, over an untrusted network. A shared secret allows two parties, who

may not have ever communicated previously, to encrypt their

communications. As such, it is used by several protocols, including Secure

Sockets Layer (SSL) and Internet Protocol Security (IPSec).