Home » Netgear Manuals » Bridges & Routers » Netgear FVL328 » Manual Viewer

Netgear FVL328 FVL328 Reference Manual - Page 57

Examples of Using Services and Rules to Regulate Traffic, Inbound Rules (Port Forwarding) - dhcp lease

UPC - 606449025811

Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Examples of Using Services and Rules to Regulate Traffic Use the examples to see how you combine Services and Rules to regulate how the TCP/IP protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on your firewall. Inbound Rules (Port Forwarding) Because the FVL328 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. However, by defining an inbound rule, also known as port forwarding, you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the router to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding. Note: Some home broadband accounts do not allow you to run any server processes (such as a Web or FTP server). Your ISP may check for servers and suspend your account if it discovers active servers at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP. Follow these guidelines when setting up port forwarding inbound rules: • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the Advanced menus so that external users can always find your network. • If the IP address of the local server computer is assigned by DHCP, it may change when the computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu to keep the computer's IP address constant. • Local computers must access the local server using the local LAN address of the computer. Attempts by local computers to access the server using the external WAN IP address will fail. Remember that allowing inbound services opens holes in your FVL328 Firewall. Only enable those ports that are necessary for your network. Following are two application examples of inbound rules: Protecting Your Network 5-7 May 2004, 202-10030-02

Section	Page
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2	1
Trademarks	2
Statement of Conditions	2
EN 55 022 Declaration of Conformance	2
Certificate of the Manufacturer/Importer	2
Bestätigung des Herstellers/Importeurs	3
Voluntary Control Council for Interference (VCCI) Statement	3
Technical Support	3
World Wide Web	3
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVL328	17
Summary of New Features in the FVL328	17
Key Features	18
Virtual Private Networking	18
A Powerful, True Firewall	19
Content Filtering	19
Configurable Auto Uplink™ Ethernet Connection	19
Protocol Support	20
Easy Installation and Management	21
What’s in the Box?	22
The Firewall’s Front Panel	22
The Firewall’s Rear Panel	23
Chapter 3 Connecting the FVL328 to the Internet	25
Connecting the FVL328 to Your LAN	25
How to Connect the FVL328 to Your LAN	25
Configuring for a Wizard-Detected Login Account	30
Configuring for a Wizard-Detected Dynamic IP Account	32
Configuring for a Wizard-Detected Fixed IP (Static) Account	32
Testing Your Internet Connection	33
Manually Configuring Your Internet Connection	34
How to Complete a Manual Configuration	35
Chapter 4 WAN and LAN Configuration	37
Configuring LAN IP Settings	37
Using the Router as a DHCP Server	38
How to Configure LAN TCP/IP Settings and View the DHCP Log	39
How to Configure Reserved IP Addresses	40
Configuring WAN Settings	41
Connect Automatically, as Required	42
Setting Up a Default DMZ Server	43
How to Assign a Default DMZ Server	43
Multi-DMZ Servers	43
Responding to Ping on Internet WAN Port	44
MTU Size	44
Port Speed	44
Port Triggering	45
Port Triggering Rules	46
Adding a new Rule	46
Checking Operation and Status	47
Configuring Dynamic DNS	47
How to Configure Dynamic DNS	48
Using Static Routes	48
Static Route Example	48
How to Configure Static Routes	49
Chapter 5 Protecting Your Network	51
Firewall Protection and Content Filtering Overview	51
Using the Block Sites Menu to Screen Content	51
Apply Keyword Blocking to Groups	53
Services and Rules Regulate Inbound and Outbound Traffic	53
Defining a Service	54
Using Inbound/Outbound Rules to Block or Allow Services	55
Examples of Using Services and Rules to Regulate Traffic	57
Inbound Rules (Port Forwarding)	57
Example: Port Forwarding to a Local Public Web Server	58
Example: Port Forwarding for Videoconferencing	58
Example: Port Forwarding for VPN Tunnels when NAT is Off	59
Outbound Rules (Service Blocking or Port Filtering)	60
Outbound Rule Example: Blocking Instant Messaging	60
Other Rules Considerations	61
Order of Precedence for Rules	61
Rules Menu Options	62
Using a Schedule to Block or Allow Content or Traffic	63
Setting the Time Zone	64
Set Clock	64
Enable NTP (Network Time Protocol)	64
User-defined NTP Server	65
Getting E-Mail Notifications of Event Logs and Alerts	65
Viewing Logs of Web Access or Attempted Web Access	67
What to Include in the Event Log	69
Chapter 6 Virtual Private Networking	71
Overview of FVL328 Policy-Based VPN Configuration	71
Using Policies to Manage VPN Traffic	71
Using Automatic Key Management	72
IKE Policies’ Automatic Key and Authentication Management	73
VPN Policy Configuration for Auto Key Negotiation	76
VPN Policy Configuration for Manual Key Exchange	79
Using Digital Certificates for IKE Auto-Policy Authentication	84
Certificate Revocation List (CRL)	85
How to Use the VPN Wizard to Configure a VPN Tunnel	85
Walk-Through of Configuration Scenarios	88
VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets	89
FVL328 Scenario 1: How to Configure the IKE and VPN Policies	91
How to Check VPN Connections	96
FVL328 Scenario 2: Authenticating with RSA Certificates	97
Chapter 7 Managing Your Network	105
Protecting Access to Your FVL328 Firewall	105
How to Change the Built-In Password	105
How to Change the Administrator Login Timeout	106
Internet Traffic	107
Internet Traffic Limit	107
Enable Monthly Limit	108
Internet Traffic Statistics	108
Traffic by Protocol	109
Network Database	109
Advantages of the Network Database	110
Known PCs and Devices	111
Operations	111
Network Management	112
How to Configure Remote Management	112
Viewing Router Status and Usage Statistics	113
Viewing Attached Devices	116
Viewing, Selecting, and Saving Logged Information	117
Changing the Include in Log Settings	118
Enabling the Syslog Feature	119
Enabling Security Event E-mail Notification	119
Backing Up, Restoring, or Erasing Your Settings	121
How to Back Up the FVL328 Configuration to a File	121
How to Restore a Configuration from a File	122
How to Erase the Configuration	122
Running Diagnostic Utilities and Rebooting the Router	123
Upgrading the Router’s Firmware	124
How to Upgrade the Router	124
Chapter 8 Troubleshooting	127
Basic Functions	127
Power LED Not On	128
Test LED Never Turns On or Test LED Stays On	128
Local or Internet Port Link LEDs Not On	129
Troubleshooting the Web Configuration Interface	129
Troubleshooting the ISP Connection	130
Troubleshooting a TCP/IP Network Using a Ping Utility	131
How to Test the LAN Path to Your Firewall	132
How to Test the Path from Your PC to a Remote Device	132
Restoring the Default Configuration and Password	133
How to Use the Default Reset Button	133
Problems with Date and Time	134
Appendix A Technical Specifications	135
Appendix B Networks, Routing, and Firewall Basics	137
Related Publications	137
Basic Router Concepts	137
What is a Router?	137
Routing Information Protocol	138
IP Addresses and the Internet	138
Netmask	140
Subnet Addressing	140
Private IP Addresses	143
Single IP Address Operation Using NAT	143
MAC Addresses and Address Resolution Protocol	144
Related Documents	145
Domain Name Server	145
IP Configuration by DHCP	145
Internet Security and Firewalls	146
What is a Firewall?	146
Stateful Packet Inspection	146
Denial of Service Attack	147
Ethernet Cabling	147
Category 5 Cable Quality	147
Inside Twisted Pair Cables	148
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	149
Appendix C Preparing Your Network	151
What You Will Need Before You Begin	151
LAN Hardware Requirements	151
LAN Configuration Requirements	152
Internet Configuration Requirements	152
Where Do I Get the Internet Configuration Parameters?	152
Worksheet for Recording Your Internet Connection Information	153
Preparing Your Computers for TCP/IP Networking	154
Configuring Windows 95, 98, and Me for TCP/IP Networking	155
Install or Verify Windows Networking Components	155
Enabling DHCP to Automatically Configure TCP/IP Settings	156
Selecting Windows’ Internet Access Method	157
Verifying TCP/IP Properties	157
Configuring Windows NT, 2000 or XP for IP Networking	158
Installing or Verifying Windows Networking Components	158
Verifying TCP/IP Properties	158
Configuring the Macintosh for TCP/IP Networking	159
MacOS 8.6 or 9.x	159
MacOS X	160
Verifying TCP/IP Properties for Macintosh Computers	160
Restarting the Network	161
Appendix D Firewall Log Formats	163
Action List	163
Field List	163
Outbound Log	163
Inbound Log	164
Other IP Traffic	164
Router Operation	165
Other Connections and Traffic to this Router	166
DoS Attack/Scan	166
Access Block Site	168
All Web Sites and News Groups Visited	168
System Admin Sessions	168
Policy Administration LOG	169
Appendix E Virtual Private Networking	171
What is a VPN?	171
What is IPSec and How Does It Work?	172
IPSec Security Features	172
IPSec Components	172
Encapsulating Security Payload (ESP)	173
Authentication Header (AH)	174
IKE Security Association	174
Mode	175
Key Management	176
Understand the Process Before You Begin	176
VPN Process Overview	177
Network Interfaces and Addresses	177
Interface Addressing	177
Firewalls	178
Setting Up a VPN Tunnel Between Gateways	178
VPNC IKE Security Parameters	180
VPNC IKE Phase I Parameters	180
VPNC IKE Phase II Parameters	181
Testing and Troubleshooting	181
Additional Reading	181
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328	183
Configuration Template	183
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	184
Step-By-Step Configuration of FVL328 Gateway B	187
Test the VPN Connection	192
Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router	195
Configuration Profile	195
Step-By-Step Configuration of FVL328 or FWAG114 Gateway	196
Step-By-Step Configuration of the FVL328 Firewall B	201
Testing the VPN Connection	208
From the Client PC to the FVL328	208
From the FVL328 to the Client PC	209
Monitoring the PC VPN Connection	209
Viewing the FVL328 VPN Status and Log Information	211
Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328	213
Configuration Template	213
Using DDNS and Fully Qualified Domain Names (FQDN)	214
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	215
Step-By-Step Configuration of FVL328 Gateway B	219
Test the VPN Connection	224
Glossary	225

Match case Limit results 1 per page

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

Protecting Your Network

5-7

May 2004, 202-10030-02

Examples of Using Services and Rules to Regulate Traffic

Use the examples to see how you combine Services and Rules to regulate how the TCP/IP

protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on

your firewall.

Inbound Rules (Port Forwarding)

Because the FVL328 uses Network Address Translation (NAT), your network presents only one IP

address to the Internet, and outside users cannot directly address any of your local computers.

However, by defining an inbound rule, also known as port forwarding, you can make a local server

(for example, a Web server or game server) visible and available to the Internet. The rule tells the

router to direct inbound traffic for a particular service to one local server based on the destination

port number. This is also known as port forwarding.

Follow these guidelines when setting up port forwarding inbound rules:

•

If your external IP address is assigned dynamically by your ISP, the IP address may change

periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the

Advanced menus so that external users can always find your network.

•

If the IP address of the local server computer is assigned by DHCP, it may change when the

computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu

to keep the computer’s IP address constant.

•

Local computers must access the local server using the local LAN address of the computer.

Attempts by local computers to access the server using the external WAN IP address will fail.

Remember that allowing inbound services opens holes in your FVL328 Firewall. Only enable

those ports that are necessary for your network. Following are two application examples of

inbound rules:

Note:

Some home broadband accounts do not allow you to run any server processes

(such as a Web or FTP server). Your ISP may check for servers and suspend your

account if it discovers active servers at your location. If you are unsure, refer to the

Acceptable Use Policy of your ISP.