Netgear FVM318 FVM318 Reference Manual

Netgear FVM318 - ProSafe Wireless VPN Security Firewall Router Manual

Get Netgear FVM318 - ProSafe Wireless VPN Security Firewall Router PDF manuals and user guides View all Netgear FVM318 manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVM318 manual content summary:

  • Netgear FVM318 | FVM318 Reference Manual - Page 1
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR SM-FVM318NA-0 December 2002
  • Netgear FVM318 | FVM318 Reference Manual - Page 2
    users must follow the installation instructions provided in this user guide. Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits that the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall is
  • Netgear FVM318 | FVM318 Reference Manual - Page 3
    auf die Erfüllung der Vorschriften hin zu überprüfen. Certificate of the Manufacturer/Importer It is hereby certified that the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The
  • Netgear FVM318 | FVM318 Reference Manual - Page 4
    iv
  • Netgear FVM318 | FVM318 Reference Manual - Page 5
    Contents Preface About This Manual Chapter 1 Introduction Key Features of the FVM318 1-1 Virtual Private Networking (VPN 1-1 Enhanced Wireless Security Through IPSec 1-2 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive
  • Netgear FVM318 | FVM318 Reference Manual - Page 6
    3-5 IPSec 3-5 64 or 128 bit WEP 3-6 Configuring IPSec Wireless Connections 3-12 Using SoftRemoteLT Instead of SoftRemote Basic 3-17 Chapter 4 Protecting Your Network Protecting Access to Your FVM318 firewall 4-1 Configuring Basic Firewall Services 4-3 Blocking Functions, Keywords, Sites, and
  • Netgear FVM318 | FVM318 Reference Manual - Page 7
    Management 6-12 Upgrading the Router's Firmware 6-13 Chapter 7 Advanced Configuration Configuring Advanced Security 7-1 Setting Up A Default DMZ Server 7-1 Respond to Ping on Internet WAN Port 7-2 Configuring LAN IP Settings 7-2 LAN TCP/IP Setup 7-2 MTU Size ...7-4 Using the Router as a DHCP
  • Netgear FVM318 | FVM318 Reference Manual - Page 8
    Routing, Firewall, and Wireless Basics Related Publications ...B-1 Basic Router Concepts B-1 Internet Security and Firewalls B-10 Wireless Networking ...B-12 Wireless Network Configuration B-12 Ad Hoc Mode (Peer-to-Peer Workgroup B-12 Infrastructure Mode B-12 Extended Service Set Identification
  • Netgear FVM318 | FVM318 Reference Manual - Page 9
    Configuring the Macintosh for TCP/IP Networking C-17 Verifying the Readiness of Your Internet Account C-19 Restarting the Network C-22 Glossary Index Contents ix
  • Netgear FVM318 | FVM318 Reference Manual - Page 10
    x Contents
  • Netgear FVM318 | FVM318 Reference Manual - Page 11
    6-12 Procedure 6-5: Router Upgrade 6-14 Procedure 7-1: Using Reserved IP Addresses 7-5 Procedure 7-2: Configuring LAN TCP/IP Settings 7-6 Procedure 7-3: Configuring Dynamic DNS 7-7 Procedure 7-4: Configuring Static Routes 7-9 Procedure 8-5: Testing the LAN Path to Your Firewall 8-6 Procedure
  • Netgear FVM318 | FVM318 Reference Manual - Page 12
    xii
  • Netgear FVM318 | FVM318 Reference Manual - Page 13
    Thank your for purchasing the NETGEAR® FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. This manual describes the features of the firewall and provides installation and configuration instructions. Audience This reference manual assumes that the reader has intermediate to advanced computer
  • Netgear FVM318 | FVM318 Reference Manual - Page 14
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest. Warning: This format is used to
  • Netgear FVM318 | FVM318 Reference Manual - Page 15
    access for up to 253 users. Applying the full strength of Internet Protocol Security (IPSec) encryption across the wireless network, the FVM318 firewall provides a level of wireless security unmatched by other wireless routers that use WEP encryption. Virtual Private Networking (VPN) The FVM318
  • Netgear FVM318 | FVM318 Reference Manual - Page 16
    to your LAN. • Blocks access from your LAN to Internet locations or services that you specify as off-limits. • Logs security incidents. The FVM318 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log
  • Netgear FVM318 | FVM318 Reference Manual - Page 17
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The firewall incorporates Auto UplinkTM technology. Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a 'normal' connection such as to a PC or an '
  • Netgear FVM318 | FVM318 Reference Manual - Page 18
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The firewall contains a client that can connect to a Dynamic DNS service to
  • Netgear FVM318 | FVM318 Reference Manual - Page 19
    following items: • FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. • AC power adapter. • Category 5 (CAT5) Ethernet cable. • FVM318 Resource CD, including: - This manual. - Application Notes, Tools, and other helpful information. - SafeNet SoftRemote Basic VPN client software. • Warranty
  • Netgear FVM318 | FVM318 Reference Manual - Page 20
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall You can use some of the LEDs to identify the status of the firewall and verify connections. Table 1-1 describes each LED on the front panel of the firewall. These LEDs are green when lit, except for the TEST LED,
  • Netgear FVM318 | FVM318 Reference Manual - Page 21
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The Firewall's Rear Panel The rear panel of the FVM318 (Figure 1-2) contains the connections identified below. LOCAL 10/100M 8 7 6 5 4 3 2 2 1 IN TERN ET 12VDC O.5A OFF ON Figure 1-2: FVM318 Rear
  • Netgear FVM318 | FVM318 Reference Manual - Page 22
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1-8 Introduction
  • Netgear FVM318 | FVM318 Reference Manual - Page 23
    on your Local Area Network (LAN), connect to the Internet, perform basic configuration of your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall using the Setup Wizard, or how to manually configure your Internet connection. What You Will Need Before You Begin You need to prepare these
  • Netgear FVM318 | FVM318 Reference Manual - Page 24
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The cable or DSL modem broadband access firewall to the Internet: • Host and Domain Names. • ISP Login Name and Password. • ISP Domain Name Server (DNS) Addresses. • Fixed IP Address which is also known as Static IP Address
  • Netgear FVM318 | FVM318 Reference Manual - Page 25
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 2-1: Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case
  • Netgear FVM318 | FVM318 Reference Manual - Page 26
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Connecting the FVM318 to Your LAN This section provides instructions for connecting the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall to your LAN. The Resource CD included with your firewall contains an
  • Netgear FVM318 | FVM318 Reference Manual - Page 27
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall c. Connect the Ethernet cable (A) from the modem to the FVM318's Internet port. A LO CA L 10/ 100M 8 7 6 5 4 3 2 2 1 IN TER N ET 12V DC O .5A O FF ON Model FVM318 Wireless VPN Security Firewall
  • Netgear FVM318 | FVM318 Reference Manual - Page 28
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: The FVM318 firewall incorporates Auto UplinkTM technology. Each LAN Ethernet port will automatically sense whether the cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC)
  • Netgear FVM318 | FVM318 Reference Manual - Page 29
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall A login window opens like the one shown below. Figure 2-5: Login window b. For security reasons, the firewall has its own user name and password. When prompted, enter admin for the firewall user name and password
  • Netgear FVM318 | FVM318 Reference Manual - Page 30
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall a. You are now connected to the firewall. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu. b. Click Next and follow the steps in the Setup Wizard for inputting the
  • Netgear FVM318 | FVM318 Reference Manual - Page 31
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall PPPoE Wizard-Detected Option If the Setup Wizard discovers that your ISP uses PPPoE, you will see this menu: Figure 2-7: Setup Wizard menu for PPPoE accounts • Enter the Account Name, Domain Name, Login, and password
  • Netgear FVM318 | FVM318 Reference Manual - Page 32
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Dynamic IP Wizard-Detected Option If the Setup Wizard discovers that your ISP uses Dynamic IP assignment, you will see this menu: Figure 2-8: Setup Wizard menu for Dynamic IP address accounts • Enter your Account
  • Netgear FVM318 | FVM318 Reference Manual - Page 33
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Fixed IP Account Wizard-Detected Option If the Setup Wizard discovers that your ISP uses Fixed IP assignment, you will see this menu: Figure 2-9: Setup Wizard menu for Fixed IP address accounts • Fixed IP is also
  • Netgear FVM318 | FVM318 Reference Manual - Page 34
    FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. ISP Does Not Require Login
  • Netgear FVM318 | FVM318 Reference Manual - Page 35
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 2-3: Configuring the Internet Connection Manually You can manually configure the firewall using the Basic Settings menu shown in Figure 2-10 using these steps: 1. Log in to the firewall at its default address
  • Netgear FVM318 | FVM318 Reference Manual - Page 36
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 4. If your Internet connection does require a login, fill in the settings according to the instructions below. Select Yes if you normally must launch a login program such as Enternet or WinPOET in order to access
  • Netgear FVM318 | FVM318 Reference Manual - Page 37
    This chapter describes how to configure the wireless features of your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. Considerations For A Wireless Network In planning your wireless network, you should consider the level of security required. You should also select the physical
  • Netgear FVM318 | FVM318 Reference Manual - Page 38
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Implement Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security
  • Netgear FVM318 | FVM318 Reference Manual - Page 39
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Understanding Wireless Settings To configure the Wireless settings of your firewall, click the Wireless link in the main menu of the browser interface. The Wireless Settings menu will appear, as shown below.
  • Netgear FVM318 | FVM318 Reference Manual - Page 40
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Restricting Access Based on the Wireless Card Access List Figure 3-3: Wireless Card Access List menu This setting determines which hardware devices will be allowed to connect to the firewall. • Everyone. The FVM318
  • Netgear FVM318 | FVM318 Reference Manual - Page 41
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall If your wireless adapter default. Aggressive Mode is required when you use the SafeNet SoftRemote Basic VPN Client for Windows which is included on the FVM318 Resource CD. • Select the Encryption Protocol. Wireless
  • Netgear FVM318 | FVM318 Reference Manual - Page 42
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Figure 3-6: IPSec encryption protocol DES is the least strong and AES - 256 is the strongest. AES - 256 is the default. The SafeNet SoftRemote Basic VPN Client for Windows requires either 3DES or AES - 256. - DES
  • Netgear FVM318 | FVM318 Reference Manual - Page 43
    Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall WEP provides some degree of privacy, but can be defeated without great difficulty. If WEP is enabled, you can manually or automatically program the four data encryption keys. These values must be identical on all PCs and access points in
  • Netgear FVM318 | FVM318 Reference Manual - Page 44
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1. Log in to the FVM318 firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up.
  • Netgear FVM318 | FVM318 Reference Manual - Page 45
    Restrict Wireless Access by MAC Address To restrict access based on MAC addresses, follow these steps: 1. Log in to the FVM318 firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password
  • Netgear FVM318 | FVM318 Reference Manual - Page 46
    , follow these steps: 1. Log in to the FVM318 firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up. 2. Click the Wireless Settings link in the main menu of the
  • Netgear FVM318 | FVM318 Reference Manual - Page 47
    for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. From the Security Encryption menu drop-down list, select the WEP encryption type you will use. Figure 3-11. Wireless Settings encryption menu 4. You can manually or automatically program the four data encryption keys. These
  • Netgear FVM318 | FVM318 Reference Manual - Page 48
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Configuring IPSec Wireless Connections Unique to the FVM318, you have the option of using the highly secure VPN communications protocols over your wireless connection. Wireless VPN Tunnel VPN client software FVM318
  • Netgear FVM318 | FVM318 Reference Manual - Page 49
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 3-4: Configure Basic IPSec Wireless Connections The SafeNet SoftRemote Basic VPN client installer program is on the FVM318 Resource CD. Observe the following guidelines when using the SafeNet SoftRemote Basic VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 50
    the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall d. Click Add to display the IPSec client setting menu, as shown below. Figure 3-14. IPSec Client Settings menu e. Enter a descriptive name for this PC in Connection Name. This name is for your convenience only, and is not used in the
  • Netgear FVM318 | FVM318 Reference Manual - Page 51
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall At this point, the SafeNet icon has a diagonal red bar through it, indicating that the VPN client is currently disabled. 3. Configure the SoftRemote Basic VPN Client. a. In the taskbar tray, right-click on the
  • Netgear FVM318 | FVM318 Reference Manual - Page 52
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall b. In most cases, you can leave the IPSec Gateway as "LAN Gateway", which indicates the firewall. If you are not using the firewall as your network's default gateway, change IPSec Gateway to indicate either the IP Address
  • Netgear FVM318 | FVM318 Reference Manual - Page 53
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall This will cause a continuous ping to be sent to the firewall. Within thirty seconds, the ping response should change from timed out to reply. Figure 3-20. Ping results At this point, the SafeNet tray icon should
  • Netgear FVM318 | FVM318 Reference Manual - Page 54
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 3-5: Configuring the SoftRemoteLT Full Client To configure a policy for a secure local wireless connection to the FVM318 firewall using the SoftRemoteLT client, use the FVM318 configuration from "
  • Netgear FVM318 | FVM318 Reference Manual - Page 55
    VPN tunnel. g. Check Connect using Secure Gateway Tunnel. h. Select Any in the ID Type menu below the checkbox. i. Select Gateway IP Address in the box to the right of ID Type. j. Enter the LAN IP Address of the FVM318 firewall in the lower right box (usually 192.168.0.1). Wireless Configuration
  • Netgear FVM318 | FVM318 Reference Manual - Page 56
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 4. Configure the Security Policy. Note: These settings do not depend on your network configuration information. a. In the Network Security Policy list on the left side of the Security Policy Editor window, expand
  • Netgear FVM318 | FVM318 Reference Manual - Page 57
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall a. Click on My Identity in the Network Security Policy list on the left side of the Security Policy Editor window. Figure 3-25. SafeNet Security Policy Editor edit identity menu b. Choose None in the Select
  • Netgear FVM318 | FVM318 Reference Manual - Page 58
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall b. Expand the Authentication subheading by double clicking its name or clicking on the "+" symbol. Then select Proposal 1 below Authentication. c. Select Pre-Shared key in the
  • Netgear FVM318 | FVM318 Reference Manual - Page 59
    describes how to use the basic firewall features of the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall to protect your network. Protecting Access to Your FVM318 firewall For security reasons, the firewall has its own user name and password to protect access to its configuration menus
  • Netgear FVM318 | FVM318 Reference Manual - Page 60
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 2. From the main menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown below. Figure 4-1: Set Password menu 3. To change the password, first enter the old password
  • Netgear FVM318 | FVM318 Reference Manual - Page 61
    the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 4-2: Changing the Administrator Login Timeout For security, the administrator's login to the firewall configuration will timeout after a period of inactivity. To change the login timeout period: 1. In the Set Password menu
  • Netgear FVM318 | FVM318 Reference Manual - Page 62
    ProSafe Wireless VPN Security Firewall Procedure 4-3: Blocking Functions, Keywords, and Sites The FVM318 firewall allows you to restrict access to Internet content based on functions such as Java or Cookies, Web addresses and Web address keywords. 1. Log in to the firewall at its default LAN address
  • Netgear FVM318 | FVM318 Reference Manual - Page 63
    that PC with a fixed IP address. Blocking Services Firewalls are used to regulate specific traffic passing through from one side of the firewall to the other. You can restrict outbound (LAN to WAN) traffic to what outside resources you want local users to be able to access. In addition to the kind
  • Netgear FVM318 | FVM318 Reference Manual - Page 64
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 4-4: Configuring Services Blocking 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password
  • Netgear FVM318 | FVM318 Reference Manual - Page 65
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The parameters are: • Service. From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add Services
  • Netgear FVM318 | FVM318 Reference Manual - Page 66
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 4-5: Setting Your Time Zone In order to localize the time for your log entries, you must specify your Time Zone: 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user
  • Netgear FVM318 | FVM318 Reference Manual - Page 67
    Services menu or port forwarding in the Ports menu, you can set up a schedule for when blocking occurs or when access isn't restricted. 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever
  • Netgear FVM318 | FVM318 Reference Manual - Page 68
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 4-10 Protecting Your Network
  • Netgear FVM318 | FVM318 Reference Manual - Page 69
    VPN client software Wireless workstation with VPN client software FVM318 Cable/DSL ProSafe WirelessVPN Security Firewall PWR TEST IN TER N ET LNK W LA N LO CA L MODEL FVM318 100 ACT Enable LNK/ACT 1 2 3 4 5 6 7 8 VPN Server or VPN Router Figure 5-1: Secure access through VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 70
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall access to network resources when NAT is enabled and remote computers have been assigned private IP addresses. In this configuration, based on the remote LAN IP and subnet mask addresses specified in the VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 71
    VPN encryption will you use, 56 bit DES, 168 bit 3DES, AES (128, 192, or 256)? Longer keys are more secure but the throughput will be slower if the other endpoint encrypts via software rather than the hardware-based encryption in the FVM318 firewall. For instructions on configuring wireless VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 72
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 5-1: Configuring a Network to Network VPN Tunnel Follow this procedure to configure a VPN tunnel between two LANs via a FVM318 at each end. LAN A VPN Tunnel LAN B Cable/DSL ProSafeWirelessVPN Security
  • Netgear FVM318 | FVM318 Reference Manual - Page 73
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1. Set up the two LANs to have different IP address ranges. This procedure uses the settings in the configuration worksheet above. To configure your network, print and fill out the blank "Network to Network IKE VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 74
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 2. Configure the VPN settings on each FVM318. a. From Setup section of the main menu of the FVM318, click the VPN Settings link. Click Add. The VPN Settings - Main Mode window opens as shown below: LAN A LAN B
  • Netgear FVM318 | FVM318 Reference Manual - Page 75
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Remote LAN IP Address in the FVM318 on LAN B: 192.168.3.1 and Remote Subnet Mask in the FVM318 on LAN B: 255.255.255.0 This is the LAN IP Address for the FVM318 on LAN A. • Remote WAN IP Address in the FVM318 on
  • Netgear FVM318 | FVM318 Reference Manual - Page 76
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. Check the VPN Connection To check the VPN Connection, you can initiate a request from one network to the other. If one FVM318 has a dynamically assigned WAN IP address, you must initiate the request from that FVM318
  • Netgear FVM318 | FVM318 Reference Manual - Page 77
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: If your situation is different, for example, if you wish to use different VPN client software, please see http://www.netgear.com/docs for additional VPN configuration information. LAN A VPN Tunnel Cable/
  • Netgear FVM318 | FVM318 Reference Manual - Page 78
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1. Configure the VPN Tunnel on the FVM318 on LAN A. To configure the firewall, follow these steps: a. From the Setup Menu, click the VPN Settings link, then click Add to configure a new VPN tunnel. The VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 79
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: Only one side can have a dynamic IP address, and that side must always initiate the connection. c. Under Secure Association, select Main Mode and fill in the settings below. • Enable Perfect Forward Secrecy.
  • Netgear FVM318 | FVM318 Reference Manual - Page 80
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Figure 5-9: Security Policy Editor New Connection b. Add a new connection • Run the SafeNet Security Policy Editor program and, using the "PC to Network VPN Tunnel Configuration Worksheet" on page 5-9, create a VPN
  • Netgear FVM318 | FVM318 Reference Manual - Page 81
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall c. Configure the Security Policy in the SafeNet VPN Client Software. • In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the "+" symbol. My Identity and Security
  • Netgear FVM318 | FVM318 Reference Manual - Page 82
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall d. Configure the Global Policy Settings. Figure 5-11: Security Policy Editor Global Policy Options • From the Options menu at the top of the Security Policy Editor window, select Global Policy Settings. •
  • Netgear FVM318 | FVM318 Reference Manual - Page 83
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Figure 5-12: Security Policy Editor My Identity • Choose None in the Select Certificate menu. • Select IP Address in the ID Type menu. If you are using a virtual fixed IP address, enter this address in the
  • Netgear FVM318 | FVM318 Reference Manual - Page 84
    at the top of the Security Policy Editor window, select Save Changes. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router's LAN. 5-16 Virtual Private
  • Netgear FVM318 | FVM318 Reference Manual - Page 85
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. Check the VPN Connection. To check the VPN Connection, you can initiate a request from the remote PC to the FVM318's network. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the
  • Netgear FVM318 | FVM318 Reference Manual - Page 86
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Monitoring the PC VPN Connection Using SafeNet Tools Information on the progress and status of the VPN client connection can be viewed by opening the SafeNet Connection Monitor or Log Viewer. To launch these
  • Netgear FVM318 | FVM318 Reference Manual - Page 87
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • The FVM318 has a public IP WAN address of 134.177.100.11 • The FVM318 has a LAN IP address of 192.168.0.1 • The VPN client PC has a dynamically assigned address of 12.236.5.184 • The VPN client PC is using a "
  • Netgear FVM318 | FVM318 Reference Manual - Page 88
    for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Figure 5-17: VPN Edit menu for Manual Keying 2. Incoming SPI - Enter a Security Parameter Index that the remote host will send to identify the Security Association (SA). This will be the remote host's Outgoing SPI. 3. Outgoing
  • Netgear FVM318 | FVM318 Reference Manual - Page 89
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 4. For Encryption Protocol, select one: Figure 5-18: VPN encryption options a. Null - Fastest, but no security. b. DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting
  • Netgear FVM318 | FVM318 Reference Manual - Page 90
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Blank VPN Tunnel Configuration Worksheets The blank configuration worksheets below are provided to aid you in collecting and recording the parameters used in the VPN configuration procedure. Table 5-1: Network
  • Netgear FVM318 | FVM318 Reference Manual - Page 91
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Table 5-2: PC to Network IKE VPN Tunnel Settings Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: PreShared Key: Secure Association -- Main Mode or Aggressive Mode: Perfect
  • Netgear FVM318 | FVM318 Reference Manual - Page 92
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 5-24 Virtual Private Networking
  • Netgear FVM318 | FVM318 Reference Manual - Page 93
    how to perform network management tasks with your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. Network Management Information The FVM318 firewall provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the main menu
  • Netgear FVM318 | FVM318 Reference Manual - Page 94
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The Router Status menu provides a limited amount of status and usage information. From the main menu of the browser interface, under Maintenance, select Router Status to view the status screen shown in Figure
  • Netgear FVM318 | FVM318 Reference Manual - Page 95
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Click on the "Show Statistics" button to display firewall usage statistics, as shown in Figure 6-2 below: Figure 6-2. Router Statistics screen This screen shows the following statistics:. Table 6-2. Router
  • Netgear FVM318 | FVM318 Reference Manual - Page 96
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the main menu of the browser interface, under the Maintenance
  • Netgear FVM318 | FVM318 Reference Manual - Page 97
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Viewing, Selecting, and Saving Logged Information The firewall will log security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering
  • Netgear FVM318 | FVM318 Reference Manual - Page 98
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Log entries are described in Table 6-5 Table 6-5: Security Log entry descriptions Field Date and Time Description or Action Source IP Source port and interface Destination Destination port and interface
  • Netgear FVM318 | FVM318 Reference Manual - Page 99
    FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Router operation (start up, get time, etc.) • Known DoS attacks and Port Scans Enabling SYSLOG You can choose to write the logs to a PC running a SYSLOG program. To activate this feature, check the box under Syslog and enter the IP address
  • Netgear FVM318 | FVM318 Reference Manual - Page 100
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Enabling Security Event E-mail Notification In you wish to receive e-mail logs and alerts from the firewall. • Your outgoing mail server Enter the name or IP address of your ISP's outgoing (SMTP) mail server (such
  • Netgear FVM318 | FVM318 Reference Manual - Page 101
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Send to this e-mail address Enter the e-mail address to which logs and alerts are sent. This e-mail address will also be used as the From address. If you leave this box blank, log and alert messages will not be
  • Netgear FVM318 | FVM318 Reference Manual - Page 102
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 2. From the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password and LAN address you have chosen for the firewall
  • Netgear FVM318 | FVM318 Reference Manual - Page 103
    , the firewall's administrator user name will be admin, the password will be password, the LAN IP address will be 192.168.0.1, and the router's DHCP client will be enabled. To restore the factory default configuration settings without knowing the login password or IP address, you must use the reset
  • Netgear FVM318 | FVM318 Reference Manual - Page 104
    Remote Management Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your NETGEAR Cable/DSL ProSafe VPN Firewall. Note: Be sure to change the router's default password to a very secure password. The ideal password should
  • Netgear FVM318 | FVM318 Reference Manual - Page 105
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. Specify what external addresses will be allowed to access the firewall's remote management. For security, NETGEAR recommends that you restrict access to as few external IP addresses as practical. a. To allow access
  • Netgear FVM318 | FVM318 Reference Manual - Page 106
    Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 6-5: Router Upgrade 1. Download and unzip the new software file from NETGEAR. 2. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using
  • Netgear FVM318 | FVM318 Reference Manual - Page 107
    The FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall provides a variety of advanced features, such as: • Setting up a Demilitarized Zone (DMZ) Server • The flexibility of configuring your LAN TCP/IP settings These features are discussed below. Setting Up A Default DMZ Server The Default DMZ
  • Netgear FVM318 | FVM318 Reference Manual - Page 108
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall To assign a computer or server to be a Default DMZ server: 1. Click Default DMZ Server. 2. Type the IP address for that server. 3. Click Apply. Respond to Ping on Internet WAN Port If you want the firewall to
  • Netgear FVM318 | FVM318 Reference Manual - Page 109
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The LAN TCP/IP Setup parameters are: • IP Address This is the LAN IP address of the firewall. • IP Subnet Mask This is the LAN Subnet Mask of the firewall. Combined with the IP address, the IP Subnet Mask allows a
  • Netgear FVM318 | FVM318 Reference Manual - Page 110
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall MTU Size The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs, particularly some using PPPoE, you may need to reduce the MTU. This is rarely required, and should not
  • Netgear FVM318 | FVM318 Reference Manual - Page 111
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Primary DNS Server, if you entered a Primary DNS address in the Basic Settings menu; otherwise, the firewall's LAN IP address • Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings
  • Netgear FVM318 | FVM318 Reference Manual - Page 112
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 7-2: Configuring LAN TCP/IP Settings 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password
  • Netgear FVM318 | FVM318 Reference Manual - Page 113
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Configuring Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your
  • Netgear FVM318 | FVM318 Reference Manual - Page 114
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. Using Static Routes Static
  • Netgear FVM318 | FVM318 Reference Manual - Page 115
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • A Metric value of 1 will work since the ISDN router is on the LAN. This represents the number of routers between your network and the destination. This is a direct connection so it is set to 1. • Private is
  • Netgear FVM318 | FVM318 Reference Manual - Page 116
    FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall b. Type a route name for this static route in the Route Name box under the table. This is for identification purpose only. c. Click the Active check box to make this route effective. d. Click the Private check box if you want to limit access
  • Netgear FVM318 | FVM318 Reference Manual - Page 117
    about troubleshooting your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to "Basic Functions" on page 8-1. • I can't access the firewall's configuration
  • Netgear FVM318 | FVM318 Reference Manual - Page 118
    configuration to factory defaults. This will set the firewall's IP address to 192.168.0.1. This procedure is explained in "Using the Default Reset button" on page 8-8. If the error persists, you might have a hardware problem and should contact technical support. Local or Internet Port Link LEDs Not
  • Netgear FVM318 | FVM318 Reference Manual - Page 119
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Be sure you are using the correct cable: - When connecting the firewall's Internet port to a cable or DSL modem, use the cable that was supplied with the cable or DSL modem. This cable could be a standard
  • Netgear FVM318 | FVM318 Reference Manual - Page 120
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Click the Refresh or Reload button in the Web browser. The changes may have occurred, but the Web browser may be caching the old configuration. Troubleshooting the ISP Connection If your firewall is unable to access
  • Netgear FVM318 | FVM318 Reference Manual - Page 121
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Your ISP only allows one Ethernet MAC address to connect to Internet, and may check for your PC's MAC address. In this case: Inform your ISP that you have bought a new network device, and ask them to use the firewall
  • Netgear FVM318 | FVM318 Reference Manual - Page 122
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 8-5: Testing the LAN Path to Your Firewall You can ping the firewall from your PC to verify that the LAN path to your firewall is set up correctly. To ping the firewall from a PC running Windows 95 or
  • Netgear FVM318 | FVM318 Reference Manual - Page 123
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 8-6: Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. From the Windows run menu, type: PING -n 10
  • Netgear FVM318 | FVM318 Reference Manual - Page 124
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Use the Default Reset button on the rear panel of the firewall. Use this method for cases when the administration password or IP address is not known. Procedure 8-7: Using the Default Reset button To restore the
  • Netgear FVM318 | FVM318 Reference Manual - Page 125
    Appendix A Technical Specifications This appendix provides technical specifications for the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP, PPTP, Telstra BigPond, PPP over Ethernet (
  • Netgear FVM318 | FVM318 Reference Manual - Page 126
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Electromagnetic Emissions Meets requirements of: Interface Specifications Local: Internet: Wireless Radio Data Rate Frequency Data Encoding: 802.11b Operating Range Maximum Computers Per Wireless Network: 802.11b
  • Netgear FVM318 | FVM318 Reference Manual - Page 127
    expense, Internet access is usually provided use of the slower WAN link, a mechanism must be in place for selecting and transmitting only the data traffic meant for the Internet. The function of selecting and forwarding this data is performed by a router. Network, Routing, Firewall, and Wireless
  • Netgear FVM318 | FVM318 Reference Manual - Page 128
    types of physical WAN connection they support. The FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall is a small office router that routes the IP protocol over a single-user broadband connection. Routing Information Protocol One of the protocols used by a router to build and maintain a picture
  • Netgear FVM318 | FVM318 Reference Manual - Page 129
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 195.34.12.7 The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the
  • Netgear FVM318 | FVM318 Reference Manual - Page 130
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node. They are in this range: 192.0.1.x to 223.
  • Netgear FVM318 | FVM318 Reference Manual - Page 131
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash ( / ), as
  • Netgear FVM318 | FVM318 Reference Manual - Page 132
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits
  • Netgear FVM318 | FVM318 Reference Manual - Page 133
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Table 8-2. Netmask Formats 255.255.255.0 /24 255.255.255.128 /25 255.255.255.192 /26 255.255.255.224 /27 255.255.255.
  • Netgear FVM318 | FVM318 Reference Manual - Page 134
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is
  • Netgear FVM318 | FVM318 Reference Manual - Page 135
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall MAC Addresses and Address Resolution Protocol An IP address alone cannot be used to deliver data from one LAN device to another. To send data between LAN devices, you must convert the IP address of the destination
  • Netgear FVM318 | FVM318 Reference Manual - Page 136
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall When a PC accesses a resource by its descriptive name, it first contacts a DNS server to obtain the IP address of the resource. The PC sends the desired message using the IP address. Many large organizations, such
  • Netgear FVM318 | FVM318 Reference Manual - Page 137
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for
  • Netgear FVM318 | FVM318 Reference Manual - Page 138
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Wireless Networking The FVM318 firewall conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard for wireless LANs (WLANs). On an 802.11b wireless link, data is encoded using
  • Netgear FVM318 | FVM318 Reference Manual - Page 139
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple Access Points via a wired
  • Netgear FVM318 | FVM318 Reference Manual - Page 140
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 2. The station listens for messages from any access points that are in range. 3. The station finds a message from an access point that has a matching SSID. 4. The station sends an authentication request to the access point
  • Netgear FVM318 | FVM318 Reference Manual - Page 141
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall This process is illustrated in below. 802.11b Authentication Open System Steps 1) Authentication request sent to AP 2) AP authenticates Client attempting to connect 3) Client connects to network Access Point
  • Netgear FVM318 | FVM318 Reference Manual - Page 142
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall This process is illustrated in below. 802.11b Authentication Shared Key Steps 1) Authentication request sent to AP Access Point 2) AP sends challenge text Client 3) Client encrypts attempting challenge text
  • Netgear FVM318 | FVM318 Reference Manual - Page 143
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Key Size The IEEE 802.11b standard supports wireless network as identified by the SSID. In general, if your mobile clients will roam between access points, then all of the 802.11b access points and all of the 802.11b client
  • Netgear FVM318 | FVM318 Reference Manual - Page 144
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: The AP and the client adapters can have different default WEP Keys as long as the keys are in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a client adapter can use
  • Netgear FVM318 | FVM318 Reference Manual - Page 145
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: The available channels supported by the wireless products in various countries are different. The preferred channel separation between the channels in neighboring wireless networks is 25 MHz (5 channels).
  • Netgear FVM318 | FVM318 Reference Manual - Page 146
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall When connecting a PC to a PC, or a hub port to another hub port port, allowing that port to be connected to another hub using a normal Ethernet cable. The second method is to use to a router, switch, or hub). That port will
  • Netgear FVM318 | FVM318 Reference Manual - Page 147
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall How Does VPN Work? A VPN can be thought of as a secure tunnel passing through the Internet, connecting two devices such as a PC or router, which form the two tunnel endpoints. At one endpoint, data is encapsulated
  • Netgear FVM318 | FVM318 Reference Manual - Page 148
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Exchange keys • Keep track of the agreements • Negotiate the protocols, algorithms and keys to be used between the two IPSec hosts • Securely update and renegotiate SAs when they have expired. IKE functions
  • Netgear FVM318 | FVM318 Reference Manual - Page 149
    , running VPN client software. The NETGEAR VPN-enabled router on your network is the other tunnel endpoint, as shown below. CLIENT A TA LN T A B AY SC ATLR NA INTERNET VPN ROUTER LAN Figure 8-7: Client to LAN access through VPN router Network, Routing, Firewall, and Wireless Basics B-23
  • Netgear FVM318 | FVM318 Reference Manual - Page 150
    Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall In some cases, the client PC may connect to the Internet through a local non-VPN-enabled router, as shown below: CLIENT A TA LN T A B AY SC ATLR NA SIM PLE ROUTER INTERNET VPN ROUTER LAN Figure 8-8: Client to LAN access through
  • Netgear FVM318 | FVM318 Reference Manual - Page 151
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Relevant RFCs listed numerically: • Internet IP Security Domain of Interpretation for ISAKMP, November 1998. • [RFC 2474] K. Nichols, S. Blake, F. Baker, D. Black, Definition of the Differentiated Services Field
  • Netgear FVM318 | FVM318 Reference Manual - Page 152
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall B-26 Network, Routing, Firewall, and Wireless Basics
  • Netgear FVM318 | FVM318 Reference Manual - Page 153
    FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions
  • Netgear FVM318 | FVM318 Reference Manual - Page 154
    FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway
  • Netgear FVM318 | FVM318 Reference Manual - Page 155
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the
  • Netgear FVM318 | FVM318 Reference Manual - Page 156
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through
  • Netgear FVM318 | FVM318 Reference Manual - Page 157
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The
  • Netgear FVM318 | FVM318 Reference Manual - Page 158
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall By default, the IP Address tab is open on this window. Verify the following: • Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This
  • Netgear FVM318 | FVM318 Reference Manual - Page 159
    Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter. The window is updated to
  • Netgear FVM318 | FVM318 Reference Manual - Page 160
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk
  • Netgear FVM318 | FVM318 Reference Manual - Page 161
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Now the Network Connection window displays. The Connections List that shows all the network connections set up on the PC, located to the right of the window. • Right-click on the Connection with the wireless icon
  • Netgear FVM318 | FVM318 Reference Manual - Page 162
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The TCP/IP details are presented on the Support tab page. • Select Internet Protocol, and click Properties to view the configuration information. C-10 Preparing Your Network
  • Netgear FVM318 | FVM318 Reference Manual - Page 163
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP
  • Netgear FVM318 | FVM318 Reference Manual - Page 164
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Click on the My Network Places icon on the appears. • Verify that you have the correct Ethernet card selected in the Connect using: box. • Verify that at least the following two items are displayed and selected
  • Netgear FVM318 | FVM318 Reference Manual - Page 165
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. Verify that - Obtain an IP address automatically is selected. - Obtain DNS server address
  • Netgear FVM318 | FVM318 Reference Manual - Page 166
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Again, remember Cox only sets up TCP/IP dynamically (i.e., it uses
  • Netgear FVM318 | FVM318 Reference Manual - Page 167
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. Preparing Your Network C-15
  • Netgear FVM318 | FVM318 Reference Manual - Page 168
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in
  • Netgear FVM318 | FVM318 Reference Manual - Page 169
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • The default gateway is 192.168.0.1 4. Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked
  • Netgear FVM318 | FVM318 Reference Manual - Page 170
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall MacOS X 1. From the Apple menu, choose System Preferences, then Network. 2. If not already selected, select Built-in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab.
  • Netgear FVM318 | FVM318 Reference Manual - Page 171
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or
  • Netgear FVM318 | FVM318 Reference Manual - Page 172
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • An IP address and subnet mask • A gateway IP address, which is the address of the ISP's router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account's full
  • Netgear FVM318 | FVM318 Reference Manual - Page 173
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall If an IP address appears under Installed Gateways, write down the address. This is the ISP's gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration
  • Netgear FVM318 | FVM318 Reference Manual - Page 174
    Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Restarting the Network Once you've set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall
  • Netgear FVM318 | FVM318 Reference Manual - Page 175
    twisted pair wiring. 3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three different, unrelated keys. IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed
  • Netgear FVM318 | FVM318 Reference Manual - Page 176
    Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall DMZ DNS domain name Domain Name Server DSL Asymmetric Digital Subscriber Line Dynamic Host Configuration Protocol ESP ESSID gateway IETF IKE A Demilitarized Zone is used by a company that wants to host its own Internet services without
  • Netgear FVM318 | FVM318 Reference Manual - Page 177
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall IP Internet Protocol. The main internetworking protocol used in the Internet. Used in conjunction with the Transfer Control Protocol (TCP) to form TCP/IP. IP Address A four-position number uniquely defining
  • Netgear FVM318 | FVM318 Reference Manual - Page 178
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall netmask Network Address Translation packet PPP PPP over Ethernet PPTP PSTN Point-to-Point Protocol RFC RIP router Routing Information Protocol SSID A number that explains which part of an IP address comprises
  • Netgear FVM318 | FVM318 Reference Manual - Page 179
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall subnet mask UPnP Universal Plug and Play URL UTP VPN WAN WEB Proxy Server WEP wide area network Wi-Fi Windows Internet Naming Service See netmask. See Universal Plug and Play. UPnP. A networking architecture
  • Netgear FVM318 | FVM318 Reference Manual - Page 180
    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Wireless Network Name (SSID) WINS Wireless Network Name (SSID). The name assigned to a wireless network. This is the same as the SSID or ESSID configuration parameter. There can be multiple wireless networks in
  • Netgear FVM318 | FVM318 Reference Manual - Page 181
    support 1-iii D date and time 8-8 Daylight Savings Time 4-9, 8-8 daylight savings time 4-9 Default DMZ Server 7-1 default reset button 8-8 Denial of Service (DoS) protection 1-2, 4-3 denial of service attack B-11 DES 3-6 DHCP 1-3, 7-4, B-10 DHCP Client ID C-17 DHCP Setup field, Ethernet Setup
  • Netgear FVM318 | FVM318 Reference Manual - Page 182
    Wireless Connections 3-12 ISP 2-1 J Java 4-3 K Key Life 5-7, 5-11 L LAN IP Setup Menu 5-5, 7-6 LEDs description 1-6 troubleshooting 8-2 log sending 6-8 Log Viewer 5-18 M MAC address 8-7, B-9 spoofing 2-13, 8-5 MAC address filter 3-10 Macintosh C-20 configuring for IP networking C-17 DHCP Client
  • Netgear FVM318 | FVM318 Reference Manual - Page 183
    factory settings 6-10 Restrict Wireless Access by MAC Address 3-9 RFC 1466 B-7, B-9 1597 B-7, B-9 1631 B-8, B-9 finding B-7 RIP (Router Information Protocol) 7-3 router concepts B-1 Routing Information Protocol 1-3, B-2 S SA 5-3, B-21 SafeNet Secure VPN Client 5-8 Secondary DNS Server 2-9, 2-10
  • Netgear FVM318 | FVM318 Reference Manual - Page 184
    V VPN 1-1 W web proxy 4-3 WEP B-13 Wi-Fi B-12 Windows, configuring for IP routing C-2, C-7 winipcfg utility C-6 WinPOET C-19 WINS 7-5 Wired Equivalent Privacy. See WEP Wireless Access 2-3 Wireless Authentication 3-4 wireless authentication scheme 3-4 Wireless Card Access List 3-4 Wireless Encryption
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
SM-FVM318NA-0
December 2002
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
Reference Manual for the
Model FVM318 Cable/DSL
ProSafe Wireless VPN
Security Firewall