Netgear FVS318NA FVS318 Reference Manual

Netgear FVS318NA - ProSafe VPN Firewall Recertified Manual

Get Netgear FVS318NA - ProSafe VPN Firewall Recertified PDF manuals and user guides
UPC - 606449027969
View all Netgear FVS318NA manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVS318NA manual content summary:

  • Netgear FVS318NA | FVS318 Reference Manual - Page 1
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA M-10146-01 June 2003 M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 2
    on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. EN 55 022 Declaration of Conformance This is to certify that the FVS318 Broadband ProSafe VPN Firewall is shielded against the generation of radio interference in
  • Netgear FVS318NA | FVS318 Reference Manual - Page 3
    category (information equipment to be used in a residential area or instructions for correct handling. Technical Support Refer to the Support Information Card that shipped with your FVS318 Broadband ProSafe VPN Firewall . World Wide Web NETGEAR maintains a World Wide Web home page that you can access
  • Netgear FVS318NA | FVS318 Reference Manual - Page 4
    iv M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 5
    Use the HTML Version of this Manual 1-3 How to Print this Manual 1-4 Chapter 2 Introduction About the FVS318 ...2-1 Key Features ...2-1 Virtual Private Networking (VPN 2-1 A Powerful, True Firewall 2-2 Content Filtering ...2-2 Configurable Auto Uplink™ Ethernet Connection 2-2 Protocol Support
  • Netgear FVS318NA | FVS318 Reference Manual - Page 6
    Connection 3-13 Chapter 4 Protecting Your Network Protecting Access to Your FVS318 VPN Firewall 4-1 How to Change the Built-In Password 4-1 How to Change the Administrator Login Timeout 4-2 Using Basic Firewall Services 4-2 How to Block Keywords and Sites 4-3 How to Block or Allow Services
  • Netgear FVS318NA | FVS318 Reference Manual - Page 7
    How FVS318 VPN Tunnels Are Configured 6-2 Configuring VPN Network Connection Parameters 6-3 Configuring a SA Using IKE Main Mode 6-5 Configuring a SA Using IKE Aggressive Mode 6-6 Configuring a SA Using Manual Key Management 6-7 Planning a VPN ...6-9 How to Configure a Network to Network VPN
  • Netgear FVS318NA | FVS318 Reference Manual - Page 8
    the Web Configuration Interface 8-3 Troubleshooting the ISP Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your Firewall 8-6 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 Problems with
  • Netgear FVS318NA | FVS318 Reference Manual - Page 9
    11 Denial of Service Attack B-11 Ethernet Cabling ...B-11 Category 5 Cable Quality B-12 Inside Twisted Pair Cables B-13 Uplink Switches, Crossover Cables, and MDI/MDIX Switching B-14 Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking C-1 Configuring Windows 95, 98
  • Netgear FVS318NA | FVS318 Reference Manual - Page 10
    and Troubleshooting D-11 Additional Reading ...D-11 Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328 Configuration Profile ...E-1 Step-By-Step Configuration of FVS318 or FVM318 Gateway A E-2 Step-By-Step Configuration of FVL328 Gateway B E-5 Test the VPN Connection E-9 Appendix
  • Netgear FVS318NA | FVS318 Reference Manual - Page 11
    Test the VPN Connection F-8 Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 Configuration Profile ...G-1 The Use of a Fully Qualified Domain Name (FQDN G-2 Step-By-Step Configuration of FVS318 or FVM318 Gateway A G-3 Step-By-Step Configuration of FVL328 Gateway B G-7
  • Netgear FVS318NA | FVS318 Reference Manual - Page 12
    xii Contents M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 13
    Final Assembly Number Firmware Version Number Manual Part Number Manual Publication Date FVS318 Broadband ProSafe VPN Firewall FA-FVS318-02 1.4 M-10146-01 June 2003 Note: Product updates are available on the NETGEAR web site at www.netgear.com/support/main.asp. Documentation updates are available
  • Netgear FVS318NA | FVS318 Reference Manual - Page 14
    for the Model FVS318 Broadband ProSafe VPN Firewall Typographical Conventions This guide uses the following typographical conventions: Table 1. Typographical conventions italics bold times roman [Enter] SMALL CAPS Emphasis. User input. Named keys in text are shown enclosed in square brackets
  • Netgear FVS318NA | FVS318 Reference Manual - Page 15
    that precedes or follows the current topic. - The PDF button links to a PDF version of the full manual. - The E-mail button enables you to send feedback by e-mail to Netgear support. - The Print button prints the currently displayed topic. Using this button when a step-by-step procedure is displayed
  • Netgear FVS318NA | FVS318 Reference Manual - Page 16
    for the Model FVS318 Broadband ProSafe VPN Firewall How to Print this Manual To print this manual you man choose one of the following several options, according to your needs. • A "How To ... " Sequence of Steps in the HTML View. Use the Print button on the upper right of the toolbar to print the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 17
    of the NETGEAR FVS318 Broadband ProSafe VPN Firewall . About the FVS318 The FVS318 is a complete security solution that protects your network from attacks and intrusions. Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FVS318 uses Stateful
  • Netgear FVS318NA | FVS318 Reference Manual - Page 18
    firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the firewall to log and report attempts to access objectionable Internet sites. Configurable Auto Uplink™ Ethernet Connection With its internal 8-port 10/100 switch, the FVS318
  • Netgear FVS318NA | FVS318 Reference Manual - Page 19
    on your PC. • PPTP login support for European ISPs, BigPond login for Telstra cable in Australia. • Dynamic DNS Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The firewall contains a client that can connect to many
  • Netgear FVS318NA | FVS318 Reference Manual - Page 20
    Broadband ProSafe VPN Firewall Easy Installation and Management You can install, configure, and operate the FVS318 within minutes after connecting it to the network. The following features simplify installation and management tasks: • Browser-based management Browser-based configuration allows you
  • Netgear FVS318NA | FVS318 Reference Manual - Page 21
    the following items: • FVS318 Broadband ProSafe VPN Firewall • AC power adapter • Category 5 (CAT5) Ethernet cable • Resource CD (SW-10021-01), including: - This manual - Application Notes, Tools, and other helpful information • Warranty and registration card • Support information card If any of
  • Netgear FVS318NA | FVS318 Reference Manual - Page 22
    FVS318 Rear Panel Viewed from right to left, the rear panel contains the following elements: • Ground connector. • Factory Default Reset push button. • Eight Local Ethernet RJ-45 ports for connecting the firewall to the local computers. • Internet WAN Ethernet RJ-45 port for connecting the firewall
  • Netgear FVS318NA | FVS318 Reference Manual - Page 23
    . 3. The Internet Service Provider (ISP) configuration information for your DSL or Cable modem account. LAN Hardware Requirements The FVS318 VPN Firewall connects to your LAN via twisted-pair Ethernet cables. Computer Requirements To use the FVS318 VPN Firewall on your network, each computer must
  • Netgear FVS318NA | FVS318 Reference Manual - Page 24
    Macintosh computers, open the TCP/IP or Network control panel. • You may also refer to the FVS318 Resource CD (SW-10021-01) for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record
  • Netgear FVS318NA | FVS318 Reference Manual - Page 25
    for the Model FVS318 Broadband ProSafe VPN Firewall Worksheet for Recording Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly
  • Netgear FVS318NA | FVS318 Reference Manual - Page 26
    for the Model FVS318 Broadband ProSafe VPN Firewall How to Connect the FVS318 VPN Firewall This section provides instructions for connecting the FVS318 Broadband ProSafe VPN Firewall to your Local Area Network (LAN). Note: The Resource CD included with your firewall contains an animated Installation
  • Netgear FVS318NA | FVS318 Reference Manual - Page 27
    FVS318 VPN Firewall incorporates Auto UplinkTM technology. Each LAN Ethernet port will automatically sense whether the cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or hub). That port will then configure
  • Netgear FVS318NA | FVS318 Reference Manual - Page 28
    stop blinking. 2. Log in to the Firewall Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. Please refer to Appendix C, "Preparing Your Network" for instructions on how to do this. a. Turn on the firewall and wait for the Test light
  • Netgear FVS318NA | FVS318 Reference Manual - Page 29
    Model FVS318 Broadband ProSafe VPN Firewall A login window opens as shown in Figure 3-5 below: Figure 3-5: Login window Note: If you were unable to connect to the firewall, please refer to "Basic Functions" on page 8-1. d. For security reasons, the firewall has its own user name and password. When
  • Netgear FVS318NA | FVS318 Reference Manual - Page 30
    a login using PPPoE, DHCP, or Static (Fixed) IP connections. For PPTP or Telstra Bigpond Cable broadband, please refer to "How to Manually Configure Your Internet Connection" on page 3-13. • Connections which use dynamic IP address assignment. • Connections which use fixed IP address assignment
  • Netgear FVS318NA | FVS318 Reference Manual - Page 31
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall Wizard-Detected PPPoE Option If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet (PPPoE), you will be directed to a menu like the PPPoE menu in Figure 3-7: Figure 3-7: Setup
  • Netgear FVS318NA | FVS318 Reference Manual - Page 32
    on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Troubleshooting". Wizard-Detected Dynamic IP Option If the Setup Wizard determines that your Internet service account uses Dynamic IP assignment, you will be directed to
  • Netgear FVS318NA | FVS318 Reference Manual - Page 33
    your PCs after configuring the firewall. 3. The Router's MAC Address is the Ethernet MAC address that will be used by the firewall on the Internet port. If your ISP allows access from only one specific computer's Ethernet MAC address, select "Use this MAC address." The firewall will then capture
  • Netgear FVS318NA | FVS318 Reference Manual - Page 34
    to the firewall, then, from the Setup Basic Settings link, click on the Test button. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Troubleshooting. Your firewall is now configured to provide Internet access for your network. Your firewall automatically connects to the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 35
    the Model FVS318 Broadband ProSafe VPN Firewall How to Manually Configure Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. ISP Does Not Require Login ISP
  • Netgear FVS318NA | FVS318 Reference Manual - Page 36
    for the Model FVS318 Broadband ProSafe VPN Firewall 2. Click the Basic Settings link under the Setup section of the main menu. 3. If your Internet connection does not require a login, click No at the top of the Basic Settings menu and fill in the settings according to the instructions below. If your
  • Netgear FVS318NA | FVS318 Reference Manual - Page 37
    for the Model FVS318 Broadband ProSafe VPN Firewall a. Connections which require a login using protocols such as PPPoE, PPTP, Telstra Bigpond Cable broadband connections. Select your Internet service provider from the drop-down list. Figure 3-11: Basic Settings ISP list b. The screen will change
  • Netgear FVS318NA | FVS318 Reference Manual - Page 38
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall 3-16 M-10146-01 Connecting the Firewall to the Internet
  • Netgear FVS318NA | FVS318 Reference Manual - Page 39
    This chapter describes how to use the basic firewall features of the FVS318 Broadband ProSafe VPN Firewall to protect your network. Protecting Access to Your FVS318 VPN Firewall For security reasons, the firewall has its own user name and password. Also, after a period of inactivity for a set
  • Netgear FVS318NA | FVS318 Reference Manual - Page 40
    the Set Password menu, type a number in 'Administrator login times out' field.The suggested default value is 5 minutes. 2. Click Apply to save your changes or click Cancel to keep the current period. Using Basic Firewall Services Basic firewall services you can configure include access blocking and
  • Netgear FVS318NA | FVS318 Reference Manual - Page 41
    and Sites The FVS318 VPN Firewall allows you to restrict access to Internet content based on functions such as Java or Cookies, Web addresses and Web address keywords. 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of
  • Netgear FVS318NA | FVS318 Reference Manual - Page 42
    FVS318 Broadband ProSafe VPN Firewall 2. Click on the Block Sites link of the Security menu. Figure 4-2: Block Sites menu 3. To block ActiveX, Java, Cookies, or Web Proxy functions for all Internet sites URL is blocked, as is the newsgroup alt.pictures.xxx. • If
  • Netgear FVS318NA | FVS318 Reference Manual - Page 43
    IP packets. For example, a packet that is sent with destination port number 80 is an HTTP (Web server) request. 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password
  • Netgear FVS318NA | FVS318 Reference Manual - Page 44
    are not limited to these choices. Use the Add Services menu to add any additional services or applications that do not already appear. • Action. Choose how you would like this type of traffic to be handled. Allow always is the default and you can block always or choose to block or allow according to
  • Netgear FVS318NA | FVS318 Reference Manual - Page 45
    FVS318 already holds a list of many service port numbers, you are not limited to these choices. Use the procedure below to create your own service definitions. 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password
  • Netgear FVS318NA | FVS318 Reference Manual - Page 46
    for the Model FVS318 Broadband ProSafe VPN Firewall 2. Click on the Add Service link of the Security menu to display the Services list shown in Figure 4-5: Figure 4-5: Services table • To create a new entry, click the Add Custom Service button. • To edit an existing entry, select its button on
  • Netgear FVS318NA | FVS318 Reference Manual - Page 47
    for the Model FVS318 Broadband ProSafe VPN Firewall 3. Modify the menu shown below for defining or editing a service. Figure 4-6: Add Services menu The parameters are: • Name. This name will appear in the drop-down list services to be allowed or blocked in the Add Block Service menu as seen in
  • Netgear FVS318NA | FVS318 Reference Manual - Page 48
    User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. 2. Click on the Schedule link of the Security menu to display menu shown below. Figure 4-7: Schedule Services menu 4-10 M-10146-01 Protecting Your Network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 49
    in the Block Services menu or Port forwarding in the Ports menu, you can set up a schedule for when blocking occurs or when access isn't restricted. 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using
  • Netgear FVS318NA | FVS318 Reference Manual - Page 50
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall 4-12 M-10146-01 Protecting Your Network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 51
    Settings The FVS318 Broadband ProSafe VPN Firewall provides a variety of advanced features, such as: • Setting up a Demilitarized Zone (DMZ) Server. • Port forwarding for enabling networked gaming and various Internet services. • Universal Plug and Play (UPnP) support to make accessing various games
  • Netgear FVS318NA | FVS318 Reference Manual - Page 52
    are necessary for your network. How to Configure Port Forwarding to Local Servers 1. Log in to the Firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for
  • Netgear FVS318NA | FVS318 Reference Manual - Page 53
    it using the Add Service menu as described on "How to Block or Allow Services" on page 4-5. 3. Type the IP address of the computer in the Server IP Address box. 4. Click Apply. Note: You may forward more than one type of service to a single computer or server. Advanced WAN and LAN Configuration
  • Netgear FVS318NA | FVS318 Reference Manual - Page 54
    In this case, you can also consider using a dynamic DNS service provider which enables your FVS318 to use a Fully Qualified Domain Name as its Internet address. Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. • If the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 55
    with LAN IP Settings The LAN IP Setup menu allows configuration of LAN IP services such as UPnP, DHCP and RIP. These features can be found under the Advanced heading in the Main Menu of the browser interface. What Does UPnP Support Do for Me? With the FVS318 Broadband ProSafe VPN Firewall , you can
  • Netgear FVS318NA | FVS318 Reference Manual - Page 56
    ProSafe VPN Firewall How to Enable UPnP 1. Log in to the Firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the Firewall. 2. Click the LAN IP Setup
  • Netgear FVS318NA | FVS318 Reference Manual - Page 57
    for the Model FVS318 Broadband ProSafe VPN Firewall Understanding LAN TCP/IP Setup Parameters The Firewall is shipped preconfigured to use private IP addresses on the LAN side, and to act as a DHCP server. The Firewall's default LAN IP configuration is: • LAN IP addresses-192.168.0.1 • Subnet mask
  • Netgear FVS318NA | FVS318 Reference Manual - Page 58
    configuration. Using the Router as a DHCP Server By default, the Firewall will function as a DHCP (Dynamic Host Configuration Protocol) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the router's LAN. The assigned default gateway address
  • Netgear FVS318NA | FVS318 Reference Manual - Page 59
    's IP address here. This allows your PCs to browse the network using the Network Neighborhood feature of Windows. How to Specify Reserved IP Addresses When you specify a reserved IP address for a PC on the LAN, that PC will always receive the same IP address each time it access the Firewall's DHCP
  • Netgear FVS318NA | FVS318 Reference Manual - Page 60
    for the Model FVS318 Broadband ProSafe VPN Firewall How to Configure LAN TCP/IP Settings 1. Log in to the Firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen
  • Netgear FVS318NA | FVS318 Reference Manual - Page 61
    your dynamic DNS service provider, log in to your account, and register your new IP address. 1. Log in to the Firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have
  • Netgear FVS318NA | FVS318 Reference Manual - Page 62
    your configuration. Note: The router supports only basic DDNS and the login and password may not be secure. If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. Using Static
  • Netgear FVS318NA | FVS318 Reference Manual - Page 63
    RIP is activated. How to Configure Static Routes 1. Log in to the Firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the Firewall. 2. From the Main Menu
  • Netgear FVS318NA | FVS318 Reference Manual - Page 64
    for the Model FVS318 Broadband ProSafe VPN Firewall a. Click the Edit button to open the Edit Gateway IP Address, which must be a router on the same LAN segment as the Firewall. h. Type a number between 1 and 15 as the Metric value. This represents the number of routers between your network and the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 65
    computer and a network. Figure 6-1: Secure access through FVS318 VPN routers The FVS318 supports these configurations: • Secure access between networks, such as a branch or home office and a main office. A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home
  • Netgear FVS318NA | FVS318 Reference Manual - Page 66
    for the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows a remote PC to connect to your network from any location on the Internet. In this case, the remote PC is one tunnel endpoint, running VPN client software. The FVS318 VPN Firewall router on your network is the other tunnel
  • Netgear FVS318NA | FVS318 Reference Manual - Page 67
    on other end, and vice versa. Configuring VPN Network Connection Parameters All VPN tunnels on the FVS318 VPN Firewall require configuring the same network parameters. This section describes those parameters and how to access them. Click the VPN Settings link of the Setup section of the main menu
  • Netgear FVS318NA | FVS318 Reference Manual - Page 68
    ProSafe VPN Firewall The FVS318 VPN tunnel network connection fields are defined in the following table. Table 6-1. VPN network connection configuration fields Field Description Connection Name The descriptive name of the VPN tunnel. Each tunnel should have a unique name. It is only used
  • Netgear FVS318NA | FVS318 Reference Manual - Page 69
    for the Model FVS318 Broadband ProSafe VPN Firewall Configuring a SA Using IKE Main Mode The most common configuration scenarios will use IKE to manage the authentication and encryption keys. The IKE protocol performs negotiations between the two VPN endpoints to automatically generate required
  • Netgear FVS318NA | FVS318 Reference Manual - Page 70
    . The default is 28800 seconds (eight hours). If you need to run Microsoft networking functions such as Network Neighborhood, click the NETBIOS Enable check box to allow NETBIOS traffic over the VPN tunnel. Configuring a SA Using IKE Aggressive Mode Click the VPN Settings link of the Setup section
  • Netgear FVS318NA | FVS318 Reference Manual - Page 71
    the connection will be reactivated. The default is 28800 seconds (eight hours). NETBIOS Enable If you need to run Microsoft networking functions such as Network Neighborhood, click the NETBIOS Enable check box. Configuring a SA Using Manual Key Management Click the VPN Settings link of the Setup
  • Netgear FVS318NA | FVS318 Reference Manual - Page 72
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-5: IKE - VPN Settings Manual Key Configuration Menu The Manual Keys configuration fields are defined in the following table. Table 6-1. VPN Manual Keys Configuration Fields Field Secure Association Incoming SPI Outgoing SPI Encryption
  • Netgear FVS318NA | FVS318 Reference Manual - Page 73
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall Table 6-1. VPN Manual Keys Configuration Fields Field Authentication Protocol Authentication Key Key Life IKE Life Time NETBIOS Enable Description Use this drop-down list to select the authentication protocol: • MD5 - the default
  • Netgear FVS318NA | FVS318 Reference Manual - Page 74
    fixed IP address or you must be using a dynamic DNS service for FQDN configurations. Otherwise, if one side has a dynamic IP address, the side with a dynamic IP address must always be the initiator of the connection. • Will you use the typical automated Internet Key Exchange (IKE) setup, or a Manual
  • Netgear FVS318NA | FVS318 Reference Manual - Page 75
    for the Model FVS318 Broadband ProSafe VPN Firewall How to Configure a Network to Network VPN Tunnel A VPN Tunnel B Figure 6-6: LAN to LAN VPN access through an FVS318 to an FVS318 Follow this procedure to configure a VPN tunnel between two FVS318 VPN Firewalls. The worksheet below shows the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 76
    Model FVS318 Broadband ProSafe VPN Firewall 1. Set up the two LANs to have different IP address ranges. Note: The LAN IP address ranges of each connected network must be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x. This procedure uses the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 77
    for the Model FVS318 Broadband ProSafe VPN Firewall d. Reboot all computers on network A and log back in to FVS318 A at the new address of http://192.168.3.1. The network configuration should now look like this: FVS318 A 24.0.0.1 VPN Tunnel FVS318 B 10.0.0.1 192.168.3.1 192.168.0.1 Figure
  • Netgear FVS318NA | FVS318 Reference Manual - Page 78
    menu Router Status link. If you find the WAN Port DHCP field says "DHCP Client" or "PPPOE," then it is a dynamic address. For a dynamic address, you would enter 0.0.0.0 in the configuration screen of the FVS318 on LAN A as the WAN IP Address for the FVS318 on LAN B. Alternatively, you could use the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 79
    the VPN Connection To check the VPN Connection, you can initiate a request from one network to the other. If one FVS318 has a dynamically assigned WAN IP address, you must initiate the request from that FVS318's network. The simplest method is to ping the LAN IP address of the other FVS318. a. Using
  • Netgear FVS318NA | FVS318 Reference Manual - Page 80
    PC is connected through a simple cable/DSL router, or if you wish to use different VPN client software, please refer to NETGEAR's web site for additional VPN applications information. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC to Local LAN (A) configuration 6-16 M-10146
  • Netgear FVS318NA | FVS318 Reference Manual - Page 81
    FQDN or Gateway IP (WAN IP Address) Network: LAN A LANAPCIPSEC 192.168.3.1 255.255.255.0 24.0.0.1 Computer: PC PCIPSEC 192.168.100.2 255.255.255.255 0.0.0.0 1. Configure the VPN Tunnel on the FVS318 on LAN A. To configure the Firewall, follow these steps: a. From the Setup Menu, click the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 82
    FVS318 Broadband ProSafe VPN Firewall Figure 6-13: VPN Edit menu for connecting with a VPN client b. Fill in the Connection Name VPN settings as illustrated. • Connection Name: VPNLANPC • Local IPSec Identifier: LANAPCIPSEC Note: This IPSec name must not be used in any other SA in this VPN network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 83
    Model FVS318 Broadband ProSafe VPN Firewall • Remote WAN IP Address: 0.0.0.0 since the remote PC has a dynamically assigned IP address. Alternatively, you could use the FQDN of the PC. Note: If one side has a dynamic IP address and you do not use FQDN, that side must always initiate the connection
  • Netgear FVS318NA | FVS318 Reference Manual - Page 84
    the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-14: Security Policy Editor New Connection b. Add a new connection • Run the SafeNet Security Policy Editor program and, using the "PC to Network IKE VPN Tunnel Settings Configuration Worksheet" on page 6-17, create a VPN Connection. • From
  • Netgear FVS318NA | FVS318 Reference Manual - Page 85
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall c. Configure the Security Policy in the SafeNet VPN Client Software. • In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the "+" symbol. My Identity and Security Policy
  • Netgear FVS318NA | FVS318 Reference Manual - Page 86
    , you will provide information about the remote VPN client PC. You will need to provide: - The Pre-Shared Key that you configured in the FVS318. - Either a fixed IP address or a "fixed virtual" IP address of the VPN client PC. • In the Network Security Policy list on the left side of the Security
  • Netgear FVS318NA | FVS318 Reference Manual - Page 87
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-17: Security Policy Editor My Identity • Choose None in the Select Certificate menu. • Select IP Address in the ID Type menu. If you are using a virtual fixed IP address, enter this address in the Internal Network IP Address
  • Netgear FVS318NA | FVS318 Reference Manual - Page 88
    Policy Editor window, select Save Changes. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router's LAN. 6-24 M-10146-01 Virtual Private Networking
  • Netgear FVS318NA | FVS318 Reference Manual - Page 89
    for the Model FVS318 Broadband ProSafe VPN Firewall 3. Check the VPN Connection. To check the VPN Connection, you can initiate a request from the remote PC to the FVS318's network by using the "Connect" option in the SafeNet menu bar. The SafeNet client will report the results of the attempt to
  • Netgear FVS318NA | FVS318 Reference Manual - Page 90
    for the Model FVS318 Broadband ProSafe VPN Firewall Monitoring the PC VPN Connection Using SafeNet Tools Information on the progress and status of the VPN client connection can be viewed by opening the SafeNet Connection Monitor or Log Viewer. To launch these functions, click on the Windows Start
  • Netgear FVS318NA | FVS318 Reference Manual - Page 91
    ProSafe VPN Firewall • The FVS318 has a public IP WAN address of 134.177.100.11 • The FVS318 has a LAN IP address of 192.168.0.1 • The VPN client PC has a dynamically assigned address of 12.236.5.184 • The VPN client PC is using a "virtual fixed" IP address of 192.168.100.100 While the connection
  • Netgear FVS318NA | FVS318 Reference Manual - Page 92
    the Model FVS318 Broadband ProSafe VPN Firewall How to Configure Manual Keys as an Alternative to IKE As an alternative to IKE, you may use Manual Keying, in which you must specify each phase of the connection. Follow the steps to configure Manual Keying. 1. When editing an entry in the VPN Settings
  • Netgear FVS318NA | FVS318 Reference Manual - Page 93
    for the Model FVS318 Broadband ProSafe VPN Firewall The SPI should be a string of hexadecimal [0-9,A-F] characters, and should not be used in any other Security Association. Note: For simplicity or troubleshooting, the Incoming and Outgoing SPI can be identical. 4. For Encryption Protocol, select
  • Netgear FVS318NA | FVS318 Reference Manual - Page 94
    for the Model FVS318 Broadband ProSafe VPN Firewall 8. Click the NETBIOS Enable check box to allow NETBIOS over the VPN tunnel. 9. Click Apply to update the SA in the VPN Settings table. How to Delete a Security Association To delete a security association: 1. Log in to the Firewall. 2. Click the
  • Netgear FVS318NA | FVS318 Reference Manual - Page 95
    the parameters used in the VPN configuration procedure. Table 6-3: Network to Network IKE VPN Tunnel Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: Pre-Shared Key: Secure Association -- Main Mode, Aggressive Mode, or Manual Keys: Perfect Forward Secrecy
  • Netgear FVS318NA | FVS318 Reference Manual - Page 96
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall Table 6-4: PC to Network IKE VPN Tunnel Settings Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: Pre-Shared Key: Secure Association -- Main Mode, Aggressive Mode, or Manual Keys: Perfect Forward
  • Netgear FVS318NA | FVS318 Reference Manual - Page 97
    This chapter describes how to perform network management tasks with your FVS318 Broadband ProSafe VPN Firewall . Network Management Information The FVS318 provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the Main Menu
  • Netgear FVS318NA | FVS318 Reference Manual - Page 98
    the IP address being used by the Internet (WAN) port of the firewall. If no address is shown, the firewall cannot connect to the Internet. If set to None, the firewall is configured to use a fixed IP address on the WAN. If set to Client, the firewall is configured to obtain an IP address dynamically
  • Netgear FVS318NA | FVS318 Reference Manual - Page 99
    utilization-percentage of current bandwidth used on this port. The average line utilization -average CLU for this port. The time elapsed since this port acquired link. The time elapsed since the last power cycle or reset. Specifies the intervals at which the statistics are updated in this window
  • Netgear FVS318NA | FVS318 Reference Manual - Page 100
    for the Model FVS318 Broadband ProSafe VPN Firewall Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select Attached Devices to
  • Netgear FVS318NA | FVS318 Reference Manual - Page 101
    for the Model FVS318 Broadband ProSafe VPN Firewall Viewing, Selecting, and Saving Logged Information The firewall will log security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites menu, the Logs
  • Netgear FVS318NA | FVS318 Reference Manual - Page 102
    the standard information listed above, you can choose to log additional information. Those optional selections are as follows: • All incoming and outgoing traffic • Attempted access to blocked site • Connections to the Web-based interface of this Router 7-6 Managing Your Network M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 103
    Model FVS318 Broadband ProSafe VPN Firewall • Router operation (start up, get time, etc.) • Known DoS attacks and Port Scans Saving Log Files on a Server You can choose to write the logs to a PC running a syslog program. To activate this feature, check the box under Syslog and enter the IP address
  • Netgear FVS318NA | FVS318 Reference Manual - Page 104
    for the Model FVS318 Broadband ProSafe VPN Firewall Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must e-mail notification on Check this box if you wish to receive e-mail logs and alerts from the firewall. 7-8 Managing Your Network M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 105
    Up the Configuration to a File 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. Managing Your Network 7-9 M-10146
  • Netgear FVS318NA | FVS318 Reference Manual - Page 106
    the Model FVS318 Broadband ProSafe VPN Firewall 2. network. How to Restore a Configuration from a File 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address
  • Netgear FVS318NA | FVS318 Reference Manual - Page 107
    factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the rear panel of the firewall. See "Restoring the Default Configuration and Password" on page 8-7. Running Diagnostic Utilities and Rebooting the Router The FVS318 VPN
  • Netgear FVS318NA | FVS318 Reference Manual - Page 108
    with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. 2. Select the Allow Remote Management check box. 3. Specify what external addresses will be allowed to access the firewall's remote management
  • Netgear FVS318NA | FVS318 Reference Manual - Page 109
    and you use port number 8080, enter in your browser: http://134.177.0.123:8080 How to Upgrade the Router's Firmware The software of the FVS318 VPN Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's website
  • Netgear FVS318NA | FVS318 Reference Manual - Page 110
    for the Model FVS318 Broadband ProSafe VPN Firewall 2. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. 3. From the Main
  • Netgear FVS318NA | FVS318 Reference Manual - Page 111
    information about troubleshooting your FVS318 Broadband ProSafe VPN Firewall . For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to "Basic Functions" on page 8-1. • I can't access the firewall's configuration with my
  • Netgear FVS318NA | FVS318 Reference Manual - Page 112
    Clear the firewall's configuration to factory defaults. This will set the firewall's IP address to 192.168.0.1. This procedure is explained in "Restoring the Default Configuration and Password" on page 8-7. If the error persists, you might have a hardware problem and should contact technical support
  • Netgear FVS318NA | FVS318 Reference Manual - Page 113
    are using the correct login information. The factory default login name is admin and the password is password. Make sure that CAPS LOCK is off when entering this information. If the firewall does not save changes you have made in the Web Configuration Interface, check the following: Troubleshooting
  • Netgear FVS318NA | FVS318 Reference Manual - Page 114
    an external site such as www.netgear.com 2. Access the Main Menu of the firewall's configuration at http://192.168.0.1 3. Under the Maintenance heading, select Router Status 4. Check that an IP address is shown for the WAN Port If 0.0.0.0 is shown, your firewall has not obtained an IP address from
  • Netgear FVS318NA | FVS318 Reference Manual - Page 115
    PC obtains its information from the firewall by DHCP, reboot the PC and verify the gateway address as described in "DHCP Configuration of TCP/IP in Windows 2000 " on page C-10. Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and routers contain a ping utility that
  • Netgear FVS318NA | FVS318 Reference Manual - Page 116
    and for the hub ports (if any) that are connected to your workstation and firewall. • Wrong network configuration - Verify that the Ethernet card driver software and TCP/IP software are both installed and configured on your PC or workstation. - Verify that the IP address for your firewall and your
  • Netgear FVS318NA | FVS318 Reference Manual - Page 117
    address is not known. To restore the factory default configuration settings without knowing the administration password or IP address, you must use the Default Reset button on the rear panel of the firewall. To restore the factory default configuration settings, follow these steps: Troubleshooting
  • Netgear FVS318NA | FVS318 Reference Manual - Page 118
    total). Reset Figure 8-1. Using Reset Button 4. Release the Default Reset button and wait for the firewall to reboot. Problems with Date and Time The E-Mail menu in the Content Filtering section displays the current date and time of day. The FVS318 VPN Firewall uses the Network Time Protocol
  • Netgear FVS318NA | FVS318 Reference Manual - Page 119
    Specifications The technical specifications for the FVS318 Broadband ProSafe VPN Firewall are presented in the following table. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz
  • Netgear FVS318NA | FVS318 Reference Manual - Page 120
    for the Model FVS318 Broadband ProSafe VPN Firewall Electromagnetic Emissions Meets requirements of: Interface Specifications Local: Internet: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx,
  • Netgear FVS318NA | FVS318 Reference Manual - Page 121
    with other routers in the network. Using this information, the router chooses the best path for forwarding network traffic. Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The FVS318 Broadband ProSafe VPN Firewall is
  • Netgear FVS318NA | FVS318 Reference Manual - Page 122
    Protocol One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. The FVS318 VPN Firewall supports both the older RIP-1 and
  • Netgear FVS318NA | FVS318 Reference Manual - Page 123
    for the Model FVS318 Broadband ProSafe VPN Firewall Class A Network Class B Node Network Class C Node Network Figure B-1: Three Main Address Classes Node 7261 The five address classes are: • Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use an eight-bit
  • Netgear FVS318NA | FVS318 Reference Manual - Page 124
    for the Model FVS318 Broadband ProSafe VPN Firewall This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. For each unique value of the network portion of the address, the base address of the range (host address of all zeros
  • Netgear FVS318NA | FVS318 Reference Manual - Page 125
    for the Model FVS318 Broadband ProSafe VPN Firewall Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node numbers translating
  • Netgear FVS318NA | FVS318 Reference Manual - Page 126
    for the Model FVS318 Broadband ProSafe VPN Firewall The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet bits. For example
  • Netgear FVS318NA | FVS318 Reference Manual - Page 127
    router or bridge recognizes which addresses are local and which are remote Private IP Addresses If your local network is isolated from the Internet (for example, when using NAT), you can assign any IP addresses to the hosts without problems. However, the IANA has reserved the following three blocks
  • Netgear FVS318NA | FVS318 Reference Manual - Page 128
    costly than a single-address account typically used by a single user with a modem, rather than a router. The FVS318 VPN Firewall employs an address-sharing method called Network Address Translation (NAT). This method allows several networked PCs to share an Internet account using only a single IP
  • Netgear FVS318NA | FVS318 Reference Manual - Page 129
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall MAC Addresses and Address Resolution Protocol An IP address alone cannot be used to deliver data from one LAN device to another. To send data between LAN devices, you must convert the IP address of the destination device to its media access
  • Netgear FVS318NA | FVS318 Reference Manual - Page 130
    an IP address, subnet mask, DNS server addresses, and a gateway address if the ISP provides this information by DHCP. Internet Security and Firewalls When your LAN connects to the Internet through a router, an opportunity is created for outsiders to access or disrupt your network. A NAT router
  • Netgear FVS318NA | FVS318 Reference Manual - Page 131
    for the Model FVS318 Broadband ProSafe VPN Firewall What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion
  • Netgear FVS318NA | FVS318 Reference Manual - Page 132
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall the patch panel (if used) 295 ft. (90 connecting hardware must meet the requirements for 100 Mbps operation (Category 5). Only 0.5 inch (1.5 cm) of untwist in the wire pair is allowed at any termination point. A twisted pair Ethernet network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 133
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemented internally as part of the circuitry in
  • Netgear FVS318NA | FVS318 Reference Manual - Page 134
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure B-6: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat "silver satin" telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned
  • Netgear FVS318NA | FVS318 Reference Manual - Page 135
    FVS318 VPN Firewall incorporates Auto UplinkTM technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g. connecting to a router, switch
  • Netgear FVS318NA | FVS318 Reference Manual - Page 136
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall B-16 M-10146-01 Networks, Routing, and Firewall Basics
  • Netgear FVS318NA | FVS318 Reference Manual - Page 137
    the FVS318 Broadband ProSafe VPN Firewall and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions provided
  • Netgear FVS318NA | FVS318 Reference Manual - Page 138
    FVS318 Broadband ProSafe VPN Firewall • All versions of UNIX or Linux include TCP/IP components. Follow the instructions provided with your operating system or networking software to install TCP/IP on your computer. In your IP network, each PC and the firewall must be assigned a unique IP addresses
  • Netgear FVS318NA | FVS318 Reference Manual - Page 139
    FVS318 Broadband ProSafe VPN Firewall You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks
  • Netgear FVS318NA | FVS318 Reference Manual - Page 140
    for the Model FVS318 Broadband ProSafe VPN Firewall If you need Client for Microsoft Networks: a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. 3. Restart your PC for the changes to take effect. Enabling
  • Netgear FVS318NA | FVS318 Reference Manual - Page 141
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Verify the following settings as shown: - Client for Microsoft Network exists - Ethernet adapter is present - TCP/IP is present - Primary Network Logon is set to Windows logon • Click on the Properties button. The following TCP/IP
  • Netgear FVS318NA | FVS318 Reference Manual - Page 142
    for the Model FVS318 Broadband ProSafe VPN Firewall • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is required to enable
  • Netgear FVS318NA | FVS318 Reference Manual - Page 143
    are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: • The IP address is between 192.168.0.2 and 192.168.0.254 • The subnet mask is 255.255.255.0 • The default gateway is 192.168.0.1 Configuring Windows NT4, 2000 or XP for IP Networking As part
  • Netgear FVS318NA | FVS318 Reference Manual - Page 144
    the Model FVS318 Broadband ProSafe VPN Firewall DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process
  • Netgear FVS318NA | FVS318 Reference Manual - Page 145
    for the Model FVS318 Broadband ProSafe VPN Firewall • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. Administrator logon access rights are needed to use this window. • Click the Properties
  • Netgear FVS318NA | FVS318 Reference Manual - Page 146
    2000 Once again, after you have installed the network card, TCP/IP for Windows 2000 is configured. TCP/IP should be added by default and set to DHCP without your having to configure it. However, if there are problems, follow these steps to configure TCP/IP with DHCP for Windows 2000. C-10 M-10146
  • Netgear FVS318NA | FVS318 Reference Manual - Page 147
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. • The Local Area Connection Properties
  • Netgear FVS318NA | FVS318 Reference Manual - Page 148
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • With Internet Protocol (TCP/IP) selected, click on Properties button to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that - Obtain an IP address automatically is selected. - Obtain DNS server address
  • Netgear FVS318NA | FVS318 Reference Manual - Page 149
    for the Model FVS318 Broadband ProSafe VPN Firewall DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. • Choose Settings from
  • Netgear FVS318NA | FVS318 Reference Manual - Page 150
    for the Model FVS318 Broadband ProSafe VPN Firewall • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server
  • Netgear FVS318NA | FVS318 Reference Manual - Page 151
    you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: • The IP address is between 192.168.0.2 and 192.168.0.254 • The subnet mask is 255.255.255.0 • The default gateway is 192.168.0.1 4. Type exit Configuring the Macintosh for TCP/IP Networking
  • Netgear FVS318NA | FVS318 Reference Manual - Page 152
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The TCP/IP Control Panel opens: 2. From the "Connect via" box, select your Macintosh's Ethernet interface. 3. From the "Configure" box, select Using DHCP Server. You can leave the DHCP Client ID box empty. 4. Close the TCP/IP
  • Netgear FVS318NA | FVS318 Reference Manual - Page 153
    TCP/IP configuration by returning to the TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP Address is between
  • Netgear FVS318NA | FVS318 Reference Manual - Page 154
    a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer. Your firewall does not support a USB-connected broadband modem. For a single-user Internet account, your ISP supplies TCP/IP configuration information for one computer. With a typical
  • Netgear FVS318NA | FVS318 Reference Manual - Page 155
    PC so that you can use this information when you configure the FVS318 VPN Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information. To get the information you need to configure the firewall for Internet access: 1. On the Windows taskbar
  • Netgear FVS318NA | FVS318 Reference Manual - Page 156
    so that you can use this information when you configure the FVS318 VPN Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information. To get the information you need to configure the firewall for Internet access: 1. From the Apple menu
  • Netgear FVS318NA | FVS318 Reference Manual - Page 157
    the router and wait until the TEST LED turns off. 5. Restart the PCs. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your FVS318 VPN Firewall, you are ready to access and configure the firewall. Preparing Your Network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 158
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall C-22 M-10146-01 Preparing Your Network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 159
    , the shortcomings of each limits connectivity. The cost of connecting home users is also very expensive compared to Internet-access technologies, such as DSL or cable. Because of this, organizations are moving their networks to the Internet, which is inexpensive, and using IPSec to create these
  • Netgear FVS318NA | FVS318 Reference Manual - Page 160
    -chain management, development partnerships, and subscription services. These undertakings can be difficult using legacy network technologies due to connection costs, time delays, and access availability. IPSec-based VPNs are ideal for extranet connections. IPSec-capable devices can be quickly and
  • Netgear FVS318NA | FVS318 Reference Manual - Page 161
    the Model FVS318 Broadband ProSafe VPN Firewall • Encapsulating uses produce a unique and unforgeable identifier for each packet, which is a data equivalent of a fingerprint. This fingerprint allows Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP
  • Netgear FVS318NA | FVS318 Reference Manual - Page 162
    for the Model FVS318 Broadband ProSafe VPN Firewall The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does
  • Netgear FVS318NA | FVS318 Reference Manual - Page 163
    for the Model FVS318 Broadband ProSafe VPN Firewall Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection, while
  • Netgear FVS318NA | FVS318 Reference Manual - Page 164
    Model FVS318 Broadband ProSafe VPN Firewall Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sender and receiver of a message can access it. IPSec
  • Netgear FVS318NA | FVS318 Reference Manual - Page 165
    that you will be using addresses specific to the devices that you are attempting to connect via IPSec VPN. 10.5.6.0/24 VPNC Example Network Interface Addressing 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A 14.15.16.17 WAN IP 22.23.24.25 WAN IP Gateway B LAN IP 172.23.9.1 Figure D-4: VPNC
  • Netgear FVS318NA | FVS318 Reference Manual - Page 166
    gateways to understand how to open specific protocols, ports, and addresses that you intend to allow. Setting Up a VPN Tunnel Between Gateways A SA, frequently called a tunnel, is the set of information that allows two entities (networks, PCs, routers, firewalls, gateways) to "trust each other" and
  • Netgear FVS318NA | FVS318 Reference Manual - Page 167
    every computer connected to the gateways. Each gateway must negotiate its Security Association with another gateway using the configure your gateways using manual key exchange, which involves manually configuring each paramter on both gateways. VPN Gateway IPSec Security Association IKE VPN
  • Netgear FVS318NA | FVS318 Reference Manual - Page 168
    for the Model FVS318 Broadband ProSafe VPN Firewall 2. IKE Phase I. a. The two parties negotiate the encryption and authentication algorithms to use in the IKE SAs. b. The two parties authenticate each other using a predetermined mechanism, such as preshared keys or digital certificates. c. A shared
  • Netgear FVS318NA | FVS318 Reference Manual - Page 169
    the VPN configuration steps you can use PCs, located behind each of the gateways, to ping various addresses on the LAN-side of the other gateway. You can troubleshoot connections using the VPN status and log details on the Netgear gateway to determine if IKE negotiation is working. Common problems
  • Netgear FVS318NA | FVS318 Reference Manual - Page 170
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • IP Security Domain of Interpretation for ISAKMP, November 1998. • [RFC 2474] K. Nichols, S. Blake, F. Baker, D. Black, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 -01 Virtual Private Networking
  • Netgear FVS318NA | FVS318 Reference Manual - Page 171
    2003 Model/Firmware Tested: NETGEAR-Gateway A FVS318 firmware version A1.4 or FVM318 firmware version 1.1 NETGEAR-Gateway B FVL328 with firmware version 1.4 Release 1A IP Addressing: NETGEAR-Gateway A Static IP address NETGEAR-Gateway B Static IP address NETGEAR VPN Configuration of FVS318 or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 172
    LAN IP 172.23.9.1 Figure E-1: Addressing and Subnets Used for Examples Note: Product updates are available on the NETGEAR web site at www.netgear.com/support/main.asp. Documentation updates are available on the NETGEAR, Inc. web site at www.netgear.com/docs. Step-By-Step Configuration of FVS318 or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 173
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure E-2: NETGEAR FVS318 vA1.4 VPN Settings (part 1) - Main Mode - In the Connection Name box, enter in a unique name for the VPN tunnel to be configured between the NETGEAR devices. For this example we have used toFVL328. - Enter a Local IPSec
  • Netgear FVS318NA | FVS318 Reference Manual - Page 174
    VPN tunnel, allowing functions such as Microsoft Network Neighborhood browsing. 3. Click Apply to save all changes. This will return you to the VPN Settings screen. 4. When the screen returns to the VPN Settings, make sure the Enable checkbox is selected. E-4 NETGEAR VPN Configuration of FVS318
  • Netgear FVS318NA | FVS318 Reference Manual - Page 175
    FVS318 Broadband ProSafe VPN Firewall Step-By-Step Configuration of FVL328 Gateway B 1. Log in to the NETGEAR FVL328 labeled Gateway B as in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its default user name of admin and default password
  • Netgear FVS318NA | FVS318 Reference Manual - Page 176
    Model FVS318 Broadband ProSafe VPN Firewall - From the Local Identity drop-down box, select WAN IP Address (WAN IP address will automatically be populated into the Local Identity Data field after policy is applied). - From the Remote Identity drop-down box, select Remote WAN IP (WAN IP address will
  • Netgear FVS318NA | FVS318 Reference Manual - Page 177
    box, select Group 2 (1024 Bit). - From the Traffic Selector Local IP drop-down box, select "Subnet addresses". - Type the starting LAN IP Address of Gateway B (172.23.9.1 in our example) in the Local IP Start IP Address field. NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328 E-7 M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 178
    the Model FVS318 Broadband ProSafe VPN Firewall - Type the LAN Subnet Mask of Gateway B (255.255.255.0 in our example) in the Local IP Subnet Mask field. Figure E-8: NETGEAR FVL328 VPN v1.4 - Auto Policy (part 2) - From the Traffic Selector Remote IP drop-down box, select "Subnet addresses". - Type
  • Netgear FVS318NA | FVS318 Reference Manual - Page 179
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Test the VPN Connection 1. From a PC behind the NETGEAR FVS318 or FVM318 gateway A attempt to ping the remote FVS318 gateway B LAN Interface address (example address 172.23.9.1). Note: You can run ping tests from Diagnostics link
  • Netgear FVS318NA | FVS318 Reference Manual - Page 180
    Broadband ProSafe VPN Firewall 13:19:02 - FVS318 IPSec:sizeof(connection)=1724 sizeof(state)=10048 sizeof(SA)=732 13:19:42 - FVS318 IPsec:call ipsecdoi_initiate 13:19:42 - FVS318 IPsec:New State index:0, sno:1 13:19:42 - FVS318 IPsec:Initiating Main Mode 13:19:42 - FVS318 IPsec:main_outI1() policy
  • Netgear FVS318NA | FVS318 Reference Manual - Page 181
    based) Date Tested: April 2003 Model/Firmware Tested: Gateway A NETGEAR FVS318 firmware v A1.4 or FVM318 firmware v 1.1 Gateway B Cisco IOS v 12.2 IP Addressing: Gateway A Static IP address Gateway B Static IP address NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS F-1 M-10146
  • Netgear FVS318NA | FVS318 Reference Manual - Page 182
    LAN IP 172.23.9.1 Figure F-1: Addressing and Subnet Used for Examples Note: Product updates are available on the NETGEAR web site at www.netgear.com/support/main.asp. Documentation updates are available on the NETGEAR, Inc. web site at www.netgear.com/docs. Step-By-Step Configuration of FVS318 or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 183
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure F-2: NETGEAR FVS318 vA1.4 VPN Settings (part 1) - Main Mode - In the Connection Name box, enter in a unique name for the VPN tunnel to be configured between the NETGEAR devices. For this example we have used "toCiscoIOS". - Enter a Local
  • Netgear FVS318NA | FVS318 Reference Manual - Page 184
    the VPN tunnel, allowing functions such as Microsoft Network Neighborhood browsing. 3. Click Apply to save all changes. This will return you to the VPN Settings screen. 4. When the screen returns to the VPN Settings, make sure the Enable checkbox is selected. F-4 NETGEAR VPN Configuration FVS318
  • Netgear FVS318NA | FVS318 Reference Manual - Page 185
    VPN. Please refer to your Cisco documentation or www.cisco.com for additional information. 1. Log in to the Cisco router. 2. Type enable, to enter enable mode. Enter your password. 3. Type config t to enter the configuration mode at the command prompt. 4. Create an extended access list. Type access
  • Netgear FVS318NA | FVS318 Reference Manual - Page 186
    transform-set netgearmap esp-3des esp-sha-hmac ! crypto map netgearmap 10 ipsec-isakmp description vpn tunnel to netgear firewall router set peer 14.15.16.17 set transform-set netgear set pfs group5 match address 115 ! ! ! ! F-6 NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 187
    INCLUDE PRIVATE NETWORK TO PRIVATE NETWORK IN VPN TUNNEL access-list 115 permit ip 172.23.9.1 0.0.0.15 10.5.60 0.0.0.255! route-map NONAT permit 10 match ip address 110! ! line con 0 line aux 0 line vty 0 4 password pctg5tcd3 login! no scheduler allocate end NETGEAR VPN Configuration FVS318 or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 188
    for the Model FVS318 Broadband ProSafe VPN Firewall Test the VPN Connection 1. From a PC behind the NETGEAR Gateway A attempt to ping the remote Cisco IOS Gateway B LAN Interface address (example address 172.23.9.1). Note: You can run ping tests from the Diagnostics link of the NETGEAR main menu or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 189
    for the Model FVS318 Broadband ProSafe VPN Firewall Thur, 04/24/2003 13:19:02 - FVS318 IPSec:sizeof(connection)=1724 sizeof(state)=10048 sizeof(SA)=732 Thur, 04/24/2003 13:19:42 - FVS318 IPsec:call ipsecdoi_initiate Thur, 04/24/2003 13:19:42 - FVS318 IPsec:New State index:0, sno:1 Thur, 04/24
  • Netgear FVS318NA | FVS318 Reference Manual - Page 190
    Thur, 04/24/2003 13:19:48 - FVS318 IPsec:inserting event EVENT_SA_REPLACE, timeout in 3540 seconds for #2 Thur, 04/24/2003 13:19:48 - FVS318 IPsec:STATE_QUICK_I2: sent QI2, IPsec SA established End of Log ---------- F-10 NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 191
    is a case study on how to configure a VPN tunnel from a NETGEAR FVS318 or FVM318 to a FVL328 using a Fully Qualified Domain Name (FQDN) to resolve the public address of one or both routers. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org
  • Netgear FVS318NA | FVS318 Reference Manual - Page 192
    Documentation updates are available on the NETGEAR, Inc. web site at www.netgear.com/docs. The Use of a Fully Qualified Domain Name (FQDN) Many ISPs (Internet Service Providers) provide connectivity to their customers using dynamic instead of static IP addressing. This means that a user's IP address
  • Netgear FVS318NA | FVS318 Reference Manual - Page 193
    the Dynamic DNS Menu. 3. Access the website of one of the dynamic DNS service providers whose names appear in the 'Use a dynamic DNS service' list, and register for an account. For example, for dyndns.org, click the link or go to www.dyndns.org. NETGEAR VPN Configuration FVS318 or FVM318 with FQDN
  • Netgear FVS318NA | FVS318 Reference Manual - Page 194
    router supports only basic DDNS and the login and password may not be secure. If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. G-4 NETGEAR VPN Configuration FVS318 or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 195
    we used 22.23.24.25 as the remote identifier. - Choose "a subnet of local addresses" from the" Tunnel can be accessed from" pull-down menu. - Type the starting LAN IP Address of Gateway A (10.5.6.1 in our example) in the Local IP Local LAN start IP Address field. NETGEAR VPN Configuration FVS318 or
  • Netgear FVS318NA | FVS318 Reference Manual - Page 196
    the VPN tunnel, allowing functions such as Microsoft Network Neighborhood browsing. 7. Click Apply to save all changes. This will return you to the VPN Settings screen. 8. When the screen returns to the VPN Settings, make sure the Enable checkbox is selected. G-6 NETGEAR VPN Configuration FVS318
  • Netgear FVS318NA | FVS318 Reference Manual - Page 197
    FVS318 Broadband ProSafe VPN Firewall Step-By-Step Configuration of FVL328 Gateway B 1. Log in to the NETGEAR FVL328 labeled Gateway B as in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its default user name of admin and default password
  • Netgear FVS318NA | FVS318 Reference Manual - Page 198
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure G-6: NETGEAR FVL328 v1.4 IKE Policy Configuration - Part 2 - From the Encryption Algorithm drop-down box, select 3DES. - From the Authentication Algorithm drop-down box, select MD5. - From the Authentication Method radio button, select
  • Netgear FVS318NA | FVS318 Reference Manual - Page 199
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure G-8: NETGEAR FVL328 VPN v1.4 - Auto Policy (part 1) - Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. In our example we have used to318 as the Policy Name. In the Policy Name field type
  • Netgear FVS318NA | FVS318 Reference Manual - Page 200
    Model FVS318 Broadband ProSafe VPN Firewall Figure G-9: NETGEAR FVL328 VPN v1.4 - Auto Policy (part 2) - From the Traffic Selector Remote IP drop-down box, select "Subnet addresses". - Type the starting LAN IP Address of Gateway A (10.5.6.1 in our example) in the Remote IP Start IP Address field
  • Netgear FVS318NA | FVS318 Reference Manual - Page 201
    for the Model FVS318 Broadband ProSafe VPN Firewall Figure G-10: NETGEAR FVL328 v1.4 VPN Policies Menu (Post Configuration) 6. When the screen returns to the VPN Policies, make sure the Enable checkbox is selected. Click the Apply button. NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to
  • Netgear FVS318NA | FVS318 Reference Manual - Page 202
    for the Model FVS318 Broadband ProSafe VPN Firewall Test the VPN Connection 1. From a PC behind the NETGEAR FVS318 or FVM318 gateway A attempt to ping the remote FVL328 gateway B LAN Interface address (example address 172.23.9.1). Note: You can run ping tests from NETGEAR main menu or from a DOS
  • Netgear FVS318NA | FVS318 Reference Manual - Page 203
    An ACL is a database that an Operating System uses to track each user's access rights to system objects (such as file directories and/or files). ACL See "Access Control List" on page 1. ADSL Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper
  • Netgear FVS318NA | FVS318 Reference Manual - Page 204
    page 1. Auto-negotiation A feature that allows twisted-pair ports to advertise their capabilities for speed, duplex and flow control. When connected to a port that also supports auto-negotiation, the link can automatically configure itself to the optimum setup. Auto Uplink Auto UplinkTM technology
  • Netgear FVS318NA | FVS318 Reference Manual - Page 205
    for the Model FVS318 Broadband ProSafe VPN Firewall Bandwidth The information capacity, measured in bits per second, that a channel could transmit. Bandwidth examples include 10 Mbps for Ethernet, 100 Mbps for Fast Ethernet, and 1000 Mbps (I Gbps) for Gigabit Ethernet. Baud The signaling rate of
  • Netgear FVS318NA | FVS318 Reference Manual - Page 206
    for the Model FVS318 Broadband ProSafe VPN Firewall D Denial of Service attack DoS. A hacker attack designed to prevent your computer or network from operating or communicating. DHCP See "Dynamic Host Configuration Protocol." on page 5. DMZ A Demilitarized Zone is used by a company that wants to
  • Netgear FVS318NA | FVS318 Reference Manual - Page 207
    , such as source address, destination address, or protocol. Filtering is used to determine whether traffic is to be forwarded, and can also prevent unauthorized access to a network or network devices. Forwarding When a frame is received on an input port on a switch, the address is checked against
  • Netgear FVS318NA | FVS318 Reference Manual - Page 208
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Full-duplex A system that allows packets to be transmitted and received at the same time and, in effect, doubles the potential throughput of a link. G Gateway A local device, usually a router, that connects hosts on a local network
  • Netgear FVS318NA | FVS318 Reference Manual - Page 209
    Manual for the Model FVS318 Broadband ProSafe VPN Firewall Internet Control Message Protocol ICMP is an extension to the Internet Protocol (IP) that supports packets containing error, control, and informational messages. The PING command, for example, uses ICMP to test an Internet connection
  • Netgear FVS318NA | FVS318 Reference Manual - Page 210
    for the Model FVS318 Broadband ProSafe VPN Firewall ISP Internet service provider. L LAN See "Local Area Network" on page 8. LDAP See "Lightweight Directory Access Protocol" on page 8. Lightweight Directory Access Protocol A set of protocols for accessing information directories. LDAP is based
  • Netgear FVS318NA | FVS318 Reference Manual - Page 211
    Model FVS318 Broadband ProSafe VPN Firewall Maximum Receive Unit The size in bytes of the largest packet that can be sent or received. Maximum Transmit Unit The size in bytes of the largest packet that can be sent or received. Mbps Megabits per second. MD5 MD5 creates digital signatures using a one
  • Netgear FVS318NA | FVS318 Reference Manual - Page 212
    for the Model FVS318 Broadband ProSafe VPN Firewall Network Basic Input Output System. An application programming interface (API) for sharing services and information on local-area networks (LANs). Provides for communication between stations of a network where each station is given a name. These
  • Netgear FVS318NA | FVS318 Reference Manual - Page 213
    Model FVS318 Broadband ProSafe VPN Firewall PKIX PKIX. The most widely used standard for defining digital certificates. Point-to-Point Protocol PPP. A protocol allowing a computer using TCP/IP to connect directly to the Internet. PPP A protocol allowing a computer using TCP/IP to connect directly
  • Netgear FVS318NA | FVS318 Reference Manual - Page 214
    . RFCs can be found at www.ietf.org. RIP See "Routing Information Protocol" on page 12. router A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses. Routing Information Protocol RIP is the routing protocol used by the routed process
  • Netgear FVS318NA | FVS318 Reference Manual - Page 215
    LAN that is connected to the rest of the network using a switch, bridge, or repeater. Subnet Mask Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router. Switch A device that interconnects
  • Netgear FVS318NA | FVS318 Reference Manual - Page 216
    for the Model FVS318 Broadband ProSafe VPN Firewall V VPN Virtual Private Network. A method for securely transporting data between two private networks by using a public network such as the Internet as a connection. W WAN See "Wide Area Network" on page 14. Web Also known as World-Wide Web (WWW
  • Netgear FVS318NA | FVS318 Reference Manual - Page 217
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Glossary 15 M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 218
    Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall 16 Glossary M-10146-01
  • Netgear FVS318NA | FVS318 Reference Manual - Page 219
    customer support 1-iii Index Index D date and time 8-8 Daylight Savings Time 4-11, 8-8 daylight savings time 4-11 Default DMZ Server 5-1 Denial of Service (DoS) protection 2-2, 4-3 denial of service attack B-11 DHCP 2-3, 5-8, B-10 DHCP Client ID C-16 DHCP Setup field, Ethernet Setup menu 7-2 DMZ
  • Netgear FVS318NA | FVS318 Reference Manual - Page 220
    , 6-19 L LAN IP Setup Menu 5-6, 5-10, 6-12 LEDs description 2-6 troubleshooting 8-2 log sending 7-8 Log Viewer 6-26 M MAC address 8-7, B-9 spoofing 3-11, 3-14, 8-5 Macintosh C-19 configuring for IP networking C-15 DHCP Client ID C-16 Obtaining ISP Configuration Information C-20 Manual Key Management
  • Netgear FVS318NA | FVS318 Reference Manual - Page 221
    B-6 Network Address Translation 2-3, B-8, C-18 Network Time Protocol 4-10, 8-8 NTP 4-10, 8-8 P package contents 2-5 password restoring 8-7 PC, using to configure C-21 Perfect Forward Secrecy 6-15, 6-19 ping 5-3 Port Forwarding 5-2 port forwarding behind NAT B-8 Port Forwarding Menu 5-3 port numbers
  • Netgear FVS318NA | FVS318 Reference Manual - Page 222
    , administrator login 4-2 time-stamping 4-11 Transport Mode D-5 troubleshooting 8-1 Trusted Host 4-5 Tunnel Mode D-5 typographical conventions 1-2 U Uplink switch B-14 UPnP 5-5 URL 4-4 USB C-18 V VPN 2-1, D-1 VPN Consortium D-6 VPN Process Overview D-7 VPN Settings Menus 6-2 VPN Tunnel Connection
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
M-10146-01
M-10146-01
June 2003
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Reference Manual for the
Model FVS318
Broadband
ProSafe VPN
Firewall