Netgear FVS328 FVS328 Reference Manual

Netgear FVS328 - ProSafe VPN Firewall Manual

Get Netgear FVS328 - ProSafe VPN Firewall PDF manuals and user guides
UPC - 606449026528
View all Netgear FVS328 manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVS328 manual content summary:

  • Netgear FVS328 | FVS328 Reference Manual - Page 1
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR 202-10031-01 May 2004 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 2
    NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. EN 55 022 Declaration of Conformance This is to certify that the FVS328 ProSafe VPN Firewall the notes in the operating instructions. The Federal Office for
  • Netgear FVS328 | FVS328 Reference Manual - Page 3
    areas. When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling. Technical Support Refer to the Support Information Card that shipped with your FVS328 ProSafe VPN Firewall with Dial Back-up. World Wide Web NETGEAR maintains a World
  • Netgear FVS328 | FVS328 Reference Manual - Page 4
    iv May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 5
    Formats 1-2 How to Use this Manual 1-3 How to Print this Manual 1-4 Chapter 2 Introduction About the FVS328 ...2-1 Key Features ...2-1 Full Routing on Both the Broadband and Serial Ports 2-1 Virtual Private Networking 2-2 A Powerful, True Firewall 2-2 Content Filtering ...2-3 Configurable Auto
  • Netgear FVS328 | FVS328 Reference Manual - Page 6
    Configure LAN TCP/IP Setup Settings 5-3 How to Configure Reserved IP Addresses 5-4 Configuring WAN Settings 5-4 Connecting Automatically, as Required 5-5 Setting Up a Default DMZ Server 5-5 How to Assign a Default DMZ Server 5-5 Responding to Ping on Internet WAN Port 5-6 ii Contents May
  • Netgear FVS328 | FVS328 Reference Manual - Page 7
    : Port Forwarding for VPN Tunnels when NAT is Off 6-10 Outbound Rules (Service Blocking or Port Filtering 6-11 Outbound Rule Example: Blocking Instant Messaging 6-12 Other Rules Considerations 6-12 Order of Precedence for Rules 6-12 Rules Menu Options 6-13 Setting Times and Scheduling Firewall
  • Netgear FVS328 | FVS328 Reference Manual - Page 8
    Utilities and Rebooting the Router 8-13 Upgrading the Router's Firmware 8-14 How to Upgrade the Router 8-15 Chapter 9 Troubleshooting Basic Functions ...9-1 Power LED Not On 9-2 Test LED Never Turns On or Test LED Stays On 9-2 Local or Internet Port Link LEDs Not On 9-3 Troubleshooting the Web
  • Netgear FVS328 | FVS328 Reference Manual - Page 9
    , and Firewall Basics Related Publications ...C-1 Basic Router Concepts C-1 What is a Router C-1 Routing Information Protocol C-2 IP Addresses and the Internet C-2 Netmask ...C-4 Subnet Addressing C-4 Private IP Addresses C-7 Single IP Address Operation Using NAT C-7 MAC Addresses and Address
  • Netgear FVS328 | FVS328 Reference Manual - Page 10
    Domain Name Server C-9 IP Configuration by DHCP C-10 Internet Security and Firewalls C-10 What is a Firewall C-11 Stateful Packet Inspection C-11 Denial of Service Attack C-11 Ethernet Cabling ...C-12 Uplink Switches and Crossover Cables C-12 Cable Quality ...C-13 Appendix D Preparing Your
  • Netgear FVS328 | FVS328 Reference Manual - Page 11
    Interface Addressing E-7 Firewalls ...E-8 Setting Up a VPN Tunnel Between Gateways E-8 VPNC IKE Security Parameters E-10 VPNC IKE Phase I Parameters E-10 VPNC IKE Phase II Parameters E-11 Testing and Troubleshooting E-11 Additional Reading ...E-11 Appendix F NETGEAR VPN Configuration FVS318 or
  • Netgear FVS328 | FVS328 Reference Manual - Page 12
    Gateway H-2 Step-By-Step Configuration of the Netgear VPN Client B H-7 Testing the VPN Connection H-14 From the Client PC to the FVS328 H-14 From the FVS328 to the Client PC H-15 Monitoring the PC VPN Connection H-15 Viewing the FVS328 VPN Status and Log Information H-16 Glossary Index viii
  • Netgear FVS328 | FVS328 Reference Manual - Page 13
    This chapter introduces the NETGEAR FVS328 ProSafe VPN Firewall with Dial Back-up manual. Audience This reference manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and VPN technology tutorial information is
  • Netgear FVS328 | FVS328 Reference Manual - Page 14
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Typographical Conventions This guide uses the following typographical conventions: Table 1-2. Typographical conventions italics bold times roman [Enter] Small Caps Emphasis. User input. Named keys in text are shown enclosed
  • Netgear FVS328 | FVS328 Reference Manual - Page 15
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual How to Use this Manual This manual includes both PDF and HTML versions. Use the topics below to identify how to take advantage of these document formats when you need to view or print information from this manual. 1 2 3
  • Netgear FVS328 | FVS328 Reference Manual - Page 16
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a "How To" Sequence of Steps in the HTML View. Use the Print button on the upper right side of
  • Netgear FVS328 | FVS328 Reference Manual - Page 17
    Private Networks (VPN). Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FVS328 uses Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection. The 8-port FVS328 provides highly reliable Internet access for
  • Netgear FVS328 | FVS328 Reference Manual - Page 18
    mode, or Manual Keying. • Support for Fully Qualified Domain Name (FQDN) configuration when the Dynamic DNS feature is enabled with one of the supported service providers. A Powerful, True Firewall Unlike simple Internet sharing NAT routers, the FVS328 is a true firewall, using stateful packet
  • Netgear FVS328 | FVS328 Reference Manual - Page 19
    Networks, Routing, and Firewall Basics" provides further information on TCP/IP. Supported protocols include: • The Ability to Enable or Disable IP Address Sharing by NAT The FVS328 allows several networked computers to share an Internet account using only a single IP address, which may be statically
  • Netgear FVS328 | FVS328 Reference Manual - Page 20
    ProSafe VPN Firewall with Dial Back-up Reference Manual • DNS Proxy When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached computers. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards
  • Netgear FVS328 | FVS328 Reference Manual - Page 21
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Diagnostic functions The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot. These functions allow you to test Internet connectivity and reboot the firewall. You can use these
  • Netgear FVS328 | FVS328 Reference Manual - Page 22
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual "ROADBAND 0RO3AFE
  • Netgear FVS328 | FVS328 Reference Manual - Page 23
    serial port for modem connection • Reset/Factory Default push button: push to reset; push and hold for 20 seconds to reset to factory default settings • Eight Local Ethernet RJ-45 ports for connecting the firewall to local computers • Internet WAN Ethernet RJ-45 port for connecting the firewall to
  • Netgear FVS328 | FVS328 Reference Manual - Page 24
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 2-8 Introduction May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 25
    on your Local Area Network (LAN) and connect to the Internet. You can perform basic configuration of your FVS328 ProSafe VPN Firewall with Dial Back-up using the Setup Wizard, or manually configure your Internet connection. What You Will Need Before You Begin You need to prepare these three
  • Netgear FVS328 | FVS328 Reference Manual - Page 26
    or more of these configuration parameters to connect your firewall to the Internet: • Host and Domain Names • ISP Login Name and Password • ISP Domain Name Server (DNS) Addresses • Fixed or Static IP Address Where Do I Get the Internet Configuration Parameters? There are several ways you can gather
  • Netgear FVS328 | FVS328 Reference Manual - Page 27
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Worksheet for Recording Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must
  • Netgear FVS328 | FVS328 Reference Manual - Page 28
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Connecting the FVS328 to Your LAN This section provides instructions for connecting the FVS328 ProSafe VPN Firewall with Dial Back-up to your Local Area Network (LAN). Note: The Resource CD included with your firewall contains an
  • Netgear FVS328 | FVS328 Reference Manual - Page 29
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Warning: Failure to restart your network in the correct sequence could prevent you from connecting to the Internet. a. First, turn on the broadband modem and wait 2 minutes. b. Now, turn on your firewall. c. Last, turn on your
  • Netgear FVS328 | FVS328 Reference Manual - Page 30
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 3. LOG IN TO THE FIREWALL a. From your PC, launch your Internet browser. b. Connect to the firewall by typing http://192.168.0.1 in the address field of Internet Explorer or Netscape® Navigator. c. For security reasons, the router
  • Netgear FVS328 | FVS328 Reference Manual - Page 31
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 4. RUN THE SMART WIZARD TO CONNECT TO THE INTERNET Figure 3-3: Setup Wizard a. You are now connected to the router. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu. b. Choose NAT
  • Netgear FVS328 | FVS328 Reference Manual - Page 32
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Connections that use dynamic IP address assignment. • Connections that use fixed IP address assignment. The procedures for filling in the configuration menu for each type of connection follow below. Configuring a Wizard-Detected Login
  • Netgear FVS328 | FVS328 Reference Manual - Page 33
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual If your ISP requires MAC authentication, then select either Use this Computer's MAC address to have the router use the MAC address of the computer you are now using, or Use This MAC Address to manually type in the MAC address that
  • Netgear FVS328 | FVS328 Reference Manual - Page 34
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 9, Troubleshooting. Configuring a Wizard-Detected Fixed IP (Static) Account If the Setup Wizard
  • Netgear FVS328 | FVS328 Reference Manual - Page 35
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual b. From the Setup Basic Settings menu, click Serial Port. Figure 3-4: Serial Internet Connection configuration menu c. Fill in the ISDN or analog ISP Internet configuration parameters as appropriate: • For a Dial-up Account, enter
  • Netgear FVS328 | FVS328 Reference Manual - Page 36
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: You can validate modem string settings by first connecting the modem directly to a PC, establishing a connection to your ISP, and then copying the modem string settings from the PC configuration and pasting them into the FVS328
  • Netgear FVS328 | FVS328 Reference Manual - Page 37
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Testing Your Internet Connection After completing the Internet connection configuration, your can test your Internet connection. Log in to the firewall, then, from the Setup Basic Settings link, click the Test button. If the NETGEAR
  • Netgear FVS328 | FVS328 Reference Manual - Page 38
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. ISP Does Not
  • Netgear FVS328 | FVS328 Reference Manual - Page 39
    : Disabling NAT will reboot the router and reset all the FVS328 configuration settings to the factory default. Disable NAT only if you plan to install the FVS328 in a setting where you will be manually administering the IP address space on the LAN side of the router. 5. Internet IP Address: If your
  • Netgear FVS328 | FVS328 Reference Manual - Page 40
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 7. Router's MAC Address: This section determines the Ethernet MAC address that will be used by the firewall on the Internet port. Some ISPs will register the Ethernet MAC address of the network interface card in your PC when your
  • Netgear FVS328 | FVS328 Reference Manual - Page 41
    configure the other serial port options. For instructions on configuring the serial port as the primary Internet connection, please see "How to Configure the Serial Port for an Internet Connection" on page 3-10. The FVS328 provides these serial port configuration options: • Modem Use this option to
  • Netgear FVS328 | FVS328 Reference Manual - Page 42
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Configuring a Serial Port Modem You can configure a serial port modem Serial Port section. Figure 4-1: Serial Port Modem configuration menu 2. Select the Serial Line Speed. This is the maximum speed the modem will attempt to use.
  • Netgear FVS328 | FVS328 Reference Manual - Page 43
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual - If your modem is not on the list, select "User Defined" and enter the Modem Properties. If you are using the "User Defined" selection and configuring your own modem stings, fill in the Modem Properties settings. Note: You can
  • Netgear FVS328 | FVS328 Reference Manual - Page 44
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 4-2: Auto-Rollover configuration menu 3. Configure the Auto-Rollover settings. 4. Click Apply for the changes to take effect. Configuring Dial-in on the Serial Port Dial-in lets a single remote computer connect to the FVS328
  • Netgear FVS328 | FVS328 Reference Manual - Page 45
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Basic Requirements for Dial-in Dial-in requires these elements: 1. A broadband connection to the FVS328. 2. An analog phone line. 3. A serial modem properly configured and attached to the DB9 connector on the serial port. 4. The
  • Netgear FVS328 | FVS328 Reference Manual - Page 46
    auto-rollover Internet access. 4. The LAN-to-LAN settings configured and applied to the two FVS328 firewalls. How to Configure LAN-to-LAN Connections Follow the steps below to configure a serial port LAN-to-LAN connection. 1. Configure a serial port modem according to the instructions above. 2. From
  • Netgear FVS328 | FVS328 Reference Manual - Page 47
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 4-5: LAN-to-LAN configuration menu 3. Configure the LAN-to-LAN settings. Note: The LAN subnet address of each FVS328 must be different. 4. Click Apply for the changes to take effect. Serial Port Configuration 4-7 May
  • Netgear FVS328 | FVS328 Reference Manual - Page 48
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 4-8 Serial Port Configuration May 2004, 202-10031-01M-10207-01, Reference Manual v2
  • Netgear FVS328 | FVS328 Reference Manual - Page 49
    LAN Configuration This chapter describes how to configure the WAN and LAN settings of your FVS328 ProSafe VPN Firewall with Dial Back-up. Configuring LAN IP Settings The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and RIP. These features can be found under the Advanced
  • Netgear FVS328 | FVS328 Reference Manual - Page 50
    then open a new connection to the new IP address and log in again. Using the Router as a DHCP Server By default, the firewall will function as a DHCP (Dynamic Host Configuration Protocol) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the
  • Netgear FVS328 | FVS328 Reference Manual - Page 51
    DNS address in the Basic Settings menu How to Configure LAN TCP/IP Setup Settings 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password and LAN address you have chosen for the firewall
  • Netgear FVS328 | FVS328 Reference Manual - Page 52
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 3. Enter the LAN TCP/IP and DHCP parameters. 4. Click Apply to save your changes. How to Configure Reserved IP Addresses When you specify a reserved IP address for a PC on the LAN, that PC will always receive the same IP address
  • Netgear FVS328 | FVS328 Reference Manual - Page 53
    PC's IP address is entered as the default DMZ server. Note: For security, you should avoid using the default DMZ server feature. When a computer is designated as the default DMZ server, it loses much of the protection of the firewall, and is exposed to many exploits from the Internet. If compromised
  • Netgear FVS328 | FVS328 Reference Manual - Page 54
    to register your domain to their IP address, and will forward traffic directed to your domain to your frequently-changing IP address. The firewall contains a client that can connect to a dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with
  • Netgear FVS328 | FVS328 Reference Manual - Page 55
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual How to Configure Dynamic DNS 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password and LAN address you have chosen
  • Netgear FVS328 | FVS328 Reference Manual - Page 56
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual When you first configured your firewall, two implicit static routes were created. A default route was created with your ISP as the gateway, and a second static route was created to your local network for all 192.168.0.x addresses.
  • Netgear FVS328 | FVS328 Reference Manual - Page 57
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual a. Click the Edit button to open the the Gateway IP Address, which must be a router on the same LAN segment as the firewall. h. Type a number between 1 and 15 as the Metric value. This represents the number of routers between your
  • Netgear FVS328 | FVS328 Reference Manual - Page 58
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5-10 May 2004, 202-10031-01 WAN and LAN Configuration
  • Netgear FVS328 | FVS328 Reference Manual - Page 59
    Network This chapter describes how to use the basic firewall features of the FVS328 ProSafe VPN Firewall with Dial Back-up to protect your network. Protecting Access to Your FVS328 Firewall For security reasons, the firewall has its own user name and password. Also, after a period of inactivity for
  • Netgear FVS328 | FVS328 Reference Manual - Page 60
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 6-1: Set Password menu 3. To change the password, first enter the old password, then enter the new password twice. 4. Click Apply to save your changes. Note: After changing the password, you will be required to log in again
  • Netgear FVS328 | FVS328 Reference Manual - Page 61
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Using the Block Sites Menu to Screen Content The FVS328 allows you to restrict access based on the following categories: • Use of a proxy server • Type of file (Java, ActiveX, Cookie) • Web addresses • Web address keywords These
  • Netgear FVS328 | FVS328 Reference Manual - Page 62
    Trusted User will be identified by an IP address, you should configure that computer with a fixed or reserved IP address. Services and Rules Regulate Inbound and Outbound Traffic The FVS328 ProSafe VPN Firewall with Dial Back-up firewall lets you regulate what ports are available to the various TCP
  • Netgear FVS328 | FVS328 Reference Manual - Page 63
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Defining a Service Services are functions performed by server computers at the request of client computers. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about
  • Netgear FVS328 | FVS328 Reference Manual - Page 64
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Using Inbound/Outbound Rules to Block or Allow Services Firewall rules are used to block or allow specific traffic passing through from one side of the firewall to the other. Inbound rules (WAN to LAN) restrict access by outsiders
  • Netgear FVS328 | FVS328 Reference Manual - Page 65
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual You can define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. You
  • Netgear FVS328 | FVS328 Reference Manual - Page 66
    Services and Rules to regulate how the TCP/IP protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on your firewall. Inbound Rules (Port Forwarding) Because the FVS328 uses Network Address Translation (NAT), your network presents only one IP address
  • Netgear FVS328 | FVS328 Reference Manual - Page 67
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Example: Port Forwarding to a Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web
  • Netgear FVS328 | FVS328 Reference Manual - Page 68
    is Off If you want to allow incoming VPN IPSec tunnels to be initiated from outside IP addresses anywhere on the Internet when NAT is off, first create a service and then an inbound rule. Figure 6-6: Service example: port forwarding for VPN when NAT is Off In the example shown in Figure 6-6, UDP
  • Netgear FVS328 | FVS328 Reference Manual - Page 69
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 6-7: Inbound rule example: VPN IPSec when NAT is off In the example shown in Figure 6-7, VPN IPSec connections are allowed any internal LAN IP address. Outbound Rules (Service Blocking or Port Filtering) The FVS328 allows
  • Netgear FVS328 | FVS328 Reference Manual - Page 70
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Outbound Rule Example: Blocking Instant Messaging If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any
  • Netgear FVS328 | FVS328 Reference Manual - Page 71
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Rules Menu Options Use the Options checkboxes to enable the following: • Enable VPN Passthrough (IPSec, PPTP, L2TP) If LAN users need to use VPN (Virtual Private Networking) software on their computer, and connect to remote sites
  • Netgear FVS328 | FVS328 Reference Manual - Page 72
    ProSafe VPN Firewall with Dial Back-up Reference Manual How to Set Your Time Zone In order to localize the time for your log entries, you must specify your Time Zone: 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password
  • Netgear FVS328 | FVS328 Reference Manual - Page 73
    Services menu or Port forwarding in the Ports menu, you can set up a schedule for when blocking occurs or when access isn't restricted. 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever
  • Netgear FVS328 | FVS328 Reference Manual - Page 74
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 6-16 May 2004, 202-10031-01 Protecting Your Network
  • Netgear FVS328 | FVS328 Reference Manual - Page 75
    FVS328 strictly conforms to Internet Engineering Task Force (IETF) standards, it is interoperable with devices from major network equipment vendors. Telecommuter with client software VPN Firewall VPN tunnels encrypt data VPN Firewall Figure 7-1: Secure access through FVS328 VPN routers Using
  • Netgear FVS328 | FVS328 Reference Manual - Page 76
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • IKE Policies: Define the authentication scheme and automatically generate the encryption keys. As an alternative option, to further automate the process, you can create an Internet Key Exchange (IKE) policy which uses a trusted
  • Netgear FVS328 | FVS328 Reference Manual - Page 77
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual IKE Policies' Automatic Key and Authentication Management Click the IKE Policies link from the VPN section of the main menu, and then click the Add button of the IKE Policies screen to display the IKE Policy Configuration menu
  • Netgear FVS328 | FVS328 Reference Manual - Page 78
    faster but less secure. These parameters apply to the Local FVS328 firewall. Use this field to identify the local FVS328. You can choose one of the following four options from the drop-down list: • By its Internet (WAN) port IP address. • By its Fully Qualified Domain Name (FQDN) - your domain name
  • Netgear FVS328 | FVS328 Reference Manual - Page 79
    ProSafe VPN Firewall with Dial Back-up Reference Manual Table 7-1. IKE Policy Configuration Fields Field Description Remote Identity Type Use this field to identify the remote FVS328. You can choose one of the following four options from the drop-down list: • By its Internet (WAN) port IP
  • Netgear FVS328 | FVS328 Reference Manual - Page 80
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual VPN Policy Configuration for Auto Key Negotiation An already defined IKE policy is required for VPN - Auto Policy configuration. From the VPN Policies section of the main menu, you can navigate to the VPN - Auto Policy
  • Netgear FVS328 | FVS328 Reference Manual - Page 81
    policy BEFORE creating a VPN - Auto policy. Remote VPN Endpoint The address used to locate the remote VPN firewall or client to which you want to connect. The remote VPN endpoint must have this FVS328's Local Identity Data entered as its "Remote VPN Endpoint": • By its IP Address. • By its Fully
  • Netgear FVS328 | FVS328 Reference Manual - Page 82
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Table 7-1. VPN Auto Policy Configuration Fields Field Description Local IP The drop-down menu allows you to configure the source IP address of the outbound network traffic for which this VPN policy will provide security.
  • Netgear FVS328 | FVS328 Reference Manual - Page 83
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Table 7-1. VPN Auto Policy Configuration Fields Field Authentication Algorithm Description If you enable AH, then use this menu to select which authentication algorithm will be employed. The choices are: MD5 - the default, or
  • Netgear FVS328 | FVS328 Reference Manual - Page 84
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 7-4: VPN - Manual Policy Menu 7-10 May 2004, 202-10031-01 Virtual Private Networking
  • Netgear FVS328 | FVS328 Reference Manual - Page 85
    is used to help you identify VPN policies. Remote VPN Endpoint The WAN Internet IP address or Fully Qualified Domain Name of the remote VPN firewall or client to which you want to connect. The remote VPN endpoint must have this FVS328's WAN Internet IP address entered as its "Remote VPN Endpoint
  • Netgear FVS328 | FVS328 Reference Manual - Page 86
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Table 7-1. VPN Manual Policy Configuration Fields Field Description Authenticating Header (AH) Configuration AH specifies the authentication protocol for the VPN header. These settings must match the remote VPN endpoint. Note
  • Netgear FVS328 | FVS328 Reference Manual - Page 87
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Table 7-1. VPN Manual Policy Configuration Fields Field Description SPI - Outgoing Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the remote VPN be forwarded over the VPN tunnel. The NetBIOS protocol is used by
  • Netgear FVS328 | FVS328 Reference Manual - Page 88
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Using Digital Certificates for IKE Auto-Policy Authentication Digital certificates are character strings generated using by the Internet Policy Registration Authority (IPRA). The FVS328 is able to use certificates to authenticate
  • Netgear FVS328 | FVS328 Reference Manual - Page 89
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual How to Use the VPN Wizard to Configure a VPN Tunnel Note: If you have turned NAT off, before configuring VPN IPSec tunnels you must first open UDP port 500 for inbound traffic as explained in "Example: Port Forwarding for VPN
  • Netgear FVS328 | FVS328 Reference Manual - Page 90
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 7-6: Connection Name and Remote IP Type 3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next. Figure 7-7: Remote IP 4. Identify the IP addresses at the target endpoint which can use
  • Netgear FVS328 | FVS328 Reference Manual - Page 91
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The Summary screen below displays. Figure 7-9: VPN Wizard Summary To view the VPNC recommended authentication and encryption Phase 1 and Phase 2 settings the VPN Wizard used, click the "here" link. 5. Click Done to complete the
  • Netgear FVS328 | FVS328 Reference Manual - Page 92
    or FVM318 to FVS328 for a detailed procedure for configuring VPN communications between a NETGEAR FVS318 and a FVS328. NETGEAR publishes additional interoperability scenarios with various gateway and client software products. Look on the NETGEAR Web site at www.netgear.com/support/main.asp for
  • Netgear FVS328 | FVS328 Reference Manual - Page 93
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet) interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used for testing IPsec but is not needed for
  • Netgear FVS328 | FVS328 Reference Manual - Page 94
    firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever Password and LAN address you have chosen for the firewall. 2. Configure the WAN (Internet) and LAN IP addresses of the FVS328. a. From the main menu Setup
  • Netgear FVS328 | FVS328 Reference Manual - Page 95
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual b. Select whether enable or disable NAT (Network Address Translation). NAT allows all LAN computers to gain Internet access via this Router, by sharing this Router's WAN IP address. In most situations, NAT is essential for Internet
  • Netgear FVS328 | FVS328 Reference Manual - Page 96
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: After you click Apply to change the LAN IP address settings, your workstation will be disconnected from the FVS328. You will have to log on with http://10.5.6.1 which is now the address you use to connect to the built-in Web-
  • Netgear FVS328 | FVS328 Reference Manual - Page 97
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 4. Set up the FVS328 VPN -Auto Policy illustrated below. a. From the main menu VPN section, click the VPN Policies link, and then click the Add Auto Policy button. Figure 7-14: Scenario 1 VPN - Auto Policy b. Configure the IKE
  • Netgear FVS328 | FVS328 Reference Manual - Page 98
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5. After applying these changes, you will see a table entry like the one below. Figure 7-15: VPN Policies table Now all traffic from the range of LAN IP addresses specified on FVS328 A and FVS328 B will flow over a secure VPN
  • Netgear FVS328 | FVS328 Reference Manual - Page 99
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 2. To test connectivity between the FVS328 Gateway A and Gateway B WAN ports, follow these steps: a. Using our example, log in to the FVS328 the correct Time Zone is set on the FVS328. For instructions on this topic, please see, "How to
  • Netgear FVS328 | FVS328 Reference Manual - Page 100
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: The procedure for obtaining certificates 2. Install the trusted CA certificate for the Trusted Root CA. a. Log in to the FVS328. b. From the main menu VPN section, click the CAs link. c. Click Add to add a CA. d. Click Browse
  • Netgear FVS328 | FVS328 Reference Manual - Page 101
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual b. Click the Generate Request button to the desired option: 512, 1024, or 2048. • Optional - IP Address. If you have a fixed IP address on your WAN (Internet) port, you can enter it here. Otherwise, you should leave this blank
  • Netgear FVS328 | FVS328 Reference Manual - Page 102
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual d. Click the Next button to continue. The FVS328 generates a Self Certificate button. You will return to the Certificates screen where your pending "FVS328" Self Certificate Request will be listed, as illustrated in Figure 7-
  • Netgear FVS328 | FVS328 Reference Manual - Page 103
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 7-19: Self Certificate Requests table a text file called final.txt. 6. Upload the new certificate. a. From the main menu VPN section, click the Certificates link. b. Click the radio button of the Self Certificate Request you
  • Netgear FVS328 | FVS328 Reference Manual - Page 104
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual f. You will now see the "FVS328" entry in the Active Self Certificates table and the pending "FVS328 except now use the RSA Signature instead of the shared key. Figure 7-21: IKE policy using RSA Signature b. Create a new VPN Auto Policy
  • Netgear FVS328 | FVS328 Reference Manual - Page 105
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Now, the traffic from devices within the range of the LAN subnet addresses on FVS328 Gateway A and Gateway B will be authenticated using the certificates and generated keys rather than via a shared key. 8. Set up Certificate
  • Netgear FVS328 | FVS328 Reference Manual - Page 106
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 7-32 May 2004, 202-10031-01 Virtual Private Networking
  • Netgear FVS328 | FVS328 Reference Manual - Page 107
    to Configure Remote Management Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your FVS328 Firewall. Note: Be sure to change the router's default password to a very secure password. The ideal password should contain no
  • Netgear FVS328 | FVS328 Reference Manual - Page 108
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual c. To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access. 5. Specify the Port Number that will be used for accessing the management interface. Web browser
  • Netgear FVS328 | FVS328 Reference Manual - Page 109
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Viewing Router Status and Usage Statistics From the Main Menu, under Maintenance, select Router Status to view the screen in Figure 8-1. Figure 8-1: Router Status screen The Router Status menu provides a limited amount of status
  • Netgear FVS328 | FVS328 Reference Manual - Page 110
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual This screen shows the following parameters: Table 8-1. Menu 3.2 - Router Status Fields Field System Name Firmware Version LAN Port MAC Address IP Address IP Subnet Mask DHCP WAN Port MAC Address IP Address DHCP IP Subnet Mask
  • Netgear FVS328 | FVS328 Reference Manual - Page 111
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Click the "Show Statistics" button to display firewall usage statistics, as shown in Figure 8-2 below: Figure 8-2. Router Statistics screen This screen shows the following statistics: Table 8-2. Router Statistics Fields Field
  • Netgear FVS328 | FVS328 Reference Manual - Page 112
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select
  • Netgear FVS328 | FVS328 Reference Manual - Page 113
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Viewing, Selecting, and Saving Logged Information The firewall logs security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites menu
  • Netgear FVS328 | FVS328 Reference Manual - Page 114
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Log entries are described below: Table 8-5: Security Log entry descriptions Field Date and Time Description or Action Source IP Source port and interface Destination Destination port and interface Description The date and time
  • Netgear FVS328 | FVS328 Reference Manual - Page 115
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Changing the Include in Log Settings You can choose to log additional information. Those optional selections are as follows: • Known DoS attacks and Port . To use this feature, check the box under Syslog and enter the IP address of the
  • Netgear FVS328 | FVS328 Reference Manual - Page 116
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual and alerts from the firewall. • Your outgoing mail server Enter the name or IP address of your ISP's outgoing address Enter the e-mail address to which logs and alerts will be sent. This e-mail address will also be used as the From address
  • Netgear FVS328 | FVS328 Reference Manual - Page 117
    to factory default settings. The procedures below explain how to do these tasks. How to Back Up the FVS328 Configuration to a File 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever password
  • Netgear FVS328 | FVS328 Reference Manual - Page 118
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 2. From the Maintenance heading firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever Password and LAN address you have chosen for the firewall
  • Netgear FVS328 | FVS328 Reference Manual - Page 119
    an erase, the firewall's password will be password, the LAN IP address will be 192.168.0.1, and the router's DHCP client will be enabled. Note: To restore the factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the rear
  • Netgear FVS328 | FVS328 Reference Manual - Page 120
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 8-9: Diagnostics menu Upgrading the Router's Firmware The software of the FVS328 Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR
  • Netgear FVS328 | FVS328 Reference Manual - Page 121
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual How to Upgrade the Router 1. Download and unzip the new software file from NETGEAR. 2. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using
  • Netgear FVS328 | FVS328 Reference Manual - Page 122
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 8-16 May 2004, 202-10031-01 Managing Your Network
  • Netgear FVS328 | FVS328 Reference Manual - Page 123
    the Internet. Go to "Troubleshooting the ISP Connection" on page 9-4. • I can't remember the firewall's configuration password, or I want to clear the configuration and start over again. Go to "Restoring the Default Configuration and Password" on page 9-7. • Is there a new version of the firmware
  • Netgear FVS328 | FVS328 Reference Manual - Page 124
    configuration to factory defaults. This will set the firewall's IP address to 192.168.0.1. This procedure is explained in "How to Use the Default Reset Button" on page 9-7. If the error persists, you might have a hardware problem and should contact technical support. 9-2 Troubleshooting May 2004
  • Netgear FVS328 | FVS328 Reference Manual - Page 125
    IP address, clear the firewall's configuration to factory defaults. This will set the firewall's IP address to 192.168.0.1. This procedure is explained in "How to Use the Default Reset Button" on page 9-7. • Make sure your browser has Java, JavaScript, or ActiveX enabled. If you are using Internet
  • Netgear FVS328 | FVS328 Reference Manual - Page 126
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Try quitting the browser and launching it again. • Make sure you are using the correct login information. The factory default login name is admin and the password is password. Make sure that CAPS LOCK is off when entering this
  • Netgear FVS328 | FVS328 Reference Manual - Page 127
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual If your firewall is still unable to obtain an IP address from the ISP, the problem may be one of the following: • Your ISP may require a login program. Ask your ISP whether they require PPP over Ethernet (PPPoE) or some other type
  • Netgear FVS328 | FVS328 Reference Manual - Page 128
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual How to Test the LAN Path to Your Firewall You can ping the firewall from your computer to verify that the LAN path to your firewall is set up correctly. To ping the firewall from a PC running Windows 95 or later: 1. From the
  • Netgear FVS328 | FVS328 Reference Manual - Page 129
    the administration password or IP address is not known. How to Use the Default Reset Button To restore the factory default configuration settings without knowing the administration password or IP address, you must use the Default Reset button on the rear panel of the firewall. Troubleshooting
  • Netgear FVS328 | FVS328 Reference Manual - Page 130
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 1. Press and hold the Default Reset button until the Test LED turns on (about 10 seconds). 2. Release the Default Reset button and wait for the firewall to reboot. Problems with Date and Time The E-mail menu in the Security section
  • Netgear FVS328 | FVS328 Reference Manual - Page 131
    Appendix A Technical Specifications This appendix provides technical specifications for the FVS328 ProSafe VPN Firewall with Dial Back-up. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America:
  • Netgear FVS328 | FVS328 Reference Manual - Page 132
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Electromagnetic Emissions Meets requirements of: Interface Specifications Local: Internet: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 A-2 Technical
  • Netgear FVS328 | FVS328 Reference Manual - Page 133
    prior to being forwarded and/or replied to. : Log's date and time : Event is that access the device or access other host via the device : Packet type pass Firewall : IP address in the packet : Port in the packet
  • Netgear FVS328 | FVS328 Reference Manual - Page 134
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The format is: [Fri, 2003-12-05 22:19:42] - UDP Packet - Source:172.31.12.233,138 ,WAN Destination:172.31.12.255,138 ,LAN [Drop] - [Inbound Default
  • Netgear FVS328 | FVS328 Reference Manual - Page 135
    = "VPN Packet" PKT_TYPE = "GRE", "AH", "ESP", "IP packet [Type Field: Num]", "IPSEC" ACTION = "Forward", "Drop" Router Operation Operations that the router initiates are logged. The format is: [Wed, 2003-07-30 16:30:59] - Log emailed [Wed, 2003-07-30 13:38:31] - NETGEAR activated
  • Netgear FVS328 | FVS328 Reference Manual - Page 136
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Other Connections and Traffic to this Router The format is: < PKT_TYPE > [Fri, 2003-12-05 22:31:27] - ICMP Packet[Echo Request] - Source: 192.168.0.10 Destination:
  • Netgear FVS328 | FVS328 Reference Manual - Page 137
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The format is:
  • Netgear FVS328 | FVS328 Reference Manual - Page 138
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Forward] Notes: EVENT = Attempt to access blocked sites SRC_INF = LAN or WAN DST_INF = WAN or LAN System Admin Sessions Administrator session logins and failed attempts are logged, as well as manual or idle-time logouts. B-6 Firewall
  • Netgear FVS328 | FVS328 Reference Manual - Page 139
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The format is: [Fri, 2003-12-05 21:07:43] - Administrator login successful - IP:192.168.0.10 [Fri, 2003-12-05 21:09:16] - Administrator
  • Netgear FVS328 | FVS328 Reference Manual - Page 140
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual B-8 Firewall Log Formats May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 141
    in the network. Using this information, the router chooses the best path for forwarding network traffic. Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. Networks, Routing, and Firewall Basics C-1 May 2004, 202
  • Netgear FVS328 | FVS328 Reference Manual - Page 142
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Routing Information Protocol One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes
  • Netgear FVS328 | FVS328 Reference Manual - Page 143
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Class A Network Class B Node Network Class C Node Network Figure 9-1: Three Main Address Classes Node The five address classes are: • Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use
  • Netgear FVS328 | FVS328 Reference Manual - Page 144
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. For each unique value of the network portion of the address, the base address of the range (host address
  • Netgear FVS328 | FVS328 Reference Manual - Page 145
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node
  • Netgear FVS328 | FVS328 Reference Manual - Page 146
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet
  • Netgear FVS328 | FVS328 Reference Manual - Page 147
    single user with a modem, rather than a router. The FVS328 Firewall employs an address-sharing method called Network Address Translation (NAT). This method allows several networked computers to share an Internet account using only a single IP address, which may be statically or dynamically assigned
  • Netgear FVS328 | FVS328 Reference Manual - Page 148
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The router accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. The internal LAN IP addresses can be either private addresses or registered addresses
  • Netgear FVS328 | FVS328 Reference Manual - Page 149
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual MAC Addresses and Address Resolution Protocol An IP address alone cannot be used to deliver data from one LAN device to another. To send data between LAN devices, you must convert the IP address of the destination device to its
  • Netgear FVS328 | FVS328 Reference Manual - Page 150
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual When a PC accesses a resource by its descriptive name, it first contacts a DNS server to obtain the IP address of the resource. The PC sends the desired message using the IP address. Many large organizations, such as ISPs, maintain
  • Netgear FVS328 | FVS328 Reference Manual - Page 151
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a
  • Netgear FVS328 | FVS328 Reference Manual - Page 152
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Ethernet Cabling Although Ethernet networks originally used thick or thin coaxial cable, most installations currently use connecting a PC to a PC, or a hub port to another hub port, the transmit pair must be exchanged with the receive
  • Netgear FVS328 | FVS328 Reference Manual - Page 153
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Cable Quality A twisted pair Ethernet network operating at 10 Mbits/second (10BASE-T) will often maximum cable length for both 10 and 100 Mbits/second networks. Networks, Routing, and Firewall Basics May 2004, 202-10031-01 C-13
  • Netgear FVS328 | FVS328 Reference Manual - Page 154
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual C-14 Networks, Routing, and Firewall Basics May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 155
    the FVS328 ProSafe VPN Firewall with Dial Back-up and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions
  • Netgear FVS328 | FVS328 Reference Manual - Page 156
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default
  • Netgear FVS328 | FVS328 Reference Manual - Page 157
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client
  • Netgear FVS328 | FVS328 Reference Manual - Page 158
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual If you need Client for Microsoft Networks: a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. 3. Restart your PC for the changes to take
  • Netgear FVS328 | FVS328 Reference Manual - Page 159
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5. Uncheck all boxes in the LAN Internet Configuration screen and click Next. 6. Proceed to the end of the Wizard. Verifying TCP/IP Properties After your PC is configured and has rebooted, you can check the TCP/IP configuration using
  • Netgear FVS328 | FVS328 Reference Manual - Page 160
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5. Verify that 'Client for Microsoft Networks' and 'Internet Protocol (TCP/IP)' are present. If not, select Install and add them. 6. Select 'Internet Protocol (TCP/IP)', click Properties, and verify that "Obtain an IP address
  • Netgear FVS328 | FVS328 Reference Manual - Page 161
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The TCP/IP Control Panel opens: 2. From the "Connect via" box, select your Macintosh's Ethernet interface. 3. From the "Configure" box, select Using DHCP Server. You can leave the DHCP Client ID box empty. 4. Close the TCP/IP
  • Netgear FVS328 | FVS328 Reference Manual - Page 162
    to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP Address is between 192.168.0.2 and 192.168.0.254 • The Subnet mask is 255.255.255.0 • The Router address is 192.168.0.1 If you do not see these values, you may
  • Netgear FVS328 | FVS328 Reference Manual - Page 163
    broadband modem. The method used by the firewall to accomplish this is called Network Address Translation (NAT) or IP masquerading. Are Login Protocols Used? Some ISPs require a special login protocol, in which you must enter a login name and password in order to access the Internet. If you normally
  • Netgear FVS328 | FVS328 Reference Manual - Page 164
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • An IP address and subnet mask • A gateway IP address, which is the address of the ISP's router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account's full server names may
  • Netgear FVS328 | FVS328 Reference Manual - Page 165
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual If an IP address appears under Installed Gateways, write down the address. This is the ISP's gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration tab. If any DNS
  • Netgear FVS328 | FVS328 Reference Manual - Page 166
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Restarting the Network Once you have set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After
  • Netgear FVS328 | FVS328 Reference Manual - Page 167
    's resistance to data tampering or theft. IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive. VPNs are traditionally used for: • Intranets: Intranets connect an organization's locations
  • Netgear FVS328 | FVS328 Reference Manual - Page 168
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization's modem pool is one
  • Netgear FVS328 | FVS328 Reference Manual - Page 169
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides authentication and integrity. • Internet Key Exchange (IKE): Provides key management and
  • Netgear FVS328 | FVS328 Reference Manual - Page 170
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The ESP header is inserted into the packet between the IP used together. In the following table, IP HDR represents the IP header and includes both source and destination IP addresses VPNs, as well as define SAs within the VPN to support
  • Netgear FVS328 | FVS328 Reference Manual - Page 171
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel
  • Netgear FVS328 | FVS328 Reference Manual - Page 172
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sender and receiver of a
  • Netgear FVS328 | FVS328 Reference Manual - Page 173
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the
  • Netgear FVS328 | FVS328 Reference Manual - Page 174
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Table 9-2. WAN (Internet/Public) and LAN (Internal/Private) Addressing Gateway Gateway A Gateway A Gateway B Gateway B LAN or WAN LAN (Private) WAN (Public) LAN (Private) WAN (Public) VPNC Example Address 10.5.6.1 14.15.16.17
  • Netgear FVS328 | FVS328 Reference Manual - Page 175
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual A B Figure E-5: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This communication is often referred
  • Netgear FVS328 | FVS328 Reference Manual - Page 176
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 2. IKE Phase I. a. The two parties negotiate the encryption and authentication algorithms to use in the IKE SAs. b. The two parties authenticate each other using a predetermined mechanism, such as preshared keys or digital
  • Netgear FVS328 | FVS328 Reference Manual - Page 177
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying • SA lifetime of 28800 seconds (one hour)
  • Netgear FVS328 | FVS328 Reference Manual - Page 178
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • [RFC 791] Internet Protocol DARPA Internet Program Protocol Internet IP Security Domain of Interpretation for ISAKMP, November 1998. • [RFC 2474] K. Nichols, S. Blake, F. Baker, D. Black, Definition of the Differentiated Services
  • Netgear FVS328 | FVS328 Reference Manual - Page 179
    Model/Firmware Tested: NETGEAR-Gateway A FVS318 firmware version A1.4 or 2.0; FVM318 firmware version 1.1 NETGEAR-Gateway B FVS328 with firmware version 1.0 Release 00 IP Addressing: NETGEAR-Gateway A Static IP address NETGEAR-Gateway B Static IP address NETGEAR VPN Configuration FVS318 or
  • Netgear FVS328 | FVS328 Reference Manual - Page 180
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 10.5.6.0/24 LAN IP 10.5.6.1 VPNC Example Network Interface Addressing 172.23.9.0/24 Gateway A 14.15.16.17 WAN IP 22.23.24.25 WAN IP Gateway B LAN IP 172.23.9.1 Figure F-1: Addressing and Subnet Used for Examples Step-By-
  • Netgear FVS328 | FVS328 Reference Manual - Page 181
    the finishing LAN IP Address of Gateway A (0.0.0.0 in our example) in the Local IP Local LAN finish IP Address field. - Type the LAN Subnet Mask of Gateway A (255.255.255.0 in our example) in the Local LAN IP Subnetmask field. NETGEAR VPN Configuration FVS318 or FVM318 to FVS328 F-3 May 2004, 202
  • Netgear FVS328 | FVS328 Reference Manual - Page 182
    field. - Type the WAN IP address (22.23.24.25 in our example) of Gateway B in the Remote WAN IP or FQDN field. Figure F-4: Figure 4 - NETGEAR FVS318 VPN Settings (part 2) - Main Mode - From the Secure Association drop-down box, select Main Mode. - Next to Perfect Forward Secrecy, select the Enabled
  • Netgear FVS328 | FVS328 Reference Manual - Page 183
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Step-By-Step Configuration of FVS328 Gateway B 1. Log in to the NETGEAR FVS328 labeled Gateway B as in the illustration. Out of the box, the FVS328 is set for its default LAN address of http://192.168.0.1 with its default user name
  • Netgear FVS328 | FVS328 Reference Manual - Page 184
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure F-6: NETGEAR FVS328 IKE Policy Configuration - Part 2 - From the Encryption Algorithm drop-down box, select 3DES. - From the Authentication Algorithm drop-down box, select MD5. - From the Authentication Method radio button,
  • Netgear FVS328 | FVS328 Reference Manual - Page 185
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure F-8: NETGEAR FVS328 VPN - Auto Policy (part 1) - Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. In our example we have used "to318" as the Policy Name. In the Policy Name
  • Netgear FVS328 | FVS328 Reference Manual - Page 186
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual - Type the LAN Subnet Mask of Gateway B (255.255.255.0 in our example) in the Local IP Subnet Mask field. Figure F-9: NETGEAR FVS328 VPN - Auto Policy (part 2) - From the Traffic Selector Remote IP drop-down box, select Subnet address
  • Netgear FVS328 | FVS328 Reference Manual - Page 187
    VPN Firewall with Dial Back-up Reference Manual Figure F-10: NETGEAR FVS328 VPN Policies Menu (Post Configuration) 6. When the screen returns to the VPN Policies, make sure the Enable check box is selected. Click the Apply button. Test the VPN Connection 1. From a PC behind the NETGEAR FVS318
  • Netgear FVS328 | FVS328 Reference Manual - Page 188
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual F-10 NETGEAR VPN Configuration FVS318 or FVM318 to FVS328 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 189
    Tested: NETGEAR-Gateway A FVS318 firmware version A1.4 or 2.0; FVM318 firmware version 1.1 NETGEAR-Gateway B FVS328 with firmware version 1.0 Release 00 IP Addressing: NETGEAR-Gateway A Fully Qualified Domain Name (FQDN) NETGEAR-Gateway B Static IP address NETGEAR VPN Configuration FVS318 or
  • Netgear FVS328 | FVS328 Reference Manual - Page 190
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 10.5.6.0/24 LAN IP 10.5.6.1 VPNC Example Network Interface Addressing 172.23.9.0/24 Gateway A WAN IP FQDN netgear.dydns.org WAN IP 22.23.24.25 Gateway B LAN IP 172.23.9.1 Figure G-1: Addressing and Subnet Used for
  • Netgear FVS328 | FVS328 Reference Manual - Page 191
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual DynDNS service. Gateway B will use the DDNS Service Provider when establishing a VPN tunnel. In order to establish VPN connectivity Gateway A must be configured to use Dynamic DNS, and Gateway B must be configured to use a DNS
  • Netgear FVS328 | FVS328 Reference Manual - Page 192
    Note: The router supports only basic DDNS and the login and password may not be secure. If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. 6. Click on the VPN Settings link
  • Netgear FVS328 | FVS328 Reference Manual - Page 193
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure G-4: NETGEAR FVS318 VPN Settings (part 1) - Main Mode - In the Connection Name box, enter in a unique name for the VPN tunnel to be configured between the NETGEAR devices. For this example we have used toFVS328. - Enter a
  • Netgear FVS328 | FVS328 Reference Manual - Page 194
    field. - Type the WAN IP address (22.23.24.25 in our example) of Gateway B in the Remote WAN IP or FQDN field. Figure G-5: Figure 4 - NETGEAR FVS318 VPN Settings (part 2) - Main Mode - From the Secure Association drop-down box, select Main Mode. - Next to Perfect Forward Secrecy, select the Enabled
  • Netgear FVS328 | FVS328 Reference Manual - Page 195
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Step-By-Step Configuration of FVS328 Gateway B 1. Log in to the NETGEAR FVS328, labeled Gateway B in the illustration. Out of the box, the FVS328 is set for its default LAN address of http://192.168.0.1 with its default user name
  • Netgear FVS328 | FVS328 Reference Manual - Page 196
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure G-7: NETGEAR FVS328 IKE Policy Configuration - Part 2 - From the Encryption Algorithm drop-down box, select 3DES. - From the Authentication Algorithm drop-down box, select MD5. - From the Authentication Method radio button,
  • Netgear FVS328 | FVS328 Reference Manual - Page 197
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure G-9: NETGEAR FVS328 VPN - Auto Policy (part 1) - Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. In our example we have used to318 as the Policy Name. In the Policy Name
  • Netgear FVS328 | FVS328 Reference Manual - Page 198
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure G-10: NETGEAR FVS328 VPN - Auto Policy (part 2) - From the Traffic Selector Remote IP drop-down box, select Subnet address. - Type the starting LAN IP Address of Gateway A (10.5.6.1 in our example) in the Remote IP Start IP
  • Netgear FVS328 | FVS328 Reference Manual - Page 199
    VPN Firewall with Dial Back-up Reference Manual Figure G-11: NETGEAR FVS328 VPN Policies Menu (Post Configuration) 6. When the screen returns to the VPN Policies, make sure the Enable check box is selected. Click the Apply button. Test the VPN Connection 1. From a PC behind the NETGEAR FVS318
  • Netgear FVS328 | FVS328 Reference Manual - Page 200
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual G-12 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 201
    /Key (not Certificate-based) Date Tested: December 2003 Model/Firmware Tested: Gateway NETGEAR FVS328 firmware v 1.0 Client NETGEAR ProSafe VPN Client v10.1 IP Addressing: Gateway Static IP Address Client Dynamic NETGEAR VPN Client to NETGEAR the FVS328 H-1 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 202
    LAN address of http://192.168.0.1 with its default user name of admin and default password of password. Even though the remainder of this document will refer to the FVS328, the login procedures and configuration menu screens are the same for the FVS328 and the FWAG114. H-2 NETGEAR VPN Client to
  • Netgear FVS328 | FVS328 Reference Manual - Page 203
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 2. Click IKE Policies under the VPN menu and click Add on the IKE Policies Menu. Figure H-2: NETGEAR FVS328 IKE Policy Configuration - Enter a descriptive name for the policy in the Policy Name field. This name is not supplied to
  • Netgear FVS328 | FVS328 Reference Manual - Page 204
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual - From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual WAN IP address of the FVS328 will also be used in the Connection ID Type fields of the VPN Client as seen in "Security Policy Editor New
  • Netgear FVS328 | FVS328 Reference Manual - Page 205
    ProSafe VPN Firewall with Dial Back-up Reference Manual 3. Click the VPN Policies link under the VPN category on the left side of the main menu. This will take you to the VPN Policies Menu page. Click Add Auto Policy. This will open a new screen titled VPN - Auto Policy. Figure H-3: NETGEAR FVS328
  • Netgear FVS328 | FVS328 Reference Manual - Page 206
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual - From the Remote VPN Endpoint Address Type drop-down box, select IP Address. - Type 0.0.0.0 as the Address Data of the client because we are assuming the remote PC will have a dynamically assigned IP address. This will also be
  • Netgear FVS328 | FVS328 Reference Manual - Page 207
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual - Select Enable Authentication in the ESP Configuration Enable Authentication check box. Note: Do not confuse this with the Authentication Protocol (AH) option. Using the AH option will prevent clients behind a home NAT router from
  • Netgear FVS328 | FVS328 Reference Manual - Page 208
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: Before installing the Netgear VPN Client software, be sure to turn off any virus protection or firewall software you may be running on your PC. • You may need to insert your Windows CD to complete the installation. • Reboot
  • Netgear FVS328 | FVS328 Reference Manual - Page 209
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: If the configuration settings on enter VPNclient. Also, accept the default Internal Network IP Address of 0.0.0.0. Figure H-7: My Identity Pre-Shared Key NETGEAR VPN Client to NETGEAR the FVS328 H-9 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 210
    Phase 1 Negotiation Mode menu, select Aggressive Mode. - Select the Enable Perfect Forward Secrecy (PFS) check box. - In the PFS Key Group drop-down list, Diffie-Hellman Group 2. - Select the Enable Replay Detection check box. H-10 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 211
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5. Configure the Connection Security Policy In this step, you will provide the Life, select Unspecified. - In the Key Group menu, select Diffie-Hellman Group 2. NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 H-11
  • Netgear FVS328 | FVS328 Reference Manual - Page 212
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure H-11: Connection Security Policy Key Exchange (Phase 2) b. Configure the Key Exchange ( Alg, select SHA-1. - In the Encapsulation menu, select Tunnel. H-12 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 213
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 6. Configure the Global Policy Settings. a. From and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router's LAN. Note
  • Netgear FVS328 | FVS328 Reference Manual - Page 214
    PC with the Netgear ProSafe VPN Client and that the firewall features of the FVS328 are not set in such a way as to prevent VPN communications. From the Client PC to the FVS328 To check the VPN Connection, you can initiate a request from the remote PC to the FVS328 by using the "Connect" option
  • Netgear FVS328 | FVS328 Reference Manual - Page 215
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual To test the connection to a computer connected to the FVS328, simply ping the IP address of that computer. Once connected, you can open a browser on the remote PC and enter the LAN IP Address of the FVS328, which is http://192.168
  • Netgear FVS328 | FVS328 Reference Manual - Page 216
    In this example the following connection options apply: • The FVS328 has a public IP WAN address of 66.120.188.153 • The FVS328 has a LAN IP address of 192.168.0.1 • The VPN client PC is behind a home NAT router and has a dynamically assigned address of 192.168.0.3 While the connection is being
  • Netgear FVS328 | FVS328 Reference Manual - Page 217
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The FVS328 VPN Status screen for a successful connection is shown below: Figure H-15: FVS328 VPN Status screen NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 H-17
  • Netgear FVS328 | FVS328 Reference Manual - Page 218
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual H-18 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 219
    100BASE-Tx 3DES 802.11b AH CA CRL Denial of Service attack DES Deffie Helman IEEE 802.3 specification for 10 , to encrypt their communications. As such, it is used by several protocols, including Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec). Glossary 1 May 2004, 202-10031
  • Netgear FVS328 | FVS328 Reference Manual - Page 220
    FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual DHCP DMZ DNS domain name Domain Name Server Dynamic Host Configuration Protocol ESP gateway IETF IKE IP See Dynamic Host Configuration Protocol. A Demilitarized Zone is used by a company that wants to host its own Internet services
  • Netgear FVS328 | FVS328 Reference Manual - Page 221
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual IP Address A four-position number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an organization formed for this purpose. Usually written in dotted-decimal notation with periods
  • Netgear FVS328 | FVS328 Reference Manual - Page 222
    ProSafe VPN Firewall with Dial Back-up Reference Manual NetBIOS netmask Network Address Translation PKIX packet PPP PPP over Ethernet PPTP PSTN Point-to-Point Protocol Public Key Infrastructure Network Basic Input Output System. An application programming interface (API) for sharing services
  • Netgear FVS328 | FVS328 Reference Manual - Page 223
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual RFC RIP router Routing Information Protocol subnet mask URL UTP VPN VPNC WAN wide area network Windows Internet Naming Service WINS Request For Comment. Refers to documents published by the Internet Engineering Task Force (IETF)
  • Netgear FVS328 | FVS328 Reference Manual - Page 224
    Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 6 Glossary May 2004, 202-10031-01
  • Netgear FVS328 | FVS328 Reference Manual - Page 225
    time 6-14 Default DMZ Server 5-5 default reset button 9-7 Denial of Service (DoS) protection 2-2 denial of service attack C-11 DHCP 2-3, 5-2, C-10 DHCP Client ID D-7 DHCP Setup field, Ethernet Setup menu 8-4 Disabling NAT 3-15 DMZ Server 5-5 DNS Proxy 2-4 DNS server 3-8, 3-9, 3-15, D-11 DNS, dynamic
  • Netgear FVS328 | FVS328 Reference Manual - Page 226
    E-9 IPSec Security Features E-2 ISP 3-1 L LAN IP Setup Menu 5-3 LEDs description 2-6 troubleshooting 9-3 log sending 8-10 Log Viewer H-15 M MAC address 9-7, C-9 spoofing 3-9, 3-16, 9-5 Macintosh D-10 configuring for IP networking D-6 DHCP Client ID D-7 Obtaining ISP Configuration Information D-11
  • Netgear FVS328 | FVS328 Reference Manual - Page 227
    6-11 P package contents 2-5 password restoring 9-7 PC, using to configure D-12 ping 5-6 PKIX 7-25 port filtering 6-11 port forwarding behind NAT C-8 port numbers 6-5 PPP over Ethernet 2-4, D-9 PPPoE 2-4, 3-8, D-9 PPTP 3-15 Primary DNS Server 3-8, 3-9, 3-10, 3-15 protocols Address Resolution C-9 DHCP
  • Netgear FVS328 | FVS328 Reference Manual - Page 228
    U Uplink switch C-12 USB D-9 V Virtual Private Networking 2-3 VPN E-1 VPN Consortium E-6 VPN Process Overview E-7 VPNC IKE Phase I Parameters E-10 VPNC IKE Phase II Parameters E-11 W Windows, configuring for IP routing D-2, D-5 winipcfg utility D-5 WinPOET D-9 World Wide Web 1-iii 4 Index
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
May 2004, 202-10031-01
202-10031-01
May 2004
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
Model FVS328 ProSafe
VPN Firewall with Dial
Back-up Reference
Manual