Netgear FVS336G-100NAS Reference Manual

Netgear FVS336G-100NAS Manual

Get Netgear FVS336G-100NAS PDF manuals and user guides View all Netgear FVS336G-100NAS manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVS336G-100NAS manual content summary:

  • Netgear FVS336G-100NAS | Reference Manual - Page 1
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA October 2007 202-10257-01 v1.0
  • Netgear FVS336G-100NAS | Reference Manual - Page 2
    NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR with the instructions, may cause testing to the following standards: EN55022 Class B, EN55024 and EN60950-1. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe
  • Netgear FVS336G-100NAS | Reference Manual - Page 3
    instructions. Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test or promote any products derived from this software without his specific prior written permission. This software is provided 'as is'
  • Netgear FVS336G-100NAS | Reference Manual - Page 4
    LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  • Netgear FVS336G-100NAS | Reference Manual - Page 5
    used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND : Language: Publication Part Number: Publication Version Number FVS336G October 2007 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN
  • Netgear FVS336G-100NAS | Reference Manual - Page 6
    vi 1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 7
    , Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 Advanced VPN Support for Both IPsec and SSL 1-2 A Powerful, True Firewall
  • Netgear FVS336G-100NAS | Reference Manual - Page 8
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Network Address Translation 2-13 Classical Routing 2-13 and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Precedence for Rules 4-7 Setting
  • Netgear FVS336G-100NAS | Reference Manual - Page 9
    Configuring the FVS336G 5-17 Configuring the VPN Client 5-18 Testing the Connection 5-19 Manually Assigning IP Addresses to Remote Users (ModeConfig 5-20 Mode Config Operation 5-20 Configuring the VPN Firewall 5-20 Configuring the ProSafe VPN Client for ModeConfig 5-24 Extended Authentication
  • Netgear FVS336G-100NAS | Reference Manual - Page 10
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding
  • Netgear FVS336G-100NAS | Reference Manual - Page 11
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade 8-14 Configuring Date and Time Service 8-16 Chapter 9 Monitoring System Performance Enabling the Traffic Meter 9-1 Activating Notification of Events and Alerts 9-4 Viewing
  • Netgear FVS336G-100NAS | Reference Manual - Page 12
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware
  • Netgear FVS336G-100NAS | Reference Manual - Page 13
    About This Manual The NETGEAR® ProSafe™ Dual WAN Gigabit Firewall with SSL & IPsec VPN Reference Manual describes how to install, configure and troubleshoot a ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. The information in this manual is intended for readers with intermediate computer
  • Netgear FVS336G-100NAS | Reference Manual - Page 14
    SSL & IPsec VPN FVS336G Reference Manual Danger: This is a safety warning. Failure to take heed of this notice may result in personal injury or death. • Scope. This manual is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe Dual WAN
  • Netgear FVS336G-100NAS | Reference Manual - Page 15
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com. - Printing a PDF
  • Netgear FVS336G-100NAS | Reference Manual - Page 16
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual xvi About This Manual v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 17
    area network (WAN) ports allow you to increase throughput to the Internet by using both ports together, or to maintain a backup connection in case of failure of your primary Internet connection. As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to safeguard
  • Netgear FVS336G-100NAS | Reference Manual - Page 18
    with SSL & IPsec VPN FVS336G Reference Manual • Advanced stateful packet inspection (SPI) firewall with multi-NAT support. • Easy, web-based setup for installation and management. • Front panel LEDs for easy monitoring of status and activity. • Flash memory for firmware upgrade. • Internal universal
  • Netgear FVS336G-100NAS | Reference Manual - Page 19
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, to provide client-free access with customizable user portals and support Internet locations or services that you specify
  • Netgear FVS336G-100NAS | Reference Manual - Page 20
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual the correct configuration. This feature eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection. Extensive Protocol Support Internet service
  • Netgear FVS336G-100NAS | Reference Manual - Page 21
    Support information card provided with your product. Package Contents The product package should contain the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe
  • Netgear FVS336G-100NAS | Reference Manual - Page 22
    FVS336G Reference Manual - ProSafe VPN Client Software - one user license. • Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR . Power is not supplied to the VPN firewall. Test mode: The system is initializing or the initialization has
  • Netgear FVS336G-100NAS | Reference Manual - Page 23
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. LED Descriptions (continued) Object LINK/ACT press and hold this button for about ten seconds until the front panel TEST light flashes to reset the VPN firewall to factory default settings. All configuration
  • Netgear FVS336G-100NAS | Reference Manual - Page 24
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. WAN Ethernet ports. Two independent N-way automatic speed negotiating, Auto MDI/MDIX, Gigabit configuring the VPN firewall, SSL VPN users should choose a browser that supports 1-8 Introduction v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 25
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of applications. Note that Java is only required for the SSL VPN
  • Netgear FVS336G-100NAS | Reference Manual - Page 26
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 1-10 v1.0, October 2007 Introduction
  • Netgear FVS336G-100NAS | Reference Manual - Page 27
    restart your network according to the instructions in the installation guide. See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for complete steps. A PDF of the Installation Guide is on the NETGEAR website at: http://kbserver.netgear.com. 2. Log in to the VPN
  • Netgear FVS336G-100NAS | Reference Manual - Page 28
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 4. Configure the WAN mode (required for be configured to obtain an IP address automatically from the VPN firewall by DHCP. For instructions on how to configure your computer for DHCP, refer to the link in Appendix B,
  • Netgear FVS336G-100NAS | Reference Manual - Page 29
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The Manager login features appear in the browser. Figure 2-1 3. In the User field, type admin 4. In the Password field, type password Note that both entries
  • Netgear FVS336G-100NAS | Reference Manual - Page 30
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The Web Configuration Manager appears, displaying the Router Status menu: Figure 2-2 Navigating the Menus The Web Configuration Manager menus are organized in a layered structure of
  • Netgear FVS336G-100NAS | Reference Manual - Page 31
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Main menu. The horizontal orange brings up either a popup window or an advanced option menu. Tip: In the instructions in this guide, we may refer to a menu using the notation primary | subcategory, such as Network
  • Netgear FVS336G-100NAS | Reference Manual - Page 32
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 2-3 2. Click Auto Detect at the bottom of the menu. Auto Detect will probe the WAN port for a range of connection methods and suggest one that your ISP appears to support. a. If Auto Detect is successful, a
  • Netgear FVS336G-100NAS | Reference Manual - Page 33
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual b. If Auto Detect senses a information, see "Configuring the WAN Mode (Required for Dual WAN)" on page 2-12 and "Troubleshooting the ISP Connection" on page 10-4). 3. To verify the connection, click the WAN Status
  • Netgear FVS336G-100NAS | Reference Manual - Page 34
    Mode (Required for Dual WAN)" on page 2-12. If one or both automatic WAN ISP configurations failed, you can attempt a manual configuration as described in the following section, or see "Troubleshooting the ISP Connection" on page 10-4. 2-8 Connecting the FVS336G to the Internet v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 35
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Manually Configuring the Internet Connection Unless your ISP automatically assigns your configuration automatically via DHCP, you will need to obtain configuration parameters from your ISP in order to manually establish
  • Netgear FVS336G-100NAS | Reference Manual - Page 36
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Select Other (PPPoE). Figure 2-8 b. Configure the following fields: • Account Name. Valid account PPTP server. 7. If your ISP is Telstra BigPond Cable: 2-10 Connecting the FVS336G to the Internet v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 37
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Select BigPond Cable. b. Configure the Login Server and Idle Timeout fields. The Login Server is the IP address of the local BigPond Login Server in your area. 8. Review the Internet (IP) Address options. Figure 2-9
  • Netgear FVS336G-100NAS | Reference Manual - Page 38
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 11. Review the Domain Name Server ( settings.) 13. Click Test to evaluate your entries. The VPN firewall will attempt to connect to the NETGEAR Web site. If a successful connection is made, NETGEAR's Web site appears.
  • Netgear FVS336G-100NAS | Reference Manual - Page 39
    FVS336G Reference Manual If you want to use a redundant ISP link for backup purposes, select the WAN port that will act as the primary link for this mode. Ensure that the backup WAN port has also been configured and that you configure the WAN Failure Detection Method to support to specific PCs
  • Netgear FVS336G-100NAS | Reference Manual - Page 40
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To learn the status of the WAN ports, act as the primary link for this mode and configure the WAN Failure Detection Method to support Auto-Rollover. When the VPN firewall is configured in Auto-Rollover Mode, it uses the
  • Netgear FVS336G-100NAS | Reference Manual - Page 41
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 2-11 2. In the Port Mode section, select DNS query or Ping is sent periodically after every test period. The default test period is 30 seconds. Connecting the FVS336G to the Internet v1.0, October 2007 2-15
  • Netgear FVS336G-100NAS | Reference Manual - Page 42
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual is 2 minutes (a 30-second minimum test period for a minimum of 4 tests). 7. Click Apply to save your settings of source IP address for secure connections. Some services, particularly HTTPS, will cease responding when a
  • Netgear FVS336G-100NAS | Reference Manual - Page 43
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Click view protocol bindings (if required). The WAN1 Protocol Bindings screen is displayed. Figure 2-12 Enter the following data in the Add Protocol Binding options: a. Service. From the pull-down menu, choose the
  • Netgear FVS336G-100NAS | Reference Manual - Page 44
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Address range. If this option is Configuration screen.) The VPN firewall firmware includes software that notifies dynamic DNS servers of changes in the WAN IP address, so that the services running on this network can
  • Netgear FVS336G-100NAS | Reference Manual - Page 45
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To configure Dynamic DNS: 1. Select Service you will use. The fields corresponding to the selection you have chosen will be activated. Each DDNS service provider requires its own parameters. Connecting the FVS336G
  • Netgear FVS336G-100NAS | Reference Manual - Page 46
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Access the Web site of one of the DDNS service providers and set up an account. Links to three DDNS providers are in the tab header. Figure 2-14 4. After registering for your account, return to
  • Netgear FVS336G-100NAS | Reference Manual - Page 47
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Click the Advanced link to the right of the select 10M. Use the half-duplex settings unless you are sure your broadband modem supports full duplex. c. Router's MAC Address. Each computer or router on your network has
  • Netgear FVS336G-100NAS | Reference Manual - Page 48
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and traffic meter for each WAN, if desired. See "Enabling the Traffic Meter" on page 9-1. 2-22 Connecting the FVS336G to the Internet v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 49
    the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL addresses specified in this menu. Each pool address is tested before it is assigned to avoid duplicate addresses on be the DHCP server, or if you will manually configure the network settings of all of your computers
  • Netgear FVS336G-100NAS | Reference Manual - Page 50
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual and 192.168.1.100, although of lease). Configuring the LAN Setup Options The LAN Setup menu allows configuration of LAN IP services such as DHCP and allows you to configure a secondary or "multi-home" LAN IP setup
  • Netgear FVS336G-100NAS | Reference Manual - Page 51
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 3-1: 2. In the LAN TCP/IP Setup section, configure the following settings: • IP Address. The LAN address of your VPN firewall (factory default: 192.168.1.1).
  • Netgear FVS336G-100NAS | Reference Manual - Page 52
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. In the DHCP section, select DHCP server will provide the ISP's DNS server IP addresses. The VPN firewall will still service DNS requests sent to its LAN IP address unless you disable DNS Proxy in the firewall
  • Netgear FVS336G-100NAS | Reference Manual - Page 53
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN restrictions to each Group using the Firewall Rules screen (see "Using Rules to Block or Allow Specific Kinds of Traffic" on page 4-2). - You can also select the Groups to be covered by
  • Netgear FVS336G-100NAS | Reference Manual - Page 54
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • A computer is identified by its MAC the PC or device. For computers that do not support the NetBIOS protocol, this will be listed as "Unknown" (you can edit the entry manually to add a meaningful name). If the computer
  • Netgear FVS336G-100NAS | Reference Manual - Page 55
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Action. Allows modification of the selected entry by clicking Edit. Adding Devices to the LAN Groups Database To add devices manually to the LAN Groups Database, follow these steps: 1. In the Add Known PCs and Devices
  • Netgear FVS336G-100NAS | Reference Manual - Page 56
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 3-3: 2. Select the radio button next to select must be outside of the DHCP Server pool. To reserve an IP address, manually enter the device in the LAN Groups tab, specifying Reserved (DHCP Client), as described
  • Netgear FVS336G-100NAS | Reference Manual - Page 57
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Multi Home LAN IP Addresses If you have computers on your LAN using different IP address ranges (for example, 172.16.2.0 or 10.0.0.0), you
  • Netgear FVS336G-100NAS | Reference Manual - Page 58
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Click Add. The new Secondary LAN IP address will appear in the Available Secondary LAN IPs table. Note: IP addresses on these secondary subnets cannot
  • Netgear FVS336G-100NAS | Reference Manual - Page 59
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Click Add. The Add Static Route tab is displayed. Figure 3-6: 3. Enter a route name for this static route in the Route Name field (for identification and
  • Netgear FVS336G-100NAS | Reference Manual - Page 60
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks (LANs).
  • Netgear FVS336G-100NAS | Reference Manual - Page 61
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Both. The VPN firewall classful routing that does not include subnet information. This is the most commonly supported version. • RIP-2. Supports subnet information. Both RIP-2B and RIP-2M send the routing data in
  • Netgear FVS336G-100NAS | Reference Manual - Page 62
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3-14 v1.0, October 2007 LAN Configuration
  • Netgear FVS336G-100NAS | Reference Manual - Page 63
    Specific Traffic" • "Enabling Source MAC Filtering" • "Port Triggering" • "E-Mail Notifications of Event Logs and Alerts" • "Administrator Tips" About Firewall Protection and Content Filtering The ProSafe can also block Internet access by applications and services, such as chat or games. A firewall
  • Netgear FVS336G-100NAS | Reference Manual - Page 64
    & IPsec VPN FVS336G Reference Manual intrusions. NAT performs a very limited stateful inspection in that it considers whether the incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far beyond NAT. Using Rules to Block or Allow Specific Kinds of Traffic
  • Netgear FVS336G-100NAS | Reference Manual - Page 65
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Outbound Rules (Service Blocking) The FVS336G allows you to block the use of certain Internet services by PCs on your network. This is called service a Schedule to Block or Allow Specific Traffic" on page 4-18). These
  • Netgear FVS336G-100NAS | Reference Manual - Page 66
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-1. Outbound Rules (continued) to the Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as
  • Netgear FVS336G-100NAS | Reference Manual - Page 67
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual rule (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-18). • This drop down menu determines which computer on your network is hosting this service rule. (You can also translate this address to
  • Netgear FVS336G-100NAS | Reference Manual - Page 68
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. Inbound Rules (continued) Item Description for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP
  • Netgear FVS336G-100NAS | Reference Manual - Page 69
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 4-1 Order of Precedence for For example, you should place the most strict rules at the top (those with the most specific services or addresses). The Up and Down buttons allow you to relocate a defined rule to a
  • Netgear FVS336G-100NAS | Reference Manual - Page 70
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default specific needs (see "Administrator Tips" on page 4-25). Note: This feature is for Advanced Administrators only! Incorrect configuration will cause serious problems. To create a new outbound service
  • Netgear FVS336G-100NAS | Reference Manual - Page 71
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Configure the parameters based on the descriptions in Table 4-1 on page 4-3. 3. Click Apply to save your changes and reset the fields on this screen. The new rule will be listed on the Outbound Services table.
  • Netgear FVS336G-100NAS | Reference Manual - Page 72
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Modifying Rules To make changes to an existing outbound or inbound service as a diagnostic tool. You shouldn't check this box unless you have a specific reason to do so. - Enable Stealth Mode. In stealth mode, the VPN
  • Netgear FVS336G-100NAS | Reference Manual - Page 73
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - Block UDP flood. A UDP flood is a form of denial of service attack that can be initiated when one machine sends a large number of UDP packets to random ports on a remote host. As a result, the distant host
  • Netgear FVS336G-100NAS | Reference Manual - Page 74
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 4-4 3. Select the Attack Checks you wish to initiate. 4. Click Apply to save your settings Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public
  • Netgear FVS336G-100NAS | Reference Manual - Page 75
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 4-5 LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside
  • Netgear FVS336G-100NAS | Reference Manual - Page 76
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 4-6 LAN WAN Inbound Rule: in Figure 4-7, we have configured multi-NAT to support multiple public IP addresses on one WAN interface. The inbound rule instructs the VPN firewall to host an additional public IP
  • Netgear FVS336G-100NAS | Reference Manual - Page 77
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Web server PC on the VPN firewall's LAN - LAN IP address: 192.168.1.11 - Port number for Web service: 8080 Figure 4-7 To test the connection from a PC on the WAN side, type http://10.1.0.5. The home page of the Web
  • Netgear FVS336G-100NAS | Reference Manual - Page 78
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Place the new rule below all other inbound rules. Note: For security, NETGEAR Instant Messenger during that blocked period. Adding Customized Services Services are functions performed by server computers at the request
  • Netgear FVS336G-100NAS | Reference Manual - Page 79
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To add a custom service: 1. Select Security > Services from the main menu. The Services screen is displayed.. Figure 4-8 2. In the Add Custom Services section, enter a descriptive name for the service (this name is for
  • Netgear FVS336G-100NAS | Reference Manual - Page 80
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • On the Services screen in the Custom Services Table for customized services (see Figure 4-8). • On the Add LAN WAN Outbound Services screen (see Figure 4-2). The QoS priority definition for a service determines the
  • Netgear FVS336G-100NAS | Reference Manual - Page 81
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 4-9 2. Select either All Days or Specific Days. If you chose Specific Days, select each day that the schedule will be in effect. 3. For the time of day, select either All Day or Specific by NETGEAR" message
  • Netgear FVS336G-100NAS | Reference Manual - Page 82
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Keyword Blocking (Domain Name Blocking). You can specify up to 32 words that, should they appear in the Web site name (URL) or in a newsgroup
  • Netgear FVS336G-100NAS | Reference Manual - Page 83
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 4-10 3. Select Yes to enable Content Filtering. 4. Click Apply to activate the menu controls. Firewall Protection and Content Filtering v1.0, October 2007 4-21
  • Netgear FVS336G-100NAS | Reference Manual - Page 84
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Select any Web Components you wish to table. Note: For additional ways of restricting outbound traffic, see "Outbound Rules (Service Blocking)" on page 4-3 To enable MAC filtering and add MAC addresses to be blocked
  • Netgear FVS336G-100NAS | Reference Manual - Page 85
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 4-11 2. Check Yes to enable Source MAC Filtering. 3. Enter your list of source MAC addresses to be blocked in the MAC Address field in
  • Netgear FVS336G-100NAS | Reference Manual - Page 86
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. The remote system receives the PC's request rather than a response. As such, it would be handled in accordance with the inbound service rules. Note these restrictions with Port Triggering: • Only one PC can use a port
  • Netgear FVS336G-100NAS | Reference Manual - Page 87
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual segments of your LAN; denied incoming and outgoing service requests; hacker probes and login attempts; and Although rules (see "Using Rules to Block or Allow Specific Kinds of Traffic" on page 4-2) are the basic way
  • Netgear FVS336G-100NAS | Reference Manual - Page 88
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Groups and hosts (see "Managing Groups and Hosts (LAN Groups)" on page 3-5) • Services (see "Services-Based Rules" on page 4-2) • Schedules (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-18) •
  • Netgear FVS336G-100NAS | Reference Manual - Page 89
    use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to provide Tunnel Policies" • "Creating a VPN Client Connection: VPN Client to FVS336G" • "Manually Assigning IP Addresses to Remote Users (ModeConfig)" • "Extended Authentication (
  • Netgear FVS336G-100NAS | Reference Manual - Page 90
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Refer to "Virtual Private Networks (VPNs)" on page C-10 for an overview of the IP addressing requirements for VPN in the two dual WAN modes.
  • Netgear FVS336G-100NAS | Reference Manual - Page 91
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 5-1 The use of fully qualified domain names is: • Mandatory when the WAN ports are in rollover mode (Figure 5-2 on page 5-4); also required for the
  • Netgear FVS336G-100NAS | Reference Manual - Page 92
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual For instructions on how to select and configure a dynamic DNS service for resolving your FQDNs, see "Configuring Dynamic DNS (Optional)" on page 2-18. FVS336G Functional Block Diagram - Auto-Rollover FVS336G guides
  • Netgear FVS336G-100NAS | Reference Manual - Page 93
    with SSL & IPsec VPN FVS336G Reference Manual Creating a VPN Tunnel to a Gateway You can configure multiple gateway VPN tunnel policies through the VPN Wizard. You can also set up multiple remote VPN client policies through the VPN Wizard. A remote client policy can support up to 200 clients. To
  • Netgear FVS336G-100NAS | Reference Manual - Page 94
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Create a Connection Name. Enter name is the Fully Qualified Domain Name (FQDN) as registered in a Dynamic DNS service. Both local and remote endpoints should be defined as either IP addresses or Internet Names
  • Netgear FVS336G-100NAS | Reference Manual - Page 95
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 5-5 You can also view the status of your IKE Policies by clicking the IKE Policies tab. The IKE Policies screen is displayed. Then view
  • Netgear FVS336G-100NAS | Reference Manual - Page 96
    VPN FVS336G Reference Manual Figure 5-6 Creating a VPN Tunnel Connection to a VPN Client You can set up multiple remote VPN Client policies through the VPN Wizard by changing the default End Point Information settings created for each policy by the wizard. A remote client policy can support up
  • Netgear FVS336G-100NAS | Reference Manual - Page 97
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 5-7 2. Select VPN Client as your VPN tunnel connection. The wizard name is the Fully Qualified Domain Name (FQDN); for example, vpn.netgear.com. Virtual Private Networking Using IPsec 5-9 v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 98
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 7. Enter the Local WAN IP Address or Internet name. Both local and remote ends should be defined as either IP addresses or Internet Names (FQDN). A
  • Netgear FVS336G-100NAS | Reference Manual - Page 99
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 5-9 You can also view the status of your IKE Policies by clicking the IKE Policies tab. The IKE Policies screen is displayed. Virtual Private Networking Using IPsec v1.0, October 2007 5-11
  • Netgear FVS336G-100NAS | Reference Manual - Page 100
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 5-10 To see the detailed settings of the IKE Policy, click the Edit button next to the policy. The Edit IKE Policy tab is displayed 5-12 Virtual Private Networking Using IPsec v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 101
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 5-11 Managing VPN Tunnel Policies After you use the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored
  • Netgear FVS336G-100NAS | Reference Manual - Page 102
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About IKE The IKE (Internet Key Exchange) specify which IKE Policy to use. 2. If the VPN Policy is a "Manual" policy, then the Manual Policy Parameters defined in the VPN policy are accessed and the first matching IKE
  • Netgear FVS336G-100NAS | Reference Manual - Page 103
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - Main Mode is slower but more secure. - and DH algorithm technologies, see Appendix B, "Related Documents" for a link to the NETGEAR website. VPN Policy You can create two types of VPN policies. When using the VPN
  • Netgear FVS336G-100NAS | Reference Manual - Page 104
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing VPN Policies The VPN Policies screen allows you to add additional policies-either Auto or Manual-and to manage the VPN policies already created. You can edit policies, enable or disable policies, or delete them
  • Netgear FVS336G-100NAS | Reference Manual - Page 105
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Tunnel Connection Status Recent VPN and tested using: • Netgear FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN • Netgear ProSafe VPN Client • NAT router: Netgear FR114P Configuring the FVS336G 1.
  • Netgear FVS336G-100NAS | Reference Manual - Page 106
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Select the VPN Client radio button for type the VPN Client From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy to connect to the FVS336G. To configure your VPN client: 1.
  • Netgear FVS336G-100NAS | Reference Manual - Page 107
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 7. In the left frame, click My Identity. 8. 12. In the upper left of the window, click the disk icon to save the policy. Testing the Connection 1. From your PC, right-click on the VPN client icon in your Windows toolbar
  • Netgear FVS336G-100NAS | Reference Manual - Page 108
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. For additional status and troubleshooting information, right-click on the VPN client icon Logs and Connection Status screens in the FVS336G. Manually Assigning IP Addresses to Remote Users (ModeConfig) To simply the
  • Netgear FVS336G-100NAS | Reference Manual - Page 109
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 1. Click VPN in the main menu. 2. Click IPsec VPN in the submenu. 3. Click the Mode Config tab. The Mode Config tab is displayed.. Figure 5-12 4.
  • Netgear FVS336G-100NAS | Reference Manual - Page 110
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN clients. Note: The IP Pool
  • Netgear FVS336G-100NAS | Reference Manual - Page 111
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Enter a descriptive name in the Policy Name Field such as "salesperson". This name will be used as part of the remote identifier in the VPN
  • Netgear FVS336G-100NAS | Reference Manual - Page 112
    Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in
  • Netgear FVS336G-100NAS | Reference Manual - Page 113
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Under Security Policy, Phase 1 Negotiation Mode 6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client. To test the connection: 1. Right-click on the VPN client icon in the Windows
  • Netgear FVS336G-100NAS | Reference Manual - Page 114
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • IPsec Host. If you want authentication by the remote gateway, enter a User Name and Password to be associated with this IKE policy. If this option
  • Netgear FVS336G-100NAS | Reference Manual - Page 115
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 4. In the Extended Authentication Account" on page 7-4. RADIUS Client Configuration RADIUS (Remote Authentication Dial In User Service, RFC 2865) is a protocol for managing Authentication, Authorization and Accounting (
  • Netgear FVS336G-100NAS | Reference Manual - Page 116
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual username/password or some encrypted response using his username/password information. The gateway will try and verify this information first against a local User Database (if
  • Netgear FVS336G-100NAS | Reference Manual - Page 117
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Primary Server NAS Identifier (Network Access Server). This Identifier MUST be present in a RADIUS request. Ensure that NAS Identifier is configured identically on both client and server. The FVS336G is acting as a NAS
  • Netgear FVS336G-100NAS | Reference Manual - Page 118
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5-30 Virtual Private Networking Using IPsec v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 119
    Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to the Portal Options The FVS336G's SSL VPN portal can provide two levels of SSL service to the remote user: • VPN Tunnel The FVS336G can provide the full
  • Netgear FVS336G-100NAS | Reference Manual - Page 120
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual several ways. For example, Port Forwarding: - Only supports TCP connections, not UDP or other IP protocols. remote user with one or both of these SSL service levels, depending on the configuration by the administrator.
  • Netgear FVS336G-100NAS | Reference Manual - Page 121
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual the list you have created. 6. For VPN tunnel service, configure the virtual network adapter. In the VPN provides an ideal way to communicate remote access instructions, support information, technical contact info, or VPN-
  • Netgear FVS336G-100NAS | Reference Manual - Page 122
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Portal Layouts are applied by selecting from available portal layouts in the configuration of a Domain. When you have completed your Portal Layout, you can apply
  • Netgear FVS336G-100NAS | Reference Manual - Page 123
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3. In the Portal Layout and Theme Name section of the menu, configure the following entries: a. Enter a descriptive name for the portal layout in the
  • Netgear FVS336G-100NAS | Reference Manual - Page 124
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual on login page checkbox to show the prevent clients browsers from caching SSL VPN portal pages and other web content. Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-
  • Netgear FVS336G-100NAS | Reference Manual - Page 125
    & IPsec VPN FVS336G Reference Manual The web cache cleaner will prompt the user to delete all temporary Internet files, cookies and browser history when the user logs out or closes the web browser window. The ActiveX web cache control will be ignored by web browsers that don't support ActiveX. 4. In
  • Netgear FVS336G-100NAS | Reference Manual - Page 126
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host machines (servers) and TCP applications available to remote users. To add servers, follow
  • Netgear FVS336G-100NAS | Reference Manual - Page 127
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 6-1. Port Forwarding Applications/TCP Port Numbers (continued) TCP Application Port Number HTTP (web) 80 POP3 (receive mail) 110 NTP (network time protocol) 123 Citrix 1494 Terminal Services 3389 VNC
  • Netgear FVS336G-100NAS | Reference Manual - Page 128
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Remote users can now securely access network applications once they have logged into the SSL VPN portal and launched Port Forwarding. Configuring the SSL VPN Client The SSL VPN Client within the FVS336G tunnel support
  • Netgear FVS336G-100NAS | Reference Manual - Page 129
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the Client IP Address Client tab. The SSL VPN Client screen will display.. Figure 6-5 2. Select Enable Full Tunnel Support unless you want split tunneling. 3. (Optional) Enter a DNS Suffix to be appended to
  • Netgear FVS336G-100NAS | Reference Manual - Page 130
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN tunnel clients are now able to connect to receive new addresses and routes. Replacing and Deleting Client Routes If the specifications of an existing route need to be changed, follow these steps: 1. Make a new
  • Netgear FVS336G-100NAS | Reference Manual - Page 131
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. If an existing route is no longer needed for any reason, you can delete it. Using Network Resource Objects to Simplify Policies Network resources are groups of IP addresses, IP address ranges, and services. By
  • Netgear FVS336G-100NAS | Reference Manual - Page 132
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. In the Service pull-down menu, select the type of service to which the resource will apply: either VPN Tunnel or Port Forwarding. 4. Click Add. The "Operation Successful" message appears at the top of the tab,
  • Netgear FVS336G-100NAS | Reference Manual - Page 133
    & IPsec VPN FVS336G Reference Manual Configuring User, Group, and Global Policies An administrator can define and apply user, group and global policies to predefined network resource objects, IP addresses, address ranges, or all IP addresses and to different SSL VPN services. A specific hierarchy is
  • Netgear FVS336G-100NAS | Reference Manual - Page 134
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An FTP server at ftp.company.com, the user would be granted access by Policy 3. A single host name is more specific than the IP address range configured in Policy 2. Note: The user would not be able to access ftp.
  • Netgear FVS336G-100NAS | Reference Manual - Page 135
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding a Policy To add a policy, follow In the Add SSL VPN Policies section, review the Apply Policy To options and click one. Depending upon your selection, specific options to the right are activated or inactivated
  • Netgear FVS336G-100NAS | Reference Manual - Page 136
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • If you choose Network Resource, choose IP Address, you'll need to enter a descriptive Policy Name, the specific IP Address, then choose the Service and relevant Permission from the pull-down menus. Figure 6-11 • If you
  • Netgear FVS336G-100NAS | Reference Manual - Page 137
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-12 • If you choose All Addresses, you'll need to enter a descriptive Policy Name, then choose the Service and relevant Permission from the pull-down menus. Figure 6-13 5. When you are finished making your
  • Netgear FVS336G-100NAS | Reference Manual - Page 138
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6-20 Virtual Private Networking Using SSL Connections v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 139
    Chapter 7 Managing Users, Authentication, and Certificates This chapter contains the following sections: • "Adding Authentication Domains, Groups, and Users" • "Managing Certificates" Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will
  • Netgear FVS336G-100NAS | Reference Manual - Page 140
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 7-1 2. Click Add. The Add Domain screen displays. Figure 7-2 3. Configure the following fields: a. Enter a descriptive name for the domain in the Domain Name field. b. Select
  • Netgear FVS336G-100NAS | Reference Manual - Page 141
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The required fields are activated in varying combinations according to your selection of Authentication Type: Authentication Type Local User Database Radius-PAP Radius-CHAP Radius-
  • Netgear FVS336G-100NAS | Reference Manual - Page 142
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 7-3 2. Configure the new group settings in the Add New Group section of the menu: a. Name. Enter a descriptive name for the group. b. Domain. Select the
  • Netgear FVS336G-100NAS | Reference Manual - Page 143
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 7-4 2. Click Add. The Add User tab screen is displayed. Figure 7-5 3. Configure the following fields: a. User Name. Enter a unique identifier, using any alphanumeric characters. b. User
  • Netgear FVS336G-100NAS | Reference Manual - Page 144
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual d. Password/Confirm Password. The password can contain alphanumeric characters, dash, and underscore. e. Idle Timeout. For an Administrator, this is the period at which an idle
  • Netgear FVS336G-100NAS | Reference Manual - Page 145
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To restrict logging in based on IP address: 1. Select the by Source IP Address tab. The by Source IP Address screen will display. Figure 7-7 2. In
  • Netgear FVS336G-100NAS | Reference Manual - Page 146
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To restrict logging in based on the user's browser: 1. Select the by Client Browser tab. The by Client Browser screen will display. Figure 7-8 2. In the
  • Netgear FVS336G-100NAS | Reference Manual - Page 147
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Certificates The VPN firewall uses theft of the server. Your VPN firewall contains a self-signed certificate from NETGEAR. We recommend that you replace this certificate prior to deploying the VPN firewall
  • Netgear FVS336G-100NAS | Reference Manual - Page 148
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To view the VPN Certificates: Select VPN > Certificates from the main menu. The Certificates screen displays. The top section of the Certificates screen displays the
  • Netgear FVS336G-100NAS | Reference Manual - Page 149
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual For each self certificate, the following data is listed: • Name. The name you used to identify this certificate. • Subject Name. This is the name that
  • Netgear FVS336G-100NAS | Reference Manual - Page 150
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 7-11 3. Complete the Optional fields, if desired, with the following information: • IP Address - If you have a fixed IP address, you may enter it here.
  • Netgear FVS336G-100NAS | Reference Manual - Page 151
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. In the Self Certificate Requests table, click View REQUEST---" and "---END CERTIFICATE REQUEST"). d. Submit the CA form. If no problems ensue, the certificate will be issued. 8. Store the certificate file from the CA
  • Netgear FVS336G-100NAS | Reference Manual - Page 152
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. Return to the Certificates screen and locate the Self Certificate Requests section.. Figure 7-14 10. Select the checkbox next to the certificate request, then click
  • Netgear FVS336G-100NAS | Reference Manual - Page 153
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 7-15 The CRL table lists your active CAs and their critical release dates: • CA Identify - The official name of the CA which issued this
  • Netgear FVS336G-100NAS | Reference Manual - Page 154
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 7-16 Managing Users, Authentication, and Certificates v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 155
    on the appropriate heading in the Main Menu of the browser interface. The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN offers many tools for Manager" • "Settings Backup and Firmware Upgrade" • "Configuring Date and Time Service" Performance Management Performance management consists of
  • Netgear FVS336G-100NAS | Reference Manual - Page 156
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual the WAN ports will support the following traffic rates: to throughput for Service blocking • Block sites • Source MAC filtering Service Blocking You can control specific outbound traffic (from LAN to WAN). Outbound Services
  • Netgear FVS336G-100NAS | Reference Manual - Page 157
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • ALLOW by schedule, otherwise Block As you define your firewall rules, you can further refine their application according to the following criteria: • LAN Users. These
  • Netgear FVS336G-100NAS | Reference Manual - Page 158
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Groups and Hosts You can apply these rules the week and time of day for each schedule. See "Setting a Schedule to Block or Allow Specific Traffic" on page 4-18 for the procedure on how to use this feature. Block Sites If
  • Netgear FVS336G-100NAS | Reference Manual - Page 159
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for only! Incorrect configuration will cause serious problems. You can control specific inbound traffic (from WAN to LAN). Inbound Services lists all existing rules for inbound traffic
  • Netgear FVS336G-100NAS | Reference Manual - Page 160
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Each rule lets you specify the desired action Mode. Prevents the VPN firewall from responding to incoming requests for unsupported services. As you define your firewall rules, you can further refine their application
  • Netgear FVS336G-100NAS | Reference Manual - Page 161
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Schedule. You can specify whether the rule is to be applied on the Schedule 1, Schedule 2, or Schedule 3 time schedule (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-18). See "Using Rules to
  • Netgear FVS336G-100NAS | Reference Manual - Page 162
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Using QoS to Shift the Traffic Mix The QoS priority settings determine the priority and, in turn, the quality of service for the traffic passing through the firewall. The QoS is set individually for each service Netgear
  • Netgear FVS336G-100NAS | Reference Manual - Page 163
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 8-1 2. Select the checkbox adjacent to admin in the Name column, then click Edit in the Action column. The Edit User screen is displayed, with
  • Netgear FVS336G-100NAS | Reference Manual - Page 164
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. (Optional) To change the idle timeout for an administrator login session, enter a new number of minutes in the Idle Timeout field. 6. Click Apply to save
  • Netgear FVS336G-100NAS | Reference Manual - Page 165
    IPsec VPN FVS336G Reference Manual . Figure 8-3 2. Click the Yes radio box to enable HTTPS remote management (enabled by default). Note: For enhanced security, restrict access to as few external IP addresses as practical. See "Setting User Login Policies" on page 7-6 for instructions on restricting
  • Netgear FVS336G-100NAS | Reference Manual - Page 166
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Note: If you are unable to remotely connect to the FVS336G after Tip: If you are using a dynamic DNS service such as TZO, you can identify the WAN IP address of your FVS336G by running tracert from the Windows Run menu
  • Netgear FVS336G-100NAS | Reference Manual - Page 167
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 8-4 2. Configure the following fields in the Create New SNMP Configuration Entry section: • Enter the IP Address of the SNMP manager in the IP Address
  • Netgear FVS336G-100NAS | Reference Manual - Page 168
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade Once . You can then restore the VPN firewall settings from this file. The Settings Backup and Firmware Upgrade screen allows you to: • Back up and save a copy of your current settings
  • Netgear FVS336G-100NAS | Reference Manual - Page 169
    version. When you upgrade your firmware, the new firmware version will be displayed. To download a firmware version: 1. Go to the NETGEAR Web site at http://www.netgear.com/support and click Downloads. 2. From the Product Selection pull-down menu, choose the FVS336G. Select the software version and
  • Netgear FVS336G-100NAS | Reference Manual - Page 170
    VPN FVS336G Reference Manual After downloading an upgrade file, you may need to unzip (uncompress) it before upgrading the VPN firewall. If release notes are included in the download, read them before continuing. To upgrade the router software: 1. Select Administration > Settings Backup and Firmware
  • Netgear FVS336G-100NAS | Reference Manual - Page 171
    FVS336G Reference Manual Figure 8-6 2. From the Date/Time pull-down menu, choose the Local Time Zone. This is required in order for scheduling to work correctly. The VPN firewall includes a real-time clock (RTC), which it uses for scheduling. 3. If supported to the default Netgear NTP servers. Note
  • Netgear FVS336G-100NAS | Reference Manual - Page 172
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 8-18 v1.0, October 2007 Router and Network Management
  • Netgear FVS336G-100NAS | Reference Manual - Page 173
    This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can " • "Monitoring the Status of WAN Ports" • "Monitoring Attached Devices" • "Reviewing the DHCP Log" • "Monitoring Active Users" • "Viewing Port Triggering Status"
  • Netgear FVS336G-100NAS | Reference Manual - Page 174
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 9-1 2. Enable the traffic meter by clicking the Yes radio box under Do you want to enable Traffic Metering on WAN1? The traffic meter will
  • Netgear FVS336G-100NAS | Reference Manual - Page 175
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Note: Both incoming and outgoing to restart the Traffic Counter immediately. • Restart Traffic Counter at a Specific Time. Restart the Traffic Counter at a specific time and day of the month. Fill in the time fields and
  • Netgear FVS336G-100NAS | Reference Manual - Page 176
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Activating Notification of Events and and dropped packets on different segments of your LAN; denied incoming and outgoing service requests; hacker probes and login attempts; and other general information based on the
  • Netgear FVS336G-100NAS | Reference Manual - Page 177
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 9-2 Monitoring System Performance 9-5 v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 178
    with SSL & IPsec VPN FVS336G Reference Manual 7. To respond to IDENT protocol messages, check the Respond to Identd from SMTP Server radio box. The Ident Protocol is a weak scheme to verify the sender of e-mail (a common daemon program for providing the ident service is identd). 8. Enter a Schedule
  • Netgear FVS336G-100NAS | Reference Manual - Page 179
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Log entries are described in Table 9-1. Table taken if any. The IP address of the initiating device for this log entry. The service port number of the initiating device, and whether it originated from the LAN or WAN.
  • Netgear FVS336G-100NAS | Reference Manual - Page 180
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 9-3 The following information is displayed: Item System Name Firmware Version LAN Port Description This is the Account Name that you entered in the Basic Settings page. This is the current software the router
  • Netgear FVS336G-100NAS | Reference Manual - Page 181
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Item WAN1 Configuration WAN2 Configuration Description Indicates whether the WAN Mode is Single, Dual, or Rollover, and whether the WAN State is UP or DOWN.
  • Netgear FVS336G-100NAS | Reference Manual - Page 182
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . Figure 9-4 Monitoring Attached Devices The LAN Groups screen accurately determined and will be shown as unknown. • Manually Adding Devices. You can enter information in the Add Known PCs and Devices section and click Add
  • Netgear FVS336G-100NAS | Reference Manual - Page 183
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 9-5 The Known PCs and Devices table lists all is set on the PC (as a fixed IP address), you may need to update this entry manually if the IP address on the PC is changed. The MAC address of the PC. The MAC
  • Netgear FVS336G-100NAS | Reference Manual - Page 184
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reviewing the DHCP Log To review the most recent entries in the DHCP log: 1. Select Network > LAN Setup from the main menu, and then click the LAN Setup tab. The LAN
  • Netgear FVS336G-100NAS | Reference Manual - Page 185
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Monitoring Active Users The Active Users menu screen displays a list of administrators and SSL VPN users currently logged into the device. To display the list
  • Netgear FVS336G-100NAS | Reference Manual - Page 186
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 9-9 2. When the Port Triggering screen is displayed, click the Status link to the right of the tab to display the Port Triggering Status. Figure 9-
  • Netgear FVS336G-100NAS | Reference Manual - Page 187
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Monitoring VPN Tunnel Connection Status To review the status of current VPN tunnels: 1. Select VPN > Connection Status from the main menu, and then select the IPsec VPN Connection Status tab. The IPsec
  • Netgear FVS336G-100NAS | Reference Manual - Page 188
    VPN FVS336G Reference Manual The active SSL VPN user's username, group, and IP address are listed in the table with a timestamp indicating the time and date that the user connected. 3. You can disconnect an active SSL VPN user by clicking Disconnect to the right of the user's list entry. Reviewing
  • Netgear FVS336G-100NAS | Reference Manual - Page 189
    Chapter 10 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. After each problem description, instructions are provided to help you diagnose and solve the problem. This chapter contains the following sections: •
  • Netgear FVS336G-100NAS | Reference Manual - Page 190
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Power LED 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support. LEDs Never Turn Off When the .0, October 2007 Troubleshooting
  • Netgear FVS336G-100NAS | Reference Manual - Page 191
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall's Web Configuration interface from a PC on your local network, check the following: •
  • Netgear FVS336G-100NAS | Reference Manual - Page 192
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual be caching the old configuration. Troubleshooting the ISP Connection If your VPN to an external site such as www.netgear.com 2. Access the Main Menu an IP address from the ISP, the problem may be one of the following: •
  • Netgear FVS336G-100NAS | Reference Manual - Page 193
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP only allows one Ethernet MAC then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the Ping utility in your PC or workstation. Testing the LAN Path to Your VPN Firewall
  • Netgear FVS336G-100NAS | Reference Manual - Page 194
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: •
  • Netgear FVS336G-100NAS | Reference Manual - Page 195
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade" on page Test LED turns on and begins to blink (about 10 seconds). 2. Release the reset button and wait for the VPN firewall to reboot. Problems Troubleshooting v1.0, October 2007 10-7
  • Netgear FVS336G-100NAS | Reference Manual - Page 196
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Time is off by one hour. Cause: The VPN firewall does not automatically sense Daylight will display. Note: For normal operation, diagnostics are not required. Figure 10-1 10-8 v1.0, October 2007 Troubleshooting
  • Netgear FVS336G-100NAS | Reference Manual - Page 197
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Server) converts the Internet name (for example, www.netgear.com) to an IP address. If you need the can be used by Technical Support to diagnose routing problems. Used to perform a Troubleshooting v1.0, October 2007 10-9
  • Netgear FVS336G-100NAS | Reference Manual - Page 198
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 10-10 v1.0, October 2007 Troubleshooting
  • Netgear FVS336G-100NAS | Reference Manual - Page 199
    Settings and Technical Specifications You can use the reset button located on the rear panel to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, press and hold the reset button for approximately 10 seconds (until the TEST LED blinks rapidly
  • Netgear FVS336G-100NAS | Reference Manual - Page 200
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table A-1. VPN firewall Default Configuration Allowed (all) Source MAC filtering Disabled Stealth Mode Enabled Technical specifications for the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN are listed
  • Netgear FVS336G-100NAS | Reference Manual - Page 201
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table A-2. VPN firewall Technical Specifications (continued) Feature Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions Meets requirements of: Interface Specifications LAN
  • Netgear FVS336G-100NAS | Reference Manual - Page 202
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual A-4 Default Settings and Technical Specifications v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 203
    links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing: Wireless Communications: http://documentation
  • Netgear FVS336G-100NAS | Reference Manual - Page 204
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual B-2 Related Documents v1.0, October 2007
  • Netgear FVS336G-100NAS | Reference Manual - Page 205
    " on page C-6 • "Inbound Traffic" on page C-8 • "Virtual Private Networks (VPNs)" on page C-10 What You Will Need to Do Before You Begin The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is a powerful and versatile solution for your networking needs. To make the configuration process easier
  • Netgear FVS336G-100NAS | Reference Manual - Page 206
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - For rollover mode, protocol binding does not apply. - For load balancing mode, decide which protocols should be bound to a specific this). b. Contact a Dynamic DNS Service and register fully qualified domain names for
  • Netgear FVS336G-100NAS | Reference Manual - Page 207
    DSL modems and a computer. Instruction for connecting your VPN firewall are in the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with FVS336G, your must use a Java-enabled Web browser program that supports HTTP uploads such as Microsoft Internet Explorer or Netscape Navigator. NETGEAR
  • Netgear FVS336G-100NAS | Reference Manual - Page 208
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Internet Configuration Requirements Depending on how your ISPs set up your Internet accounts, you will need one or more of these configuration parameters to connect
  • Netgear FVS336G-100NAS | Reference Manual - Page 209
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Internet Connection Information Form Print this page. Fill in the configuration parameters from your Internet Service Some ISPs use a specific host or domain name like the following examples as a guide: • If your main e-
  • Netgear FVS336G-100NAS | Reference Manual - Page 210
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Overview of the Planning Process The areas that require planning when using a firewall that has dual WAN ports include: • Inbound traffic (port forwarding, port triggering) •
  • Netgear FVS336G-100NAS | Reference Manual - Page 211
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The Roll-over Case for Firewalls With of each WAN port is fixed. Figure C-2 Features such as multiple exposed hosts are not supported when using dual WAN port rollover because the IP addresses of each WAN port must be
  • Netgear FVS336G-100NAS | Reference Manual - Page 212
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service when this feature is supported and enabled. In the
  • Netgear FVS336G-100NAS | Reference Manual - Page 213
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic: Dual WAN Ports for Improved Reliability In the dual WAN port case with rollover (Figure C-5), the WAN's IP address will always change at
  • Netgear FVS336G-100NAS | Reference Manual - Page 214
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points.
  • Netgear FVS336G-100NAS | Reference Manual - Page 215
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure C-7 • Load Balancing Case for Dual Gateway WAN Ports Load balancing (Figure C-8) for the dual gateway WAN port case is the same as the single
  • Netgear FVS336G-100NAS | Reference Manual - Page 216
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Road Warrior: Single Gateway WAN Port (Reference Case) In the case of the single WAN port on the gateway VPN firewall (Figure C-9), the remote
  • Netgear FVS336G-100NAS | Reference Manual - Page 217
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified domain name must always be used because the
  • Netgear FVS336G-100NAS | Reference Manual - Page 218
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure C-12 The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain
  • Netgear FVS336G-100NAS | Reference Manual - Page 219
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure C-13 The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain
  • Netgear FVS336G-100NAS | Reference Manual - Page 220
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified domain name must always be used because the
  • Netgear FVS336G-100NAS | Reference Manual - Page 221
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall (Figure C-
  • Netgear FVS336G-100NAS | Reference Manual - Page 222
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Telecommuter: Single Gateway WAN Port (Reference Case) In the case of the single WAN port on the gateway VPN firewall (Figure C-17), the remote
  • Netgear FVS336G-100NAS | Reference Manual - Page 223
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified domain name must always be used because the
  • Netgear FVS336G-100NAS | Reference Manual - Page 224
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall (Figure C-20), the
  • Netgear FVS336G-100NAS | Reference Manual - Page 225
    remote management 8-10 ActiveX web cache control 6-6 Add LAN WAN Inbound Service 4-9 Add LAN WAN Outbound Service 4-8 Add Mode Config Record screen 5-21 Add Protocol Binding Destination Network 2-17 Service 2-17 Add Resource Addresses menu 6-14 Adding 4-16 address reservation 3-8 administrator
  • Netgear FVS336G-100NAS | Reference Manual - Page 226
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual configuration automatic by DHCP 1-4 connecting the crossover cable 1-4, 10-2 CSR 7-11 customized service adding 4-2, 4-17 editing 4-17 D Date setting 8-16 troubleshooting 10-7 Daylight Savings Time adjusting for 8-17
  • Netgear FVS336G-100NAS | Reference Manual - Page 227
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual front panel 1-6 rear panel 1-7 technical specifications A-1 viewing activity 9-15 Firewall Log Field Protection Content Filtering, about 4-1 firewall protection 4-1 firmware downloading 8-15 upgrade 8-15 fixed IP address
  • Netgear FVS336G-100NAS | Reference Manual - Page 228
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual instructions for 2-1 Interior Gateway Protocol. See IGP. Internet configuration requirements C-4, C-5 configuring the connection manually 2-9 connecting to 2-1 Internet connection manual configuration 2-9 Internet Service
  • Netgear FVS336G-100NAS | Reference Manual - Page 229
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual LAN WAN Rule example of 4-14 LAN WAN Rules default outbound 4-7 lease time 3-4 LEDs explanation of 1-6 troubleshooting menu, configuring 5-20 testing Client 5-25 monitoring devices 20 NTP 8-16 troubleshooting 10-7 NTP
  • Netgear FVS336G-100NAS | Reference Manual - Page 230
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual modifying 4-10 Outbound Services field descriptions 4-3 P package contents 1-5 packet capture 10-9 passwords and login timeout changing 8-8 passwords,restoring 10-7 performance management 8-1, 9-1 Ping troubleshooting
  • Netgear FVS336G-100NAS | Reference Manual - Page 231
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual resources defining 6-13 restore service numbers common protocols 4-16 Services 4-16 Services menu 4-17 Setting Up One-to-One NAT Mapping example of 4-14 Settings Backup & Upgrade screen 8-14 Settings Backup and Firmware
  • Netgear FVS336G-100NAS | Reference Manual - Page 232
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual split tunnel configuring 6-11 description 6-10 spoof MAC traffic meter 2-22 troubleshooting 10-1 browsers 10-3 configuration settings, using sniffer 10-3 defaults 10-3 ISP connection 10-4 NTP 10-7 testing your setup 10-6
  • Netgear FVS336G-100NAS | Reference Manual - Page 233
    ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual telecommuter, about C-17 telecommuter, Dual Settings manual setup 2-12 WAN2 Protocol Bindings 2-18 WAN2 Traffic Meter 9-3 Web Components 4-19 blocking 4-22 filtering, about 4-19 Web configuration troubleshooting 10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
October 2007
202-10257-01
v1.0
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
ProSafe Dual WAN Gigabit
Firewall with SSL & IPsec
VPN FVS336G Reference
Manual