Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FVS114NA » Manual Viewer

Netgear FVS114NA FVS114 Reference Manual - Page 44

Inbound Rules (Port Forwarding), Inbound Rule Example: A Local Public Web Server

Add to My Manuals
Save this manual to your list of manuals

Page 44 highlights

Reference Manual for the ProSafe VPN Firewall FVS114 - Block non-standard packets - Abnormal packets are often used by hackers and in DoS attacks, but may also be generated by other network devices. This setting should normally be enabled. - Enable DNS proxy - DNS proxy will forward DNS queries to the DNS. If the DNS proxy is disabled, the Router will ignore DNS queries it receives. PCs will then need to contact the DNS directly. This setting should normally be enabled. Inbound Rules (Port Forwarding) Because the FVS114 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding. Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP. Remember that allowing inbound services opens holes in your FVS114 VPN Firewall. Only enable those ports that are necessary for your network. Following are two application examples of inbound rules: Inbound Rule Example: A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 4-3: 4-6 Firewall Protection and Content Filtering 202-10098-01, April 2005

Section	Page
Reference Manual for the ProSafe VPN Firewall FVS114	1
Product and Publication Details	3
Contents	5
Chapter 1 About This Manual	13
Audience, Scope, Conventions, and Formats	13
How to Use This Manual	14
How to Print this Manual	15
Chapter 2 Introduction	17
Key Features of the VPN Firewall	17
A Powerful, True Firewall with Content Filtering	18
Security	18
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	19
Easy Installation and Management	20
Maintenance and Support	20
Package Contents	21
The FVS114 Front Panel	21
The FVS114 Rear Panel	22
NETGEAR-Related Products	23
NETGEAR Product Registration, Support, and Documentation	23
Chapter 3 Connecting the Firewall to the Internet	25
Prepare to Install Your FVS114 ProSafe VPN Firewall	25
First, Connect the FVS114	25
Now, Configure the FVS114 for Internet Access	28
Troubleshooting Tips	30
Overview of How to Access the FVS114 VPN Firewall	31
How to Log On to the FVS114 After Configuration Settings Have Been Applied	32
How to Bypass the Configuration Assistant	33
Using the Smart Setup Wizard	34
How to Manually Configure Your Internet Connection	35
Chapter 4 Firewall Protection and Content Filtering	39
Firewall Protection and Content Filtering Overview	39
Block Sites	40
Using Rules to Block or Allow Specific Kinds of Traffic	41
Inbound Rules (Port Forwarding)	44
Inbound Rule Example: A Local Public Web Server	44
Inbound Rule Example: Allowing a Videoconference from Restricted Addresses	45
Considerations for Inbound Rules	46
Outbound Rules (Service Blocking)	46
Outbound Rule Example: Blocking Instant Messenger	47
Order of Precedence for Rules	48
Services	49
Using a Schedule to Block or Allow Specific Traffic	51
Time Zone	52
Getting E-Mail Notifications of Event Logs and Alerts	53
Viewing Logs of Web Access or Attempted Web Access	55
Syslog	56
Chapter 5 Basic Virtual Private Networking	57
Overview of VPN Configuration	58
Client-to-Gateway VPN Tunnels	58
Gateway-to-Gateway VPN Tunnels	58
Planning a VPN	59
VPN Tunnel Configuration	61
How to Set Up a Client-to-Gateway VPN Configuration	61
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS114	62
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC	65
Monitoring the Progress and Status of the VPN Client Connection	72
Transferring a Security Policy to Another Client	73
Exporting a Security Policy	73
Importing a Security Policy	74
How to Set Up a Gateway-to-Gateway VPN Configuration	76
Procedure to Configure a Gateway-to-Gateway VPN Tunnel	77
VPN Tunnel Control	82
Activating a VPN Tunnel	82
Start Using a VPN Tunnel to Activate It	82
Using the VPN Status Page to Activate a VPN Tunnel	82
Activate the VPN Tunnel by Pinging the Remote Endpoint	83
Verifying the Status of a VPN Tunnel	85
Deactivating a VPN Tunnel	86
Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel	86
Using the VPN Status Page to Deactivate a VPN Tunnel	87
Deleting a VPN Tunnel	88
Chapter 6 Advanced Virtual Private Networking	89
Overview of FVS114 Policy-Based VPN Configuration	89
Using Policies to Manage VPN Traffic	90
Using Automatic Key Management	90
IKE Policies’ Automatic Key and Authentication Management	91
VPN Policy Configuration for Auto Key Negotiation	93
VPN Policy Configuration for Manual Key Exchange	97
Using Digital Certificates for IKE Auto-Policy Authentication	101
Certificate Revocation List (CRL)	102
Walk-Through of Configuration Scenarios on the FVS114	102
VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets	103
FVS114 Scenario 1: FVS114 to Gateway B IKE and VPN Policies	104
How to Check VPN Connections	109
Testing the Gateway A FVS114 LAN and the Gateway B LAN	109
FVS114 Scenario 2: FVS114 to FVS114 with RSA Certificates	110
Chapter 7 Maintenance	117
Viewing VPN Firewall Status Information	117
Viewing a List of Attached Devices	121
Upgrading the Firewall Software	121
Configuration File Management	122
Backing Up the Configuration	123
Restoring the Configuration	123
Erasing the Configuration	123
Changing the Administrator Password	124
Diagnostics	124
Chapter 8 Advanced Configuration	127
WAN Setup	127
Default DMZ Server	128
Respond to Ping on Internet WAN Port	129
How to Configure Dynamic DNS	129
Using the LAN IP Setup Options	131
Configuring LAN TCP/IP Setup Parameters	131
Using the Firewall as a DHCP server	133
Using Address Reservation	133
Configuring Static Routes	134
Static Route Example	136
Enabling Remote Management Access	136
UPnP	139
Chapter 9 Troubleshooting	141
Basic Functioning	141
Power LED Not On	141
LEDs Never Turn Off	142
LAN or Internet Port LEDs Not On	142
Troubleshooting the Web Configuration Interface	143
Troubleshooting the ISP Connection	144
Troubleshooting a TCP/IP Network Using a Ping Utility	145
Testing the LAN Path to Your Firewall	145
Testing the Path from Your PC to a Remote Device	146
Restoring the Default Configuration and Password	147
Problems with Date and Time	147
Appendix A Technical Specifications	149
Appendix B Network, Routing, and Firewall Basics	151
Related Publications	151
Basic Router Concepts	151
What is a Router?	152
Routing Information Protocol	152
IP Addresses and the Internet	152
Netmask	154
Subnet Addressing	155
Private IP Addresses	157
Single IP Address Operation Using NAT	158
MAC Addresses and Address Resolution Protocol	159
Related Documents	159
Domain Name Server	159
IP Configuration by DHCP	160
Internet Security and Firewalls	160
What is a Firewall?	161
Stateful Packet Inspection	161
Denial of Service Attack	161
Ethernet Cabling	161
Category 5 Cable Quality	162
Inside Twisted Pair Cables	163
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	164
Appendix C Virtual Private Networking	167
What is a VPN?	167
What Is IPSec and How Does It Work?	168
IPSec Security Features	168
IPSec Components	168
Encapsulating Security Payload (ESP)	169
Authentication Header (AH)	170
IKE Security Association	170
Mode	171
Key Management	172
Understand the Process Before You Begin	172
VPN Process Overview	173
Network Interfaces and Addresses	173
Interface Addressing	173
Firewalls	174
VPN Tunnel Between Gateways	174
VPNC IKE Security Parameters	176
VPNC IKE Phase I Parameters	176
VPNC IKE Phase II Parameters	177
Testing and Troubleshooting	177
Additional Reading	177
Appendix D Preparing Your Network	179
Preparing Your Computers for TCP/IP Networking	179
Configuring Windows 95, 98, and Me for TCP/IP Networking	180
Install or Verify Windows Networking Components	180
Enabling DHCP to Automatically Configure TCP/IP Settings	182
Selecting Windows’ Internet Access Method	184
Verifying TCP/IP Properties	184
Configuring Windows NT4, 2000 or XP for IP Networking	185
Install or Verify Windows Networking Components	185
Enabling DHCP to Automatically Configure TCP/IP Settings	186
DHCP Configuration of TCP/IP in Windows XP	186
DHCP Configuration of TCP/IP in Windows 2000	188
DHCP Configuration of TCP/IP in Windows NT4	191
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	193
Configuring the Macintosh for TCP/IP Networking	194
MacOS 8.6 or 9.x	194
MacOS X	194
Verifying TCP/IP Properties for Macintosh Computers	195
Verifying the Readiness of Your Internet Account	196
Are Login Protocols Used?	196
What Is Your Configuration Information?	196
Obtaining ISP Configuration Information for Windows Computers	197
Obtaining ISP Configuration Information for Macintosh Computers	198
Restarting the Network	199
Glossary	201
List of Glossary Terms	201
Numeric	201
A	201
B	202
C	203
D	203
E	204
G	205
I	205
L	206
M	207
P	207
Q	208
R	209
S	209
T	209
U	210

Match case Limit results 1 per page

Reference Manual for the ProSafe VPN Firewall FVS114

4-6

Firewall Protection and Content Filtering

202-10098-01, April 2005

–

Block non-standard packets — Abnormal packets are often used by hackers and in DoS

attacks, but may also be generated by other network devices. This setting should normally

be enabled.

–

Enable DNS proxy — DNS proxy will forward DNS queries to the DNS. If the DNS

proxy is disabled, the Router will ignore DNS queries it receives. PCs will then need to

contact the DNS directly. This setting should normally be enabled.

Inbound Rules (Port Forwarding)

Because the FVS114 uses Network Address Translation (NAT), your network presents only one IP

address to the Internet, and outside users cannot directly address any of your local computers.

However, by defining an inbound rule you can make a local server (for example, a Web server or

game server) visible and available to the Internet. The rule tells the firewall to direct inbound

traffic for a particular service to one local server based on the destination port number. This is also

known as port forwarding.

Remember that allowing inbound services opens holes in your FVS114 VPN Firewall. Only

enable those ports that are necessary for your network. Following are two application examples of

inbound rules:

Inbound Rule Example: A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web

(HTTP) requests from any outside IP address to the IP address of your Web server at any time of

day. This rule is shown in

Figure 4-3

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may periodically

check for servers and may suspend your account if it discovers any active services at

your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.