Netgear FVS124G FVS124G Reference Manual
Netgear FVS124G - ProSafe VPN Firewall 25 Manual
 |
UPC - 606449040531
View all Netgear FVS124G manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear FVS124G manual content summary:
- Netgear FVS124G | FVS124G Reference Manual - Page 1
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports FVS124G NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10085-01 March 2005 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 2
NETGEAR is a trademark of Netgear, Inc. Microsoft, Windows, and Windows in accordance with the instructions, may cause harmful the equipment off and on, the user is encouraged to try to correct the , daß das FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports gemäß der im - Netgear FVS124G | FVS124G Reference Manual - Page 3
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Certificate of the Manufacturer/Importer It is hereby certified that the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports operating instructions. Federal software without his specific prior written - Netgear FVS124G | FVS124G Reference Manual - Page 4
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Open SSL Copyright (c) 1998-2000 The CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - Netgear FVS124G | FVS124G Reference Manual - Page 5
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports MD5 PPP Zlib Copyright (C) 1990, RSA Data may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY - Netgear FVS124G | FVS124G Reference Manual - Page 6
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: FVS124G March 2005 Router FVS124G ProSafe VPN Firewall 25 - Netgear FVS124G | FVS124G Reference Manual - Page 7
Router's IP Address, Login Name, and Password 2-8 Logging into the Router 2-9 Default Factory Settings 2-10 NETGEAR Related Products 2-11 Chapter 3 Network Planning Overview of the Planning Process 3-1 Inbound Traffic ...3-1 Virtual Private Networks (VPNs 3-1 The Rollover Case for Firewalls - Netgear FVS124G | FVS124G Reference Manual - Page 8
the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 4-6 Step 1: Physically Connect the VPN Firewall to Your Network (Required 4-7 Step 2: Log in to the VPN Firewall (Required 4-7 Step 3: Configure the Internet Connections to Your ISPs (Required 4-8 Manually Configuring - Netgear FVS124G | FVS124G Reference Manual - Page 9
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Load Balancing (and Protocol Binding) Setup 4-17 Step 5: Configure Dynamic DNS (If Needed 4-20 Step 6: Configure the WAN Options (If Needed 4-23 Chapter 5 LAN Configuration Using the LAN IP Setup Options 5-1 - Netgear FVS124G | FVS124G Reference Manual - Page 10
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Creating a VPN Connection: Between FVX538 and FVS124G 7-5 Configuring the FVX538 7-5 Configuring the FVS124G 7-9 Testing the Connection 7-11 Creating a VPN Connection: Netgear VPN Client to FVS124G 7-11 - Netgear FVS124G | FVS124G Reference Manual - Page 11
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports WAN Port Connection Status 8-18 Dynamic DNS Status 8-19 Internet Traffic Information 8-19 LAN Ports and Attached Devices 8-20 Known PCs and Devices 8-20 DHCP Log ...8-22 Port Triggering Status 8-22 Firewall - Netgear FVS124G | FVS124G Reference Manual - Page 12
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet Addressing B-5 Private IP Addresses B-7 Single IP Address Operation Using NAT B-8 MAC Addresses and Address Resolution - Netgear FVS124G | FVS124G Reference Manual - Page 13
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports MacOS X ...C-16 Verifying TCP/IP Properties for Macintosh Computers C-17 Verifying the Readiness of Your Internet Account C-18 Are Login Protocols Used C-18 What Is Your Configuration Information C-18 - Netgear FVS124G | FVS124G Reference Manual - Page 14
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports C ...Glossary-3 D ...Glossary-3 E ...Glossary-4 G ...Glossary-5 I ...Glossary-5 L ...Glossary-6 M ...Glossary-7 P ...Glossary-8 Q ...Glossary-9 R ...Glossary-9 S ...Glossary-9 T ...Glossary-10 U ...Glossary-10 W - Netgear FVS124G | FVS124G Reference Manual - Page 15
is written for the FVS124G VPN Firewall according to these specifications.: Table 1-2. Manual Scope Product Version Manual Publication Date FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports March 2005 Note: Product updates are available on the NETGEAR, Inc. Web site at - Netgear FVS124G | FVS124G Reference Manual - Page 16
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports How to Use This Manual The HTML version of this manual includes the following: • Buttons, and , for browsing forwards or backwards through the manual one page at a time •A button that displays the table of - Netgear FVS124G | FVS124G Reference Manual - Page 17
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual is - Netgear FVS124G | FVS124G Reference Manual - Page 18
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 1-4 About This Manual 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 19
firewall within minutes. The FVS124G VPN Firewall provides the following features: • 2 10/100 Mbps ports for an Ethernet connection to a WAN device, such as a cable modem or DSL modem. • Dual WAN ports provide for increased system reliability and provide load balancing. • Support for up to 10 VPN - Netgear FVS124G | FVS124G Reference Manual - Page 20
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Front panel LEDs for easy monitoring of status and activity. • Flash memory for firmware upgrade. Dual WAN Ports for Increased Reliability or Outbound Load Balancing The FVS124G VPN Firewall has two broadband WAN ports - Netgear FVS124G | FVS124G Reference Manual - Page 21
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • With its URL keyword filtering feature, the FVS124G prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses - Netgear FVS124G | FVS124G Reference Manual - Page 22
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Extensive Protocol Support The FVS124G VPN Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/ IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to - Netgear FVS124G | FVS124G Reference Manual - Page 23
your use of the FVS124G VPN Firewall: • Flash memory for firmware upgrade • Free technical support seven days a week, twenty-four hours a day Package Contents The product package should contain the following items: • FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. • AC power - Netgear FVS124G | FVS124G Reference Manual - Page 24
Firewall 25 with 4 Gigabit LAN and Dual WAN Ports, including: - This guide. - Application Notes and other helpful information. - ProSafe VPN Client Software - single user license. • Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR - Netgear FVS124G | FVS124G Reference Manual - Page 25
operating at 100 Mbps. The LAN port is operating at 10 Mbps. The Router's Rear Panel The rear panel of the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports (Figure 2-2) contains the factory defaults reset button, LAN and WAN ports, and DC power input connection. Introduction - Netgear FVS124G | FVS124G Reference Manual - Page 26
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Factory Defaults LAN 4 3 2 1 WAN2 WAN1 12VDC 1.2A Factory Defaults Button LAN Ports Figure 2-2: FVS124G Rear Panel WAN2 Port WAN1 Port AC Power Adapter Connection Viewed from left to right, the - Netgear FVS124G | FVS124G Reference Manual - Page 27
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports LAN IP Address User Name Password Figure 2-3: FVS124G Bottom Label Logging into the Router To log into the FVS124G once it is connected, 1. Open a Web browser. 2. Enter http://192.168.1.1 as the URL. 3. Once you - Netgear FVS124G | FVS124G Reference Manual - Page 28
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 2-4: Login screen on the Web browser Note: Read-only access is provided by logging in as username guest and default password password. Default Factory Settings When you first receive your FVS124G, the default factory - Netgear FVS124G | FVS124G Reference Manual - Page 29
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 2-1. Factory Default Settings Feature User Name (case sensitive) Password (case sensitive) Built-in DHCP server IP Configuration Time Zone Time Zone Adjust for Daylight Saving TIme SNMP Default admin password - Netgear FVS124G | FVS124G Reference Manual - Page 30
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2-12 202-10085-01, March 2005 Introduction - Netgear FVS124G | FVS124G Reference Manual - Page 31
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Chapter 3 Network Planning This chapter describes the factors to consider when planning a network using a firewall that has dual WAN ports. Overview of the Planning Process The areas that require planning when - Netgear FVS124G | FVS124G Reference Manual - Page 32
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: Once the gateway firewall WAN port rolls over, the VPN tunnel collapses and must be re-established using the new WAN IP address. The Rollover Case for Firewalls With Dual WAN Ports Rollover (Figure 3-1) - Netgear FVS124G | FVS124G Reference Manual - Page 33
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Inbound Traffic Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service that you have configured in the Inbound Rules - Netgear FVS124G | FVS124G Reference Manual - Page 34
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Inbound Traffic: Dual WAN Ports for Improved Reliability In the dual WAN port case with rollover (Figure 3-4), the WAN's IP address will always change at rollover. A fully-qualified domain name must be used that - Netgear FVS124G | FVS124G Reference Manual - Page 35
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points. The addressing of the firewall's dual WAN port - Netgear FVS124G | FVS124G Reference Manual - Page 36
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dual WAN Ports (Before Rollover) WAN1 IP Gateway netgear.dyndns.org X X VPN Router WAN2 port inactive WAN2 IP (N/A) Dual WAN Ports (After Rollover) Gateway WAN1 IP (N/A) WAN1 port inactive X X netgear. - Netgear FVS124G | FVS124G Reference Manual - Page 37
the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 10.5.6.0/24 Road Warrior Example (Single WAN Port) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN IP FQDN bzrouter.dyndns.org Fully-Qualified Domain Names (FQDN) - optional for Fixed IP addresses - Netgear FVS124G | FVS124G Reference Manual - Page 38
Load Balancing) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter1.dyndns.org bzrouter2.dyndns.org WAN2 IP Fully-Qualified Domain Names (FQDN) - optional for Fixed IP addresses - required for Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR - Netgear FVS124G | FVS124G Reference Manual - Page 39
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified domain name is optional. VPN - Netgear FVS124G | FVS124G Reference Manual - Page 40
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability In the case of the dual WAN ports on the gateway VPN firewall (Figure 3-13), either of the gateway WAN ports at one end can initiate the VPN - Netgear FVS124G | FVS124G Reference Manual - Page 41
ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear - Netgear FVS124G | FVS124G Reference Manual - Page 42
gateway WAN ports used for load balancing VPN Telecommuter: Single Gateway WAN Port (Reference Case) In the case of the single WAN port on the gateway VPN firewall (Figure 3-16), the remote PC client at the NAT router initiates the VPN tunnel because the IP address of the remote NAT router is not - Netgear FVS124G | FVS124G Reference Manual - Page 43
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability In the case of the dual WAN ports on the gateway VPN firewall (Figure 3-17), the remote PC client initiates the VPN tunnel with the active gateway WAN port - Netgear FVS124G | FVS124G Reference Manual - Page 44
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The purpose of the fully-qualified domain name is this case is to toggle the domain name of the gateway router between the IP addresses of the active WAN port (i.e., WAN1 and WAN2) so that the remote PC client - Netgear FVS124G | FVS124G Reference Manual - Page 45
to the Internet This chapter describes how to connect the WAN ports of the FVS124G VPN Firewall to the Internet. What You Will Need to Do Before You Begin The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports is a powerful and versatile solution for your networking needs. But - Netgear FVS124G | FVS124G Reference Manual - Page 46
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports - You can also add your own service protocols to the list (see "Services-Based Rules" on page 6-4 for information on how to do this). 2. Set up your accounts a. Have active Internet services such as that provided by cable - Netgear FVS124G | FVS124G Reference Manual - Page 47
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports You make these selections during "Step 2: Log in to the VPN Firewall (Required)" on page 4-7. • There are a variety of WAN options you can choose when the factory default settings are not applicable to your - Netgear FVS124G | FVS124G Reference Manual - Page 48
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Internet Configuration Requirements Depending on how your ISPs set up your Internet accounts, you will need one or more of these configuration parameters to connect your firewall to the Internet: • Host and Domain - Netgear FVS124G | FVS124G Reference Manual - Page 49
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must - Netgear FVS124G | FVS124G Reference Manual - Page 50
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Connecting the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This section provides instructions for connecting the FVS124G VPN Firewall. Also, the Resource CD for ProSafe VPN Firewall 25 - Netgear FVS124G | FVS124G Reference Manual - Page 51
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 1: Physically Connect the VPN Firewall to Your Network (Required) 1. Turn off your computer and Cable or DSL Modem. 2. Disconnect the Ethernet cable from your computer which connects to your cable or DSL modem - Netgear FVS124G | FVS124G Reference Manual - Page 52
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 4-2: Login screen on the Web browser 2. For security reasons, the firewall has its own user name and password. When prompted, enter admin for the firewall user name and password for the firewall password, - Netgear FVS124G | FVS124G Reference Manual - Page 53
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports WAN1 screens WAN2 screens Figure 4-3: WAN1 and WAN2 Basic Settings and Setup Wizard Screens Connecting the FVS124G to the Internet 4-9 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 54
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports b. Click Setup Wizard on the WAN1 ISP Settings screen to get the Setup Wizard (WAN1) screen. c. Click Next and follow the steps in the WAN1 Setup Wizard for inputting the configuration parameters from your ISP1 to - Netgear FVS124G | FVS124G Reference Manual - Page 55
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2. The steps to configure WAN port 2 are as follows: a. Repeat the above steps to set up the parameters for ISP2. Start by clicking the WAN2 ISP link directly under WAN Setup on the upper left of the main menu to - Netgear FVS124G | FVS124G Reference Manual - Page 56
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below if you do not want to allow the Setup Wizard to determine your configuration as described in the - Netgear FVS124G | FVS124G Reference Manual - Page 57
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Programming the Traffic Meter (if Desired) From the Main Menu of the browser interface, under WAN Setup, click Traffic Meter. You will get the screens shown in Figure 4-5. Fill out the information described in - Netgear FVS124G | FVS124G Reference Manual - Page 58
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 4-1. Traffic meter Parameter Description Enable Traffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's WAN1 or WAN2 port.WAN1 or WAN2 can be selected - Netgear FVS124G | FVS124G Reference Manual - Page 59
(Required for Dual WAN) The dual WAN ports of the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports can be configured on a mutually exclusive basis for either rollover for increased system reliability or load balancing for maximum bandwidth efficiency. • Rollover (Auto-Rollover - Netgear FVS124G | FVS124G Reference Manual - Page 60
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Rollover Setup Perform the following steps to configure the dual WAN ports for rollover: 1. Click the WAN Mode link directly under Setup )" on page 4-8). - Public DNS Server-The user is also given an option, to enter any - Netgear FVS124G | FVS124G Reference Manual - Page 61
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Test Period-DNS query is sent periodically after every test period. The minimum test period is 30 seconds. • Maximum Failures-The WAN interface is considered - Netgear FVS124G | FVS124G Reference Manual - Page 62
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 4-7: WAN Mode screen for load balancing and Internet Connections to Your ISPs (Required)" on page 4-8). - Public DNS Server-The user is also given an option to enter any Public DNS server. DNS queries are - Netgear FVS124G | FVS124G Reference Manual - Page 63
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Test Load Balancing screen to invoke the WAN Mode Protocol Bonding screen (if protocol binding is needed). Fill out the screen using the following parameter definitions: • Service-Select the desired Services - Netgear FVS124G | FVS124G Reference Manual - Page 64
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 5: Configure Dynamic DNS (If Needed) If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). - Netgear FVS124G | FVS124G Reference Manual - Page 65
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dynamic DNS screen for rollover mode Dynamic DNS screens for load balancing mode Figure 4-8: Dynamic DNS screens Connecting the FVS124G to the Internet 202-10085-01, March 2005 4-21 - Netgear FVS124G | FVS124G Reference Manual - Page 66
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Each DNS service provider requires its own parameters (Figure 4-9). DynDNS Service Screen TZO Service Screen Oray Service Screen Figure 4-9: Dynamic DNS service provider screens 3. Access the website of one - Netgear FVS124G | FVS124G Reference Manual - Page 67
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. Step 6: Configure the WAN - Netgear FVS124G | FVS124G Reference Manual - Page 68
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Port Speed-In most cases, your router can automatically determine the connection speed of the Internet (WAN) port. If you cannot establish an Internet connection and the Internet LED blinks continuously, you may - Netgear FVS124G | FVS124G Reference Manual - Page 69
your FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. These features can be found under the Advanced heading in the Main Menu of the browser interface. • LAN Setup • Static Routes Using the LAN IP Setup Options The LAN IP Setup menu allows configuration of LAN IP services such - Netgear FVS124G | FVS124G Reference Manual - Page 70
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 5-1: LAN IP Setup menu Note: Once you have completed the LAN IP setup, all outbound traffic is allowed and all inbound traffic is discarded. To change these traffic rules, refer to Chapter 6, "Firewall - Netgear FVS124G | FVS124G Reference Manual - Page 71
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • IP Subnet Mask: The subnet mask specifies the network number portion of an IP address. Your router will automatically calculate the subnet mask based on the IP address that you assign. Unless you are - Netgear FVS124G | FVS124G Reference Manual - Page 72
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Ending IP Address - This box specifies the last of the contiguous addresses in the IP address pool. 192.168.1.254 is the default ending address. • WINS Server - This box can specify the Windows NetBios Server IP - Netgear FVS124G | FVS124G Reference Manual - Page 73
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Primary DNS Server (if you entered a Primary DNS address in the Basic Settings menu; otherwise, the firewall's LAN IP address) • Secondary DNS Server (if you entered a Secondary DNS address in the Basic Settings - Netgear FVS124G | FVS124G Reference Manual - Page 74
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Multi Home LAN IPs Click Multi Home LAN IPs Setup on the LAN IP Setup screen (see Figure 5-1) to invoke the Secondary LAN IP Setup screens. This allows the firewall to act as a gateway to additional logical - Netgear FVS124G | FVS124G Reference Manual - Page 75
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports From the IP Address of the final destination. 6. Type the IP Subnet Mask for this destination. If the destination is a single host, type 255.255.255.255. 7. Type the Gateway IP Address, which must be a firewall - Netgear FVS124G | FVS124G Reference Manual - Page 76
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 8. Type a number between 1 and 15 as the Metric value. This represents the number of firewalls between your network and the destination. Usually, a setting of 2 or 3 works, but if this is a direct connection, set - Netgear FVS124G | FVS124G Reference Manual - Page 77
the content filtering features of the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports to protect your network. These specific outside users to access specific resources. Outbound rules (LAN to WAN) determine what outside resources local users can have access to. Firewall - Netgear FVS124G | FVS124G Reference Manual - Page 78
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the FVS124G are: • Inbound: Block all access from outside except responses to requests from the LAN side. • - Netgear FVS124G | FVS124G Reference Manual - Page 79
the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: This feature is for Advanced Administrators only! Incorrect configuration will cause serious problems. Outbound Services-This lists all existing rules for outbound traffic. If you have not defined any rules, only the default - Netgear FVS124G | FVS124G Reference Manual - Page 80
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports b. Click the button for the desired actions: - Edit - to make any changes to the rule definition. The Inbound Service screen will be displayed (see "Inbound Rules (Port Forwarding)" on page 6-5) with the data for - Netgear FVS124G | FVS124G Reference Manual - Page 81
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Quality of service (QoS) priorities-Each service at its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change this QoS priority if desired - Netgear FVS124G | FVS124G Reference Manual - Page 82
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-1. Inbound Services Item Description Services Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define - Netgear FVS124G | FVS124G Reference Manual - Page 83
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: Some residential broadband Use Policy of your ISP. Remember that allowing inbound services opens holes in your FVS124G VPN Firewall. Only enable those ports that are necessary for your network. Inbound Rule - Netgear FVS124G | FVS124G Reference Manual - Page 84
multi-NAT to support multiple public IP addresses on one WAN interface of a NETGEAR FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. By creating an inbound rule, we will configure the firewall to host an additional public IP addresses and associate this address with a web - Netgear FVS124G | FVS124G Reference Manual - Page 85
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports - LAN IP address subnet is 192.168.1.1 255.255.255.0 • Web server PC on the firewall's LAN - LAN IP address is 192.168.1.2 - Access to Web server is (simulated) public IP address 10.1.0.52 IP Address Requirements- - Netgear FVS124G | FVS124G Reference Manual - Page 86
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 5. Select Action "ALLOW always". 6. For Send to LAN Server, enter the local IP address of your web server PC. 7. For Public Destination IP Address, choose "Other Public IP Address." 8. Enter one of your public - Netgear FVS124G | FVS124G Reference Manual - Page 87
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports To test the connection from a PC on the Internet, type http://, where is the public IP address you have mapped to your web server. You should see the home page of your web server. Inbound - Netgear FVS124G | FVS124G Reference Manual - Page 88
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. Consider using the Dyamic DNS feature in the - Netgear FVS124G | FVS124G Reference Manual - Page 89
ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: See "Source MAC Filtering" on page 6-27 for yet another way to block outbound traffic from selected PCs that would otherwise be allowed by the firewall. Table 6-1. Outbound Services Item Services Action Select Schedule LAN users - Netgear FVS124G | FVS124G Reference Manual - Page 90
the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-1. Item QoS Priority Log Outbound Services Description This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. By default, the - Netgear FVS124G | FVS124G Reference Manual - Page 91
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Outbound Rule Example: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address - Netgear FVS124G | FVS124G Reference Manual - Page 92
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 6-10: Figure 6-10: Rules table with examples For any traffic attempting to pass through the firewall - Netgear FVS124G | FVS124G Reference Manual - Page 93
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Although the FVS124G already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall - Netgear FVS124G | FVS124G Reference Manual - Page 94
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 5. Click Apply. The new service will now appear in the Services menu, and in the Service name selection box in the Rules menu. Quality of Service (QoS) Priorities This setting determines the priority of a service, - Netgear FVS124G | FVS124G Reference Manual - Page 95
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The QoS priority definition for a service determines the queue that is used for its traffic passing through the FVS124G VPN Firewall as follows: Table 6-2. Traffic queue to be used for a service Netgear QoS - Netgear FVS124G | FVS124G Reference Manual - Page 96
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Managing Groups and Hosts The Network Database is an automatically-maintained list of all known PCs and network devices. PCs and devices become known by the following methods: • DHCP Client Requests-By default, - Netgear FVS124G | FVS124G Reference Manual - Page 97
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-13: Groups and Hosts screens Firewall Protection and Content Filtering 202-10085-01, March 2005 6-21 - Netgear FVS124G | FVS124G Reference Manual - Page 98
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-3. Groups and hosts Item Known PCs and Devices Operations Description This table lists all current entries in the Network Database. For each PC or - Netgear FVS124G | FVS124G Reference Manual - Page 99
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-14: Schedule menu To invoke rules and block keywords or Internet domains based on a schedule, select Every Day or select one or more days. - Netgear FVS124G | FVS124G Reference Manual - Page 100
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Time Zone The FVS124G VPN Firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. In order - Netgear FVS124G | FVS124G Reference Manual - Page 101
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The Block Sites menu is shown in Figure 6-15: Figure 6-15: Block Sites menu Firewall Protection and Content Filtering 202-10085-01, March 2005 6-25 - Netgear FVS124G | FVS124G Reference Manual - Page 102
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-4. Block Sites Item Description Web Component Blocking Select Proxy, Java, ActiveX and Cookies keyword filtering will be bypassed. Example: Enter www.netgear.com to bypass URL keyword filtering for this domain. - Netgear FVS124G | FVS124G Reference Manual - Page 103
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Source MAC Filtering Source MAC Filter will drop the Internet-bound traffic received from the PCs with the specified MAC address. • By default, the source MAC address filter is disabled. All the traffic received - Netgear FVS124G | FVS124G Reference Manual - Page 104
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-5. Item Activation Add Disable Source MAC address filter Description • Enable the source MAC filter by ticking the check box. • Press APPLY. • Now add the MAC Addresses from which the traffic should be - Netgear FVS124G | FVS124G Reference Manual - Page 105
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • After a PC has finished using a Port Triggering application, there is a Time-out period before the application can be used by another PC. This is required because this Router cannot be sure when the application - Netgear FVS124G | FVS124G Reference Manual - Page 106
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-6. Port Triggering Item Description Port Triggering Rules Your router will log security-related events such as denied incoming service requests, hacker probes, and administrator logins, according - Netgear FVS124G | FVS124G Reference Manual - Page 107
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-18: Logs and E-mail screens Click on View Log button to view various log messages generated by the Router. • In view log window To delete all log entries: Click Clear Log. • To see the most recent - Netgear FVS124G | FVS124G Reference Manual - Page 108
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Items to include in the log: • Use these checkboxes to determine which events are included in the log. Selecting all events will increase the size - Netgear FVS124G | FVS124G Reference Manual - Page 109
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • In the Log Threshold Time box, set the logs Threshold time. • In the Alert Queue Length box, set the alerts queue length. Click Apply to have your changes take effect. Syslog You can configure the firewall to - Netgear FVS124G | FVS124G Reference Manual - Page 110
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-19: Firewall Logs menu Table 6-7. Log entry descriptions Field Date and Time Description or Action Source IP Description The date and time the log entry was recorded. The type of event and what - Netgear FVS124G | FVS124G Reference Manual - Page 111
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-7. Log entry descriptions Field Description Source port and interface The service port number of the initiating device, and whether it originated from the LAN or WAN Destination The name or IP address - Netgear FVS124G | FVS124G Reference Manual - Page 112
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-36 Firewall Protection and Content Filtering 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 113
IP addressing requirements for VPNs in dual WAN port systems Configuration and WAN IP address Rollover Mode* Load Balancing Mode VPN Road Warrior (client-to-gateway) Fixed Dynamic VPN Gateway-to-Gateway Fixed Dynamic VPN Telecommuter Fixed (client-to-gateway through Dynamic a NAT router - Netgear FVS124G | FVS124G Reference Manual - Page 114
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 7-1 shows the setup screens for the selected WAN mode. This setup is accomplished in "Step 4: Configure the WAN Mode (Required for Dual WAN)" on page 4-15. Rollover Mode Setup Screen Load Balancing Mode Setup - Netgear FVS124G | FVS124G Reference Manual - Page 115
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports See "Step 5: Configure Dynamic DNS (If Needed)" on page 4-20 for how to select and configure the Dynamic DNS service. FVS124G Functional Block Diagram FVS124G Firewall Rest of FVS124G Functions FVS124G WAN Port - Netgear FVS124G | FVS124G Reference Manual - Page 116
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports FVS124G Functional Block Diagram FVS124G Firewall Rest of FVS124G Functions FVS124G WAN Port Functions Load Balancing Control Dynamic DNS screens WAN 1 Port WAN 2 Port Internet FQDN required (dynamic IP addresses - Netgear FVS124G | FVS124G Reference Manual - Page 117
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Creating a VPN Connection: Between FVX538 and FVS124G This section describes how to configure a VPN connection between a NETGEAR FVX538 VPN Firewall and a NETGEAR FVS124G VPN Firewall. Using each firewall's VPN - Netgear FVS124G | FVS124G Reference Manual - Page 118
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 5. Click Next. 6. Enter the WAN IP address of the remote FVS124G. 7. Click WAN1 to bind this connection to the WAN1 port. Figure 7-5: WAN IP address of remote FVS124G 8. Click Next. 9. Enter the LAN IP address and - Netgear FVS124G | FVS124G Reference Manual - Page 119
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 11. Click Done to create the 'to_fvs' IKE and VPN policies. In the IKE Policies menu, the 'to_fvs' IKE policy will appear in the table. Figure 7-7: IKE Policies 12. You can view the IKE parameters - Netgear FVS124G | FVS124G Reference Manual - Page 120
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 13. In the VPN Policies menu, the 'to_fvs' VPN policy will appear in the table. Figure 7-9: FVX538 VPN Policies screen 7-8 Virtual Private Networking 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 121
ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 14. You can view the VPN parameters by selecting 'to_fvs' and clicking Edit. It should not be necessary to make any changes. Figure 7-10: FVX538-to-FVS124G VPN screen Configuring the FVS124G 1. Select the VPN Wizard 2. Give the client - Netgear FVS124G | FVS124G Reference Manual - Page 122
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 4. Select 'a remote VPN gateway'. Figure 7-11: VPN Wizard start page 5. Click Next. 6. Enter the WAN IP address of the remote FVX538. Figure 7-12: WAN IP address of remote FVX538 7. Click Next. 7-10 202-10085-01 - Netgear FVS124G | FVS124G Reference Manual - Page 123
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 8. Enter the LAN IP address and subnet mask of the remote FVX538. Figure 7-13: LAN IP address and subnet mask of remote FVX538 9. Click Next. 10. Click Done to create the 'to_fvx' IKE and VPN policies. Testing - Netgear FVS124G | FVS124G Reference Manual - Page 124
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This procedure was developed and tested using: • Netgear FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports with version 1.0 firmware • Netgear VPN Client version 10.3.5 (Build 6) • NAT router: Netgear - Netgear FVS124G | FVS124G Reference Manual - Page 125
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2. In the upper left of the Policy Editor window, click the New Document icon to open a New Connection. Figure 7-15: New Client Connection screen Virtual Private Networking 202-10085-01, March 2005 7-13 - Netgear FVS124G | FVS124G Reference Manual - Page 126
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 3. Give the New Connection a name, such as to_FVS. Figure 7-16: New connection named 4. In the Remote Party Identity section, select ID Type of IP Subnet. 5. Enter the LAN IP Subnet Address and Subnet Mask of the FVS124G - Netgear FVS124G | FVS124G Reference Manual - Page 127
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 8. For Domain Name, enter 'fvs_local.com' and enter the WAN IP Address of the FVS124G. Figure 7-17: Remote client user. Note: X may not be zero! In this example, we have entered home11.fvs_remote.com. Up to fifty user - Netgear FVS124G | FVS124G Reference Manual - Page 128
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 12. Leave Virtual Adapter disabled, and select your computer's Network Adapter. Your current IP address will appear. Figure 7-18: My Identity screen 13. Before leaving the My Identity menu, click the Pre-Shared - Netgear FVS124G | FVS124G Reference Manual - Page 129
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 14. Click Enter Key, type your preshared key, and click OK. This key will be shared by all users of the FVS124G policy "home". Figure 7-19: Pre-shared key 15. In the left frame, click on Security Policy. Virtual - Netgear FVS124G | FVS124G Reference Manual - Page 130
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 16. Select Phase 1 Negotiation Mode = Aggressive Mode. PFS should be disabled, and Replay Detection should be enabled. Figure 7-20: Client Security Policy screen 7-18 202-10085-01, March 2005 Virtual Private - Netgear FVS124G | FVS124G Reference Manual - Page 131
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 17. In the left frame, expand Authentication and select Proposal 1. Compare with the figure below. No changes should be necessary. Figure 7-21: Client Authorization screen Virtual Private Networking 202-10085-01 - Netgear FVS124G | FVS124G Reference Manual - Page 132
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 18. In the left frame, expand Key Exchange and select Proposal 1. Compare with the figure below. No changes should be necessary. Figure 7-22: Client Key Exchange screen 19. In the upper left of the window, click - Netgear FVS124G | FVS124G Reference Manual - Page 133
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 21. For additional status and troubleshooting information, right-click on the VPN client icon in your Windows toolbar and select "Connection Monitor" or "Log Viewer", or view the VPN log and status menu in the FVS124G - Netgear FVS124G | FVS124G Reference Manual - Page 134
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 7-22 202-10085-01, March 2005 Virtual Private Networking - Netgear FVS124G | FVS124G Reference Manual - Page 135
8 Router and Network Management This chapter describes how to use the network management features of your FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The FVS124G - Netgear FVS124G | FVS124G Reference Manual - Page 136
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Firewall Features That Reduce Traffic Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows: • Service blocking • Block sites • Source MAC filtering Service Blocking - Netgear FVS124G | FVS124G Reference Manual - Page 137
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports - Address range: The rule is applied to a range of Internet IP addresses. • Services-You can specify the desired Services or applications to be covered by this rule. If the desired service or application does not - Netgear FVS124G | FVS124G Reference Manual - Page 138
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports See "Using a Schedule to Block or Allow Specific Traffic" on page 6-22 for the procedure on how to use this feature. Block Sites If you want to reduce traffic by preventing access to - Netgear FVS124G | FVS124G Reference Manual - Page 139
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use - Netgear FVS124G | FVS124G Reference Manual - Page 140
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • WAN Users-These settings determine which Internet locations are covered by the rule, based on their IP address. - Any: The rule applies to all Internet IP address. - Single address: The rule applies to a single - Netgear FVS124G | FVS124G Reference Manual - Page 141
is impacted by its QoS setting, however. See "Quality of Service (QoS) Priorities" on page 6-18 for the procedure on how to use this feature. Tools for Traffic Management The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports includes several tools that can be used to monitor the - Netgear FVS124G | FVS124G Reference Manual - Page 142
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Administrator and Guest Access Authorization You can change the administrator and guest passwords, administrator login timeout, and enable remote management. Administrator access is read/write and guest access is - Netgear FVS124G | FVS124G Reference Manual - Page 143
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your FVS124G VPN Firewall. You must be logged in - Netgear FVS124G | FVS124G Reference Manual - Page 144
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports a. To allow access from any IP address on the Internet, select Everyone. b. To allow access from a range of IP addresses on the Internet, select IP address range. Enter a beginning and ending IP address to define - Netgear FVS124G | FVS124G Reference Manual - Page 145
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports You can access the command line interface (CLI) either by using telnet or by connecting a terminal to the console port on the front of the unit. To access the CLI from a communications terminal when the FVS124G VPN Firewall - Netgear FVS124G | FVS124G Reference Manual - Page 146
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Each WAN port is programmed separately. WAN port shuts down once the traffic limit is reached. An email alert can be sent when this shutdown happens. Figure 8-3: Traffic Limit Reached alert Login Failures and - Netgear FVS124G | FVS124G Reference Manual - Page 147
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Select the types of alerts to email. Enable email alerts. Figure 8-4: Logs and email screen Accumulate 64 messages before sending a log email. Wait 24 hours - Netgear FVS124G | FVS124G Reference Manual - Page 148
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Monitoring You can view status information about the firewall, WAN ports, LAN ports, and VPN tunnels and program SNMP connections. Viewing VPN Firewall Status and Time Information Firewall Status The Router Status - Netgear FVS124G | FVS124G Reference Manual - Page 149
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports FVS124G Figure 8-5: Router Status screen Router and Network Management 202-10085-01, March 2005 8-15 - Netgear FVS124G | FVS124G Reference Manual - Page 150
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Router Status Item Description System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will - Netgear FVS124G | FVS124G Reference Manual - Page 151
the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Automatic adjustment enable for daylight savings time Current date and time Figure 8-6: Time information on the Schedule screen If supported for your region, you can check Automatically adjust for Daylight Savings Time. Router and - Netgear FVS124G | FVS124G Reference Manual - Page 152
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Current date and time Item Use Default NTP Servers (Network Time Protocol) Use Custom NTP Servers Description If enabled, the system clock is updated regularly by contacting a Default Netgear NTP - Netgear FVS124G | FVS124G Reference Manual - Page 153
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dynamic DNS Status Invoke the Dynamic DNS Status screen from Dynamic DNS screen by clicking Show Status to see the current DDNS Status in a sub-window. Figure 8-8: Dynamic DNS Status screen Internet Traffic - Netgear FVS124G | FVS124G Reference Manual - Page 154
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-9: Internet Traffic information LAN Ports and Attached Devices Known PCs and Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. - Netgear FVS124G | FVS124G Reference Manual - Page 155
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-10: Network Database screen The Network Database is an automatically-maintained list of all known PCs and network devices. PCs and devices become known by the following methods: • DHCP Client Requests-By default - Netgear FVS124G | FVS124G Reference Manual - Page 156
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: If the firewall is rebooted, the table data is lost until the firewall rediscovers the devices. To force the firewall to look for attached devices, click the Refresh button. DHCP Log You can view the DHCP - Netgear FVS124G | FVS124G Reference Manual - Page 157
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Port Triggering Status data Item Rule LAN IP Address Open Ports Time Remaining Description The name of the Rule. The IP address of the PC currently using this rule. The Incoming ports which are - Netgear FVS124G | FVS124G Reference Manual - Page 158
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Select the types of logs to email. Enable emailing of logs. Figure 8-13: Logs and email screen Enable system logs. Accumulate 64 messages before sending a - Netgear FVS124G | FVS124G Reference Manual - Page 159
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Invoke the Firewall Log screen from Logs and Email screen. Figure 8-14: Firewall Log screen (invoked from Logs and Email screen) Router and Network Management 202-10085-01, March 2005 8-25 - Netgear FVS124G | FVS124G Reference Manual - Page 160
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Tunnels You can view the status of the VPN tunnels. Figure 8-15: VPN Status/Log and IPSec Connection Status screens Table 8-1. Item Policy Name Endpoint Tx (KBytes) VPN Status data Description The name of the VPN - Netgear FVS124G | FVS124G Reference Manual - Page 161
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Item State Action VPN Status IP address, perform a DNS lookup, display the routing table, reboot the firewall, and capture packets. Note: For normal operation, diagnostics are not required. Router - Netgear FVS124G | FVS124G Reference Manual - Page 162
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-17: Diagnostics screen Table 8-1. Diagnostics Item Description Ping or Trace an IP address Perform a DNS Lookup Display the Routing Table Ping-Use this to send a ping packet request to the specified IP - Netgear FVS124G | FVS124G Reference Manual - Page 163
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Diagnostics Item Reboot the Router Packet Trace Description Use this button to perform a remote reboot (restart). You can use this if the Router seems to have become unstable or is not operating - Netgear FVS124G | FVS124G Reference Manual - Page 164
used to upload new firmware into the FVS124G VPN Firewall must support HTTP uploads. NETGEAR recommends using Microsoft Internet Explorer or Netscape Navigator 3.0 or above. From the Main Menu of the browser interface, under the Management heading, select the Router Upgrade heading to display the - Netgear FVS124G | FVS124G Reference Manual - Page 165
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Be careful how you use this! Figure 8-19: Router Upgrade menu To upload new firmware: 1. Download and unzip the new software file from NETGEAR. 2. In the Router Upgrade menu, click the Browse button and browse - Netgear FVS124G | FVS124G Reference Manual - Page 166
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • To restore the factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the front panel of the firewall (see "The Router's Front Panel" on - Netgear FVS124G | FVS124G Reference Manual - Page 167
gives information about troubleshooting your FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. After each problem description, instructions are provided to help you diagnose and solve the problem. Basic Functioning After you turn on power to the firewall, the following sequence - Netgear FVS124G | FVS124G Reference Manual - Page 168
to factory defaults. This will set the firewall's IP address to 192.168.1.1. This procedure is explained in "Restoring the Default Configuration and Password" on page 9-7. If the error persists, you might have a hardware problem and should contact technical support. LAN or Internet Port LEDs - Netgear FVS124G | FVS124G Reference Manual - Page 169
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Troubleshooting the Web Configuration Interface If you are unable to access the firewall's Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between - Netgear FVS124G | FVS124G Reference Manual - Page 170
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Troubleshooting the ISP Connection If your firewall is unable to access the Internet, you should first determine whether the firewall is able to obtain a WAN IP address from the ISP. Unless you have been assigned - Netgear FVS124G | FVS124G Reference Manual - Page 171
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports OR Configure your firewall to spoof your PC's MAC address. This can be done in the Basic Settings menu. Refer to "Manually Configuring Your Internet Connection" on page 4-12. If your firewall can obtain an IP address - Netgear FVS124G | FVS124G Reference Manual - Page 172
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports If the path is not working, you see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: • Wrong physical connections - Make sure the LAN port LED - Netgear FVS124G | FVS124G Reference Manual - Page 173
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports - Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs - Netgear FVS124G | FVS124G Reference Manual - Page 174
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Time is off by one hour. Cause: The firewall does not automatically sense Daylight Savings Time. In the E-Mail menu, check or uncheck the box marked "Adjust for Daylight Savings Time". 9-8 Troubleshooting 202 - Netgear FVS124G | FVS124G Reference Manual - Page 175
This appendix provides technical specifications for the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter Voltage and amperage - Netgear FVS124G | FVS124G Reference Manual - Page 176
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Interface Specifications LAN: WAN: 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx A-2 Technical Specifications 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 177
such as a cable or DSL modem. In order to make the best use of the slower WAN link, a mechanism must be in place for selecting and transmitting only the data traffic meant for the Internet. The function of selecting and forwarding this data is performed by a router. Network, Routing, Firewall, and - Netgear FVS124G | FVS124G Reference Manual - Page 178
and scale, number of routing protocols supported, and types of physical WAN connection they support. The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports is a small office router that routes the IP protocol over a single-user broadband connection. Routing Information Protocol - Netgear FVS124G | FVS124G Reference Manual - Page 179
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 195.34.12.7 The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the - Netgear FVS124G | FVS124G Reference Manual - Page 180
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node. They are in this range: 192.0.1.x to 223. - Netgear FVS124G | FVS124G Reference Manual - Page 181
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash (/), as - Netgear FVS124G | FVS124G Reference Manual - Page 182
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits - Netgear FVS124G | FVS124G Reference Manual - Page 183
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 9-2. Netmask Formats 255.255.255.0 /24 255.255.255.128 /25 255.255.255.192 /26 255.255.255.224 /27 255.255.255.240 /28 255.255.255.248 /29 255.255.255.252 /30 - Netgear FVS124G | FVS124G Reference Manual - Page 184
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is - Netgear FVS124G | FVS124G Reference Manual - Page 185
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out - Netgear FVS124G | FVS124G Reference Manual - Page 186
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Domain Name Server Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name - Netgear FVS124G | FVS124G Reference Manual - Page 187
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for - Netgear FVS124G | FVS124G Reference Manual - Page 188
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports . Table B-1. UTP Ethernet cable wiring, straight-through Pin Wire color Signal 1 Orange/White Transmit (Tx) + 2 Orange Transmit (Tx) - 3 Green/White Receive (Rx) + 4 Blue 5 Blue/White 6 Green - Netgear FVS124G | FVS124G Reference Manual - Page 189
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually - Netgear FVS124G | FVS124G Reference Manual - Page 190
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure B-3: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat "silver satin" telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing - Netgear FVS124G | FVS124G Reference Manual - Page 191
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The FVS124G VPN Firewall incorporates Auto UplinkTM technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal - Netgear FVS124G | FVS124G Reference Manual - Page 192
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports B-16 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 - Netgear FVS124G | FVS124G Reference Manual - Page 193
Internet through the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if - Netgear FVS124G | FVS124G Reference Manual - Page 194
the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default - Netgear FVS124G | FVS124G Reference Manual - Page 195
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the - Netgear FVS124G | FVS124G Reference Manual - Page 196
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports If you need Client for Microsoft Networks: a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for different Windows systems when using DHCP to configure TCP/IP. The following - Netgear FVS124G | FVS124G Reference Manual - Page 197
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The - Netgear FVS124G | FVS124G Reference Manual - Page 198
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This - Netgear FVS124G | FVS124G Reference Manual - Page 199
ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter. The window is updated - Netgear FVS124G | FVS124G Reference Manual - Page 200
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Enabling DHCP to Automatically Configure TCP/IP Settings You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk - Netgear FVS124G | FVS124G Reference Manual - Page 201
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window - Netgear FVS124G | FVS124G Reference Manual - Page 202
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP - Netgear FVS124G | FVS124G Reference Manual - Page 203
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Click on the My Network Places icon on the Windows desktop. This will bring up a window used by this connection:" • Client for Microsoft Networks and • Internet Protocol (TCP/IP) • Click OK. Preparing Your Network 202-10085 - Netgear FVS124G | FVS124G Reference Manual - Page 204
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. • Obtain DNS server address - Netgear FVS124G | FVS124G Reference Manual - Page 205
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows - Netgear FVS124G | FVS124G Reference Manual - Page 206
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. C-14 202-10085-01, March 2005 Preparing Your Network - Netgear FVS124G | FVS124G Reference Manual - Page 207
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows - Netgear FVS124G | FVS124G Reference Manual - Page 208
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • The default gateway is 192.168.1.1 4. Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP leave the DHCP Client ID box empty. 4. Close the TCP/IP Control Panel. 5. - Netgear FVS124G | FVS124G Reference Manual - Page 209
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2. If not already selected, select Built-in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab. 4. Click Save. Verifying TCP/IP Properties for Macintosh Computers After - Netgear FVS124G | FVS124G Reference Manual - Page 210
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem - Netgear FVS124G | FVS124G Reference Manual - Page 211
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • An IP address and subnet mask • A gateway IP address, which is the address of the ISP's router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account's full - Netgear FVS124G | FVS124G Reference Manual - Page 212
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports If an IP address appears under Installed Gateways, write down the address. This is the ISP's gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration - Netgear FVS124G | FVS124G Reference Manual - Page 213
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Restarting the Network Once you've set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the FVS124G VPN - Netgear FVS124G | FVS124G Reference Manual - Page 214
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports C-22 202-10085-01, March 2005 Preparing Your Network - Netgear FVS124G | FVS124G Reference Manual - Page 215
of IP network, including the Internet, Frame Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive. VPNs are traditionally used for: • Intranets: Intranets connect an organization's locations. These locations range from the headquarters offices, to branch offices, to a remote - Netgear FVS124G | FVS124G Reference Manual - Page 216
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization's modem pool is one method of access for remote workers, - Netgear FVS124G | FVS124G Reference Manual - Page 217
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Encapsulating the intended receiver. ESP also provides all encryption services in IPSec. Encryption translates a readable message into for the payload and not for the IP header. Figure 9-4: Original packet and - Netgear FVS124G | FVS124G Reference Manual - Page 218
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The ESP header is inserted into the packet between the IP header and any enterprise can set up multiple SAs to enable multiple secure VPNs, as well as define SAs within the VPN to support different departments and - Netgear FVS124G | FVS124G Reference Manual - Page 219
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Mode SAs operate using modes. A the packet that is processed with IPSec. A new IP header is created that contains the two IPSec gateway addresses. The gateways perform the encapsulation/decapsulation on behalf of - Netgear FVS124G | FVS124G Reference Manual - Page 220
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sender and - Netgear FVS124G | FVS124G Reference Manual - Page 221
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of - Netgear FVS124G | FVS124G Reference Manual - Page 222
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct. Table 9-1. WAN (Internet/Public) and LAN (Internal/Private) Addressing - Netgear FVS124G | FVS124G Reference Manual - Page 223
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Gateway A VPN Tunnel VPN Gateway B Figure 9-8: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This - Netgear FVS124G | FVS124G Reference Manual - Page 224
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2. IKE Phase I. a. The two SA keys are created and exchanged, the IPSec SAs are ready to protect user data between the two VPN gateways. 4. Data transfer. Data is transferred between IPSec peers based on the - Netgear FVS124G | FVS124G Reference Manual - Page 225
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying • SA lifetime of 28800 - Netgear FVS124G | FVS124G Reference Manual - Page 226
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988 - Netgear FVS124G | FVS124G Reference Manual - Page 227
and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1x uses a protocol called EAP (Extensible Authentication Protocol) and supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and - Netgear FVS124G | FVS124G Reference Manual - Page 228
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports A Access Control List (ACL) An ACL is a database that an Operating System uses to track each user's access rights to system objects (such as file directories and/or files). Ad-hoc Mode An 802.11 networking - Netgear FVS124G | FVS124G Reference Manual - Page 229
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Broadcast A packet sent to all devices on a network. C Class of Service A term to describe treating different types of traffic with different levels of service priority. Higher priority traffic gets faster - Netgear FVS124G | FVS124G Reference Manual - Page 230
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105. - Netgear FVS124G | FVS124G Reference Manual - Page 231
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Ethernet A LAN specification developed jointly by Xerox, Intel and Digital Equipment Corporation. Ethernet networks transmit packets at a rate of 10 Mbps. G Gateway A local device, usually a router, that connects - Netgear FVS124G | FVS124G Reference Manual - Page 232
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Internet Protocol The method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it - Netgear FVS124G | FVS124G Reference Manual - Page 233
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Local Area Network A communications network serving users within a limited area, such as one floor of a building. A LAN typically connects multiple personal computers and shared network devices such as storage and - Netgear FVS124G | FVS124G Reference Manual - Page 234
Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports P packet A block of information sent over a network. A packet typically contains a source and destination network address IP to connect directly to the Internet. PPPoA PPPoA. PPP over ATM is a protocol for connecting remote - Netgear FVS124G | FVS124G Reference Manual - Page 235
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Q QoS See "Quality of Service" Quality of Service QoS is a networking term that specifies a guaranteed level of throughput. Throughput is the amount of data transferred from one device to another or processed in - Netgear FVS124G | FVS124G Reference Manual - Page 236
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Subnet Mask Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router. T TCP/IP The main internetworking - Netgear FVS124G | FVS124G Reference Manual - Page 237
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Wide Windows Internet Naming Service WINS. Windows Internet Naming Service is a server process for resolving Windows-based computer names to IP addresses. If a remote network contains a WINS server, your Windows - Netgear FVS124G | FVS124G Reference Manual - Page 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports -12 Glossary 202-10085-01, March 2005
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
 |
 |
202-10085-01, March 2005
202-10085-01
March 2005
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Reference Manual for the
ProSafe VPN Firewall 25
with 4 Gigabit LAN and
Dual WAN Ports FVS124G