Home » Netgear Manuals » Bridges & Routers » Netgear FVS124G » Manual Viewer

Netgear FVS124G FVS124G Reference Manual - Page 87

Inbound Rule Example: Exposed Host, <IP_address&gt

UPC - 606449040531

Add to My Manuals
Save this manual to your list of manuals

Page 87 highlights

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports To test the connection from a PC on the Internet, type http://, where is the public IP address you have mapped to your web server. You should see the home page of your web server. Inbound Rule Example: Exposed Host Specifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet for services that you haven't defined. To expose one of the PCs on your LAN as this host, do the following (see Figure 6-7): 1. Create an inbound rule that allows all protocols. 2. Place the rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet. If compromised, the computer can be used to attack your network. 1. Select All protocols and ALLOW Always (or Allow by Schedule) 2. Place rule below all other inbound rules Figure 6-7: Rule example: exposed host Firewall Protection and Content Filtering 202-10085-01, March 2005 6-11

Section	Page
Chapter 1 About This Manual	15
Audience, Scope, Conventions, and Formats	15
How to Use This Manual	16
How to Print this Manual	17
Chapter 2 Introduction	19
Key Features of the VPN Firewall	19
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	20
A Powerful, True Firewall with Content Filtering	20
Security	21
Autosensing Ethernet Connections with Auto Uplink	21
Extensive Protocol Support	22
Easy Installation and Management	22
Maintenance and Support	23
Package Contents	23
The Router’s Front Panel	24
The Router’s Rear Panel	25
The Router’s IP Address, Login Name, and Password	26
Logging into the Router	27
Default Factory Settings	28
NETGEAR Related Products	29
Chapter 3 Network Planning	31
Overview of the Planning Process	31
Inbound Traffic	31
Virtual Private Networks (VPNs)	31
The Rollover Case for Firewalls With Dual WAN Ports	32
The Load Balancing Case for Firewalls With Dual WAN Ports	32
Inbound Traffic	33
Inbound Traffic to Single WAN Port (Reference Case)	33
Inbound Traffic to Dual WAN Port Systems	33
Inbound Traffic: Dual WAN Ports for Improved Reliability	34
Inbound Traffic: Dual WAN Ports for Load Balancing	34
Virtual Private Networks (VPNs)	35
VPN Road Warrior (Client-to-Gateway)	36
VPN Road Warrior: Single Gateway WAN Port (Reference Case)	36
VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability	37
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing	38
VPN Gateway-to-Gateway	39
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)	39
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability	40
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing	41
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	42
VPN Telecommuter: Single Gateway WAN Port (Reference Case)	42
VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability	43
VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing	44
Chapter 4 Connecting the FVS124G to the Internet	45
What You Will Need to Do Before You Begin	45
Cabling and Computer Hardware Requirements	47
Computer Network Configuration Requirements	47
Internet Configuration Requirements	48
Where Do I Get the Internet Configuration Parameters?	48
Record Your Internet Connection Information	49
Connecting the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports	50
Step 1: Physically Connect the VPN Firewall to Your Network (Required)	51
Step 2: Log in to the VPN Firewall (Required)	51
Step 3: Configure the Internet Connections to Your ISPs (Required)	52
Manually Configuring Your Internet Connection	56
Programming the Traffic Meter (if Desired)	57
Step 4: Configure the WAN Mode (Required for Dual WAN)	59
Rollover Setup	60
Load Balancing (and Protocol Binding) Setup	61
Step 5: Configure Dynamic DNS (If Needed)	64
Step 6: Configure the WAN Options (If Needed)	67
Chapter 5 LAN Configuration	69
Using the LAN IP Setup Options	69
Configuring LAN TCP/IP Setup Parameters	70
Using the Firewall as a DHCP server	72
Using Address Reservation	73
Multi Home LAN IPs	74
Configuring Static Routes	74
Chapter 6 Firewall Protection and Content Filtering	77
Firewall Protection and Content Filtering Overview	77
Using Rules to Block or Allow Specific Kinds of Traffic	77
Services-Based Rules	80
Inbound Rules (Port Forwarding)	81
Outbound Rules (Service Blocking)	88
Customized Services	92
Quality of Service (QoS) Priorities	94
Managing Groups and Hosts	96
Using a Schedule to Block or Allow Specific Traffic	98
Time Zone	100
Block Sites	100
Source MAC Filtering	103
Port Triggering	104
Getting E-Mail Notifications of Event Logs and Alerts	106
Syslog	109
Viewing Logs of Web Access or Attempted Web Access	109
Administrator Information	111
Chapter 7 Virtual Private Networking	113
Dual WAN Port Systems	113
Rollover vs. Load Balancing Mode	113
Fully Qualified Domain Names	114
Creating a VPN Connection: Between FVX538 and FVS124G	117
Configuring the FVX538	117
Configuring the FVS124G	121
Testing the Connection	123
Creating a VPN Connection: Netgear VPN Client to FVS124G	123
Configuring the FVS124G	124
Configuring the VPN Client	124
Testing the Connection	132
Chapter 8 Router and Network Management	135
Performance Management	135
Bandwidth Capacity	135
VPN Firewall Features That Reduce Traffic	136
Service Blocking	136
Block Sites	138
Source MAC Filtering	138
VPN Firewall Features That Increase Traffic	138
Port Forwarding	139
Port Triggering	140
VPN Tunnels	141
Using QoS to Shift the Traffic Mix	141
Tools for Traffic Management	141
Administrator and Guest Access Authorization	142
Changing the Passwords and Login Timeout	142
Enabling Remote Management Access	143
Command Line Interface	144
Event Alerts	145
WAN Port Rollover	145
Traffic Limits Reached	145
Login Failures and Attacks	146
Monitoring	148
Viewing VPN Firewall Status and Time Information	148
Firewall Status	148
Time Information	150
WAN Ports	152
WAN Port Connection Status	152
Dynamic DNS Status	153
Internet Traffic Information	153
LAN Ports and Attached Devices	154
Known PCs and Devices	154
DHCP Log	156
Port Triggering Status	156
Firewall	157
VPN Tunnels	160
SNMP	161
Diagnostics	161
Configuration File Management	163
Restoring and Backing Up the Configuration	164
Upgrading the Firewall Software	164
Erasing the Configuration (Factory Defaults Reset)	165
Chapter 9 Troubleshooting	167
Basic Functioning	167
Power LED Not On	167
LEDs Never Turn Off	168
LAN or Internet Port LEDs Not On	168
Troubleshooting the Web Configuration Interface	169
Troubleshooting the ISP Connection	170
Troubleshooting a TCP/IP Network Using a Ping Utility	171
Testing the LAN Path to Your Firewall	171
Testing the Path from Your PC to a Remote Device	172
Restoring the Default Configuration and Password	173
Problems with Date and Time	173
Appendix A Technical Specifications	175
Appendix B Network, Routing, Firewall, and Basics	177
Related Publications	177
Basic Router Concepts	177
What is a Router?	178
Routing Information Protocol	178
IP Addresses and the Internet	178
Netmask	180
Subnet Addressing	181
Private IP Addresses	183
Single IP Address Operation Using NAT	184
MAC Addresses and Address Resolution Protocol	185
Related Documents	185
Domain Name Server	186
IP Configuration by DHCP	186
Internet Security and Firewalls	186
What is a Firewall?	187
Stateful Packet Inspection	187
Denial of Service Attack	187
Ethernet Cabling	187
Category 5 Cable Quality	188
Inside Twisted Pair Cables	189
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	190
Appendix C Preparing Your Network	193
Preparing Your Computers for TCP/IP Networking	193
Configuring Windows 95, 98, and Me for TCP/IP Networking	194
Install or Verify Windows Networking Components	194
Enabling DHCP to Automatically Configure TCP/IP Settings	196
Selecting Windows’ Internet Access Method	198
Verifying TCP/IP Properties	198
Configuring Windows NT4, 2000 or XP for IP Networking	199
Install or Verify Windows Networking Components	199
Enabling DHCP to Automatically Configure TCP/IP Settings	200
DHCP Configuration of TCP/IP in Windows XP	200
DHCP Configuration of TCP/IP in Windows 2000	202
DHCP Configuration of TCP/IP in Windows NT4	205
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	207
Configuring the Macintosh for TCP/IP Networking	208
MacOS 8.6 or 9.x	208
MacOS X	208
Verifying TCP/IP Properties for Macintosh Computers	209
Verifying the Readiness of Your Internet Account	210
Are Login Protocols Used?	210
What Is Your Configuration Information?	210
Obtaining ISP Configuration Information for Windows Computers	211
Obtaining ISP Configuration Information for Macintosh Computers	212
Restarting the Network	213
Appendix D Virtual Private Networking	215
What is a VPN?	215
What Is IPSec and How Does It Work?	216
IPSec Security Features	216
IPSec Components	216
Encapsulating Security Payload (ESP)	217
Authentication Header (AH)	218
IKE Security Association	218
Mode	219
Key Management	220
Understand the Process Before You Begin	220
VPN Process Overview	221
Network Interfaces and Addresses	221
Interface Addressing	221
Firewalls	222
Setting Up a VPN Tunnel Between Gateways	222
VPNC IKE Security Parameters	224
VPNC IKE Phase I Parameters	224
VPNC IKE Phase II Parameters	225
Testing and Troubleshooting	225
Additional Reading	225
Glossary	227
List of Glossary Terms	227
Numeric	227
A	228
B	228
C	229
D	229
E	230
G	231
I	231
L	232
M	233
P	234
Q	235
R	235
S	235
T	236
U	236

Match case Limit results 1 per page

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Firewall Protection and Content Filtering

6-11

202-10085-01, March 2005

To test the connection from a PC on the Internet, type

http://

<IP_address>

, where

<IP_address>

is the public IP address you have mapped to your web server. You should see the home page of

your web server.

Inbound Rule Example: Exposed Host

Specifying an exposed host allows you to set up a computer or server that is available to anyone on

the Internet for services that you haven't defined. To expose one of the PCs on your LAN as this

host, do the following (see

Figure 6-7

Create an inbound rule that allows all protocols.

Place the rule below all other inbound rules.

Note:

For security, NETGEAR strongly recommends that you avoid creating an exposed host.

When a computer is designated as the exposed host, it loses much of the protection of the firewall

and is exposed to many exploits from the Internet. If compromised, the computer can be used to

attack your network.

Figure 6-7:

Rule example: exposed host

1. Select All protocols and ALLOW Always (or Allow by Schedule)

2. Place rule below all other inbound rules