Netgear FVS318G FVS318G User Manual

Netgear FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router Manual

Get Netgear FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router PDF manuals and user guides
UPC - 606449064827
View all Netgear FVS318G manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVS318G manual content summary:

  • Netgear FVS318G | FVS318G User Manual - Page 1
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10521-01 v1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 2
    changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe VPN Firewall
  • Netgear FVS318G | FVS318G User Manual - Page 3
    Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number: FVS318G November, 2009 VPN Firewall Router ProSafe VPN Firewall Business English 202-10521-01 1.1 iii 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 4
    iv 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 5
    ...1-7 Default IP Address, Login Name, and Password Location 1-8 Qualified Web Browsers 1-8 Chapter 2 Connecting the FVS318G to the Internet Understanding the Connection Steps 2-1 Logging into the VPN Firewall Router Router 2-2 Navigating the Menus ...2-3 Configuring the Internet Connections
  • Netgear FVS318G | FVS318G User Manual - Page 6
    WAN Inbound Services Rule 4-10 Inbound Rules Examples 4-13 Outbound Rules Example 4-16 Adding Customized Services 4-16 Setting Quality of Service (QoS) Priorities 4-18 Attack Checks ...4-19 Blocking Internet Sites (Content Filtering 4-21 Configuring Source MAC Filtering 4-24 Configuring IP
  • Netgear FVS318G | FVS318G User Manual - Page 7
    18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client for ModeConfig 5-25 Configuring Keepalives and Dead Peer Detection
  • Netgear FVS318G | FVS318G User Manual - Page 8
    7-8 Changing Passwords and Administrator Settings 7-8 Enabling Remote Management Access 7-10 Using the Command Line Interface 7-13 Using an SNMP Manager 7-13 Configuration File Management 7-15 Upgrading the Firmware 7-17 Configuring Date and Time Service 7-18 Chapter 8 Troubleshooting Basic
  • Netgear FVS318G | FVS318G User Manual - Page 9
    Problems with Date and Time 8-8 Using the Diagnostics Utilities 8-9 Appendix A Technical Specifications and Factory Default Settings Appendix B Related Documents Appendix C Two Factor Authentication Why do I need Two-Factor Authentication C-1 What are the benefits of Two-Factor Authentication
  • Netgear FVS318G | FVS318G User Manual - Page 10
    x Contents 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 11
    About This Manual The NETGEAR® FVS318G ProSafe™ Gigabit 8 Port VPN Firewall Reference Manual describes how to install, configure and troubleshoot the ProSafe VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats,
  • Netgear FVS318G | FVS318G User Manual - Page 12
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Danger: This is a safety warning. Failure to take heed of this notice may result in personal injury or death. • Scope. This manual is written for the VPN firewall according to these specifications: Product Version Manual Publication
  • Netgear FVS318G | FVS318G User Manual - Page 13
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual xiii 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 14
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual xiv About This Manual 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 15
    sharing firewalls that rely on Network Address Translation (NAT) for security, the FVS318G uses stateful packet inspection for Denial of Service attack (DoS) protection and intrusion detection. The FVS318G allows Internet access for up to 253 users. The use of Gigabit Ethernet LAN and WAN ports
  • Netgear FVS318G | FVS318G User Manual - Page 16
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources.. • 10/100/1000 Mbps Gigabit Ethernet WAN port for connection to a WAN device, such as a cable modem or DSL
  • Netgear FVS318G | FVS318G User Manual - Page 17
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate
  • Netgear FVS318G | FVS318G User Manual - Page 18
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can install, configure, and operate the ProSafe VPN Firewallwithin minutes after connecting it to the network. The following features simplify installation and management tasks: • Browser-Based
  • Netgear FVS318G | FVS318G User Manual - Page 19
    5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G Installation Guide • Resource CD, including: - Application Notes and other helpful information. - ProSafe VPN Client Software - one user license. • Warranty Information and Technical Support card. If any of the parts
  • Netgear FVS318G | FVS318G User Manual - Page 20
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The function of each LED is described in the following table: Table 1-1. LED Descriptions Object Activity Power On (Green) Off Test On (Amber) Off WAN Port Active (left On (Green) side of port) Off) Speed (right On (Green) side
  • Netgear FVS318G | FVS318G User Manual - Page 21
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Rear Panel Features The rear panel of the ProSafe VPN Firewall includes a cable lock receptacle, and reset factory defaults switch, and a DC power connection. Figure 1-2 Viewed from left to right, the rear panel contains the following
  • Netgear FVS318G | FVS318G User Manual - Page 22
    Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS318G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe VPN Firewall
  • Netgear FVS318G | FVS318G User Manual - Page 23
    the installation guide for complete steps. A PDF of the Installation Guide is on the NETGEAR website at: http:// kbserver.netgear.com. 2. Log in to the VPN Firewall Router. After logging in, you are ready to set up and configure your VPN firewall. You can also change your password and enable remote
  • Netgear FVS318G | FVS318G User Manual - Page 24
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. Configure the WAN options (optional). Optionally, you can enable each WAN port to respond to a ping, and you can change the factory default MTU size and port speed. However, these are advanced features and changing them is not usually
  • Netgear FVS318G | FVS318G User Manual - Page 25
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5. Click Login. The Web Configuration Manager appears, displaying the Router Status menu: Figure 2-2 Navigating the Menus The Web Configuration Manager menus are organized in a layered structure of main categories and submenus:
  • Netgear FVS318G | FVS318G User Manual - Page 26
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Main menu. The horizontal orange bar near the top of the page is the main menu, containing the primary configuration categories. Clicking on a primary category changes the contents of the submenu bar. • Submenu. The horizontal grey bar
  • Netgear FVS318G | FVS318G User Manual - Page 27
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Automatically Detecting and Connecting To automatically configure the WAN port for connection to the Internet: Figure 2-3 1. Select Network Configuration > WAN Settings from the menu. The Broadband ISP Settings tab appears. Connecting
  • Netgear FVS318G | FVS318G User Manual - Page 28
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click Auto Detect at the bottom of the menu. Auto Detect will probe the WAN port for a range of connection methods and suggest one that your ISP appears to support. Figure 2-4 a. If Auto Detect is successful, a status bar at the top
  • Netgear FVS318G | FVS318G User Manual - Page 29
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. To verify the connection, click the Broadband Status option arrow at the top right of the screen. A popup window appears, displaying the connection status of the WAN port. Figure 2-5 The Connection Status window should show a valid IP
  • Netgear FVS318G | FVS318G User Manual - Page 30
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To manually configure your Broadband ISP Settings: 1. Select Network Configuration > WAN Settings > Broadband ISP Settings and enter the following: 2. In the ISP Login options, choose one of these options: Figure 2-6 • If your ISP requires
  • Netgear FVS318G | FVS318G User Manual - Page 31
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 5. If you have installed login software such as WinPoET or Enternet, then your connection type is PPPoE. If your ISP uses PPPoE as a login protocol: Figure 2-8 a. Select Other (PPPoE). b. Configure the following fields: • Account Name.
  • Netgear FVS318G | FVS318G User Manual - Page 32
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Server IP Address. IP address of the PPTP server. 7. Review the Internet (IP) Address options. Figure 2-9 These options are inactive if BigPond Cable is selected. 8. If your ISP has assigned a fixed (static) IP address, select Use Static
  • Netgear FVS318G | FVS318G User Manual - Page 33
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Review the Domain Name Server (DNS) Servers options. Figure 2-10 • If your ISP has not assigned any Domain Name Servers (DNS) addresses, click Get dynamically from ISP. • If your ISP (or your IT department) has assigned DNS addresses,
  • Netgear FVS318G | FVS318G User Manual - Page 34
    PCs on your LAN. This one-to-one inbound mapping is configured using an inbound firewall rule. Classical Routing In classical routing mode, the VPN firewall performs routing, but without NAT. To gain Internet access, each PC on your LAN must have a valid static Internet IP address. If your ISP
  • Netgear FVS318G | FVS318G User Manual - Page 35
    Gigabit 8 Port VPN Firewall FVS318G Reference Manual Configuring Dynamic DNS (Optional) Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS
  • Netgear FVS318G | FVS318G User Manual - Page 36
    the Web site of the DDNS service provider and register for an account (for example, for dyndns.org, go to http://www.dyndns.org). 5. Click the Yes radio button for Change DNS to and configure the active fields: 2-14 Connecting the FVS318G to the Internet 1.1 November
  • Netgear FVS318G | FVS318G User Manual - Page 37
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Enter the account information for the service you have chosen (for example, user name, password, key, or domain). b. If your DDNS provider allows the use of wild cards in resolving your URL, you may select the Use wildcards check box to
  • Netgear FVS318G | FVS318G User Manual - Page 38
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. MTU Size. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs,
  • Netgear FVS318G | FVS318G User Manual - Page 39
    the LAN and DMZ settings. For most applications, the default DHCP and TCP/IP settings of the VPN firewall are satisfactory. See the link to "Preparing a Computer for Network Access" in Appendix B, "Related Documents" for an explanation of DHCP and information about how to assign IP addresses for
  • Netgear FVS318G | FVS318G User Manual - Page 40
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the range you have defined. • Subnet Mask. • Gateway IP Address (the firewall's LAN IP address). • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you entered a WINS server address in the DHCP
  • Netgear FVS318G | FVS318G User Manual - Page 41
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Go to Network Configuration > LAN Settings to display the LAN Setup tab page. Figure 3-1 LAN Configuration 3-3 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 42
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the LAN TCP/IP Setup section, configure the following settings: • IP Address. The LAN address of your VPN firewall (factory default: 192.168.1.1). Note: If you change the LAN IP address of the firewall while connected through the
  • Netgear FVS318G | FVS318G User Manual - Page 43
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Lease Time. This specifies the duration for which IP addresses will be leased to clients. b. Enable LDAP Information. This enables the DHCP server to provide LDAP server information. • Enable DNS Proxy. When DNS proxy is enabled (the
  • Netgear FVS318G | FVS318G User Manual - Page 44
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • No need to use a fixed IP on PCs. Because the address allocated by the DHCP server will never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP address. • MAC level control over PCs. The LAN Groups
  • Netgear FVS318G | FVS318G User Manual - Page 45
    the computer. For DHCP clients of the VPN firewall, this IP address will not change. If a computer is assigned a static IP addresses, you will need to update this entry manually if the IP address on the computer has been changed. • MAC Address. The MAC address of the PC's network interface. • Group
  • Netgear FVS318G | FVS318G User Manual - Page 46
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Adding Devices to the LAN Groups Database To add devices manually to the LAN Groups Database, follow these steps: 1. In the Add Known PCs and Devices section, make the following entries: • Name. Enter the name of the PC or device. • IP
  • Netgear FVS318G | FVS318G User Manual - Page 47
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing Group Names in the LAN Groups Database By default, the LAN Groups are named Group1 through Group8. You can rename these group names to be more descriptive, such as Engineering or Marketing. To edit the names
  • Netgear FVS318G | FVS318G User Manual - Page 48
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To reserve an IP address, manually enter the device in the LAN Groups tab, specifying Reserved (DHCP Client). Note: The reserved address will not be assigned until the next time the PC contacts the VPN firewall's DHCP server. Reboot the PC
  • Netgear FVS318G | FVS318G User Manual - Page 49
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the Add Secondary LAN IP Address section, enter the additional IP address and subnet mask to be assigned to the LAN port of the VPN firewall. 3. Click Add. The new Secondary LAN IP address will appear in the Available Secondary LAN
  • Netgear FVS318G | FVS318G User Manual - Page 50
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click Add. The Add Static Route tab is displayed. Figure 3-6 3. Enter a route name for this static route in the Route Name field (for identification and
  • Netgear FVS318G | FVS318G User Manual - Page 51
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Configuring Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks (LANs). It allows a router to exchange its routing information
  • Netgear FVS318G | FVS318G User Manual - Page 52
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Both. The VPN firewall broadcasts its routing table and also processes RIP information received from other routers. • Out Only. The VPN firewall the most commonly supported version. • RIP-2. Supports subnet information. LAN Configuration
  • Netgear FVS318G | FVS318G User Manual - Page 53
    based on time-of-day, Web addresses and Web address keywords. You can also block Internet access by applications and services, such as chat or games. A firewall is a special category of router that protects one network (the "trusted" network, such as your LAN) from another (the untrusted network
  • Netgear FVS318G | FVS318G User Manual - Page 54
    Examples" on page 4-13 • "Outbound Rules Example" on page 4-16 • "Adding Customized Services" on page 4-16 • "Setting Quality of Service (QoS) Priorities" on page 4-18 Firewall rules are used to block or allow specific traffic passing through from one side to the other. Inbound rules (WAN to LAN
  • Netgear FVS318G | FVS318G User Manual - Page 55
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About Services-Based Rules The rules to block traffic are based on the traffic's category of service. • Outbound Rules (service blocking). Outbound traffic is normally allowed unless the firewall is configured to disallow it. • Inbound
  • Netgear FVS318G | FVS318G User Manual - Page 56
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Outbound Rules (continued) Item Action (Select Schedule) LAN Users WAN Users QoS Priority Log Bandwidth Profile NAT IP Description Select the desired time schedule (Schedule1, Schedule2, or Schedule3) that will be used by
  • Netgear FVS318G | FVS318G User Manual - Page 57
    firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding. Whether or not DHCP is enabled, how the PCs will access the server's LAN address impacts the Inbound Rules. For example: • If your external IP
  • Netgear FVS318G | FVS318G User Manual - Page 58
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Inbound Rules Item Description Service Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see
  • Netgear FVS318G | FVS318G User Manual - Page 59
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Inbound Rules (continued) Item Log Bandwidth Profile Description Specifies whether packets covered by this rule are logged. Select the desired action: • Always - Always log traffic considered by this rule, whether it matches
  • Netgear FVS318G | FVS318G User Manual - Page 60
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Viewing the Rules To view the firewall rules: Select Security > Firewall from the main menu. The LAN WAN Rules tab appears: Figure 4-1 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu
  • Netgear FVS318G | FVS318G User Manual - Page 61
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual and proceeding to the bottom, before applying the default rule. In some cases, the order of precedence of two or more rules may be important in determining the disposition of a packet. For example, you should place the most strict rules at
  • Netgear FVS318G | FVS318G User Manual - Page 62
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Click Add under the Outbound Services Table. The Add LAN WAN Outbound Service screen is displayed.. Figure 4-2 2. Configure the parameters based on the descriptions in Table 4-1 on page 4-3. 3. Click Apply to save your changes and
  • Netgear FVS318G | FVS318G User Manual - Page 63
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 4-3 2. Configure the parameters based on the descriptions in Table 4-2 on page 4-6. 3. Click Apply to save your changes and reset the fields on this screen. The new rule will be listed on the Inbound Services table. Modifying Rules
  • Netgear FVS318G | FVS318G User Manual - Page 64
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Click Down to move the rule down one position in the table rank. Note: Since rules are applied in the order listed (from top to bottom), the order of the rules may make a difference in how traffic is handled. 2. Check the box adjacent to
  • Netgear FVS318G | FVS318G User Manual - Page 65
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address
  • Netgear FVS318G | FVS318G User Manual - Page 66
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 4-5 LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN. One of
  • Netgear FVS318G | FVS318G User Manual - Page 67
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual In the example shown in Figure 4-6, we have configured multi-NAT to support multiple public IP addresses on one WAN interface. The inbound rule instructs the VPN firewall to host an additional public IP address (10.1.0.5) and to associate
  • Netgear FVS318G | FVS318G User Manual - Page 68
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN WAN Inbound Rule: Specifying an Exposed Host Specifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet for services that you have not yet defined. To expose one of the PCs on your
  • Netgear FVS318G | FVS318G User Manual - Page 69
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Although the FVS318G already holds a list of many service port numbers, you are not limited to these choices. Use the Services screen to add additional services and applications to the list for use in defining firewall rules. The Services
  • Netgear FVS318G | FVS318G User Manual - Page 70
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Modifying a Service To edit the parameters of an existing service: 1. In the Custom Services Table, click the Edit button adjacent to the service you want to edit. The Edit Service screen is displayed. 2. Modify the parameters you wish to
  • Netgear FVS318G | FVS318G User Manual - Page 71
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The QoS priority definition for a service determines the queue that is used for the traffic passing through the VPN firewall. A priority is assigned to IP packets using this service. Priorities are defined by the "Type of Service (ToS) in
  • Netgear FVS318G | FVS318G User Manual - Page 72
    as a diagnostic tool for connectivity problems. - Enable Stealth Mode-In stealth mode, the VPN firewall will not respond to port scans from the WAN or Internet, which makes it less susceptible to discovery and attacks. - Block TCP Flood. A SYN flood is a form of denial of service attack in which an
  • Netgear FVS318G | FVS318G User Manual - Page 73
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in NAT mode, all packets going to the Remote VPN Gateway are first filtered through NAT and then encrypted per the VPN policy. If a VPN client or gateway on the LAN side of the VPN firewall wants to
  • Netgear FVS318G | FVS318G User Manual - Page 74
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual - Cookies. Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits. Enabling this option filters out cookies from being
  • Netgear FVS318G | FVS318G User Manual - Page 75
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To enable Content Filtering: 1. Select Security > Block Sites to display he Block Sites screen. Figure 4-10 2. Select Yes to enable Content Filtering. Firewall Protection and Content Filtering 1.1 November, 2009 4-23
  • Netgear FVS318G | FVS318G User Manual - Page 76
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Click Apply to activate the menu controls. 4. Select any Web Components you wish to block and click Apply. 5. Select the groups to which Keyword Blocking will apply, then click Enable to activate Keyword blocking (or disable to
  • Netgear FVS318G | FVS318G User Manual - Page 77
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To enable MAC filtering and add MAC addresses to be blocked: 1. Select Security > Address Filter > Source MAC Filter to display the Source MAC Filter tab page. Figure 4-11 2. Click Yes to enable Source MAC Filtering. 3. Select the action
  • Netgear FVS318G | FVS318G User Manual - Page 78
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Configuring IP/MAC Address Binding Alerts You can configure the FVS318G to drop packets and generate an alert when a device appears to have hijacked or spoofed another device's IP address. An IP address can be bound to a specific MAC
  • Netgear FVS318G | FVS318G User Manual - Page 79
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. To add a manual binding entry, enter the following data in the Add IP/MAC Bindings section: a. Enter a Name for the bound host device. b. Enter the MAC Address and IP Address to be bound. A valid MAC address is six colonseparated pairs
  • Netgear FVS318G | FVS318G User Manual - Page 80
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note these restrictions with Port Triggering: • Only one PC can use a port triggering application at any time. • After a PC has finished using a port triggering application, there is a time-out period before the application can be used by
  • Netgear FVS318G | FVS318G User Manual - Page 81
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. In the Incoming (Response) Port Range fields: a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 7. Click Add. The port triggering rule will be added to the Port Triggering Rules table. To check the
  • Netgear FVS318G | FVS318G User Manual - Page 82
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of these can be selected when defining firewall rules. To invoke rules based on a schedule, follow these steps: 1. Select Security > Schedule to display the
  • Netgear FVS318G | FVS318G User Manual - Page 83
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. To create a new bandwidth profile, click add. The the list. Configuring Session Limits To prevent one user or group from using excessive system resources, you can limit the total number of IP sessions allowed through the FVS318G for an
  • Netgear FVS318G | FVS318G User Manual - Page 84
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Select Security > Firewall > Session Limit to display the Session Limit tab page. Figure 4-17 2. Click Yes to enable Session Limits. 3. In the pull-down menu, select whether you will limit sessions by percentage or by absolute number.
  • Netgear FVS318G | FVS318G User Manual - Page 85
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be configured to log and then e-mail denial of access, general attack information, and other information to a specified e-mail address. For example, your VPN firewall
  • Netgear FVS318G | FVS318G User Manual - Page 86
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4-34 Firewall Protection and Content Filtering 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 87
    IP Addresses to Remote Users (ModeConfig)" on page 5-21 • "Configuring Keepalives and Dead Peer Detection" on page 5-27 • "Configuring NetBIOS Bridging with VPN" on page 5-29 Using the VPN Wizard for Client and Gateway Configurations You use the VPN Wizard to configure multiple gateway or client VPN
  • Netgear FVS318G | FVS318G User Manual - Page 88
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Creating Gateway to Gateway VPN Tunnels with the Wizard Figure 5-1 Follow these steps to set up a gateway VPN tunnel using the VPN Wizard. 1. Select VPN > VPN Wizard to display the VPN Wizard tab page. To view the wizard default settings,
  • Netgear FVS318G | FVS318G User Manual - Page 89
    remote gateway. The Internet name is the Fully Qualified Domain Name (FQDN) as registered in a Dynamic DNS service. Both local and remote endpoints should be defined as either FQDN or IP addresses. A combination of IP address and FQDN is not allowed. Tip: For DHCP WAN configurations, first, set up
  • Netgear FVS318G | FVS318G User Manual - Page 90
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7. Click Apply to save your settings: the VPN Policies page shows the policy is now enabled. Figure 5-3 8. If you are connecting to another NETGEAR VPN firewall, use the VPN Wizard to configure the second VPN firewall to connect to the
  • Netgear FVS318G | FVS318G User Manual - Page 91
    Gigabit 8 Port VPN Firewall FVS318G Reference Manual The tunnel will automatically establish when both the local and target gateway policies are appropriately configured and enabled, Note: When using FQDN, if the dynamic DNS service is slow to update their servers when your DHCP WAN address changes
  • Netgear FVS318G | FVS318G User Manual - Page 92
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . VPN Client connection Connection name Pre-shared key:r3m0+eC1ient Remote identifier Local identifier Figure 5-6 2. Select VPN Client as your VPN tunnel connection. 3. Create a Connection Name like "Client to GW1". This descriptive name
  • Netgear FVS318G | FVS318G User Manual - Page 93
    Port VPN Firewall FVS318G Reference Manual 6. Click Apply to save your settings: the VPN Policies page shows the policy is now enabled. Figure 5-7 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN
  • Netgear FVS318G | FVS318G User Manual - Page 94
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the upper left of the Policy Editor window, click the New Document icon (the first on the left) to open a New Connection. Give the New Connection a name; in this example, we are using gw1. Figure 5-9 Fill in the other options
  • Netgear FVS318G | FVS318G User Manual - Page 95
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the left frame, click My Identity. Fill in the options according to the instructions below. Pre-shared Figure 5-10 • From the Select Certificate pull-down menu, choose None. • Click Pre-Shared Key to enter the key you provided in
  • Netgear FVS318G | FVS318G User Manual - Page 96
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. Verify the Security Policy settings. Figure 5-11 • By default TF1 routers use PFS with Group 2, so we need to click on Security Policy to make this change on the Client software to match the policy on the router. • On the left, expand
  • Netgear FVS318G | FVS318G User Manual - Page 97
    Gigabit 8 Port VPN Firewall FVS318G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS318G provide VPN connection and status information. This information is useful for verifying the status of a connection and troubleshooting problems
  • Netgear FVS318G | FVS318G User Manual - Page 98
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. To view more detailed additional status and troubleshooting information from the NETGEAR VPN client, follow these steps. • Right-click the VPN Client icon in the system tray and select Log Viewer. Figure 5-14 • Right-click the VPN
  • Netgear FVS318G | FVS318G User Manual - Page 99
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The VPN client system tray icon provides a variety of status indications, which are listed below. Table 5-1. System Tray Icon Status The client policy is deactivated. The client policy is activated but not connected. The client policy
  • Netgear FVS318G | FVS318G User Manual - Page 100
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To view FVS318G VPN logs, go to Monitoring > VPNLogs. Figure 5-17 Managing VPN Policies After you use the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name you selected as the
  • Netgear FVS318G | FVS318G User Manual - Page 101
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. If the VPN Policy is a "Manual" policy, then the Manual Policy Parameters defined in the VPN policy are accessed and the first matching IKE policy is used to start negotiations with the remote VPN gateway. • If negotiations fail, the
  • Netgear FVS318G | FVS318G User Manual - Page 102
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • DH. The Diffie-Hellman (DH) group used when exchanging keys. The DH group sets the number of bits. The VPN Wizard default setting is Group 2. (This setting must match the remote VPN.) To gain a more complete understanding of the
  • Netgear FVS318G | FVS318G User Manual - Page 103
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). Indicates whether the policy is enabled (green circle) or disabled (grey circle). To Enable or Disable a Policy, check the box adjacent to the circle and click Enable or Disable, as required. • Name. Each policy is given a
  • Netgear FVS318G | FVS318G User Manual - Page 104
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. If you want authentication by the remote gateway, enter a User Name and Password to be associated with this IKE policy. If this option is chosen, the remote gateway must specify the user name and password used for
  • Netgear FVS318G | FVS318G User Manual - Page 105
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to use this VPN firewall as a VPN concentrator where one or more gateway tunnels terminate. When this option is chosen, you will need to specify the authentication type to be used in verifying credentials of the remote VPN
  • Netgear FVS318G | FVS318G User Manual - Page 106
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click the RADIUS Client tab. The RADIUS Client screen is displayed. Figure 5-19 3. To activate (enable) the Primary RADIUS server, click the Yes radio button. The primary server options become active. 4. Configure the following entries
  • Netgear FVS318G | FVS318G User Manual - Page 107
    users appear as seamless extensions of the network. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - WAN IP address: 172.21.4.1 - LAN IP address
  • Netgear FVS318G | FVS318G User Manual - Page 108
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration parameters such as IP address, subnet mask and name server addresses. The Mode Config module will allocate an
  • Netgear FVS318G | FVS318G User Manual - Page 109
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . Figure 5-21 4. Enter a descriptive Record Name such as "Sales". 5. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN clients. Note: The IP Pool should not be within your local network IP
  • Netgear FVS318G | FVS318G User Manual - Page 110
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 11. Click
  • Netgear FVS318G | FVS318G User Manual - Page 111
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7. Enter a Pre-Shared Key that will also be configured in the VPN client. 8. XAUTH is disabled by default. To enable XAUTH, choose one of the following: • Edge Device to use this VPN firewall as a VPN concentrator where one or more gateway
  • Netgear FVS318G | FVS318G User Manual - Page 112
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. From the ID Type pull-down menu, choose Domain name and enter the FQDN of the VPN firewall; in this example it is "local_id.com". f. Choose Gateway IP Address from the second pull-down menu and enter the WAN IP address of the VPN
  • Netgear FVS318G | FVS318G User Manual - Page 113
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Click on the connection. Within 30 seconds the message "Successfully connected to MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read "On". 3. From the client PC, ping a computer on the VPN firewall
  • Netgear FVS318G | FVS318G User Manual - Page 114
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the General menu frame of the Edit VPN Policy menu, locate the keepalive configuration settings, as shown in Figure 5-22: Figure 5-22 4. Click the Yes radio button to enable keepalive. 5. In the Ping IP Address boxes, enter an IP
  • Netgear FVS318G | FVS318G User Manual - Page 115
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the IKE SA Parameters menu frame of the Edit IKE Policy menu, locate the Dead Peer Detection configuration settings, as shown in Figure 5-23. Figure 5-23 4. Click the Yes radio button to Enable Dead Peer Detection. 5. Enter the
  • Netgear FVS318G | FVS318G User Manual - Page 116
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. In the General menu frame of the Edit VPN Policy menu, click the Enable NetBIOS check box, as shown in Figure 5-24. Figure 5-24 4. Click Apply at the bottom of the menu. 5-30 Virtual Private Networking Using IPsec 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 117
    change settings. The default name and password for the administrator is admin and password. The default name and password for the guest is guest and password.VPN firewall. IPsec VPN clients are only needed if you have enabled Extended Authentication (XAUTH) in your IPsec VPN configuration. Users
  • Netgear FVS318G | FVS318G User Manual - Page 118
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Administrator Login To change the administrator name or password: 1. Select Users. The Users screen will display. 2. Select Edit Admin Settings in the User Selection window. Figure 6-1 3. If you are changing the administrator
  • Netgear FVS318G | FVS318G User Manual - Page 119
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Guest Login To change the guest login name or password:: 1. Select Users. The Users screen will display. 2. Select Edit Guest Settings in the User Selection window. Figure 6-2 3. If you are changing the guest name, enter the
  • Netgear FVS318G | FVS318G User Manual - Page 120
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Setting administrator timeout and domain display name You can set the timeout for the administrator. After a persiod of no activity in the user interface, the admiisrator will automatically be logged out. You can also enter a domain name
  • Netgear FVS318G | FVS318G User Manual - Page 121
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Select Users from the main menu and Local Authentication from the submenu. Figure 6-4 2. Select the Settings you wish to edit by checking either the Edit Admin Settings or Edit Guest Settings radio box. 3. Change the password by first
  • Netgear FVS318G | FVS318G User Manual - Page 122
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note: The password and time-out value you enter will be changed back to password and 5 minutes, respectively, after a factory defaults reset. RADIUS Server External Authentication For authentication to RADIUS or WIKID, you can define the
  • Netgear FVS318G | FVS318G User Manual - Page 123
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual When specifying RADIUS domain authentication, you are presented with several authentication protocol choices, as summarized in the following table: Table 6-1. Authentication Protocol Description PAP CHAP MIAS WiKID Password
  • Netgear FVS318G | FVS318G User Manual - Page 124
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual In the FVS318G, the uploaded digital certificate is checked for validity and also the purpose of the certificate is verified. Upon passing the validity test and the purpose matches its use (has to be SSL and VPN) the digital certificate is
  • Netgear FVS318G | FVS318G User Manual - Page 125
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Viewing and Loading CA Certificates The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the following data: • CA Identity (Subject Name). The organization or person to whom the certificate is issued.
  • Netgear FVS318G | FVS318G User Manual - Page 126
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Viewing Active Self Certificates The Active Self Certificates table in the Certificates screen shows the certificates issued Certificate Request section of the Certificates screen. 2. Configure the following fields: • Name - Enter a
  • Netgear FVS318G | FVS318G User Manual - Page 127
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Subject - This is the name which other Internet domain name, you can enter it here. Otherwise, you should leave this field blank. • E-mail Address - Enter the e-mail address of a technical contact in your organization. Managing Users,
  • Netgear FVS318G | FVS318G User Manual - Page 128
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. Click Generate. A new certificate request is created and added to the Self file (including "----BEGIN CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST"). 6-12 Managing Users, Authentication, and Certificates 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 129
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual d. Submit the CA form. If no problems ensue, the certificate will be issued. 8. Store have been revoked and are no longer valid. Each CA issues their own CRLs. It is important that you keep your CRLs up-to-date. You should obtain the CRL
  • Netgear FVS318G | FVS318G User Manual - Page 130
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 6-12 The CRL table lists your active CAs and their critical release dates: • CA Identify - The official name of the CA which issued this CRL. • Last Update - The date when this CRL was released. • Next Update - The date when the
  • Netgear FVS318G | FVS318G User Manual - Page 131
    page 7-8 • "Enabling Remote Management Access" on page 7-10 • "Using the Command Line Interface" on page 7-13 • "Using an SNMP Manager" on page 7-13 • "Configuration File Management" on page 7-15 • "Upgrading the Firmware" on page 7-17 • "Configuring Date and Time Service" on page 7-18 Performance
  • Netgear FVS318G | FVS318G User Manual - Page 132
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • WAN side: 1000 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are used to connect to the Internet. As a result and depending on the traffic being carried,
  • Netgear FVS318G | FVS318G User Manual - Page 133
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual - Groups. The rule is applied to a Group (see "Managing Groups and Hosts (LAN Groups)" on page 3-5 to assign PCs to a Group using the LAN Groups Database). • WAN Users. These settings determine which Internet locations are covered by the
  • Netgear FVS318G | FVS318G User Manual - Page 134
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Manual Entry. You can manually enter information about a device. See "Managing Groups and Hosts (LAN Groups)" on page 3-5 for the procedure on how to use this feature. Schedule If you have set firewall rules on the Rules screen, you can
  • Netgear FVS318G | FVS318G User Manual - Page 135
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Source MAC Filtering If you want to reduce outgoing traffic by preventing Internet access by certain PCs on the LAN, you can use the source MAC filtering feature to drop the traffic received from the PCs with the specified MAC addresses.
  • Netgear FVS318G | FVS318G User Manual - Page 136
    applied only when the destination IP address of the incoming packet matches the IP address of the selected WAN interface Selecting ANY enables the rule for any LAN IP destination. WAN1 and WAN2 corresponds to the respective WAN interface governed by this rule. • Services. You can specify the desired
  • Netgear FVS318G | FVS318G User Manual - Page 137
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Port Triggering Port triggering allows some applications to function correctly that would otherwise be partially blocked by the firewall. Using this feature requires that you know the port numbers used by the application. Once configured,
  • Netgear FVS318G | FVS318G User Manual - Page 138
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The QoS priority settings conform to the IEEE 802.1D-1998 (formerly 802.1p) standard for class of service tag. You will not change the WAN bandwidth used by changing any QoS priority settings. But you will change the mix of traffic through
  • Netgear FVS318G | FVS318G User Manual - Page 139
    are able to log back into the VPN firewall if your previous login was disrupted (for example, if you did not click Logout on the Main Menu bar to log out). Note: After a factory default reset, the password and timeout value will be changed back to password and 5 minutes, respectively. Router and
  • Netgear FVS318G | FVS318G User Manual - Page 140
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your VPN firewall. You must be logged in locally to enable remote management
  • Netgear FVS318G | FVS318G User Manual - Page 141
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . Figure 7-3 2. Click the Yes radio button to enable HTTPS remote management (enabled by default). 3. To enable remote management by the command line interface (CLI) over Telnet, click Yes to Allow Telnet Management, and configure the
  • Netgear FVS318G | FVS318G User Manual - Page 142
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual c. To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access. Note: For enhanced security, restrict access to as few external IP addresses as practical. See "Password/
  • Netgear FVS318G | FVS318G User Manual - Page 143
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Using the Command Line Interface Note: The command line interface is not supported at this time. Check the NETGEAR Web site for the latest status. You can access the command line interface (CLI) using Telnet from the LAN or, if enabled in
  • Netgear FVS318G | FVS318G User Manual - Page 144
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . Figure 7-4 2. Configure the following fields in the Create New SNMP Configuration Entry section: a. Enter the IP Address of the SNMP manager in the IP Address field and the Subnet Mask in the Subnet Mask field. - To allow only the host
  • Netgear FVS318G | FVS318G User Manual - Page 145
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 7-5 You can edit the System Contact, System Location, and System name. Configuration File Management The configuration settings of the VPN firewall are stored within the firewall in a configuration file. This file can be saved (
  • Netgear FVS318G | FVS318G User Manual - Page 146
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Select Administration > Settings Backup and Firmware Upgrade from the main menu. The Settings Backup and Firmware Upgrade screen is displayed. Figure 7-6 2. Click Backup to save a copy of your current settings. • If your browser isn't
  • Netgear FVS318G | FVS318G User Manual - Page 147
    a DHCP client to the Internet. Warning: When you click default, your VPN firewall settings will be erased. All firewall rules, VPN policies, LAN/WAN settings and other settings will be lost. Backup your settings if you intend on using them! Upgrading the Firmware You can install a different version
  • Netgear FVS318G | FVS318G User Manual - Page 148
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Locate the downloaded file and click upload. This will start the software upgrade to your VPN firewall router. This may take some time. At the conclusion of the upgrade, your VPN firewall will reboot. Warning: Do not try to go online,
  • Netgear FVS318G | FVS318G User Manual - Page 149
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 7-7 2. From the Date/Time pull-down menu, choose the Local Time Zone. This is required in order for scheduling to work correctly. The VPN firewall router includes a real-time clock (RTC), which it uses for scheduling. 3. If
  • Netgear FVS318G | FVS318G User Manual - Page 150
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7-20 1.1 November, 2009 Router and Network Management
  • Netgear FVS318G | FVS318G User Manual - Page 151
    for your ProSafe VPN Firewall. After each problem description, instructions are provided to help you diagnose and solve the problem. This chapter contains the following sections: • "Basic Functions" on page 8-1 • "Troubleshooting the Web Configuration Interface" on page 8-3 • "Troubleshooting the
  • Netgear FVS318G | FVS318G User Manual - Page 152
    configuration to factory defaults. This will set the VPN firewall's IP address to 192.168.1.1. This procedure is explained in "Restoring the Default Configuration and Password" on page 8-7. If the error persists, you might have a hardware problem and should contact technical support. LAN or WAN Port
  • Netgear FVS318G | FVS318G User Manual - Page 153
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall's Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the VPN
  • Netgear FVS318G | FVS318G User Manual - Page 154
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If the VPN firewall does not save changes you have made in the Web Configuration Interface, check the following: • When entering configuration settings, be sure to click the APPLY button before moving to another menu or tab, or your
  • Netgear FVS318G | FVS318G User Manual - Page 155
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Your ISP may check for your PC's host name. Assign the PC Host Name of your ISP account as the Account Name in the Basic Settings menu. • Your ISP only allows one Ethernet MAC address to connect to the Internet, and may check for your PC
  • Netgear FVS318G | FVS318G User Manual - Page 156
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Click Ok. A message, similar to the following, should display: Pinging with 32 bytes of data If the path is working, you will see this message: Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working
  • Netgear FVS318G | FVS318G User Manual - Page 157
    , changing the VPN firewall's administration password to password and the IP address to 192.168.1.1. You can erase the current configuration and restore factory defaults in two ways: • Use the Erase function of the VPN firewall (see "Configuration File Management" on page 7- 15). • Use the reset
  • Netgear FVS318G | FVS318G User Manual - Page 158
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Problems with Date and Time The Administration | Time Zone menu displays the current date and time of day. The VPN firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the
  • Netgear FVS318G | FVS318G User Manual - Page 159
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Using the Diagnostics Utilities You can perform diagnostics such as pinging an IP address, performing a DNS lookup, displaying the routing table, rebooting the firewall, and capturing packets. Select Monitoring > Diagnostics from the main
  • Netgear FVS318G | FVS318G User Manual - Page 160
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 8-1. Diagnostics Item Ping or trace an IP address Perform a DNS lookup Display the routing table Reboot the VPN firewall Packet trace Description Ping - Used to send a ping packet request to a specified IP address-most often, to
  • Netgear FVS318G | FVS318G User Manual - Page 161
    to reboot. Table A-1. Business Router Default Configuration Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Local Network (LAN) Lan IP Subnet Mask RIP Direction RIP Version RIP
  • Netgear FVS318G | FVS318G User Manual - Page 162
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table A-1. Business Router Default Configuration Settings Feature Default Behavior DHCP Starting IP Address 192.168.1.2 DHCP Ending IP Address 192.168.1.254 DMZ Disabled Time Zone GMT Time Zone Adjusted for Daylight Saving
  • Netgear FVS318G | FVS318G User Manual - Page 163
    Gigabit 8 Port VPN Firewall FVS318G Reference Manual This appendix provides technical specifications for the ProSafe VPN Firewall. Table A-2. Technical Specificaions Specification Description Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP
  • Netgear FVS318G | FVS318G User Manual - Page 164
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A-4 Technical Specifications and Factory Default Settings 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 165
    complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing Wireless Communications http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing
  • Netgear FVS318G | FVS318G User Manual - Page 166
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual B-2 Related Documents 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 167
    networks. As part the new maintenance firmware release, NETGEAR has implemented a more robust authentication system known as Two-Factor Authentication (2FA or T-FA) on its SSL and IPSec VPN firewall product line to help address the fast-growing network security issues. What are the benefits of Two
  • Netgear FVS318G | FVS318G User Manual - Page 168
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Quick to deploy and manage. The WiKID solution integrates seamlessly with the NETGEAR SSL and VPN firewall what you have. A common example of two-factor authentication is a bank (ATM) card that has been issued by a bank institute: • The
  • Netgear FVS318G | FVS318G User Manual - Page 169
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The WiKID solution is based on a request-response architecture where a one-time passcode (OTP), that is time synchronized with the authentication server, is generated and sent to the user once the validity of a user credential has been
  • Netgear FVS318G | FVS318G User Manual - Page 170
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. A one-time passcode (something they have) is generated for this user. Figure C-2 Note: The one-time passcode is time synchronized to the authentication server so that the OTP can only be used once and must be used before the expiration
  • Netgear FVS318G | FVS318G User Manual - Page 171
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. The user then goes to the two factor login page and enters the generated one-time passcode as the login password. Figure C-3 Two-Factor Authentication is a new and easy way to enhance networking security products without having to
  • Netgear FVS318G | FVS318G User Manual - Page 172
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual C-6 Two Factor Authentication 1.1 November, 2009
  • Netgear FVS318G | FVS318G User Manual - Page 173
    CSR certificates management of 6-11 Certificate Authority. See CA Classical Routing definition of 2-11 CLI management by Telnet 7-11 command line interface 7-13 configuration automatic by DHCP 1-3 content filtering 1-2 connecting the VPN firewall 2-1 crossover cable 1-3 v1.1 November, 2009 Index-1
  • Netgear FVS318G | FVS318G User Manual - Page 174
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual crossover cable 8-2 CSR 6-11 D Date troubleshooting 8-8 Date setting 7-18 Daylight Savings Time adjusting for 7-19 DNS proxy 7-6 DDNS about 2-12 configuration of 2-14 providers of 2-12 default configuration restoring 8-7 default password
  • Netgear FVS318G | FVS318G User Manual - Page 175
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual F factory default login 1-8 factory default settings revert to 7-15 firmware downloading 7-17 upgrade 7-17 Flash memory, for firmware upgrade 1-2 fragmented IP packets 7-6 Firewall Logs emailing of 4-33 Firewall Logs & E-mail screen 4-33
  • Netgear FVS318G | FVS318G User Manual - Page 176
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual K keepalive, VPN 5-27 Keep Connected Idle Timeout 2-9 Keyword Blocking4-22 applying4-24 Known PCs and Devices list of 3-7 L LAN configuration 3-1 using LAN IP setup options 3-2 LAN Groups Database about 3-5 advantages of 3-5 fields 3-7
  • Netgear FVS318G | FVS318G User Manual - Page 177
    and login timeout changing 7-8 passwords,restoring 8-7 performance management 7-1 Ping troubleshooting TCP/IP 8-5 ping 8-10 Ping On Internet Ports4-20 port filtering service blocking4-3 Port Forwarding Inbound Rules4-3, 4-5 rules, about 4-5 port numbers4-16 ports explanation of WAN and LAN 1-6 Port
  • Netgear FVS318G | FVS318G User Manual - Page 178
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual R RADIUS Server configuring 5-19 RADIUS-CHAP 5-17, 5-19 AUTH, using with 5-18 RADIUS-PAP 5-17 XAUTH, using with 5-18 RADIUS WiKID 6-8 reducing traffic 7-2 Block Sites 7-4 service blocking 7-2 Source MAC Filtering 7-5 remote management 6-7
  • Netgear FVS318G | FVS318G User Manual - Page 179
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Settings Backup and Firmware Upgrade 7-16 Simple Network Management Protocol. See SNMP. Setting Up One-to-One NAT Mapping example of4-14 sniffer 8-3 SNMP about 7-13 configuring 7-13 global access 7-14 host only access 7-14 subnet access
  • Netgear FVS318G | FVS318G User Manual - Page 180
    ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual connecting 2-1 VPN Client configuring 5-5 VPN Policies screen 5-4, 5-7 VPN Policy Auto 5-16 Manual 5-16 VPN tunnels about 5-1 VPN Wizard Gateway tunnel 5-1 VPN Client, configuring 5-5 VPNC 5-1 VPN passthrough 4-21 VPN passthrough 7-6 VPN
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
202-10521-01
v1.1
November, 2009
NETGEAR
, Inc.
350 East Plumeria Drive
San Jose, CA 95134
ProSafe Gigabit 8 Port
VPN Firewall FVS318G
Reference Manual