Home » Netgear Manuals » Bridges & Routers » Netgear FVS328 » Manual Viewer

Netgear FVS328 FVS328 Reference Manual - Page 105

Set up Certificate Revocation List CRL checking

UPC - 606449026528

Add to My Manuals
Save this manual to your list of manuals

Page 105 highlights

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Now, the traffic from devices within the range of the LAN subnet addresses on FVS328 Gateway A and Gateway B will be authenticated using the certificates and generated keys rather than via a shared key. 8. Set up Certificate Revocation List (CRL) checking. a. Get a copy of the CRL from the CA and save it as a text file. Note: The procedure for obtaining a CRL differs from a CA like Verisign and a CA such as a Windows 2000 certificate server, which an organization operates for providing certificates for its members. Follow the procedures of your CA. b. From the main menu VPN section, click the CRL link. c. Click Add to add a CRL. d. Click Browse to locate the CRL file. e. Click Upload. Now expired or revoked certificates will not be allowed to use the VPN tunnels managed by IKE policies which use this CA. Note: You must update the CRLs regularly in order to maintain the validity of the certificate-based VPN policies. Virtual Private Networking May 2004, 202-10031-01 7-31

Section	Page
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual	1
Trademarks	2
Statement of Conditions	2
EN 55 022 Declaration of Conformance	2
Certificate of the Manufacturer/Importer	2
Bestätigung des Herstellers/Importeurs	3
Voluntary Control Council for Interference (VCCI) Statement	3
Technical Support	3
World Wide Web	3
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVS328	17
Key Features	17
Full Routing on Both the Broadband and Serial Ports	17
Virtual Private Networking	18
A Powerful, True Firewall	18
Content Filtering	19
Configurable Auto Uplink™ Ethernet Connection	19
Protocol Support	19
Easy Installation and Management	20
What’s in the Box?	21
The Firewall’s Front Panel	21
The Firewall’s Rear Panel	23
Chapter 3 Connecting the FVS328 to the Internet	25
What You Will Need Before You Begin	25
LAN Hardware Requirements	25
LAN Configuration Requirements	25
Internet Configuration Requirements	26
Where Do I Get the Internet Configuration Parameters?	26
Worksheet for Recording Your Internet Connection Information	27
Connecting the FVS328 to Your LAN	28
How to Connect the FVS328 to Your LAN	28
Configuring a Wizard-Detected Login Account	32
Configuring a Wizard-Detected Dynamic IP Account	33
Configuring a Wizard-Detected Fixed IP (Static) Account	34
How to Configure the Serial Port for an Internet Connection	34
Testing Your Internet Connection	37
Manually Configuring Your Internet Connection	38
How to Manually Configure the Primary Internet Connection	39
Chapter 4 Serial Port Configuration	41
Configuring a Serial Port Modem	42
Basic Requirements for Serial Port Modem Configuration	42
How to Configure a Serial Port Modem	42
Configuring Auto-Rollover	43
Basic Requirements for Auto-Rollover	43
How to Configure Auto-Rollover	43
Configuring Dial-in on the Serial Port	44
Basic Requirements for Dial-in	45
How to Configure Dial-in	45
Configuring LAN-to-LAN Settings	46
Basic Requirements for LAN-to-LAN Connections	46
How to Configure LAN-to-LAN Connections	46
Chapter 5 WAN and LAN Configuration	49
Configuring LAN IP Settings	49
Using the Router as a DHCP Server	50
How to Configure LAN TCP/IP Setup Settings	51
How to Configure Reserved IP Addresses	52
Configuring WAN Settings	52
Connecting Automatically, as Required	53
Setting Up a Default DMZ Server	53
How to Assign a Default DMZ Server	53
Responding to Ping on Internet WAN Port	54
How to Set the MTU Size	54
Configuring Dynamic DNS	54
How to Configure Dynamic DNS	55
Using Static Routes	55
Static Route Example	55
How to Configure Static Routes	56
Chapter 6 Protecting Your Network	59
Protecting Access to Your FVS328 Firewall	59
How to Change the Built-In Password	59
How to Change the Administrator Login Timeout	60
Configuring Basic Firewall Services	60
Using the Block Sites Menu to Screen Content	61
Services and Rules Regulate Inbound and Outbound Traffic	62
Defining a Service	63
Using Inbound/Outbound Rules to Block or Allow Services	64
Examples of Using Services and Rules to Regulate Traffic	66
Inbound Rules (Port Forwarding)	66
Example: Port Forwarding to a Local Public Web Server	67
Example: Port Forwarding for Videoconferencing	67
Example: Port Forwarding for VPN Tunnels when NAT is Off	68
Outbound Rules (Service Blocking or Port Filtering)	69
Outbound Rule Example: Blocking Instant Messaging	70
Other Rules Considerations	70
Order of Precedence for Rules	70
Rules Menu Options	71
Setting Times and Scheduling Firewall Services	71
How to Set Your Time Zone	72
How to Schedule Firewall Services	73
Chapter 7 Virtual Private Networking	75
Overview of FVS328 Policy-Based VPN Configuration	75
Using Policies to Manage VPN Traffic	75
Using Automatic Key Management	76
IKE Policies’ Automatic Key and Authentication Management	77
VPN Policy Configuration for Auto Key Negotiation	80
VPN Policy Configuration for Manual Key Exchange	83
Using Digital Certificates for IKE Auto-Policy Authentication	88
Certificate Revocation List (CRL)	88
How to Use the VPN Wizard to Configure a VPN Tunnel	89
Walk-Through of Configuration Scenarios	91
VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets	92
FVS328 Scenario 1: How to Configure the IKE and VPN Policies	94
How to Check VPN Connections	98
FVS328 Scenario 2: Authenticating with RSA Certificates	99
Chapter 8 Managing Your Network	107
Network Management	107
How to Configure Remote Management	107
Viewing Router Status and Usage Statistics	109
Viewing Attached Devices	112
Viewing, Selecting, and Saving Logged Information	113
Changing the Include in Log Settings	115
Enabling the Syslog Feature	115
Enabling Security Event E-mail Notification	116
Backing Up, Restoring, or Erasing Your Settings	117
How to Back Up the FVS328 Configuration to a File	117
How to Restore a Configuration from a File	118
How to Erase the Configuration	119
Running Diagnostic Utilities and Rebooting the Router	119
Upgrading the Router’s Firmware	120
How to Upgrade the Router	121
Chapter 9 Troubleshooting	123
Basic Functions	123
Power LED Not On	124
Test LED Never Turns On or Test LED Stays On	124
Local or Internet Port Link LEDs Not On	125
Troubleshooting the Web Configuration Interface	125
Troubleshooting the ISP Connection	126
Troubleshooting a TCP/IP Network Using a Ping Utility	127
How to Test the LAN Path to Your Firewall	128
How to Test the Path from Your PC to a Remote Device	128
Restoring the Default Configuration and Password	129
How to Use the Default Reset Button	129
Problems with Date and Time	130
Appendix A Technical Specifications	131
Appendix B Firewall Log Formats	133
Action List	133
Field List	133
Outbound Log	133
Inbound Log	134
Other IP Traffic	134
Router Operation	135
Other Connections and Traffic to this Router	136
DoS Attack/Scan	136
Access Block Site	138
All Web Sites and News Groups Visited	138
System Admin Sessions	138
Policy Administration LOG	139
Appendix C Networks, Routing, and Firewall Basics	141
Related Publications	141
Basic Router Concepts	141
What is a Router?	141
Routing Information Protocol	142
IP Addresses and the Internet	142
Netmask	144
Subnet Addressing	144
Private IP Addresses	147
Single IP Address Operation Using NAT	147
MAC Addresses and Address Resolution Protocol	149
Related Documents	149
Domain Name Server	149
IP Configuration by DHCP	150
Internet Security and Firewalls	150
What is a Firewall?	151
Stateful Packet Inspection	151
Denial of Service Attack	151
Ethernet Cabling	152
Uplink Switches and Crossover Cables	152
Cable Quality	153
Appendix D Preparing Your Network	155
Preparing Your Computers for TCP/IP Networking	155
Configuring Windows 95, 98, and Me for TCP/IP Networking	156
Install or Verify Windows Networking Components	156
Enabling DHCP to Automatically Configure TCP/IP Settings	158
Selecting Windows’ Internet Access Method	158
Verifying TCP/IP Properties	159
Configuring Windows NT, 2000 or XP for IP Networking	159
Installing or Verifying Windows Networking Components	159
Verifying TCP/IP Properties	160
Configuring the Macintosh for TCP/IP Networking	160
MacOS 8.6 or 9.x	160
MacOS X	161
Verifying TCP/IP Properties for Macintosh Computers	162
Verifying the Readiness of Your Internet Account	163
Are Login Protocols Used?	163
What Is Your Configuration Information?	163
Obtaining ISP Configuration Information for Windows Computers	164
Obtaining ISP Configuration Information for Macintosh Computers	165
Restarting the Network	166
Appendix E Virtual Private Networking	167
What is a VPN?	167
What is IPSec and How Does It Work?	168
IPSec Security Features	168
IPSec Components	168
Encapsulating Security Payload (ESP)	169
Authentication Header (AH)	170
IKE Security Association	170
Mode	171
Key Management	172
Understand the Process Before You Begin	172
VPN Process Overview	173
Network Interfaces and Addresses	173
Interface Addressing	173
Firewalls	174
Setting Up a VPN Tunnel Between Gateways	174
VPNC IKE Security Parameters	176
VPNC IKE Phase I Parameters	176
VPNC IKE Phase II Parameters	177
Testing and Troubleshooting	177
Additional Reading	177
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVS328	179
Configuration Profile	179
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	180
Step-By-Step Configuration of FVS328 Gateway B	183
Test the VPN Connection	187
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328	189
Configuration Profile	189
Using DDNS and Fully Qualified Domain Names (FQDN)	190
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	191
Step-By-Step Configuration of FVS328 Gateway B	195
Test the VPN Connection	199
Appendix H NETGEAR VPN Client to NETGEAR the FVS328	201
Profile: Traveling User or Telecommuter at Home	201
Step-By-Step Configuration of FVS328 Gateway	202
Step-By-Step Configuration of the Netgear VPN Client B	207
Testing the VPN Connection	214
From the Client PC to the FVS328	214
From the FVS328 to the Client PC	215
Monitoring the PC VPN Connection	215
Viewing the FVS328 VPN Status and Log Information	216
Glossary	219