Home » Netgear Manuals » Bridges & Routers » Netgear FVS336G » Manual Viewer

Netgear FVS336G FVS336G Reference Manual - Page 73

Attack Checks, Security > Firewall, Apply, WAN Security Checks, Respond To Ping On Internet Ports - vpn problem

UPC - 606449052015

Add to My Manuals
Save this manual to your list of manuals

Page 73 highlights

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Attack Checks The Attack Checks menu allows you to specify whether or not the VPN firewall should be protected against common attacks in the LAN and WAN networks. To enable the appropriate Attack Checks for your environment: 1. Select Security > Firewall from the main menu and click Attack Checks to display the Attack Checks tab page. Figure 4-9 2. Check the boxes for the Attack Checks you wish to monitor. The various types of attack checks are listed and defined below. 3. Click Apply to save your settings. The various types of attack checks listed on the Attack Checks screen are: • WAN Security Checks - Respond To Ping On Internet Ports-By default, the VPN firewall does not respond to an ICMP Echo (ping) packet coming from the Internet or WAN side. We recommend that you leave this option disabled to prevent hackers from easily discovering the VPN firewall via a ping, but it can be enabled as a diagnostic tool for connectivity problems. - Enable Stealth Mode-In stealth mode, the VPN firewall will not respond to port scans from the WAN or Internet, which makes it less susceptible to discovery and attacks. - Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system. When the system responds, the attacker doesn't complete the connection, thus saturating the server with half-open connections. No legitimate connections can then be made. Firewall Protection and Content Filtering v1.0, March 2009 4-17

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
Revision History	14
Chapter 1 Introduction	15
Key Features	15
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	16
Advanced VPN Support for Both IPsec and SSL	16
A Powerful, True Firewall with Content Filtering	17
Autosensing Ethernet Connections with Auto Uplink	17
Extensive Protocol Support	18
Easy Installation and Management	18
Maintenance and Support	19
Package Contents	19
Front Panel Features	20
Rear Panel Features	21
Default IP Address, Login Name, and Password Location	22
Qualified Web Browsers	22
Chapter 2 Connecting the FVS336G to the Internet	23
Understanding the Connection Steps	23
Logging into the VPN Firewall Router	24
Navigating the Menus	25
Configuring the Internet Connections	26
Automatically Detecting and Connecting	27
Manually Configuring the Internet Connection	29
Configuring the WAN Mode (Required for Dual WAN)	32
Network Address Translation	33
Classical Routing	34
Configuring Auto-Rollover Mode	34
Configuring Load Balancing	36
Configuring Dynamic DNS (Optional)	38
Configuring the Advanced WAN Options (Optional)	40
Additional WAN Related Configuration	42
Chapter 3 LAN Configuration	43
Choosing the Firewall DHCP Options	43
Configuring the LAN Setup Options	44
Managing Groups and Hosts (LAN Groups)	47
Viewing the LAN Groups Database	48
Changing Group Names in the LAN Groups Database	49
Configuring DHCP Address Reservation	50
Configuring Multi Home LAN IP Addresses	51
Configuring Static Routes	52
Configuring Static Routes	52
Configuring Routing Information Protocol (RIP)	54
Chapter 4 Firewall Protection and Content Filtering	57
About Firewall Protection and Content Filtering	57
Using Rules to Block or Allow Specific Kinds of Traffic	58
About Services-Based Rules	59
Viewing the Rules	64
Order of Precedence for Rules	64
Setting the Default Outbound Policy	64
Creating a LAN WAN Outbound Services Rule	65
Creating a LAN WAN Inbound Services Rule	66
Inbound Rules Examples	67
Outbound Rules Example	70
Adding Customized Services	70
Setting Quality of Service (QoS) Priorities	72
Attack Checks	73
Blocking Internet Sites (Content Filtering)	74
Configuring Source MAC Filtering	77
Configuring IP/MAC Address Binding Alerts	79
Configuring Port Triggering	80
Setting a Schedule to Block or Allow Specific Traffic	82
Configuring a Bandwidth Profile	82
Configuring Session Limits	84
E-Mail Notifications of Event Logs and Alerts	85
Administrator Tips	85
Chapter 5 Virtual Private Networking Using IPsec	87
Considerations for Dual WAN Port Systems	87
Using the VPN Wizard for Client and Gateway Configurations	89
Creating Gateway to Gateway VPN Tunnels with the Wizard	89
Creating a Client to Gateway VPN Tunnel	92
Testing the Connections and Viewing Status Information	98
NETGEAR VPN Client Status and Log Information	98
FVS336G VPN Connection Status and Logs	100
Managing VPN Policies	101
Managing IKE Policies	101
Managing VPN Policies	103
Configuring Extended Authentication (XAUTH)	104
Configuring XAUTH for VPN Clients	105
User Database Configuration	106
RADIUS Client Configuration	106
Assigning IP Addresses to Remote Users (ModeConfig)	108
Mode Config Operation	109
Configuring the VPN Firewall	109
Configuring the ProSafe VPN Client for ModeConfig	112
Configuring Keepalives and Dead Peer Detection	114
Configuring Keepalive	114
Configuring NetBIOS Bridging with VPN	116
Chapter 6 Virtual Private Networking Using SSL Connections	119
Understanding the Portal Options	119
Planning for SSL VPN	120
Creating the Portal Layout	121
Configuring Domains, Groups, and Users	125
Configuring Applications for Port Forwarding	125
Adding Servers	126
Adding A New Host Name	127
Configuring the SSL VPN Client	128
Configuring the Client IP Address Range	129
Adding Routes for VPN Tunnel Clients	130
Replacing and Deleting Client Routes	130
Using Network Resource Objects to Simplify Policies	131
Adding New Network Resources	131
Configuring User, Group, and Global Policies	133
Viewing Policies	134
Adding a Policy	135
Chapter 7 Managing Users, Authentication, and Certificates	139
Adding Authentication Domains, Groups, and Users	139
Creating a Domain	139
Creating a Group	141
Creating a New User Account	142
Setting User Login Policies	143
Changing Passwords and Settings	145
RADIUS Server External Authentication	147
Managing Certificates	148
Viewing and Loading CA Certificates	149
Viewing Active Self Certificates	150
Obtaining a Self Certificate from a Certificate Authority	151
Managing your Certificate Revocation List (CRL)	153
Chapter 8 Router and Network Management	155
Performance Management	155
Bandwidth Capacity	155
Features That Reduce Traffic	156
Features That Increase Traffic	159
Using QoS to Shift the Traffic Mix	162
Tools for Traffic Management	162
Changing Passwords and Administrator Settings	162
Enabling Remote Management Access	164
Using the Command Line Interface	166
Using an SNMP Manager	167
Configuration File Management	169
Upgrading the Firmware	171
Configuring Date and Time Service	172
Chapter 9 Monitoring System Performance	175
Enabling the Traffic Meter	175
Activating Notification of Events and Alerts	178
Viewing Firewall Logs	180
Viewing Router Configuration and System Status	181
Monitoring the Status of WAN Ports	183
Monitoring Attached Devices	184
Reviewing the DHCP Log	186
Monitoring Active Users	186
Viewing Port Triggering Status	187
Monitoring VPN Tunnel Connection Status	188
Reviewing the VPN Logs	189
Chapter 10 Troubleshooting	191
Basic Functions	191
Power LED Not On	192
LEDs Never Turn Off	192
LAN or WAN Port LEDs Not On	192
Troubleshooting the Web Configuration Interface	193
Troubleshooting the ISP Connection	194
Troubleshooting a TCP/IP Network Using a Ping Utility	195
Testing the LAN Path to Your VPN Firewall	195
Testing the Path from Your PC to a Remote Device	196
Restoring the Default Configuration and Password	197
Problems with Date and Time	197
Using the Diagnostics Utilities	198
Appendix A Default Settings and Technical Specifications	201
Appendix B Related Documents	205
Appendix C Network Planning for Dual WAN Ports	207
What You Will Need to Do Before You Begin	207
Cabling and Computer Hardware Requirements	209
Computer Network Configuration Requirements	209
Internet Configuration Requirements	209
Where Do I Get the Internet Configuration Parameters?	210
Internet Connection Information Form	211
Overview of the Planning Process	212
Inbound Traffic	212
Virtual Private Networks (VPNs)	212
The Roll-over Case for Firewalls With Dual WAN Ports	213
The Load Balancing Case for Firewalls With Dual WAN Ports	213
Inbound Traffic	214
Inbound Traffic to Single WAN Port (Reference Case)	214
Inbound Traffic to Dual WAN Port Systems	214
Virtual Private Networks (VPNs)	216
VPN Road Warrior (Client-to-Gateway)	217
VPN Gateway-to-Gateway	220
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	223
Appendix D Two Factor Authentication	227
Why do I need Two-Factor Authentication?	227
What are the benefits of Two-Factor Authentication?	227
What is Two-Factor Authentication	228
NETGEAR Two-Factor Authentication Solutions	228

Match case Limit results 1 per page

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

Firewall Protection and Content Filtering

4-17

v1.0, March 2009

Attack Checks

The Attack Checks menu allows you to specify whether or not the VPN firewall should be

protected against common attacks in the LAN and WAN networks. To enable the appropriate

Attack Checks for your environment:

Select

Security > Firewall

from the main menu and click

Attack Checks

to display the

Attack Checks

tab page.

Check the boxes for the Attack Checks you wish to monitor. The various types of attack

checks are listed and defined below.

Click

Apply

to save your settings.

The various types of attack checks listed on the

Attack Checks

screen are:

•

WAN Security Checks

–

Respond To Ping On Internet Ports

—By default, the VPN firewall does not respond to

an ICMP Echo (ping) packet coming from the Internet or WAN side. We recommend that

you leave this option disabled to prevent hackers from easily discovering the VPN firewall

via a ping, but it can be enabled as a diagnostic tool for connectivity problems.

–

Enable Stealth Mode

—In stealth mode, the VPN firewall will not respond to port scans

from the WAN or Internet, which makes it less susceptible to discovery and attacks.

–

Block TCP Flood

. A SYN flood is a form of denial of service attack in which an attacker

sends a succession of SYN requests to a target system. When the system responds, the

attacker doesn’t complete the connection, thus saturating the server with half-open

connections. No legitimate connections can then be made.

Figure 4-9