Home » Netgear Manuals » Bridges & Routers » Netgear FVS336G » Manual Viewer

Netgear FVS336G FVS336G Reference Manual - Page 87

Virtual Private Networking Using IPsec, Considerations for Dual WAN Port Systems - bridge

UPC - 606449052015

Add to My Manuals
Save this manual to your list of manuals

Page 87 highlights

Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to provide secure, encrypted communications between your local network and a remote network or computer. This chapter contains the following sections: • "Considerations for Dual WAN Port Systems" on page 5-1 • "Using the VPN Wizard for Client and Gateway Configurations" on page 5-3 • "Testing the Connections and Viewing Status Information" on page 5-12 • "Managing VPN Policies" on page 5-15 • "Configuring Extended Authentication (XAUTH)" on page 5-18 • "Assigning IP Addresses to Remote Users (ModeConfig)" on page 5-22 • "Configuring Keepalives and Dead Peer Detection" on page 5-28 • "Configuring NetBIOS Bridging with VPN" on page 5-30 Considerations for Dual WAN Port Systems If both of the WAN ports of the VPN firewall are configured, you can enable either Auto-Rollover mode for increased system reliability or Load Balancing mode for optimum bandwidth efficiency. This WAN mode choice impacts how the VPN features must be configured. The use of fully qualified domain names in VPN policies is mandatory when the WAN ports are in load balancing or rollover mode; and is also required for the VPN tunnels to fail over. FQDN is optional when the WAN ports are in load balancing mode if the IP addresses are static but mandatory if the WAN IP addresses are dynamic. Refer to "Virtual Private Networks (VPNs)" on page C-10 for more on the IP addressing requirements for VPN in the dual WAN modes. For instructions on how to select and configure a dynamic DNS service for resolving FQDNs, see "Configuring Dynamic DNS (Optional)" on page 2-16. For instructions on WAN mode configuration, see "Configuring the WAN Mode (Required for Dual WAN)" on page 2-10. 5-1 v1.0, March 2009

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
Revision History	14
Chapter 1 Introduction	15
Key Features	15
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	16
Advanced VPN Support for Both IPsec and SSL	16
A Powerful, True Firewall with Content Filtering	17
Autosensing Ethernet Connections with Auto Uplink	17
Extensive Protocol Support	18
Easy Installation and Management	18
Maintenance and Support	19
Package Contents	19
Front Panel Features	20
Rear Panel Features	21
Default IP Address, Login Name, and Password Location	22
Qualified Web Browsers	22
Chapter 2 Connecting the FVS336G to the Internet	23
Understanding the Connection Steps	23
Logging into the VPN Firewall Router	24
Navigating the Menus	25
Configuring the Internet Connections	26
Automatically Detecting and Connecting	27
Manually Configuring the Internet Connection	29
Configuring the WAN Mode (Required for Dual WAN)	32
Network Address Translation	33
Classical Routing	34
Configuring Auto-Rollover Mode	34
Configuring Load Balancing	36
Configuring Dynamic DNS (Optional)	38
Configuring the Advanced WAN Options (Optional)	40
Additional WAN Related Configuration	42
Chapter 3 LAN Configuration	43
Choosing the Firewall DHCP Options	43
Configuring the LAN Setup Options	44
Managing Groups and Hosts (LAN Groups)	47
Viewing the LAN Groups Database	48
Changing Group Names in the LAN Groups Database	49
Configuring DHCP Address Reservation	50
Configuring Multi Home LAN IP Addresses	51
Configuring Static Routes	52
Configuring Static Routes	52
Configuring Routing Information Protocol (RIP)	54
Chapter 4 Firewall Protection and Content Filtering	57
About Firewall Protection and Content Filtering	57
Using Rules to Block or Allow Specific Kinds of Traffic	58
About Services-Based Rules	59
Viewing the Rules	64
Order of Precedence for Rules	64
Setting the Default Outbound Policy	64
Creating a LAN WAN Outbound Services Rule	65
Creating a LAN WAN Inbound Services Rule	66
Inbound Rules Examples	67
Outbound Rules Example	70
Adding Customized Services	70
Setting Quality of Service (QoS) Priorities	72
Attack Checks	73
Blocking Internet Sites (Content Filtering)	74
Configuring Source MAC Filtering	77
Configuring IP/MAC Address Binding Alerts	79
Configuring Port Triggering	80
Setting a Schedule to Block or Allow Specific Traffic	82
Configuring a Bandwidth Profile	82
Configuring Session Limits	84
E-Mail Notifications of Event Logs and Alerts	85
Administrator Tips	85
Chapter 5 Virtual Private Networking Using IPsec	87
Considerations for Dual WAN Port Systems	87
Using the VPN Wizard for Client and Gateway Configurations	89
Creating Gateway to Gateway VPN Tunnels with the Wizard	89
Creating a Client to Gateway VPN Tunnel	92
Testing the Connections and Viewing Status Information	98
NETGEAR VPN Client Status and Log Information	98
FVS336G VPN Connection Status and Logs	100
Managing VPN Policies	101
Managing IKE Policies	101
Managing VPN Policies	103
Configuring Extended Authentication (XAUTH)	104
Configuring XAUTH for VPN Clients	105
User Database Configuration	106
RADIUS Client Configuration	106
Assigning IP Addresses to Remote Users (ModeConfig)	108
Mode Config Operation	109
Configuring the VPN Firewall	109
Configuring the ProSafe VPN Client for ModeConfig	112
Configuring Keepalives and Dead Peer Detection	114
Configuring Keepalive	114
Configuring NetBIOS Bridging with VPN	116
Chapter 6 Virtual Private Networking Using SSL Connections	119
Understanding the Portal Options	119
Planning for SSL VPN	120
Creating the Portal Layout	121
Configuring Domains, Groups, and Users	125
Configuring Applications for Port Forwarding	125
Adding Servers	126
Adding A New Host Name	127
Configuring the SSL VPN Client	128
Configuring the Client IP Address Range	129
Adding Routes for VPN Tunnel Clients	130
Replacing and Deleting Client Routes	130
Using Network Resource Objects to Simplify Policies	131
Adding New Network Resources	131
Configuring User, Group, and Global Policies	133
Viewing Policies	134
Adding a Policy	135
Chapter 7 Managing Users, Authentication, and Certificates	139
Adding Authentication Domains, Groups, and Users	139
Creating a Domain	139
Creating a Group	141
Creating a New User Account	142
Setting User Login Policies	143
Changing Passwords and Settings	145
RADIUS Server External Authentication	147
Managing Certificates	148
Viewing and Loading CA Certificates	149
Viewing Active Self Certificates	150
Obtaining a Self Certificate from a Certificate Authority	151
Managing your Certificate Revocation List (CRL)	153
Chapter 8 Router and Network Management	155
Performance Management	155
Bandwidth Capacity	155
Features That Reduce Traffic	156
Features That Increase Traffic	159
Using QoS to Shift the Traffic Mix	162
Tools for Traffic Management	162
Changing Passwords and Administrator Settings	162
Enabling Remote Management Access	164
Using the Command Line Interface	166
Using an SNMP Manager	167
Configuration File Management	169
Upgrading the Firmware	171
Configuring Date and Time Service	172
Chapter 9 Monitoring System Performance	175
Enabling the Traffic Meter	175
Activating Notification of Events and Alerts	178
Viewing Firewall Logs	180
Viewing Router Configuration and System Status	181
Monitoring the Status of WAN Ports	183
Monitoring Attached Devices	184
Reviewing the DHCP Log	186
Monitoring Active Users	186
Viewing Port Triggering Status	187
Monitoring VPN Tunnel Connection Status	188
Reviewing the VPN Logs	189
Chapter 10 Troubleshooting	191
Basic Functions	191
Power LED Not On	192
LEDs Never Turn Off	192
LAN or WAN Port LEDs Not On	192
Troubleshooting the Web Configuration Interface	193
Troubleshooting the ISP Connection	194
Troubleshooting a TCP/IP Network Using a Ping Utility	195
Testing the LAN Path to Your VPN Firewall	195
Testing the Path from Your PC to a Remote Device	196
Restoring the Default Configuration and Password	197
Problems with Date and Time	197
Using the Diagnostics Utilities	198
Appendix A Default Settings and Technical Specifications	201
Appendix B Related Documents	205
Appendix C Network Planning for Dual WAN Ports	207
What You Will Need to Do Before You Begin	207
Cabling and Computer Hardware Requirements	209
Computer Network Configuration Requirements	209
Internet Configuration Requirements	209
Where Do I Get the Internet Configuration Parameters?	210
Internet Connection Information Form	211
Overview of the Planning Process	212
Inbound Traffic	212
Virtual Private Networks (VPNs)	212
The Roll-over Case for Firewalls With Dual WAN Ports	213
The Load Balancing Case for Firewalls With Dual WAN Ports	213
Inbound Traffic	214
Inbound Traffic to Single WAN Port (Reference Case)	214
Inbound Traffic to Dual WAN Port Systems	214
Virtual Private Networks (VPNs)	216
VPN Road Warrior (Client-to-Gateway)	217
VPN Gateway-to-Gateway	220
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	223
Appendix D Two Factor Authentication	227
Why do I need Two-Factor Authentication?	227
What are the benefits of Two-Factor Authentication?	227
What is Two-Factor Authentication	228
NETGEAR Two-Factor Authentication Solutions	228