Home » Netgear Manuals » Bridges & Routers » Netgear FVS336G » Manual Viewer

Netgear FVS336G FVS336G Reference Manual - Page 117

User Database Configuration, RADIUS Client Configuration, RADIUS-CHAP, IPsec Host, Username, Password

UPC - 606449052015

Add to My Manuals
Save this manual to your list of manuals

Page 117 highlights

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - RADIUS-CHAP or RADIUS-PAP (depending on the authentication mode accepted by the RADIUS server) to add a RADIUS server. If RADIUS-PAP is selected, the VPN firewall will first check in the user database to see if the user credentials are available. If the user account is not present, the VPN firewall will then connect to the RADIUS server (see "RADIUS Client Configuration" on page 5-21). • IPsec Host if you want to be authenticated by the remote gateway. In the adjacent Username and Password fields, type in the information user name and password associated with the IKE policy for authenticating this gateway (by the remote gateway). 5. Click Apply to save your settings. User Database Configuration When XAUTH is enabled as an Edge Device, users must be authenticated either by a local User Database account or by an external RADIUS server. Whether or not you use a RADIUS server, you may want some users to be authenticated locally. These users must be added to the List of Users table, as described in "Creating a New User Account" on page 7-4. RADIUS Client Configuration RADIUS (Remote Authentication Dial In User Service, RFC 2865) is a protocol for managing Authentication, Authorization and Accounting (AAA) of multiple users in a network. A RADIUS server will store a database of user information, and can validate a user at the request of a gateway or server in the network when a user requests access to network resources. During the establishment of a VPN connection, the VPN gateway can interrupt the process with an XAUTH request. At that point, the remote user must provide authentication information such as a username/password or some encrypted response using his username/password information. The gateway will try to verify this information first against a local User Database (if RADIUS-PAP is enabled) and then by relaying the information to a central authentication server such as a RADIUS server. To configure the Primary RADIUS Server: 1. Select VPN > IPsec VPN from the main menu. 2. Click the RADIUS Client tab. The RADIUS Client screen is displayed. Virtual Private Networking Using IPsec v1.2, June 2008 5-21

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Key Features	17
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	18
Advanced VPN Support for Both IPsec and SSL	18
A Powerful, True Firewall with Content Filtering	19
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	20
Easy Installation and Management	20
Maintenance and Support	21
Package Contents	21
Front Panel Features	22
Rear Panel Features	23
Default IP Address, Login Name, and Password Location	24
Qualified Web Browsers	24
Chapter 2 Connecting the FVS336G to the Internet	27
Understanding the Connection Steps	27
Logging into the VPN Firewall Router	28
Navigating the Menus	30
Configuring the Internet Connections	30
Automatically Detecting and Connecting	30
Manually Configuring the Internet Connection	34
Configuring the WAN Mode (Required for Dual WAN)	37
Network Address Translation	38
Classical Routing	38
Configuring Auto-Rollover Mode	39
Configuring Load Balancing	41
Configuring Dynamic DNS (Optional)	43
Configuring the Advanced WAN Options (Optional)	45
Additional WAN Related Configuration	47
Chapter 3 LAN Configuration	49
Using the VPN Firewall as a DHCP server	49
Configuring the LAN Setup Options	50
Managing Groups and Hosts (LAN Groups)	53
Viewing the LAN Groups Database	54
Changing Group Names in the LAN Groups Database	55
Configuring DHCP Address Reservation	56
Configuring Multi Home LAN IP Addresses	57
Configuring Static Routes	58
Configuring Static Routes	58
Configuring Routing Information Protocol (RIP)	60
Chapter 4 Firewall Protection and Content Filtering	63
About Firewall Protection and Content Filtering	63
Using Rules to Block or Allow Specific Kinds of Traffic	64
About Services-Based Rules	65
Viewing the Rules	69
Order of Precedence for Rules	70
Setting the Default Outbound Policy	70
Creating a LAN WAN Outbound Services Rule	71
Creating a LAN WAN Inbound Services Rule	72
Inbound Rules Examples	74
Outbound Rules Example	77
Adding Customized Services	77
Setting Quality of Service (QoS) Priorities	79
Attack Checks	80
Blocking Internet Sites (Content Filtering)	82
Configuring Source MAC Filtering	86
Configuring IP/MAC Address Binding Alerts	88
Configuring Port Triggering	89
Setting a Schedule to Block or Allow Specific Traffic	91
Configuring a Bandwidth Profile	92
Configuring Session Limits	94
E-Mail Notifications of Event Logs and Alerts	95
Administrator Tips	95
Chapter 5 Virtual Private Networking Using IPsec	97
Considerations for Dual WAN Port Systems	97
Configuring an IPsec VPN Connection using the VPN Wizard	100
Creating a VPN Tunnel to a Gateway	100
Creating a VPN Tunnel Connection to a VPN Client	104
Managing VPN Tunnel Policies	109
About IKE	109
Managing IKE Policies	109
About the IKE Policy Table	110
VPN Policy	110
VPN Tunnel Connection Status	112
Creating a VPN Client Connection: VPN Client to FVS336G	112
Configuring the FVS336G	113
Configuring the VPN Client	113
Testing the Connection	115
Configuring Extended Authentication (XAUTH)	115
Configuring XAUTH for VPN Clients	116
User Database Configuration	117
RADIUS Client Configuration	117
Manually Assigning IP Addresses to Remote Users (ModeConfig)	119
Mode Config Operation	119
Configuring the VPN Firewall	120
Configuring the ProSafe VPN Client for ModeConfig	123
Configuring Keepalives and Dead Peer Detection	125
Configuring Keepalive	125
Configuring NetBIOS Bridging with VPN	127
Chapter 6 Virtual Private Networking Using SSL Connections	129
Understanding the Portal Options	129
Planning for SSL VPN	130
Creating the Portal Layout	131
Configuring Domains, Groups, and Users	135
Configuring Applications for Port Forwarding	135
Adding Servers	136
Adding A New Host Name	137
Configuring the SSL VPN Client	138
Configuring the Client IP Address Range	139
Adding Routes for VPN Tunnel Clients	140
Replacing and Deleting Client Routes	140
Using Network Resource Objects to Simplify Policies	141
Adding New Network Resources	141
Configuring User, Group, and Global Policies	143
Viewing Policies	144
Adding a Policy	145
Chapter 7 Managing Users, Authentication, and Certificates	149
Adding Authentication Domains, Groups, and Users	149
Creating a Domain	149
Creating a Group	151
Creating a New User Account	152
Setting User Login Policies	154
Managing Certificates	156
Viewing and Loading CA Certificates	157
Viewing Active Self Certificates	158
Obtaining a Self Certificate from a Certificate Authority	159
Managing your Certificate Revocation List (CRL)	162
Chapter 8 Router and Network Management	165
Performance Management	165
Bandwidth Capacity	165
Features That Reduce Traffic	166
Features That Increase Traffic	169
Using QoS to Shift the Traffic Mix	172
Tools for Traffic Management	172
Changing Passwords and Administrator Settings	172
Enabling Remote Management Access	174
Using the Command Line Interface	176
Using an SNMP Manager	177
Configuration File Management	179
Upgrading the Firmware	181
Configuring Date and Time Service	182
Chapter 9 Monitoring System Performance	185
Enabling the Traffic Meter	185
Activating Notification of Events and Alerts	188
Viewing Firewall Logs	190
Viewing Router Configuration and System Status	191
Monitoring the Status of WAN Ports	193
Monitoring Attached Devices	194
Reviewing the DHCP Log	196
Monitoring Active Users	196
Viewing Port Triggering Status	197
Monitoring VPN Tunnel Connection Status	198
Reviewing the VPN Logs	199
Chapter 10 Troubleshooting	201
Basic Functions	201
Power LED Not On	202
LEDs Never Turn Off	202
LAN or WAN Port LEDs Not On	202
Troubleshooting the Web Configuration Interface	203
Troubleshooting the ISP Connection	204
Troubleshooting a TCP/IP Network Using a Ping Utility	205
Testing the LAN Path to Your VPN Firewall	205
Testing the Path from Your PC to a Remote Device	206
Restoring the Default Configuration and Password	207
Problems with Date and Time	207
Using the Diagnostics Utilities	208
Appendix A Default Settings and Technical Specifications	211
Appendix B Related Documents	215
Appendix C Network Planning for Dual WAN Ports	217
What You Will Need to Do Before You Begin	217
Cabling and Computer Hardware Requirements	219
Computer Network Configuration Requirements	219
Internet Configuration Requirements	220
Where Do I Get the Internet Configuration Parameters?	220
Internet Connection Information Form	221
Overview of the Planning Process	222
Inbound Traffic	222
Virtual Private Networks (VPNs)	222
The Roll-over Case for Firewalls With Dual WAN Ports	223
The Load Balancing Case for Firewalls With Dual WAN Ports	223
Inbound Traffic	224
Inbound Traffic to Single WAN Port (Reference Case)	224
Inbound Traffic to Dual WAN Port Systems	224
Virtual Private Networks (VPNs)	226
VPN Road Warrior (Client-to-Gateway)	227
VPN Gateway-to-Gateway	230
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	233

Match case Limit results 1 per page

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

Virtual Private Networking Using IPsec

5-21

v1.2, June 2008

–

RADIUS–CHAP

RADIUS–PAP

(depending on the authentication mode accepted

by the RADIUS server) to add a RADIUS server. If RADIUS–PAP is selected, the

VPN firewall will first check in the user database to see if the user credentials are

available. If the user account is not present, the VPN firewall will then connect to the

RADIUS server (see

“RADIUS Client Configuration” on page 5-21

•

IPsec Host

if you want to be authenticated by the remote gateway. In the adjacent

Username

and

Password

fields, type in the information user name and password

associated with the IKE policy for authenticating this gateway (by the remote gateway).

Click

Apply

to save your settings.

User Database Configuration

When XAUTH is enabled as an Edge Device, users must be authenticated either by a local User

Database account or by an external RADIUS server. Whether or not you use a RADIUS server,

you may want some users to be authenticated locally. These users must be added to the List of

Users table, as described in

“Creating a New User Account” on page 7-4

RADIUS Client Configuration

RADIUS (Remote Authentication Dial In User Service, RFC 2865) is a protocol for managing

Authentication, Authorization and Accounting (AAA) of multiple users in a network. A RADIUS

server will store a database of user information, and can validate a user at the request of a gateway

or server in the network when a user requests access to network resources. During the

establishment of a VPN connection, the VPN gateway can interrupt the process with an XAUTH

request. At that point, the remote user must provide authentication information such as a

username/password or some encrypted response using his username/password information. The

gateway will try to verify this information first against a local User Database (if RADIUS-PAP is

enabled) and then by relaying the information to a central authentication server such as a RADIUS

server.

To configure the Primary RADIUS Server:

Select VPN > IPsec VPN from the main menu.

Click the

RADIUS Client

tab. The

RADIUS Client

screen is displayed.