Home » Netgear Manuals » Bridges & Routers » Netgear FVS338 » Manual Viewer

Netgear FVS338 FVS338 Reference Manual - Page 131

DHCP Client Request, Scanning the Network, Keyword and Domain Name Blocking, Web Component Blocking

UPC - 606449037197

Add to My Manuals
Save this manual to your list of manuals

Page 131 highlights

FVS338 ProSafe VPN Firewall 50 Reference Manual Groups and Hosts. You can apply these rules selectively to groups of PCs to reduce the outbound or inbound traffic. The Network Database is an automatically-maintained list of all known PCs and network devices. PCs and devices become known by the following methods: • DHCP Client Request - By default, the DHCP server in this Router is enabled, and will accept and respond to DHCP client requests from PCs and other network devices. These requests also generate an entry in the Network Database. Because of this, leaving the DHCP Server feature (on the LAN screen) enabled is strongly recommended. • Scanning the Network - The local network is scanned using standard methods such as ARP. This will detect active devices which are not DHCP clients. However, sometimes the name of the PC or device cannot be accurately determined, and will be shown as Unknown. See "Managing Groups and Hosts" on page 3-6for the procedure on how to use this feature. Schedule. If you have set firewall rules on the Rules screen, you can configure three different schedules (i.e., schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a schedule is configured, it affects all Rules that use this schedule. You specify the days of the week and time of day for each schedule. See "Setting a Schedule to Block or Allow Specific Traffic" on page 4-20 for the procedure on how to use this feature. Block Sites If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the VPN firewall's filtering feature. By default, this feature is disabled; all requested traffic from any Web site is allowed. • Keyword (and Domain Name) Blocking - You can specify up to 32 words that, should they appear in the Web site name (URL) or in a newsgroup name, will cause that site or newsgroup to be blocked by the VPN firewall. You can apply the keywords to one or more groups. Requests from the PCs in the groups for which keyword blocking has been enabled will be blocked. Blocking does not occur for the PCs that are in the groups for which keyword blocking has not been enabled. You can bypass keyword blocking for trusted domains by adding the exact matching domain to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for which keyword blocking has been enabled will still be allowed without any blocking. • Web Component Blocking - You can block the following Web component types: Proxy, Java, ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component blocking when the blocking of a particular Web component has been enabled. Router and Network Management 6-3 v1.0, March 2009

Section	Page
FVS338 ProSafe VPN Firewall 50 Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats and Scope	13
Revision History	14
Chapter 1 Introduction	15
Key Features	15
Full Routing on Both the Broadband and Serial WAN Ports	16
A Powerful, True Firewall with Content Filtering	16
Security	17
Autosensing Ethernet Connections with Auto Uplink	17
Extensive Protocol Support	17
Easy Installation and Management	18
Maintenance and Support	19
Package Contents	20
Router Hardware Components	20
Router Front Panel	20
Router Rear Panel	22
Factory Default Login	23
Chapter 2 Connecting the FVS338 to the Internet	25
Connecting the VPN Firewall to Your Network	25
Logging in to the VPN Firewall	25
Configuring your Internet Connection	26
Setting the Router’s MAC Address (Advanced Options)	30
Manually Configuring Your Internet Connection	32
Programming the Traffic Meter (if Desired)	35
Configuring the WAN Mode	37
Configuring Dynamic DNS (If Needed)	38
Chapter 3 LAN Configuration	41
Choosing the Firewall DHCP Options	41
Configuring the LAN Setup Options	42
Configuring Multi-Home LAN IPs	45
Managing Groups and Hosts	46
Creating the Network Database	47
Setting Up Address Reservation	50
Configuring Static Routes	50
Static Route Example	51
RIP Configuration	52
Chapter 4 Firewall Protection and Content Filtering	55
About Firewall Security	55
Using Rules to Block or Allow Specific Kinds of Traffic	56
Setting LAN WAN Rules	61
LAN WAN Outbound Services Rules	62
LAN WAN Inbound Services Rules	63
Attack Checks	64
Session Limit	66
Inbound Rules Examples	67
Outbound Rules Example – Blocking Instant Messenger	70
Adding Customized Services	71
Specifying Quality of Service (QoS) Priorities	73
Setting a Schedule to Block or Allow Specific Traffic	74
Setting Block Sites (Content Filtering)	74
Enabling Source MAC Filtering	77
IP/MAC Binding	78
Setting Up Port Triggering	80
Bandwidth Limiting	82
E-Mail Notifications of Event Logs and Alerts	84
Administrator Information	88
Chapter 5 Virtual Private Networking	93
Considerations for Dual WAN Port Systems	93
Using the VPN Wizard for Client and Gateway Configurations	94
Creating Gateway to Gateway VPN Tunnels with the Wizard	94
Creating a Client to Gateway VPN Tunnel	97
Testing the Connections and Viewing Status Information	103
NETGEAR VPN Client Status and Log Information	103
FVS338 VPN Connection Status and Logs	105
IKE Policies	106
IKE Policy Operation	106
IKE Policy Table	107
VPN Policies	108
VPN Policy Operation	108
VPN Policy Table	108
VPN Tunnel Connection Status	109
Extended Authentication (XAUTH) Configuration	110
Configuring XAUTH for VPN Clients	111
User Database Configuration	112
RADIUS Client Configuration	113
Assigning IP Addresses to Remote Users (ModeConfig)	115
ModeConfig Operation	116
Setting Up ModeConfig	116
Configuring the ProSafe VPN Client for ModeConfig	120
Certificates	123
Trusted Certificates (CA Certificates)	124
Self Certificates	125
Managing your Certificate Revocation List (CRL)	128
Chapter 6 Router and Network Management	129
Performance Management	129
VPN Firewall Features That Reduce Traffic	129
VPN Firewall Features That Increase Traffic	132
Using QoS to Shift the Traffic Mix	134
Tools for Traffic Management	135
Administration	135
Changing Passwords and Settings	135
RADIUS Server External Authentication	137
Enabling Remote Management Access	138
Using a SNMP Manager	141
Settings Backup and Firmware Upgrade	143
Setting the Time Zone	145
Monitoring the Router	146
Enabling the Traffic Meter	147
Setting Login Failures and Attacks Notification	148
Viewing Port Triggering Status	150
Viewing Router Configuration and System Status	151
Monitoring WAN Ports Status	152
Monitoring VPN Tunnel Connection Status	153
VPN Logs	154
DHCP Log	154
Performing Diagnostics	155
Chapter 7 Troubleshooting	159
Basic Functions	159
Power LED Not On	159
LEDs Never Turn Off	160
LAN or Internet Port LEDs Not On	160
Troubleshooting the Web Configuration Interface	160
Troubleshooting the ISP Connection	162
Troubleshooting a TCP/IP Network Using a Ping Utility	163
Testing the LAN Path to Your Firewall	163
Testing the Path from Your PC to a Remote Device	164
Restoring the Default Configuration and Password	165
Problems with Date and Time	165
Appendix A Default Settings and Technical Specifications	167
Appendix B System Logs and Error Messages	171
System Log Messages	171
System Startup	171
Reboot	172
NTP	172
Login/Logout	173
Firewall Restart	173
IPSec Restart	174
WAN Status	174
Web Filtering and Content Filtering Logs	177
Traffic Metering Logs	179
Unicast Logs	179
FTP Logging	180
Invalid Packet Logging	180
Routing Logs	183
LAN to WAN Logs	184
WAN to LAN Logs	184
Appendix C Related Documents	185
Appendix D Two Factor Authentication	187
Why do I need Two-Factor Authentication?	187
What are the benefits of Two-Factor Authentication?	187
What is Two-Factor Authentication	188
NETGEAR Two-Factor Authentication Solutions	188

Match case Limit results 1 per page

FVS338 ProSafe VPN Firewall 50 Reference Manual

Router and Network Management

6-3

v1.0, March 2009

Groups and Hosts.

You can apply these rules selectively to groups of PCs to reduce the

outbound or inbound traffic. The Network Database is an automatically-maintained list of all

known PCs and network devices. PCs and devices become known by the following methods:

•

DHCP Client Request

– By default, the DHCP server in this Router is enabled, and will

accept and respond to DHCP client requests from PCs and other network devices. These

requests also generate an entry in the Network Database. Because of this, leaving the DHCP

Server feature (on the LAN screen) enabled is strongly recommended.

•

Scanning the Network

– The local network is scanned using standard methods such as ARP.

This will detect active devices which are not DHCP clients. However, sometimes the name of

the PC or device cannot be accurately determined, and will be shown as Unknown.

See

“Managing Groups and Hosts” on page 3-6

for the procedure on how to use this feature.

Schedule.

If you have set firewall rules on the Rules screen, you can configure three different

schedules (i.e., schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a

schedule is configured, it affects all Rules that use this schedule. You specify the days of the week

and time of day for each schedule.

See

“Setting a Schedule to Block or Allow Specific Traffic” on page 4-20

for the procedure on

how to use this feature.

Block Sites

If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the

VPN firewall's filtering feature. By default, this feature is disabled; all requested traffic from any

Web site is allowed.

•

Keyword (and Domain Name) Blocking

– You can specify up to 32 words that, should they

appear in the Web site name (URL) or in a newsgroup name, will cause that site or newsgroup

to be blocked by the VPN firewall.

You can apply the keywords to one or more groups. Requests from the PCs in the groups for

which keyword blocking has been enabled will be blocked. Blocking does not occur for the

PCs that are in the groups for which keyword blocking has not been enabled.

You can bypass keyword blocking for trusted domains by adding the exact matching domain

to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for

which keyword blocking has been enabled will still be allowed without any blocking.

•

Web Component Blocking

– You can block the following Web component types: Proxy,

Java, ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web

component blocking when the blocking of a particular Web component has been enabled.