Netgear FVS338NA Reference Manual

Netgear FVS338NA Manual

Get Netgear FVS338NA PDF manuals and user guides View all Netgear FVS338NA manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FVS338NA manual content summary:

  • Netgear FVS338NA | Reference Manual - Page 1
    FVS338 ProSafe VPN Firewall 50 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA September 2006 202-10046-03 v1.0
  • Netgear FVS338NA | Reference Manual - Page 2
    or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not . Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe VPN Firewall 50 has been suppressed in accordance with the conditions set out in
  • Netgear FVS338NA | Reference Manual - Page 3
    . Read instructions for correct handling. Additional Copyrights AES Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. All to endorse or promote any products derived from this software without his specific prior written permission. This software is provided 'as is' with
  • Netgear FVS338NA | Reference Manual - Page 4
    ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
  • Netgear FVS338NA | Reference Manual - Page 5
    used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  • Netgear FVS338NA | Reference Manual - Page 6
    Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS338 September 2006 VPN firewall ProSafe VPN Firewall 50 Business English 202-10046-03 1.0 vi v1.0, September
  • Netgear FVS338NA | Reference Manual - Page 7
    Support 1-5 Package Contents ...1-5 Router Hardware Components 1-5 Router Front Panel 1-6 Router Rear Panel 1-7 Rack Mounting Hardware 1-8 Factory Default Login ...1-8 Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network 2-1 Logging in to the VPN Firewall
  • Netgear FVS338NA | Reference Manual - Page 8
    Protection and Content Filtering About Firewall Security 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-1 Services-Based Rules 4-2 Outbound Rules (Service Blocking 4-2 Inbound Rules (Port Forwarding 4-4 Order of Precedence for Firewall Rules 4-6 Setting LAN WAN Rules 4-7 LAN
  • Netgear FVS338NA | Reference Manual - Page 9
    Configuring the FVS338 5-13 Configuring the VPN Client 5-14 Testing the Connection 5-19 Extended Authentication (XAUTH) Configuration 5-20 Configuring XAUTH for VPN Clients 5-21 User Database Configuration 5-22 RADIUS Client Configuration 5-23 Manually Assigning IP Addresses to Remote Users
  • Netgear FVS338NA | Reference Manual - Page 10
    37 Chapter 6 Router and Network Management Performance Management 6-1 VPN Firewall Features That Reduce Traffic 6-1 Service Blocking 6-2 Block Sites ...6-3 Source MAC Filtering 6-4 VPN Firewall Features That Increase Traffic 6-4 Port Forwarding 6-4 Port Triggering 6-6 VPN Tunnels ...6-6 Using
  • Netgear FVS338NA | Reference Manual - Page 11
    Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications
  • Netgear FVS338NA | Reference Manual - Page 12
    xii v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 13
    Manual The NETGEAR® ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to install, configure and troubleshoot the ProSafe VPN Firewall 50. The information in this manual and server names, extensions, commands, IP addresses • Formats. This manual uses the following formats to highlight
  • Netgear FVS338NA | Reference Manual - Page 14
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Scope. This manual is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe VPN Firewall 50 September 2006 For more information about network, Internet, firewall, and VPN technologies, see
  • Netgear FVS338NA | Reference Manual - Page 15
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of
  • Netgear FVS338NA | Reference Manual - Page 16
    FVS338 ProSafe VPN Firewall 50 Reference Manual xvi v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 17
    establish restricted access policies based on time-of-day, Website addresses and address keywords, and share high-speed cable/DSL Internet access for a local network. The FVS338 is a plug-and-play device that can be installed and configured within minutes. Key Features The VPN firewall provides the
  • Netgear FVS338NA | Reference Manual - Page 18
    access from your LAN to Internet locations or services that you specify as off-limits. • Logs security incidents. The FVS338 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified
  • Netgear FVS338NA | Reference Manual - Page 19
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Port Forwarding with NAT. Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request. You can
  • Netgear FVS338NA | Reference Manual - Page 20
    FVS338 ProSafe VPN Firewall 50 Reference Manual Trend Micro Integration If you have installed the Trend Micro Client/Server/Messaging Suite for SMB on your local network, you can have the firewall enforce its use. When Antivirus Enforcement is selected, local PCs will not be allowed Web access
  • Netgear FVS338NA | Reference Manual - Page 21
    , you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number. • Visual monitoring. The VPN firewall's front panel LEDs provide an easy way to monitor its status and activity. Maintenance and Support NETGEAR offers the
  • Netgear FVS338NA | Reference Manual - Page 22
    FVS338 ProSafe VPN Firewall 50 Reference Manual Router Front Panel The ProSafe VPN Firewall 50 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. Power LED Figure 1-1 Test Modem Internet LED LED LEDs Local LEDs The table below describes
  • Netgear FVS338NA | Reference Manual - Page 23
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 1-1. Object Descriptions (continued) Object Activity Local LEDs Link/Act LED On (Green) Blinking (Green) Off 100 LED On (Green) Off Description The LAN port has detected a link with a connected Ethernet device. Data is being transmitted or
  • Netgear FVS338NA | Reference Manual - Page 24
    FVS338 ProSafe VPN Firewall 50 Reference Manual Rack Mounting Hardware The FVS338 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in Figure 1-3). Figure 1-3 Factory Default Login Check the label on the
  • Netgear FVS338NA | Reference Manual - Page 25
    FVS338 ProSafe VPN Firewall 50 Reference Manual To log in to the FVS338 once it is connected: 1. Open a Web browser. 2. Enter http://192.168.1.1 as the URL. Figure 1-5 3. Once the login screen displays (Figure 1-5), enter the following: • admin for User Name • password for Password Introduction
  • Netgear FVS338NA | Reference Manual - Page 26
    FVS338 ProSafe VPN Firewall 50 Reference Manual 1-10 v1.0, September 2006 Introduction
  • Netgear FVS338NA | Reference Manual - Page 27
    your router and wait for the Test LED to go out. Make sure your Ethernet and LAN LEDs are lit. (See the FVS338 ProSafe VPN Firewall 50 Installation Guide on your Resource CD.) 2. Log in to the firewall. After logging in, you are ready to set up and configure your firewall. You can also change your
  • Netgear FVS338NA | Reference Manual - Page 28
    FVS338 ProSafe VPN Firewall 50 Reference Manual To log in to the VPN firewall: 1. Open a Internet Explorer, Netscape® Navigator, or Firefox browser. In the browser window, enter http://192.168.1.1 in the address field. The FVS338 login screen will display. Figure 2-1 2. Enter admin for the User
  • Netgear FVS338NA | Reference Manual - Page 29
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 2-2 2. Click Auto Detect at the bottom of the screen to automatically detect the type of Internet connection provided by your ISP. Auto Detect will probe for different connection methods and suggest one that your ISP will most likely support.
  • Netgear FVS338NA | Reference Manual - Page 30
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-1. Internet connection methods Connection Method DHCP (Dynamic IP) Fixed IP Data Required No data is required. IP address your firewall and the cable or DSL line or to check your Router's MAC address (see "Setting the Router's MAC Address (
  • Netgear FVS338NA | Reference Manual - Page 31
    FVS338 ProSafe VPN Firewall 50 Reference Manual 1. Select Network Configuration from the main menu, WAN Settings from the submenu and click the Dialup ISP Settings tab to display the Dialup settings screen.
  • Netgear FVS338NA | Reference Manual - Page 32
    FVS338 ProSafe VPN Firewall 50 Reference Manual 3. Specify the method to use for your Dial-up Connection Status. The VPN firewall can automatically dial to the ISP when a connection is needed or can be configured to wait for manual intervention.: a. Check the Connect automatically disconnect after
  • Netgear FVS338NA | Reference Manual - Page 33
    FVS338 ProSafe VPN Firewall 50 Reference Manual Set up the traffic meter for the Dialup ISP if desired (see "Programming the Traffic Meter (if Desired)" on page 2-12). Note: The response time of your serial port Internet connection will be slower than a broadband Internet connection. Tip: If you
  • Netgear FVS338NA | Reference Manual - Page 34
    FVS338 ProSafe VPN Firewall 50 Reference Manual This could occur on some older broadband modems. If you know that the Ethernet port on your broadband modem supports is rarely required, and should not be done unless specifically required by the ISP, To change the MTU value for your dialup modem: 1.
  • Netgear FVS338NA | Reference Manual - Page 35
    VPN Firewall 50 Reference Manual . Figure 2-6 Manually Configuring Your Internet Connection If you know your Broadband ISP connection type, you can bypass the Auto Detect feature and connect your router manually. Ensure that you have all of the relevant connection information such as IP Addresses
  • Netgear FVS338NA | Reference Manual - Page 36
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 2-7 To manually configure your WAN1 ISP settings: 1. Does your Internet connection require a login? If you need to enter login type of IPS connection do you use? If your connection is PPPoE, PPTP or BigPond Cable, then you must login. Check the
  • Netgear FVS338NA | Reference Manual - Page 37
    FVS338 ProSafe VPN Firewall 50 Reference Manual - Domain Name: Cable, select this option and fill in the Login Server and Idle Timeout fields. The Login Server is the IP address of the local BigPond Login Server in your area. You can find login server information at http://www.netgear.com.sg/support
  • Netgear FVS338NA | Reference Manual - Page 38
    FVS338 ProSafe VPN Firewall 50 Reference Manual 4. If your ISP has not assigned any Domain Name Servers (DNS) addresses, select the Get dynamically from ISP radio box. If your ISP has assigned DNS addresses, select the Use these DNS Servers radio box. Ensure that you fill in valid DNS server IP
  • Netgear FVS338NA | Reference Manual - Page 39
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 2-8 Connecting the FVS338 to the Internet v1.0, September 2006 2-13
  • Netgear FVS338NA | Reference Manual - Page 40
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's Broadband or Dialup port. Broadband or Dialup can be selected by clicking the
  • Netgear FVS338NA | Reference Manual - Page 41
    FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring the WAN Mode The WAN Mode screen allows you to configure how your router uses your external Internet connections; for example, your WAN port or dialup modem connections. • NAT. NAT is the technology which allows all PCs on your LAN to share
  • Netgear FVS338NA | Reference Manual - Page 42
    Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, TZO.com or Iego.net. Once you have registered your domain name to their IP address, all FQDN traffic will
  • Netgear FVS338NA | Reference Manual - Page 43
    FVS338 ProSafe VPN Firewall 50 Reference Manual This router firmware includes software that notifies dynamic DNS servers of changes in the WAN IP address, so that the services running on this network can be accessed by others on the Internet. After you have configured your account information in the
  • Netgear FVS338NA | Reference Manual - Page 44
    FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Check the Dynamic DNS Service radio box you want to enable. The fields corresponding to the selection you have selected will be highlighted. Each DNS service provider requires its own parameters. 3. Access the Web site of one of the DDNS service
  • Netgear FVS338NA | Reference Manual - Page 45
    describes how to configure LAN Setup, LAN Groups and Routing (Static IP) features of your ProSafe VPN Firewall 50. These features can be found under the Network Configuration menu of the router interface. Configuring Your LAN (Local Area Network) By default, the firewall will function as a DHCP
  • Netgear FVS338NA | Reference Manual - Page 46
    FVS338 ProSafe VPN Firewall 50 Reference Manual To modify your LAN setup: 1. Select Network Configuration from the main menu and LAN Setup from the submenu. The LAN Setup screen will display. Figure 3-1 2. Enter the IP Address of your router (factory default: 192.168.1.1). (Always make sure that
  • Netgear FVS338NA | Reference Manual - Page 47
    FVS338 ProSafe VPN Firewall 50 Reference Manual b. Enter the Starting IP Address. This address specifies the first of the contiguous addresses in the IP address pool. Any new DHCP client joining the LAN will be assigned an IP address between this address and the Ending IP Address. The IP address 192
  • Netgear FVS338NA | Reference Manual - Page 48
    FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring Multi-Home LAN IPs If you have computers that are using different IP address ranges in the LAN (for example, 172.16.2.0 or 10.0.0.0), then you can add "aliases" to the LAN port which give computers on those networks access to the Internet.
  • Netgear FVS338NA | Reference Manual - Page 49
    FVS338 ProSafe VPN Firewall 50 Reference Manual Managing Groups and Hosts The Known PCs and Devices table on the Groups and Hosts screen contains a list of all known PCs and network devices, as well as hosts, that are assigned dynamic IP addresses by this router. Collectively, these entries make up
  • Netgear FVS338NA | Reference Manual - Page 50
    FVS338 ProSafe VPN Firewall 50 Reference Manual • A computer is identified by its MAC address-not its IP address. Hence, changing a computer's IP address does not affect any restrictions applied to that PC. This Known PCs and Devices table lists entries in the Network Database. For each computer or
  • Netgear FVS338NA | Reference Manual - Page 51
    FVS338 ProSafe VPN Firewall 50 Reference Manual To edit an entry in the Known PCs and Devices table: 1. Click Edit adjacent to the entry you want to modify. The Edit Known PCs and Devices screen will display. Make your modifications to the entry. 2. Click Apply to save your settings. The changes
  • Netgear FVS338NA | Reference Manual - Page 52
    FVS338 ProSafe VPN Firewall 50 Reference Manual Setting Up Address Reservation When you specify a reserved IP address for a device on the LAN (based on the MAC address of the device), that computer or device will always receive the same IP address each time it accesses the firewall other routers when
  • Netgear FVS338NA | Reference Manual - Page 53
    FVS338 ProSafe VPN Firewall 50 Reference Manual 5. Type the Destination IP Address or network of the route's final destination. 6. Enter the IP Subnet Mask for this destination. If the • Your primary Internet access is through a cable modem to an ISP. LAN Configuration 3-9 v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 54
    FVS338 ProSafe VPN Firewall 50 Reference Manual • You have an ISDN firewall on your home network for connecting to the company where you are employed. This firewall's address on your LAN is 192.168.1.100. • Your company's network is 134.177.0.0. When you first configured your firewall, two implicit
  • Netgear FVS338NA | Reference Manual - Page 55
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 3-5 To enable RIP: 1. Select Network routers. • Out Only - the router broadcasts its routing table periodically but does not accept RIP information from other routers. • In Only - the router accepts RIP information from other routers
  • Netgear FVS338NA | Reference Manual - Page 56
    FVS338 ProSafe VPN Firewall 50 Reference Manual • None - the router neither broadcasts its route table nor does it accept any RIP packets from other routers. This effectively disables RIP. 4. Select the RIP Version from the pull-down menu: • RIP-1 - classful routing and does not include subnet
  • Netgear FVS338NA | Reference Manual - Page 57
    FVS338 ProSafe VPN Firewall 50 Reference Manual 3. Enter the IP address of the OfficeScan Server on your local network. 4. Enter the 5-digit port number used for communications between the OfficeScan clients and the server. 5. Click Apply to enable Trend Micro. The Host Exclusion List table lists
  • Netgear FVS338NA | Reference Manual - Page 58
    FVS338 ProSafe VPN Firewall 50 Reference Manual 3-14 v1.0, September 2006 LAN Configuration
  • Netgear FVS338NA | Reference Manual - Page 59
    and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators can establish restricted access policies based on time-of-day, Web addresses and Web address keywords. You can also
  • Netgear FVS338NA | Reference Manual - Page 60
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Outbound: Allow all access from the LAN side to the outside. Services-Based Rules The rules to block traffic are based on the traffic's category of service. • Inbound Rules (port forwarding). Inbound traffic is normally blocked by the firewall unless
  • Netgear FVS338NA | Reference Manual - Page 61
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-1. Outbound Rules Fields Item Services Action Select Schedule LAN users WAN Users Description Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must
  • Netgear FVS338NA | Reference Manual - Page 62
    Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding. Whether or not DHCP is enabled and how the PCs will access the server's LAN address impact the Inbound Rules. For
  • Netgear FVS338NA | Reference Manual - Page 63
    address of the WAN1 or WAN2 ports or another public IP address. This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. By default, the priority shown is that of the selected service. The user can change
  • Netgear FVS338NA | Reference Manual - Page 64
    FVS338 ProSafe VPN Firewall 50 Reference Manual Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at
  • Netgear FVS338NA | Reference Manual - Page 65
    Setting LAN WAN Rules FVS338 ProSafe VPN Firewall 50 Reference Manual The Default Outbound Policy is to allow all traffic from and to the Internet to pass through. Firewall rules can then be applied to block specific types of traffic from either going out from the LAN to the Internet (Outbound) or
  • Netgear FVS338NA | Reference Manual - Page 66
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Down - to move the rule down one position in the table rank. 2. Check the radio box adjacent to the rule and click: • Click Disable to disable the rule. The "!" Status icon will change from green to grey, indicating that the rule is disabled. (By
  • Netgear FVS338NA | Reference Manual - Page 67
    Manual . Figure 4-3 LAN WAN Inbound Services Rules This Inbound Services Rules table lists all existing rules for inbound traffic. If you have not defined any rules, no rules will be listed. By default, all inbound traffic is blocked. WAN Users: Whether all WAN addresses or specific IP addresses
  • Netgear FVS338NA | Reference Manual - Page 68
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-4 Attack Checks This screen allows you to specify whether or not the router be used unless you have a specific diagnostic reason to do so. - Enable Stealth Mode. If enabled, the router will not respond to port scans from the WAN, thus making
  • Netgear FVS338NA | Reference Manual - Page 69
    FVS338 ProSafe VPN Firewall 50 Reference Manual • LAN Security Checks. A UDP flood is a form of denial of service attack that can be initiated when one machine sends a large number of UDP packets to random ports on a remote host. As a result, the distant host will (1) check for the application
  • Netgear FVS338NA | Reference Manual - Page 70
    FVS338 ProSafe VPN Firewall 50 Reference Manual . Figure 4-5 Inbound Rules Examples Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at
  • Netgear FVS338NA | Reference Manual - Page 71
    FVS338 ProSafe VPN Firewall 50 Reference Manual Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown to
  • Netgear FVS338NA | Reference Manual - Page 72
    FVS338 ProSafe VPN Firewall 50 Reference Manual 3. From the service pull-down menu, select the HTTP service for a Web server. 4. From the Action pull-down menu, select Allow Always. 5. In the Send to LAN Server field, enter the local IP address of your Web server PC. 6. From the Public Destination
  • Netgear FVS338NA | Reference Manual - Page 73
    FVS338 ProSafe VPN Firewall 50 Reference Manual . Figure 4-9 To test the connection from a PC on the Internet, type http://, where is the public IP address you have mapped to your Web server. You should see the home page of your Web server. Specifying an Exposed Host
  • Netgear FVS338NA | Reference Manual - Page 74
    FVS338 ProSafe VPN Firewall 50 Reference Manual 1. Select All protocols and ALLOW Always (or Allow by Schedule application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu. You can also have the firewall log any attempt to use
  • Netgear FVS338NA | Reference Manual - Page 75
    application. Although the FVS338 already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall rules. The Services menu shows a list of services that you have defined
  • Netgear FVS338NA | Reference Manual - Page 76
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-12 To add a service: 1. Select Security from the main menu and Services from the submenu. The Services screen will display. 2. In the Add Custom Service table, enter a descriptive name for the service (this is for your convenience). 3. Select
  • Netgear FVS338NA | Reference Manual - Page 77
    FVS338 ProSafe VPN Firewall 50 Reference Manual To edit the parameters of a service: 1. In the Custom Services Table, click the Edit icon adjacent to the service you want to edit. The Edit Service screen will display. 2. Modify the parameters you wish to change. 3. Click Reset to cancel the changes
  • Netgear FVS338NA | Reference Manual - Page 78
    FVS338 ProSafe VPN Firewall 50 Reference Manual Setting a Schedule to Block or Allow Traffic If you defined an outbound or inbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The firewall allows you to specify when blocking will be
  • Netgear FVS338NA | Reference Manual - Page 79
    FVS338 ProSafe VPN Firewall 50 Reference Manual Setting Block Sites (Content Filtering) If you want restrict internal LAN users from access to certain sites on the Internet, you can use the VPN firewall's Content Filtering and Web Components filtering. By default, these features are disabled; all
  • Netgear FVS338NA | Reference Manual - Page 80
    FVS338 ProSafe VPN Firewall 50 Reference Manual 5. Build your list of blocked Keywords or Domain entry.) 7. Click Reset to cancel your changes and revert to the previous settings. 8. Click Apply to save your settings. Figure 4-14 4-22 Firewall Protection and Content Filtering v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 81
    FVS338 ProSafe VPN Firewall 50 Reference Manual Enabling Source MAC Filtering Source MAC Filter allows you to filter out traffic coming from certain known machines or devices. • By default, the source MAC address filter is disabled. All the traffic received from PCs with any MAC address is allowed
  • Netgear FVS338NA | Reference Manual - Page 82
    FVS338 ProSafe VPN Firewall 50 Reference Manual 3. Build your list of Source MAC Addresses to be block by entering the first MAC address in the MAC Address field in the form xx:xx:xx:xx:xx:xx where x is a numeric (0 to 9) or an alphabet between and a and f (inclusive), for example: 00:e0:
  • Netgear FVS338NA | Reference Manual - Page 83
    FVS338 ProSafe VPN Firewall 50 Reference Manual To add a Port triggering rule: 1. Select Security from the main menu and Port Triggering from the submenu. The Port Triggering screen will display. 1. Enter a user-defined name for this rule in the Name field. 2. From the Enable pull-down menu,
  • Netgear FVS338NA | Reference Manual - Page 84
    FVS338 ProSafe VPN Firewall 50 Reference Manual b. Enter the End Port range (1 - 65534). 5. In the Incoming (Response) Port Range fields: a. Enter the Start Port range (1 - 65534). b. Enter the End Port range (1 - 65534). 6. Click Add. The Port Triggering Rule will be added to the Port Triggering
  • Netgear FVS338NA | Reference Manual - Page 85
    FVS338 ProSafe VPN Firewall 50 Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be configured to log and then e-mail denial of access, general attack information, and other information to a specified email address. For example, your VPN firewall will log security-
  • Netgear FVS338NA | Reference Manual - Page 86
    FVS338 ProSafe VPN Firewall 50 Reference Manual : Figure 4-18 To set up Firewall Logs and E-mail alerts: 1. Select Monitoring from the main menu and then Firewall Logs & E-mail from the submenu. The Firewall Logs & E-mail screen will display. 2. Enter the name of the log in the Log Identifier field
  • Netgear FVS338NA | Reference Manual - Page 87
    FVS338 ProSafe VPN Firewall 50 Reference Manual 4. In the Security Logs section, check the IP address b. Select the appropriate syslog facility from the SysLog Facility pull-down menu. he SysLog Facility levels of severity are described in Table 4-3 below. 10. Click Reset to cancel your changes
  • Netgear FVS338NA | Reference Manual - Page 88
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-3. SysLog Facility Message Levels (continued) Numerical Code Severity 5 Notice: Normal but significant conditions 6 Informational: Informational messages 7 Debug: Debug level messages To view the Firewall logs: 1. Click on the View Log
  • Netgear FVS338NA | Reference Manual - Page 89
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-4. Log Entry Descriptions Field Date and Time Description or Action Source IP Source port and interface Destination Destination port if any. The IP address of the initiating device for this log entry. The service port number of the initiating
  • Netgear FVS338NA | Reference Manual - Page 90
    FVS338 ProSafe VPN Firewall 50 Reference Manual 4-32 Firewall Protection and Content Filtering v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 91
    Port Systems Configuration and WAN IP address Rollover Modea VPN Road Warrior (client-to-gateway) VPN Gateway-to-Gateway VPN Telecommuter (client-to-gateway through a NAT router) Fixed Dynamic Fixed Dynamic Fixed Dynamic FQDN required FQDN required FQDN required FQDN required FQDN required FQDN
  • Netgear FVS338NA | Reference Manual - Page 92
    the Fully Qualified Domain Name (FQDN) as setup in a Dynamic DNS service. Both local and remote ends should be defined as either IP addresses or Internet Names (FQDN). A combination of IP address and Internet Name is not permissible. 6. Enter your Local WAN IP Address or Internet Name. 5-2 Virtual
  • Netgear FVS338NA | Reference Manual - Page 93
    FVS338 ProSafe VPN Firewall 50 Reference Manual The Local WAN IP address is the address used in the IKE negotiation phase. Automatically, the WAN IP address assigned by your ISP may display. You can modify the address to use your FQDN; required if the WAN Mode you selected is auto-rollover. 7. Enter
  • Netgear FVS338NA | Reference Manual - Page 94
    FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Click Apply. The VPN Client screen will display showing that the VPN Client has been enabled. Click the IKE Policies tab to view the corresponding IKE Client Policy. IKE Policies The IKE (Internet Key Exchange) protocol performs negotiations between
  • Netgear FVS338NA | Reference Manual - Page 95
    FVS338 ProSafe VPN Firewall 50 Reference Manual IKE Policy Table When you use the VPN Wizard to set up a VPN tunnel, an IKE Policy is established and populated in the Policy Table and is given the same name as the new VPN connection name. You can also edit exiting policies or add new IKE policies
  • Netgear FVS338NA | Reference Manual - Page 96
    VPN Policy and an IKE Policy is established and populated in both Tables on the VPN Policies screen. The name you selected as the VPN Tunnel connection name during Wizard setup identifies both the VPN Policy and IKE Policy. You can also edit exiting policies, add new VPN policies directly or change
  • Netgear FVS338NA | Reference Manual - Page 97
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Local. IP address (either a single address, range of address or subnet address) on your local LAN. Traffic must be from (or to) these addresses to be covered by this policy. (Subnet address is the default IP address when using the VPN Wizard). •
  • Netgear FVS338NA | Reference Manual - Page 98
    to configure a VPN connection between a NETGEAR FVS338 VPN Firewall and a NETGEAR FVX538 VPN Firewall. Using each firewall's VPN Wizard, we will create a set of policies (IKE and VPN) that will allow the two firewalls to connect from locations with fixed IP addresses. Either firewall can initiate
  • Netgear FVS338NA | Reference Manual - Page 99
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-1 The IKE Policies screen will display showing the new "to_fvx" policy. Figure 5-2 You can view the IKE parameters by clicking Edit in the Action column adjacent to the "tofvs" policy. It should not be necessary to make any changes. Virtual
  • Netgear FVS338NA | Reference Manual - Page 100
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-3 Click the IKE Policies tab to view the corresponding IKE Policy. The IKE Policies screen will display. Figure 5-4 You can view the VPN parameters by clicking Edit in the Actions column adjacent to "to_fvx". It should not be necessary to
  • Netgear FVS338NA | Reference Manual - Page 101
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-5 Configuring the FVX538 To configure the FVX538 using the VPN Wizard: 1. Select VPN from the main menu. The Policies screen will display. Click the VPN Wizard link. The VPN Wizard screen will display. 2. Check the Gateway radio box to
  • Netgear FVS338NA | Reference Manual - Page 102
    FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Enter the remote LAN IP address and subnet mask. 7. Click Apply to create the "to_fvs" IKE and VPN policies. Figure 5-6 Testing the Connection 1. From a PC on either firewall's LAN, try to ping a PC on the other firewall's LAN. Establishing the VPN
  • Netgear FVS338NA | Reference Manual - Page 103
    IP address is assumed to be unknown, the PC must always be the Initiator of the connection. This procedure was developed and tested using: • NETGEAR ProSafe VPN Firewall 50 FVS338 • NETGEAR ProSafe VPN Client • NAT router: NETGEAR FR114P Configuring the FVS338 To configure the FVS338 using the VPN
  • Netgear FVS338NA | Reference Manual - Page 104
    that has a NETGEAR ProSafe VPN Client installed, configure the client using the FVS338 VPN Client default parameters (displayed in both the IKE Policy table and the VPN Policy table of the FVS338 under the name "home"): • Local FQDN (the router): fvs_local.com • Remote FQDN (the client): fvs_remote
  • Netgear FVS338NA | Reference Manual - Page 105
    FVS338 ProSafe VPN Firewall 50 Reference Manual To configure the VPN Client: 1. Right-click on the VPN client icon in your Windows toolbar and select the Security Policy Editor. The Security Policy Editor screen will display. 2. In the upper left of the Policy Editor window, click the New Document
  • Netgear FVS338NA | Reference Manual - Page 106
    FVS338 ProSafe VPN Firewall 50 Reference Manual fvs_local.com Figure 5-9 8. In the left frame, click on My Identity (shown in Figure 5-10). 9. From the Select Certificate pull-down menu, select None. 10.
  • Netgear FVS338NA | Reference Manual - Page 107
    FVS338 ProSafe VPN Firewall 50 Reference Manual home11.fvs_remote.com 10.0.0.12 Figure 5-10 12. Before leaving the My Identity menu, click Pre-Shared Key. 13. Click Enter Key, and type your preshared key. Click OK. This key will be shared by all users of the FVS338 policy "home". 10.0.0.12 Figure
  • Netgear FVS338NA | Reference Manual - Page 108
    FVS338 ProSafe VPN Firewall 50 Reference Manual 14. In the left frame, click Security Policy (shown in Figure 5-12). 15. Select Phase 1 and select Proposal 1. Compare with the figure below. No changes should be necessary. Figure 5-13 5-18 v1.0, September 2006 Virtual Private Networking
  • Netgear FVS338NA | Reference Manual - Page 109
    FVS338 ProSafe VPN Firewall 50 Reference Manual 18. In the left frame, expand Key Exchange (Phase 2) and select Proposal 1. Compare with the figure below. No changes should be necessary. 19. In the upper left of the window, click the disk icon to save the policy. Figure 5-14 Testing the Connection
  • Netgear FVS338NA | Reference Manual - Page 110
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-15 Extended Authentication (XAUTH) Configuration When connecting many VPN clients to a VPN gateway router, an administrator may want a unique user authentication method beyond relying on a single common preshared key for all clients. Although
  • Netgear FVS338NA | Reference Manual - Page 111
    FVS338 ProSafe VPN Firewall 50 Reference Manual . Note: If a RADIUS-PAP server is enabled for authentication, XAUTH will first check the local User Database for the user credentials. If the user account is not present, the router will then connect to a RADIUS server. Configuring XAUTH for VPN
  • Netgear FVS338NA | Reference Manual - Page 112
    FVS338 ProSafe VPN Firewall 50 Reference Manual • IPSec Host if you want to be authenticated by the remote gateway. In the adjacent Username and Password fields, type in the information user name and password associated with the IKE policy for authenticating this gateway (by the remote gateway). 4.
  • Netgear FVS338NA | Reference Manual - Page 113
    FVS338 ProSafe VPN Firewall 50 Reference Manual 3. Enter a Password for the user, and reenter the password in the Confirm the user's name. The Edit User screen will display. 2. Make the required changes to the User Name or Password and click Apply to save your settings or Reset to cancel your
  • Netgear FVS338NA | Reference Manual - Page 114
    FVS338 ProSafe VPN Firewall 50 Reference Manual information such as a username/password or some encrypted response using his username/ password information. The gateway will try and verify this information first against a local of the RADIUS Server, the router's IP address may be sufficient as an
  • Netgear FVS338NA | Reference Manual - Page 115
    ProSafe VPN Firewall 50 Reference Manual Figure 5-18 Manually Assigning IP Addresses to Remote Users (ModeConfig) To simply the process of connecting remote VPN clients to the FVS338, the ModeConfig module can be used to assign IP addresses to remote users, including a network access IP address
  • Netgear FVS338NA | Reference Manual - Page 116
    FVS338 ProSafe VPN Firewall 50 Reference Manual ModeConfig Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration parameters such as IP address, subnet mask and name server addresses. The ModeConfig module will allocate an IP address from
  • Netgear FVS338NA | Reference Manual - Page 117
    FVS338 ProSafe VPN Firewall 50 Reference Manual 9. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 10. Click Apply. The new
  • Netgear FVS338NA | Reference Manual - Page 118
    FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Click Add to configure a new IKE Policy. The Add IKE Policy screen will display. used by any other IKE policies. This identifier will be used as part of the local identifier in the VPN client configuration. 6. Specify the IKE SA parameters. These
  • Netgear FVS338NA | Reference Manual - Page 119
    FVS338 ProSafe VPN Firewall 50 Reference Manual 9. If Edge Device was enabled, select the Authentication Type account is not present, the router will then connect to the RADIUS server. 10. Click Apply. The new policy will appear in the IKE Policies Table (a sample policy is shown below) Figure 5-20
  • Netgear FVS338NA | Reference Manual - Page 120
    menu and enter the WAN IP address of the VPN firewall; in this example it is "172.21.4.1". Figure 5-21 2. From the left side of the menu, click My Identity and enter the following information: a. Click Pre-Shared Key and enter the key you configured in the FVS338 IKE menu. 5-30 v1.0, September
  • Netgear FVS338NA | Reference Manual - Page 121
    FVS338 ProSafe VPN Firewall 50 Reference Manual b. From the Select Certificate pull-down menu, select None. c. From the ID Type pull-down menu, select Domain Name and create an identifier based on the name of the IKE policy you created; for example "salesperson11.remote_id.com". d. Under Virtual
  • Netgear FVS338NA | Reference Manual - Page 122
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 5-23 5. Click on Key Exchange (Phase 2) on the left-side of the menu and select Proposal 1. Enter the values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours (28800 seconds
  • Netgear FVS338NA | Reference Manual - Page 123
    FVS338 ProSafe VPN Firewall 50 Reference Manual To test the connection: 1. Right-click on the VPN client icon in the Windows toolbar and select Connect. The connection policy you configured will appear; in this case "My Connections\modecfg_test". 2. Click on the connection. Within 30 seconds the
  • Netgear FVS338NA | Reference Manual - Page 124
    FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Click Browse to locate the trusted certificate on your computer and then click Upload. The certificate will be stored on the router the same value in the Subject field. • Serial Number. This is the serial number maintained by the CA. It is used to
  • Netgear FVS338NA | Reference Manual - Page 125
    FVS338 ProSafe VPN Firewall 50 Reference Manual C=USA, ST=CA, L=Santa Clara, O=NETGEAR, OU=XX, CN=FVS338) • From the pull-down menus, select with the following information: • IP Address - If you have a fixed IP address, you may enter it here REQUEST---" 7. Following the instructions of the CA to complete
  • Netgear FVS338NA | Reference Manual - Page 126
    FVS338 ProSafe VPN Firewall 50 Reference Manual . Save to file Figure 5-26 To submit your Self Certificate request to a REQUEST---" and "---END CERTIFICATE REQUEST'). 4. Submit the CA form. If no problems ensue, the Certificate will be issued. 5-36 v1.0, September 2006 Virtual Private Networking
  • Netgear FVS338NA | Reference Manual - Page 127
    FVS338 ProSafe VPN Firewall 50 Reference Manual When you obtain the certificate from the CA, you can then upload it to your computer. Click Browse to locate the Certificate file and then
  • Netgear FVS338NA | Reference Manual - Page 128
    FVS338 ProSafe VPN Firewall 50 Reference Manual 5-38 v1.0, September 2006 Virtual Private Networking
  • Netgear FVS338NA | Reference Manual - Page 129
    Chapter 6 Router and Network Management This chapter describes how to use the network management features of your ProSafe VPN Firewall 50. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The ProSafe VPN Firewall 50 offers many tools for
  • Netgear FVS338NA | Reference Manual - Page 130
    FVS338 ProSafe VPN Firewall 50 Reference Manual Service Blocking You can control specific outbound traffic (for example., from LAN to WAN). Outbound Services lists all existing rules for outbound traffic. If you have not defined any rules, only the default rule will be listed. The default rule
  • Netgear FVS338NA | Reference Manual - Page 131
    FVS338 ProSafe VPN Firewall 50 Reference Manual See "Using Rules to Block or Allow Specific Kinds of Traffic" on page 4-1 for the procedure on how to use this feature. Services. The Rules menu contains a list of predefined Services for creating firewall rules. If a service this Router is local
  • Netgear FVS338NA | Reference Manual - Page 132
    with any MAC address is allowed. See "Enabling Source MAC Filtering" on page 4-23 for the procedure on how to use this feature. VPN Firewall Features That Increase Traffic Features that tend to increase WAN-side loading are as follows: • Port forwarding • Port triggering • DMZ port • Exposed hosts
  • Netgear FVS338NA | Reference Manual - Page 133
    used when this firewall is between two VPN tunnel end points. • Drop fragmented IP packets - Enable this to drop the fragmented IP packets. • UDP Flooding - Enable this to limit the number of UDP sessions created from one LAN machine. • TCP Flooding - Enable this to protect the router from Syn flood
  • Netgear FVS338NA | Reference Manual - Page 134
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Services - You can specify the desired Services or applications to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see "Adding Customized Services" on page 4-17).
  • Netgear FVS338NA | Reference Manual - Page 135
    FVS338 ProSafe VPN Firewall 50 Reference Manual Using QoS to Shift the Traffic Mix The QoS priority settings determine the priority and, in turn, the quality of service for the traffic passing through the firewall. The QoS is set individually for each service. • You can accept the default priority
  • Netgear FVS338NA | Reference Manual - Page 136
    FVS338 ProSafe VPN Firewall 50 Reference Manual To modify User or Admin settings: 1. Select Administration from the main menu and Set Password from the submenu. The Set Password screen will display. 2. Select
  • Netgear FVS338NA | Reference Manual - Page 137
    FVS338 ProSafe VPN Firewall 50 Reference Manual Note: The password and time-out value you enter will be changed back to password and 5 minutes, respectively, after a factory defaults reset. Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on
  • Netgear FVS338NA | Reference Manual - Page 138
    FVS338 ProSafe VPN Firewall 50 Reference Manual a. Specify what external addresses will be allowed to access the firewall's remote management. Note: For enhanced security, restrict access to as few external IP addresses as practical. b. To allow access from any IP address on the Internet, select
  • Netgear FVS338NA | Reference Manual - Page 139
    FVS338 ProSafe VPN Firewall 50 Reference Manual Note: If you are using a dynamic DNS service such as TZO, you can always identify the IP address of your FVS338 by running tracert from the Windows Run menu. For example, renter tracert yourFVS338.mynetgear.net and you will see the IP address your ISP
  • Netgear FVS338NA | Reference Manual - Page 140
    FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Click Edit in the Action column adjacent to the entry to modify or change the selected configuration. Figure 6-3 The SNMP System Info link displays the VPN firewall installed the VPN firewall and have then restore the VPN firewall settings from this
  • Netgear FVS338NA | Reference Manual - Page 141
    the original factory default settings, click default You must manually restart the VPN firewall in order for the default settings to take effect. After rebooting, the router's password will be password and the LAN IP address will be 192.168.1.1. The VPN firewall will act as a DHCP server on the LAN
  • Netgear FVS338NA | Reference Manual - Page 142
    on the will display all of the VPN firewall router statistics. When you upgrade your firmware, the Firmware Version will change to reflect the new version. To download a firmware version: 1. Go to the NETGEAR Web site at http://www.netgear.com/support and click on Downloads. 2. From the Product
  • Netgear FVS338NA | Reference Manual - Page 143
    FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Click Browse in the Router Upgrade section. 3. Locate the downloaded file and click upload. This will start the software upgrade to your VPN firewall router. This may take some time. At the conclusion of the upgrade, your router will reboot. Warning
  • Netgear FVS338NA | Reference Manual - Page 144
    FVS338 ProSafe VPN Firewall 50 Reference Manual If required, you can also enter the address of another NTP server in the Server 2 Name/IP Address field. If you select this option and leave either the Server 1 or Server 2 fields empty, they will be set to the Default Netgear NTP servers. 5. Click
  • Netgear FVS338NA | Reference Manual - Page 145
    FVS338 ProSafe VPN Firewall 50 Reference Manual Each WAN port is programmed separately. WAN port shuts down once traffic limit reached. An e-mail can be sent. Traffic Counter settings Internet starts only when traffic passed is at least 1 MB Router and Network Management v1.0, September 2006 6-17
  • Netgear FVS338NA | Reference Manual - Page 146
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 6-7 Setting Login Failures and Attacks Notification Figure 6-8 shows the Firewall Logs & E-mail screen that is invoked by selecting Monitoring from the main menu and selecting Firewall Logs & E-mail from the submenu. You can send a System log
  • Netgear FVS338NA | Reference Manual - Page 147
    Figure 6-8 FVS338 ProSafe VPN Firewall 50 Reference Manual View System Logs Select the types of events to email. Select the segments to track for System Log events. Enable email alerts. Syslog Server enabled Router and Network Management v1.0, September 2006 6-19
  • Netgear FVS338NA | Reference Manual - Page 148
    FVS338 ProSafe VPN Firewall 50 Reference Manual Monitoring Attached Devices The Groups and Hosts menu contains a table of all IP devices that the VPN firewall has discovered on the local server in this Router is enabled, and Setup screen) is strongly recommended. • Scanning the Network - The local
  • Netgear FVS338NA | Reference Manual - Page 149
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 6-1. Known PCs and Devices Item Name IP Address MAC Address Group Description The name of the PC or device. Sometimes, this can not be determined, and will be listed as Unknown. In this case, you
  • Netgear FVS338NA | Reference Manual - Page 150
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 6-2. Port Triggering Status data Item Rule LAN IP Address Open Ports Time Remaining Description The name of the Rule. The IP address of the PC currently using this rule. The Incoming ports which are associated the this rule. Incoming traffic
  • Netgear FVS338NA | Reference Manual - Page 151
    FVS338 ProSafe VPN Firewall 50 Reference Manual Item Description System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will change if you upgrade your router. LAN Port Displays the current
  • Netgear FVS338NA | Reference Manual - Page 152
    . The IPSec Connection Status screen will display. Figure 6-13 Table 6-3. IPSec Connection Status Fields Item Policy Name Endpoint Description The name of the VPN policy associated with this SA. The IP address on the remote VPN Endpoint. 6-24 v1.0, September 2006 Router and Network Management
  • Netgear FVS338NA | Reference Manual - Page 153
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 6-3. IPSec Connection Status Fields (continued) Item Tx (KB) Tx (Packets) State Action Description The amount of data transmitted over this SA. The number of IP packets transmitted over this SA. The current status of the SA.Phase 1 is
  • Netgear FVS338NA | Reference Manual - Page 154
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 6-15 Performing Diagnostics You can perform diagnostics such as pinging an IP address, performing a DNS lookup, displaying the routing table, rebooting the firewall, and capturing packets. Select Monitoring from the main menu and Diagnostics
  • Netgear FVS338NA | Reference Manual - Page 155
    FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 6-16 Table 6-4. Diagnostics Fields Item Description Ping or Trace an IP address Ping - Used to send a ping packet request to a specified IP address-most often, to test a connection. If the request times out (no reply is received), it
  • Netgear FVS338NA | Reference Manual - Page 156
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table 6-4. Diagnostics Fields Item Reboot the Router Packet Trace Description Used to perform a remote reboot (restart). You can use this if the Router seems to have become unstable or is not operating normally. Note: Rebooting will break any
  • Netgear FVS338NA | Reference Manual - Page 157
    Chapter 7 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe VPN Firewall 50. After each problem description, instructions are provided to help you diagnose and solve the problem. Basic Functions After you turn on power to the firewall, the following sequence
  • Netgear FVS338NA | Reference Manual - Page 158
    defaults. This will set the firewall's IP address to 192.168.1.1. This procedure is explained in "Restoring the Default Configuration and Password" on page 7-7. If the error persists, you might have a hardware problem and should contact technical support. LAN or Internet Port LEDs Not On If either
  • Netgear FVS338NA | Reference Manual - Page 159
    FVS338 ProSafe VPN Firewall 50 Reference Manual • Make sure your PC's IP address is on the same subnet as the firewall. If you are using the recommended addressing scheme, your PC's address should be in the range of 192.168.0.2 to 192.168.0.254. Note: If your PC's IP address is shown as 169.254.x.x:
  • Netgear FVS338NA | Reference Manual - Page 160
    FVS338 ProSafe VPN Firewall 50 Reference Manual Troubleshooting the ISP Connection If your firewall is unable to access the Internet, you should first determine whether the firewall is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address, your firewall
  • Netgear FVS338NA | Reference Manual - Page 161
    FVS338 ProSafe VPN Firewall 50 Reference Manual - Configure your firewall to spoof your PC's MAC address. This can be done in the Basic Settings menu. Refer to "Configuring your Internet Connection" on page 2-2. If your firewall can obtain an IP address, but your PC is unable to load any Web pages
  • Netgear FVS338NA | Reference Manual - Page 162
    FVS338 ProSafe VPN Firewall 50 Reference Manual If the path is not functioning correctly, you could have one of the following problems: • Wrong physical connections - Make sure the LAN port LED is on. If the LED is off, follow the instructions in "LAN or Internet Port LEDs Not On" on page 7-2. -
  • Netgear FVS338NA | Reference Manual - Page 163
    FVS338 ProSafe VPN Firewall 50 Reference Manual Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall's administration password to password and the IP address to 192.168.1.1. You can erase the current
  • Netgear FVS338NA | Reference Manual - Page 164
    FVS338 ProSafe VPN Firewall 50 Reference Manual 7-8 Troubleshooting v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 165
    FVS338 Default Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Local Network (LAN) Lan IP Subnet Mask RIP Direction RIP Version RIP Authentication DHCP Server DHCP Starting IP Address
  • Netgear FVS338NA | Reference Manual - Page 166
    coming in from Disabled (except traffic on port 80, the http port) the Internet) Outbound (communications going out to Enabled (all) the Internet) Source MAC filtering Disabled Stealth Mode Enabled Technical Specifications for the ProSafe VPN Firewall 50 are listed in the following table
  • Netgear FVS338NA | Reference Manual - Page 167
    FVS338 ProSafe VPN Firewall 50 Reference Manual Table A-2. VPN firewall Default Technical Specifications Feature Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: Specification 0° to 40° C (
  • Netgear FVS338NA | Reference Manual - Page 168
    FVS338 ProSafe VPN Firewall 50 Reference Manual A-4 Default Settings and Technical Specifications v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 169
    htm TCP/IP Addressing: Wireless Communications: http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm Network Access: Virtual Private Networking (VPN): http://documentation.netgear.com/reference
  • Netgear FVS338NA | Reference Manual - Page 170
    FVS338 ProSafe VPN Firewall 50 Reference Manual B-2 Related Documents v1.0, September 2006
  • Netgear FVS338NA | Reference Manual - Page 171
    Add LAN WAN Inbound Service screen 4-9, 4-13 Add LAN WAN Outbound Service screen 4-8 address reservation 3-8 AH VPN Policies, use with 5-7 antivirus Authentication Header. See AH. Auto Uplink 1-3 Auto VPN Policies 5-6 Available Secondary LAN IPs 3-4 B backup and restore settings configuration of 6-
  • Netgear FVS338NA | Reference Manual - Page 172
    FVS338 ProSafe VPN Firewall 50 Reference Manual managing 5-37 crossover cable 1-3, 7-2 Customized Services 4-2 service port numbers 4-17 D date troubleshooting 7-7 Daylight Savings Time setting 6-15 default configuration restoring 7-7 default firewall rules 4-1 Inbound 4-1 Outbound 4-2 Default
  • Netgear FVS338NA | Reference Manual - Page 173
    4-5 firewall 4-1 Port Forwarding 4-4 Increased Traffic Port Triggering 6-6 Increased traffic Port Forwarding 6-4 VPN tunnels 6-6 installation 1-4 Internet configuring the connection manually 2-9 connection configuration 2-2 traffic information 6-25 Internet Protocol Numbers 4-17 IP Address LAN Setup
  • Netgear FVS338NA | Reference Manual - Page 174
    explanation of 1-6 troubleshooting 7-2 LEDs Never Turn Off 7-2 load balancing 5-1 local network monitoring 6-20 Local Public Web Server 4-12 Log Entry Descriptions 4-31 Login Failures notification of 6-18 Logs screen 4-30 M MAC address 7-6 spoofing 7-5 Manual VPN Policies creating 5-6 Mode Config
  • Netgear FVS338NA | Reference Manual - Page 175
    an IP address 6-26 port filtering 4-2 Outbound Rules 4-2 Port Forwarding 4-2, 4-4, 6-4 Inbound Rules 4-4 port forwarding 6-4 port numbers 4-17 port service numbers common protocols 4-17 Port Triggering 6-6 about 4-24 guidelines 4-24 Status 4-26 FVS338 ProSafe VPN Firewall 50 Reference Manual
  • Netgear FVS338NA | Reference Manual - Page 176
    FVS338 ProSafe VPN Firewall 50 Reference Manual ToS 4-19 RFC 2453 RIP 3-10 RIP 1-3 about 3-10 enabling 3-11 multicasting guidelines 3-12 RIP Configuration screen 3-11 rollover 5-1 Router Status 6-22 Router Status screen 6-22 Router Upgrade 6-14 Routing Information Protocol. See RIP Routing screen
  • Netgear FVS338NA | Reference Manual - Page 177
    upgrade firmware 6-12 upgrade router steps to 6-14 User Database configuring 5-22 XAUTH, use with 5-21 User Database screen 5-22 V Videoconferencing from restricted addresses 4-13 FVS338 ProSafe VPN Firewall 50 Reference Manual Virtual Private Networking. See VPN VPN 5-12 activity, monitoring 6-25
  • Netgear FVS338NA | Reference Manual - Page 178
    FVS338 ProSafe VPN Firewall 50 Reference Manual content filtering 4-21 Web configuration troubleshooting 7-2 Windows NetBios Server IP. See WINS Server IP. WINS Server IP LAN Setup 3-3 with 1-2 X XAUTH 5-13 about 5-20 configuring 5-21 Edge Device 5-20 IPSec Host 5-20 RADIUS-CHAP 5-21 RADIUS-PAP 5-21
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
September 2006
202-10046-03
v1.0
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
FVS338 ProSafe VPN
Firewall 50 Reference
Manual