Home » Netgear Manuals » Bridges & Routers » Netgear FVX538 » Manual Viewer

Netgear FVX538 FVX538 Reference Manual - Page 103

Virtual Private Networking, Dual WAN Port Systems

UPC - 606449037234

Add to My Manuals
Save this manual to your list of manuals

Page 103 highlights

Chapter 5 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the VPN firewall. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. Tip: When using dual WAN port networks, use the VPN Wizard to configure the basic parameters and them edit the VPN and IKE Policy screens for the various VPN scenarios. Dual WAN Port Systems The dual WAN ports in the VPN firewall can be configured for either Auto-Rollover mode for increased system reliability or Load Balancing mode for optimum bandwidth efficiency. This WAN mode choice then impacts how the VPN features must be configured. Refer to "Virtual Private Networks (VPNs)" on page C-10 for an overview of the IP addressing requirements for VPN in the two WAN modes. To aid in determining the addressing requirements for your VPN Tunnel in either rollover mode or load balancing mode, see Table 5-1. Table 5-1. IP Addressing for VPNs in Dual WAN Port Systems Configuration and WAN IP address Rollover Modea VPN Road Warrior (client-to-gateway) Fixed Dynamic VPN Gateway-to-Gateway Fixed Dynamic VPN Telecommuter Fixed (client-to-gateway through a NAT router) Dynamic FQDN required FQDN required FQDN required FQDN required FQDN required FQDN required a. All tunnels must be re-established after a rollover using the new WAN IP address. Load Balancing Mode Allowed (FQDN optional) FQDN required Allowed (FQDN optional) FQDN required Allowed (FQDN optional) FQDN required Virtual Private Networking 5-1 v1.0, August 2006

Section	Page
ProSafe VPN Firewall 200 FVX538 Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Key Features	17
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	18
A Powerful, True Firewall with Content Filtering	18
Security Features	19
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	19
Trend Micro Integration	20
Easy Installation and Management	20
Maintenance and Support	21
Package Contents	21
Router Front Panel	22
Router Rear Panel	24
Rack Mounting Hardware	25
The Router’s IP Address, Login Name, and Password	25
Default Log In Settings	26
Chapter 2 Connecting the FVX538 to the Internet	29
Logging into the VPN Firewall	29
Configuring the Internet Connections to Your ISPs	30
Setting the Router’s MAC Address	33
Manually Configuring Your Internet Connection	33
Programming the Traffic Meter (if Desired)	35
Configuring the WAN Mode (Required for Dual WAN)	38
Setting Up Auto-Rollover Mode	39
Setting Up Load Balancing	41
Configuring Dynamic DNS (If Needed)	43
Configuring the Advanced WAN Options (If Needed)	46
Chapter 3 LAN Configuration	49
Using the Firewall as a DHCP server	49
Configuring the LAN Setup Options	50
Configuring Multi Home LAN IPs	52
Managing Groups and Hosts (LAN Groups)	54
Creating the Network Database	54
Setting Up Address Reservation	57
Configuring and Enabling the DMZ Port	58
Static Routes	60
Configuring Static Routes	60
Routing Information Protocol (RIP)	61
Static Route Example	63
Enabling Trend Micro Antivirus Enforcement	63
Chapter 4 Firewall Protection and Content Filtering	67
Using Rules to Block or Allow Specific Kinds of Traffic	67
Services-Based Rules	68
Order of Precedence for Rules	73
Setting LAN WAN Rules	73
Setting DMZ WAN Rules	76
Setting LAN DMZ Rules	78
Attack Checks	80
Inbound Rules Examples	82
Outbound Rules Example	86
Adding Customized Services	87
Setting Quality of Service (QoS) Priorities	89
Setting a Schedule to Block or Allow Specific Traffic	90
Setting Block Sites (Content Filtering)	91
Enabling Source MAC Filtering	93
Port Triggering	94
E-Mail Notifications of Event Logs and Alerts	97
Administrator Tips	101
Chapter 5 Virtual Private Networking	103
Dual WAN Port Systems	103
Setting up a VPN Connection using the VPN Wizard	105
Creating a VPN Tunnel to a Gateway	106
Creating a VPN Tunnel Connection to a VPN Client	109
VPN Tunnel Policies	112
IKE Policy	112
VPN Policy	114
VPN Tunnel Connection Status	115
Creating a VPN Gateway Connection: Between FVX538 and FVS338	116
Configuring the FVX538	116
Configuring the FVS338	121
Testing the Connection	122
Creating a VPN Client Connection: VPN Client to FVX538	122
Configuring the FVX538	122
Configuring the VPN Client	124
Testing the Connection	128
Certificate Authorities	129
Generating a Self Certificate Request	130
Uploading a Trusted Certificate	132
Managing your Certificate Revocation List (CRL)	132
Extended Authentication (XAUTH) Configuration	133
Configuring XAUTH for VPN Clients	134
User Database Configuration	136
RADIUS Client Configuration	137
Manually Assigning IP Addresses to Remote Users (ModeConfig)	139
Mode Config Operation	139
Configuring the VPN Firewall	140
Configuring the ProSafe VPN Client for ModeConfig	143
Chapter 6 Router and Network Management	149
Performance Management	149
Bandwidth Capacity	149
VPN Firewall Features That Reduce Traffic	150
VPN Firewall Features That Increase Traffic	153
Using QoS to Shift the Traffic Mix	155
Tools for Traffic Management	156
Administration	156
Changing Passwords and Settings	156
Enabling Remote Management Access	158
Using a SNMP Manager	159
Settings Backup and Firmware Upgrade	161
Setting the Time Zone	164
Monitoring the Router	165
Enabling the Traffic Meter	165
Setting Login Failures and Attacks Notification	167
Monitoring Attached Devices	168
Viewing Port Triggering Status	170
Viewing Router Configuration and System Status	171
Monitoring WAN Ports Status	172
Monitoring VPN Tunnel Connection Status	173
VPN Logs	174
DHCP Log	175
Performing Diagnostics	175
Chapter 7 Troubleshooting	179
Basic Functions	179
Power LED Not On	179
LEDs Never Turn Off	180
LAN or Internet Port LEDs Not On	180
Troubleshooting the Web Configuration Interface	180
Troubleshooting the ISP Connection	182
Troubleshooting a TCP/IP Network Using a Ping Utility	183
Testing the LAN Path to Your Firewall	183
Testing the Path from Your PC to a Remote Device	184
Restoring the Default Configuration and Password	185
Problems with Date and Time	185
Appendix A Default Settings and Technical Specifications	187
Appendix B Related Documents	191
Appendix C Network Planning for Dual WAN Ports	193
What You Will Need to Do Before You Begin	193
Cabling and Computer Hardware Requirements	195
Computer Network Configuration Requirements	195
Internet Configuration Requirements	195
Where Do I Get the Internet Configuration Parameters?	196
Internet Connection Information Form	197
Overview of the Planning Process	198
Inbound Traffic	198
Virtual Private Networks (VPNs)	198
The Roll-over Case for Firewalls With Dual WAN Ports	199
The Load Balancing Case for Firewalls With Dual WAN Ports	199
Inbound Traffic	200
Inbound Traffic to Single WAN Port (Reference Case)	200
Inbound Traffic to Dual WAN Port Systems	200
Virtual Private Networks (VPNs)	202
VPN Road Warrior (Client-to-Gateway)	203
VPN Gateway-to-Gateway	206
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	209