Home » Netgear Manuals » Bridges & Routers » Netgear FVX538 » Manual Viewer

Netgear FVX538 FVX538 Reference Manual - Page 140

Block Sites, You can apply the keywords to one or more groups. Requests from the PCs in the groups

UPC - 606449037234

Add to My Manuals
Save this manual to your list of manuals

Page 140 highlights

Reference Manual for the ProSafe VPN Firewall 200 FVX538 • Scanning the Network-The local network is scanned using standard methods such as arp. This will detect active devices which are not DHCP clients. However, sometimes the name of the PC or device cannot be accurately determined, and will be shown as Unknown. See "Managing Groups and Hosts" on page 6-20 for the procedure on how to use this feature. Schedule If you have set firewall rules on the Rules screen, you can configure three different schedules (i.e., schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a schedule is configured, it affects all Rules that use this schedule. You specify the days of the week and time of day for each schedule. See "Using a Schedule to Block or Allow Specific Traffic" on page 6-22 for the procedure on how to use this feature. Block Sites If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the VPN firewall's filtering feature. By default, this feature is disabled; all requested traffic from any Web site is allowed. • Keyword (and domain name) blocking-You can specify up to 32 words that, should they appear in the website name (i.e., URL) or in a newsgroup name, will cause that site or newsgroup to be blocked by the VPN firewall. You can apply the keywords to one or more groups. Requests from the PCs in the groups for which keyword blocking has been enabled will be blocked. Blocking does not occur for the PCs that are in the groups for which keyword blocking has not been enabled. You can bypass keyword blocking for trusted domains by adding the exact matching domain to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for which keyword blocking has been enabled will still be allowed without any blocking. • Web component blocking-You can block the following Web component types: Proxy, Java, ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component blocking when the blocking of a particular Web component has been enabled. See "Block Sites" on page 6-24 for the procedure on how to use this feature. 8-4 Router and Network Management January 2005

Section	Page
Reference Manual for the ProSafe VPN Firewall 200 FVX538	1
Product and Publication Details	6
Contents	7
Chapter 1 About This Manual	15
Audience, Scope, Conventions, and Formats	15
How to Use This Manual	16
How to Print this Manual	17
Chapter 2 Introduction	19
Key Features of the VPN Firewall	19
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	20
A Powerful, True Firewall with Content Filtering	20
Security	21
Autosensing Ethernet Connections with Auto Uplink	21
Extensive Protocol Support	22
Easy Installation and Management	22
Maintenance and Support	23
Package Contents	23
The Router’s Front Panel	24
The Router’s Rear Panel	26
Rack Mounting the Router	26
The Router’s IP Address, Login Name, and Password	27
Logging into the Router	27
Default Factory Settings	28
NETGEAR Related Products	29
Chapter 3 Network Planning	31
Overview of the Planning Process	31
Inbound Traffic	31
Virtual Private Networks (VPNs)	31
The Roll-over Case for Firewalls With Dual WAN Ports	32
The Load Balancing Case for Firewalls With Dual WAN Ports	32
Inbound Traffic	33
Inbound Traffic to Single WAN Port (Reference Case)	33
Inbound Traffic to Dual WAN Port Systems	33
Inbound Traffic: Dual WAN Ports for Improved Reliability	34
Inbound Traffic: Dual WAN Ports for Load Balancing	34
Virtual Private Networks (VPNs)	35
VPN Road Warrior (Client-to-Gateway)	36
VPN Road Warrior: Single Gateway WAN Port (Reference Case)	36
VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability	37
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing	38
VPN Gateway-to-Gateway	39
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)	39
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability	40
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing	41
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	42
VPN Telecommuter: Single Gateway WAN Port (Reference Case)	42
VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability	43
VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing	44
Chapter 4 Connecting the FVX538 to the Internet	45
What You Will Need to Do Before You Begin	45
Cabling and Computer Hardware Requirements	47
Computer Network Configuration Requirements	47
Internet Configuration Requirements	47
Where Do I Get the Internet Configuration Parameters?	48
Record Your Internet Connection Information	49
Connecting the FVX538 ProSafe VPN Firewall 200	50
Step 1: Physically Connect the VPN Firewall to Your Network (Required)	51
Step 2: Log in to the VPN Firewall (Required)	51
Step 3: Configure the Internet Connections to Your ISPs (Required)	52
Manually Configuring Your Internet Connection	56
Programming the Traffic Meter (if Desired)	57
Step 4: Configure the WAN Mode (Required for Dual WAN)	59
Rollover Setup	60
Load Balancing (and Protocol Binding) Setup	61
Step 5: Configure Dynamic DNS (If Needed)	64
Step 6: Configure the WAN Options (If Needed)	67
Chapter 5 LAN Configuration	69
Using the LAN IP Setup Options	69
Configuring LAN TCP/IP Setup Parameters	70
Using the Firewall as a DHCP server	72
Using Address Reservation	73
Multi Home LAN IPs	74
DMZ Setup	74
Step 1: Enable the DMZ port	75
Step 2: Define the DMZ port rules	76
Configuring Static Routes	77
Chapter 6 Firewall Protection and Content Filtering	79
Firewall Protection and Content Filtering Overview	79
Using Rules to Block or Allow Specific Kinds of Traffic	79
Services-Based Rules	82
Inbound Rules (Port Forwarding)	83
Outbound Rules (Service Blocking)	91
Customized Services	94
Quality of Service (QoS) Priorities	96
Managing Groups and Hosts	98
Using a Schedule to Block or Allow Specific Traffic	100
Time Zone	102
Block Sites	102
Source MAC Filtering	105
Port Triggering	106
Getting E-Mail Notifications of Event Logs and Alerts	108
Syslog	111
Viewing Logs of Web Access or Attempted Web Access	111
Administrator Information	113
Chapter 7 Virtual Private Networking	115
Dual WAN Port Systems	115
Rollover vs. Load Balancing Mode	115
Fully Qualified Domain Names	116
Creating a VPN Connection: Between FVX538 and FVX538	119
Configuring the FVX538	119
Configuring the FVS338	123
Testing the Connection	125
Creating a VPN Connection: Netgear VPN Client to FVX538	125
Configuring the FVX538	126
Configuring the VPN Client	126
Testing the Connection	134
Chapter 8 Router and Network Management	137
Performance Management	137
Bandwidth Capacity	137
VPN Firewall Features That Reduce Traffic	138
Service Blocking	138
Block Sites	140
Source MAC Filtering	141
VPN Firewall Features That Increase Traffic	141
Port Forwarding	141
Port Triggering	143
DMZ Port	143
VPN Tunnels	144
Using QoS to Shift the Traffic Mix	144
Tools for Traffic Management	144
Administrator and Guest Access Authorization	144
Changing the Passwords and Login Timeout	145
Enabling Remote Management Access	145
Command Line Interface	147
Event Alerts	148
WAN Port Rollover	148
Traffic Limits Reached	148
Login Failures and Attacks	149
Monitoring	151
Viewing VPN Firewall Status and Time Information	151
Firewall Status	151
Time Information	153
WAN Ports	155
WAN Port Connection Status	155
Dynamic DNS Status	156
Internet Traffic Information	156
LAN Ports and Attached Devices	157
Known PCs and Devices	157
DHCP Log	159
Port Triggering Status	159
Firewall	160
VPN Tunnels	163
SNMP	164
Diagnostics	164
Configuration File Management	166
Restoring and Backing Up the Configuration	167
Upgrading the Firewall Software	167
Erasing the Configuration (Factory Defaults Reset)	168
Chapter 9 Troubleshooting	171
Basic Functioning	171
Power LED Not On	171
LEDs Never Turn Off	172
LAN or Internet Port LEDs Not On	172
Troubleshooting the Web Configuration Interface	173
Troubleshooting the ISP Connection	174
Troubleshooting a TCP/IP Network Using a Ping Utility	175
Testing the LAN Path to Your Firewall	175
Testing the Path from Your PC to a Remote Device	176
Restoring the Default Configuration and Password	177
Problems with Date and Time	177
Appendix A Technical Specifications	179
Appendix B Network, Routing, Firewall, and Basics	181
Related Publications	181
Basic Router Concepts	181
What is a Router?	182
Routing Information Protocol	182
IP Addresses and the Internet	182
Netmask	184
Subnet Addressing	185
Private IP Addresses	187
Single IP Address Operation Using NAT	188
MAC Addresses and Address Resolution Protocol	189
Related Documents	189
Domain Name Server	190
IP Configuration by DHCP	190
Internet Security and Firewalls	190
What is a Firewall?	191
Stateful Packet Inspection	191
Denial of Service Attack	191
Ethernet Cabling	191
Category 5 Cable Quality	192
Inside Twisted Pair Cables	193
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	194
Appendix C Preparing Your Network	197
Preparing Your Computers for TCP/IP Networking	197
Configuring Windows 95, 98, and Me for TCP/IP Networking	198
Install or Verify Windows Networking Components	198
Enabling DHCP to Automatically Configure TCP/IP Settings	200
Selecting Windows’ Internet Access Method	202
Verifying TCP/IP Properties	202
Configuring Windows NT4, 2000 or XP for IP Networking	203
Install or Verify Windows Networking Components	203
Enabling DHCP to Automatically Configure TCP/IP Settings	204
DHCP Configuration of TCP/IP in Windows XP	204
DHCP Configuration of TCP/IP in Windows 2000	206
DHCP Configuration of TCP/IP in Windows NT4	209
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	211
Configuring the Macintosh for TCP/IP Networking	212
MacOS 8.6 or 9.x	212
MacOS X	212
Verifying TCP/IP Properties for Macintosh Computers	213
Verifying the Readiness of Your Internet Account	214
Are Login Protocols Used?	214
What Is Your Configuration Information?	214
Obtaining ISP Configuration Information for Windows Computers	215
Obtaining ISP Configuration Information for Macintosh Computers	216
Restarting the Network	217
Appendix D Virtual Private Networking	219
What is a VPN?	219
What Is IPSec and How Does It Work?	220
IPSec Security Features	220
IPSec Components	220
Encapsulating Security Payload (ESP)	221
Authentication Header (AH)	222
IKE Security Association	222
Mode	223
Key Management	224
Understand the Process Before You Begin	224
VPN Process Overview	225
Network Interfaces and Addresses	225
Interface Addressing	225
Firewalls	226
Setting Up a VPN Tunnel Between Gateways	226
VPNC IKE Security Parameters	228
VPNC IKE Phase I Parameters	228
VPNC IKE Phase II Parameters	229
Testing and Troubleshooting	229
Additional Reading	229
Glossary	231
List of Glossary Terms	231
Numeric	231
A	232
B	232
C	233
D	233
E	234
G	235
I	235
L	237
M	237
P	238
Q	239
R	239
S	239
T	240
U	240

Match case Limit results 1 per page

Reference Manual for the ProSafe VPN Firewall 200 FVX538

8-4

Router and Network Management

January 2005

•

Scanning the Network—The local network is scanned using standard methods such as arp.

This will detect active devices which are not DHCP clients. However, sometimes the name of

the PC or device cannot be accurately determined, and will be shown as Unknown.

See

“Managing Groups and Hosts” on page 6-20

for the procedure on how to use this feature.

Schedule

If you have set firewall rules on the Rules screen, you can configure three different schedules (i.e.,

schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a schedule is

configured, it affects all Rules that use this schedule. You specify the days of the week and time of

day for each schedule.

See

“Using a Schedule to Block or Allow Specific Traffic” on page 6-22

for the procedure on how

to use this feature.

Block Sites

If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the

VPN firewall's filtering feature. By default, this feature is disabled; all requested traffic from any

Web site is allowed.

•

Keyword (and domain name) blocking—You can specify up to 32 words that, should they

appear in the website name (i.e., URL) or in a newsgroup name, will cause that site or

newsgroup to be blocked by the VPN firewall.

You can apply the keywords to one or more groups. Requests from the PCs in the groups for

which keyword blocking has been enabled will be blocked. Blocking does not occur for the

PCs that are in the groups for which keyword blocking has not been enabled.

You can bypass keyword blocking for trusted domains by adding the exact matching domain

to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for

which keyword blocking has been enabled will still be allowed without any blocking.

•

Web component blocking—You can block the following Web component types: Proxy, Java,

ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component

blocking when the blocking of a particular Web component has been enabled.

See

“Block Sites” on page 6-24

for the procedure on how to use this feature.