Home » Netgear Manuals » Bridges & Routers » Netgear FVX538 » Manual Viewer

Netgear FVX538 FVX538 Reference Manual - Page 84

Table 6-1., Inbound Services, Firewall Protection and Content Filtering

UPC - 606449037234

Add to My Manuals
Save this manual to your list of manuals

Page 84 highlights

Reference Manual for the ProSafe VPN Firewall 200 FVX538 Table 6-1. Inbound Services Item Description Services Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see "Customized Services" on page 6-16). Action Select the desired action for packets covered by this rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW always • ALLOW by schedule, otherwise Block Note: Any inbound traffic which is not allowed by rules you create will be blocked by the Default rule. Select Schedule Select the desired time schedule (i.e., Schedule1, Schedule2, or Schedule3) that will be used by this rule. • This drop down menu gets activated only when "BLOCK by schedule, otherwise Allow" or "ALLOW by schedule, otherwise Block" is selected as Action. • Use schedule page to configure the time schedules. LAN users These settings determine which computers on your network are affected by this rule, based on their IP address. Select the desired IP Address in this field. WAN Users These settings determine which Internet locations are covered by the rule, based on their IP address. Select the desired option: • Any - All Internet IP address are covered by this rule. • Single address - Enter the required address in the start fields. • Address range - If this option is selected, you must enter the start and finish fields. Destination Address These settings determine the destination IP address for this rule which will be applicable to incoming traffic, this rule will be applied only when the destination IP address of the incoming packet matches the IP address of the WAN interface selected or Specific IP address entered in this field.Selecting ANY enables the rule for any IP in destination field.similarly WAN1 and WAN2 corresponds to respective wan interfaces. QoS Priority This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. By default, the priority shown is that of the selected service. The user can change it accordingly. If the user does not make a selection (i.e, leaves it as None), then the native priority of the service will be applied to the policy. +5 is the highest priority. See "Quality of Service (QoS) Priorities" on page 6-18. Log This determines whether packets covered by this rule are logged. Select the desired action: • Always - always log traffic considered by this rule, whether it matches or not. This is useful when debugging your rules. • Never - never log traffic considered by this rule, whether it matches or not. 6-6 Firewall Protection and Content Filtering January 2005

Section	Page
Reference Manual for the ProSafe VPN Firewall 200 FVX538	1
Product and Publication Details	6
Contents	7
Chapter 1 About This Manual	15
Audience, Scope, Conventions, and Formats	15
How to Use This Manual	16
How to Print this Manual	17
Chapter 2 Introduction	19
Key Features of the VPN Firewall	19
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	20
A Powerful, True Firewall with Content Filtering	20
Security	21
Autosensing Ethernet Connections with Auto Uplink	21
Extensive Protocol Support	22
Easy Installation and Management	22
Maintenance and Support	23
Package Contents	23
The Router’s Front Panel	24
The Router’s Rear Panel	26
Rack Mounting the Router	26
The Router’s IP Address, Login Name, and Password	27
Logging into the Router	27
Default Factory Settings	28
NETGEAR Related Products	29
Chapter 3 Network Planning	31
Overview of the Planning Process	31
Inbound Traffic	31
Virtual Private Networks (VPNs)	31
The Roll-over Case for Firewalls With Dual WAN Ports	32
The Load Balancing Case for Firewalls With Dual WAN Ports	32
Inbound Traffic	33
Inbound Traffic to Single WAN Port (Reference Case)	33
Inbound Traffic to Dual WAN Port Systems	33
Inbound Traffic: Dual WAN Ports for Improved Reliability	34
Inbound Traffic: Dual WAN Ports for Load Balancing	34
Virtual Private Networks (VPNs)	35
VPN Road Warrior (Client-to-Gateway)	36
VPN Road Warrior: Single Gateway WAN Port (Reference Case)	36
VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability	37
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing	38
VPN Gateway-to-Gateway	39
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)	39
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability	40
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing	41
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	42
VPN Telecommuter: Single Gateway WAN Port (Reference Case)	42
VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability	43
VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing	44
Chapter 4 Connecting the FVX538 to the Internet	45
What You Will Need to Do Before You Begin	45
Cabling and Computer Hardware Requirements	47
Computer Network Configuration Requirements	47
Internet Configuration Requirements	47
Where Do I Get the Internet Configuration Parameters?	48
Record Your Internet Connection Information	49
Connecting the FVX538 ProSafe VPN Firewall 200	50
Step 1: Physically Connect the VPN Firewall to Your Network (Required)	51
Step 2: Log in to the VPN Firewall (Required)	51
Step 3: Configure the Internet Connections to Your ISPs (Required)	52
Manually Configuring Your Internet Connection	56
Programming the Traffic Meter (if Desired)	57
Step 4: Configure the WAN Mode (Required for Dual WAN)	59
Rollover Setup	60
Load Balancing (and Protocol Binding) Setup	61
Step 5: Configure Dynamic DNS (If Needed)	64
Step 6: Configure the WAN Options (If Needed)	67
Chapter 5 LAN Configuration	69
Using the LAN IP Setup Options	69
Configuring LAN TCP/IP Setup Parameters	70
Using the Firewall as a DHCP server	72
Using Address Reservation	73
Multi Home LAN IPs	74
DMZ Setup	74
Step 1: Enable the DMZ port	75
Step 2: Define the DMZ port rules	76
Configuring Static Routes	77
Chapter 6 Firewall Protection and Content Filtering	79
Firewall Protection and Content Filtering Overview	79
Using Rules to Block or Allow Specific Kinds of Traffic	79
Services-Based Rules	82
Inbound Rules (Port Forwarding)	83
Outbound Rules (Service Blocking)	91
Customized Services	94
Quality of Service (QoS) Priorities	96
Managing Groups and Hosts	98
Using a Schedule to Block or Allow Specific Traffic	100
Time Zone	102
Block Sites	102
Source MAC Filtering	105
Port Triggering	106
Getting E-Mail Notifications of Event Logs and Alerts	108
Syslog	111
Viewing Logs of Web Access or Attempted Web Access	111
Administrator Information	113
Chapter 7 Virtual Private Networking	115
Dual WAN Port Systems	115
Rollover vs. Load Balancing Mode	115
Fully Qualified Domain Names	116
Creating a VPN Connection: Between FVX538 and FVX538	119
Configuring the FVX538	119
Configuring the FVS338	123
Testing the Connection	125
Creating a VPN Connection: Netgear VPN Client to FVX538	125
Configuring the FVX538	126
Configuring the VPN Client	126
Testing the Connection	134
Chapter 8 Router and Network Management	137
Performance Management	137
Bandwidth Capacity	137
VPN Firewall Features That Reduce Traffic	138
Service Blocking	138
Block Sites	140
Source MAC Filtering	141
VPN Firewall Features That Increase Traffic	141
Port Forwarding	141
Port Triggering	143
DMZ Port	143
VPN Tunnels	144
Using QoS to Shift the Traffic Mix	144
Tools for Traffic Management	144
Administrator and Guest Access Authorization	144
Changing the Passwords and Login Timeout	145
Enabling Remote Management Access	145
Command Line Interface	147
Event Alerts	148
WAN Port Rollover	148
Traffic Limits Reached	148
Login Failures and Attacks	149
Monitoring	151
Viewing VPN Firewall Status and Time Information	151
Firewall Status	151
Time Information	153
WAN Ports	155
WAN Port Connection Status	155
Dynamic DNS Status	156
Internet Traffic Information	156
LAN Ports and Attached Devices	157
Known PCs and Devices	157
DHCP Log	159
Port Triggering Status	159
Firewall	160
VPN Tunnels	163
SNMP	164
Diagnostics	164
Configuration File Management	166
Restoring and Backing Up the Configuration	167
Upgrading the Firewall Software	167
Erasing the Configuration (Factory Defaults Reset)	168
Chapter 9 Troubleshooting	171
Basic Functioning	171
Power LED Not On	171
LEDs Never Turn Off	172
LAN or Internet Port LEDs Not On	172
Troubleshooting the Web Configuration Interface	173
Troubleshooting the ISP Connection	174
Troubleshooting a TCP/IP Network Using a Ping Utility	175
Testing the LAN Path to Your Firewall	175
Testing the Path from Your PC to a Remote Device	176
Restoring the Default Configuration and Password	177
Problems with Date and Time	177
Appendix A Technical Specifications	179
Appendix B Network, Routing, Firewall, and Basics	181
Related Publications	181
Basic Router Concepts	181
What is a Router?	182
Routing Information Protocol	182
IP Addresses and the Internet	182
Netmask	184
Subnet Addressing	185
Private IP Addresses	187
Single IP Address Operation Using NAT	188
MAC Addresses and Address Resolution Protocol	189
Related Documents	189
Domain Name Server	190
IP Configuration by DHCP	190
Internet Security and Firewalls	190
What is a Firewall?	191
Stateful Packet Inspection	191
Denial of Service Attack	191
Ethernet Cabling	191
Category 5 Cable Quality	192
Inside Twisted Pair Cables	193
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	194
Appendix C Preparing Your Network	197
Preparing Your Computers for TCP/IP Networking	197
Configuring Windows 95, 98, and Me for TCP/IP Networking	198
Install or Verify Windows Networking Components	198
Enabling DHCP to Automatically Configure TCP/IP Settings	200
Selecting Windows’ Internet Access Method	202
Verifying TCP/IP Properties	202
Configuring Windows NT4, 2000 or XP for IP Networking	203
Install or Verify Windows Networking Components	203
Enabling DHCP to Automatically Configure TCP/IP Settings	204
DHCP Configuration of TCP/IP in Windows XP	204
DHCP Configuration of TCP/IP in Windows 2000	206
DHCP Configuration of TCP/IP in Windows NT4	209
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	211
Configuring the Macintosh for TCP/IP Networking	212
MacOS 8.6 or 9.x	212
MacOS X	212
Verifying TCP/IP Properties for Macintosh Computers	213
Verifying the Readiness of Your Internet Account	214
Are Login Protocols Used?	214
What Is Your Configuration Information?	214
Obtaining ISP Configuration Information for Windows Computers	215
Obtaining ISP Configuration Information for Macintosh Computers	216
Restarting the Network	217
Appendix D Virtual Private Networking	219
What is a VPN?	219
What Is IPSec and How Does It Work?	220
IPSec Security Features	220
IPSec Components	220
Encapsulating Security Payload (ESP)	221
Authentication Header (AH)	222
IKE Security Association	222
Mode	223
Key Management	224
Understand the Process Before You Begin	224
VPN Process Overview	225
Network Interfaces and Addresses	225
Interface Addressing	225
Firewalls	226
Setting Up a VPN Tunnel Between Gateways	226
VPNC IKE Security Parameters	228
VPNC IKE Phase I Parameters	228
VPNC IKE Phase II Parameters	229
Testing and Troubleshooting	229
Additional Reading	229
Glossary	231
List of Glossary Terms	231
Numeric	231
A	232
B	232
C	233
D	233
E	234
G	235
I	235
L	237
M	237
P	238
Q	239
R	239
S	239
T	240
U	240

Match case Limit results 1 per page

Reference Manual for the ProSafe VPN Firewall 200 FVX538

6-6

Firewall Protection and Content Filtering

January 2005

Table 6-1.

Inbound Services

Item

Description

Services

Select the desired Service or application to be covered by this rule. If the desired

service or application does not appear in the list, you must define it using the

Services menu (see

“Customized Services” on page 6-16

Action

Select the desired action for packets covered by this rule:

•

BLOCK always

•

BLOCK by schedule, otherwise Allow

•

ALLOW always

•

ALLOW by schedule, otherwise Block

Note

: Any inbound traffic which is not allowed by rules you create will be blocked by

the Default rule.

Select Schedule

Select the desired time schedule (i.e., Schedule1, Schedule2, or Schedule3) that will

be used by this rule.

•

This drop down menu gets activated only when "BLOCK by schedule, otherwise

Allow" or "ALLOW by schedule, otherwise Block" is selected as Action.

•

Use schedule page to configure the time schedules.

LAN users

These settings determine which computers on your network are affected by this rule,

based on their IP address. Select the desired IP Address in this field.

WAN Users

These settings determine which Internet locations are covered by the rule, based on

their IP address. Select the desired option:

•

Any - All Internet IP address are covered by this rule.

•

Single address - Enter the required address in the start fields.

•

Address range - If this option is selected, you must enter the start and finish fields.

Destination Address

These settings determine the destination IP address for this rule which will be

applicable to incoming traffic, this rule will be applied only when the destination IP

address of the incoming packet matches the IP address of the WAN interface

selected or Specific IP address entered in this field.Selecting ANY enables the rule

for any IP in destination field.similarly WAN1 and WAN2 corresponds to respective

wan interfaces.

QoS Priority

This setting determines the priority of a service, which in turn, determines the quality

of that service for the traffic passing through the firewall. By default, the priority

shown is that of the selected service. The user can change it accordingly. If the user

does not make a selection (i.e, leaves it as None), then the native priority of the

service will be applied to the policy. +5 is the highest priority. See

“Quality of Service

(QoS) Priorities” on page 6-18

Log

This determines whether packets covered by this rule are logged. Select the desired

action:

•

Always - always log traffic considered by this rule, whether it matches or not. This is

useful when debugging your rules.

•

Never - never log traffic considered by this rule, whether it matches or not.