Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FVX538v2 » Manual Viewer

Netgear FVX538v2 FVX538v2 Reference Manual - Page 110

Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection

Add to My Manuals
Save this manual to your list of manuals

Page 110 highlights

ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Enter a Pre-shared Key; in this example, we are using r3m0+eC1ient, which must also be entered in the VPN client software. The key length must be 8 characters minimum and cannot exceed 49 characters. 5. Choose which WAN port to use as the VPN tunnel end point. Note: If you are using a dual WAN rollover configuration, after completing the wizard, you must manually update the VPN policy to enable VPN rollover. This allows the VPN tunnel to roll over when the WAN Mode is set to Auto Rollover. The wizard will not set up the VPN policy with rollover enabled. 6. The public Remote and Local Identifier are automatically filled in by pre-pending the first several letters of the model number of your gateway to form FQDNs used in the VPN policies. In this example, we are using GW1_remote.com, and GW1_local.com. Tip: To assure tunnels stay active, after completing the wizard, manually edit the VPN policy to enable keepalive which periodically sends ping packets to the host on the peer side of the network to keep the tunnel alive. 7. Click Apply to save your settings. The VPN Policies screen shows that the policy is now enabled. (To view or modify the VPN policy, see "Managing VPN Policies" on page 5-16.) Figure 5-9 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to connect to the VPN firewall. 5-8 Virtual Private Networking v1.0, January 2010

Section	Page
ProSafe VPN Firewall 200 FVX538 Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats and Scope	13
How to Print This Manual	14
Revision History	14
Chapter 1 Introduction	17
Key Features	17
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	18
A Powerful, True Firewall with Content Filtering	18
Security Features	19
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	20
Easy Installation and Management	20
Maintenance and Support	21
Package Contents	21
VPN Firewall Front and Rear Panels	22
Rack Mounting Hardware	24
The VPN Firewall’s IP Address, Login Name, and Password	25
Qualified Web Browsers	26
Chapter 2 Connecting the VPN Firewall to the Internet	27
Understanding the Connection Steps	27
Logging into the VPN Firewall	28
Configuring the Internet Connections to Your ISPs	28
Setting the VPN Firewall’s MAC Address	31
Manually Configuring Your Internet Connection	31
Configuring the WAN Mode (Required for Dual WAN)	33
Setting Up Auto-Rollover Mode	35
Setting Up Load Balancing	37
Configuring Dynamic DNS (Optional)	40
Configuring the Advanced WAN Options (Optional)	42
Additional WAN Related Configuration	43
Chapter 3 LAN Configuration	45
Choosing the VPN Firewall DHCP Options	45
Configuring the LAN Setup Options	46
Managing Groups and Hosts (LAN Groups)	50
Creating the Network Database	50
Viewing the Network Database	51
Adding Devices to the Network Database	52
Changing Group Names in the LAN Groups Database	53
Setting Up DHCP Address Reservation	53
Configuring Multi Home LAN IP Addresses	54
Configuring and Enabling the DMZ Port	55
Configuring Static Routes	58
Static Route Example	60
Configuring Routing Information Protocol (RIP)	60
Chapter 4 Firewall Protection and Content Filtering	63
About Firewall Protection and Content Filtering	63
Using Rules to Block or Allow Specific Kinds of Traffic	64
Services-Based Rules	65
Outbound Rules (Service Blocking)	65
Inbound Rules (Port Forwarding)	67
Viewing Rules and Order of Precedence for Rules	69
Configuring LAN WAN Rules	71
LAN WAN Outbound Services Rules	72
LAN WAN Inbound Services Rules	73
Configuring DMZ WAN Rules	74
Configuring LAN DMZ Rules	75
Inbound Rules Examples	77
LAN WAN Inbound Rule: Hosting a Local Public Web Server	77
LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses	78
LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping	78
LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host	79
Outbound Rules Example	81
LAN WAN Outbound Rule: Blocking Instant Messenger	81
Configuring Other Firewall Features	81
Attack Checks	82
Setting Session Limits	84
Managing the Application Level Gateway for SIP Sessions	85
Creating Services, QoS Profiles, and Bandwidth Profiles	86
Adding Customized Services	86
Modifying a Service	88
Specifying Quality of Service (QoS) Priorities	88
Creating Bandwidth Profiles	89
Setting a Schedule to Block or Allow Specific Traffic	91
Blocking Internet Sites (Content Filtering)	92
Configuring Source MAC Filtering	95
Configuring IP/MAC Address Binding	97
Configuring Port Triggering	99
E-Mail Notifications of Event Logs and Alerts	102
Administrator Tips	102
Chapter 5 Virtual Private Networking	103
Considerations for Dual WAN Port Systems	103
Using the VPN Wizard for Client and Gateway Configurations	105
Creating Gateway to Gateway VPN Tunnels with the Wizard	105
Creating a Client to Gateway VPN Tunnel	108
Use the VPN Wizard Configure the Gateway for a Client Tunnel	109
Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection	110
Testing the Connections and Viewing Status Information	114
NETGEAR VPN Client Status and Log Information	114
VPN Firewall VPN Connection Status and Logs	116
Managing VPN Policies	118
Configuring IKE Policies	118
The IKE Policies Screen	119
Configuring VPN Policies	120
The VPN Policies Screen	120
Managing Certificates	121
Viewing and Loading CA Certificates	123
Viewing Active Self Certificates	124
Obtaining a Self Certificate from a Certificate Authority	124
Managing your Certificate Revocation List (CRL)	127
Extended Authentication (XAUTH) Configuration	128
Configuring XAUTH for VPN Clients	129
User Database Configuration	131
RADIUS Client Configuration	132
Assigning IP Addresses to Remote Users (ModeConfig)	134
Mode Config Operation	134
Configuring Mode Config Operation on the VPN Firewall	135
Configuring the Mode Config Screen	135
Configuring an IKE Policy for Mode Config Operation	137
Configuring the ProSafe VPN Client for ModeConfig	140
Testing the Mode Config Connection	143
Configuring Keepalives and Dead Peer Detection	144
Configuring Keepalives	144
Configuring Dead Peer Detection	145
Configuring NetBIOS Bridging with VPN	146
Chapter 6 VPN Firewall and Network Management	147
Performance Management	147
Bandwidth Capacity	147
VPN Firewall Features That Reduce Traffic	148
Service Blocking	148
Blocking Sites	150
Source MAC Filtering	150
VPN Firewall Features That Increase Traffic	150
Port Forwarding	151
Port Triggering	152
DMZ Port	153
VPN Tunnels	153
Using QoS to Shift the Traffic Mix	153
Tools for Traffic Management	154
Configuring Users, Administrative Settings, and Remote Management	154
Changing Passwords and Settings	154
Adding External Users	156
Configuring an External Server for Authentication	157
Enabling Remote Management Access	160
Using an SNMP Manager	162
Managing the Configuration File	164
Backing Up Settings	165
An Alert screen will appear indicating the status of the restore operation. You must manually restart the VPN firewall for the restored settings to take effect.	166
Reverting to Factory Default Settings	166
Upgrading the Firmware	166
Configuring Date and Time Service	167
Monitoring System Performance	169
Activating Notification of Events and Alerts	169
Viewing the Logs	172
Enabling the Traffic Meter	173
Viewing the VPN Firewall Configuration and System Status	176
Monitoring VPN Firewall Statistics	177
Monitoring WAN Ports Status	178
Monitoring Attached Devices	179
Monitoring VPN Tunnel Connection Status	180
Viewing the VPN Logs	181
Viewing the DHCP Log	182
Viewing Port Triggering Status	182
Chapter 7 Troubleshooting	185
Basic Functions	185
Power LED Not On	186
LEDs Never Turn Off	186
LAN or Internet Port LEDs Not On	186
Troubleshooting the Web Configuration Interface	187
Troubleshooting the ISP Connection	188
Troubleshooting a TCP/IP Network Using a Ping Utility	189
Testing the LAN Path to Your VPN Firewall	189
Testing the Path from Your PC to a Remote Device	190
Restoring the Default Configuration and Password	191
Problems with Date and Time	191
Using the Diagnostics Utilities	192
Appendix A Default Settings and Technical Specifications	195
Appendix B Network Planning for Dual WAN Ports	199
What You Will Need to Do Before You Begin	199
Cabling and Computer Hardware Requirements	201
Computer Network Configuration Requirements	201
Internet Configuration Requirements	201
Where Do I Get the Internet Configuration Parameters?	202
Internet Connection Information Form	202
Overview of the Planning Process	203
Inbound Traffic	203
Virtual Private Networks (VPNs)	204
The Roll-over Case for Firewalls With Dual WAN Ports	204
The Load Balancing Case for Firewalls With Dual WAN Ports	205
Inbound Traffic	205
Inbound Traffic to Single WAN Port (Reference Case)	205
Inbound Traffic to Dual WAN Port Systems	206
Inbound Traffic: Dual WAN Ports for Improved Reliability	206
Inbound Traffic: Dual WAN Ports for Load Balancing	207
Virtual Private Networks (VPNs)	207
VPN Road Warrior (Client-to-Gateway)	209
VPN Road Warrior: Single Gateway WAN Port (Reference Case)	209
VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability	210
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing	211
VPN Gateway-to-Gateway	212
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)	212
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability	213
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing	214
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	214
VPN Telecommuter: Single Gateway WAN Port (Reference Case)	215
VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability	215
VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing	217
Appendix C System Logs and Error Messages	219
System Log Messages	219
System Startup	219
Reboot	220
NTP	220
Login/Logout	221
Firewall Restart	221
IPSec Restart	222
WAN Status	222
Load Balancing	222
Auto Rollover	223
PPP Logs	224
Web Filtering and Content Filtering Logs	225
Traffic Metering Logs	227
Unicast Logs	227
ICMP Redirect Logs	227
Multicast/Broadcast Logs	228
FTP Logging	228
Invalid Packet Logging	228
Routing Logs	231
LAN to WAN Logs	232
LAN to DMZ Logs	232
DMZ to WAN Logs	232
WAN to LAN Logs	232
DMZ to LAN Logs	233
WAN to DMZ Logs	233
Appendix D Two Factor Authentication	235
Why do I need Two-Factor Authentication?	235
What are the benefits of Two-Factor Authentication?	235
What is Two-Factor Authentication	236
NETGEAR Two-Factor Authentication Solutions	236
Appendix E Related Documents	239