1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 22
Page 106 / 212 Scroll up to view Page 101 - 105
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-34
Security and Firewall Protection
v1.0, April 2007
3.
From the
System Logs
section, check the radio boxes of the System Log events you want to
track and record:
Change of Time by NTP
: Logs a message when the system time changes after a request
from a Network Time server.
Login Attempts
: Logs a message when a login is attempted from the LAN network. Both,
successful and failed login attempts will be logged.
Secure Login Attempt
: Logs a message when a log in is attempted using the Secure
Remote Management URL. “Allow Remote Management” must be enabled (see the
Administration main menu and the Remote Management submenu). Both successful and
failed login attempts will be logged.
Reboots
: Records a message when the device has been rebooted through the Web
interface.
All Unicast Traffic
: All unicast packets directed to the router are logged.
All Broadcast/Multicast Traffic:
All broadcast or multicast packets directed to the router
are logged.
WAN Status:
WAN link status of all related logs is enabled
4.
In the
Enable E-Mail Logs
section, select the Yes radio box if you want the logs e-mailed
(
Enable E-Mail Logs
is disabled by default). If you selected “Yes,” fill in the following fields:
E-mail Server address
: Enter the IP address or Internet Name of an SMTP server. The
router will connect to this server to send the e-mail logs.
Return E-mail Address:
Type the e-mail address where the replies from the SMTP server
are to be sent; for example, failure messages.
Send To E-mail Address:
Type the e-mail address where the logs and alerts are to be sent.
Authentication with SMTP server
: If the SMTP server requires authentication before
accepting connections, select either
Login Plain
or
CRAM-MD5
and enter the
User
Name
and
Password
to be used for authentication.
To disable authentication, select the
No Authentication
radio box.
Respond to Identd from SMTP Server:
Check this radio box to configure the router to
respond to an IDENT request from the SMTP server.
5.
In the
Enable SysLogs
section, if you want the router to send logs to a SysLog server, select
the Yes radio box and input the following fields:
SysLog Server:
Enter the IP address or Internet Name of the SysLog server.
Page 107 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-35
v1.0, April 2007
6.
SysLog Facility
: Select the appropriate syslog facility (Local0 to Local7).
7.
Click
Apply
to save your settings.
Security and Administrator Management
Consider the following operational items:
1.
As an option, you can enable Remote Management if you need to manage distant sites from a
central location (see
“Enabling Remote Management Access” on page 6-8
).
2.
Although by using Rules (see
“Using Rules to Block or Allow Specific Kinds of Traffic” on
page 4-1
) is the basic or most typical way to manage the traffic through your system, you can
further refine your control by using these features of the ProSafe DGFV338:
Groups and Hosts (see
“Managing Groups and Hosts” on page 4-21
)
Services (see
“Customized Services” on page 4-17
)
Schedules (see
“Setting a Schedule to Block or Allow Specific Traffic” on page 4-31
)
Block Sites (see
“Blocking Internet Sites” on page 4-24
)
Source MAC Filtering (see
“Enabling Source MAC Filtering” on page 4-27
)
Port Triggering (see
“Setting up Port Triggering” on page 4-28
)
Page 108 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-36
Security and Firewall Protection
v1.0, April 2007
Page 109 / 212
Virtual Private Networking
5-1
v1.0, April 2007
Chapter 5
Virtual Private Networking
This chapter describes how to use the virtual private networking (VPN) features of the ProSafe
DGFV338. VPN tunnels provide secure, encrypted communications between your local network
and a remote network or computer.
Dual WAN Port Systems
The ADSL port and the Ethernet port of the ProSafe DGFV338 can be configured for auto-rollover
mode for increased system reliability (if both ports are configured) or, if only one of the ports is
configured, they can be configured as either Dedicated ADSL or Dedicated Ethernet. This WAN
mode choice then impacts how the VPN features must be configured.
Tip:
When using dual WAN port networks, use the VPN Wizard to configure the basic
parameters and them edit the VPN and IKE Policy screens for the various VPN
scenarios.
Table 5-1.
IP addressing requirements for VPNs in dual WAN port systems
Configuration and WAN IP address
Rollover Mode
a
a. All tunnels must be re-established after a rollover using the new WAN IP address.
Dedicated Mode
VPN Road Warrior
(client-to-gateway)
Fixed
FQDN required
Allowed (FQDN optional)
Dynamic
FQDN required
FQDN required
VPN Gateway-to-Gateway
Fixed
FQDN required
Allowed (FQDN optional)
Dynamic
FQDN required
FQDN required
VPN Telecommuter
(client-to-gateway through a
NAT router)
Fixed
FQDN required
Allowed (FQDN optional)
Dynamic
FQDN required
FQDN required
Page 110 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
5-2
Virtual Private Networking
v1.0, April 2007
Setting up a VPN Connection using the VPN Wizard
Setting up a VPN tunnel connection requires that all settings and parameters on both sides of the
VPN tunnel match or mirror each other precisely, which can be a daunting task. The VPN Wizard
can assist in guiding you through the setup procedure by asking you a series of questions that will
determine the IPSec keys and VPN policies it sets up. It also will set the parameters for the
network connection: Security Association, traffic selectors, authentication algorithm, and
encryption. The parameters used by the VPN wizard are based on the VPNC recommendations.
You will be able to view the suggested VPNC recommendations on the VPN Wizard summary
page before establishing a VPN tunnel connection.
To set up a Gateway VPN Tunnel using the VPN Wizard:
1.
Select
Gateway
as your
VPN tunnel connection
. The wizard needs to know if you are
planning to connect to a remote Gateway or setting up the connection for a remote client/PC to
establish a secure connection to this device.
2.
Select a
Connection Name
. Enter an appropriate name for the connection. This name is not
supplied to the remote VPN Endpoint. It is used to help you manage the VPN settings.
3.
Enter a
Pre-shared Key
. The key must be entered both here and on the remote VPN Gateway,
or the remote VPN Client. This key length should be minimum 8 characters and should not
exceed 49 characters. This method does not require using a CA (Certificate Authority).
4.
Check the radio box for the
WAN interface
that will act as one end of this VPN tunnel: ADSL
or WAN Ethernet.
5.
Enter the
Remote WAN IP
Address or Internet Name
of the gateway you want to connect
to.
Both the remote WAN address and your local WAN address are required. When choosing
these addresses, follow the guidelines in
Table 5-1
above.
The remote WAN IP address of the Gateway must be a public address or the Internet name
of the Gateway. The
Internet name
is the Fully Qualified Domain Name (FQDN) as setup
in a Dynamic DNS service. Both local and remote ends should be defined as either IP
addresses or Internet Names (FQDN). A combination of IP address and Internet Name is
not permissible.
6.
Enter the
Local WAN IP Address or Internet Name
of your gateway.
The Local WAN IP address is used in the IKE negotiation phase. Automatically, the WAN IP or
FQDN address assigned by your ISP may display. You can modify the WAN IP address to use your
FQDN; required if the WAN Mode you selected is auto-rollover.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top