ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4-16

Firewall Protection and Content Filtering

v1.0, September 2007

5.

Enable E-Mail Logs.

Check the

Yes

radio box if you wish to receive e-mail logs from the

firewall.

6.

Enter your E-Mail Address information.

If you enabled e-mail notification, these boxes

cannot be blank.

•

Enter the

E-Mail Server Address

of your ISP’s outgoing (SMTP) mail server (such as

mail.myISP.com). You may be able to find this information in the configuration menu of

your e-mail program.

Figure 4-10

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Firewall Protection and Content Filtering

4-17

v1.0, September 2007

•

Enter the

Return E-Mail Address

to which logs and alerts are sent. This e-mail address

will also be used as the Send To E-mail address. If you leave this box blank, log and alert

messages will not be sent via e-mail.

7.

If the SMTP server requires authentication before accepting connections, select either

Login

Plain

or

CRAM-MD5

and enter the

User Name

and

Password

to be used for authentication.

To disable authentication, select the

No Authentication

radio box (default).

8.

Check the

Respond to Identd from SMTP Server

radio box to configure the router to

respond to an IDENT request from the SMTP server.

9.

In the

Send logs according to this schedule

section, you can specify that logs are sent to you

according to a schedule. From the

Unit

pull-down menu, select to receive logs

Never

,

Hourly

,

Daily

, or

Weekly.

Depending on your selection, specify:

•

Day

for sending log

Relevant when the log is sent weekly or daily.

•

Time

for sending log

Relevant when the log is sent daily or weekly.

10.

If you want the router to send logs to a SysLog server, select the

Yes

radio box in the

Enable

SysLogs

section and input the following fields:

a.

SysLog Server. Enter the IP address or Internet Name of the SysLog server.

b.

SysLog Facility. Select the appropriate syslog facility (Local0 to Local7).

11.

Click

Apply

to save your settings.

The firewall logs security-related events such as denied incoming and outgoing service requests,

hacker probes, and administrator logins. If you enable content filtering in the Block Sites menu,

the Log page will also show you when someone on your network tried to access a blocked site. If

you enabled e-mail notification, you will receive these logs in an e-mail message. If you don't have

e-mail notification enabled, you can view the logs, as well as e-mail the logs by clicking the

View

Log

link on the Firewall Logs & E-mail screen.

Note:

You can configure the firewall to send system logs to an external PC that is

running a syslog logging program. Logging programs are available for

Windows, Macintosh, and Linux computers.

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4-18

Firewall Protection and Content Filtering

v1.0, September 2007

Log entries are described in

Table 4-1

Log action buttons are described in

Table 4-2

Table 4-1.

Log entry descriptions

Field

Description

Date and Time

The date and time the log entry was recorded.

Description or

Action

The type of event and what action was taken if any.

Source IP

The IP address of the initiating device for this log entry.

Source port and

interface

The service port number of the initiating device, and whether it

originated from the LAN or WAN.

Destination

The name or IP address of the destination device or Web site.

Destination port and

interface

The service port number of the destination device, and whether it’s on

the LAN or WAN.

Table 4-2.

Log action buttons

Button

Description

Refresh

Refresh the log screen.

Clear Log

Clear the log entries.

Send Log

Email the log immediately.

Basic Virtual Private Networking

5-1

v1.0, September 2007

Chapter 5

Basic Virtual Private Networking

This chapter describes how to use the virtual private networking (VPN) features of the VPN

firewall. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted

communications between your local network and a remote network or computer.

The VPN information is organized as follows:

•

“Overview of VPN Configuration” on page 5-2

provides an overview of the two most

common VPN configurations: client-to-gateway and gateway-to-gateway.

•

“Planning a VPN” on page 5-3

provides the VPN Committee (VPNC) recommended default

parameters set by the VPN Wizard.

•

“VPN Tunnel Configuration” on page 5-4

summarizes the two ways to configure a VPN

tunnel: VPN Wizard (recommended for most situations) and Advanced (see

Chapter 6,

“Advanced Virtual Private Networking

).

•

“Setting Up a Client-to-Gateway VPN Configuration” on page 5-5

provides the steps needed

to configure a VPN tunnel between a remote PC and a network gateway using the VPN

Wizard and the NETGEAR ProSafe VPN Client.

•

“Setting Up a Gateway-to-Gateway VPN Configuration” on page 5-19

provides the steps

needed to configure a VPN tunnel between two network gateways using the VPN Wizard.

•

“Activating a VPN Tunnel” on page 5-23

provides the step-by-step procedures for activating,

verifying, deactivating, and deleting a VPN tunnel once the VPN tunnel has been configured.

•

Chapter 6, “Advanced Virtual Private Networking

” provides the steps needed to configure

VPN tunnels when there are special circumstances and the VPNC recommended defaults of

the VPN Wizard are inappropriate.

•

Appendix B, “Related Documents

” has a link to

“Virtual Private Networking (VPN)

” which

discusses Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of

the most complete, secure, and commercially available, standards-based protocols developed

for transporting data.

•

Appendix C, “VPN Configuration of NETGEAR FVG318

” presents a case study on how to

configure a secure IPSec VPN tunnel from a NETGEAR FVG318 to a FVL328. This case

study follows the VPN Consortium interoperability profile guidelines (found at

).

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

5-2

Basic Virtual Private Networking

v1.0, September 2007

Overview of VPN Configuration

Two common scenarios for configuring VPN tunnels are between a remote personal computer and

a network gateway and between two or more network gateways. The FVG318 supports both of

these types of VPN configurations. The VPN firewall supports up to eight concurrent tunnels.

Client-to-Gateway VPN Tunnels

Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a telecommuter

connecting to an office network (see

Figure 5-1

).

A VPN client access allows a remote PC to connect to your network from any location on the

Internet. In this case, the remote PC is one tunnel endpoint, running the VPN client software. The

VPN firewall on your network is the other tunnel endpoint. See

“Setting Up a Client-to-Gateway

VPN Configuration” on page 5-5

to set up this configuration.

Gateway-to-Gateway VPN Tunnels

Gateway-to-gateway VPN tunnels provide secure access between networks, such as a branch or

home office and a main office (see

Figure 5-2

).

Figure 5-1

Figure 5-2

FVG318