NETGEAR FVS114 Router Manual PDF (Setup & Configuration Guide)

Page 126 / 212 Scroll up to view Page 121 - 125

Reference Manual for the ProSafe VPN Firewall FVS114

7-10

Maintenance

202-10098-01, April 2005

Note

: Rebooting will break any existing connections either to the Router (such as this one) or

through the Router (for example, LAN users accessing the Internet). However, connections to

the Internet will automatically be re-established when possible.

Page 127 / 212

Advanced Configuration

8-1

202-10098-01, April 2005

Chapter 8

Advanced Configuration

This chapter describes how to configure the advanced features of your FVS114 ProSafe VPN

Firewall. These features can be found under the Advanced heading in the main menu of the

browser interface.

WAN Setup

Using the WAN Setup page, you can set up a Default DMZ Server and allow the router to respond

to a 'ping' from the internet. Both of these options have security issues, so use them carefully.

Figure 8-1:

WAN Setup menu

•

Connect Automatically, as Required

: Normally, this option should be enabled. An Internet

connection will be made automatically after each timeout, whenever Internet-bound traffic is

detected. This provides connection on demand and is potentially cost-saving.

If disabled, you must connect manually, using the "WAN Status" button on the Router

Maintenance/Router Status screen. This manual connection will stay up all the time without

timeouts.

Page 128 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

8-2

Advanced Configuration

202-10098-01, April 2005

•

Default DMZ Server

: Specifying a Default DMZ Server allows you to set up a computer or

server that is available to anyone on the Internet for services that you haven't defined. There

are security issues with doing this, so only do this if you're willing to risk open access. If you

do not assign a Default DMZ Server, the router discards any incoming service requests which

are undefined.

To assign a computer or server to be a DMZ server:

a.

Click the Default DMZ Server checkbox

b.

Type the IP address for that server.

c.

Click Apply.

•

Respond To Ping On Internet Port

: If you want the router to respond to a 'Ping' from the

Internet, click this check box. This can be used as a diagnostic tool. Again, like the DMZ

server, this can be a security problem. You shouldn't check this box unless you have a specific

reason to do so.

•

MTU Size

: The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is

1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs you may need to reduce the

MTU. But this is rarely required, and should not be done unless you are sure it is necessary for

your ISP connection.

•

Port Speed

: In most cases, your router can automatically determine the connection speed of

the Internet (WAN) port. If you cannot establish an Internet connection and the Internet LED

blinks continuously, you may need to manually select the port speed.

If you know that the Ethernet port on your broadband modem supports 100BaseT, select

100M; otherwise, select 10M.

Default DMZ Server

Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a

response to one of your local computers or a service for which you have configured an inbound

rule. Instead of discarding this traffic, you can have it forwarded to one computer on your network.

This computer is called the Default DMZ Server.

The Default DMZ Server feature is helpful when using some online games and videoconferencing

applications that are incompatible with NAT. The firewall is programmed to recognize some of

these applications and to work properly with them, but there are other applications that may not

function well. In some cases, one local PC can run the application properly if that PC’s IP address

is entered as the Default DMZ Server.

Page 129 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

Advanced Configuration

8-3

202-10098-01, April 2005

To assign a computer or server to be a Default DMZ server:

1.

Click

Default DMZ Server

.

2.

Type the IP address for that server.

3.

Click

Apply

.

Respond to Ping on Internet WAN Port

If you want the firewall to respond to a ping from the Internet, click the

Respond to Ping on

Internet WAN Port

check box. This should only be used as a diagnostic tool, since it allows your

firewall to be discovered. Don't check this box unless you have a specific reason to do so.

How to Configure Dynamic DNS

If your network has a permanently assigned IP address, you can register a domain name and have

that name linked with your IP address by public Domain Name Servers (DNS). However, if your

Internet account uses a dynamically assigned IP address, you will not know in advance what your

IP address will be, and the address can change frequently. In this case, you can use a commercial

dynamic DNS service, which will allow you to register your domain to their IP address, and will

forward traffic directed to your domain to your frequently-changing IP address.

Note:

For security, NETGEAR strongly recommends that you avoid using the Default

DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses

much of the protection of the firewall, and is exposed to many exploits from the Internet.

If compromised, the computer can be used to attack your network.

Note:

In this application, the use of the term “DMZ” has become common, although it is

a misnomer. In traditional firewalls, a DMZ is actually a separate physical network port.

A true DMZ port is for connecting servers that require greater access from the outside,

and will therefore be provided with a different level of security by the firewall. A better

term for our application is Exposed Host.

Page 130 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

8-4

Advanced Configuration

202-10098-01, April 2005

The firewall contains a client that can connect to a dynamic DNS service provider. To use this

feature, you must select a service provider and obtain an account with them. After you have

configured your account information in the firewall, whenever your ISP-assigned IP address

changes, your firewall will automatically contact your dynamic DNS service provider, log in to

your account, and register your new IP address.

1.

Log in to the firewall at its default LAN address of

http://192.168.0.1

with its default user

name of

admin

, default password of

password

, or using whatever password and LAN address

you have chosen for the firewall.

2.

From the main menu of the browser interface, under Advanced, click on

Dynamic DNS

.

Figure 8-2:

Dynamic DNS page

3.

Access the Web site of one of the dynamic DNS service providers whose names appear in the

menu, and register for an account.

For example, for dyndns.org, go to

www.dyndns.org

.

4.

Select the name of your dynamic DNS Service Provider.

5.

Type the host and domain name that your dynamic DNS provider gave you. This will look like

a URL, such as

myName.dyndns.org

.

6.

Type the user name for your dynamic DNS account.

7.

Type the password (or key) for your dynamic DNS account.

8.

If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may

select the Use wildcards check box to activate this feature.

For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same

IP address as yourhost.dyndns.org

9.

Click

Apply

to save your configuration.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share