NETGEAR FVS114 Router Manual PDF (Setup & Configuration Guide)

Page 136 / 212 Scroll up to view Page 131 - 135

Reference Manual for the ProSafe VPN Firewall FVS114

8-10

Advanced Configuration

202-10098-01, April 2005

8.

Type a number between 1 and 15 as the Metric value.

This represents the number of firewalls between your network and the destination. Usually, a

setting of 2 or 3 works, but if this is a direct connection, set it to 1.

9.

Click

Apply

to have the static route entered into the table.

Static Route Example

As an example of when a static route is needed, consider the following case:

•

Your primary Internet access is through a cable modem to an ISP.

•

You have an ISDN firewall on your home network for connecting to the company where

you are employed. This firewall’s address on your LAN is 192.168.0.100.

•

Your company’s network is 134.177.0.0.

When you first configured your firewall, two implicit static routes were created. A default route

was created with your ISP as the gateway, and a second static route was created to your local

network for all 192.168.0.x addresses. With this configuration, if you attempt to access a device on

the 134.177.0.0 network, your firewall will forward your request to the ISP. The ISP forwards your

request to the company where you are employed, and the request will likely be denied by the

company’s firewall.

In this case you must define a static route, telling your firewall that 134.177.0.0 should be accessed

through the ISDN firewall at 192.168.0.100. The static route would look like

Figure 8-6

.

In this example:

•

The Destination IP Address and IP Subnet Mask fields specify that this static route applies to

all 134.177.x.x addresses.

•

The Gateway IP Address fields specifies that all traffic for these addresses should be

forwarded to the ISDN firewall at 192.168.0.100.

•

A Metric value of 1 will work since the ISDN firewall is on the LAN.

•

Private is selected only as a precautionary security measure in case RIP is activated.

Enabling Remote Management Access

Using the Remote Management page, you can allow a user or users on the Internet to configure,

upgrade and check the status of your FVS114 VPN Firewall.

Page 137 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

Advanced Configuration

8-11

202-10098-01, April 2005

Figure 8-7:

Remote Management menu

To configure your firewall for Remote Management:

1.

Select the Turn Remote Management On check box.

2.

Specify what external addresses will be allowed to access the firewall’s remote management.

Note:

For enhanced security, restrict access to as few external IP addresses as practical.

a.

To allow access from any IP address on the Internet, select Everyone.

b.

To allow access from a range of IP addresses on the Internet, select IP address range.

Enter a beginning and ending IP address to define the allowed range.

c.

To allow access from a single IP address on the Internet, select Only this PC.

Enter the IP address that will be allowed access.

3.

Specify the Port Number that will be used for accessing the management interface.

Note:

Be sure to change the firewall’s default configuration password to a very secure

password. The ideal password should contain no dictionary words from any language,

and should be a mixture of letters (both upper and lower case), numbers, and symbols.

Your password can be up to 30 characters.

Page 138 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

8-12

Advanced Configuration

202-10098-01, April 2005

Web browser access normally uses the standard HTTP service port 80. For greater security,

you can change the remote management web interface to a custom port by entering that

number in the box provided. Choose a number between 1024 and 65535, but do not use the

number of any common service port. The default is 8080, which is a common alternate for

HTTP.

4.

Click

Apply

to have your changes take effect.

5.

When accessing your firewall from the Internet, the Secure Sockets Layer (SSL) will be

enabled. You will enter

https://

and type your firewall's WAN IP address into your browser,

followed by a colon (:) and the custom port number. For example, if your WAN IP address is

134.177.0.123 and you use port number 8080, type the following in your browser:

https://134.177.0.123:8080

If you do not use the SSL

https://address

, but rather use

http://address

, the FVS114 will

automatically attempt to redirect to

https://address.

Note:

The first time you remotely connect the FVS114 with a browser via SSL, you may get a

message regarding the SSL certificate. If you are using a Windows computer with Internet

Explorer 5.5 or higher, simply click

Yes

to accept the certificate.

Tip:

If you are using a dynamic DNS service such as TZO, you can always identify the IP

address of your FVS114 by running

TRACERT

from the Windows Start menu Run option. For

example, type

tracert yourFVS114.mynetgear.net

and you will see the IP address your ISP

assigned to the FVS114.

Page 139 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

Advanced Configuration

8-13

202-10098-01, April 2005

UPnP

Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access

the network and connect to other devices as needed. UPnP devices can automatically discover the

services from other registered UPnP devices on the network.

Figure 8-8:

UPnP menu

•

Turn UPnP On

: UPnP can be enabled or disabled for automatic device configuration. The

default setting for UPnP is disabled. If disabled, the router will not allow any device to

automatically control the resources, such as port forwarding (mapping), of the router.

•

Advertisement Period

: The Advertisement Period is how often the router will advertise

(broadcast) its UPnP information. This value can range from 1 to 1440 minutes. The default

period is for 30 minutes. Shorter durations will ensure that control points have current device

status at the expense of additional network traffic. Longer durations may compromise the

freshness of the device status but can significantly reduce network traffic.

•

Advertisement Time To Live

: The time to live for the advertisement is measured in hops

(steps) for each UPnP packet sent. A hop is the number of steps allowed to propagate for each

UPnP advertisement before it disappears. The number of hops can range from 1 to 255. The

default value for the advertisement time to live is 4 hops, which should be fine for most home

networks. If you notice that some devices are not being updated or reached correctly, then it

may be necessary to increase this value a little.

•

UPnP Portmap Table

: The UPnP Portmap Table displays the IP address of each UPnP device

that is currently accessing the router and which ports (Internal and External) that device has

opened. The UPnP Portmap Table also displays what type of port is opened and if that port is

still active for each IP address.

Page 140 / 212

Reference Manual for the ProSafe VPN Firewall FVS114

8-14

Advanced Configuration

202-10098-01, April 2005

Click Refresh to update the portmap table and to show the active ports that are currently opened by

UPnP devices.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share