Reference Manual for the ProSafe VPN Firewall FVS114

1-4

About This Manual

202-10098-01, April 2005

Introduction

2-1

202-10098-01, April 2005

Chapter 2

Introduction

This chapter describes the features of the NETGEAR FVS114 ProSafe VPN Firewall.

Key Features of the VPN Firewall

The FVS114 ProSafe VPN Firewall with four-port switch connects your local area network (LAN)

to the Internet through an external access device such as a cable modem or DSL modem.

The FVS114 is a complete security solution that protects your network from attacks and intrusions.

Unlike simple Internet sharing firewalls that rely on Network Address Translation (NAT) for

security, the FVS114 uses stateful packet inspection for Denial of Service attack (DoS) protection

and intrusion detection. The FVS114 allows Internet access for up to 253 users. The FVS114 VPN

Firewall provides you with multiple Web content filtering options, plus browsing activity reporting

and instant alerts — both via e-mail. Parents and network administrators can establish restricted

access policies based on time-of-day, Web site addresses and address keywords, and share

high-speed cable/DSL Internet access for up to 253 personal computers. In addition to NAT, the

built-in firewall protects you from hackers.

With minimum setup, you can install and use the firewall within minutes.

The FVS114 VPN Firewall provides the following features:

•

Easy, Web-based setup for installation and management.

•

Content filtering and site blocking security.

•

Built-in four-port 10/100 Mbps switch.

•

Ethernet connection to a WAN device, such as a cable modem or DSL modem.

•

Extensive protocol support.

•

Login capability.

•

Front panel LEDs for easy monitoring of status and activity.

•

Flash memory for firmware upgrade.

Reference Manual for the ProSafe VPN Firewall FVS114

2-2

Introduction

202-10098-01, April 2005

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT firewalls, the FVS114 is a true firewall, using stateful packet

inspection to defend against hacker attacks. Its firewall features include:

•

DoS protection.

Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND

Attack, and IP Spoofing.

•

Blocks unwanted traffic from the Internet to your LAN.

•

Blocks access from your LAN to Internet locations or services that you specify as off-limits.

•

Logs security incidents.

The FVS114 logs security events such as blocked incoming traffic, port scans, attacks, and

administrator logins. You can configure the firewall to email the log to you at specified

intervals. You can also configure the firewall to send immediate alert messages to your e-mail

address or email pager whenever a significant event occurs.

•

With its content filtering feature, the FVS114 prevents objectionable content from reaching

your PCs. The firewall allows you to control access to Internet content by screening for

keywords within Web addresses. You can configure the firewall to log and report attempts to

access objectionable Internet sites.

Security

The FVS114 VPN Firewall is equipped with several features designed to maintain security, as

described in this section.

•

PCs Hidden by NAT

NAT opens a temporary path to the Internet for requests originating from the local network.

Requests originating from outside the LAN are discarded, preventing users outside the LAN

from finding and directly accessing the PCs on the LAN.

•

Port Forwarding with NAT

Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the

firewall allows you to direct incoming traffic to specific PCs based on the service port number

of the incoming request, or to one designated “DNS” host computer. You can specify

forwarding of single ports or ranges of ports.

Reference Manual for the ProSafe VPN Firewall FVS114

Introduction

2-3

202-10098-01, April 2005

Autosensing Ethernet Connections with Auto Uplink

With its internal eight-port 10/100 switch, the FVS114 can connect to either a 10 Mbps standard

Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are

autosensing and capable of full-duplex or half-duplex operation.

The firewall incorporates Auto Uplink

TM

technology. Each Ethernet port automatically senses

whether the Ethernet cable plugged into the port should have a normal connection such as to a PC

or an uplink connection such as to a switch or hub. That port then configures itself to the correct

configuration. This feature also eliminates the need to worry about crossover cables, as Auto

Uplink will accommodate either type of cable to make the right connection.

Extensive Protocol Support

The FVS114 VPN Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP)

and Routing Information Protocol

(RIP). For further information about TCP/IP, refer to

Appendix B, “Network, Routing, and Firewall Basics

.”

•

IP Address Sharing by NAT

The FVS114 VPN Firewall allows several networked PCs to share an Internet account using

only a single IP address, which may be statically or dynamically assigned by your Internet

service provider (ISP). This technique, known as NAT, allows the use of an inexpensive

single-user ISP account.

•

Automatic Configuration of Attached PCs by DHCP

The FVS114 VPN Firewall dynamically assigns network configuration information, including

IP, gateway, and Domain Name Server (DNS) addresses, to attached PCs on the LAN using

the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies

configuration of PCs on your local network.

•

DNS Proxy

When DHCP is enabled and no DNS addresses are specified, the firewall provides its own

address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from

the ISP during connection setup and forwards DNS requests from the LAN.

•

Point-to-Point Protocol over Ethernet (PPPoE)

PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by

simulating a dial-up connection. This feature eliminates the need to run a login program such

as Entersys or WinPOET on your PC.

Reference Manual for the ProSafe VPN Firewall FVS114

2-4

Introduction

202-10098-01, April 2005

Easy Installation and Management

You can install, configure, and operate the FVS114 ProSafe VPN Firewall within minutes after

connecting it to the network. The following features simplify installation and management tasks:

•

Browser-based management

Browser-based configuration allows you to easily configure your firewall from almost any

type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup

Wizard is provided and online help documentation is built into the browser-based Web

Management Interface.

•

Smart Wizard

The FVS114 VPN Firewall automatically senses the type of Internet connection, asking you

only for the information required for your type of ISP account.

•

Diagnostic functions

The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote

reboot.

•

Remote management

The firewall allows you to login to the Web Management Interface from a remote location on

the Internet. For security, you can limit remote management access to a specified remote IP

address or range of addresses, and you can choose a nonstandard port number.

•

Visual monitoring

The FVS114 VPN Firewall’s front panel LEDs provide an easy way to monitor its status and

activity.

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the FVS114 VPN

Firewall:

•

Flash memory for firmware upgrade.

•

Free technical support seven days a week, 24 hours a day.