Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Introduction

2-3

202-10085-01, March 2005

•

With its URL keyword filtering feature, the FVS124G prevents objectionable content from

reaching your PCs. The firewall allows you to control access to Internet content by screening

for keywords within Web addresses. You can configure the firewall to log and report attempts

to access objectionable Internet sites.

Security

The FVS124G VPN Firewall is equipped with several features designed to maintain security, as

described in this section.

•

PCs Hidden by NAT

NAT opens a temporary path to the Internet for requests originating from the local network.

Requests originating from outside the LAN are discarded, preventing users outside the LAN

from finding and directly accessing the PCs on the LAN.

•

Port Forwarding with NAT

Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the

firewall allows you to direct incoming traffic to specific PCs based on the service port number

of the incoming request. You can specify forwarding of single ports or ranges of ports.

•

Powerful Firewall Rules

Both inbound and outbound traffic can be controlled tightly by defining your own rules

regarding permitted users, services, protocols, schedules, and destinations.

Autosensing Ethernet Connections with Auto Uplink

With its internal 4-port 10/100/1000 switch, the FVS124G can connect to either a 10 Mbps

standard Ethernet network, a 100 Mbps Fast Ethernet network, or a 1000 Mbps Gigabit Ethernet.

Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex

operation.

The firewall incorporates Auto Uplink

TM

technology. Each Ethernet port will automatically sense

whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as to a

PC or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to the

correct configuration. This feature also eliminates the need to worry about crossover cables, as

Auto Uplink will accommodate either type of cable to make the right connection.

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

2-4

Introduction

202-10085-01, March 2005

Extensive Protocol Support

The FVS124G VPN Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/

IP) and Routing Information Protocol

(RIP). For further information about TCP/IP, refer to

Appendix B, “Network, Routing, Firewall, and Basics

.”

•

IP Address Sharing by NAT

The FVS124G VPN Firewall allows several networked PCs to share an Internet account using

only a single IP address, which may be statically or dynamically assigned by your Internet

service provider (ISP). This technique, known as NAT, allows the use of an inexpensive

single-user ISP account.

•

Automatic Configuration of Attached PCs by DHCP

The FVS124G VPN Firewall dynamically assigns network configuration information,

including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN

using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies

configuration of PCs on your local network.

•

DNS Proxy

When DHCP is enabled and no DNS addresses are specified, the firewall provides its own

address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from

the ISP during connection setup and forwards DNS requests from the LAN.

•

PPP over Ethernet (PPPoE)

PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by

simulating a dial-up connection. This feature eliminates the need to run a login program such

as EnterNet or WinPOET on your PC.

Easy Installation and Management

You can install, configure, and operate the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit

LAN and Dual WAN Ports within minutes after connecting it to the network. The following

features simplify installation and management tasks:

•

Browser-based management

Browser-based configuration allows you to easily configure your firewall from almost any

type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup

Wizard is provided and online help documentation is built into the browser-based Web

Management Interface.

•

Smart Wizard

The FVS124G VPN Firewall automatically senses the type of Internet connection, asking you

only for the information required for your type of ISP account.

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Introduction

2-5

202-10085-01, March 2005

•

VPN Wizard

The FVS124G VPN Firewall includes the NETGEAR VPN Wizard to easily configure VPN

tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC)

to ensure the VPN tunnels are interoperable with other VPNC-compliant VPN routers and

clients.

•

SNMP

The FVS124G VPN Firewall supports the Simple Network Management Protocol (SNMP) to

let you monitor and manage log resources from an SNMP-compliant system manager. The

SNMP system configuration lets you change the system variables for MIB2.

•

Diagnostic functions

The firewall incorporates built-in diagnostic functions such as Ping, Trace Route, DNS

lookup, and remote reboot.

•

Remote management

The firewall allows you to login to the Web Management Interface from a remote location on

the Internet. For security, you can limit remote management access to a specified remote IP

address or range of addresses, and you can choose a nonstandard port number.

•

Visual monitoring

The FVS124G VPN Firewall’s front panel LEDs provide an easy way to monitor its status and

activity.

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the FVS124G VPN

Firewall:

•

Flash memory for firmware upgrade

•

Free technical support seven days a week, twenty-four hours a day

Package Contents

The product package should contain the following items:

•

FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports.

•

AC power adapter (varies by region).

•

Rubber feet.

•

Category 5 (Cat 5) Ethernet cable.

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

2-6

Introduction

202-10085-01, March 2005

•

Resource CD for ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

,

including:

–

This guide.

–

Application Notes and other helpful information.

–

ProSafe VPN Client Software - single user license.

•

Warranty and Support Information Card.

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the

carton, including the original packing materials, in case you need to return the firewall for repair.

The Router’s Front Panel

The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports front panel

shown below contains the port connections, status LEDs, and the factory defaults reset button.

Figure 2-1:

FVS124G Front Panel

You can use the LEDs to verify various conditions.

Table 2-1

lists and describes each object on the

front panel of the firewall and its operation.

1

LAN

2

3

4

SPEED

LINK/ACT

ACTIVE

100

LINK/ACT

WAN2

ACTIVE

100

LINK/ACT

WAN1

TEST

PWR

MODEL

FVS

124G

ProSafe Dual WAN VPN Gigabit Firewall

PWR

TEST

LED

LED

WAN1 Port

LEDs

WAN2 Port

LEDs

Gigabit LAN

Port LEDs

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Introduction

2-7

202-10085-01, March 2005

The Router’s Rear Panel

The rear panel of the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN

Ports (

Figure 2-2

) contains the factory defaults reset button, LAN and WAN ports, and DC power

input connection.

Table 2-1.

FVS124G front panel

Object

Activity

Description

PWR LED

On (Green)

Off

Power is supplied to the firewall.

Power is not supplied to the firewall.

TEST LED

On (Amber)

Blinking (Amber)

Off

Test mode: The system is initializing or the initialization has failed.

Writing to Flash memory (during upgrading or resetting to defaults).

The system has booted successfully.

WAN Port

LEDs

Link/Act LED

On (Green)

Blinking (Green)

Off

The WAN port has detected a link with a connected Ethernet device.

Data is being transmitted or received by the WAN port.

The WAN port has no link.

100 LED

On (Green)

Off

The WAN port is operating at 100 Mbps.

The WAN port is operating at 10 Mbps.

Active LED

On (Green)

On (Amber)

Off

The WAN port has a valid Internet connection.

The Internet connection is down or not being used.

The WAN port is either not enabled or has no link.

Gigabit LAN

Port LEDs

Link/Act LED

On (Green)

Blinking (Green)

Off

The LAN port has detected a link with a connected Ethernet device.

Data is being transmitted or received by the LAN port.

The LAN port has no link.

Speed LED

On (Green)

On (Amber)

Off

The LAN port is operating at 1,000 Mbps.

The LAN port is operating at 100 Mbps.

The LAN port is operating at 10 Mbps.