Introduction

11

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Key Features and Capabilities

The wireless VPN firewall provides the following key features and capabilities:

•

A single 10/100/1000 Mbps Gigabit Ethernet WAN port

•

Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data

transfer between local network resources

•

A wireless radio with up to four wireless profiles

•

Both IPv4 and IPv6 support

•

Advanced IPSec VPN and SSL VPN support

•

L2TP tunnel support

•

Advanced stateful packet inspection (SPI) firewall with multi-NAT support

•

SNMP manageable

•

Front panel LEDs for easy monitoring of status and activity

•

Flash memory for firmware upgrade

•

Internal universal switching power supply

Wireless Features

The wireless VPN firewall supports the following features:

•

2.4 GHz radio

. 2.4-GHz band support with 802.11b/g/n wireless modes.

•

Wireless profiles

. Support for up to four wireless profiles, each with its own SSID.

•

Access control

. The Media Access Control (MAC) address filtering feature can ensure

that only trusted wireless stations can use the wireless VPN firewall to gain access to

your LAN.

•

Hidden mode

. The SSID is not broadcast, assuring that only clients configured with the

correct SSID can connect.

•

Secure and economical operation

. Adjustable power output allows more secure or

economical operation.

Advanced VPN Support for Both IPSec and SSL

The wireless VPN firewall supports IPSec and SSL virtual private network (VPN)

connections:

•

IPSec VPN delivers full network access between a central office and branch offices, or

between a central office and telecommuters. Remote access by telecommuters requires

the installation of VPN client software on the remote computer.

-

IPSec VPN with broad protocol support for secure connection to other IPSec

gateways and clients.

-

Up to 12 simultaneous IPSec VPN connections.

-

Bundled with a 30-day trial license for the ProSafe VPN Client software (VPN01L).

Introduction

12

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

•

SSL VPN provides remote access for mobile users to selected corporate resources

without requiring a preinstalled VPN client on their computers.

-

Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for

e-commerce transactions, to provide client-free access with customizable user portals

and support for a wide variety of user repositories.

-

Up to five simultaneous SSL VPN connections.

-

Allows browser-based, platform-independent remote access through a number of

popular browsers, such as Microsoft Internet Explorer, Mozilla Firefox, and Apple

Safari.

-

Provides granular access to corporate resources based on user type or group

membership.

A Powerful, True Firewall

Unlike simple NAT routers, the wireless VPN firewall is a true firewall, using stateful packet

inspection (SPI) to defend against hacker attacks. Its firewall features have the following

capabilities:

•

DoS protection

.

Automatically detects and thwarts denial of service (DoS) attacks such

as Ping of Death and SYN flood.

•

Secure firewall

.

Blocks unwanted traffic from the Internet to your LAN.

•

Schedule policies

. Permits scheduling of firewall policies by day and time.

•

Logs security incidents

.

Logs security events such as logins and secure logins. You can

configure the firewall to email the log to you at specified intervals.

Security Features

The wireless VPN firewall is equipped with several features designed to maintain security:

•

Computers hidden by NAT

. NAT opens a temporary path to the Internet for requests

originating from the local network. Requests originating from outside the LAN are

discarded, preventing users outside the LAN from finding and directly accessing the

computers on the LAN.

•

Port forwarding with NAT

.

Although NAT prevents Internet locations from directly

accessing the computers on the LAN, the wireless VPN firewall allows you to direct

incoming traffic to specific computers based on the service port number of the incoming

request.

•

DMZ port

. Incoming traffic from the Internet is usually discarded by the wireless VPN

firewall unless the traffic is a response to one of your local computers or a service for

which you have configured an inbound rule. Instead of discarding this traffic, you can use

the dedicated demilitarized zone (DMZ) port to forward the traffic to one computer on your

network.

Introduction

13

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Autosensing Ethernet Connections with Auto Uplink

With its internal eight-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the wireless

VPN firewall can connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast

Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The LAN and WAN interfaces

are autosensing and capable of full-duplex or half-duplex operation.

The wireless VPN firewall incorporates Auto Uplink

TM

technology. Each Ethernet port

automatically senses whether the Ethernet cable plugged into the port should have a

normal

connection such as to a computer or an

uplink

connection such as to a switch or hub. That

port then configures itself correctly. This feature eliminates the need for you to think about

crossover cables, as Auto Uplink accommodates either type of cable to make the right

connection.

Extensive Protocol Support

The wireless VPN firewall supports the Transmission Control Protocol/Internet Protocol

(TCP/IP) and Routing Information Protocol (RIP). The wireless VPN firewall provides the

following protocol support:

•

IP address sharing by NAT

. The wireless VPN firewall allows many networked

computers to share an Internet account using only a single IP address, which might be

statically or dynamically assigned by your Internet service provider (ISP). This technique,

known as Network Address Translation (NAT), allows the use of an inexpensive

single-user ISP account.

•

Automatic configuration of attached computers by DHCP

. The wireless VPN firewall

dynamically assigns network configuration information, including IP, gateway, and

Domain Name Server (DNS) addresses, to attached computers on the LAN using the

Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies

configuration of computers on your local network.

•

DNS proxy

. When DHCP is enabled and no DNS addresses are specified, the firewall

provides its own address as a DNS server to the attached computers. The firewall obtains

actual DNS addresses from the ISP during connection setup and forwards DNS requests

from the LAN.

•

PPP over Ethernet (PPPoE)

. PPPoE is a protocol for connecting remote hosts to the

Internet over a DSL connection by simulating a dial-up connection.

•

Quality of Service (QoS)

.

The wireless VPN firewall supports QoS.

•

Layer 2 Tunneling Protocol (L2TP)

. A tunneling protocol that is used to support virtual

private networks (VPNs).

Introduction

14

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Easy Installation and Management

You can install, configure, and operate the wireless VPN firewall within minutes after

connecting it to the network. The following features simplify installation and management

tasks:

•

Browser-based management

. Browser-based configuration allows you to easily

configure the wireless VPN firewall from almost any type of operating system, such as

Windows, Macintosh, or Linux. Online help documentation is built into the browser-based

web management interface.

•

Auto-detection of ISP

. The wireless VPN firewall automatically senses the type of

Internet connection, asking you only for the information required for your type of ISP

account.

•

IPSec VPN Wizard

. The wireless VPN firewall includes the NETGEAR IPSec VPN

Wizard so you can easily configure IPSec VPN tunnels according to the

recommendations of the Virtual Private Network Consortium (VPNC). This ensures that

the IPSec VPN tunnels are interoperable with other VPNC-compliant VPN routers and

clients.

•

SNMP

. The wireless VPN firewall supports the Simple Network Management Protocol

(SNMP) to let you monitor and manage log resources from an SNMP-compliant system

manager. The SNMP system configuration lets you change the system variables for

MIB2.

•

Diagnostic functions

. The wireless VPN firewall incorporates built-in diagnostic

functions such as ping, traceroute, DNS lookup, and remote reboot.

•

Remote management

. The wireless VPN firewall allows you to log in to the web

management interface from a remote location on the Internet. For security, you can limit

remote management access to a specified remote IP address or range of addresses.

•

Visual monitoring

. The wireless VPN firewall’s front panel LEDs provide an easy way to

monitor its status and activity.

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the wireless VPN

firewall:

•

Flash memory for firmware upgrades.

•

Technical support seven days a week, 24 hours a day. Information about support is

available on the NETGEAR website at

.

Introduction

15

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Package Contents

The wireless VPN firewall product package contains the following items:

•

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

•

One 12V 1A power supply unit for your region

•

Rubber feet

•

Ethernet cable

•

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Installation Guide

•

Resource CD

, including:

-

Application Notes and other helpful information

-

30-day trial license for the ProSafe VPN Client software (VPN01L)

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep

the carton, including the original packing materials, in case you need to return the product for

repair.

Hardware Features

The front panel ports and LEDs, rear panel ports, and bottom label of the wireless VPN

firewall are described in the following sections.

Front Panel

Viewed from left to right, the wireless VPN firewall front panel contains the following ports:

•

LAN Ethernet ports. Eight switched N-way automatic speed negotiating, Auto MDI/MDIX,

Gigabit Ethernet ports with RJ-45 connectors.

•

WAN Ethernet port. One independent N-way automatic speed negotiating, Auto

MDI/MDIX, Gigabit Ethernet port with an RJ-45 connector.

The front panel also contains three groups of status indicator light-emitting diodes (LEDs),

including Power and Test LEDs, LAN LEDs, and WAN LEDs, all of which are explained in

detail in the following table. Some LED explanation is provided on the front panel.