1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS328
    5. /
  5. 21
Page 101 / 224 Scroll up to view Page 96 - 100
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-27
December 2003, M-10041-01
f.
You will now see the “FVS328” entry in the Active Self Certificates table and the pending
“FVS328” Self Certificate Request is gone, as illustrated below.
Figure 7-15:
Self Certificates table
7.
Associate the new certificate and the Trusted Root CA certificate on the FVS328.
a.
Create a new IKE policy called
Scenario_2
with all the same properties of
Scenario_1
(see
“Scenario 1 IKE Policy” on page 7-19
) except now use the RSA Signature instead of
the shared key.
Figure 7-16:
IKE policy using RSA Signature
b.
Create a new VPN Auto Policy called
scenario2a
with all the same properties as
scenario1a
except that it uses the IKE policy called Scenario_2.
Page 102 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-28
Virtual Private Networking
December 2003, M-10041-01
Now, the traffic from devices within the range of the LAN subnet addresses on FVS328
Gateway A and Gateway B will be authenticated using the certificates and generated keys
rather than via a shared key.
8.
Set up Certificate Revocation List (CRL) checking.
a.
Get a copy of the CRL from the CA and save it as a text file.
Note:
The procedure for obtaining a CRL differs from a CA like Verisign and a CA such
as a Windows 2000 certificate server, which an organization operates for providing
certificates for its members. Follow the procedures of your CA.
b.
From the main menu VPN section, click the CRL link.
c.
Click Add to add a CRL.
d.
Click Browse to locate the CRL file.
e.
Click Upload.
Now expired or revoked certificates will not be allowed to use the VPN tunnels managed by
IKE policies which use this CA.
Note:
You must update the CRLs regularly in order to maintain the validity of the
certificate-based VPN policies.
Page 103 / 224
Managing Your Network
8-1
December 2003, M-10041-01
Chapter 8
Managing Your Network
This chapter describes how to perform network management tasks with your FVS328 ProSafe
VPN Firewall with Dial Back-up.
Network Management
The FVS328 provides remote management access and a variety of status and usage information
which is discussed below.
How to Configure Remote Management
Using the Remote Management page, you can allow a user or users on the Internet to configure,
upgrade and check the status of your FVS328 Firewall.
1.
Log in to the firewall at its default LAN address of
with its default user
name of
admin
, default password of
password
, or using whatever password and LAN address
you have chosen for the firewall.
2.
In the Advanced section on the left navigator, select Remote Management.
3.
Select the Turn Remote Management On check box.
4.
Specify what external addresses will be allowed to access the firewall’s remote management.
Note:
For security reasons, restrict access to as few external IP addresses as practical.
a.
To allow access from any IP address on the Internet, select Everyone.
b.
To allow access from a range of IP addresses on the Internet, select IP address range.
Enter a beginning and ending IP address to define the allowed range.
Note:
Be sure to change the router's default password to a very secure password. The
ideal password should contain no dictionary words from any language, and should be a
mixture of letters (both upper and lower case), numbers, and symbols. Your password
can be up to 30 characters.
Page 104 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
8-2
Managing Your Network
December 2003, M-10041-01
c.
To allow access from a single IP address on the Internet, select Only this PC.
Enter the IP address that will be allowed access.
5.
Specify the Port Number that will be used for accessing the management interface.
Web browser access normally uses the standard HTTP service port 80. For greater security,
you can change the remote management Web interface to a custom port by entering that
number in the box provided. Choose a number between 1024 and 65535, but do not use the
number of any common service port. The default is 8080, which is a common alternate for
HTTP.
6.
The IP Address to connect to this device is used to manage this router via the Internet. You
need its public IP Address, as seen from the Internet. This public IP Address is allocated by
your ISP, and is shown here. But if your ISP account uses a Dynamic IP Address, the address
can change each time you connect to your ISP. There are 2 solutions to this problem:
a.
Have your ISP allocate you a Fixed IP address.
b.
Use the DDNS (Dynamic DNS) feature so you can connect using a domain name, rather
than an IP address.
7.
Click Apply to have your changes take effect.
When accessing your router from the Internet, the Secure Sockets Layer (SSL) will be enabled.
You will enter
https://
and type your router's WAN IP address into your browser's Address (in IE)
or Location (in Netscape) box, followed by a colon (:) and the custom port number. For example, if
your external address is 134.177.0.123 and you use port number 8080, enter in your browser:
Note:
When you remotely connect to the FVS328 with a browser via SSL, you may get a
message regarding the SSL certificate. If you are using a Windows computer with Internet
Explorer 5.5 or higher, simply click Yes to accept the certificate.
Tip:
If you are using a dynamic DNS service such as TZO, you can always identify the IP
address of your FVS328 by running
TRACERT
from the Windows Start menu Run option. For
example,
tracert yourFVS328.mynetgear.ne
t
and you will see the IP address your ISP has
currently assigned to the FVS328.
Page 105 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Managing Your Network
8-3
December 2003, M-10041-01
Viewing Router Status and Usage Statistics
From the Main Menu, under Maintenance, select Router Status to view the screen in
Figure 8-1
.
Figure 8-1: Router Status screen
The Router Status menu provides a limited amount of status and usage information. From the
Main Menu of the browser interface, under Maintenance, select Router Status to view the status
screen, shown in
Figure 8-1
.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top