1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 2
Page 6 / 203 Scroll up to view Page 1 - 5
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
6
|
Table of Contents
Using Rules to Block or Allow Specific Kinds of Traffic . . . . . . . . . . . . . . .43
About Services-Based Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Viewing the Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Setting the Default Outbound Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Creating a LAN WAN Outbound Services Rule . . . . . . . . . . . . . . . . . . .49
Creating a LAN WAN Inbound Services Rule. . . . . . . . . . . . . . . . . . . . .49
Modifying Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Inbound Rules Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Outbound Rules Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Configuring Other Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Attack Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Configuring Session Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Managing the Application Level Gateway for SIP Sessions. . . . . . . . . .56
Creating Services, QoS Profiles, and Bandwidth Profiles . . . . . . . . . . . . .57
Adding Customized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Setting Quality of Service (QoS) Priorities . . . . . . . . . . . . . . . . . . . . . . .58
Creating Bandwidth Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Setting a Schedule to Block or Allow Specific Traffic . . . . . . . . . . . . . . . . .61
Blocking Internet Sites (Content Filtering) . . . . . . . . . . . . . . . . . . . . . . . . .62
Configuring Source MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Configuring IP/MAC Address Binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Configuring Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
E-Mail Notifications of Event Logs and Alerts. . . . . . . . . . . . . . . . . . . . . . .68
Administrator Tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Chapter 5
Virtual Private Networking Using IPsec
Considerations for Dual WAN Port Systems . . . . . . . . . . . . . . . . . . . . . . .70
Using the VPN Wizard for Client and Gateway Configurations . . . . . . . . .72
Creating Gateway to Gateway VPN Tunnels with the Wizard . . . . . . . .72
Creating a Client to Gateway VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . .75
Testing the Connections and Viewing Status Information . . . . . . . . . . . . .80
NETGEAR VPN Client Status and Log Information . . . . . . . . . . . . . . . .80
VPN Firewall VPN Connection Status and Logs . . . . . . . . . . . . . . . . . .82
Managing VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Configuring IKE Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Configuring VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Configuring Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . .86
Configuring XAUTH for VPN Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . .86
User Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
RADIUS Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Assigning IP Addresses to Remote Users (ModeConfig). . . . . . . . . . . . . .90
Mode Config Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Configuring Mode Config Operation on the VPN Firewall . . . . . . . . . . .91
Configuring the ProSafe VPN Client for ModeConfig . . . . . . . . . . . . . . .94
Configuring Keepalives and Dead Peer Detection . . . . . . . . . . . . . . . . . . .95
Page 7 / 203
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Table of Contents
|
7
Configuring Keepalives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Configuring Dead Peer Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
Configuring NetBIOS Bridging with VPN . . . . . . . . . . . . . . . . . . . . . . . . . .97
Chapter 6
Virtual Private Networking Using SSL
Understanding the Portal Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Planning for SSL VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Creating the Portal Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Configuring Domains, Groups, and Users . . . . . . . . . . . . . . . . . . . . . . . .104
Configuring Applications for Port Forwarding. . . . . . . . . . . . . . . . . . . . . .104
Adding Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Adding A New Host Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Configuring the SSL VPN Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Configuring the Client IP Address Range. . . . . . . . . . . . . . . . . . . . . . .107
Adding Routes for VPN Tunnel Clients . . . . . . . . . . . . . . . . . . . . . . . .108
Replacing and Deleting Client Routes . . . . . . . . . . . . . . . . . . . . . . . . .109
Using Network Resource Objects to Simplify Policies . . . . . . . . . . . . . . .109
Adding New Network Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Configuring User, Group, and Global Policies . . . . . . . . . . . . . . . . . . . . .110
Viewing SSL VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Adding an SSL VPN Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Chapter 7
Managing Users, Authentication, and Certificates
Adding Authentication Domains, Groups, and Users . . . . . . . . . . . . . . . .116
Creating a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Creating a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Creating a New User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Setting User Login Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Changing Passwords and Other User Settings . . . . . . . . . . . . . . . . . .123
Managing Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Viewing and Loading CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . .126
Viewing Active Self Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Obtaining a Self Certificate from a Certificate Authority . . . . . . . . . . . .127
Managing your Certificate Revocation List (CRL) . . . . . . . . . . . . . . . .129
Chapter 8
VPN Firewall and Network Management
Performance Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Bandwidth Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Features That Reduce Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Features That Increase Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Using QoS to Shift the Traffic Mix . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Tools for Traffic Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Changing Passwords and Administrator Settings . . . . . . . . . . . . . . . . . .137
Enabling Remote Management Access . . . . . . . . . . . . . . . . . . . . . . . . . .139
Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Page 8 / 203
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
8
|
Table of Contents
Using an SNMP Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Managing the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Reverting to Factory Default Settings. . . . . . . . . . . . . . . . . . . . . . . . . .145
Configuring Date and Time Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Chapter 9
Monitoring System Performance
Enabling the Traffic Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Activating Notification of Events and Alerts . . . . . . . . . . . . . . . . . . . . . . .150
Viewing the Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Viewing VPN Firewall Configuration and System Status . . . . . . . . . . . . .154
Monitoring VPN Firewall Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Monitoring the Status of WAN Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Monitoring Attached Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Viewing the DHCP Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Monitoring Active Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Viewing Port Triggering Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Monitoring VPN Tunnel Connection Status . . . . . . . . . . . . . . . . . . . . . . .160
Viewing the VPN Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Chapter 10 Troubleshooting
Basic Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Power LED Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
LEDs Never Turn Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
LAN or WAN Port LEDs Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
Troubleshooting the Web Configuration Interface . . . . . . . . . . . . . . . . . .164
Troubleshooting the ISP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
Troubleshooting a TCP/IP Network Using a Ping Utility. . . . . . . . . . . . . .166
Testing the LAN Path to Your VPN Firewall . . . . . . . . . . . . . . . . . . . . .166
Testing the Path from Your PC to a Remote Device . . . . . . . . . . . . . .167
Restoring the Default Configuration and Password . . . . . . . . . . . . . . . . .167
Problems with Date and Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Using the Diagnostics Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Appendix A
Default Settings and Technical Specifications
Appendix B
Network Planning for Dual WAN Ports
What You Need to Do Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . .173
Cabling and Computer Hardware Requirements . . . . . . . . . . . . . . . . .174
Computer Network Configuration Requirements . . . . . . . . . . . . . . . . .175
Internet Configuration Requirements . . . . . . . . . . . . . . . . . . . . . . . . . .175
Where Do I Get the Internet Configuration Parameters? . . . . . . . . . . .175
Internet Connection Information Form . . . . . . . . . . . . . . . . . . . . . . . . .176
Overview of the Planning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Inbound Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Virtual Private Networks (VPNs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Page 9 / 203
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Table of Contents
|
9
The Roll-over Case for Firewalls With Dual WAN Ports. . . . . . . . . . . .177
The Load Balancing Case for Firewalls with Dual WAN Ports . . . . . . .178
Inbound Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Inbound Traffic to Single WAN Port (Reference Case) . . . . . . . . . . . .179
Inbound Traffic to Dual WAN Port Systems . . . . . . . . . . . . . . . . . . . . .179
Virtual Private Networks (VPNs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
VPN Road Warrior (Client-to-Gateway) . . . . . . . . . . . . . . . . . . . . . . . .182
VPN Gateway-to-Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
VPN Telecommuter (Client-to-Gateway Through a NAT Router). . . . .187
Appendix C
Two Factor Authentication
Why do I need Two-Factor Authentication? . . . . . . . . . . . . . . . . . . . . . . .190
What are the benefits of Two-Factor Authentication? . . . . . . . . . . . . .190
What is Two-Factor Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . .191
NETGEAR Two-Factor Authentication Solutions . . . . . . . . . . . . . . . . . . .191
Appendix D
Related Documents
Appendix E
Notification of Compliance
Index
Page 10 / 203
Chapter 1:
Introduction
|
10
Introduction
1
The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 connects your LAN
to the Internet through one or two external broadband modems. Dual WAN ports allow you to
increase throughput to the Internet by using both ports together, or to maintain a backup
connection in case your primary Internet connection fails. The FVS336Gv2 incorporates a
powerful and flexible firewall to safeguard your network, while providing advanced IPsec and
SSL VPN technologies for secure, simple remote connections. The network storage is a
plug-and-play device that can be installed and configured within minutes.
This chapter contains the following sections:
Package Contents
on this page.
“Front Panel Features”
on page 11.
“Rear Panel Features”
on page 12.
“Default IP Address, Login Name, and Password Location”
on page 12.
“Qualified Web Browsers”
on page 13.
Package Contents
The product package should contain the following items:
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 appliance.
One AC power cable.
Rubber feet.
One Category 5 (Cat5) Ethernet cable.
Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN
.
Resource CD
, including:
Application Notes and other helpful information.
ProSafe VPN Client Software—one user license.
Warranty and Support Information Card.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top