1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 28
Page 136 / 203 Scroll up to view Page 131 - 135
136
|
Chapter 8:
VPN Firewall and Network Management
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Destination Address
. These settings determine the destination IP address for this rule
which will be applicable to incoming traffic This rule will be applied only when the
destination IP address of the incoming packet matches the IP address of the selected
WAN interface Selecting ANY enables the rule for any LAN IP destination. WAN1 and
WAN2 corresponds to the respective WAN interface governed by this rule.
Services
. You can specify the desired services or applications to be covered a rule. If the
desired service or application does not appear in the
Custom Services Table
, you must
define it using the Services screen (see
“Adding Customized Services”
on page 57).
Schedule
. If you have set firewall rules on the LAN WAN Rules screen, you can configure
three different schedules (for example, schedule 1, schedule 2, and schedule 3) for when
a rule is to be applied. Once a schedule is configured, it affects all rules that use this
schedule. You specify the days of the week and time of day for each schedule. (See
“Using Rules to Block or Allow Specific Kinds of Traffic”
on page 43 for the procedure on
how to use this feature.)
Port Triggering
Port triggering allows some applications to function correctly that would otherwise be partially
blocked by the VPN firewall. Using this feature requires that you know the port numbers used
by the application.
Once configured, port triggering operates as follows:
A PC makes an outgoing connection using a port number defined in the
Port Triggering
table.
The VPN firewall records this connection, opens the additional incoming port or ports
associated with this entry in the
Port Triggering
table, and associates them with the PC.
The remote system receives the PCs request and responds using the different port
numbers that you have now opened.
The VPN firewall matches the response to the previous request and forwards the
response to the PC. Without port triggering, this response would be treated as a new
connection request rather than a response. As such, it would be handled in accordance
with the Port Forwarding rules.
-
Only one PC can use a port triggering application at any time.
-
After a PC has finished using a port triggering application, there is a time-out period
before the application can be used by another PC. This is required because the VPN
firewall cannot be sure when the application has terminated.
See
“Configuring Port Triggering”
on page 66 for the procedure on how to use this feature.
VPN Tunnels
The VPN firewall permits up to 25 IPsec VPN tunnels and 10 SSL VPN tunnels at a time.
Each tunnel requires extensive processing for encryption and authentication.
See Chapter 5,
“Virtual Private Networking Using IPsec"
for the procedure on how to use
IPsec VPN, and Chapter 6,
“Virtual Private Networking Using SSL"
for the procedure on how
to use SSL VPN.
Page 137 / 203
Chapter 8:
VPN Firewall and Network Management
|
137
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Using QoS to Shift the Traffic Mix
The QoS priority settings determine the priority and, in turn, the quality of service for the
traffic passing through the VPN firewall. The QoS is set individually for each service.
You can accept the default priority defined by the service itself by not changing its QoS
setting.
You can change the priority to a higher or lower value than its default setting to give the
service higher or lower priority than it otherwise would have.
The QoS priority settings conform to the IEEE 802.1D-1998 (formerly 802.1p) standard for
class of service tag.
You will not change the WAN bandwidth used by changing any QoS priority settings. But you
will change the mix of traffic through the WAN ports by granting some services a higher
priority than others. The quality of a service is impacted by its QoS setting, however.
See
“Setting Quality of Service (QoS) Priorities”
on page 58 for the procedure on how to use
this feature.
Tools for Traffic Management
The VPN firewall includes several tools that can be used to monitor the traffic conditions and
control who has access to the Internet and the types of traffic they are allowed to have. See
Chapter 9,
“Monitoring System Performance"
for a discussion of the tools.
Changing Passwords and Administrator Settings
Note:
See also
“Changing Passwords and Other User Settings”
on
page 123.
The default administrator and guest password for the Web Configuration Manager is
password
. Netgear recommends that you change this password to a more secure password.
You can also configure a separate password for the guest account.
Page 138 / 203
138
|
Chapter 8:
VPN Firewall and Network Management
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
To modify the Admin user account settings, including the password:
1.
Select Users > Users from the menu.
2.
Select the checkbox next to admin in the
Name
column, then click
Edit
in the
Action
column.
The Edit User screen is displayed, with the current settings for Administrator in the
Select
User Type
drop-down list (for more information about the different types of users, see
“Changing Passwords and Other User Settings”
on page 123).
3.
Select the
Check to Edit Password
checkbox. The password fields become active.
4.
Enter the old password, then enter the new password twice.
5.
(Optional) To change the idle timeout for an administrator login session, enter a new
number of minutes in the
Idle Timeout
field.
6.
Click
Apply
to save your settings or
Reset
to return to your previous settings.
Note:
After a factory default reset, the password and timeout value will be
changed back to
password
and
10
minutes, respectively.
Page 139 / 203
Chapter 8:
VPN Firewall and Network Management
|
139
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Enabling Remote Management Access
Using the Remote Management screen, you can allow an administrator on the Internet to
configure, upgrade, and check the status of your VPN firewall. You must be logged in locally
to enable remote management (see
“Logging into the VPN Firewall”
on page 15).
Note:
Be sure to change the default configuration password of the VPN
firewall to a very secure password. The ideal password should
contain no dictionary words from any language, and should be a
mixture of letters (both upper and lower case), numbers, and
symbols. Your password can be up to 30 characters. (See
“Changing Passwords and Other User Settings”
on page 123.)
To configure your VPN firewall for remote management:
1.
Select
Administration
>
Remote Management
from the menu. The Remote
Management screen is displayed.
2.
Click the
Yes
radio button to enable secure HTTP management (enabled by default),
and configure the external IP addresses that will be allowed to connect.
a.
To allow access from any IP address on the Internet, select
Everyone
.
b.
To allow access from a range of IP addresses on the Internet, select
IP address
range
.
Enter a beginning and ending IP address to define the allowed range.
Page 140 / 203
140
|
Chapter 8:
VPN Firewall and Network Management
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
c.
To allow access from a single IP address on the Internet, select
Only this PC
.
Enter the IP address that will be allowed access.
3.
Configure the port number that will be used for secure HTTP management. The default
port number is 443.
4.
To enable remote management by the command line interface (CLI) over Telnet, click
Yes
to Allow Telnet Management, and configure the external IP addresses that will be
allowed to connect (see <pdf>“Using the Command Line Interface” on page 8-141).
a.
To allow access from any IP address on the Internet, select
Everyone
.
b.
To allow access from a range of IP addresses on the Internet, select
IP address
range
.
Enter a beginning and ending IP address to define the allowed range.
c.
To allow access from a single IP address on the Internet, select
Only this P
C.
Enter the IP address that will be allowed access.
5.
Click
Apply
to have your changes take effect.
Note:
For enhanced security, restrict access to as few external IP
addresses as practical. See
“Setting User Login Policies”
on
page 121 for instructions on restricting administrator access. Be
sure to use strong passwords.
For accessing your VPN firewall from the Internet, the Secure Sockets Layer (SSL) will be
enabled. You will enter
https://
(not
http://
) and type your VPN firewall’s WAN IP address into
your browser. For example, if your WAN IP address is 172.16.0.123, type the following in
your browser:
.
The VPN firewall’s remote login URL is
https://<
IP_address>
or
https://<
FullyQualifiedDomainName>
.
To maintain security, the VPN firewall will reject a login that uses
http://address
rather
than the SSL
https://address
.
The first time you remotely connect to the VPN firewall with a browser via SSL, you may
get a warning message regarding the SSL certificate. If you are using a Windows
computer with Internet Explorer 5.5 or higher, simply click Yes to accept the certificate.
If you are unable to remotely connect to the VPN firewall after enabling HTTPS remote
management, check whether other user policies, such as the default user policy, are
preventing access.
If you disable HTTPS remote management, all SSL VPN user connections will also be
disabled.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top