1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 5
Page 21 / 203 Scroll up to view Page 16 - 20
Chapter 2:
Connecting the VPN Firewall to the Internet
|
21
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
My IP Address
.
IP address assigned by the ISP to make the connection with the
ISP server.
Server IP Address
.
IP address of the PPTP server.
7.
Review the Internet (IP) Address options.
8.
If your ISP has not assigned a static IP address, click
Get dynamically from ISP
. The
ISP will automatically assign an IP address to the network storage using DHCP network
protocol. The IP address and subnet mask fields will be inactivated. As an option, you
can select the following checkboxes:
Client Identifier
. Select this checkbox if your ISP requires the Client Identifier
information to assign an IP address using DHCP.
Vendor Class Identifier
. Select this checkbox if your ISP requires the Vendor Class
Identifier information to assign an IP address using DHCP.
The ISP will automatically assign an IP address to the VPN firewall using DHCP network
protocol.
9.
If your ISP has assigned a fixed (static) IP address, select
Use Static IP Address
, and
configure the following fields:
IP Address.
Enter the Static IP address assigned to you, that identifies the VPN
firewall to your ISP.
Subnet Mask.
Enter the mask provided by the ISP or your network administrator.
Gateway IP Address.
Enter the IP address of the ISP’s gateway, provided by the ISP
or your network administrator.
10.
Review the Domain Name Server (DNS)
server options.
If your ISP has not assigned any DNS
addresses, click
Get dynamically from
ISP
.
If your ISP (or your IT department) has
assigned DNS addresses, click
Use
these DNS Servers
and enter the DNS
server IP addresses provided to you in the fields.
11.
Click
Apply
to save any changes to the WAN1 ISP Settings. (Or click
Reset
to discard
any changes and revert to the previous settings.)
12.
Click
Test
to evaluate your entries.
Page 22 / 203
22
|
Chapter 2:
Connecting the VPN Firewall to the Internet
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
The VPN firewall will attempt to connect to the NETGEAR website. If a successful
connection is made, NETGEAR’s website appears.
13.
If you intend to use a dual WAN mode, click the
WAN2 ISP Settings
tab and configure
the WAN2 ISP settings using the same steps as WAN1.
Configuring the WAN Mode (Required for Dual
WAN)
The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be
configured on a mutually exclusive basis for either auto-rollover (for increased system
reliability) or load balancing (for maximum bandwidth efficiency), or one port can be disabled.
Auto-Rollover Mode
. The selected WAN interface is made primary and the other is the
rollover link. As long as the primary link is up, all traffic is sent over the primary link. Once
the primary WAN interface goes down, the rollover link is brought up to send the traffic.
Traffic will automatically roll back to the original primary link once the original primary link
is back up and running again. If you want to use a redundant ISP link for backup
purposes, select the WAN port that will act as the primary link for this mode. Ensure that
the backup WAN port has also been configured and that you configure in the WAN Failure
Detection Method section of the WAN Mode screen to support Auto-Rollover.
Load Balancing Mode
. The VPN firewall distributes the outbound traffic equally among
the WAN interfaces that are functional.
Note:
Scenarios could arise when load balancing needs to be bypassed
for certain traffic or applications. If certain traffic needs to travel on a
specific WAN interface, configure protocol binding rules for that
WAN interface. The rule should match the desired traffic.
Single WAN Port Mode
. The selected WAN interface is made primary and the other is
disabled.
Whichever WAN mode you choose, you must also choose either NAT or classical routing, as
explained in the following sections.
Network Address Translation
Network Address Translation (NAT) allows all PCs on your LAN to share a single public
Internet IP address. From the Internet, there is only a single device (the VPN firewall) and a
single IP address. PCs on your LAN can use any private IP address range, and these IP
addresses are not visible from the Internet.
The VPN firewall uses NAT to select the correct PC (on your LAN) to receive any
incoming data.
Page 23 / 203
Chapter 2:
Connecting the VPN Firewall to the Internet
|
23
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
If you only have a single public Internet IP address, you MUST use NAT. (the default
setting).
If your ISP has provided you with multiple public IP addresses, you can use one address
as the primary shared address for Internet access by your PCs, and you can map
incoming traffic on the other public IP addresses to specific PCs on your LAN. This
one-to-one inbound mapping is configured using an inbound firewall rule.
Classical Routing
In classical routing mode, the VPN firewall performs routing, but without NAT. To gain Internet
access, each PC on your LAN must have a valid static Internet IP address.
If your ISP has allocated a number of static IP addresses to you, and you have assigned one
of these addresses to each PC, you can choose classical routing. Or, you can use classical
routing for routing private IP addresses within a campus environment. To learn the status of
the WAN ports, you can view the Router Status screen (see <pdf>“Viewing VPN Firewall
Configuration and System Status” on page 9-154) or look at the LEDs on the front panel (see
“Rear Panel Features”
on page 12).
Configuring Auto-Rollover Mode
To use a redundant ISP link for backup purposes, ensure that the backup WAN port has
already been configured. Then select the WAN port that will act as the primary link for this
mode and configure the WAN Failure Detection Method to support Auto-Rollover.
When the VPN firewall is configured in Auto-Rollover mode, it uses the selected WAN Failure
Detection Method to check the connection of the primary link at regular intervals to detect its
routing status. Link failure is detected in one of the following ways:
By sending DNS queries to a DNS server, or
By sending a Ping request to an IP address, or
None (no failure detection is performed).
From each WAN interface, DNS queries or Ping requests are sent to the specified IP
address. If replies are not received, after a specified number of retries, the corresponding
WAN interface is considered down.
Page 24 / 203
24
|
Chapter 2:
Connecting the VPN Firewall to the Internet
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
To configure the dual WAN ports for Auto-Rollover:
1.
Select Network Configuration > WAN Settings from the menu, and click the
WAN Mode
tab. The WAN Mode screen is displayed
2.
In the
Port Mode
section, select
Auto-Rollover Using WAN port
.
3.
From the drop-down list, choose which WAN port will act as the primary link for this
mode.
4.
In the
WAN Failure Detection Method
section, select one of the following detection
failure methods:
DNS lookup using ISP DNS Servers
. DNS queries are sent to the DNS server
configured on the WAN ISP screens (see <pdf>“Configuring the Internet
Connections” on page 2-17).
DNS lookup using this DNS Server
. Enter a public DNS server. DNS queries are
sent to this server through the WAN interface being monitored.
Ping to this IP addresses
. Enter a public IP address that will not reject the Ping
request and will not consider Ping traffic to be abusive. Queries are sent to this server
through the WAN interface being monitored.
5.
Enter a
Retry Interval
in seconds. The DNS query or Ping is sent periodically after
every test period. The default test period is 30 seconds.
6.
Enter the
Failover after
count. The WAN interface is considered down after the
configured number of queries have failed to elicit a reply. The rollover link is brought up
after this. The Failover default is 4 failures.
The default time to roll over after the primary WAN interface fails is 2 minutes (a
30-second minimum test period for a minimum of 4 tests).
7.
Click
Apply
to save your settings.
Page 25 / 203
Chapter 2:
Connecting the VPN Firewall to the Internet
|
25
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Once a rollover occurs, an alert will be generated (see <pdf>“E-Mail Notifications of Event
Logs and Alerts” on page 4-68). When the VPN firewall detects that the failed primary WAN
interface has been restored, it will automatically rollover again to the primary WAN interface.
Alternatively, you can manually force traffic back on the original primary WAN interface by
reapplying the Auto-Rollover settings on the WAN Mode screen.
Configuring Load Balancing
To use multiple ISP links simultaneously, select Load Balancing. In Load Balancing mode,
either WAN port will carry any outbound protocol unless protocol binding is configured. When
a protocol is bound to a particular WAN port, all outgoing traffic of that protocol will be
directed to the bound WAN port. For example, if the HTTPS protocol is bound to WAN1 and
the FTP protocol is bound to WAN2, then the VPN firewall will automatically route all
outbound HTTPS traffic from the computers on the LAN through the WAN1 port. All outbound
FTP traffic will be routed through the WAN2 port.
Protocol binding
Protocol binding addresses two issues:
Segregation of traffic between links that are not of the same speed.
High volume traffic can be routed through the WAN port connected to a high speed link
and low volume traffic can be routed through the WAN port connected to the low speed
link.
Continuity of source IP address for secure connections.
Some services, particularly HTTPS, will cease responding when a client’s source IP
address changes shortly after a session has been established.
To configure the dual WAN ports for load balancing with protocol binding:
1.
Select Network >WAN Settings from the menu, and click the
WAN Mode
tab.
2.
In the Port Mode section, select
Load Balancing
.
3.
Click
view protocol bindings
(if required).
The WAN1 Protocol Bindings screen is
displayed.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top