1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 11
Page 51 / 240 Scroll up to view Page 46 - 50
ProSafe VPN Firewall 200 FVX538 Reference Manual
LAN Configuration
3-7
v1.0, March 2009
Creating the Network Database
Some advantages of the Network Database are:
Generally, you do not need to enter either IP address or MAC addresses. Instead, you can just
select the desired PC or device.
No need to reserve an IP address for a PC in the DHCP Server. All IP address assignments
made by the DHCP Server will be maintained until the PC or device is removed from the
database, either by expiry (inactive for a long time) or by you.
No need to use a Fixed IP on PCs. Because the address allocated by the DHCP Server will
never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP
address.
MAC level control over PCs. The Network Database uses the MAC address to identify each
PC or device. So changing a PC’s IP address does not affect any restrictions on that PC.
Group and individual control over PCs.
You can assign PCs to Groups and apply restrictions to each Group using the Firewall
Rules screen (see
“Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-2
).
You can also select the Groups to be covered by the Block Sites feature (see
“Setting
Block Sites (Content Filtering)” on page 4-29
).
If necessary, you can also create Firewall Rules to apply to a single PC (see
“Enabling
Source MAC Filtering” on page 4-31
). Because the MAC address is used to identify each
PC, users cannot avoid these restrictions by changing their IP address.
A computer is identified by its MAC address—not its IP address. Hence, changing a
computer’s IP address does not affect any restrictions applied to that PC.
The LAN Groups screen contains a list of all known PCs and network devices, as well as hosts that
are assigned dynamic IP addresses by this router.
Page 52 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
3-8
LAN Configuration
v1.0, March 2009
The Network Database is created by:
Using the DHCP Server
: The router’s DHCP server is configured, by default, to respond to
DHCP requests from clients on the LAN. Every computer that receives a response from the
router will be added to the Network Database. Because of this, leaving the DHCP Server
feature enabled (on the LAN Setup screen) is strongly recommended.
Scanning the Network
: The router also scans the local network periodically using protocols
such as ARP and NetBIOS to detect active computers or devices that are not DHCP clients.
For computers that do not support the NetBIOS protocol, the name will be displayed as
Unknown.
The Known PCs and Devices table lists the entries in the Network Database. For each computer or
device, the following fields are displayed:
Name
: The name of the computer or device. Computers that do not support the NetBIOS
protocol will be listed as Unknown. In this case, the name can be edited manually for easier
management. If the computer was assigned an IP address by the DHCP server, then an asterisk
is be appended to the name.
IP Address
: The current IP address of the computer. For DHCP clients of the router, this IP
address will not change. If a computer is assigned a static IP address, you must to update this
entry manually when the IP address of the computer changes.
Figure 3-3
Page 53 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
LAN Configuration
3-9
v1.0, March 2009
MAC Address
: The MAC address of the computer’s network interface.
Group
: Each PC or device can be assigned to a single group. By default, a computer is
assigned to the first group (Group 1). To change the group assignment by selecting the
Edit
link in the
Action
column.
Action/Edit
: Allows modification of the selected entry.
To add known PCs and devices:
1.
To add computers to the network database manually, fill in the following fields:
Name
: The name of the PC or device.
IP Address Type
:
Select
Reserved (DHCP Client)
to direct the router to reserve the IP address for
allocation by the DHCP server.
Select
Fixed (Set on PC)
if the IP address is statically assigned on the computer.
IP Address
: The IP address that this computer or device is assigned. If the IP Address
Type is
Reserved (DHCP Client)
, the router will reserve the IP address for the associated
MAC address.
MAC Address
: The MAC address of the computer’s network interface. The MAC
address should be in the form:
xx:xx:xx:xx:xx:xx (for example, 00:80:48:2a:8b:c0)
Group
: The group to which the computer has to be assigned.
2.
Click
Add
to add the new entry to the network database.
To edit the names of any of the eight available groups:
1.
Select the group by checking the adjacent radio button and typing in a suitable name in the
associated field.
2.
Click
Apply
to save the settings or click
Reset
to revert to the previous settings.
Setting Up Address Reservation
When you specify a reserved IP address for a device on the LAN (based on the MAC address of
the device), that computer or device will always receive the same IP address each time it accesses
the firewall’s DHCP server. Reserved IP addresses should be assigned to servers or access points
that require permanent IP settings. The Reserved IP address that you select must be outside of the
DHCP Server pool.
Page 54 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
3-10
LAN Configuration
v1.0, March 2009
To reserve an IP address, use the
Groups and Hosts
screen under the
Network Configuration
menu
, LAN Groups
submenu (see
“Creating the Network Database” on page 3-7
).
Configuring and Enabling the DMZ Port
The De-Militarized Zone (DMZ) is a network which, when compared to the LAN, has fewer
firewall restrictions, by default. This zone can be used to host servers (such as a web server, ftp
server, or email server, for example) and give public access to them. The eighth LAN port on the
router can be dedicated as a hardware DMZ port for safely providing services to the Internet,
without compromising security on your LAN.
The DMZ port feature is also helpful when using some online games and videoconferencing
applications that are incompatible with NAT. The firewall is programmed to recognize some of
these applications and to work properly with them, but there are other applications that may not
function well. In some cases, local PCs can run the application properly if those PCs are used on
the DMZ port.
The
DMZ Setup
screen allows you to set up the DMZ port. It permits you to enable or disable the
hardware DMZ port (LAN port 8, see
“Router Front and Rear Panels” on page 1-6
) and configure
an IP address and Mask for the DMZ port.
To enable and configure the DMZ port:
1.
From the main menu, select
Network Configuration
and then select
DMZ Setup
from the
submenu. The
DMZ Setup
screen will display.
2.
Check the
Do you want to enable DMA Port?
radio box.
3.
Enter an
IP Address
and the
Subnet mask
for the DMZ port. Make sure that the DMZ port IP
address and LAN Port IP address are in different subnets (for example, an address outside the
LAN Address pool, such as 192.168.1.101).
Note:
The reserved address will not be assigned until the next time the PC contacts the
firewall's DHCP server. Reboot the PC or access its IP configuration and force a
DHCP release and renew.
Note:
A separate firewall security profile is provided for the DMZ port that is hardware
independent of the standard firewall security used for the LAN.
Page 55 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
LAN Configuration
3-11
v1.0, March 2009
4.
If desired,
Enable the DHCP Server
(Dynamic Host Configuration Protocol), which will
provide TCP/IP configuration for all computers connected to the router’s DMZ network.
Then configure the following items:
a.
Starting IP Address
– This box specifies the first of the contiguous addresses in the IP
address pool.
b.
Ending IP Address
– This box specifies the last of the contiguous addresses in the IP
address pool.
c.
WINS Server
– This box specifies the Windows Internet Naming Service Server IP.
d.
Lease Time
– This box specifies the Lease time to be given to the DHCP Clients.
e.
Enable DNS Proxy
– If enabled, the VPN firewall will as a DNS for address resolution.
5.
Click
Reset
to cancel changes made on this screen and revert to the previous settings.
Figure 3-4
Note:
If you enable the DNS Relay feature, you will not use the FVX538 as a DHCP
server but rather as a DHCP relay agent for a DHCP server somewhere else on
your network.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top