1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 29
Page 141 / 240 Scroll up to view Page 136 - 140
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking
5-37
v1.0, March 2009
To test the connection:
1.
Right-click on the VPN client icon in the Windows toolbar and select Connect. The
connection policy you configured will appear; in this case “My Connections\modecfg_test”.
2.
Click on the connection. Within 30 seconds the message “Successfully connected to
MyConnections/modecfg_test will display and the VPN client icon in the toolbar will read
“On”.
3.
From the client PC, ping a computer on the VPN firewall LAN.
Page 142 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
5-38
Virtual Private Networking
v1.0, March 2009
Page 143 / 240
Router and Network Management
6-1
v1.0, March 2009
Chapter 6
Router and Network Management
This chapter describes how to use the network management features of your ProSafe VPN
Firewall 200.
This chapter includes the following sections:
“Performance Management” on page 6-1
“Administration” on page 6-8
“Monitoring the Router” on page 6-20
Performance Management
Performance management consists of controlling the traffic through the VPN firewall so that the
necessary traffic gets through when there is a bottleneck and either reducing unnecessary traffic or
rescheduling some traffic to low-peak times to prevent bottlenecks from occurring in the first
place. The VPN firewall has the necessary features and tools to help the network manager
accomplish these goals.
Bandwidth Capacity
The maximum bandwidth capacity of the VPN firewall in each direction is as follows:
LAN side: 1,800 Mbps (eight LAN ports at 100 Mbps each, plus one Gigabit LAN port)
WAN side: 200 Mbps (load balancing mode, two WAN ports at 100 Mbps each) or 100 Mbps
(rollover mode, one active WAN port at 100 Mbps)
In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are
used to connect to the Internet. At 1.5 Mbps, the WAN ports will support the following traffic
rates:
Load balancing mode: 3 Mbps (two WAN ports at 1.5 Mbps each)
Rollover mode: 1.5 Mbps (one active WAN port at 1.5 Mbps)
As a result and depending on the traffic being carried, the WAN side of the firewall will be the
limiting factor to throughput for most installations.
Page 144 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
6-2
Router and Network Management
v1.0, March 2009
Using the dual WAN ports in load balancing mode increases the bandwidth capacity of the WAN
side of the VPN firewall. But there is no backup in case one of the WAN ports fail. In such an
event and with one exception, the traffic that would have been sent on the failed WAN port gets
diverted to the WAN port that is still working, thus increasing its loading. The exception is traffic
that is bound by protocol to the WAN port that failed. This protocol-bound traffic is not diverted.
VPN Firewall Features That Reduce Traffic
Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows:
Service blocking
Block sites
Source MAC filtering
Service Blocking
You can control specific outbound traffic (for example, from LAN to WAN and from DMZ to
WAN). Outbound Services lists all existing rules for outbound traffic. If you have not defined any
rules, only the default rule will be listed. The default rule allows all outgoing traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
As you define your firewall rules, you can further refine their application according to the
following criteria:
LAN Users –
These settings determine which computers on your network are affected by this
rule. Select the desired options:
Any: All PCs and devices on your LAN.
Single address: The rule will be applied to the address of a particular PC.
Address range: The rule is applied to a range of addresses.
Warning:
This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.
Page 145 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Router and Network Management
6-3
v1.0, March 2009
Groups: The rule is applied to a Group (see
“Managing Groups and Hosts (LAN Groups)”
on page 3-6
to assign PCs to a Group using Network Database).
WAN Users –
These settings determine which Internet locations are covered by the rule, based
on their IP address.
Any: The rule applies to all Internet IP address.
Single address: The rule applies to a single Internet IP address.
Address range: The rule is applied to a range of Internet IP addresses.
Services –
You can specify the desired Services or applications to be covered by this rule. If
the desired service or application does not appear in the list, you must define it using the
Services menu (see
“Services-Based Rules” on page 4-2
and
“Adding Customized Services”
on page 4-25
).
Schedule –
You can specify whether the rule is to be applied on the Schedule 1, Schedule 2, or
Schedule 3 time schedule (see
“Setting a Schedule to Block or Allow Specific Traffic” on
page 4-28
).
See
“Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-2
for the procedure on
how to use this feature.
Services.
The Rules menu contains a list of predefined Services for creating firewall rules. If a
service does not appear in the predefined Services list, you can define the service. The new service
will then appear in the Rules menu's Services list.
See
“Services-Based Rules” on page 4-2
for the procedure on how to use this feature.
Groups and Hosts.
You can apply these rules selectively to groups of PCs to reduce the
outbound or inbound traffic. The Network Database is an automatically-maintained list of all
known PCs and network devices. PCs and devices become known by the following methods:
DHCP Client Request
– By default, the DHCP server in this Router is enabled, and will
accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the Network Database. Because of this, leaving the DHCP
Server feature (on the LAN screen) enabled is strongly recommended.
Scanning the Network
– The local network is scanned using standard methods such as ARP.
This will detect active devices which are not DHCP clients. However, sometimes the name of
the PC or device cannot be accurately determined, and will be shown as Unknown.
See
“Managing Groups and Hosts (LAN Groups)” on page 3-6
for the procedure on how to use
this feature.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top