NETGEAR FVX538 Router Manual PDF (Setup & Configuration Guide)

Page 151 / 240 Scroll up to view Page 146 - 150

ProSafe VPN Firewall 200 FVX538 Reference Manual

Router and Network Management

6-9

v1.0, March 2009

1.

Select

Users

from the main menu and

Local Authentication

from the submenu.

2.

Select the Settings you wish to edit by checking either the

Edit Admin Settings

or

Edit Guest

Settings

radio box.

3.

Change the password by first entering the old password, and then entering the new password

twice.

4.

Click

Apply

to save your settings or

Cancel

to return to your previous settings.

5.

Change the

Idle Logout Time

field to the number of minutes you require. The default is 5

minutes.

6.

Click

Apply

to save this setting.

Figure 6-1

Note:

If you make the administrator login time-out value too large, you will have to

wait a long time before you are able to log back into the router if your previous

login was disrupted (i.e., you did not click

Logout

on the Main Menu bar to

log out).

Page 152 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

6-10

Router and Network Management

v1.0, March 2009

RADIUS Server External Authentication

For authentication to RADIUS or WIKID, you can define the authentication type.

When a user logs in, the VPN firewall will validate with the appropriate RADIUS or WIKID

server that the user is authorized to log in.

Note:

The password and time-out value you enter will be changed back to

password

and

5

minutes, respectively, after a factory defaults reset.

Figure 6-2

Page 153 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

Router and Network Management

6-11

v1.0, March 2009

When specifying RADIUS domain authentication, you are presented with several authentication

protocol choices, as summarized in the following table:

The chosen authentication protocol must be configured on the RADIUS server and on the

authenticating client devices.

Enabling Remote Management Access

Using the Remote Management page, you can allow an administrator on the Internet to configure,

upgrade, and check the status of your VPN firewall. You must be logged in locally to enable

remote management (see

“Logging into the VPN Firewall” on page 2-1

).

Table 6-1.

Authentication

Protocol

Description

PAP

Password Authentication Protocol (PAP) is a simple protocol in which the client sends a

password in clear text.

CHAP

Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake

in which the client and server trade challenge messages, each responding with a hash of

the other’s challenge message that is calculated using a shared secret value.

MIAS

Network validated PAP or CHAP password based authentication scheme.

WiKID

WiKID is a PAP or CHAP key-based two-factor authentication method using public key

cryptography. The client sends an encrypted PIN to the WiKID server and receives a one-

time passcode with a short expiration period. The client logs in with the passcode. See

Appendix E, “Two Factor Authentication”

for more on WiKID authentication.

Note:

Be sure to change the default configuration password of the firewall to a very

secure password. The ideal password should contain no dictionary words from any

language, and should be a mixture of letters (both upper and lower case), numbers,

and symbols. Your password can be up to 30 characters. See

“Changing Passwords

and Settings” on page 6-8

for the procedure on how to do this.

Page 154 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

6-12

Router and Network Management

v1.0, March 2009

To configure your firewall for Remote Management:

1.

Select

Administration

from the main menu and

Remote Management

from the submenu.

The

Remote Management

screen will display.

2.

Check

Allow Remote Management

radio box.

3.

Specify what external addresses will be allowed to access the firewall’s remote management.

a.

To allow access from any IP address on the Internet, select Everyone.

b.

To allow access from a range of IP addresses on the Internet, select IP address range.

Enter a beginning and ending IP address to define the allowed range.

c.

To allow access from a single IP address on the Internet, select Only this PC.

Enter the IP address that will be allowed access.

4.

Specify the Port Number that will be used for accessing the management interface.

Figure 6-3

Note:

For enhanced security, restrict access to as few external IP addresses as

practical.

Page 155 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

Router and Network Management

6-13

v1.0, March 2009

Web browser access normally uses the standard HTTP service port 80. For greater security,

you can change the remote management Web interface to a custom port by entering that

number in the box provided. Choose a number between 1024 and 65535, but do not use the

number of any common service port. The default is 8080, which is a common alternate for

HTTP.

5.

Click

Apply

to have your changes take effect.

When accessing your firewall from the Internet, the Secure Sockets Layer (SSL) will be enabled.

You will enter

https://

and type your firewall WAN IP address into your browser, followed by a

colon (:) and the custom port number. For example, if your WAN IP address is 134.177.0.123 and

you use port number 8080, type the following in your browser:

https://134.177.0.123:8080

The router’s remote login URL is

https://IP_address:port_number

or

https://FullyQualifiedDomainName:port_number

.

If you do not use the SSL

https://address

, but rather use

http://address

, the FVX538 will

automatically attempt to redirect to the

https://address.

To configure your firewall for Telnet Management:

1.

Select

Administration

from the main menu and

Remote Management

from the submenu.

The

Remote Management

screen will display.

2.

Check the

Allow Telnet Management

radio box.

3.

Specify what external addresses will be allowed to access the firewall’s remote management

interface.

Note:

The first time you remotely connect the FVX538 with a browser via SSL, you may

get a message regarding the SSL certificate. If you are using a Windows computer

with Internet Explorer 5.5 or higher, simply click Yes to accept the certificate.

Tip:

If you are using a dynamic DNS service such as TZO, you can identify the IP

address of your FVX538 by running

tracert

from the Windows Run menu

option. For example, enter

tracert your FVX538.mynetgear.net,

and

the IP address that your ISP assigned to the FVX538 will display.

Note:

For enhanced security, restrict access to as few external IP addresses as

practical.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share