Page 16 / 240 Scroll up to view Page 11 - 15
ProSafe VPN Firewall 200 FVX538 Reference Manual
xvi
About This Manual
v1.0, March 2009
For more information about network, Internet, firewall, and VPN technologies, see the links to the
NETGEAR website in
Appendix D, “Related Documents
.”
Revision History
Danger:
This is a safety warning. Failure to take heed of this notice may result in
personal injury or death.
Note:
Updates to this product are available on the NETGEAR, Inc. website at
.
Part Number
Version
Number
Date
Description
202-10062-04
1.0
Aug. 2006
Product update: New firmware and a new user interface.
202-10062-05
1.0
Jan. 2007
Remove Trend Micro
202-10062-06
1.0
Jul. 2007
New features: IP/MAC Binding; Bandwidth Limits; Session Limits;
IKE Keep Alive; Dead Peer Detection; Oray Support
202-10062-06
1.1
Oct. 2007
Document corrections
202-10062-06
1.2
Oct. 2007
Document additions to Appendix C
202-10062-07
1.0
Mar. 08
Maintenance release
202-10062-09
1.0
Mar. 09
Adds these corrections and topics for the March 2009 firmware
maintenance release:
WIKID 2 factor authentication
SIP AGL support
DHCP Relay support
Update VPN configuration procedure topics
Update the Certificate management topic
Correct the firewall scheduling topic
Page 17 / 240
Introduction
1-1
v1.0, March 2009
Chapter 1
Introduction
The ProSafe VPN Firewall 200 with eight 10/100 ports and one 1/100/1000 port connects your
local area network (LAN) to the Internet through an external access device such as a cable modem
or DSL modem.
The FVX538 is a complete security solution that protects your network from attacks and
intrusions. For example, the FVX538 provides support for Stateful Packet Inspection, Denial of
Service (DoS) attack protection and multi-NAT support. The VPN firewall supports multiple Web
content filtering options, plus browsing activity reporting and instant alerts—both via e-mail.
Network administrators can establish restricted access policies based on time-of-day, Website
addresses and address keywords.
The FVX538 is a plug-and-play device that can be installed and configured within minutes.
This chapter contains the following sections:
“Key Features” on page 1-1
“Package Contents” on page 1-5
“Router Front and Rear Panels” on page 1-6
“The Router’s IP Address, Login Name, and Password” on page 1-9
Key Features
The VPN firewall provides the following features:
Dual 10/100 Mbps Ethernet WAN ports for load balancing or failover protection, providing
increased system reliability and load balancing. The WAN ports do not respond at all to
unsolicited traffic (stealth mode).
Support for up to 200 simultaneous IPSec VPN tunnels.
Support for up to 400 internal LAN users (and 50K connections).
Bundled with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L)
Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and multimedia.
Built-in 10/100 Mbps ports plus 1 Gigabit Switch port.
One console port for local management.
Page 18 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
1-2
Introduction
v1.0, March 2009
SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software
(NMS100).
Easy, web-based setup for installation and management.
Advanced SPI Firewall and Multi-NAT support.
Extensive Protocol Support.
Login capability.
Front panel LEDs for easy monitoring of status and activity.
Flash memory for firmware upgrade.
One U Rack mountable.
Dual WAN Ports for Increased Reliability or Outbound Load
Balancing
The FVX538 has two broadband WAN ports, WAN1 and WAN2, each capable of operating
independently at speeds of either 10 Mbps or 100 Mbps. The two WAN ports let you connect a
second broadband Internet line that can be configured on a mutually-exclusive basis to:
Provide backup and rollover if one line is inoperable, ensuring you are never disconnected.
Load balance, or use both Internet lines simultaneously for the outgoing traffic. The firewall
balances users between the two lines for maximum bandwidth efficiency.
See
“Network Planning for Dual WAN Ports” on page B-1
for the planning factors to consider
when implementing the following capabilities with dual WAN port gateways:
Single or multiple exposed hosts
Virtual private networks
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT routers, the FVX538 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
DoS protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN
Flood, LAND Attack, and IP Spoofing.
Secure Firewall
. Blocks unwanted traffic from the Internet to your LAN.
Block Sites.
Blocks access from your LAN to Internet locations or services that you specify as
off-limits.
Page 19 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Introduction
1-3
v1.0, March 2009
Logs security incidents.
The FVX538 will log security events such as blocked incoming
traffic, port scans, attacks, and administrator logins. You can configure the firewall to email
the log to you at specified intervals. You can also configure the firewall to send immediate
alert messages to your email address or email pager whenever a significant event occurs.
Keyword Filtering.
With its URL keyword filtering feature, the FVX538 prevents
objectionable content from reaching your PCs. The firewall allows you to control access to
Internet content by screening for keywords within Web addresses. You can configure the
firewall to log and report attempts to access objectionable Internet sites.
Security Features
The VPN firewall is equipped with several features designed to maintain security, as described in
this section.
PCs Hidden by NAT
. NAT opens a temporary path to the Internet for requests originating
from the local network. Requests originating from outside the LAN are discarded, preventing
users outside the LAN from finding and directly accessing the PCs on the LAN.
Port Forwarding with NAT.
Although NAT prevents Internet locations from directly
accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific
PCs based on the service port number of the incoming request. You can specify forwarding of
single ports or ranges of ports.
DMZ port
. Incoming traffic from the Internet is normally discarded by the firewall unless the
traffic is a response to one of your local computers or a service for which you have configured
an inbound rule. Instead of discarding this traffic, you can have it forwarded to one computer
on your network.
Autosensing Ethernet Connections with Auto Uplink
With its internal 8-port 10/100 switch, the FVX538 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are
autosensing and capable of full-duplex or half-duplex operation.
The firewall incorporates Auto Uplink
TM
technology. Each Ethernet port will automatically sense
whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as to a
PC or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to the
correct configuration. This feature also eliminates the need to worry about crossover cables, as
Auto Uplink will accommodate either type of cable to make the right connection.
Page 20 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
1-4
Introduction
v1.0, March 2009
Extensive Protocol Support
The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and
Routing Information Protocol
(RIP). For further information about TCP/IP, refer
to
“Internet Configuration Requirements” in Appendix B
.”
IP Address Sharing by NAT
. The VPN firewall allows several networked PCs to share an
Internet account using only a single IP address, which may be statically or dynamically
assigned by your Internet service provider (ISP). This technique, known as NAT, allows the
use of an inexpensive single-user ISP account.
Automatic Configuration of Attached PCs by DHCP
. The VPN firewall dynamically
assigns network configuration information, including IP, gateway, and domain name server
(DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol
(DHCP). This feature greatly simplifies configuration of PCs on your local network.
DNS Proxy
. When DHCP is enabled and no DNS addresses are specified, the firewall
provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS
addresses from the ISP during connection setup and forwards DNS requests from the LAN.
PPP over Ethernet (PPPoE)
. PPPoE is a protocol for connecting remote hosts to the Internet
over a DSL connection by simulating a dial-up connection. This feature eliminates the need to
run a login program such as EnterNet or WinPOET on your PC.
Easy Installation and Management
You can install, configure, and operate the ProSafe VPN Firewall 200 within minutes after
connecting it to the network. The following features simplify installation and management tasks:
Browser-Based Management.
Browser-based configuration allows you to easily configure
your firewall from almost any type of personal computer, such as Windows, Macintosh, or
Linux. A user-friendly Setup Wizard is provided and online help documentation is built into
the browser-based Web Management Interface.
Auto Detect
. The VPN firewall automatically senses the type of Internet connection, asking
you only for the information required for your type of ISP account.
VPN Wizard.
The VPN firewall includes the NETGEAR VPN Wizard to easily configure
VPN tunnels according to the recommendations of the Virtual Private Network Consortium
(VPNC) to ensure the VPN tunnels are interoperable with other VPNC-compliant VPN routers
and clients.
SNMP.
The VPN firewall supports the Simple Network Management Protocol (SNMP) to let
you monitor and manage log resources from an SNMP-compliant system manager. The SNMP
system configuration lets you change the system variables for MIB2.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top