ProSafe VPN Firewall 200 FVX538 Reference Manual

Connecting the FVX538 to the Internet

2-5

v1.0, March 2009

2.

What type of IPS connection do you use?

If your connection is PPPoE, PPTP or BigPond

Cable, then you must login. Check the Yes radio box. The text box fields that require data

entry will be highlighted, based on the connection that you selected. If your ISP has not

assigned any login information, then choose the No radio box and skip this section. For

example:

•

Austria (PPTP)

: If your ISP is Austria Telecom or any other ISP that uses PPTP for login,

select this. Then, fill in the following highlighted fields:

–

Account Name

(also known as Host Name or System Name): Enter the valid account

name for the PPTP connection (usually your email “ID” assigned by your ISP). Some

ISPs require entering your full email address here.

–

Domain Name

: Your domain name or workgroup name assigned by your ISP, or your

ISPs domain name. You may leave this field blank.

–

Idle Timeout

: Check the Keep Connected radio box to keep the connection always

on. To logout after the connection is idle for a period of time, select Idle Time and

enter the number of minutes to wait before disconnecting in the timeout field. This is

useful if your ISP charges you based on the amount of time you have logged in.

–

My IP Address:

IP address assigned by the ISP to make the connection with the ISP

server.

–

Server IP Address

: IP address of the PPTP server.

•

Other (PPPoE)

: If you have installed login software such as WinPoET or Enternet, then

your connection type is PPPoE. Select this connection and configure the following fields:

–

Account Name

: Valid account name for the PPPoE connection

–

Domain Name:

Name of your ISPs domain or your domain name if your ISP has

assigned one. You may leave this field blank.

–

Idle Timeout:

Select Keep Connected, to keep the connection always on. To logout

after the connection is idle for a period of time, select Idle Time and enter the number

of minutes to wait before disconnecting, in the timeout field.

3.

If your ISP has assigned a fixed (static or permanent) IP address, select the

Use Static IP

Address

radio box and fill in the following fields:

a.

IP Address:

Static IP address assigned to you. This will identify the router to your ISP.

b.

Subnet Mask

: This is usually provided by the ISP or your network administrator.

c.

Gateway IP Address

: IP address of the ISP’s gateway. This is usually provided by the ISP

or your network administrator.

ProSafe VPN Firewall 200 FVX538 Reference Manual

2-6

Connecting the FVX538 to the Internet

v1.0, March 2009

If your ISP has not assigned a Static IP address, select the

Get dynamically from ISP

radio

box. The ISP will automatically assign an IP address to the router using DHCP network

protocol.

4.

If your ISP has not assigned any Domain Name Servers (DNS) addresses, select the

Get

dynamically from ISP

radio box. If your ISP has assigned DNS addresses, select the

Use

these DNS Servers

radio box. Ensure that you fill in valid DNS server IP addresses in the

fields. Incorrect DNS entries may cause connectivity issues.

5.

Click

Apply

to save the settings.

6.

Click

Reset

to discard any changes and revert to the previous settings.

7.

Click

Test

to try and connect to the NETGEAR Web site. If you connect successfully and your

settings work, then you may click Logout or go on and configure additional settings.

To configure your WAN2 ISP settings:

1.

Select the

WAN2 ISP Settings

tab. The

WAN2 ISP Settings

screen will display.

2.

Repeat steps 1 through 7 above.

Programming the Traffic Meter (if Desired)

The traffic meter is useful when an ISP charges by traffic volume over a given period of time or if

you want to look at traffic types over a period of time.

To enable the traffic meter:

1.

From the primary menu, select

Monitoring

, and then select

Traffic Meter

from the secondary

menu. The

WAN1 Traffic Meter

screen will display. Fill out the information described in

Table 2-2

.

Note:

Domain Name Servers (DNS) convert Internet names such as

www.google.com, www.netgear.com, etc. to Internet addresses called IP

addresses. Incorrect settings here will result in connectivity problems.

ProSafe VPN Firewall 200 FVX538 Reference Manual

Connecting the FVX538 to the Internet

2-7

v1.0, March 2009

2.

Click

Apply

to apply the settings. Click

Reset

to return to the previous settings.

3.

Select the

WAN2 Traffic Meter

tab and repeat steps 1 through 3 to set the Traffic Meter the

the WAN2 port.

Figure 2-3

Table 2-2.

Traffic Meter Settings

Parameter

Description

Enable Traffic Meter

Check this if you wish to record the volume of Internet traffic passing through the

Router's WAN1 or WAN2 port. WAN1 or WAN2 can be selected by clicking the

appropriate tab; the entire configuration is specific to each wan interface.

•

No Limit - If this is selected specified restriction will not be applied when traffic limit

is reached.

•

Download only - If this is selected the specified restriction will be applied to the

incoming traffic only

•

Both Directions - If this is selected the specified restriction will be applied to both

incoming and outgoing traffic only

Enable Monthly Limit

Use this if your ISP charges for additional traffic. If enabled, enter the monthly

volume limit and select the desired behavior when the limit is reached.

Note

: Both incoming and outgoing traffic are included in the limit.

ProSafe VPN Firewall 200 FVX538 Reference Manual

2-8

Connecting the FVX538 to the Internet

v1.0, March 2009

Configuring the WAN Mode (Required for Dual WAN)

The dual WAN ports of the ProSafe VPN Firewall 200 can be configured on a mutually exclusive

basis for either auto-rollover (for increased system reliability) or load balancing (for maximum

bandwidth efficiency).

•

Auto-Rollover Mode

. In this mode, the selected WAN interface is made primary and the other

is the rollover link. As long as the primary link is up, all traffic is sent over the primary link.

Once the primary WAN interface goes down, the rollover link is brought up to send the

traffic.Traffic will automatically roll back to the original primary link once the original

primary link is back up and running again.

Increase this

month's limit

Use this to temporarily increase the Traffic Limit if you have reached the monthly

limit, but need to continue accessing the Internet. Check the checkbox and enter the

desired increase. (The checkbox will automatically be cleared when saved so the

increase is only applied once.)

This month's limit

This displays the limit for the current month.

Restart traffic

counter

This determines when the traffic counter restarts. Choose the desired time and day of

the month.

Restart Counter at a

Specific Time

Check this radio button to restart the Traffic Counter at a specific time and day of the

month. Fill in the time fields and select AM or PM and the day of the month from the

pull-down menus.

Send E-mail Report

before restarting

counter

If checked, an E-mail report will be sent immediately before restarting the counter.

You must configure the E-mail screen in order for this function to work (see

“E-Mail

Notifications of Event Logs and Alerts” on page 4-39

).

When limit is

reached

Select the desired option:

•

Block all traffic - all access to and from the Internet will be blocked.

•

Block all traffic except E-mail - Only E-mail traffic will be allowed. All other traffic will

be blocked.

•

If using this option, you may also select the Send E-mail alert option. You must

configure the E-mail screen in order for this function to work.

Internet Traffic

Statistics

This displays statistics on Internet Traffic via the WAN port. If you have not enabled

the Traffic Meter, these statistics are not available.

Traffic by Protocol

Click this link if you want to know more details of the Internet Traffic. The volume of

traffic for each protocol will be displayed in a sub-window.Traffic counters are

updated in MBytes scale, counter starts only when traffic passed is at least 1MB.

Table 2-2.

Traffic Meter Settings

Parameter

Description

ProSafe VPN Firewall 200 FVX538 Reference Manual

Connecting the FVX538 to the Internet

2-9

v1.0, March 2009

If you want to use a redundant ISP link for backup purposes, select the WAN port that will act

as the primary link for this mode. Ensure that the backup WAN port has also been configured

and that you configure the

WAN Failure Detection Method

to support Auto-Rollover.

•

Load Balancing Mode

. In this mode the router distributes the outbound traffic equally among

the WAN interfaces that are functional.

For both alternatives, you must also set up Network Address Translation (NAT):

•

NAT.

NAT is the technology which allows all PCs on your LAN to share a single Internet IP

address. From the Internet, there is only a single device (the Router) and a single IP address.

PCs on your LAN can use any private IP address range, and these IP addresses are not visible

from the Internet.

–

The Router uses NAT to select the correct PC (on your LAN) to receive any incoming

data.

–

If you only have a single Internet IP address, you MUST use NAT.

NAT is the default setting.

•

Classical Routing.

In this mode, the Router performs Routing, but without NAT. To gain

Internet access, each PC on your LAN must have a valid Internet IP address.

If your ISP has allocated many IP addresses to you, and you have assigned one of these

addresses to each PC, you can choose Classical Routing. Or, you can use Classical Routing for

routing private IP addresses within a campus environment. Otherwise, selecting this method

will not allow Internet access through this Router.

To learn the status of the WAN ports, you can view the Router Status screen (see

“Viewing Router

Configuration and System Status” on page 6-25

) or look at the LEDs on the front panel (see

“Router Front and Rear Panels” on page 1-6

).

Setting Up Auto-Rollover Mode

If you want to use a redundant ISP link for backup purposes, ensure that the backup WAN port has

already been configured. Then you select the WAN port that will act as the primary link for this

mode and configure the

WAN Failure Detection Method

to support Auto-Rollover.

Note:

Scenarios could arise when load balancing needs to be bypassed for certain

traffic or applications. Here the traffic needs to go on a specific WAN

interface. This is done with the protocol binding rules of that WAN interface.

The rule should match the desired traffic.