Gebruiksaanwijzing /service van het product FVX538NA van de fabrikant NETGEAR
Ga naar pagina of 222
August 2006 202-10062-04 v1.0 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA ProSafe VPN Firewall 200 FVX538 Reference Manual.
ii 1.0, August 2006 © 2006 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR and the NETGEAR l ogo are registered trademarks and ProSaf e is a trademark of NETGEAR, Inc. Microsoft, W indows, and W indow s NT are registered trademar ks of Microsoft Corporation.
1.0, August 2006 iii Federal Of fice for T elecommuni cations Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for complianc e with the regul at ions.
1.0, August 2006 iv Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or withou t modification, are permitte d provided that the follo wing conditions * are met: 1.
1.0, August 2006 v MD5 Copyright (C) 1990, RSA Data Se curity , Inc. All rights reserved. License to copy and u se this software is granted provided that it is id entified as the "RSA Data Security , Inc. MD5 Message-Digest Algori thm" in all material mentioning or referencing this software or this function.
1.0, August 2006 vi Product and Publication Det ails Model Number: FVX538 Publication Date: August 2006 Product Family: VPN Firewall Product Name: ProSafe VPN Firewall 200 Home or Business Prod uc t: Business Language: Engl ish Publication Part Number: 202-10062-04 Publication V ersion Number 1.
vii v1.0, August 2006 Content s About This Manual Conventions, Formats and Scope ................ ................ ................ ................ ................ ... xiii How to Use This Manual ..................... ................ ..............
viii v1.0, August 2006 Programming the T raffic Meter (if Desired) ..... ............. ................ ............. ............... 2-7 Configuring the W AN Mode (Required for Dual W AN) . ............. ... ... ... .... ............ .... ... ... 2-10 Setting Up Auto-Rollover Mode .
ix v1.0, August 2006 Inbound Rules Examples ... .................... ...... ...... ................. ............. ............ .......... 4-16 LAN W AN Inbound Rule: Hosting A Local P ublic Web Server .
x v1.0, August 2006 Configuring the VPN Client ............. ............. ... ... .... ... ... ... .... ... ... ... .... ... ... ... ............. 5-22 T e sting the Connection . ................ ............. ................ ............. .........
xi v1.0, August 2006 Router Upgrade ..................... ............. ................ ................ ............. ................ 6-15 Setting the T ime Zone ..................... ... .... ............ .... ... ... ... .... ... ... ... .... ...
xii v1.0, August 2006 Internet Configuration Requir ements .............. ............. ................ ............. .............. C-3 Where Do I Get the Internet Configuration Parameters? .... ................ ................... . C-4 Internet Connection Informat ion Form .
xiii v1.0, August 2006 About This Manual The NETGEAR ® Pr oSafe™ VPN Fir ewall 200 describes how to install, configure and troubleshoot the ProSafe VPN Firewall 200. The info rmation in this manual is intended for readers with intermediate comput er and Internet skills.
ProSafe VPN Firewall 200 FVX538 Reference Manu al xiv v1.0, August 2006 • Scope. This manual is written for the VPN fir ewall according to the follo wing specifications: For more information about networ k, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents .
ProSafe VPN Firewall 200 FVX538 Reference Manual xv v1.0, August 2006 • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a bro wser window . • Click the print icon in the upper left of your browser window .
ProSafe VPN Firewall 200 FVX538 Reference Manu al xvi v1.0, August 2006.
Introduction 1-1 v1.0, August 2006 Chapter 1 Introduction The ProSafe VPN Firewall 200 with eight 10/100 ports and one 1/100/1000 port co nnects your local area network (LAN) to the In ternet through an external access device such as a cable mo dem or DSL modem.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 1-2 Introduction v1.0, August 2006 • Login capability . • Front panel LEDs for easy monito ring of status and activity .
ProSafe VPN Firewall 200 FVX538 Reference Manual Introduction 1-3 v1.0, August 2006 • Keyword Filtering. W ith its URL keyword filtering feature, the FVX538 prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within W eb addresses.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 1-4 Introduction v1.0, August 2006 • IP Address Sharing by NA T . The VPN firewall allows several networked PCs to share an Internet account using only a single IP addr ess, which may be statically or dynamically assigned by your Internet service pro vider (ISP).
ProSafe VPN Firewall 200 FVX538 Reference Manual Introduction 1-5 v1.0, August 2006 • Browser -Based Management. Browser-based configuration a llows you to easily configure your firewall from almost any t ype of personal comput er , such as W indows, Macintosh, or Linux.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 1-6 Introduction v1.0, August 2006 • 19-inch rack mounting ha rdware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 Pr oSafe VPN Fir ewall 200 • Resour ce CD , including: – Application Notes and ot her helpful information.
ProSafe VPN Firewall 200 FVX538 Reference Manual Introduction 1-7 v1.0, August 2006 3. W AN Ports and LEDs T wo RJ-4 5 W AN ports N-way automatic speed negoti ation, Auto MDI/MDIX. Link/Act LED On (Green) Blinking (Green) Off The WA N port has de te cted a link with a conne cted Ethernet device.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 1-8 Introduction v1.0, August 2006 Router Rear Panel The rear panel of the ProSafe VPN Firewall 200 ( Figure 1-2 ) contains the On/Off switch and AC power connection. V iewed from left to right, the rear panel contains the following elements: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual Introduction 1-9 v1.0, August 2006 Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack moun ting hardware illustrated in Figure 1-3 ).
ProSafe VPN Firewall 200 FVX538 Reference Manu al 1-10 Introduction v1.0, August 2006 Default Log In Settings T o log in to the FVX5 38 once it is connected: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual Introduction 1-11 v1.0, August 2006.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 1-12 Introduction v1.0, August 2006.
Connecting the FVX5 38 to the Internet 2-1 v1.0, August 2006 Chapter 2 Connecting the FVX538 to the Internet T ypically , six steps are required to complete th e basic connection of your firewall. Setting up VPN tunnels are covered in Chapter 5, “V irtual Private Networking .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-2 Connecting the FVX538 to the Internet v1.0, August 2006 2. When prompted, en ter admin for the firewall user name and password for the firewall password, both in lower case letters.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting the FVX5 3 8 to the Internet 2-3 v1.0, August 2006 2. Click Auto Detect at the bottom of the screen to automatic ally detect the type of Internet connection provided by your IS P .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-4 Connecting the FVX538 to the Internet v1.0, August 2006 If Auto Detect does not find a connection, you will be prompted to check the physical conn.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting the FVX5 3 8 to the Internet 2-5 v1.0, August 2006 The configure the WA N 2 I S P settings: 1. Repeat the above steps to set up the paramete rs for W AN2 ISP . S tart by selecting the W AN2 ISP Settings tab.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-6 Connecting the FVX538 to the Internet v1.0, August 2006 – Account Name (also known as Host Name or Syst em Name): Enter the valid account name for the PP TP connection (usually your e mail “ID” assigned by your ISP).
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting the FVX5 3 8 to the Internet 2-7 v1.0, August 2006 4. If your ISP has not assigned any Domain Name Servers (DNS) addresses, select the Get dynamically from ISP radio box. If your ISP has a ssigned DNS addresses, select the Use these DNS Servers radio box.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-8 Connecting the FVX538 to the Internet v1.0, August 2006 2. Click Apply to apply the settings. Click Reset to return to the previous settings. 3. Select the W AN2 T raffic Meter tab and repeat steps 1 through 3 to set the T raffic Meter the the W AN2 port.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting the FVX5 3 8 to the Internet 2-9 v1.0, August 2006 T able 2-2. T raffic Meter Sett ings Parameter Description Enable T raffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's W AN1 or W A N2 po rt.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-10 Connecting the FVX538 to the Intern et v1.0, August 2006 Configuring the W AN Mode (Required for Dual W AN) The dual W AN ports of the ProSafe VP.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting th e FVX53 8 to the In te rn et 2-11 v1.0, August 2006 If your ISP has allocated many IP addresses to you, and you have assigned one of these addresses to each PC, you can choose Classical Rou ting.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-12 Connecting the FVX538 to the Intern et v1.0, August 2006 • Ping to this IP addr ess – Enter a public IP address that will not reject the Ping request or will not consider the traf fic abuse. Querie s are sent to this server through the W AN interface being monitored.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting th e FVX53 8 to the In te rn et 2-13 v1.0, August 2006 Setting Up Load Balancing T o use multiple ISP links simultane ously , select Load Balancing. In Load Balancing mode, both links will carry data for the protocols that are boun d to them.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-14 Connecting the FVX538 to the Intern et v1.0, August 2006 a. Service – From the pull-down m enu , select the de sired Services or applications to be covered by this rule.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting th e FVX53 8 to the In te rn et 2-15 v1.0, August 2006 3. Modify the parameters for th e protocol binding service you selected . 4. Click Apply . The modified rule will be enabled and appear in the Protocol Binding table.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-16 Connecting the FVX538 to the Intern et v1.0, August 2006 are provided for your convenience on the Dynamic DNS Configuration screen.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting th e FVX53 8 to the In te rn et 2-17 v1.0, August 2006 2. Check the Dynamic DNS Service radio box you wa nt to enable. The fields corresponding to the selection you have chosen w ill be highlighted.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-18 Connecting the FVX538 to the Intern et v1.0, August 2006 d. If your dynamic DNS provider allows the use of wild cards in resolving your URL, you may check the Use wildcards radio box to activate this feature.
ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting th e FVX53 8 to the In te rn et 2-19 v1.0, August 2006 • MTU Size – The normal MTU (Max imum T ransmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 2-20 Connecting the FVX538 to the Intern et v1.0, August 2006.
LAN Configuration 3-1 v1.0, August 2006 Chapter 3 LAN Configuration This chapter describes how to configure the advan ced LAN features of your ProSafe VPN Firewall 200. These features can be found by selecting Network Configuratio n from the p rimary menu an d LAN Setup from the submenu of the browser interface.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-2 LAN Configuration v1.0, August 2006 Configuring the LAN Setup Options The LAN IP Setup menu allows configur ation o f LAN IP se rvices such as DHCP and allows you to configure a secondary or “multi-home” LAN IP setup in the LAN.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-3 v1.0, August 2006 4. Check the Enable DHCP Server radio button. By default, the router will function as a DHCP (Dynamic Host Configuration Protocol) serv er , providing TCP/IP configuration for all computers connected to the router 's LAN.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-4 LAN Configuration v1.0, August 2006 6. Click Reset to discard any changes and revert to the previous configuration. Configuring Multi Home LAN IPs If you have computers o n you r LAN u si ng dif ferent IP address ranges (for example, 17 2.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-5 v1.0, August 2006 . T o make changes to the selected entry: 1. Click Edit in the Action column adjacent to the selected entry . The Edit Secondary LAN IP Setup screen will display .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-6 LAN Configuration v1.0, August 2006 3. Click Reset to discard any changes and reve rt to the previous settings.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-7 v1.0, August 2006 – Y ou can assign PCs to Groups and apply rest rictions to each Group using the Firewall Rules screen (see “Using Rules to Block or Allow Spec ific Kinds of T raffic” on page 4-1 ).
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-8 LAN Configuration v1.0, August 2006 4. Enter the IP Address that this comput er or device is assigned in the IP Address field. If the IP Address T ype is Reserved (DHCP Client), th e router will reserve the IP address for the associated MAC address.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-9 v1.0, August 2006 4. Click Apply to save your new settings. The modi fied record wil l appear in the Know PCs and Devices table. T o edit the names of any of the eight available groups: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-10 LAN Configuration v1.0, August 2006 T o reserve an IP address, use the Groups and Hosts screen under the Network Configu ration menu , LAN Groups submenu (see “Creating the Network Database” on page 3-6 ).
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-11 v1.0, August 2006 4. If desired, Enable the DHCP Server (Dynamic Host Configuration Protocol), which will provide TCP/IP configuration for all computers connecte d to the router ’ s DMZ network.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-12 LAN Configuration v1.0, August 2006 S t atic Routes Stat ic Routes provide additional routing info rmation to your firewall.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-13 v1.0, August 2006 4. Select Active to make this route ef fective. 5. Select Private if you want to limit access to the LAN only . The static route will not be advertised in RIP . 6.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-14 LAN Configuration v1.0, August 2006 • Out Only – The router broadcasts its routing ta ble periodically but does not accept RIP information from other routers. • In Only – The router accepts RIP information fro m other routers, but does not broadcast its routing table.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-15 v1.0, August 2006 4. Authentication for RIP2B/2M requir ed? If you selected RIP-2B or RIP-2M, check the YES radio box to enable the feature, and input the First K ey Parameters and Second Key Parameters MD-5 keys to authenti cate between routers.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-16 LAN Configuration v1.0, August 2006 will not be allowed web access unless they have the T rend Micro OfficeScan client installed and updated with the latest virus definitions. T o enable T rend Micro: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual LAN Configuration 3-17 v1.0, August 2006 3. Click Apply to submit yo ur changes. Note: The Office Scan Server must also appear in the exclusion list! Note: Follow the instructions in the T rend Micro documentation to complete the installation and configuration of the T rend Micro OfficeScan Server .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 3-18 LAN Configuration v1.0, August 2006.
Firewall Protection and Conten t Filtering 4-1 v1.0, August 2006 Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe VPN Firewall 200 to protect your network.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-2 Firewall Protection and Content Filtering v1.0, August 2006 A firewall has two default rules, one for inbound traf fic and one for outbound. The default rules of the FVX538 are: • Inbound : Block all access from outside except re sponses to requests from the LAN side.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4- 3 v1.0, August 2006 T able 4-1. Outbound Rules Item Description Service Name Select the desired Service or applicat ion to be covered by this rule.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-4 Firewall Protection and Content Filtering v1.0, August 2006 Inbound Rules (Port Forwarding) Because the FVX538 uses Netw ork Address T ranslation (NA T), your network presents only one IP address to the Internet an d outsid e users cannot directly address any of your local computers.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4- 5 v1.0, August 2006 T able 4-2. Inbound Rules Item Description Services Select the desired Service or appli c ati on to be covered by this rule.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-6 Firewall Protection and Content Filtering v1.0, August 2006 Remember that allowing inbound services opens holes in your VPN firewall.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4- 7 v1.0, August 2006 Order of Precedence for Rules As you define new rules, they are added to the tabl es i.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-8 Firewall Protection and Content Filtering v1.0, August 2006 2. Change the Default Outbound Policy b y selecting Block Always from the drop-d own menu and click Apply .. T o make changes to an existing outbou nd or inbound service rule: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4- 9 v1.0, August 2006 LAN W AN Outbound Services Rules Y ou may define rules that will spec ify exceptions to the default rules.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-10 Firewall Protection and Content Filtering v1.0, August 2006 LAN W AN Inbound Services Rules This Inbound Services Rules tabl e lists all existing rules for in bound traf fic. If you have not defined any rules, no rules will be listed.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -11 v1.0, August 2006 out from the DMZ to the Internet (Outbound) or coming in from the Internet to the DMZ (Inbound).
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-12 Firewall Protection and Content Filtering v1.0, August 2006 T o change the Default Outbound Policy: 1. Select Security from the main menu, Firewall Rules from the submenu and then select the DMZ W AN Rules tab.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -13 v1.0, August 2006 T o make changes to an existing outbou nd or inbound LAN DMZ service ru le: 1. In the Action column adjacent to the rule click: • Edit – to make any changes to the rule defi nition.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-14 Firewall Protection and Content Filtering v1.0, August 2006 2. Complete the Outboun d Service screen, and save the data (see “Outbound Rules (Service Blocking)” on page 4-2 ). 3. Click Reset to cancel your settings and retu rn to the previous settings.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -15 v1.0, August 2006 • LAN Security Ch ecks. A UDP flood is a form of denial of service attack that can be initiated when one machine sends a large nu mber of UDP packets to random ports on a remote host.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-16 Firewall Protection and Content Filtering v1.0, August 2006 3. Click Apply to save your settings.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -17 v1.0, August 2006 LAN W AN Inbound Rule: Allowing Vid eoconference from Restricted Addresses If you wan.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-18 Firewall Protection and Content Filtering v1.0, August 2006 • W eb server PC on the firewall’ s LAN – LAN IP address: 192.168.1.2 – DMZ IP Address: 192.168.10.2 – Access to W eb server is (simulated) public IP address: 10.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -19 v1.0, August 2006 6. In the Send to LAN Server field, enter th e local IP address of your W eb server PC. 7. From the Public Destination IP Address pull down menu, choose Other Public IP Address.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-20 Firewall Protection and Content Filtering v1.0, August 2006 2. Place the rule below a ll other inbound rules. Outbound Rules Example Outbound rules let you prev ent users from using applications such as Instant Messenger , Real Audio or other non-essential sites.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -21 v1.0, August 2006 Adding Customized Services Services are functions performed by server computer s at the request of clie nt computers . Y o u ca n configure up to 125 custom services.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-22 Firewall Protection and Content Filtering v1.0, August 2006 T o add a customized service: 1. Select Security from the main menu and Services from the submenu. The Services screen will display . 2.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -23 v1.0, August 2006 T o edit the parameters of a service: 1. In the Custom Services T able, click the Edit icon adjacent to the serv ice you want to edit. The Edit Service screen will display .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-24 Firewall Protection and Content Filtering v1.0, August 2006 Setting a Schedule to Block or Allow S pecific T raffic If you enabled Content Filter.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -25 v1.0, August 2006 Setting Block Sites (Content Filtering) If you want to restrict internal LAN users from a ccess to certain sites on the Internet, you can use the VPN firewall’ s Content Filtering and W eb Compon ents filtering.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-26 Firewall Protection and Content Filtering v1.0, August 2006 5. Build your list of block ed Keywor ds or Domain Names in the Blocked Keyword fields. After each entry , click Add. T he Keyword or Domain name will be added to the Blocked Keywords table.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -27 v1.0, August 2006 Enabling Source MAC Filtering Source MAC Filter allows you to filter out tr af fic coming from certain known machines or devices. • By default, the source MAC address filter is disabled.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-28 Firewall Protection and Content Filtering v1.0, August 2006 3. Build your list of Source MAC Addresses to be block by entering the first MAC a dd.
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -29 v1.0, August 2006 • After a PC has finished using a Port T riggering application, there is a T ime-out period before the application can be used by anothe r PC.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-30 Firewall Protection and Content Filtering v1.0, August 2006 3. From the Protocol pull-down menu, select either TCP or UDP protocol. 4. In the Outgoing (T rigger) Port Range fields: a. Enter the St a r t P o r t range (1 - 65534).
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -31 v1.0, August 2006 6. Click Add. The Port T riggering Rule will be added to the Port T riggering Rules table. T o edit or modify a rule: 1. Click Ed it in the Action column opposite th e rule you wish to edit.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-32 Firewall Protection and Content Filtering v1.0, August 2006 Y ou must have e-mail notification enable d to recei ve the logs in an e-mail message. If you don't have e-mail notification enabled, you can view the logs on the Logs screen (see Figure 4-22 on page 4-34 ).
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -33 v1.0, August 2006 3. Enter a Schedule for sending the logs. From the Unit pull-down menu, select: Never , Hourly , Daily , or W eekly . Then fill in the Day and T ime fields that correspond to your selection.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-34 Firewall Protection and Content Filtering v1.0, August 2006 T o view the Firewall logs: 1. Click on the Vi ew L o g icon opposite the Fir ewall Logs & E-mail tab. The Logs screen will display .
ProSafe VPN Firewall 200 FVX538 Reference Manual Firewall Protection and Content Filtering 4 -35 v1.0, August 2006 Administrator Tip s Consider the following operational items: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 4-36 Firewall Protection and Content Filtering v1.0, August 2006.
Virtual Private Networking 5-1 v1.0, August 2006 Chapter 5 V irtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the VPN firewall. VPN tunnels provide secure, encrypted communications between your local network an d a remote network or computer .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-2 Virtual Private Networking v1.0, August 2006 Figure 5-1 shows the W AN Mode setup screen for Auto-Rollover Mo de using W AN port 1. It also shows the Protocol Bindings screen that displays if Load Ba lancing is selected.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Networking 5-3 v1.0, August 2006 • Mandatory when the W AN ports are in load ba lancing mode and the IP addresses are dynamic ( Figur.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-4 Virtual Private Networking v1.0, August 2006 determine the IPSec keys and VPN policies it set s up. It also will set the parameters for the network connection: Security Association, tr af fic selectors, authentic ation algorithm, and encryption.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Networking 5-5 v1.0, August 2006 7. Enter the Remote LAN IP Address and Subnet Mask of the remote gateway . The information entered here mu st match the Local LAN IP and Subnet Mask of the remote gateway; otherwise the secure tunnel will fail to connect.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-6 Virtual Private Networking v1.0, August 2006 Y ou can also view the status of your IKE Polic ies by clicking the IKE Policies tab. The IKE Policies screen will di splay . Then view or edit the parameters of the “Of fsite” policy by clicking Edit in the Action column adjacent to the policy .
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Networking 5-7 v1.0, August 2006 Creating a VPN T unnel Co nnection to a VPN Client Y ou can set up multiple Gateway VPN tunnel po licies through the VPN W i zard.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-8 Virtual Private Networking v1.0, August 2006 3. Select a Connection Name . Enter an appropriate name for th e connection. This name is not supplied to the remote VPN Endpoint. It is used to help you manage th e VPN settings.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Networking 5-9 v1.0, August 2006 8. Click Apply . The VPN Policies screen will display showing that the Client policy “home” has been added and enabled. Click Edit in the Action column adjacent to the “home” policy to view the “home” policy parameters.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-10 Virtual Private Ne tworking v1.0, August 2006 . VPN T unnel Policies When you use the VPN W izard to set up a VPN t unnel, both a VPN Policy and an IKE Policy are established and populated in both Policy T ables.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-11 v1.0, August 2006 • “Manual” generated VPN p olicie s cannot use the IKE negotiation pro tocol. Managing IKE Policies IKE Policies are activated when: 1. The VPN Policy Selector dete rmines that some traf fic matche s an existing VPN Policy .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-12 Virtual Private Ne tworking v1.0, August 2006 • Remote ID . The IKE/ISAKMP identify of the remote VPN Gateway . (The remote VPN must have this value as their “Local ID”.) • Encr . Encryption Algorithm used for the IKE SA.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-13 v1.0, August 2006 3. The VPN tunnel is created according to the parameters in the S A (Security Association). 4. The remote VPN Endpoint must have a matc hing SA, or it will refuse the connection.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-14 Virtual Private Ne tworking v1.0, August 2006 • Tx (KBytes) . The amount of data tr ansmitted over this SA. • Tx (Packets). The number of packets transmitted over this SA. • St a t e . The current state of the SA.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-15 v1.0, August 2006 6. Select the local W AN interface to bind this connec tion to the W AN port for the VPN tunnel. 7. Enter the W AN IP address of the remote FVS3 38 and then enter the W AN IP address of the local FVX538.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-16 Virtual Private Ne tworking v1.0, August 2006 T o view the VP N Policy parameters: 1. Click Edit in the Action column adjacent to the “to_fvs” policy . The Edit VPN Polic y screen will display .
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-17 v1.0, August 2006 T o view the IKE Policy Configu rati on parameters: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-18 Virtual Private Ne tworking v1.0, August 2006 2. Select “to_FVS” and click Edit . It should not be necessary to make any changes) Figure 5-13.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-19 v1.0, August 2006 Configuring the FVS338 T o configure the FVS338 VPN W iza rd: 1. Select VPN from the main menu and VPN W i z ard from the submenu. The VPN Wizard screen will display .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-20 Virtual Private Ne tworking v1.0, August 2006 8. Click Apply to create the “to_fvx” IKE and VPN policies. The VPN Policies screen will display . T esting the Connection T o test the VPN gateway tunnel: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-21 v1.0, August 2006 5. Check either the W AN1 or W AN 2 radio box to select the W AN interface tunnel. 6. Enter he remote W AN’ s IP Address or Intern et Name and then enter the local W AN’ s IP Address or Internet Name.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-22 Virtual Private Ne tworking v1.0, August 2006 Configuring the VPN Client From a PC with the Netgear Prosafe VPN Client in stalled, you can configure a VPN client policy to connect to the FVX538. T o configure your VPN client: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-23 v1.0, August 2006 . 7. In the left frame, click My Identity . 8. From the Select Certificate pull-down menu, select None . 9. From the ID T ype pull-down menu, select Domain Name.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-24 Virtual Private Ne tworking v1.0, August 2006 . 5. Before leaving the My Identity menu, click Pr e-Shared Key . 6. Click Enter Key and then enter your p reshared key , and click OK . This key will be shared by all users of the FVX538 policy “home”.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-25 v1.0, August 2006 8. For the Phase 1 Negotiation Mode , check the Aggressive Mode radio box. 9. PFS should be disabled, and Enable Replay Detection should be enabled. 10.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-26 Virtual Private Ne tworking v1.0, August 2006 1 1. In the left frame, expand Key Exchange (Phase 2) and select Proposal 1 . The fields in this proposal should also mirror those in the following figure.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-27 v1.0, August 2006 2. For additional status and troubleshooting info rma tion, right-click on the VPN client icon Logs and Connection Status sc reens in the FVX538.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-28 Virtual Private Ne tworking v1.0, August 2006 The Active Self Certificates table shows the Cer tificates issued to you by the various CAs (Certification Authorities), and availa ble for use. For each Certificate, the following data is listed: • Name .
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-29 v1.0, August 2006 . • Domain Name – If you have a Domain name, you can enter it here. Oth erwise , you should leave this field blank. • E-mail Addr ess – Enter your e-mail address in this field.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-30 Virtual Private Ne tworking v1.0, August 2006 6. Copy the contents of the Data to supply to CA text box into a file, in cluding all of the data contained in “----BEGIN CER TIFICA TE REQUEST ---” and “---END CER TIFICA TE REQUEST ---”Click Done.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-31 v1.0, August 2006 • CA Identify – Th e offi cial name of the CA which issued this CRL. • Last Update – The date when this CRL was released. • Next Update – The date when the next CRL will be released.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-32 Virtual Private Ne tworking v1.0, August 2006 • IPSec Host. If you want authentication by the remo te gateway , enter a User Name and Password to be associated with this IKE policy .
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-33 v1.0, August 2006 – RADIUS–CHAP or RADIUS–P AP (depending on the authentication mode accepted by the RADIUS server) to add a RADIUS server .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-34 Virtual Private Ne tworking v1.0, August 2006 User Dat abase Configuration The User Database screen is used to configure an d administer users when Extended Authentication is enabled as an Edge Device.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-35 v1.0, August 2006 T o edit the user name or password: 1. Click Edit opposite the user ’ s name.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-36 Virtual Private Ne tworking v1.0, August 2006 . 3. Enter the Primary RADIUS Server IP address . 4.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-37 v1.0, August 2006 9. Click Reset to cancel any chan ges and revert to the previous settings.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-38 Virtual Private Ne tworking v1.0, August 2006 Configuring the VPN Firewall T wo menus must be con figured—the Mode Config menu and the IKE Policies menu. T o configure the Mode Config menu: 1. From the main menu, select VPN , and then select Mode Config from the submenu.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-39 v1.0, August 2006 T o configure an IKE Policy: 1. From the main menu, select VPN . The IKE Policies screen will display showing the curr ent policies in the List of IKE Policies Ta b l e .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-40 Virtual Private Ne tworking v1.0, August 2006 4. In the General section: a. Enter a description name in the Policy Name Field such as “salesperson”. This name will be used as part of the remote identif ier in the VPN client configuration.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-41 v1.0, August 2006 10. Click Apply . The new policy will appear in the IKE Policies T able (a sample policy is shown be.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-42 Virtual Private Ne tworking v1.0, August 2006 b. From the ID T ype pull-down menu, select IP Subnet. c. Enter the IP Subnet and Mask of the VPN firewall (this is the LAN network IP addre ss of the gateway).
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-43 v1.0, August 2006 d. Under V irtual Adapter pull-down menu, sel ect Preferred. The Internal Network IP Address should be 0.0 .0.0. e. Select your Internet Interface ad apter from the Name pull-down menu.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-44 Virtual Private Ne tworking v1.0, August 2006 5. Click on Key Exchange (Phase 2) on the left-sid e of the menu and select Proposal 1. Enter the values to match your configuration of the VPN firewall ModeConfig Record menu.
ProSafe VPN Firewall 200 FVX538 Reference Manual Virtual Private Ne tworking 5-45 v1.0, August 2006 T o test the connection: 1. Right-click on the VPN client icon in th e W indows toolbar and select Connect. The connection policy you configured will appear; in this case “M y Connectionsm odecfg_test”.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 5-46 Virtual Private Ne tworking v1.0, August 2006.
Router and Network Ma nagement 6-1 v1.0, August 2006 Chapter 6 Router and Network Management This chapter describes how to use the network manag eme nt features of your ProSa f e VPN Firewall 200. These features can be found by clic king on the appropriate heading in the Main Menu of the browser interface.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-2 Router and Network Man a gem en t v1.0, August 2006 Using the dual W AN ports in load balancing mo de increases the bandwidth capacity of the W AN side of the VPN firewall. But there is no backup in case one of the W AN ports fail.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-3 v1.0, August 2006 – Groups: The rule is ap plied t o a Group (see “Managing Groups and Hosts (LAN Groups)” on page 3-6 to assign PCs to a Group using Network Database).
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-4 Router and Network Man a gem en t v1.0, August 2006 Schedule. If you have set firewall rules on the Rules screen, you can configure three different schedules (i.e., schedule 1, schedule 2, and schedule 3) fo r when a rule is to be applied.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-5 v1.0, August 2006 VPN Firewall Features That Increase T raffic Features that tend to inc rease WAN-side loading are .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-6 Router and Network Man a gem en t v1.0, August 2006 • Enable DNS Proxy – Enable thi s to allow incoming DNS queries. • Enable S tealth Mode – Enable this to set the fire wall to operate in stealth mode.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-7 v1.0, August 2006 • The remote system receives the PCs request and responds using the different po rt numbers that you have now op ened. • This Router matches the respons e to the previous request and forwards the response to the PC.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-8 Router and Network Man a gem en t v1.0, August 2006 The QoS priority settings conform to the IEEE 802 .1D-1998 (formerly 802.1p) standard for class of service tag. Y ou will not change the W AN bandwidth used by changing any QoS prior ity settings.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-9 v1.0, August 2006 6. Click Apply to save this setting.. Note: If you make the administrato r login time-out value too large, you will have to wait a long time before you are able to log back into th e router if your previo us login was disrupted (i.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-10 Router and Networ k Management v1.0, August 2006 Enabling Remote Management Access Using the Remote Manage ment page, you can allow an administrator on the In ternet to configure, upgrade, and check the statu s of your VPN firewa ll.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-11 v1.0, August 2006 b. T o allow access from a range of IP addresses on the Internet, select IP address range. Enter a beginning and end ing IP address to define the allo wed range.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-12 Router and Networ k Management v1.0, August 2006 The SNMP Configuration table list s the SNMP configurations by: • IP Address : The IP address of the SNMP manager . • Port : The trap port of the configuration.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-13 v1.0, August 2006 The SNMP System Info link displays the VPN firewall identif ication information available to t he SNMP Manager: System Contact, Sy stem Lo cation, and S ystem name.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-14 Router and Networ k Management v1.0, August 2006 • Upgrade the VPN firewall firmwa re from a saved file on your hard disk to use a dif ferent firmware version. Backup and Restore Settings T o backup and restore settings: 1.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-15 v1.0, August 2006 Router Upgrade Y ou can install a different version of the VPN firewall firmware from the Settings Backup and Firmwar e Upgrade screen.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-16 Router and Networ k Management v1.0, August 2006 T o upgrade router software: 1. Select Administration from the main menu and Settings Backup and Firmwar e Upgrade from the submenu. The Settings Backup and Firmwar e Upgrade screen will display .
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-17 v1.0, August 2006 • Use Custom NTP Ser v ers : If you prefer to use a particular NTP server , enable this instead and enter the name or IP address of an NTP Server in the Server 1 Nam e/IP Address field.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-18 Router and Networ k Management v1.0, August 2006 • Internet T raffic S tatistics – Displays statistics on Internet Traf fic via the W AN port. If you have not enabled the T raffic Meter , these statistics are not available.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-19 v1.0, August 2006 Setting Login Failures and Att acks Notification Figure 6-8 shows the Firewall Logs & E-mail screen that is invoked by selecting Monitorin g from the main menu and selecting Firewall Logs & E-mail from the submenu.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-20 Router and Networ k Management v1.0, August 2006 Monitoring Att ached Devices The Gr oups and Hosts menu contains a table of all IP devices that the VPN firewall has discovered on the local network.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-21 v1.0, August 2006 . The network database is an au tomatically-maintained list of al l known PCs and netwo rk devices.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-22 Router and Networ k Management v1.0, August 2006 V iewing Port T riggering St atus Y ou can view the status of Port Triggering by selecting Se curity from the main menu and Port T riggering from the submenu.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-23 v1.0, August 2006 V iewing Router Configuration and System S tat us The Router S tatus screen provides status and usage information. Select Monitoring from the main menu and Router S tatus from the submenu.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-24 Router and Networ k Management v1.0, August 2006 Monitoring W AN Ports S t atus Y ou can monitor the status of both of th e W AN connections, the Dynamic DNS Serve r connections, and the DHCP Se rver connections.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-25 v1.0, August 2006 . Monitoring VPN T unnel Connection S tatus Y ou can view the status of the VPN tunnels by selecting VPN from the main menu and Connection S tatus from the submenu.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-26 Router and Networ k Management v1.0, August 2006 VPN Logs The VPN Logs screen gives log details for recent VPN activity . Select Monitoring from the main menu and VPN Logs from the submenu to view the VPN Logs .
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-27 v1.0, August 2006 DHCP Log Y ou can view the DHCP log from the LAN Setup screen. Select Network Configuration from the main menu and LAN Setup from the submenu. When the LAN Setup screen displays, click the DHCP Log link.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-28 Router and Networ k Management v1.0, August 2006 Figure 6-16 T able 6-5. Diagnostics Item Description Ping or T race an IP address Ping – Used to send a ping packet request to a specified IP address—most often, to test a connection.
ProSafe VPN Firewall 200 FVX538 Reference Manual Router and Network Ma nagement 6-29 v1.0, August 2006 Display the Routing T able This operation will display the internal rout ing table. This information is use d, most often, by T echn ical Support. Reboot the Router Used to perform a remote reboot (re start).
ProSafe VPN Firewall 200 FVX538 Reference Manu al 6-30 Router and Networ k Management v1.0, August 2006.
Troubleshooting 7-1 v1.0, August 2006 Chapter 7 T roubleshooting This chapter provides troubleshooting tips and information for your ProS afe VPN Firewall 200. After each problem description, instructions ar e provided to help you diagnose and solve the problem.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 7-2 Troubleshooting v1.0, August 2006 LEDs Never T urn Off When the firewall is turned on, the LEDs turns on for about 10 sec onds and then turn off. If all the LEDs stay on, there is a fault within the firewall.
ProSafe VPN Firewall 200 FVX538 Reference Manual Troubleshooting 7-3 v1.0, August 2006 • Make sure your PC’ s IP address is on the sam e subnet as the firewall. If you are using the recommended addressing sch eme, yo ur PC’ s address should be in the range of 192.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 7-4 Troubleshooting v1.0, August 2006 T roubleshooting the ISP Connection If your firewall is unable to a ccess the Internet, you should first determine whether the firewall is able to obtain a W AN IP address from the ISP .
ProSafe VPN Firewall 200 FVX538 Reference Manual Troubleshooting 7-5 v1.0, August 2006 – Configure your firewall to spoof your PC’ s MAC address. This can be do ne in the Basic Settings menu. Refer to “Manually Configuring Y our Internet Connection” on pag e 2-5 .
ProSafe VPN Firewall 200 FVX538 Reference Manu al 7-6 Troubleshooting v1.0, August 2006 • W rong ph ysical connections – Make sure the LAN port LED is on. If the LED is of f, follow the instruct ions in “LAN or Internet Port LEDs Not On” on page 7-2 .
ProSafe VPN Firewall 200 FVX538 Reference Manual Troubleshooting 7-7 v1.0, August 2006 Restoring the Default Co nfiguration and Password This section explains how to restore the fact ory default configuratio n settings, changing the firewall’ s administration password to password and the IP address to 192.
ProSafe VPN Firewall 200 FVX538 Reference Manu al 7-8 Troubleshooting v1.0, August 2006.
Default Settings and Technical Specifications A-1 v1.0, August 2006 Appendix A Default Settings and T echnical S pecifications Y ou can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset.
ProSafe VPN Firewall 200 FVX538 Reference Manu al A-2 Default Settings and Technical Specifications v1.0, August 2006 T echnical specifications for the ProSafe VPN Fi rewall 200 are listed in the following table.
ProSafe VPN Firewall 200 FVX538 Reference Manual Default Settings and Technical Specifications A-3 v1.0, August 2006 Environmental S pecifications Operating temperature: 0 ° to 40 ° C (32º to 104º.
ProSafe VPN Firewall 200 FVX538 Reference Manu al A-4 Default Settings and Technical Specifications v1.0, August 2006.
Related Documents B-1 v1.0, August 2006 Appendix B Related Document s This appendix provides links to reference documents you c an use to gain a more comple te understanding of the technolog ies used in your NETGEAR prod uct. Document Link Internet Networki ng and TCP/IP Addressing: h ttp://documentation .
ProSafe VPN Firewall 200 FVX538 Reference Manu al B-2 Related Documents v1.0, August 2006.
Network Planning for Dual WAN Port s C-1 v1.0, August 2006 Appendix C Network Planning for Dual W AN Port s This appendix describes the factor s to consider when plannin g a network using a firewall that h as dual W AN ports.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-2 Network Planning for Dual WAN Ports v1.0, August 2006 – Y ou can also add your own service protocols to the list (see “Services -B ased Rules” on page 4-2 for information on how to do this). 3.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-3 v1.0, August 2006 • There are a variety of W AN options you can choose when the factory default settings are not applicable to your inst allation. These include enabling a W AN port to respond to a ping and setting MTU size, port speed, and upload bandwidth.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-4 Network Planning for Dual WAN Ports v1.0, August 2006 • Fixed IP Address which is also known as S tatic IP Address Where Do I Get the Internet Configuration Parameters? There are several ways you can gather the required Internet connection information.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-5 v1.0, August 2006 Internet Connection Information Form Print this page.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-6 Network Planning for Dual WAN Ports v1.0, August 2006 Overview of the Planning Process The areas that require planning when using a firewall that has dual W AN ports include: • Inbound traffic (e.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-7 v1.0, August 2006 The Roll-over Case for Firewalls With Dual W AN Port s Rollover ( Figure C-2 ) for the dual W AN port case is differ ent from the single gateway W AN port case when specifying the IP address.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-8 Network Planning for Dual WAN Ports v1.0, August 2006 Inbound T raffic Incoming traf fic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a servi ce that you have configured in the Inbound Ru les menu.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-9 v1.0, August 2006 Inbound T raffic: Dual W AN Ports for Imp roved Reliability In the dual W AN port case with rollover ( Figure C-5 ), the W AN’ s IP address will always change at rollover .
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-10 Network Planning for Dual WAN Ports v1.0, August 2006 V irtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanis m must be used for determining the IP addresses of the tunnel end po ints.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-11 v1.0, August 2006 • Load Balancing Case for Dual Gateway W AN Ports Load balancing ( Fig ure C-8 ) for the dual gateway W AN port case is the same as the single gateway W AN port case when specifying the IP ad dress of the VPN tunnel end point.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-12 Network Planning for Dual WAN Ports v1.0, August 2006 VPN Road W arrior: Single Gateway W AN Port (Reference Case) In the case of the single W AN.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-13 v1.0, August 2006 The IP addresses of the gateway W AN ports can be either fixed or dynamic, but a fully-qualified domain name must always be use d because the ac tive W AN port could be either W AN1 or W AN2 (i.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-14 Network Planning for Dual WAN Ports v1.0, August 2006 The IP addresses of the gateway W AN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name m ust be used.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-15 v1.0, August 2006 The IP address of the gateway W AN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name m ust be used.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-16 Network Planning for Dual WAN Ports v1.0, August 2006 The IP addresses of the gateway W AN ports can be either fixed or dynamic, but a fully-qualified domain name must always b e used becaus e the active W AN po rts could be eith er W AN_A1, W AN_A2, W AN_B1, or W AN_B2 (i.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-17 v1.0, August 2006 VPN Gateway-to-Gateway: Dual Gateway W AN Ports for Loa d Balancing In the case of the dual.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-18 Network Planning for Dual WAN Ports v1.0, August 2006 VPN T elecommuter: Single Gateway W AN Port (Reference Case) In the case of the single W AN.
ProSafe VPN Firewall 200 FVX538 Reference Manual Network Planning for Dual WAN Port s C-19 v1.0, August 2006 The IP addresses of the gateway W AN ports can be either fixed or dynamic, but a fully-qualified domain name must always be use d because the ac tive W AN port could be either W AN1 or W AN2 (i.
ProSafe VPN Firewall 200 FVX538 Reference Manu al C-20 Network Planning for Dual WAN Ports v1.0, August 2006 VPN T elecommuter: Dual Gateway W AN Port s for Load Balancing In the case of the dual W AN ports on the gateway VPN fire wall ( Figure C-20 ), the remote PC client initiates the VPN tunnel with the appropri ate gateway W AN port (i.
Index-1 v1.0, August 2006 Index A access remote management 6-10 Active Self Certificate s 5-27 Add DMZ W AN Outbound Services screen 4-12 Add LAN DMZ Inbound Service screen 4-14 Add LAN DMZ Outbound S.
ProSafe VPN Firewall 200 FVX538 Reference Manu al Index-2 v1.0, August 2006 Content Filteri ng 4- 1 about 4- 25 Block Sites 4-25 enabling 4-2 5 firewall protection, about 4-1 content filtering 1-2 , 4.
ProSafe VPN Firewall 200 FVX538 Reference Manual Index-3 v1.0, August 2006 about protection 1-2 Dual W AN configuration of 2-10 Dual W AN Port inbound traffic C-8 load balancing, inbound traffic C-9 D.
ProSafe VPN Firewall 200 FVX538 Reference Manu al Index-4 v1.0, August 2006 editing 3-9 Groups and Hosts screen 3-7 , 3-9 , 3-10 groups, managing 3-6 H hardware requirements C-3 Hosting A Local Public W eb Server example of 4-16 hosts, managing 3-6 I Iego.
ProSafe VPN Firewall 200 FVX538 Reference Manual Index-5 v1.0, August 2006 L L2TP 4-15 LAN configuration 3-1 using LAN IP setup options 3-2 LAN DMZ Inbound Services adding rule 4-14 LAN DMZ Outbound S.
ProSafe VPN Firewall 200 FVX538 Reference Manu al Index-6 v1.0, August 2006 network configuration requirements C-3 Network Database about 3- 6 advantages of 3-6 fields 3- 7 Network Database Group Names screen 3-9 network planning Dual W AN Ports C-1 Network T i me Protocol.
ProSafe VPN Firewall 200 FVX538 Reference Manual Index-7 v1.0, August 2006 priority definitions 4-23 shifting traf fic mix 6-7 SIP 2.0 support 1-1 Quality of Service .
ProSafe VPN Firewall 200 FVX538 Reference Manu al Index-8 v1.0, August 2006 Add Protocol Binding 2-14 Service Based Rules 4-2 Service Blocking reducing traffic 6-2 service blocking 4-2 Outbound Rules .
ProSafe VPN Firewall 200 FVX538 Reference Manual Index-9 v1.0, August 2006 definitions 2-9 T rend Micro enabling 3-1 5 Office Scan Server 3-16 OfficeS c an cl ient, exclusion list 3-16 requirements fo.
ProSafe VPN Firewall 200 FVX538 Reference Manu al Index-10 v1.0, August 2006 VPNs C-6 , C-10 about C- 10 creating a VPN Ga teway connection 5-14 gateway-to-gateway C-14 , C-15 , C-17 road warrior C-1 .
Een belangrijk punt na aankoop van elk apparaat NETGEAR FVX538NA (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen NETGEAR FVX538NA heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens NETGEAR FVX538NA vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding NETGEAR FVX538NA leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over NETGEAR FVX538NA krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van NETGEAR FVX538NA bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de NETGEAR FVX538NA kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met NETGEAR FVX538NA . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.