FVS114 Reference Manual
Page 13
... Product Version Manual Publication Date FVS114 ProSafe VPN Firewall April 2005 Note: Product updates are available on the NETGEAR Web site. However, basic computer network, Internet, firewall, and VPN technologies tutorial information is used to highlight information of this manual. About This Manual 1-1 202-10098-01, April 2005 Typographical Conventions italics bold fixed Emphasis, books, CDs, URL names User input Screen...
... Product Version Manual Publication Date FVS114 ProSafe VPN Firewall April 2005 Note: Product updates are available on the NETGEAR Web site. However, basic computer network, Internet, firewall, and VPN technologies tutorial information is used to highlight information of this manual. About This Manual 1-1 202-10098-01, April 2005 Typographical Conventions italics bold fixed Emphasis, books, CDs, URL names User input Screen...
FVS114 Reference Manual
Page 18
...FVS114 VPN Firewall is a true firewall, using stateful packet inspection to defend against hacker attacks. You can configure the firewall to email the log to access objectionable Internet sites. Its firewall features include: • DoS protection. Requests originating from outside the LAN are discarded, preventing users...port scans, attacks, and administrator logins. Reference Manual for the ProSafe VPN Firewall FVS114 A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVS114 is equipped with NAT Although NAT prevents Internet ...
...FVS114 VPN Firewall is a true firewall, using stateful packet inspection to defend against hacker attacks. You can configure the firewall to email the log to access objectionable Internet sites. Its firewall features include: • DoS protection. Requests originating from outside the LAN are discarded, preventing users...port scans, attacks, and administrator logins. Reference Manual for the ProSafe VPN Firewall FVS114 A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVS114 is equipped with NAT Although NAT prevents Internet ...
FVS114 Reference Manual
Page 19
...user ISP account. • Automatic Configuration of full-duplex or half-duplex operation. That port then configures itself to attached PCs on the LAN using only a single IP address, which may be statically or dynamically assigned by your PC. Extensive Protocol Support The FVS114 VPN Firewall... the ProSafe VPN Firewall FVS114 Autosensing ...firewall incorporates Auto UplinkTM technology. Reference Manual for connecting remote hosts to the Internet over Ethernet (PPPoE) PPPoE is enabled and no DNS addresses are autosensing and capable of Attached PCs by DHCP The FVS114 VPN Firewall...
...user ISP account. • Automatic Configuration of full-duplex or half-duplex operation. That port then configures itself to attached PCs on the LAN using only a single IP address, which may be statically or dynamically assigned by your PC. Extensive Protocol Support The FVS114 VPN Firewall... the ProSafe VPN Firewall FVS114 Autosensing ...firewall incorporates Auto UplinkTM technology. Reference Manual for connecting remote hosts to the Internet over Ethernet (PPPoE) PPPoE is enabled and no DNS addresses are autosensing and capable of Attached PCs by DHCP The FVS114 VPN Firewall...
FVS114 Reference Manual
Page 20
...-01, April 2005 Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management Browser-based configuration allows you to easily configure your firewall from a remote location on the Internet. For security, you can install, configure, and operate the FVS114 ProSafe VPN Firewall within minutes after connecting it to help...
...-01, April 2005 Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management Browser-based configuration allows you to easily configure your firewall from a remote location on the Internet. For security, you can install, configure, and operate the FVS114 ProSafe VPN Firewall within minutes after connecting it to help...
FVS114 Reference Manual
Page 29
...3-9. You are now connected to finish. Reference Manual for the password both IP and DNS server addresses automatically, which is in lower case letters. You can always connect to the firewall to correct basic problems. Note: The Smart Wizard...3-5: NETGEAR Smart Wizard Configuration Assistant welcome screen Note: If you configure the VPN firewall router, it will automatically display the NETGEAR Smart Wizard Configuration Assistant welcome page. After you do so, open a browser such as the user name and password for the ProSafe VPN Firewall FVS114 With the VPN firewall router in...
...3-9. You are now connected to finish. Reference Manual for the password both IP and DNS server addresses automatically, which is in lower case letters. You can always connect to the firewall to correct basic problems. Note: The Smart Wizard...3-5: NETGEAR Smart Wizard Configuration Assistant welcome screen Note: If you configure the VPN firewall router, it will automatically display the NETGEAR Smart Wizard Configuration Assistant welcome page. After you do so, open a browser such as the user name and password for the ProSafe VPN Firewall FVS114 With the VPN firewall router in...
FVS114 Reference Manual
Page 31
... address of the VPN firewall router Connect to the VPN firewall router by typing the IP address of the VPN firewall router in the address field of your browser, then press Enter: http://www.routerlogin.net http://www.routerlogin.com The VPN firewall router will automatically connect to that browser and display the Configuration Assistant welcome page. Reference Manual for the ProSafe VPN Firewall FVS114 Overview of...
... address of the VPN firewall router Connect to the VPN firewall router by typing the IP address of the VPN firewall router in the address field of your browser, then press Enter: http://www.routerlogin.net http://www.routerlogin.com The VPN firewall router will automatically connect to that browser and display the Configuration Assistant welcome page. Reference Manual for the ProSafe VPN Firewall FVS114 Overview of...
FVS114 Reference Manual
Page 32
..., see "Changing the Administrator Password" on page 7-8 Note: The firewall user name and password are not the same as any user name or password you may use to log in to the VPN firewall router by typing http://www.routerlogin.net in lower case letters. Connect to...3-8 Connecting the Firewall to the FVS114 After Configuration Settings Have Been Applied 1. Figure 3-6: Login URL 2. When prompted, enter admin for the firewall user name and password for the ProSafe VPN Firewall FVS114 How to Log On to the Internet 202-10098-01, April 2005 Reference Manual for the firewall password, both in...
..., see "Changing the Administrator Password" on page 7-8 Note: The firewall user name and password are not the same as any user name or password you may use to log in to the VPN firewall router by typing http://www.routerlogin.net in lower case letters. Connect to...3-8 Connecting the Firewall to the FVS114 After Configuration Settings Have Been Applied 1. Figure 3-6: Login URL 2. When prompted, enter admin for the firewall user name and password for the ProSafe VPN Firewall FVS114 How to Log On to the Internet 202-10098-01, April 2005 Reference Manual for the firewall password, both in...
FVS114 Reference Manual
Page 33
... entered your user name and password, your browser, then press Enter. When the VPN firewall router is connected to the Internet, click the Knowledge Base or the Documentation link under the Web Support menu to view support information or the documentation for the ProSafe VPN Firewall FVS114 Once you out. Figure 3-8: Login result: FVS114 home page When the VPN firewall router is...
... entered your user name and password, your browser, then press Enter. When the VPN firewall router is connected to the Internet, click the Knowledge Base or the Documentation link under the Web Support menu to view support information or the documentation for the ProSafe VPN Firewall FVS114 Once you out. Figure 3-8: Login result: FVS114 home page When the VPN firewall router is...
FVS114 Reference Manual
Page 34
... follow this procedure. 1. After you do not click Logout, the VPN firewall router waits five minutes after there is in "Login result: FVS114 home page" on page 7-8 Note: The firewall user name and password are not the same as needed. 5. To use...Manual for the firewall password, both in lower case letters. The Smart Setup Wizard is not the same as the Smart Wizard Configuration Assistant (as shown in Figure 3-8. 3. When prompted, enter admin for the firewall user name and password for the ProSafe VPN Firewall FVS114 2. Click Next to your Web browser should find the FVS114 VPN Firewall...
... follow this procedure. 1. After you do not click Logout, the VPN firewall router waits five minutes after there is in "Login result: FVS114 home page" on page 7-8 Note: The firewall user name and password are not the same as needed. 5. To use...Manual for the firewall password, both in lower case letters. The Smart Setup Wizard is not the same as the Smart Wizard Configuration Assistant (as shown in Figure 3-8. 3. When prompted, enter admin for the firewall user name and password for the ProSafe VPN Firewall FVS114 2. Click Next to your Web browser should find the FVS114 VPN Firewall...
FVS114 Reference Manual
Page 40
... desired options: • Turn Proxy filtering on Web addresses and Web address keywords. Reference Manual for the ProSafe VPN Firewall FVS114 Block Sites The FVS114 allows you force LAN users to connect directly, so their activity can use of the site which your LAN users are supported in Figure 4-1: Figure 4-1: Block Sites menu Web Components: You can be...
... desired options: • Turn Proxy filtering on Web addresses and Web address keywords. Reference Manual for the ProSafe VPN Firewall FVS114 Block Sites The FVS114 allows you force LAN users to connect directly, so their activity can use of the site which your LAN users are supported in Figure 4-1: Figure 4-1: Block Sites menu Web Components: You can be...
FVS114 Reference Manual
Page 41
...Add Keyword, then click Apply. • To delete a keyword or domain, select it in the Trusted User box and click Apply. Using Rules to WAN) determine what outside resources local users can be viewed. • If you should configure that will not function correctly if these components are ... alt.pictures.XXX. • If the keyword ".com" is a PC that PC with other . You may specify one for outbound. Reference Manual for the ProSafe VPN Firewall FVS114 • Turn Cookies filtering on , then click Apply. • To add a keyword or domain, type it from the list, click Delete...
...Add Keyword, then click Apply. • To delete a keyword or domain, select it in the Trusted User box and click Apply. Using Rules to WAN) determine what outside resources local users can be viewed. • If you should configure that will not function correctly if these components are ... alt.pictures.XXX. • If the keyword ".com" is a PC that PC with other . You may specify one for outbound. Reference Manual for the ProSafe VPN Firewall FVS114 • Turn Cookies filtering on , then click Apply. • To add a keyword or domain, type it from the list, click Delete...
FVS114 Reference Manual
Page 44
.... Remember that are unsure, refer to contact the DNS directly. This setting should normally be enabled. This is disabled, the Router will forward DNS queries to one IP address to the IP address of inbound rules: Inbound Rule Example: A Local Public Web...server (for the ProSafe VPN Firewall FVS114 - The rule tells the firewall to direct inbound traffic for servers and may also be enabled. - Only enable those ports that allowing inbound services opens holes in Figure 4-3: 4-6 Firewall Protection and Content Filtering 202-10098-01, April 2005 Reference Manual for example, ...
.... Remember that are unsure, refer to contact the DNS directly. This setting should normally be enabled. This is disabled, the Router will forward DNS queries to one IP address to the IP address of inbound rules: Inbound Rule Example: A Local Public Web...server (for the ProSafe VPN Firewall FVS114 - The rule tells the firewall to direct inbound traffic for servers and may also be enabled. - Only enable those ports that allowing inbound services opens holes in Figure 4-3: 4-6 Firewall Protection and Content Filtering 202-10098-01, April 2005 Reference Manual for example, ...
FVS114 Reference Manual
Page 46
...Advanced menus so that external users can define an outbound rule to block the use the Reserved IP address feature in the LAN IP menu to access the server using the external WAN IP address will fail. Reference Manual for the ProSafe VPN Firewall FVS114 Considerations for Inbound Rules ...8226; If your external IP address is an application example of an outbound rule: 4-8 Firewall Protection and Content Filtering 202-10098-01, April 2005 You can...
...Advanced menus so that external users can define an outbound rule to block the use the Reserved IP address feature in the LAN IP menu to access the server using the external WAN IP address will fail. Reference Manual for the ProSafe VPN Firewall FVS114 Considerations for Inbound Rules ...8226; If your external IP address is an application example of an outbound rule: 4-8 Firewall Protection and Content Filtering 202-10098-01, April 2005 You can...
FVS114 Reference Manual
Page 49
...of services that is sent with destination port number 80 is identified by the application. Services Reference Manual for the ProSafe VPN Firewall FVS114 Services are functions performed by the Internet Engineering Task Force (IETF) and published in RFC1700, "Assigned... Numbers." For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other applications are typically chosen from user...
...of services that is sent with destination port number 80 is identified by the application. Services Reference Manual for the ProSafe VPN Firewall FVS114 Services are functions performed by the Internet Engineering Task Force (IETF) and published in RFC1700, "Assigned... Numbers." For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other applications are typically chosen from user...
FVS114 Reference Manual
Page 54
... If a user on your LAN attempts to access a Web site that logs are sent to you blocked using the Block Sites menu. • Send logs according to a schedule. You can specify that you according to this schedule. Select whether you have finished configuring this case, the firewall overwrites the ...to receive the logs None, Hourly, Daily, Weekly, or When Full. Time for sending log Relevant when the log is cleared from the firewall's memory. Reference Manual for sending log Relevant when the log is selected and the log fills up . Day for the ProSafe VPN Firewall FVS114 -
... If a user on your LAN attempts to access a Web site that logs are sent to you blocked using the Block Sites menu. • Send logs according to a schedule. You can specify that you according to this schedule. Select whether you have finished configuring this case, the firewall overwrites the ...to receive the logs None, Hourly, Daily, Weekly, or When Full. Time for sending log Relevant when the log is cleared from the firewall's memory. Reference Manual for sending log Relevant when the log is selected and the log fills up . Day for the ProSafe VPN Firewall FVS114 -
FVS114 Reference Manual
Page 62
... display this procedure to configure a client-to-gateway VPN tunnel using the VPNC default parameters listed in Table 5-1 on the FVS114 Note: This section uses the VPN Wizard to set up the VPN tunnel using the VPN Wizard. 1. Reference Manual for the ProSafe VPN Firewall FVS114 Step 1: Configuring the Client-to-Gateway VPN Tunnel on page 5-4. Log in the Connection Name...
... display this procedure to configure a client-to-gateway VPN tunnel using the VPNC default parameters listed in Table 5-1 on the FVS114 Note: This section uses the VPN Wizard to set up the VPN tunnel using the VPN Wizard. 1. Reference Manual for the ProSafe VPN Firewall FVS114 Step 1: Configuring the Client-to-Gateway VPN Tunnel on page 5-4. Log in the Connection Name...
FVS114 Reference Manual
Page 77
Reference Manual for the ProSafe VPN Firewall FVS114 Procedure to Configure a Gateway-to-Gateway VPN Tunnel Follow this procedure to configure a gateway-to proceed. Click Next to -gateway VPN tunnel using the VPN Wizard. 1. Fill in the main menu to proceed. Figure 5-23: VPN Wizard start screen 2. Click the VPN Wizard link in...(12345678 in to the FVS114 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of target end point, and click Next to display this example) Select the radio button: A remote VPN Gateway Figure 5-24: ...
Reference Manual for the ProSafe VPN Firewall FVS114 Procedure to Configure a Gateway-to-Gateway VPN Tunnel Follow this procedure to configure a gateway-to proceed. Click Next to -gateway VPN tunnel using the VPN Wizard. 1. Fill in the main menu to proceed. Figure 5-23: VPN Wizard start screen 2. Click the VPN Wizard link in...(12345678 in to the FVS114 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of target end point, and click Next to display this example) Select the radio button: A remote VPN Gateway Figure 5-24: ...
FVS114 Reference Manual
Page 92
...This name is unknown. Outgoing connections are allowed, but outgoing are blocked. • Responder - You can be Name. Reference Manual for the ProSafe VPN Firewall FVS114 The IKE Policy Configuration fields are defined in the following : • Initiator - IKE Policy Configuration fields Field General Policy Name ...connections are allowed. • Remote Access - On the matching VPN Policy, the IP address of your domain name. • By a Fully Qualified User Name - This setting must be set to identify the local FVS114. Also, the Identity below (both Local and Remote) must ...
...This name is unknown. Outgoing connections are allowed, but outgoing are blocked. • Responder - You can be Name. Reference Manual for the ProSafe VPN Firewall FVS114 The IKE Policy Configuration fields are defined in the following : • Initiator - IKE Policy Configuration fields Field General Policy Name ...connections are allowed. • Remote Access - On the matching VPN Policy, the IP address of your domain name. • By a Fully Qualified User Name - This setting must be set to identify the local FVS114. Also, the Identity below (both Local and Remote) must ...
FVS114 Reference Manual
Page 93
... Time The amount of your domain name. • By a Fully Qualified User Name - You can navigate to the VPN - Diffie-Hellman (D-H) Group The DH Group setting determines the bit size used on the remote VPN gateway or client. Auto Policy configuration menu. the default • SHA-1 ... An already defined IKE policy is required for this IKE policy: • DES is the default • 3DES is common. Reference Manual for the ProSafe VPN Firewall FVS114 Table 6-1. your name, E-mail address, or other ID. • By DER ASN.1 DN - IKE SA Parameters These parameters determine...
... Time The amount of your domain name. • By a Fully Qualified User Name - You can navigate to the VPN - Diffie-Hellman (D-H) Group The DH Group setting determines the bit size used on the remote VPN gateway or client. Auto Policy configuration menu. the default • SHA-1 ... An already defined IKE policy is required for this IKE policy: • DES is the default • 3DES is common. Reference Manual for the ProSafe VPN Firewall FVS114 Table 6-1. your name, E-mail address, or other ID. • By DER ASN.1 DN - IKE SA Parameters These parameters determine...
FVS114 Reference Manual
Page 101
... use certificates to authenticate users at the end points during the IKE key exchange process. Out field. They are produced by Certification Authorities (CAs) to enable or disable ESP authentication for the ProSafe VPN Firewall FVS114 Table 6-1. The certificates are issued by providing the particulars of the string. In field. Reference Manual for this check box...
... use certificates to authenticate users at the end points during the IKE key exchange process. Out field. They are produced by Certification Authorities (CAs) to enable or disable ESP authentication for the ProSafe VPN Firewall FVS114 Table 6-1. The certificates are issued by providing the particulars of the string. In field. Reference Manual for this check box...