FVS114 Reference Manual
Page 6
...How to Manually Configure Your Internet Connection 3-11 Chapter 4 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview 4-1 Block Sites ...4-2 Using Rules to Block or Allow Specific Kinds of Traffic 4-3 Inbound Rules (Port Forwarding 4-6 ...VPN Configuration 5-2 Client-to-Gateway VPN Tunnels 5-2 Gateway-to-Gateway VPN Tunnels 5-2 Planning a VPN ...5-3 VPN Tunnel Configuration 5-5 How to Set Up a Client-to-Gateway VPN Configuration 5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS114 5-6 Step 2: Configuring the NETGEAR ProSafe VPN...
...How to Manually Configure Your Internet Connection 3-11 Chapter 4 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview 4-1 Block Sites ...4-2 Using Rules to Block or Allow Specific Kinds of Traffic 4-3 Inbound Rules (Port Forwarding 4-6 ...VPN Configuration 5-2 Client-to-Gateway VPN Tunnels 5-2 Gateway-to-Gateway VPN Tunnels 5-2 Planning a VPN ...5-3 VPN Tunnel Configuration 5-5 How to Set Up a Client-to-Gateway VPN Configuration 5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS114 5-6 Step 2: Configuring the NETGEAR ProSafe VPN...
FVS114 Reference Manual
Page 8
...How to Configure Dynamic DNS 8-3 Using the LAN IP Setup Options 8-5 Configuring LAN TCP/IP Setup Parameters 8-5 Using the Firewall as a DHCP server 8-7 Using Address Reservation 8-7 Configuring Static Routes 8-8 Static Route Example 8-10 Enabling Remote Management Access ... Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-7 Problems with Date and Time 9-7 Appendix A Technical Specifications Appendix B Network, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 viii ...
...How to Configure Dynamic DNS 8-3 Using the LAN IP Setup Options 8-5 Configuring LAN TCP/IP Setup Parameters 8-5 Using the Firewall as a DHCP server 8-7 Using Address Reservation 8-7 Configuring Static Routes 8-8 Static Route Example 8-10 Enabling Remote Management Access ... Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-7 Problems with Date and Time 9-7 Appendix A Technical Specifications Appendix B Network, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 viii ...
FVS114 Reference Manual
Page 13
... manual. Manual Scope Product Version Manual Publication Date FVS114 ProSafe VPN Firewall April 2005 Note: Product updates are available on the NETGEAR Web site. About This Manual 1-1 202-10098-01, April 2005 However, basic computer network, Internet, firewall, and VPN technologies tutorial information is written for the FVS114 VPN Firewall according to these specifications.: Table 1-2. Chapter 1 About This Manual This chapter...
... manual. Manual Scope Product Version Manual Publication Date FVS114 ProSafe VPN Firewall April 2005 Note: Product updates are available on the NETGEAR Web site. About This Manual 1-1 202-10098-01, April 2005 However, basic computer network, Internet, firewall, and VPN technologies tutorial information is written for the FVS114 VPN Firewall according to these specifications.: Table 1-2. Chapter 1 About This Manual This chapter...
FVS114 Reference Manual
Page 18
... against hacker attacks. Reference Manual for the ProSafe VPN Firewall FVS114 A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVS114 is equipped with NAT Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number...
... against hacker attacks. Reference Manual for the ProSafe VPN Firewall FVS114 A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVS114 is equipped with NAT Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number...
FVS114 Reference Manual
Page 41
... side. • Outbound: Allow all access from blocking and logging. Note: Many Web sites will be exempt from the LAN side to access specific resources. Reference Manual for the ProSafe VPN Firewall FVS114 • Turn Cookies filtering on , then click Apply. • To add a keyword or domain, type it in the Trusted User box and...
... side. • Outbound: Allow all access from blocking and logging. Note: Many Web sites will be exempt from the LAN side to access specific resources. Reference Manual for the ProSafe VPN Firewall FVS114 • Turn Cookies filtering on , then click Apply. • To add a keyword or domain, type it in the Trusted User box and...
FVS114 Reference Manual
Page 51
The firewall allows you to use a schedule, you defined an outbound rule to specify when blocking will be enforced by configuring the Schedule page shown below: Figure 4-9: Schedule page Firewall Protection and Content Filtering 202-10098-01, April 2005 4-13 Reference Manual for the ProSafe VPN Firewall FVS114 Using a Schedule to Block or Allow Specific Traffic If you enabled content filtering in the Block Sites menu, or if you can set up a schedule for when blocking occurs or when access is restricted.
The firewall allows you to use a schedule, you defined an outbound rule to specify when blocking will be enforced by configuring the Schedule page shown below: Figure 4-9: Schedule page Firewall Protection and Content Filtering 202-10098-01, April 2005 4-13 Reference Manual for the ProSafe VPN Firewall FVS114 Using a Schedule to Block or Allow Specific Traffic If you enabled content filtering in the Block Sites menu, or if you can set up a schedule for when blocking occurs or when access is restricted.
FVS114 Reference Manual
Page 59
...FVS114s on each endpoint with specific identification and connection information describing the other end, and vice versa. Many DSL accounts are provisioned with a dynamic DNS (DynDNS) service provider simplifies the configuration task. VPN...NETGEAR VPN-enabled firewalls is configured on other endpoint. See "How to Set Up a Gateway-to-Gateway VPN...VPN To set up this case, use Fully Qualified Domain Names (FQDNs)? Reference Manual for the ProSafe VPN Firewall FVS114 VPN Gateway A VPN Tunnel VPN Gateway B PCs PCs Figure 5-2: Gateway-to-gateway VPN tunnel A VPN between the two VPN...
...FVS114s on each endpoint with specific identification and connection information describing the other end, and vice versa. Many DSL accounts are provisioned with a dynamic DNS (DynDNS) service provider simplifies the configuration task. VPN...NETGEAR VPN-enabled firewalls is configured on other endpoint. See "How to Set Up a Gateway-to-Gateway VPN...VPN To set up this case, use Fully Qualified Domain Names (FQDNs)? Reference Manual for the ProSafe VPN Firewall FVS114 VPN Gateway A VPN Tunnel VPN Gateway B PCs PCs Figure 5-2: Gateway-to-gateway VPN tunnel A VPN between the two VPN...
FVS114 Reference Manual
Page 90
... CA server. Based on one end must match to specific traffic that traffic passes through without any IKE policies. This requires that is no VPN policy found for the VPN tunnel are two kinds of the VPN policy table. In order to establish secure communication over ... is added with the remote site you define the IKE policy first. Reference Manual for the ProSafe VPN Firewall FVS114 Using Policies to Manage VPN Traffic You create policy definitions to manage VPN traffic on each VPN gateway have a certificate from the LAN network interface, if there is , at the end of...
... CA server. Based on one end must match to specific traffic that traffic passes through without any IKE policies. This requires that is no VPN policy found for the VPN tunnel are two kinds of the VPN policy table. In order to establish secure communication over ... is added with the remote site you define the IKE policy first. Reference Manual for the ProSafe VPN Firewall FVS114 Using Policies to Manage VPN Traffic You create policy definitions to manage VPN traffic on each VPN gateway have a certificate from the LAN network interface, if there is , at the end of...
FVS114 Reference Manual
Page 128
... do not assign a Default DMZ Server, the router discards any incoming service requests which you have it is called the Default DMZ Server. For some of your network. otherwise, select 10M. Reference Manual for the ProSafe VPN Firewall FVS114 • Default DMZ Server: Specifying a Default ...DMZ Server allows you to set up a computer or server that is available to reduce the MTU. Click Apply. • Respond To Ping On Internet Port: If you want the router to respond to be done unless you have a specific...
... do not assign a Default DMZ Server, the router discards any incoming service requests which you have it is called the Default DMZ Server. For some of your network. otherwise, select 10M. Reference Manual for the ProSafe VPN Firewall FVS114 • Default DMZ Server: Specifying a Default ...DMZ Server allows you to set up a computer or server that is available to reduce the MTU. Click Apply. • Respond To Ping On Internet Port: If you want the router to respond to be done unless you have a specific...
FVS114 Reference Manual
Page 129
...specific reason to Configure Dynamic DNS If your network has a permanently assigned IP address, you will not know in advance what your IP address will be discovered. However, if your Internet account uses a dynamically assigned IP address, you can use of the firewall,... a separate physical network port. Advanced Configuration 8-3 202-10098-01, April 2005 Click Apply. Reference Manual for the ProSafe VPN Firewall FVS114 Note: For security, NETGEAR strongly recommends that you to register your domain to their IP address, and will forward traffic directed to your domain ...
...specific reason to Configure Dynamic DNS If your network has a permanently assigned IP address, you will not know in advance what your IP address will be discovered. However, if your Internet account uses a dynamically assigned IP address, you can use of the firewall,... a separate physical network port. Advanced Configuration 8-3 202-10098-01, April 2005 Click Apply. Reference Manual for the ProSafe VPN Firewall FVS114 Note: For security, NETGEAR strongly recommends that you to register your domain to their IP address, and will forward traffic directed to your domain ...
FVS114 Reference Manual
Page 149
... V DC @ 1.2 A output, 18W maximum Physical Specifications Dimensions: 39.6 x 254 x 178 mm (1.6 x 10 x 7 in) Weight: 1.23 kg (2.72 lb) Environmental Specifications Operating temperature: Operating humidity: 0° to 40° C (32º to 104º F) 90% maximum relative humidity, noncondensing Technical Specifications A-1 202-10098-01, April 2005 Appendix A Technical Specifications This appendix provides technical specifications for the FVS114 ProSafe VPN Firewall.
... V DC @ 1.2 A output, 18W maximum Physical Specifications Dimensions: 39.6 x 254 x 178 mm (1.6 x 10 x 7 in) Weight: 1.23 kg (2.72 lb) Environmental Specifications Operating temperature: Operating humidity: 0° to 40° C (32º to 104º F) 90% maximum relative humidity, noncondensing Technical Specifications A-1 202-10098-01, April 2005 Appendix A Technical Specifications This appendix provides technical specifications for the FVS114 ProSafe VPN Firewall.
FVS114 Reference Manual
Page 150
Reference Manual for the ProSafe VPN Firewall FVS114 Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 A-2 Technical Specifications 202-10098-01, April 2005
Reference Manual for the ProSafe VPN Firewall FVS114 Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 A-2 Technical Specifications 202-10098-01, April 2005
FVS114 Reference Manual
Page 157
...server of your private network number from the Internet (for the ProSafe VPN Firewall FVS114 Table B-2. Regardless of the FVS114 VPN Firewall is preconfigured to the hosts without problems. However, the IANA has reserved the following reasons: • So that a local router or bridge recognizes which addresses are remote Private IP Addresses If...29 255.255.255.252 /30 255.255.255.254 /31 255.255.255.255 /32 Configure all ones for Management of IP addresses specifically for private networks: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 ...
...server of your private network number from the Internet (for the ProSafe VPN Firewall FVS114 Table B-2. Regardless of the FVS114 VPN Firewall is preconfigured to the hosts without problems. However, the IANA has reserved the following reasons: • So that a local router or bridge recognizes which addresses are remote Private IP Addresses If...29 255.255.255.252 /30 255.255.255.254 /31 255.255.255.255 /32 Configure all ones for Management of IP addresses specifically for private networks: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 ...
FVS114 Reference Manual
Page 172
IPSec requires that keys be found at http://www.vpnc.org/interop.html. The VPN Consortium has developed specific scenarios to aid system administrators in this appendix. You should understand whether the firmware is a good idea to ...of the IPSec standard. Additional information regarding inter-vendor interoperability may arise from normal firewall or WAN processes. http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium - Reference Manual for the ProSafe VPN Firewall FVS114 Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate...
IPSec requires that keys be found at http://www.vpnc.org/interop.html. The VPN Consortium has developed specific scenarios to aid system administrators in this appendix. You should understand whether the firmware is a good idea to ...of the IPSec standard. Additional information regarding inter-vendor interoperability may arise from normal firewall or WAN processes. http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium - Reference Manual for the ProSafe VPN Firewall FVS114 Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate...
FVS114 Reference Manual
Page 173
... is aptly named because it functions as the network interface in documentation regarding the construction of VPN communication. These addresses are attempting to the specifics. However, when you set up your own equipment, you are referred to as a "gatekeeper"... or conflict. Interface Addressing This example uses addresses provided the VPN Consortium. Because of these differences, it . Virtual Private Networking C-7 202-10098-01, April 2005 Reference Manual for the ProSafe VPN Firewall FVS114 VPN Process Overview Even though IPSec is standards-based, each vendor ...
... is aptly named because it functions as the network interface in documentation regarding the construction of VPN communication. These addresses are attempting to the specifics. However, when you set up your own equipment, you are referred to as a "gatekeeper"... or conflict. Interface Addressing This example uses addresses provided the VPN Consortium. Because of these differences, it . Virtual Private Networking C-7 202-10098-01, April 2005 Reference Manual for the ProSafe VPN Firewall FVS114 VPN Process Overview Even though IPSec is standards-based, each vendor ...
FVS114 Reference Manual
Page 174
Please refer to the firewall instructions for the ProSafe VPN Firewall FVS114 Table C-1. C-8 Virtual Private Networking 202-10098-01, April 2005 VPN tunnels cannot function properly if firewall settings disallow all incoming traffic. Reference Manual for both gateway LAN Connections. Gateway Gateway A...how to open specific protocols, ports, and addresses that you intend to allow. Table C-2. VPN Tunnel Between Gateways A Security Association (SA), frequently called a tunnel, is important to understand that allows two entities (networks, PCs, routers, firewalls, gateways) ...
Please refer to the firewall instructions for the ProSafe VPN Firewall FVS114 Table C-1. C-8 Virtual Private Networking 202-10098-01, April 2005 VPN tunnels cannot function properly if firewall settings disallow all incoming traffic. Reference Manual for both gateway LAN Connections. Gateway Gateway A...how to open specific protocols, ports, and addresses that you intend to allow. Table C-2. VPN Tunnel Between Gateways A Security Association (SA), frequently called a tunnel, is important to understand that allows two entities (networks, PCs, routers, firewalls, gateways) ...
FVS114 Reference Manual
Page 178
... 2408] D. Reference Manual for the Internet Protocol, RFC 2401, November 1998. • [RFC 2407] D. Atkinson, Security Architecture for the ProSafe VPN Firewall FVS114 Relevant RFCs listed numerically: • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. •...
... 2408] D. Reference Manual for the Internet Protocol, RFC 2401, November 1998. • [RFC 2407] D. Atkinson, Security Architecture for the ProSafe VPN Firewall FVS114 Relevant RFCs listed numerically: • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. •...
FVS114 Reference Manual
Page 180
.../IP Networking As part of the IETF-designated private address range for IP networking: 1. Reference Manual for the ProSafe VPN Firewall FVS114 In your Windows CD; you should install TCP/IP so that the PC obtains its specific network configuration information automatically from a DHCP server during the TCP/IP installation process. On the Windows taskbar...
.../IP Networking As part of the IETF-designated private address range for IP networking: 1. Reference Manual for the ProSafe VPN Firewall FVS114 In your Windows CD; you should install TCP/IP so that the PC obtains its specific network configuration information automatically from a DHCP server during the TCP/IP installation process. On the Windows taskbar...
FVS114 Reference Manual
Page 182
... desktop, • Click Start on the task bar located at the bottom left of Windows. Reference Manual for the ProSafe VPN Firewall FVS114 If you through the configuration process for each PC must be assigned specific information about itself and resources that are available on it and right-click your mouse button. • If the...
... desktop, • Click Start on the task bar located at the bottom left of Windows. Reference Manual for the ProSafe VPN Firewall FVS114 If you through the configuration process for each PC must be assigned specific information about itself and resources that are available on it and right-click your mouse button. • If the...
FVS114 Reference Manual
Page 201
...rates of Glossary Terms Use the list below to find definitions for 100 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for technical terms used to a protected network, as well as dynamically varying encryption keys. 802.1x uses a protocol called EAP (...Extensible Authentication Protocol) and supports multiple authentication methods, such as the upstream rate). For details on EAP specifically, refer to system objects (such as more areas around the world gain access. Glossary List of from 1.5 to 9 Mbps when receiving data...
...rates of Glossary Terms Use the list below to find definitions for 100 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for technical terms used to a protected network, as well as dynamically varying encryption keys. 802.1x uses a protocol called EAP (...Extensible Authentication Protocol) and supports multiple authentication methods, such as the upstream rate). For details on EAP specifically, refer to system objects (such as more areas around the world gain access. Glossary List of from 1.5 to 9 Mbps when receiving data...