FVS114 Reference Manual
Page 17
... as a cable modem or DSL modem. • Extensive protocol support. • Login capability. • Front panel LEDs for easy monitoring of the NETGEAR FVS114 ProSafe VPN Firewall. With minimum setup, you with four-port switch connects your network from hackers. Chapter 2 Introduction This chapter describes the features of status and activity. • Flash memory for firmware...
... as a cable modem or DSL modem. • Extensive protocol support. • Login capability. • Front panel LEDs for easy monitoring of the NETGEAR FVS114 ProSafe VPN Firewall. With minimum setup, you with four-port switch connects your network from hackers. Chapter 2 Introduction This chapter describes the features of status and activity. • Flash memory for firmware...
FVS114 Reference Manual
Page 18
... Manual for the ProSafe VPN Firewall FVS114 A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVS114 is equipped with NAT Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the LAN. • Port Forwarding with several features...
... Manual for the ProSafe VPN Firewall FVS114 A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVS114 is equipped with NAT Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the LAN. • Port Forwarding with several features...
FVS114 Reference Manual
Page 19
...LAN and WAN interfaces are specified, the firewall provides its internal eight-port 10/100 switch, the FVS114 can connect to make the right connection. This feature greatly simplifies configuration of Attached PCs by NAT The FVS114 VPN Firewall allows several networked PCs to attached PCs ...correct configuration. This technique, known as a DNS server to the Internet over Ethernet (PPPoE) PPPoE is a protocol for the ProSafe VPN Firewall FVS114 Autosensing Ethernet Connections with Auto Uplink With its own address as NAT, allows the use of an inexpensive single-user ISP account...
...LAN and WAN interfaces are specified, the firewall provides its internal eight-port 10/100 switch, the FVS114 can connect to make the right connection. This feature greatly simplifies configuration of Attached PCs by NAT The FVS114 VPN Firewall allows several networked PCs to attached PCs ...correct configuration. This technique, known as a DNS server to the Internet over Ethernet (PPPoE) PPPoE is a protocol for the ProSafe VPN Firewall FVS114 Autosensing Ethernet Connections with Auto Uplink With its own address as NAT, allows the use of an inexpensive single-user ISP account...
FVS114 Reference Manual
Page 20
... and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management Browser-based configuration allows you to the network. The following features to monitor its status and activity. Reference Manual for the ProSafe VPN Firewall FVS114 Easy Installation and Management You can choose a nonstandard port number. • Visual monitoring The FVS114 VPN Firewall's front...
... and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management Browser-based configuration allows you to the network. The following features to monitor its status and activity. Reference Manual for the ProSafe VPN Firewall FVS114 Easy Installation and Management You can choose a nonstandard port number. • Visual monitoring The FVS114 VPN Firewall's front...
FVS114 Reference Manual
Page 21
... Test Internet Figure 2-1: FVS114 front panel LOCAL Ports You can use some of the FVS114 VPN Firewall contains the status LEDs described below. Viewed from left to return the firewall for ProSafe VPN Firewall, including: - Introduction 2-5 202-10098-01, April 2005 Package Contents Reference Manual for the ProSafe VPN Firewall FVS114 The product package should contain the following items: • FVS114 ProSafe VPN Firewall. • AC power...
... Test Internet Figure 2-1: FVS114 front panel LOCAL Ports You can use some of the FVS114 VPN Firewall contains the status LEDs described below. Viewed from left to return the firewall for ProSafe VPN Firewall, including: - Introduction 2-5 202-10098-01, April 2005 Package Contents Reference Manual for the ProSafe VPN Firewall FVS114 The product package should contain the following items: • FVS114 ProSafe VPN Firewall. • AC power...
FVS114 Reference Manual
Page 22
... Viewed from left to right, the rear panel contains the following features: • Factory default reset push button • Eight Ethernet LAN ports • Internet Ethernet WAN port for the ProSafe VPN Firewall FVS114 Table 2-1. LED Descriptions LED Label PWR TEST INTERNET 100 (100 Mbps) LINK/ACT (Link/Activity) LOCAL 100 (100 Mbps) LINK/ACT (Link...
... Viewed from left to right, the rear panel contains the following features: • Factory default reset push button • Eight Ethernet LAN ports • Internet Ethernet WAN port for the ProSafe VPN Firewall FVS114 Table 2-1. LED Descriptions LED Label PWR TEST INTERNET 100 (100 Mbps) LINK/ACT (Link/Activity) LOCAL 100 (100 Mbps) LINK/ACT (Link...
FVS114 Reference Manual
Page 26
... PC to the Internet 202-10098-01, April 2005 Locate the Internet port. Reference Manual for the ProSafe VPN Firewall FVS114 c. e. Look at the computer end only, point A in point B of the VPN firewall router. B Internet port Internet VPN Firewall Cable 1 Figure 3-2: Connect the VPN firewall router to the modem Modem 3-2 Connecting the Firewall to the modem. Locate the Ethernet cable (Cable 1 in the diagram...
... PC to the Internet 202-10098-01, April 2005 Locate the Internet port. Reference Manual for the ProSafe VPN Firewall FVS114 c. e. Look at the computer end only, point A in point B of the VPN firewall router. B Internet port Internet VPN Firewall Cable 1 Figure 3-2: Connect the VPN firewall router to the modem Modem 3-2 Connecting the Firewall to the modem. Locate the Ethernet cable (Cable 1 in the diagram...
FVS114 Reference Manual
Page 27
... from connecting to the Internet. D Blue NETGEAR Cable C VPN Firewall Computer Local Ports Figure 3-3: Connect the computer to the Internet, do not run that came with your VPN firewall router (the blue NETGEAR cable in the diagram below) into a LOCAL port on the broadband modem and wait two minutes. Reference Manual for the ProSafe VPN Firewall FVS114 f. RESTART YOUR NETWORK IN THE CORRECT...
... from connecting to the Internet. D Blue NETGEAR Cable C VPN Firewall Computer Local Ports Figure 3-3: Connect the computer to the Internet, do not run that came with your VPN firewall router (the blue NETGEAR cable in the diagram below) into a LOCAL port on the broadband modem and wait two minutes. Reference Manual for the ProSafe VPN Firewall FVS114 f. RESTART YOUR NETWORK IN THE CORRECT...
FVS114 Reference Manual
Page 28
... off. If a LOCAL light is not lit, check that the Ethernet cable from the computer to the VPN firewall router Internet port and the modem, and the modem is still on, see "Troubleshooting Tips" on page 3-6. • TEST: The test...VPN firewall router status lights to the Internet 202-10098-01, April 2005 Green on the 100 line indicates your computer is communicating at both ends, and that the computer is first turned on the 100 line indicates 10 Mbps. Now, Configure the FVS114 for the ProSafe VPN Firewall FVS114 Power Test Figure 3-4: Status lights Internet Local Port...
... off. If a LOCAL light is not lit, check that the Ethernet cable from the computer to the VPN firewall router Internet port and the modem, and the modem is still on, see "Troubleshooting Tips" on page 3-6. • TEST: The test...VPN firewall router status lights to the Internet 202-10098-01, April 2005 Green on the 100 line indicates your computer is communicating at both ends, and that the computer is first turned on the 100 line indicates 10 Mbps. Now, Configure the FVS114 for the ProSafe VPN Firewall FVS114 Power Test Figure 3-4: Status lights Internet Local Port...
FVS114 Reference Manual
Page 30
... DHCP. Turn on the computer. You must be using . Reference Manual for the ProSafe VPN Firewall FVS114 Troubleshooting Tips Here are turned on. • For each powered on the front and back of the VPN firewall router identify the number of each LOCAL port. Make sure the Ethernet cables are now using the computer that you may have...
... DHCP. Turn on the computer. You must be using . Reference Manual for the ProSafe VPN Firewall FVS114 Troubleshooting Tips Here are turned on. • For each powered on the front and back of the VPN firewall router identify the number of each LOCAL port. Make sure the Ethernet cables are now using the computer that you may have...
FVS114 Reference Manual
Page 36
... restart the computers on your ISP's Primary DNS Server. e. Domain Name Server (DNS) Address: If you a permanent, fixed (static) IP address for the ProSafe VPN Firewall FVS114 a. This feature allows your ISP's services such as that you in your PC when your account is the ISP... "Use static IP address". They will automatically log you are now using the one PC that PC. The firewall will no longer need to launch the ISP's login program on the Internet port. If your Account Name (may be called Host Name) and Domain Name. Or, select "Use this Computer...
... restart the computers on your ISP's Primary DNS Server. e. Domain Name Server (DNS) Address: If you a permanent, fixed (static) IP address for the ProSafe VPN Firewall FVS114 a. This feature allows your ISP's services such as that you in your PC when your account is the ISP... "Use static IP address". They will automatically log you are now using the one PC that PC. The firewall will no longer need to launch the ISP's login program on the Internet port. If your Account Name (may be called Host Name) and Domain Name. Or, select "Use this Computer...
FVS114 Reference Manual
Page 44
... to the IP address of your Web server at your ISP. Inbound Rules (Port Forwarding) Because the FVS114 uses Network Address Translation (NAT), your local computers. Note: Some residential broadband ISP...firewall to direct inbound traffic for a particular service to one IP address to the DNS. Remember that are unsure, refer to run any of day. This is disabled, the Router...by defining an inbound rule you can define a rule to allow you are necessary for the ProSafe VPN Firewall FVS114 - Enable DNS proxy - If you to the Acceptable Use Policy of your location. This ...
... to the IP address of your Web server at your ISP. Inbound Rules (Port Forwarding) Because the FVS114 uses Network Address Translation (NAT), your local computers. Note: Some residential broadband ISP...firewall to direct inbound traffic for a particular service to one IP address to the DNS. Remember that are unsure, refer to run any of day. This is disabled, the Router...by defining an inbound rule you can define a rule to allow you are necessary for the ProSafe VPN Firewall FVS114 - Enable DNS proxy - If you to the Acceptable Use Policy of your location. This ...
FVS114 Reference Manual
Page 46
...8226; IP address of the Internet site being contacted (destination address) • Time of day • Type of service being requested (service port number) Following is an application example of the local server PC is assigned by DHCP, it may change when the PC is rebooted. This is...10098-01, April 2005 Attempts by local PCs to block Internet access from a local PC based on your network. Reference Manual for the ProSafe VPN Firewall FVS114 Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as...
...8226; IP address of the Internet site being contacted (destination address) • Time of day • Type of service being requested (service port number) Following is an application example of the local server PC is assigned by DHCP, it may change when the PC is rebooted. This is...10098-01, April 2005 Attempts by local PCs to block Internet access from a local PC based on your network. Reference Manual for the ProSafe VPN Firewall FVS114 Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as...
FVS114 Reference Manual
Page 49
... application. This number appears as shown in the transmitted IP packets. The Services menu shows a list of services that is sent with destination port number 80 is an HTTP (Web server) request. Services Reference Manual for the ProSafe VPN Firewall FVS114 Services are typically chosen from user groups of newsgroups. Service numbers for many service...
... application. This number appears as shown in the transmitted IP packets. The Services menu shows a list of services that is sent with destination port number 80 is an HTTP (Web server) request. Services Reference Manual for the ProSafe VPN Firewall FVS114 Services are typically chosen from user groups of newsgroups. Service numbers for many service...
FVS114 Reference Manual
Page 50
... 4-8: Figure 4-8: Add Custom Service menu 2. Enter a descriptive name for the ProSafe VPN Firewall FVS114 To add a service: 1. Click Apply. Enter the lowest port number used by the service. 5. If the service only uses a single port number, enter the same number in the Rules menu. 4-12 Firewall Protection and Content Filtering 202-10098-01, April 2005 The new...
... 4-8: Figure 4-8: Add Custom Service menu 2. Enter a descriptive name for the ProSafe VPN Firewall FVS114 To add a service: 1. Click Apply. Enter the lowest port number used by the service. 5. If the service only uses a single port number, enter the same number in the Rules menu. 4-12 Firewall Protection and Content Filtering 202-10098-01, April 2005 The new...
FVS114 Reference Manual
Page 53
... find this box if you wish to receive e-mail logs and alerts from the firewall. • Send alerts and logs by e-mail area: Figure 4-10: E-mail menu • Turn e-mail notification on. If a Port Scan is detected. - If a Denial of Service attack is detected. You may...15 If your enable e-mail notification, these boxes cannot be sent via e-mail. • Send E-mail alerts immediately. Reference Manual for the ProSafe VPN Firewall FVS114 Getting E-Mail Notifications of Event Logs and Alerts In order to receive logs and alerts by e-mail, you must provide your e-mail information ...
... find this box if you wish to receive e-mail logs and alerts from the firewall. • Send alerts and logs by e-mail area: Figure 4-10: E-mail menu • Turn e-mail notification on. If a Port Scan is detected. - If a Denial of Service attack is detected. You may...15 If your enable e-mail notification, these boxes cannot be sent via e-mail. • Send E-mail alerts immediately. Reference Manual for the ProSafe VPN Firewall FVS114 Getting E-Mail Notifications of Event Logs and Alerts In order to receive logs and alerts by e-mail, you must provide your e-mail information ...
FVS114 Reference Manual
Page 56
...and click the Enable Syslog check box. Syslog You can configure the firewall to send system logs to an external PC that is running a syslog logging program. Source port and interface The service port number of the destination device or Web site. Log entry descriptions ...Field Description Date and Time The date and time the log entry was taken if any. Email the log immediately. Logging programs are available for the ProSafe VPN Firewall FVS114 Log ...
...and click the Enable Syslog check box. Syslog You can configure the firewall to send system logs to an external PC that is running a syslog logging program. Source port and interface The service port number of the destination device or Web site. Log entry descriptions ...Field Description Date and Time The date and time the log entry was taken if any. Email the log immediately. Logging programs are available for the ProSafe VPN Firewall FVS114 Log ...
FVS114 Reference Manual
Page 59
...endpoint use FVS114s on the WAN port, configure the VPN using FDQN. Under these circumstances, configuring the WAN port with DHCP addressing, where the IP address of configuration information defines a security association (SA) between two or more NETGEAR VPN-enabled firewalls is configured...Reference Manual for the ProSafe VPN Firewall FVS114 VPN Gateway A VPN Tunnel VPN Gateway B PCs PCs Figure 5-2: Gateway-to-gateway VPN tunnel A VPN between the two VPN endpoints. VPN tunnels also enable access to form the VPN tunnel end points. When planning your VPN, you must configure ...
...endpoint use FVS114s on the WAN port, configure the VPN using FDQN. Under these circumstances, configuring the WAN port with DHCP addressing, where the IP address of configuration information defines a security association (SA) between two or more NETGEAR VPN-enabled firewalls is configured...Reference Manual for the ProSafe VPN Firewall FVS114 VPN Gateway A VPN Tunnel VPN Gateway B PCs PCs Figure 5-2: Gateway-to-gateway VPN tunnel A VPN between the two VPN endpoints. VPN tunnels also enable access to form the VPN tunnel end points. When planning your VPN, you must configure ...
FVS114 Reference Manual
Page 92
...-down list: • By its Internet (WAN) port IP address. • By its major characteristics. Use this policy and determine its Fully Qualified Domain Name (FQDN) - You can be set to the Local FVS114 VPN Firewall. This field lets you identify IKE policies. This setting... used when determining if the IKE policy matches the current traffic. On the matching VPN Policy, the IP address of the remote VPN endpoint should have a unique policy name. Reference Manual for the ProSafe VPN Firewall FVS114 The IKE Policy Configuration fields are blocked. • Both Directions -
...-down list: • By its Internet (WAN) port IP address. • By its major characteristics. Use this policy and determine its Fully Qualified Domain Name (FQDN) - You can be set to the Local FVS114 VPN Firewall. This field lets you identify IKE policies. This setting... used when determining if the IKE policy matches the current traffic. On the matching VPN Policy, the IP address of the remote VPN endpoint should have a unique policy name. Reference Manual for the ProSafe VPN Firewall FVS114 The IKE Policy Configuration fields are blocked. • Both Directions -
FVS114 Reference Manual
Page 93
...• DES is the default • 3DES is required for the ProSafe VPN Firewall FVS114 Table 6-1. RSA Signature RSA Signature requires a certificate. over an hour (3600) is common. Auto Policy configuration. From the VPN Policies section of time in the key exchange. Advanced Virtual Private Networking ...• By its Internet (WAN) port IP address. • By its Fully Qualified Domain Name (FQDN) - more secure Authentication Algorithm If you enable Authentication Header (AH), this field to the target remote FVS114, VPN gateway, or VPN client. Remote Identity Data This field ...
...• DES is the default • 3DES is required for the ProSafe VPN Firewall FVS114 Table 6-1. RSA Signature RSA Signature requires a certificate. over an hour (3600) is common. Auto Policy configuration. From the VPN Policies section of time in the key exchange. Advanced Virtual Private Networking ...• By its Internet (WAN) port IP address. • By its Fully Qualified Domain Name (FQDN) - more secure Authentication Algorithm If you enable Authentication Header (AH), this field to the target remote FVS114, VPN gateway, or VPN client. Remote Identity Data This field ...