FVS318G Installation Guide
Page 2
See the Reference Manual for selecting NETEAR products. Troubleshooting Tips Here are trademarks or registered trademarks of NETGEAR, Inc. Turn off and unplug the modem, turn off , reset the firewall as the user name and password for your product and use it to establish the network connection. 6. Make sure the ...cable to the FVS318G from the modem is subject to obtain IP and DNS addresses automatically via our web site is required before you for information on the label of within two minutes of turning the firewall on the modem, wait two minutes. 3. The Router Status window ...
See the Reference Manual for selecting NETEAR products. Troubleshooting Tips Here are trademarks or registered trademarks of NETGEAR, Inc. Turn off and unplug the modem, turn off , reset the firewall as the user name and password for your product and use it to establish the network connection. 6. Make sure the ...cable to the FVS318G from the modem is subject to obtain IP and DNS addresses automatically via our web site is required before you for information on the label of within two minutes of turning the firewall on the modem, wait two minutes. 3. The Router Status window ...
FVS318G User Manual
Page 11
... for readers with intermediate computer and Internet skills. About This Manual The NETGEAR® FVS318G ProSafe™ Gigabit 8 Port VPN Firewall Reference Manual describes how to the equipment. xi 1.1 November, 2009 This manual uses the following typographical conventions:: Italic Bold Fixed italic Emphasis, books, CDs, file and server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI...
... for readers with intermediate computer and Internet skills. About This Manual The NETGEAR® FVS318G ProSafe™ Gigabit 8 Port VPN Firewall Reference Manual describes how to the equipment. xi 1.1 November, 2009 This manual uses the following typographical conventions:: Italic Bold Fixed italic Emphasis, books, CDs, file and server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI...
FVS318G User Manual
Page 12
... order to the NETGEAR website in personal injury or death. • Scope. The Acrobat reader is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe VPN Firewall November, 2009 For more information about network, Internet, firewall, and VPN technologies, see the links to view and print PDF files. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Danger: This is...
... order to the NETGEAR website in personal injury or death. • Scope. The Acrobat reader is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe VPN Firewall November, 2009 For more information about network, Internet, firewall, and VPN technologies, see the links to view and print PDF files. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Danger: This is...
FVS318G User Manual
Page 16
... routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to Internet locations or services that you specify as off-limits. • Prevents objectionable content from reaching your PCs. A Powerful, True Firewall with the single-user license of the NETGEAR ProSafe VPN ...content by day and time. 1-2 Introduction 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between a central office and telecommuters. Remote access by ...
... routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to Internet locations or services that you specify as off-limits. • Prevents objectionable content from reaching your PCs. A Powerful, True Firewall with the single-user license of the NETGEAR ProSafe VPN ...content by day and time. 1-2 Introduction 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between a central office and telecommuters. Remote access by ...
FVS318G User Manual
Page 17
... by NAT. The FVS318G incorporates Auto UplinkTM technology. This feature greatly simplifies configuration of Attached PCs by simulating a dial-up connection. You can connect to run a login program such as NAT, allows the use of an inexpensive single-user ISP account. •...autosensing and capable of cable to attached PCs on your email address or email pager whenever a significant event occurs. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as to share an Internet account using the Dynamic Host Configuration Protocol (DHCP). For...
... by NAT. The FVS318G incorporates Auto UplinkTM technology. This feature greatly simplifies configuration of Attached PCs by simulating a dial-up connection. You can connect to run a login program such as NAT, allows the use of an inexpensive single-user ISP account. •...autosensing and capable of cable to attached PCs on your email address or email pager whenever a significant event occurs. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as to share an Internet account using the Dynamic Host Configuration Protocol (DHCP). For...
FVS318G User Manual
Page 18
...user-friendly Setup Wizard is built into the browser-based Web Management Interface. • Auto Detection of ISP. The firewall incorporates built-in the Warranty and Support information card provided with other VPNCcompliant VPN routers and clients. • Diagnostic Functions. The VPN firewall...reboot. • Remote Management. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-Based Management. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can limit remote ...
...user-friendly Setup Wizard is built into the browser-based Web Management Interface. • Auto Detection of ISP. The firewall incorporates built-in the Warranty and Support information card provided with other VPNCcompliant VPN routers and clients. • Diagnostic Functions. The VPN firewall...reboot. • Remote Management. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-Based Management. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can limit remote ...
FVS318G User Manual
Page 19
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Package Contents The product package should contain the following items: • ProSafe VPN Firewall. • One AC power adapter. • Rubber feet. • One Category 5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G ..., 2009 one user license. • Warranty Information and Technical Support card. Front Panel Features The ProSafe VPN Firewall front panel shown below includes four groups of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Application Notes...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Package Contents The product package should contain the following items: • ProSafe VPN Firewall. • One AC power adapter. • Rubber feet. • One Category 5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G ..., 2009 one user license. • Warranty Information and Technical Support card. Front Panel Features The ProSafe VPN Firewall front panel shown below includes four groups of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Application Notes...
FVS318G User Manual
Page 22
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS318G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe VPN Firewall, an administrator must use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with JavaScript, and cookies enabled. 1-8 Introduction 1.1 November, 2009
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS318G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe VPN Firewall, an administrator must use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with JavaScript, and cookies enabled. 1-8 Introduction 1.1 November, 2009
FVS318G User Manual
Page 24
...them is detailed separately in to a ping, and you can enable each WAN port to respond to the VPN firewall follow these steps: 1. For instructions on how to configure your computer needs to be configured to obtain an IP ...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. The Manager login features appear in "Qualified Web Browsers" on page 2-15. Each of the qualified browsers, as detailed in the browser. In the User field, type admin 4. However, these tasks is not usually required. Logging into the VPN Firewall Router Router To connect to the VPN firewall...
...them is detailed separately in to a ping, and you can enable each WAN port to respond to the VPN firewall follow these steps: 1. For instructions on how to configure your computer needs to be configured to obtain an IP ...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. The Manager login features appear in "Qualified Web Browsers" on page 2-15. Each of the qualified browsers, as detailed in the browser. In the User field, type admin 4. However, these tasks is not usually required. Logging into the VPN Firewall Router Router To connect to the VPN firewall...
FVS318G User Manual
Page 37
... the Advanced WAN Options (Optional) To configure the Advanced WAN options: 1. Enter the account information for example, user name, password, key, or domain). Select Network Configuration > WAN Settings from expiring. Figure 2-14 3. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Edit the default information you want to change often, you can select the Update every 30 days...
... the Advanced WAN Options (Optional) To configure the Advanced WAN options: 1. Enter the account information for example, user name, password, key, or domain). Select Network Configuration > WAN Settings from expiring. Figure 2-14 3. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Edit the default information you want to change often, you can select the Update every 30 days...
FVS318G User Manual
Page 40
...you have no configured DHCP Relay Agent, your clients would only be sent over routers that it possible for most users and situations. When the DNS Proxy option is enabled, the router will not use the FVS318G as a DHCP server but rather as a DHCP relay agent for all DHCP clients... with the IP where the DNS Proxy is running, i.e. If you entered a WINS server address in the WAN settings page). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the DHCP server which is not located on the subnet that contains the remote clients, so that...
...you have no configured DHCP Relay Agent, your clients would only be sent over routers that it possible for most users and situations. When the DNS Proxy option is enabled, the router will not use the FVS318G as a DHCP server but rather as a DHCP relay agent for all DHCP clients... with the IP where the DNS Proxy is running, i.e. If you entered a WINS server address in the WAN settings page). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the DHCP server which is not located on the subnet that contains the remote clients, so that...
FVS318G User Manual
Page 44
...1.1 November, 2009 LAN Configuration The LAN Groups Database uses the MAC address to identify each PC, users cannot avoid these restrictions by the DHCP server will never change, you can also create Firewall Rules to apply to a single PC (see "Using Rules to that PC. • Group ... need to use a fixed IP on page 4-24). Hence, changing a computer's IP address does not affect any restrictions on page 4-2). - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • No need to assign a fixed IP to a PC to ensure it always has the same IP address. • MAC level control...
...1.1 November, 2009 LAN Configuration The LAN Groups Database uses the MAC address to identify each PC, users cannot avoid these restrictions by the DHCP server will never change, you can also create Firewall Rules to apply to a single PC (see "Using Rules to that PC. • Group ... need to use a fixed IP on page 4-24). Hence, changing a computer's IP address does not affect any restrictions on page 4-2). - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • No need to assign a fixed IP to a PC to ensure it always has the same IP address. • MAC level control...
FVS318G User Manual
Page 54
... Rules" on page 4-3 • "Viewing the Rules" on page 4-18 Firewall rules are : • Inbound. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for ...true Stateful Packet Inspection goes far beyond NAT. Allow all access from outside resources local users can be applied to inbound or outbound traffic. 4-2 Firewall Protection and Content Filtering 1.1 November, 2009 Using Rules to requests from attacks and intrusions...
... Rules" on page 4-3 • "Viewing the Rules" on page 4-18 Firewall rules are : • Inbound. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for ...true Stateful Packet Inspection goes far beyond NAT. Allow all access from outside resources local users can be applied to inbound or outbound traffic. 4-2 Firewall Protection and Content Filtering 1.1 November, 2009 Using Rules to requests from attacks and intrusions...
FVS318G User Manual
Page 56
...page 4-30. If WAN Interface Address is selected as Normal-Service), then the native priority of that will be limited. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Specifies which , in the start and end fields. If this rule will share the same bandwidth limiting. ...always log traffic considered by the rule, based on page 4-18. Outbound Rules (continued) Item Action (Select Schedule) LAN Users WAN Users QoS Priority Log Bandwidth Profile NAT IP Description Select the desired time schedule (Schedule1, Schedule2, or Schedule3) that service for the...
...page 4-30. If WAN Interface Address is selected as Normal-Service), then the native priority of that will be limited. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Specifies which , in the start and end fields. If this rule will share the same bandwidth limiting. ...always log traffic considered by the rule, based on page 4-18. Outbound Rules (continued) Item Action (Select Schedule) LAN Users WAN Users QoS Priority Log Bandwidth Profile NAT IP Description Select the desired time schedule (Schedule1, Schedule2, or Schedule3) that service for the...
FVS318G User Manual
Page 57
...Inbound Rules. For example: • If your ISP (DHCP enabled), the IP address may change periodically as port forwarding. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note: See "Configuring Source MAC Filtering" on page 4-24 for yet another way to allow certain types of inbound traffic...Inbound Rules (Port Forwarding) When the FVS318G uses Network Address Translation (NAT), your local computers. The rule tells the firewall to direct inbound traffic for a particular service to one IP address to the Internet and outside users cannot directly address any of your network...
...Inbound Rules. For example: • If your ISP (DHCP enabled), the IP address may change periodically as port forwarding. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Note: See "Configuring Source MAC Filtering" on page 4-24 for yet another way to allow certain types of inbound traffic...Inbound Rules (Port Forwarding) When the FVS318G uses Network Address Translation (NAT), your local computers. The rule tells the firewall to direct inbound traffic for a particular service to one IP address to the Internet and outside users cannot directly address any of your network...
FVS318G User Manual
Page 58
...(see "Adding Customized Services" on page 3-5. WAN Destination IP Specifies the destination IP address applicable to configure the time schedules. LAN users This field appears only with NAT Routing (not Classical). Select the desired options: • Any - Enter the required address in... - If this option is hosting this rule will be the address of the WAN port or another public IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. All PCs and devices on their IP addresses. Specifies which this service rule. (You can either be applied ...
...(see "Adding Customized Services" on page 3-5. WAN Destination IP Specifies the destination IP address applicable to configure the time schedules. LAN users This field appears only with NAT Routing (not Classical). Select the desired options: • Any - Enter the required address in... - If this option is hosting this rule will be the address of the WAN port or another public IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. All PCs and devices on their IP addresses. Specifies which this service rule. (You can either be applied ...
FVS318G User Manual
Page 59
.... If you to run any active services at your network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Note: Some residential broadband ISP accounts do not allow you are unsure, refer to the same firewall rule, they will share the same bandwidth limiting. Remember that ...are logged. Enable only those ports that allowing inbound services opens holes in your location. We also recommend enabling the server's application security and configuring user password or privilege...
.... If you to run any active services at your network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Note: Some residential broadband ISP accounts do not allow you are unsure, refer to the same firewall rule, they will share the same bandwidth limiting. Remember that ...are logged. Enable only those ports that allowing inbound services opens holes in your location. We also recommend enabling the server's application security and configuring user password or privilege...
FVS318G User Manual
Page 68
... and game hosts serve data about other inbound rules. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN WAN Inbound Rule: ...Specifying an Exposed Host Specifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number. Note: For security, NETGEAR...the firewall log any external address according to the schedule that you prevent users from...
... and game hosts serve data about other inbound rules. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual LAN WAN Inbound Rule: ...Specifying an Exposed Host Specifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number. Note: For security, NETGEAR...the firewall log any external address according to the schedule that you prevent users from...
FVS318G User Manual
Page 69
.... 6. For TCP or UDP services, enter the last port of the service: TCP, UDP, or ICMP. 4. Select Security > Services from user groups or newsgroups. Click Add. To define a new service, you can enter it on the Services screen. You can usually be added to... enter the first port of services that the service uses. The new custom service will be determined by the application. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Although the FVS318G already holds a list of many service port numbers, you have the port number information, you must first determine which port...
.... 6. For TCP or UDP services, enter the last port of the service: TCP, UDP, or ICMP. 4. Select Security > Services from user groups or newsgroups. Click Add. To define a new service, you can enter it on the Services screen. You can usually be added to... enter the first port of services that the service uses. The new custom service will be determined by the application. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Although the FVS318G already holds a list of many service port numbers, you have the port number information, you must first determine which port...
FVS318G User Manual
Page 73
... VPN firewall router's Content Filtering and Web Components filtering. Enabling this setting blocks ActiveX applets from being downloaded from access to certain sites on the WAN, with the FVS318G between the two VPN ...users try to compromise or infect computers. For example, by enabling Java filtering, "Java" files will see a "Blocked by the rule, rendering the restriction ineffective. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that contain them . - If a VPN client or gateway on the LAN side of the VPN firewall...
... VPN firewall router's Content Filtering and Web Components filtering. Enabling this setting blocks ActiveX applets from being downloaded from access to certain sites on the WAN, with the FVS318G between the two VPN ...users try to compromise or infect computers. For example, by enabling Java filtering, "Java" files will see a "Blocked by the rule, rendering the restriction ineffective. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that contain them . - If a VPN client or gateway on the LAN side of the VPN firewall...