FVS318G User Manual
Page 7
... FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client...
... FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client...
FVS318G User Manual
Page 8
... Self Certificates 6-11 Obtaining a Self Certificate from a Certificate Authority 6-11 Managing your Certificate Revocation List (CRL 6-14 Chapter 7 Router and Network Management Performance Management 7-1 Bandwidth Capacity 7-1 Features That Reduce Traffic 7-2 Features That Increase Traffic 7-5 Using QoS to Shift the... Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your VPN Firewall Router 8-5 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 viii Contents 1.1 November, 2009
... Self Certificates 6-11 Obtaining a Self Certificate from a Certificate Authority 6-11 Managing your Certificate Revocation List (CRL 6-14 Chapter 7 Router and Network Management Performance Management 7-1 Bandwidth Capacity 7-1 Features That Reduce Traffic 7-2 Features That Increase Traffic 7-5 Using QoS to Shift the... Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your VPN Firewall Router 8-5 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 viii Contents 1.1 November, 2009
FVS318G User Manual
Page 16
... Unlike simple Internet sharing NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to Internet locations or services that you specify as Ping of the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. Advanced VPN Support for IPsec The VPN firewall supports IPsec virtual private network (VPN) connections. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in...
... Unlike simple Internet sharing NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to Internet locations or services that you specify as Ping of the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. Advanced VPN Support for IPsec The VPN firewall supports IPsec virtual private network (VPN) connections. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in...
FVS318G User Manual
Page 17
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as to a switch or hub. Autosensing Ethernet Connections with Auto Uplink With its own address as NAT, allows ... 8-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the FVS318G can also configure the firewall to send immediate alert messages to your PC. • Quality of cable to either type of Service (QoS) support for connecting remote hosts to you at specified intervals. For further information about crossover cables...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as to a switch or hub. Autosensing Ethernet Connections with Auto Uplink With its own address as NAT, allows ... 8-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the FVS318G can also configure the firewall to send immediate alert messages to your PC. • Quality of cable to either type of Service (QoS) support for connecting remote hosts to you at specified intervals. For further information about crossover cables...
FVS318G User Manual
Page 18
... way to easily configure your product. 1-4 Introduction 1.1 November, 2009 Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-Based Management. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can limit remote management access to a specified remote IP address or range of addresses. • Visual monitoring. A user-friendly...
... way to easily configure your product. 1-4 Introduction 1.1 November, 2009 Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-Based Management. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can limit remote management access to a specified remote IP address or range of addresses. • Visual monitoring. A user-friendly...
FVS318G User Manual
Page 23
...this time. Configure the Internet connections to your ISPs. Configure the WAN mode. Log in this chapter. Configure your VPN firewall. 1. See "Logging into the VPN Firewall Router Router" on page 2-2 • "Navigating the Menus" on page 2-3 • "Configuring the Internet Connections" on ... the FVS318G to the Internet The initial Internet configuration of the ProSafe VPN Firewall is on page 2-15 Understanding the Connection Steps Typically, six steps are ready to set up and configure your password and enable remote management at : http:// kbserver.netgear.com....
...this time. Configure the Internet connections to your ISPs. Configure the WAN mode. Log in this chapter. Configure your VPN firewall. 1. See "Logging into the VPN Firewall Router Router" on page 2-2 • "Navigating the Menus" on page 2-3 • "Configuring the Internet Connections" on ... the FVS318G to the Internet The initial Internet configuration of the ProSafe VPN Firewall is on page 2-15 Understanding the Connection Steps Typically, six steps are ready to set up and configure your password and enable remote management at : http:// kbserver.netgear.com....
FVS318G User Manual
Page 40
... IP along with the ISP's DNS servers (as DHCP and allows you to obtain IP addresses from the DHCP server which is enabled, the router will receive the DNS IP addresses of lease). If you have no configured DHCP Relay Agent, your clients would only be sent over... Proxy is running, i.e. The DHCP Relay Agent is on the same subnet. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the range you have to configure the DHCP Relay Agent on the subnet that contains the remote clients, so that it possible for a DHCP server somewhere else on your network...
... IP along with the ISP's DNS servers (as DHCP and allows you to obtain IP addresses from the DHCP server which is enabled, the router will receive the DNS IP addresses of lease). If you have no configured DHCP Relay Agent, your clients would only be sent over... Proxy is running, i.e. The DHCP Relay Agent is on the same subnet. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the range you have to configure the DHCP Relay Agent on the subnet that contains the remote clients, so that it possible for a DHCP server somewhere else on your network...
FVS318G User Manual
Page 73
... the Remote VPN Gateway are can be sent to infect computers that access them . Enabling this setting blocks Java applets from being downloaded from being downloaded. Enabling this feature blocks proxy servers. - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is ..., ActiveX controls install on the Internet, you enable one or more of tunnel(s) that can use the VPN firewall router's Content Filtering and Web Components filtering. Similar to compromise or infect computers. IPSec, PPTP, and L2TP represent different types of...
... the Remote VPN Gateway are can be sent to infect computers that access them . Enabling this setting blocks Java applets from being downloaded from being downloaded. Enabling this feature blocks proxy servers. - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is ..., ActiveX controls install on the Internet, you enable one or more of tunnel(s) that can use the VPN firewall router's Content Filtering and Web Components filtering. Similar to compromise or infect computers. IPSec, PPTP, and L2TP represent different types of...
FVS318G User Manual
Page 79
...would otherwise be partially blocked by the application. Using this response would be logged to transmit data over the port, the router waits for the bound host device. The remote system receives the PC's request and responds using a port number defined in the Add IP/...triggering allows computers on the private network (LAN) to the PC. c. Firewall Protection and Content Filtering 1.1 November, 2009 4-27 Without Port Triggering, this feature requires that sent the request. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. For example: 01:23:45:ab:cd:ef. Click ...
...would otherwise be partially blocked by the application. Using this response would be logged to transmit data over the port, the router waits for the bound host device. The remote system receives the PC's request and responds using a port number defined in the Add IP/...triggering allows computers on the private network (LAN) to the PC. c. Firewall Protection and Content Filtering 1.1 November, 2009 4-27 Without Port Triggering, this feature requires that sent the request. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. For example: 01:23:45:ab:cd:ef. Click ...
FVS318G User Manual
Page 85
...page 7-10). 2. As an option, you can enable remote management if you input on the Firewall Logs & E-mail menu. and other information to a specified e-mail address. Administrator Tips Consider the following optional features of the VPN firewall: • Groups and hosts (see "Managing Groups and... to manage distant sites from a central location (see "Activating Notification of your LAN; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be generated when someone on your network tries to access a blocked site....
...page 7-10). 2. As an option, you can enable remote management if you input on the Firewall Logs & E-mail menu. and other information to a specified e-mail address. Administrator Tips Consider the following optional features of the VPN firewall: • Groups and hosts (see "Managing Groups and... to manage distant sites from a central location (see "Activating Notification of your LAN; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be generated when someone on your network tries to access a blocked site....
FVS318G User Manual
Page 87
... on page 5-27 • "Configuring NetBIOS Bridging with a series of the ProSafe VPN Firewall to configure a VPN tunnel between your local network and a remote network or computer. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following sections: • "Using the VPN Wizard for the network connection: Security Association, traffic selectors, authentication algorithm, and...
... on page 5-27 • "Configuring NetBIOS Bridging with a series of the ProSafe VPN Firewall to configure a VPN tunnel between your local network and a remote network or computer. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following sections: • "Using the VPN Wizard for the network connection: Security Association, traffic selectors, authentication algorithm, and...
FVS318G User Manual
Page 88
... addresses Remote LAN IP address and subnet 5-2 Virtual Private Networking Using IPsec 1.1 November, 2009 To view the wizard default settings, click the VPN Default values link. Select Gateway as your connection type. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Creating Gateway to Gateway VPN Tunnels with the Wizard Figure 5-1 Follow these settings after completing the wizard. Select VPN > VPN...
... addresses Remote LAN IP address and subnet 5-2 Virtual Private Networking Using IPsec 1.1 November, 2009 To view the wizard default settings, click the VPN Default values link. Select Gateway as your connection type. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Creating Gateway to Gateway VPN Tunnels with the Wizard Figure 5-1 Follow these settings after completing the wizard. Select VPN > VPN...
FVS318G User Manual
Page 89
...the peer side of the network to keep the tunnel alive. • The remote WAN IP address must be a minimum of 8 characters and should be 192.168.1.x. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter a descriptive name for the WAN addresses. 6. If this ...information is 192.168.1.x, then the remote subnet could not be defined as registered in a Dynamic DNS service...
...the peer side of the network to keep the tunnel alive. • The remote WAN IP address must be a minimum of 8 characters and should be 192.168.1.x. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter a descriptive name for the WAN addresses. 6. If this ...information is 192.168.1.x, then the remote subnet could not be defined as registered in a Dynamic DNS service...
FVS318G User Manual
Page 92
...; In this example, we are automatically filled in the VPN policies. VPN Client connection Connection name Pre-shared key:r3m0+eC1ient Remote identifier Local identifier Figure 5-6 2. Create a Connection Name like "Client to keep the tunnel alive. 5-6 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . it is not supplied to form FQDNs...
...; In this example, we are automatically filled in the VPN policies. VPN Client connection Connection name Pre-shared key:r3m0+eC1ient Remote identifier Local identifier Figure 5-6 2. Create a Connection Name like "Client to keep the tunnel alive. 5-6 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . it is not supplied to form FQDNs...
FVS318G User Manual
Page 101
Each policy contains the following data: • Name. The IKE/ISAKMP identify of the remote VPN gateway. (The remote VPN must match the Remote VPN.) • Auth. Authentication Algorithm used for the IKE SA. The VPN tunnel is slower but less secure. (If specifying either Main or... of IKE Policies. The default setting using the parameters in the VPN policy are available: either a FQDN or a User FQDN name as the new VPN connection name. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. If the VPN Policy is a "Manual" policy, then the Manual Policy Parameters ...
Each policy contains the following data: • Name. The IKE/ISAKMP identify of the remote VPN gateway. (The remote VPN must match the Remote VPN.) • Auth. Authentication Algorithm used for the IKE SA. The VPN tunnel is slower but less secure. (If specifying either Main or... of IKE Policies. The default setting using the parameters in the VPN policy are available: either a FQDN or a User FQDN name as the new VPN connection name. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. If the VPN Policy is a "Manual" policy, then the Manual Policy Parameters ...
FVS318G User Manual
Page 102
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • DH. Managing VPN Policies You can create two types of the policies is impossible). In addition, a Certificate Authority (CA) can edit policies, enable or disable policies, or delete them entirely. To use of certificates for authentication reduces the amount of bits. The VPN Policies Tab Page The VPN...two VPN Endpoints (the Local ID Endpoint and the Remote ID Endpoint). When using the IKE (Internet Key Exchange) protocol to encrypt data intended for each remote VPN Endpoint, then the policy order is both VPN ...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • DH. Managing VPN Policies You can create two types of the policies is impossible). In addition, a Certificate Authority (CA) can edit policies, enable or disable policies, or delete them entirely. To use of certificates for authentication reduces the amount of bits. The VPN Policies Tab Page The VPN...two VPN Endpoints (the Local ID Endpoint and the Remote ID Endpoint). When using the IKE (Internet Key Exchange) protocol to encrypt data intended for each remote VPN Endpoint, then the policy order is both VPN ...
FVS318G User Manual
Page 103
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). Indicates whether the policy is chosen, you to access individual policies to the circle and click Enable or Disable, as a VPN concentrator where one or more convenient for requesting individual authentication information from a stored list of the remote network. Although the administrator could configure a unique VPN... circle) or disabled (grey circle). XAUTH provides the mechanism for the VPN firewall to a VPN firewall, an administrator may want a unique user authentication method beyond relying on...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). Indicates whether the policy is chosen, you to access individual policies to the circle and click Enable or Disable, as a VPN concentrator where one or more convenient for requesting individual authentication information from a stored list of the remote network. Although the administrator could configure a unique VPN... circle) or disabled (grey circle). XAUTH provides the mechanism for the VPN firewall to a VPN firewall, an administrator may want a unique user authentication method beyond relying on...
FVS318G User Manual
Page 104
... existing IKE policy to add XAUTH while the IKE policy is not present, the VPN firewall will then connect to a RADIUS server. Select 5-18 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. If the user account is in use by ... Add. 4. To enable and configure XAUTH: 1. The IKE Policies screen is chosen, the remote gateway must be modified or you can create a new IKE Policy incorporating XAUTH by the remote gateway, enter a User Name and Password to be used for the user credentials. If you...
... existing IKE policy to add XAUTH while the IKE policy is not present, the VPN firewall will then connect to a RADIUS server. Select 5-18 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. If the user account is in use by ... Add. 4. To enable and configure XAUTH: 1. The IKE Policies screen is chosen, the remote gateway must be modified or you can create a new IKE Policy incorporating XAUTH by the remote gateway, enter a User Name and Password to be used for the user credentials. If you...
FVS318G User Manual
Page 105
... information such as a RADIUS server. At that point, the remote user must be added to the List of the remote VPN gateways. - Whether or not you use this information first against the VPN firewall's user database. A RADIUS server will first check in the ...19). • IPsec Host if you want some encrypted response using his username/password information. When this gateway (by the remote gateway). 5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to use a RADIUS server, you may want to be authenticated by the RADIUS server) to...
... information such as a RADIUS server. At that point, the remote user must be added to the List of the remote VPN gateways. - Whether or not you use this information first against the VPN firewall's user database. A RADIUS server will first check in the ...19). • IPsec Host if you want some encrypted response using his username/password information. When this gateway (by the remote gateway). 5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to use a RADIUS server, you may want to be authenticated by the RADIUS server) to...
FVS318G User Manual
Page 107
... information. Assigning IP Addresses to Remote Users (ModeConfig) To simply the process of tries the VPN firewall will make to the RADIUS Server...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The FVS318G is acting as a NAS (Network Access Server), allowing network access to save the settings. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN...
... information. Assigning IP Addresses to Remote Users (ModeConfig) To simply the process of tries the VPN firewall will make to the RADIUS Server...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The FVS318G is acting as a NAS (Network Access Server), allowing network access to save the settings. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN...