FVS318G User Manual
Page 7
... FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client...
... FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client...
FVS318G User Manual
Page 8
... Self Certificates 6-11 Obtaining a Self Certificate from a Certificate Authority 6-11 Managing your Certificate Revocation List (CRL 6-14 Chapter 7 Router and Network Management Performance Management 7-1 Bandwidth Capacity 7-1 Features That Reduce Traffic 7-2 Features That Increase Traffic 7-5 Using QoS to Shift the... Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your VPN Firewall Router 8-5 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 viii Contents 1.1 November, 2009
... Self Certificates 6-11 Obtaining a Self Certificate from a Certificate Authority 6-11 Managing your Certificate Revocation List (CRL 6-14 Chapter 7 Router and Network Management Performance Management 7-1 Bandwidth Capacity 7-1 Features That Reduce Traffic 7-2 Features That Increase Traffic 7-5 Using QoS to Shift the... Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your VPN Firewall Router 8-5 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 viii Contents 1.1 November, 2009
FVS318G User Manual
Page 16
... NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. You can configure the firewall to log and report attempts to access objectionable Internet sites. • Permits scheduling of status and activity. • Flash memory for Web services, Web addresses, and keywords within Web addresses. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference...
... NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. You can configure the firewall to log and report attempts to access objectionable Internet sites. • Permits scheduling of status and activity. • Flash memory for Web services, Web addresses, and keywords within Web addresses. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference...
FVS318G User Manual
Page 17
... PCs on page C-3. • IP Address Sharing by your PC. • Quality of cable to the Internet over Ethernet (PPPoE). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as Auto Uplink will accommodate either a 10 Mbps standard Ethernet network, a 100 Mbps Fast Ethernet...The LAN and WAN interfaces are specified, the firewall provides its internal 8-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the FVS318G can connect to either type of Service (QoS) support for connecting remote hosts to make the right connection. Each ...
... PCs on page C-3. • IP Address Sharing by your PC. • Quality of cable to the Internet over Ethernet (PPPoE). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as Auto Uplink will accommodate either a 10 Mbps standard Ethernet network, a 100 Mbps Fast Ethernet...The LAN and WAN interfaces are specified, the firewall provides its internal 8-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the FVS318G can connect to either type of Service (QoS) support for connecting remote hosts to make the right connection. Each ...
FVS318G User Manual
Page 18
... provided with other VPNCcompliant VPN routers and clients. • Diagnostic Functions. The firewall allows you maximize your use of the VPN firewall: • Flash memory for your firewall from a remote location on the Internet. Maintenance and Support NETGEAR offers the following features ... you to easily configure your type of ISP account. • VPN Wizard. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can limit remote management access to a specified remote IP address or range of addresses. • Visual monitoring. The...
... provided with other VPNCcompliant VPN routers and clients. • Diagnostic Functions. The firewall allows you maximize your use of the VPN firewall: • Flash memory for your firewall from a remote location on the Internet. Maintenance and Support NETGEAR offers the following features ... you to easily configure your type of ISP account. • VPN Wizard. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You can limit remote management access to a specified remote IP address or range of addresses. • Visual monitoring. The...
FVS318G User Manual
Page 23
... according to the instructions in to the VPN Firewall Router. During this time if desired. Configure your fully qualified domain names during this chapter. You can also program the WAN traffic meters at this time. Chapter 2 Connecting the FVS318G to the Internet The initial Internet configuration of the ProSafe VPN Firewall is on page 2-15 Understanding the...
... according to the instructions in to the VPN Firewall Router. During this time if desired. Configure your fully qualified domain names during this chapter. You can also program the WAN traffic meters at this time. Chapter 2 Connecting the FVS318G to the Internet The initial Internet configuration of the ProSafe VPN Firewall is on page 2-15 Understanding the...
FVS318G User Manual
Page 40
...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the DHCP server which is enabled, the router will receive the DNS IP addresses of lease). The DHCP Relay Agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote...When the DNS Proxy option is not located on a remote subnet, or which is running, i.e. If you have defined. • Subnet Mask. • Gateway IP Address (the firewall's LAN IP address). • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if ...
...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the DHCP server which is enabled, the router will receive the DNS IP addresses of lease). The DHCP Relay Agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote...When the DNS Proxy option is not located on a remote subnet, or which is running, i.e. If you have defined. • Subnet Mask. • Gateway IP Address (the firewall's LAN IP address). • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if ...
FVS318G User Manual
Page 73
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that access them . By default, these features are first filtered through NAT and then encrypted per the VPN policy. You can be used to compromise or infect computers. Some of VPN tunnels that can use the VPN firewall router...going to the Remote VPN Gateway are disabled; Similar to certain sites on the LAN side of the VPN firewall wants to connect to a specific IP address are available: • Web Components blocking. Since the FVS318G filters the ...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that access them . By default, these features are first filtered through NAT and then encrypted per the VPN policy. You can be used to compromise or infect computers. Some of VPN tunnels that can use the VPN firewall router...going to the Remote VPN Gateway are disabled; Similar to certain sites on the LAN side of the VPN firewall wants to connect to a specific IP address are available: • Web Components blocking. Since the FVS318G filters the ...
FVS318G User Manual
Page 79
..., making them available to other computers on one or more ports be forwarded to them , they receive data on the private network (LAN) to the list. The remote system receives the PC's request and responds using a port number defined in the Port Triggering table. 2....:23:45:ab:cd:ef. It then automatically sets up forwarding to them . ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. b. Some applications require that you know the port numbers used by the firewall when the router is six colonseparated pairs of ports. A PC makes an outgoing connection using the...
..., making them available to other computers on one or more ports be forwarded to them , they receive data on the private network (LAN) to the list. The remote system receives the PC's request and responds using a port number defined in the Port Triggering table. 2....:23:45:ab:cd:ef. It then automatically sets up forwarding to them . ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. b. Some applications require that you know the port numbers used by the firewall when the router is six colonseparated pairs of ports. A PC makes an outgoing connection using the...
FVS318G User Manual
Page 85
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be generated when someone on the Firewall Logs & E-mail menu. In ...page 4-21), a log will be configured to log and then e-mail denial of your VPN firewall router will log security-related events such as: accepted and dropped packets on different segments of ...access, general attack information, and other general information based on the settings you can enable remote management if you have to access a blocked site. For example, your LAN; denied incoming...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be generated when someone on the Firewall Logs & E-mail menu. In ...page 4-21), a log will be configured to log and then e-mail denial of your VPN firewall router will log security-related events such as: accepted and dropped packets on different segments of ...access, general attack information, and other general information based on the settings you can enable remote management if you have to access a blocked site. For example, your LAN; denied incoming...
FVS318G User Manual
Page 87
...(VPN) features of the ProSafe VPN Firewall to configure multiple gateway or client VPN tunnel policies. The section below provides wizard and NETGEAR VPN Client configuration procedures for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. The VPN ... the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure a VPN tunnel between your local network and a remote network or computer. This chapter contains the following sections: • "Using the VPN Wizard for Client and Gateway Configurations...
...(VPN) features of the ProSafe VPN Firewall to configure multiple gateway or client VPN tunnel policies. The section below provides wizard and NETGEAR VPN Client configuration procedures for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. The VPN ... the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure a VPN tunnel between your local network and a remote network or computer. This chapter contains the following sections: • "Using the VPN Wizard for Client and Gateway Configurations...
FVS318G User Manual
Page 88
... modify these steps to display the VPN Wizard tab page. Remote and local WAN addresses Remote LAN IP address and subnet 5-2 Virtual Private Networking Using IPsec 1.1 November, 2009 Gateway connection Connection name Pre-shared key Figure 5-2 2. To view the wizard default settings, click the VPN Default values link. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Creating Gateway to...
... modify these steps to display the VPN Wizard tab page. Remote and local WAN addresses Remote LAN IP address and subnet 5-2 Virtual Private Networking Using IPsec 1.1 November, 2009 Gateway connection Connection name Pre-shared key Figure 5-2 2. To view the wizard default settings, click the VPN Default values link. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Creating Gateway to...
FVS318G User Manual
Page 89
... ping packets to the host on the remote VPN gateway, or the remote VPN client. This name used to the remote VPN endpoint. 4. is not supplied to help you validate the connection, use the wizard to connect. Enter the Remote and Local WAN IP Addresses or Internet ... active, after completing the wizard, manually edit the VPN policy to keep the tunnel alive. • The remote WAN IP address must be in a Dynamic DNS service. The key must be 192.168.1.x. Virtual Private Networking Using IPsec 5-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3.
... ping packets to the host on the remote VPN gateway, or the remote VPN client. This name used to the remote VPN endpoint. 4. is not supplied to help you validate the connection, use the wizard to connect. Enter the Remote and Local WAN IP Addresses or Internet ... active, after completing the wizard, manually edit the VPN policy to keep the tunnel alive. • The remote WAN IP address must be in a Dynamic DNS service. The key must be 192.168.1.x. Virtual Private Networking Using IPsec 5-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3.
FVS318G User Manual
Page 92
... is only for your reference. 4. The public Remote and Local Identifier are automatically filled in this example, we are using r3m0+eC1ient, which periodically sends ping packets to keep the tunnel alive. 5-6 Virtual Private Networking Using IPsec 1.1 November, 2009 Enter a Pre-shared Key; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . in by pre-pending the...
... is only for your reference. 4. The public Remote and Local Identifier are automatically filled in this example, we are using r3m0+eC1ient, which periodically sends ping packets to keep the tunnel alive. 5-6 Virtual Private Networking Using IPsec 1.1 November, 2009 Enter a Pre-shared Key; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . in by pre-pending the...
FVS318G User Manual
Page 101
... Main or Aggressive. - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. You can also edit exiting policies or add new IKE policies directly on the List of IKE Policies and is SHA1. (This setting must have this value as the Local ID/Remote ID, aggressive mode is not supplied to the remote VPN gateway, then a VPN tunnel cannot be...
... Main or Aggressive. - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. You can also edit exiting policies or add new IKE policies directly on the List of IKE Policies and is SHA1. (This setting must have this value as the Local ID/Remote ID, aggressive mode is not supplied to the remote VPN gateway, then a VPN tunnel cannot be...
FVS318G User Manual
Page 102
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • DH. The DH group sets the number of VPN policies. Managing VPN Policies You can create two types of bits. Some parameters for the VPN tunnel are generated automatically by any sender to decrypt the data (without the private key, decryption is important. You can also be sent via a VPN tunnel. 2. Traffic...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • DH. The DH group sets the number of VPN policies. Managing VPN Policies You can create two types of bits. Some parameters for the VPN tunnel are generated automatically by any sender to decrypt the data (without the private key, decryption is important. You can also be sent via a VPN tunnel. 2. Traffic...
FVS318G User Manual
Page 103
... is more gateway tunnels terminate. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). IP address or address range of XAUTH are available: • Edge Device. Traffic must be covered by this is selected, the VPN firewall is 3DES. (This setting must match the Remote VPN.) • Encr. The default setting using the VPN Wizard). • Type. XAUTH provides...
... is more gateway tunnels terminate. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). IP address or address range of XAUTH are available: • Edge Device. Traffic must be covered by this is selected, the VPN firewall is 3DES. (This setting must match the Remote VPN.) • Encr. The default setting using the VPN Wizard). • Type. XAUTH provides...
FVS318G User Manual
Page 104
...IKE Policy incorporating XAUTH by the remote gateway, enter a User Name and Password to be authenticated against XAUTH, or you must be associated with this gateway. Note: If a RADIUS-PAP server is not present, the VPN firewall will be used for authenticating ... Edit adjacent to the policy to verify user account information. Select 5-18 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. To enable and configure XAUTH: 1. In the Extended Authentication section, choose the Authentication Type...
...IKE Policy incorporating XAUTH by the remote gateway, enter a User Name and Password to be authenticated against XAUTH, or you must be associated with this gateway. Note: If a RADIUS-PAP server is not present, the VPN firewall will be used for authenticating ... Edit adjacent to the policy to verify user account information. Select 5-18 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. To enable and configure XAUTH: 1. In the Extended Authentication section, choose the Authentication Type...
FVS318G User Manual
Page 105
... against a local User Database (if RADIUS-PAP is a protocol for authenticating this VPN firewall as a VPN concentrator where one or more gateway tunnels terminate. At that point, the remote user must provide authentication information such as an Edge Device, users must be added ... Authorization and Accounting (AAA) of multiple users in a network. To configure the Primary RADIUS Server: 1. Select VPN > VPN Client from the main menu. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to the List of Users table, as described in "Changing the Administrator Login...
... against a local User Database (if RADIUS-PAP is a protocol for authenticating this VPN firewall as a VPN concentrator where one or more gateway tunnels terminate. At that point, the remote user must provide authentication information such as an Edge Device, users must be added ... Authorization and Accounting (AAA) of multiple users in a network. To configure the Primary RADIUS Server: 1. Select VPN > VPN Client from the main menu. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to the List of Users table, as described in "Changing the Administrator Login...
FVS318G User Manual
Page 107
... these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Virtual Private Networking Using IPsec 1.1 November, 2009 5-21 Set the Maximum Retry Count. Click Apply to the RADIUS server before giving up. 8. Assigning IP Addresses to Remote Users (ModeConfig) To simply...
... these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Virtual Private Networking Using IPsec 1.1 November, 2009 5-21 Set the Maximum Retry Count. Click Apply to the RADIUS server before giving up. 8. Assigning IP Addresses to Remote Users (ModeConfig) To simply...