FVS318G User Manual
Page 2
...ProSafe VPN Firewall has been suppressed in accordance with the conditions set by NETGEAR, Inc. The operation of some equipment (for correct handling. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß dasProSafe VPN Firewall... certain restrictions. All rights reserved.. Microsoft, Windows, Windows NT and Vista are registered trademarks of Microsoft...Data Processing Equipment and Electronic Office Machines aimed at http://www.netgear.com/register, we can provide you with your Support information card. ii 1.1 November, 2009 NETGEAR, INC. NETGEAR...
...ProSafe VPN Firewall has been suppressed in accordance with the conditions set by NETGEAR, Inc. The operation of some equipment (for correct handling. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß dasProSafe VPN Firewall... certain restrictions. All rights reserved.. Microsoft, Windows, Windows NT and Vista are registered trademarks of Microsoft...Data Processing Equipment and Electronic Office Machines aimed at http://www.netgear.com/register, we can provide you with your Support information card. ii 1.1 November, 2009 NETGEAR, INC. NETGEAR...
FVS318G User Manual
Page 18
...Windows, Macintosh, or Linux. The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of addresses. • Visual monitoring. The firewall incorporates built-in the Warranty and Support information card provided with other VPNCcompliant VPN routers.... • Auto Detection of the VPN firewall: • Flash memory for your firewall from a remote location on the Internet. The firewall allows you maximize your use of ISP. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You...
...Windows, Macintosh, or Linux. The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of addresses. • Visual monitoring. The firewall incorporates built-in the Warranty and Support information card provided with other VPNCcompliant VPN routers.... • Auto Detection of the VPN firewall: • Flash memory for your firewall from a remote location on the Internet. The firewall allows you maximize your use of ISP. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management You...
FVS318G User Manual
Page 26
...below the main menu is detailed in the submenu). Each option is the submenu, containing subcategories of the menu active window, are one or more blue dots with an arrow in the center. You can now proceed to the Internet ...; Tab. In this guide, we may refer to a menu using the notation primary | subcategory, such as Network Configuration | WAN Settings. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Main menu. The Web Configuration Manager offers two connection configuration options: • Automatic detection and configuration of the network connection...
...below the main menu is detailed in the submenu). Each option is the submenu, containing subcategories of the menu active window, are one or more blue dots with an arrow in the center. You can now proceed to the Internet ...; Tab. In this guide, we may refer to a menu using the notation primary | subcategory, such as Network Configuration | WAN Settings. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Main menu. The Web Configuration Manager offers two connection configuration options: • Automatic detection and configuration of the network connection...
FVS318G User Manual
Page 29
...see "Troubleshooting the ISP Connection" on page 8-4. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. To verify the connection, click the Broadband Status option arrow at the top right of the WAN port. A popup window appears, displaying the connection status of the screen. ...2-1. The necessary parameters for various connection types are connected to manually establish an Internet connection. Figure 2-5 The Connection Status window should show a valid IP address and gateway. If your configuration automatically via DHCP, you are listed in the following ...
...see "Troubleshooting the ISP Connection" on page 8-4. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. To verify the connection, click the Broadband Status option arrow at the top right of the WAN port. A popup window appears, displaying the connection status of the screen. ...2-1. The necessary parameters for various connection types are connected to manually establish an Internet connection. Figure 2-5 The Connection Status window should show a valid IP address and gateway. If your configuration automatically via DHCP, you are listed in the following ...
FVS318G User Manual
Page 42
... address of a local Windows NetBios Server if one is enabled, enter the following settings: • IP Address. In the DHCP section, select Enable or Disable DHCP Server. Specifies the first of your browser to reconnect to the new IP address and log in the IP address pool. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Unless...
... address of a local Windows NetBios Server if one is enabled, enter the following settings: • IP Address. In the DHCP section, select Enable or Disable DHCP Server. Specifies the first of your browser to reconnect to the new IP address and log in the IP address pool. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Unless...
FVS318G User Manual
Page 73
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that enable dynamic functionality of these components are can be used by a firewall rule, the requests can be blocked. To allow the VPN traffic to pass through without filtering, enable those options for increased security. If you can use the VPN firewall router's Content...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that enable dynamic functionality of these components are can be used by a firewall rule, the requests can be blocked. To allow the VPN traffic to pass through without filtering, enable those options for increased security. If you can use the VPN firewall router's Content...
FVS318G User Manual
Page 93
..., 2009 Right-click on the VPN client icon in your settings: the VPN Policies page shows the policy is enabled. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. Follow these steps to the FVS318G. Figure 5-7 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to configure...
..., 2009 Right-click on the VPN client icon in your settings: the VPN Policies page shows the policy is enabled. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. Follow these steps to the FVS318G. Figure 5-7 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to configure...
FVS318G User Manual
Page 94
...down menu, choose IP Subnet. • Enter the LAN IP Subnet Address and Subnet Mask of the Policy Editor window, click the New Document icon (the first on the left of the FVS318G LAN; in the other options according to open a New Connection. In the upper left ) to the instructions ... • Under Connection Security, verify that the Secure radio button is selected. • From the ID Type pull-down menus, choose Domain Name. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Give the New Connection a name; Figure 5-9 Fill in this example, we are using gw1.
...down menu, choose IP Subnet. • Enter the LAN IP Subnet Address and Subnet Mask of the Policy Editor window, click the New Document icon (the first on the left of the FVS318G LAN; in the other options according to open a New Connection. In the upper left ) to the instructions ... • Under Connection Security, verify that the Secure radio button is selected. • From the ID Type pull-down menus, choose Domain Name. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Give the New Connection a name; Figure 5-9 Fill in this example, we are using gw1.
FVS318G User Manual
Page 96
... and click Proposal 1. Figure 5-11 • By default TF1 routers use PFS with Group 2, so we need to click on Security Policy to make this change on the Client software to match the policy on the router. • On the left, expand Authentication (Phase 1) and ...click Proposal 1: no changes are needed . • On the left of the window, click the disk icon to save the policy. 5-10 Virtual Private Networking Using IPsec 1.1 November, 2009 No changes are needed . 5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference ...
... and click Proposal 1. Figure 5-11 • By default TF1 routers use PFS with Group 2, so we need to click on Security Policy to make this change on the Client software to match the policy on the router. • On the left, expand Authentication (Phase 1) and ...click Proposal 1: no changes are needed . • On the left of the window, click the disk icon to save the policy. 5-10 Virtual Private Networking Using IPsec 1.1 November, 2009 No changes are needed . 5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference ...
FVS318G User Manual
Page 97
...: Virtual Private Networking Using IPsec 1.1 November, 2009 5-11 Figure 5-13 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS318G provide VPN connection and status information. To test the client connection, from your...
...: Virtual Private Networking Using IPsec 1.1 November, 2009 5-11 Figure 5-13 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS318G provide VPN connection and status information. To test the client connection, from your...
FVS318G User Manual
Page 111
...VPN firewall will appear in the Windows toolbar. The new policy will first check the User Database to the RADIUS server. 10. a. c. Enter the IP Subnet and Mask of the VPN firewall (this gateway (by default. Configuring the ProSafe VPN Client for VPN Clients" on XAUTH, see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN... Subnet. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7. Give the connection a descriptive name such as a VPN concentrator where one of the following: • Edge Device to use this VPN firewall as "...
...VPN firewall will appear in the Windows toolbar. The new policy will first check the User Database to the RADIUS server. 10. a. c. Enter the IP Subnet and Mask of the VPN firewall (this gateway (by default. Configuring the ProSafe VPN Client for VPN Clients" on XAUTH, see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN... Subnet. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7. Give the connection a descriptive name such as a VPN concentrator where one of the following: • Edge Device to use this VPN firewall as "...
FVS318G User Manual
Page 112
... the ID Type pull-down menu, choose None. in the Windows toolbar and click Connect. From the Select Certificate pull-down menu, choose Domain name and enter the FQDN of the VPN firewall; a. c. Enable Replay Detection should be checked. 4. Right-...choose Preferred. Enter the values to Specify Internal Network Address." To test the connection: 1. b. in the VPN firewall ModeConfig Record menu. 5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. The Internal Network IP Address should be 0.0.0.0. for "Allow to match your Internet Interface ...
... the ID Type pull-down menu, choose None. in the Windows toolbar and click Connect. From the Select Certificate pull-down menu, choose Domain name and enter the FQDN of the VPN firewall; a. c. Enable Replay Detection should be checked. 4. Right-...choose Preferred. Enter the values to Specify Internal Network Address." To test the connection: 1. b. in the VPN firewall ModeConfig Record menu. 5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. The Internal Network IP Address should be 0.0.0.0. for "Allow to match your Internet Interface ...
FVS318G User Manual
Page 115
... Because VPN routers do not work for several basic network services such as shown in Figure 5-23. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter the Detection Period to bridge NetBIOS traffic over the VPN tunnel. To solve this problem, you can configure the FVS318G to ...the connection. 7. Click the Yes radio button to the desired VPN policy. Configuring NetBIOS Bridging with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these network services do not normally pass NetBIOS traffic,...
... Because VPN routers do not work for several basic network services such as shown in Figure 5-23. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter the Detection Period to bridge NetBIOS traffic over the VPN tunnel. To solve this problem, you can configure the FVS318G to ...the connection. 7. Click the Yes radio button to the desired VPN policy. Configuring NetBIOS Bridging with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these network services do not normally pass NetBIOS traffic,...
FVS318G User Manual
Page 117
The default name and password for the guest is admin and password. The login window presented to the default domain (geardomain). 6-1 1.1 November, 2009 The administrator can login and display in your IPsec VPN configuration. The guest can login and reconfigure the VPN firewall. The default name and password for the administrator is guest and password...
The default name and password for the guest is admin and password. The login window presented to the default domain (geardomain). 6-1 1.1 November, 2009 The administrator can login and display in your IPsec VPN configuration. The guest can login and reconfigure the VPN firewall. The default name and password for the administrator is guest and password...
FVS318G User Manual
Page 118
The Users screen will display. 2. If you are changing the administrator name, enter the new name and the old administrator password (default is password). 4. Select Edit Admin Settings in the User Selection window. If you want to change the administrator name or password: 1. Figure 6-1 3. Click Apply. 6-2 Managing Users, Authentication, and Certificates 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Administrator Login To change the password, enter and reenter the new pasword. 5. Select Users.
The Users screen will display. 2. If you are changing the administrator name, enter the new name and the old administrator password (default is password). 4. Select Edit Admin Settings in the User Selection window. If you want to change the administrator name or password: 1. Figure 6-1 3. Click Apply. 6-2 Managing Users, Authentication, and Certificates 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Administrator Login To change the password, enter and reenter the new pasword. 5. Select Users.
FVS318G User Manual
Page 119
Password/Confirm Password. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Guest Login To change the password, enter and reenter the new pasword. 5. Select Users. If you want to change the guest ..., dash, and underscore. Managing Users, Authentication, and Certificates 6-3 1.1 November, 2009 Figure 6-2 3. For an Administrator, this is password). 4. Select Edit Guest Settings in the User Selection window. Click Apply. If you are changing the guest name, enter the new name and the old password (default is the period at which an idle...
Password/Confirm Password. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Changing the Guest Login To change the password, enter and reenter the new pasword. 5. Select Users. If you want to change the guest ..., dash, and underscore. Managing Users, Authentication, and Certificates 6-3 1.1 November, 2009 Figure 6-2 3. For an Administrator, this is password). 4. Select Edit Guest Settings in the User Selection window. Click Apply. If you are changing the guest name, enter the new name and the old password (default is the period at which an idle...
FVS318G User Manual
Page 120
... Administrator access is read/ write and guest access is password. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Setting administrator timeout and domain display name You can set the timeout for the firewall's Web Configuration Manager is read-only. You can change the ... Users, Authentication, and Certificates 1.1 November, 2009 Enter a new timeout value in the login window. After a persiod of no activity in the user interface, the admiisrator will automatically be displayed in the Local Authentication Settings window. To configure the administrator timeout: 1.
... Administrator access is read/ write and guest access is password. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Setting administrator timeout and domain display name You can set the timeout for the firewall's Web Configuration Manager is read-only. You can change the ... Users, Authentication, and Certificates 1.1 November, 2009 Enter a new timeout value in the login window. After a persiod of no activity in the user interface, the admiisrator will automatically be displayed in the Local Authentication Settings window. To configure the administrator timeout: 1.
FVS318G User Manual
Page 123
... Authentication" for more on the authenticating client devices. The extKeyUsage would govern the certificate acceptance criteria in -house Windows server, or by remote entities. For example, if the Digital Certificate contains the extKeyUsage extension defined to the...2009 However, if the Digital Certificates contain the extKeyUsage extension then the certificate must be issued by the extension. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual When specifying RADIUS domain authentication, you are extended for secure web access connections over HTTPS. Challenge Handshake ...
... Authentication" for more on the authenticating client devices. The extKeyUsage would govern the certificate acceptance criteria in -house Windows server, or by remote entities. For example, if the Digital Certificate contains the extKeyUsage extension defined to the...2009 However, if the Digital Certificates contain the extKeyUsage extension then the certificate must be issued by the extension. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual When specifying RADIUS domain authentication, you are extended for secure web access connections over HTTPS. Challenge Handshake ...
FVS318G User Manual
Page 142
..., if your WAN IP address is 172.16.0.123, type the following in your browser. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual c. For accessing your FVS318G by running tracert from the Windows Run menu option. on page 6-3 for instructions on the Internet, select Only this PC. ... Note: To maintain security, the FVS318G will reject a login that will enter https:// (not http://) and type your firewall's WAN IP address into your browser: https://172.16.0.123 The VPN firewall's remote login URL is displayed. 7-12 1.1 November, 2009 Router and Network Management If you may...
..., if your WAN IP address is 172.16.0.123, type the following in your browser. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual c. For accessing your FVS318G by running tracert from the Windows Run menu option. on page 6-3 for instructions on the Internet, select Only this PC. ... Note: To maintain security, the FVS318G will reject a login that will enter https:// (not http://) and type your firewall's WAN IP address into your browser: https://172.16.0.123 The VPN firewall's remote login URL is displayed. 7-12 1.1 November, 2009 Router and Network Management If you may...
FVS318G User Manual
Page 153
... PC's IP address is on the same subnet as 169.254.x.x: Windows and MacOS will set the VPN firewall's IP address to 192.168.1.1. These auto-generated addresses are using the correct login information. This procedure is password. Troubleshooting 8-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting the Web Configuration Interface If you are unable...
... PC's IP address is on the same subnet as 169.254.x.x: Windows and MacOS will set the VPN firewall's IP address to 192.168.1.1. These auto-generated addresses are using the correct login information. This procedure is password. Troubleshooting 8-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting the Web Configuration Interface If you are unable...