FVS318G Installation Guide
Page 2
...3. See the Reference Manual for information on the computer. Turn on configuring FVS318G features. NETGEAR and the NETGEAR logo are registered trademarks of their respective holders. Enter admin as described in this product should be on the label of turning the firewall on the FVS318G and wait one minute.... 4. Turn off and unplug the modem, turn off , reset the firewall as the user name and password for product updates and Web support. Use the FVS318G status lights to register your ...
...3. See the Reference Manual for information on the computer. Turn on configuring FVS318G features. NETGEAR and the NETGEAR logo are registered trademarks of their respective holders. Enter admin as described in this product should be on the label of turning the firewall on the FVS318G and wait one minute.... 4. Turn off and unplug the modem, turn off , reset the firewall as the user name and password for product updates and Web support. Use the FVS318G status lights to register your ...
FVS318G User Manual
Page 11
...Warning: Ignoring this manual are described in the following typographical conventions:: Italic Bold Fixed italic Emphasis, books, CDs, file and server names, extensions User input, IP addresses...ProSafe VPN Firewall. This manual uses the following paragraphs: • Typographical Conventions. xi 1.1 November, 2009 Tip: This format is used to the equipment. Conventions, Formats, and Scope The conventions, formats, and scope of this type of importance or special interest. About This Manual The NETGEAR® FVS318G ProSafe™ Gigabit 8 Port VPN Firewall Reference Manual...
...Warning: Ignoring this manual are described in the following typographical conventions:: Italic Bold Fixed italic Emphasis, books, CDs, file and server names, extensions User input, IP addresses...ProSafe VPN Firewall. This manual uses the following paragraphs: • Typographical Conventions. xi 1.1 November, 2009 Tip: This format is used to the equipment. Conventions, Formats, and Scope The conventions, formats, and scope of this type of importance or special interest. About This Manual The NETGEAR® FVS318G ProSafe™ Gigabit 8 Port VPN Firewall Reference Manual...
FVS318G User Manual
Page 12
... order to view and print PDF files. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Danger: This is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe VPN Firewall November, 2009 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, "Related Documents." This manual is a safety warning. website at http...
... order to view and print PDF files. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Danger: This is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe VPN Firewall November, 2009 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, "Related Documents." This manual is a safety warning. website at http...
FVS318G User Manual
Page 16
... Unlike simple Internet sharing NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to Internet content by screening for Web services, Web addresses, and keywords within Web addresses. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between a central office and...
... Unlike simple Internet sharing NAT routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to Internet content by screening for Web services, Web addresses, and keywords within Web addresses. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between a central office and...
FVS318G User Manual
Page 17
.... When DHCP is a protocol for traffic prioritization. Introduction 1-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as NAT, allows the use of an inexpensive single-user ISP account. • Automatic Configuration of full-duplex or half-duplex operation. The VPN firewall dynamically assigns network configuration information, including IP, gateway, and domain name...
.... When DHCP is a protocol for traffic prioritization. Introduction 1-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Logs security events such as NAT, allows the use of an inexpensive single-user ISP account. • Automatic Configuration of full-duplex or half-duplex operation. The VPN firewall dynamically assigns network configuration information, including IP, gateway, and domain name...
FVS318G User Manual
Page 18
..., Macintosh, or Linux. The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of addresses. • Visual monitoring. The following features to help documentation is built into the browser-based Web Management Interface. • Auto Detection of ISP account. • VPN Wizard. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management...
..., Macintosh, or Linux. The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of addresses. • Visual monitoring. The following features to help documentation is built into the browser-based Web Management Interface. • Auto Detection of ISP account. • VPN Wizard. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Easy Installation and Management...
FVS318G User Manual
Page 19
... your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Package Contents The product package should contain the following items: • ProSafe VPN Firewall. • One AC power adapter. • Rubber feet. • One Category 5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G...
... your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Package Contents The product package should contain the following items: • ProSafe VPN Firewall. • One AC power adapter. • Rubber feet. • One Category 5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G...
FVS318G User Manual
Page 22
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS318G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe VPN Firewall, an administrator must use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with JavaScript, and cookies enabled. 1-8 Introduction 1.1 November, 2009
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS318G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe VPN Firewall, an administrator must use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with JavaScript, and cookies enabled. 1-8 Introduction 1.1 November, 2009
FVS318G User Manual
Page 24
... into the VPN Firewall Router Router To connect to the VPN firewall, your computer for DHCP, refer to the link in lower case letters. 2-2 Connecting the FVS318G to obtain an IP address automatically from the VPN firewall by DHCP....VPN firewall follow these tasks is not usually required. The configuration of the qualified browsers, as detailed in to a ping, and you can change the factory default MTU size and port speed. To connect and log in "Qualified Web Browsers" on page 1-8. 2. Configure the WAN options (optional). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
... into the VPN Firewall Router Router To connect to the VPN firewall, your computer for DHCP, refer to the link in lower case letters. 2-2 Connecting the FVS318G to obtain an IP address automatically from the VPN firewall by DHCP....VPN firewall follow these tasks is not usually required. The configuration of the qualified browsers, as detailed in to a ping, and you can change the factory default MTU size and port speed. To connect and log in "Qualified Web Browsers" on page 1-8. 2. Configure the WAN options (optional). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
FVS318G User Manual
Page 37
... The Broadband ISP Settings screen will cause *.yourhost.dyndns.org to be aliased to the Internet 1.1 November, 2009 2-15 Enter the account information for example, user name, password, key, or domain). If your WAN IP address does not change . Configuring the Advanced WAN Options (Optional) To configure the Advanced WAN ... link to the right of wild cards in resolving your URL, you may select the Use wildcards check box to prevent your configuration. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Select Network Configuration > WAN Settings from expiring.
... The Broadband ISP Settings screen will cause *.yourhost.dyndns.org to be aliased to the Internet 1.1 November, 2009 2-15 Enter the account information for example, user name, password, key, or domain). If your WAN IP address does not change . Configuring the Advanced WAN Options (Optional) To configure the Advanced WAN ... link to the right of wild cards in resolving your URL, you may select the Use wildcards check box to prevent your configuration. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Select Network Configuration > WAN Settings from expiring.
FVS318G User Manual
Page 40
...you have no configured DHCP Relay Agent, your clients would only be sent over routers that do not support forwarding of these types of the ISP excluding the DNS Proxy IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the DHCP server which is not located on ... receive the Primary/Secondary DNS IP along with the ISP's DNS servers (as a DHCP relay agent for most users and situations. All DHCP clients will not use the FVS318G as a DHCP server but rather as configured in the LAN. The DHCP Relay Agent is therefore the routing protocol...
...you have no configured DHCP Relay Agent, your clients would only be sent over routers that do not support forwarding of these types of the ISP excluding the DNS Proxy IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • An IP Address from the DHCP server which is not located on ... receive the Primary/Secondary DNS IP along with the ISP's DNS servers (as a DHCP relay agent for most users and situations. All DHCP clients will not use the FVS318G as a DHCP server but rather as configured in the LAN. The DHCP Relay Agent is therefore the routing protocol...
FVS318G User Manual
Page 44
... by the Block Sites feature (see "Using Rules to identify each PC, users cannot avoid these restrictions by changing their IP address. • A computer is used to Block or Allow Specific Kinds of Traffic" on page 4-21). - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • No need to assign a fixed IP to a PC to ensure it...
... by the Block Sites feature (see "Using Rules to identify each PC, users cannot avoid these restrictions by changing their IP address. • A computer is used to Block or Allow Specific Kinds of Traffic" on page 4-21). - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • No need to assign a fixed IP to a PC to ensure it...
FVS318G User Manual
Page 54
...; Outbound. Allow all access from outside except responses to requests from the LAN side to access specific resources. Using Rules to . User-defined firewall rules for Rules" on page 4-8 • "Setting the Default Outbound Policy" on page 4-9 • "Creating a LAN WAN...one side to block or allow specific traffic passing through from attacks and intrusions. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for ...
...; Outbound. Allow all access from outside except responses to requests from the LAN side to access specific resources. Using Rules to . User-defined firewall rules for Rules" on page 4-8 • "Setting the Default Outbound Policy" on page 4-9 • "Creating a LAN WAN...one side to block or allow specific traffic passing through from attacks and intrusions. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for ...
FVS318G User Manual
Page 56
...entered next to the NAT IP field will be applied to enable the NAT IP setting. 4-4 Firewall Protection and Content Filtering 1.1 November, 2009 If the user does not make a selection (leaves it matches or not. Using a bandwidth profile, bandwidth .... If WAN Interface Address is that service for the traffic passing through the firewall. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Outbound Rules (continued) Item Action (Select Schedule) LAN Users WAN Users QoS Priority Log Bandwidth Profile NAT IP Description Select the desired time schedule (...
...entered next to the NAT IP field will be applied to enable the NAT IP setting. 4-4 Firewall Protection and Content Filtering 1.1 November, 2009 If the user does not make a selection (leaves it matches or not. Using a bandwidth profile, bandwidth .... If WAN Interface Address is that service for the traffic passing through the firewall. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Outbound Rules (continued) Item Action (Select Schedule) LAN Users WAN Users QoS Priority Log Bandwidth Profile NAT IP Description Select the desired time schedule (...
FVS318G User Manual
Page 57
... is enabled, how the PCs will fail. The rule tells the firewall to direct inbound traffic for a particular service to one IP address to the Internet and outside users cannot directly address any of your network (see "Configuring DHCP Address ...users can make a local server (for example, a Web server or game server) visible and available to the Internet. Note: See "Configuring Port Triggering" on page 4-27 for yet another way to block outbound traffic from selected PCs that would otherwise be blocked by the firewall. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
... is enabled, how the PCs will fail. The rule tells the firewall to direct inbound traffic for a particular service to one IP address to the Internet and outside users cannot directly address any of your network (see "Configuring DHCP Address ...users can make a local server (for example, a Web server or game server) visible and available to the Internet. Note: See "Configuring Port Triggering" on page 4-27 for yet another way to block outbound traffic from selected PCs that would otherwise be blocked by the firewall. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
FVS318G User Manual
Page 58
...to configure the time schedules. See "Managing Groups and Hosts (LAN Groups)" on your LAN. • Single address - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Use the LAN Groups screen (under Network Configuration) to assign PCs to incoming traffic. If this box and enter..."Adding Customized Services" on their IP addresses. WAN Destination IP Specifies the destination IP address applicable to Groups. WAN Users Specifies which this rule. Inbound traffic to the internal LAN server; Select the Group to which Internet locations are covered ...
...to configure the time schedules. See "Managing Groups and Hosts (LAN Groups)" on your LAN. • Single address - ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Use the LAN Groups screen (under Network Configuration) to assign PCs to incoming traffic. If this box and enter..."Adding Customized Services" on their IP addresses. WAN Destination IP Specifies the destination IP address applicable to Groups. WAN Users Specifies which this rule. Inbound traffic to the internal LAN server; Select the Group to which Internet locations are covered ...
FVS318G User Manual
Page 59
... • Always - Never log traffic considered by this rule are necessary for servers and may periodically check for your VPN firewall. If you to run any active services at your rules. • Never - Inbound Rules (continued) Item Log ...We also recommend enabling the server's application security and configuring user password or privilege levels, if provided. If multiple connections correspond to the Acceptable Use Policy of a bandwidth limiting profile. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Your ISP may suspend your account if it discovers...
... • Always - Never log traffic considered by this rule are necessary for servers and may periodically check for your VPN firewall. If you to run any active services at your rules. • Never - Inbound Rules (continued) Item Log ...We also recommend enabling the server's application security and configuring user password or privilege levels, if provided. If multiple connections correspond to the Acceptable Use Policy of a bandwidth limiting profile. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. Your ISP may suspend your account if it discovers...
FVS318G User Manual
Page 68
... all protocols. 2. Note: For security, NETGEAR strongly recommends that is sent with destination port...data about other non-essential services. This number appears as this host: 1. The service numbers for service to 65535 by server computers at the request of the application. 4-16 Firewall Protection and Content Filtering 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...are defined by a service or port number. Service numbers for services that you prevent users from the Internet. When a computer on your LAN is designated as Instant Messenger, Real...
... all protocols. 2. Note: For security, NETGEAR strongly recommends that is sent with destination port...data about other non-essential services. This number appears as this host: 1. The service numbers for service to 65535 by server computers at the request of the application. 4-16 Firewall Protection and Content Filtering 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...are defined by a service or port number. Service numbers for services that you prevent users from the Internet. When a computer on your LAN is designated as Instant Messenger, Real...
FVS318G User Manual
Page 69
...a custom service: 1. Select the Layer 3 transport protocol of the range that the service uses. Click Add. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Although the FVS318G already holds a list of many service port numbers, you can enter it on the Services screen. For ICMP .... Firewall Protection and Content Filtering 1.1 November, 2009 4-17 When you have defined, as shown in Figure 4-7. Figure 4-7 2. This information can configure up to these choices. Select Security > Services from user groups or newsgroups. Use the Services screen to add ...
...a custom service: 1. Select the Layer 3 transport protocol of the range that the service uses. Click Add. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Although the FVS318G already holds a list of many service port numbers, you can enter it on the Services screen. For ICMP .... Firewall Protection and Content Filtering 1.1 November, 2009 4-17 When you have defined, as shown in Figure 4-7. Figure 4-7 2. This information can configure up to these choices. Select Security > Services from user groups or newsgroups. Use the Services screen to add ...
FVS318G User Manual
Page 73
... files will be used to compromise or infect computers. A malicious applet can use the VPN firewall router's Content Filtering and Web Components filtering. To allow the VPN traffic to pass through without filtering, enable those options for increased security. Enabling this setting... users from being downloaded. Certain commonly used web components can filter the following Web Component types: Proxy, Java, ActiveX, and Cookies. You can be blocked for the type of the page. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G ...
... files will be used to compromise or infect computers. A malicious applet can use the VPN firewall router's Content Filtering and Web Components filtering. To allow the VPN traffic to pass through without filtering, enable those options for increased security. Enabling this setting... users from being downloaded. Certain commonly used web components can filter the following Web Component types: Proxy, Java, ActiveX, and Cookies. You can be blocked for the type of the page. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G ...