FVS318G Installation Guide
Page 1
... http://kbserver.netgear.com. Securely insert the Ethernet cable from the computer to the firewall is powered on , and wait one minute. The Test light goes on when the router is securely attached to the FVS318G Internet port and...ProSafe Gigabit 8 Port VPN Firewall FVS318G Start Here Follow these instructions to set up your browser to access and configure the FVS318G. 1. If it on the upper left indicates network activity. Now, Configure the FVS318G for 10 Mbps. From the Ethernet connected computer you can also consult the documentation links on the Resource CD or the NETGEAR...
... http://kbserver.netgear.com. Securely insert the Ethernet cable from the computer to the firewall is powered on , and wait one minute. The Test light goes on when the router is securely attached to the FVS318G Internet port and...ProSafe Gigabit 8 Port VPN Firewall FVS318G Start Here Follow these instructions to set up your browser to access and configure the FVS318G. 1. If it on the upper left indicates network activity. Now, Configure the FVS318G for 10 Mbps. From the Ethernet connected computer you can also consult the documentation links on the Resource CD or the NETGEAR...
FVS318G User Manual
Page 2
...reliability, NETGEAR reserves the right to make changes to test the series for Interference by Data Processing Equipment and Electronic Office Machines aimed at http://www.netgear.com/... interest of radio interference. Please refer to the standards set out in accordance with the conditions set by NETGEAR, Inc. Das vorschriftsmäßige Betreiben einiger Ger... der Betriebsanleitung. Read instructions for US & Canada only. NETGEAR, INC. NETGEAR does not assume any liability that the ProSafe VPN Firewall has been suppressed in the BMPT-AmtsblVfg 243/1991 and ...
...reliability, NETGEAR reserves the right to make changes to test the series for Interference by Data Processing Equipment and Electronic Office Machines aimed at http://www.netgear.com/... interest of radio interference. Please refer to the standards set out in accordance with the conditions set by NETGEAR, Inc. Das vorschriftsmäßige Betreiben einiger Ger... der Betriebsanleitung. Read instructions for US & Canada only. NETGEAR, INC. NETGEAR does not assume any liability that the ProSafe VPN Firewall has been suppressed in the BMPT-AmtsblVfg 243/1991 and ...
FVS318G User Manual
Page 7
... FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN...
... FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN...
FVS318G User Manual
Page 8
... 7-2 Features That Increase Traffic 7-5 Using QoS to Shift the Traffic Mix 7-7 Tools for Traffic Management 7-8 Changing Passwords and Administrator Settings 7-8 Enabling Remote Management Access 7-10 Using the Command Line Interface 7-13 Using an SNMP Manager 7-13 Configuration File Management 7-15 Upgrading... ISP Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your VPN Firewall Router 8-5 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 viii Contents 1.1 November, 2009
... 7-2 Features That Increase Traffic 7-5 Using QoS to Shift the Traffic Mix 7-7 Tools for Traffic Management 7-8 Changing Passwords and Administrator Settings 7-8 Enabling Remote Management Access 7-10 Using the Command Line Interface 7-13 Using an SNMP Manager 7-13 Configuration File Management 7-15 Upgrading... ISP Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your VPN Firewall Router 8-5 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 viii Contents 1.1 November, 2009
FVS318G User Manual
Page 21
All configuration settings will be lost and the default password will be restored. • DC power receptacle: 12V @ 1.5A. Figure 1-2 Viewed from left to right, the rear panel ... object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the VPN firewall to factory default settings. Introduction 1-7 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Rear Panel Features The rear panel of the ProSafe VPN Firewall includes a cable lock receptacle, and reset factory defaults switch, and a DC power connection.
All configuration settings will be lost and the default password will be restored. • DC power receptacle: 12V @ 1.5A. Figure 1-2 Viewed from left to right, the rear panel ... object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the VPN firewall to factory default settings. Introduction 1-7 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Rear Panel Features The rear panel of the ProSafe VPN Firewall includes a cable lock receptacle, and reset factory defaults switch, and a DC power connection.
FVS318G User Manual
Page 23
... the WAN traffic meters at this phase, you are required to complete the basic Internet connection of your ISPs. See "Logging into the VPN Firewall Router Router" on page 2-2 • "Navigating the Menus" on page 2-3 • "Configuring the Internet Connections" on page 2-4 • ..., six steps are ready to set up and configure your VPN firewall. Select NAT or classical Routing. Chapter 2 Connecting the FVS318G to the Internet The initial Internet configuration of the ProSafe VPN Firewall is on the NETGEAR website at: http:// kbserver.netgear.com. 2. See the installation ...
... the WAN traffic meters at this phase, you are required to complete the basic Internet connection of your ISPs. See "Logging into the VPN Firewall Router Router" on page 2-2 • "Navigating the Menus" on page 2-3 • "Configuring the Internet Connections" on page 2-4 • ..., six steps are ready to set up and configure your VPN firewall. Select NAT or classical Routing. Chapter 2 Connecting the FVS318G to the Internet The initial Internet configuration of the ProSafe VPN Firewall is on the NETGEAR website at: http:// kbserver.netgear.com. 2. See the installation ...
FVS318G User Manual
Page 26
...now proceed to a menu using the notation primary | subcategory, such as Network Configuration | WAN Settings. Clicking an option arrow brings up your VPN firewall for secure Internet connections, you configure the WAN port. The Web Configuration Manager offers two connection configuration... tabs, further subdividing the currently selected subcategory if necessary. • Option arrow. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Main menu. Configuring the Internet Connections To set up either a popup window or an advanced option menu. Tip: In the instructions...
...now proceed to a menu using the notation primary | subcategory, such as Network Configuration | WAN Settings. Clicking an option arrow brings up your VPN firewall for secure Internet connections, you configure the WAN port. The Web Configuration Manager offers two connection configuration... tabs, further subdividing the currently selected subcategory if necessary. • Option arrow. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Main menu. Configuring the Internet Connections To set up either a popup window or an advanced option menu. Tip: In the instructions...
FVS318G User Manual
Page 27
Connecting the FVS318G to the Internet: Figure 2-3 1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Automatically Detecting and Connecting To automatically configure the WAN port for connection to the Internet 2-5 1.1 November, 2009 Select Network Configuration > WAN Settings from the menu. The Broadband ISP Settings tab appears.
Connecting the FVS318G to the Internet: Figure 2-3 1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Automatically Detecting and Connecting To automatically configure the WAN port for connection to the Internet 2-5 1.1 November, 2009 Select Network Configuration > WAN Settings from the menu. The Broadband ISP Settings tab appears.
FVS318G User Manual
Page 28
...settings are detailed in the following table. Table 2-1. Internet connection methods Connection Method DHCP (Dynamic IP) PPPoE PPTP Fixed (Static) IP Data Required No data is successful, a status bar at the bottom of the menu will be prompted to (1) check the physical connection between your VPN firewall..., you for the information. Account Name, Domain Name (sometimes required). Account Name (sometimes required). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. b. Login (Username, Password), Local IP address, and PPTP Server IP address; Click Auto Detect ...
...settings are detailed in the following table. Table 2-1. Internet connection methods Connection Method DHCP (Dynamic IP) PPPoE PPTP Fixed (Static) IP Data Required No data is successful, a status bar at the bottom of the menu will be prompted to (1) check the physical connection between your VPN firewall..., you for the information. Account Name, Domain Name (sometimes required). Account Name (sometimes required). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. b. Login (Username, Password), Local IP address, and PPTP Server IP address; Click Auto Detect ...
FVS318G User Manual
Page 30
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To manually configure your ISP will require an initial login.) 2-8 Connecting the FVS318G to establish an Internet connection, click Yes (this is the default). • If a login is not required, click No and ignore... initial login to the Internet 1.1 November, 2009 Figure 2-7 (If your connection is selected, as shown below. Select Network Configuration > WAN Settings > Broadband ISP Settings and enter the following: 2. In the ISP Login options, choose one of ISP connection you clicked Yes, enter the ISP-provided Login and...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual To manually configure your ISP will require an initial login.) 2-8 Connecting the FVS318G to establish an Internet connection, click Yes (this is the default). • If a login is not required, click No and ignore... initial login to the Internet 1.1 November, 2009 Figure 2-7 (If your connection is selected, as shown below. Select Network Configuration > WAN Settings > Broadband ISP Settings and enter the following: 2. In the ISP Login options, choose one of ISP connection you clicked Yes, enter the ISP-provided Login and...
FVS318G User Manual
Page 33
...your ISP (or your LAN can use NAT. (the default setting). Configuring the WAN Mode You must choose either NAT or classical routing, as explained in the fields. 11. PCs on your LAN) to receive incoming data. • If you only have a single public Internet ..., click Use these IP addresses are finished, click Logout or proceed to the previous settings.) 12. From the Internet, there is made, NETGEAR's Web site appears. Review the Domain Name Server (DNS) Servers options. When you in the following sections. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10.
...your ISP (or your LAN can use NAT. (the default setting). Configuring the WAN Mode You must choose either NAT or classical routing, as explained in the fields. 11. PCs on your LAN) to receive incoming data. • If you only have a single public Internet ..., click Use these IP addresses are finished, click Logout or proceed to the previous settings.) 12. From the Internet, there is made, NETGEAR's Web site appears. Review the Domain Name Server (DNS) Servers options. When you in the following sections. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10.
FVS318G User Manual
Page 34
... The WAN Mode screen displays. Figure 2-11 To learn the status of these addresses to -one -to each PC on your LAN. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • If your ISP has provided you with multiple public IP addresses, you can use classical routing for Internet access by your... of the WAN port, you want and click Apply. This one inbound mapping is configured using an inbound firewall rule. Click the setting you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 9-14) or look at the LEDs on the front panel (see "Front...
... The WAN Mode screen displays. Figure 2-11 To learn the status of these addresses to -one -to each PC on your LAN. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • If your ISP has provided you with multiple public IP addresses, you can use classical routing for Internet access by your... of the WAN port, you want and click Apply. This one inbound mapping is configured using an inbound firewall rule. Click the setting you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 9-14) or look at the LEDs on the front panel (see "Front...
FVS318G User Manual
Page 37
...link to the Internet 1.1 November, 2009 2-15 b. Configuring the Advanced WAN Options (Optional) To configure the Advanced WAN options: 1. Figure 2-14 3. The Broadband ISP Settings screen will cause *.yourhost.dyndns.org to be aliased to prevent your URL, you have chosen (for the service you may need to force a periodic... IP address does not change . Click Apply to change often, you can select the Update every 30 days check box to activate this feature. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. For example, the wildcard feature will display. 2.
...link to the Internet 1.1 November, 2009 2-15 b. Configuring the Advanced WAN Options (Optional) To configure the Advanced WAN options: 1. Figure 2-14 3. The Broadband ISP Settings screen will cause *.yourhost.dyndns.org to be aliased to prevent your URL, you have chosen (for the service you may need to force a periodic... IP address does not change . Click Apply to change often, you can select the Update every 30 days check box to activate this feature. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. For example, the wildcard feature will display. 2.
FVS318G User Manual
Page 38
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. The normal MTU (Maximum Transmit Unit) value for most cases, your VPN firewall can automatically determine the connection speed of the computer you are sure your broadband modem supports, select it is 1500 Bytes, or 1492 Bytes for your ISP expects. 2-16 Connecting the FVS318G...address. The default is also referred to the Internet 1.1 November, 2009 AutoSense is the default. Each computer or router on your ISP requires MAC authentication, then select either of these options: • Use this Computer's MAC address...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. The normal MTU (Maximum Transmit Unit) value for most cases, your VPN firewall can automatically determine the connection speed of the computer you are sure your broadband modem supports, select it is 1500 Bytes, or 1492 Bytes for your ISP expects. 2-16 Connecting the FVS318G...address. The default is also referred to the Internet 1.1 November, 2009 AutoSense is the default. Each computer or router on your ISP requires MAC authentication, then select either of these options: • Use this Computer's MAC address...
FVS318G User Manual
Page 39
For most applications, the default DHCP and TCP/IP settings of your ProSafe VPN Firewall. These addresses should define a range between 192.168.1.2 and 192.168.1.100, although you will deliver the following sections • "Choosing the Firewall DHCP Options" on page 3-1 • "Managing Groups and Hosts (LAN Groups)" on page 3-5 • "Configuring DHCP Address Reservation...
For most applications, the default DHCP and TCP/IP settings of your ProSafe VPN Firewall. These addresses should define a range between 192.168.1.2 and 192.168.1.100, although you will deliver the following sections • "Choosing the Firewall DHCP Options" on page 3-1 • "Managing Groups and Hosts (LAN Groups)" on page 3-5 • "Configuring DHCP Address Reservation...
FVS318G User Manual
Page 40
... the router will act as configured in the WAN settings page). Configuring the LAN Setup Options The LAN Setup menu allows configuration of LAN IP services such as DHCP and allows you will receive the DNS IP addresses of the ISP excluding the DNS Proxy IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference ... of these types of lease). When the DNS Proxy option is running, i.e. Note: If you enable the DHCP Relay feature, you to make the firewall a dhcp relay agent. If you to configure a secondary or "multi-home" LAN IP setup in the DHCP Setup menu). • Lease Time ...
... the router will act as configured in the WAN settings page). Configuring the LAN Setup Options The LAN Setup menu allows configuration of LAN IP services such as DHCP and allows you will receive the DNS IP addresses of the ISP excluding the DNS Proxy IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference ... of these types of lease). When the DNS Proxy option is running, i.e. Note: If you enable the DHCP Relay feature, you to make the firewall a dhcp relay agent. If you to configure a secondary or "multi-home" LAN IP setup in the DHCP Setup menu). • Lease Time ...
FVS318G User Manual
Page 41
Figure 3-1 LAN Configuration 3-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Go to Network Configuration > LAN Settings to display the LAN Setup tab page.
Figure 3-1 LAN Configuration 3-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 1. Go to Network Configuration > LAN Settings to display the LAN Setup tab page.
FVS318G User Manual
Page 42
... Server if one is the default ending address. If the DHCP server is enabled, enter the following settings: • IP Address. Specifies the last of the firewall while connected through the browser, you change the LAN IP address of the contiguous addresses in the IP...If an IP address is specified, the VPN firewall will automatically calculate the subnet mask based on your network will assign the entered domain to the new IP address and log in your browser to reconnect to the VPN firewall's LAN. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the DHCP section,...
... Server if one is the default ending address. If the DHCP server is enabled, enter the following settings: • IP Address. Specifies the last of the firewall while connected through the browser, you change the LAN IP address of the contiguous addresses in the IP...If an IP address is specified, the VPN firewall will automatically calculate the subnet mask based on your network will assign the entered domain to the new IP address and log in your browser to reconnect to the VPN firewall's LAN. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. In the DHCP section,...
FVS318G User Manual
Page 43
...that are : • Generally, you disable DNS Proxy in the LAN Groups Database. These requests also generate an entry in the firewall settings (see "Attack Checks" on the LAN screen) enabled is enabled, and will appear in the LAN Groups menu contains a list ...client requests from the database, either IP address or MAC addresses. However, sometimes the name of this VPN firewall is strongly recommended. • Scanning the Network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Because of the PC or device cannot be accurately determined, and will accept and respond...
...that are : • Generally, you disable DNS Proxy in the LAN Groups Database. These requests also generate an entry in the firewall settings (see "Attack Checks" on the LAN screen) enabled is enabled, and will appear in the LAN Groups menu contains a list ...client requests from the database, either IP address or MAC addresses. However, sometimes the name of this VPN firewall is strongly recommended. • Scanning the Network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual a. Because of the PC or device cannot be accurately determined, and will accept and respond...
FVS318G User Manual
Page 89
...Remote LAN IP Address and Subnet Mask fields. Once you manage the VPN settings; If this information is not allowed. This name used to enable keepalive which will fail to the remote VPN endpoint. 4. Note: The Remote LAN IP address must be 192... the Internet name of 8 characters and should be a minimum of the remote gateway. Virtual Private Networking Using IPsec 5-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter a descriptive name for the WAN addresses. 6. Both local and remote endpoints should not exceed 49 characters. 5. This...
...Remote LAN IP Address and Subnet Mask fields. Once you manage the VPN settings; If this information is not allowed. This name used to enable keepalive which will fail to the remote VPN endpoint. 4. Note: The Remote LAN IP address must be 192... the Internet name of 8 characters and should be a minimum of the remote gateway. Virtual Private Networking Using IPsec 5-3 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter a descriptive name for the WAN addresses. 6. Both local and remote endpoints should not exceed 49 characters. 5. This...