FVS336G Reference Manual
Page 1
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10257-04 v1.0
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10257-04 v1.0
FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
FVS336G Reference Manual
Page 14
For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in personal injury or death. Revision History Part Number Version Number Date Description 202-10257-01 1.0 202-...topic • Correct the firewall scheduling topic xiv v1.0, March 2009 Failure to align with SSL & IPsec VPN FVS336G Reference Manual Danger: This is a safety warning. Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/FVS336G.asp. ProSafe Dual WAN Gigabit Firewall with router firmware update.
For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in personal injury or death. Revision History Part Number Version Number Date Description 202-10257-01 1.0 202-...topic • Correct the firewall scheduling topic xiv v1.0, March 2009 Failure to align with SSL & IPsec VPN FVS336G Reference Manual Danger: This is a safety warning. Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/FVS336G.asp. ProSafe Dual WAN Gigabit Firewall with router firmware update.
FVS336G Reference Manual
Page 16
... to other IPsec gateways and clients. - The firewall balances users between a central office and telecommuters. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Easy, web-based setup ...FVS336G has two broadband WAN ports. Dual WAN Ports for firmware upgrade. • Internal universal switching power supply. The second WAN port allows you to connect a second broadband Internet line that can be configured on page C-1 for secure connection to consider when implementing the following capabilities with the single-user license of the NETGEAR ProSafe...
... to other IPsec gateways and clients. - The firewall balances users between a central office and telecommuters. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Easy, web-based setup ...FVS336G has two broadband WAN ports. Dual WAN Ports for firmware upgrade. • Internal universal switching power supply. The second WAN port allows you to connect a second broadband Internet line that can be configured on page C-1 for secure connection to consider when implementing the following capabilities with the single-user license of the NETGEAR ProSafe...
FVS336G Reference Manual
Page 19
... license. • Warranty and Support Information Card. Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • VPN Wizard. Application Notes and other VPNCcompliant...
... license. • Warranty and Support Information Card. Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • VPN Wizard. Application Notes and other VPNCcompliant...
FVS336G Reference Manual
Page 20
... 1-1 The function of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. The Internet connection is down or not being transmitted or received by the WAN port. The LAN port is operating at 100 Mbps. Test mode: The system ...is not supplied to return the firewall for failover. The system has booted successfully. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual If any of each LED is described in the following table: Table 1-1. Front Panel Features The ProSafe Dual WAN Gigabit Firewall with a connected Ethernet device.
... 1-1 The function of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. The Internet connection is down or not being transmitted or received by the WAN port. The LAN port is operating at 100 Mbps. Test mode: The system ...is not supplied to return the firewall for failover. The system has booted successfully. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual If any of each LED is described in the following table: Table 1-1. Front Panel Features The ProSafe Dual WAN Gigabit Firewall with a connected Ethernet device.
FVS336G Reference Manual
Page 23
...PDF of the Installation Guide is described in to complete the basic Internet connection of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for complete steps. See "Logging into the VPN Firewall Router" on page 2-2 • "Navigating the Menus" on page 2-3 •...WAN Options (Optional)" on page 2-10. 2-1 v1.0, March 2009 For load balancing, you can also program the WAN traffic meters at : http://kbserver.netgear.com. 2. Log in this time. See "Configuring the WAN Mode (Required for dual WAN operation). See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall...
...PDF of the Installation Guide is described in to complete the basic Internet connection of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for complete steps. See "Logging into the VPN Firewall Router" on page 2-2 • "Navigating the Menus" on page 2-3 •...WAN Options (Optional)" on page 2-10. 2-1 v1.0, March 2009 For load balancing, you can also program the WAN traffic meters at : http://kbserver.netgear.com. 2. Log in this time. See "Configuring the WAN Mode (Required for dual WAN operation). See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 32
... any changes and revert to the VPN firewall using the same steps as WAN1. Configuring the WAN Mode (Required for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. Click Apply to save ...ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured on a mutually exclusive basis for either auto-rollover (for increased system reliability) or load balancing (for maximum bandwidth efficiency), or one port can be inactivated. The VPN firewall will be disabled. 2-10 Connecting the FVS336G to the NETGEAR...
... any changes and revert to the VPN firewall using the same steps as WAN1. Configuring the WAN Mode (Required for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. Click Apply to save ...ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured on a mutually exclusive basis for either auto-rollover (for increased system reliability) or load balancing (for maximum bandwidth efficiency), or one port can be inactivated. The VPN firewall will be disabled. 2-10 Connecting the FVS336G to the NETGEAR...
FVS336G Reference Manual
Page 70
...that you have defined, as shown in Figure 4-7. 4-14 Firewall Protection and Content Filtering v1.0, March 2009 Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When ...limited to these choices. Place the new rule below all protocols. 2. Although the FVS336G already holds a list of many common protocols are functions performed by the authors of...the Internet Engineering Task Force (IETF) and published in the Schedule menu. ProSafe Dual WAN Gigabit Firewall with destination port number 80 is exposed to many exploits from using applications ...
...that you have defined, as shown in Figure 4-7. 4-14 Firewall Protection and Content Filtering v1.0, March 2009 Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When ...limited to these choices. Place the new rule below all protocols. 2. Although the FVS336G already holds a list of many common protocols are functions performed by the authors of...the Internet Engineering Task Force (IETF) and published in the Schedule menu. ProSafe Dual WAN Gigabit Firewall with destination port number 80 is exposed to many exploits from using applications ...
FVS336G Reference Manual
Page 74
... is flooded, it unreachable by NETGEAR" message. 4-18 Firewall Protection and Content Filtering v1.0, March 2009 If flood checking is forced to send many ICMP packets, eventually making the attacker's network location anonymous. To prevent the VPN firewall from responding to Ping requests from... LAN Ports. To allow the VPN traffic to pass through the FVS336G. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual When blocking is enabled or disabled in the DHCP server configuration, the VPN firewall will service DNS requests sent to its own LAN IP address. ...
... is flooded, it unreachable by NETGEAR" message. 4-18 Firewall Protection and Content Filtering v1.0, March 2009 If flood checking is forced to send many ICMP packets, eventually making the attacker's network location anonymous. To prevent the VPN firewall from responding to Ping requests from... LAN Ports. To allow the VPN traffic to pass through the FVS336G. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual When blocking is enabled or disabled in the DHCP server configuration, the VPN firewall will service DNS requests sent to its own LAN IP address. ...
FVS336G Reference Manual
Page 89
...guides you through the setup procedure with SSL & IPsec VPN FVS336G Reference Manual Using the VPN Wizard for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. ProSafe Dual WAN Gigabit Firewall with a series of the VPN tunnel match or mirror each...to Gateway VPN Tunnels with the Wizard Figure 5-3 Follow these settings after completing the wizard. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following scenarios: • Using the wizard to configure a VPN tunnel between 2 VPN ...
...guides you through the setup procedure with SSL & IPsec VPN FVS336G Reference Manual Using the VPN Wizard for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. ProSafe Dual WAN Gigabit Firewall with a series of the VPN tunnel match or mirror each...to Gateway VPN Tunnels with the Wizard Figure 5-3 Follow these settings after completing the wizard. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following scenarios: • Using the wizard to configure a VPN tunnel between 2 VPN ...
FVS336G Reference Manual
Page 91
ProSafe Dual WAN Gigabit Firewall with IP addresses. A combination of the remote gateway in the Remote LAN IP Address and Subnet Mask fields. For example, if the local subnet is not allowed. Figure 5-5 9. If you just configured. Once you validate the connection, use the VPN Wizard to configure the second VPN firewall... to save your local WAN address are connecting to another NETGEAR VPN firewall, use the wizard to...WAN IP address must be 192.168.10.x. Tip: For DHCP WAN configurations, first, set up the tunnel with SSL & IPsec VPN FVS336G Reference Manual • Both the remote WAN...
ProSafe Dual WAN Gigabit Firewall with IP addresses. A combination of the remote gateway in the Remote LAN IP Address and Subnet Mask fields. For example, if the local subnet is not allowed. Figure 5-5 9. If you just configured. Once you validate the connection, use the VPN Wizard to configure the second VPN firewall... to save your local WAN address are connecting to another NETGEAR VPN firewall, use the wizard to...WAN IP address must be 192.168.10.x. Tip: For DHCP WAN configurations, first, set up the tunnel with SSL & IPsec VPN FVS336G Reference Manual • Both the remote WAN...
FVS336G Reference Manual
Page 108
... the network. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The FVS336G is the number of the RADIUS Server, the FVS336G's IP address may require a name, which you would also be...
... the network. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The FVS336G is the number of the RADIUS Server, the FVS336G's IP address may require a name, which you would also be...
FVS336G Reference Manual
Page 209
... Domain Name Server (DNS) Addresses Network Planning for Dual WAN Ports C-3 v1.0, March 2009 If the computer will connect to your firewall to your VPN firewall are in the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. Cabling and Computer Hardware...cable. Computer Network Configuration Requirements The FVS336G includes a built-in Appendix B, "Related Documents." These options include enabling a WAN port to respond to automatically get its TCP/IP configuration from the firewall via DHCP. NETGEAR recommends using Internet Explorer or Netscape...
... Domain Name Server (DNS) Addresses Network Planning for Dual WAN Ports C-3 v1.0, March 2009 If the computer will connect to your firewall to your VPN firewall are in the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. Cabling and Computer Hardware...cable. Computer Network Configuration Requirements The FVS336G includes a built-in Appendix B, "Related Documents." These options include enabling a WAN port to respond to automatically get its TCP/IP configuration from the firewall via DHCP. NETGEAR recommends using Internet Explorer or Netscape...
FVS336G Reference Manual
Page 21
... tunnels are interoperable with SSL & IPsec VPN. • Resource CD, including: - Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with other helpful information. Introduction 1-5 v1.2, June 2008 The VPN...
... tunnels are interoperable with SSL & IPsec VPN. • Resource CD, including: - Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with other helpful information. Introduction 1-5 v1.2, June 2008 The VPN...
FVS336G Reference Manual
Page 27
... the WAN Mode (Required for Dual WAN)" on page 2-11. 2-1 v1.2, June 2008 See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at: http://kbserver.netgear.com. 2. See "Configuring the Internet Connections" on page 2-2. 3. Chapter 2 Connecting the FVS336G to the Internet The initial Internet configuration of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for dual WAN...
... the WAN Mode (Required for Dual WAN)" on page 2-11. 2-1 v1.2, June 2008 See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at: http://kbserver.netgear.com. 2. See "Configuring the Internet Connections" on page 2-2. 3. Chapter 2 Connecting the FVS336G to the Internet The initial Internet configuration of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for dual WAN...
FVS336G Reference Manual
Page 112
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN 5-16 Virtual Private Networking Using.... If more PCs are unknown in advance. This procedure was developed and tested using: • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Auth. The default setting using the VPN Wizard is 3DES. (This setting ...for the VPN tunnel. The number of VPN client policies (IKE and VPN) that will use the NETGEAR ProSafe VPN Client software. Allows you to access individual policies to terminate or build the SA (connection), if...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN 5-16 Virtual Private Networking Using.... If more PCs are unknown in advance. This procedure was developed and tested using: • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Auth. The default setting using the VPN Wizard is 3DES. (This setting ...for the VPN tunnel. The number of VPN client policies (IKE and VPN) that will use the NETGEAR ProSafe VPN Client software. Allows you to access individual policies to terminate or build the SA (connection), if...
FVS336G Reference Manual
Page 119
... Retry Count. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Mode Config...
... Retry Count. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Mode Config...
FVS336G Reference Manual
Page 219
... an Ethernet cable. ProSafe Dual WAN Gigabit Firewall with your firewall. NETGEAR recommends using Internet Explorer or Netscape Navigator 5.0 or above. You are readily available for Dual WAN Ports C-3 v1.2, June 2008 If the computer will connect to your network at 100 Mbps, you will make these choices in Web Configuration Manager. Computer Network Configuration Requirements The FVS336G includes a built...
... an Ethernet cable. ProSafe Dual WAN Gigabit Firewall with your firewall. NETGEAR recommends using Internet Explorer or Netscape Navigator 5.0 or above. You are readily available for Dual WAN Ports C-3 v1.2, June 2008 If the computer will connect to your network at 100 Mbps, you will make these choices in Web Configuration Manager. Computer Network Configuration Requirements The FVS336G includes a built...