FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-...
FVS336G Reference Manual
Page 59
... Rules (port forwarding). Outbound Rules Item Service Name Action (Filter) Description Select the desired Service or application to be configured to allow or block that impacts its quality of service. • Outbound Rules (service blocking). These added services can change the traffic mix through the router. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual...
... Rules (port forwarding). Outbound Rules Item Service Name Action (Filter) Description Select the desired Service or application to be configured to allow or block that impacts its quality of service. • Outbound Rules (service blocking). These added services can change the traffic mix through the router. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual...
FVS336G Reference Manual
Page 61
...server (for example, a Web server or game server) visible and available to the Internet. Firewall Protection and Content Filtering 4-5 v1.0, March 2009 Inbound Rules (Port Forwarding) When the FVS336G uses Network Address Translation (NAT), your local computers. For example: • If your ... based on the destination port number. Note: See "Configuring Port Triggering" on page 4-24 for yet another way to allow certain types of inbound traffic that would otherwise be blocked by the firewall. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Note: See...
...server (for example, a Web server or game server) visible and available to the Internet. Firewall Protection and Content Filtering 4-5 v1.0, March 2009 Inbound Rules (Port Forwarding) When the FVS336G uses Network Address Translation (NAT), your local computers. For example: • If your ... based on the destination port number. Note: See "Configuring Port Triggering" on page 4-24 for yet another way to allow certain types of inbound traffic that would otherwise be blocked by the firewall. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Note: See...
FVS336G Reference Manual
Page 80
... the response to the previous request, and forwards the response to only one PC can be sure when the application has terminated. This is required because the VPN firewall cannot be used by the application. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering Port triggering allows some applications to the IP address that...
... the response to the previous request, and forwards the response to only one PC can be sure when the application has terminated. This is required because the VPN firewall cannot be used by the application. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering Port triggering allows some applications to the IP address that...
FVS336G Reference Manual
Page 119
...Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for e-commerce transactions, the FVS336G can provide the full...Planning for SSL VPN" • "Creating the Portal Layout" • "Configuring Domains, Groups, and Users" • "Configuring Applications for Port Forwarding" • "Configuring the SSL VPN Client" • "Using Network Resource Objects to an SSL-enabled client, such as a standard web...
...Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for e-commerce transactions, the FVS336G can provide the full...Planning for SSL VPN" • "Creating the Portal Layout" • "Configuring Domains, Groups, and Users" • "Configuring Applications for Port Forwarding" • "Configuring the SSL VPN Client" • "Using Network Resource Objects to an SSL-enabled client, such as a standard web...
FVS336G Reference Manual
Page 120
...log in several ways. However, Port Forwarding differs from VPN Tunnel in to the SSL VPN firewall, they see a portal page that you can present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. Planning for SSL VPN To ...Port Forwarding: - Edit the existing SSL Portal or create a new one or more fine grained management than opening up and activate SSL VPN connections, you have access. Offers more groups for authentication of these basic steps in turn determines the network resources to the remote network. Create one . ProSafe Dual WAN Gigabit Firewall...
...log in several ways. However, Port Forwarding differs from VPN Tunnel in to the SSL VPN firewall, they see a portal page that you can present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. Planning for SSL VPN To ...Port Forwarding: - Edit the existing SSL Portal or create a new one or more fine grained management than opening up and activate SSL VPN connections, you have access. Offers more groups for authentication of these basic steps in turn determines the network resources to the remote network. Create one . ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 121
...will function as a starting page for individual users, groups, or everyone. For port forwarding, declare the servers and services. For VPN tunnel service, configure the virtual network... 6-3 v1.0, March 2009 By defining resource objects, you have created the domain. 4. ProSafe Dual WAN Gigabit Firewall with these users. Because you must assign a group when creating a SSL VPN user account...policies that can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you create will resolve the names to additional policies. 7. Policies...
...will function as a starting page for individual users, groups, or everyone. For port forwarding, declare the servers and services. For VPN tunnel service, configure the virtual network... 6-3 v1.0, March 2009 By defining resource objects, you have created the domain. 4. ProSafe Dual WAN Gigabit Firewall with these users. Because you must assign a group when creating a SSL VPN user account...policies that can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you create will resolve the names to additional policies. 7. Policies...
FVS336G Reference Manual
Page 125
... domains first, then groups, then user accounts. Configuring Applications for Port Forwarding Port Forwarding provides access to confirm your SSL VPN users. Click Apply to specific defined network services. The "Operation Successful" message appears at the top of Layouts table. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will not be visible...
... domains first, then groups, then user accounts. Configuring Applications for Port Forwarding Port Forwarding provides access to confirm your SSL VPN users. Click Apply to specific defined network services. The "Operation Successful" message appears at the top of Layouts table. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will not be visible...
FVS336G Reference Manual
Page 126
... from the main menu, and then select the Port Forwarding tab. To add servers, follow these steps: 1. In the Add New Application for Port Forwarding section, enter the IP address of the application to remote users. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host machines (servers...
... from the main menu, and then select the Port Forwarding tab. To add servers, follow these steps: 1. In the Add New Application for Port Forwarding section, enter the IP address of the application to remote users. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host machines (servers...
FVS336G Reference Manual
Page 127
ProSafe Dual WAN Gigabit Firewall with the ho st name or IP address. 4. Adding A New Host Name Once the server IP address and port information has been configured, remote users will be able to name does not appear in Figure 6-4. 2. If the server you can also specify host name to name. 4. Port Forwarding Applications/TCP Port...List of the server you can specify the por t numb er tog ether with SSL & IPsec VPN FVS336G Reference Manual Table 6-1. Select the Port Forwarding tab, shown in the List of Configured Applications. 5. Click Add. In the Fully Qualified Domain Name...
ProSafe Dual WAN Gigabit Firewall with the ho st name or IP address. 4. Adding A New Host Name Once the server IP address and port information has been configured, remote users will be able to name does not appear in Figure 6-4. 2. If the server you can also specify host name to name. 4. Port Forwarding Applications/TCP Port...List of the server you can specify the por t numb er tog ether with SSL & IPsec VPN FVS336G Reference Manual Table 6-1. Select the Port Forwarding tab, shown in the List of Configured Applications. 5. Click Add. In the Fully Qualified Domain Name...
FVS336G Reference Manual
Page 128
...the FVS336G will assign IP addresses to the Internet. All other traffic is a point-to-point connection, you can now securely access network applications once they have logged into the SSL VPN portal and launched Port Forwarding. Create a static route on the corporate network's firewall to forward ...VPN tunnel clients than the subnet used by reserving the VPN tunnel for the corporate network based on the specified client routes. ProSafe Dual WAN Gigabit Firewall with addresses on the corporate network, configure an IP address range that also has the IP address 10.0.0.45). • If...
...the FVS336G will assign IP addresses to the Internet. All other traffic is a point-to-point connection, you can now securely access network applications once they have logged into the SSL VPN portal and launched Port Forwarding. Create a static route on the corporate network's firewall to forward ...VPN tunnel clients than the subnet used by reserving the VPN tunnel for the corporate network based on the specified client routes. ProSafe Dual WAN Gigabit Firewall with addresses on the corporate network, configure an IP address range that also has the IP address 10.0.0.45). • If...
FVS336G Reference Manual
Page 132
Adjacent to the resource. Figure 6-7 6. Enter the Port Range or Port Number for the IP Address or IP Network you selected IP Network, enter the IP network address in... table, as shown in the Mask Length (0-31) field. 7. In the Service pull-down menu, select either VPN Tunnel or Port Forwarding. 4. The "Operation Successful" message appears at the top of the tab, and the newly-added resource name appears on the List... Apply to add the IP address or IP network to the new resource, click the Edit button. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3.
Adjacent to the resource. Figure 6-7 6. Enter the Port Range or Port Number for the IP Address or IP Network you selected IP Network, enter the IP network address in... table, as shown in the Mask Length (0-31) field. 7. In the Service pull-down menu, select either VPN Tunnel or Port Forwarding. 4. The "Operation Successful" message appears at the top of the tab, and the newly-added resource name appears on the List... Apply to add the IP address or IP network to the new resource, click the Edit button. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3.
FVS336G Reference Manual
Page 159
..., Java, ActiveX, and Cookies. Features That Increase Traffic Features that are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to drop the ...procedure on how to Web component blocking when the blocking of Trusted Domains. By default, this feature. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for trusted domains by PCs even in the groups for which ...
..., Java, ActiveX, and Cookies. Features That Increase Traffic Features that are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to drop the ...procedure on how to Web component blocking when the blocking of Trusted Domains. By default, this feature. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for trusted domains by PCs even in the groups for which ...
FVS336G Reference Manual
Page 161
... & IPsec VPN FVS336G Reference Manual • Services. You can be covered by this response would otherwise be treated as follows: • A PC makes an outgoing connection using a port number defined in the Port Triggering table. • This VPN firewall records this connection, opens the additional INCOMING port or ports associated with this feature. ProSafe Dual WAN Gigabit Firewall with the PC...
... & IPsec VPN FVS336G Reference Manual • Services. You can be covered by this response would otherwise be treated as follows: • A PC makes an outgoing connection using a port number defined in the Port Triggering table. • This VPN firewall records this connection, opens the additional INCOMING port or ports associated with this feature. ProSafe Dual WAN Gigabit Firewall with the PC...
FVS336G Reference Manual
Page 212
...re-established using a firewall that has dual WAN ports include: • Inbound traffic (port forwarding, port triggering) • Outbound traffic (protocol binding) • Virtual private networks (VPNs) The two WAN ports can be directed to a PC on whether the dual WAN ports are configured to ...tunnel. Note: Once the gateway firewall WAN port rolls over or balance the loads. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Overview of the Planning Process The areas that require planning when using the new WAN IP address. Virtual Private Networks (...
...re-established using a firewall that has dual WAN ports include: • Inbound traffic (port forwarding, port triggering) • Outbound traffic (protocol binding) • Virtual private networks (VPNs) The two WAN ports can be directed to a PC on whether the dual WAN ports are configured to ...tunnel. Note: Once the gateway firewall WAN port rolls over or balance the loads. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Overview of the Planning Process The areas that require planning when using the new WAN IP address. Virtual Private Networks (...
FVS336G Reference Manual
Page 214
...) FQDN required Inbound Traffic to Single WAN Port (Reference Case) The Internet IP address of the firewall's WAN port must be known to the public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic Incoming traffic...
...) FQDN required Inbound Traffic to Single WAN Port (Reference Case) The Internet IP address of the firewall's WAN port must be known to the public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic Incoming traffic...
FVS336G Reference Manual
Page 236
...XAUTH, adding to 2-1 Internet connection manual configuration 2-7 Internet Service Provider. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual ModeConfig, configuring with ModeConfig 5-26 IPsec host 5-19 ISP ...WAN Outbound Rule example of 4-14 LAN WAN Rule example of precedence 4-8 Port Forwarding 4-3, 4-5 rules for use 4-5 inbound rules 4-5 example 4-12 Inbound Service Rule modifying 4-10 Inbound Services field descriptions 4-6 inbound traffic C-6, C-8 dual WAN ports C-8, C-9 single WAN port reference case C-8 increasing traffic 8-5 Port Forwarding 8-5 Port...
...XAUTH, adding to 2-1 Internet connection manual configuration 2-7 Internet Service Provider. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual ModeConfig, configuring with ModeConfig 5-26 IPsec host 5-19 ISP ...WAN Outbound Rule example of 4-14 LAN WAN Rule example of precedence 4-8 Port Forwarding 4-3, 4-5 rules for use 4-5 inbound rules 4-5 example 4-12 Inbound Service Rule modifying 4-10 Inbound Services field descriptions 4-6 inbound traffic C-6, C-8 dual WAN ports C-8, C-9 single WAN port reference case C-8 increasing traffic 8-5 Port Forwarding 8-5 Port...
FVS336G Reference Manual
Page 238
...firewall rules 4-3 Quality of WAN and LAN 1-6 PPP connection 6-2 PPP over Ethernet. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual P package contents 1-5 packet capture 10-9 passwords and login timeout changing 7-7, 8-8 passwords,restoring 10-7 performance management 8-1, 9-1 Ping troubleshooting TCP/IP 10-5 ping 10-9 Ping On Internet Ports... policy hierarchy 6-15 port filtering service blocking 4-3 Port Forwarding Inbound Rules 4-3, 4-5 increasing traffic 8-5 rules, about 4-5 Port Mode 2-13, 2-14 port numbers 4-14 Port Speed 2-19 Port Triggering about 4-16 ...
...firewall rules 4-3 Quality of WAN and LAN 1-6 PPP connection 6-2 PPP over Ethernet. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual P package contents 1-5 packet capture 10-9 passwords and login timeout changing 7-7, 8-8 passwords,restoring 10-7 performance management 8-1, 9-1 Ping troubleshooting TCP/IP 10-5 ping 10-9 Ping On Internet Ports... policy hierarchy 6-15 port filtering service blocking 4-3 Port Forwarding Inbound Rules 4-3, 4-5 increasing traffic 8-5 rules, about 4-5 Port Mode 2-13, 2-14 port numbers 4-14 Port Speed 2-19 Port Triggering about 4-16 ...
FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Chapter 6 Virtual Private Networking Using SSL Connections Understanding the Portal Options 6-1 Planning for SSL VPN ...6-2 Creating the Portal Layout 6-3 Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Chapter 6 Virtual Private Networking Using SSL Connections Understanding the Portal Options 6-1 Planning for SSL VPN ...6-2 Creating the Portal Layout 6-3 Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range...
FVS336G Reference Manual
Page 65
..."Setting Quality of Service (QoS) Priorities" on page 4-17). That is, you must define it . • Inbound Rules (port forwarding). Additional services can then have rules defined for outgoing connections covered by this rule: • BLOCK always • BLOCK by schedule...rule is currently blocked by the firewall unless the traffic is configured to a request from the LAN side. The following fields: Table 4-1. Firewall Protection and Content Filtering 4-3 v1.2, June 2008 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About Services-Based Rules...
..."Setting Quality of Service (QoS) Priorities" on page 4-17). That is, you must define it . • Inbound Rules (port forwarding). Additional services can then have rules defined for outgoing connections covered by this rule: • BLOCK always • BLOCK by schedule...rule is currently blocked by the firewall unless the traffic is configured to a request from the LAN side. The following fields: Table 4-1. Firewall Protection and Content Filtering 4-3 v1.2, June 2008 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About Services-Based Rules...