FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for Client...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for Client...
FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13...
FVS336G Reference Manual
Page 15
... or increased throughput. • Built-in case of failure of Gigabit Ethernet LAN and WAN ports ensures extremely high data transfer speeds The FVS336G is a plug-and-play device that can be installed and configured within minutes. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your primary Internet connection. This chapter contains the following sections...
... or increased throughput. • Built-in case of failure of Gigabit Ethernet LAN and WAN ports ensures extremely high data transfer speeds The FVS336G is a plug-and-play device that can be installed and configured within minutes. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your primary Internet connection. This chapter contains the following sections...
FVS336G Reference Manual
Page 16
... for maximum bandwidth efficiency. Bundled with customizable user portals and support for a wide variety of the NETGEAR ProSafe VPN Client software (VPN01L) - ProSafe Dual WAN Gigabit Firewall with broad protocol support for secure connection to other IPsec gateways and clients. - IPsec VPN with SSL & IPsec VPN FVS336G Reference Manual • Easy, web-based setup for installation and management. • Front panel LEDs...
... for maximum bandwidth efficiency. Bundled with customizable user portals and support for a wide variety of the NETGEAR ProSafe VPN Client software (VPN01L) - ProSafe Dual WAN Gigabit Firewall with broad protocol support for secure connection to other IPsec gateways and clients. - IPsec VPN with SSL & IPsec VPN FVS336G Reference Manual • Easy, web-based setup for installation and management. • Front panel LEDs...
FVS336G Reference Manual
Page 17
...with SSL & IPsec VPN FVS336G Reference Manual - Introduction 1-3 v1.0, March 2009 The four LAN and two WAN interfaces are autosensing and capable of firewall ...policies by screening for Web services, Web addresses, and keywords within Web addresses. This feature eliminates the need to access objectionable Internet sites. • Permits scheduling of full-duplex or half-duplex operation. ProSafe Dual WAN Gigabit Firewall...
...with SSL & IPsec VPN FVS336G Reference Manual - Introduction 1-3 v1.0, March 2009 The four LAN and two WAN interfaces are autosensing and capable of firewall ...policies by screening for Web services, Web addresses, and keywords within Web addresses. This feature eliminates the need to access objectionable Internet sites. • Permits scheduling of full-duplex or half-duplex operation. ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 22
... Web Browsers To configure the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN, an administrator must use with the VPN firewall's Web Management Interface for configuring the VPN firewall, SSL VPN users should choose a browser that Java is only required for use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with SSL & IPsec VPN FVS336G Reference Manual Default IP Address...
... Web Browsers To configure the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN, an administrator must use with the VPN firewall's Web Management Interface for configuring the VPN firewall, SSL VPN users should choose a browser that Java is only required for use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with SSL & IPsec VPN FVS336G Reference Manual Default IP Address...
FVS336G Reference Manual
Page 119
...; "Creating the Portal Layout" • "Configuring Domains, Groups, and Users" • "Configuring Applications for a pre-installed VPN client on their computers. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for Port...
...; "Creating the Portal Layout" • "Configuring Domains, Groups, and Users" • "Configuring Applications for a pre-installed VPN client on their computers. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for Port...
FVS336G Reference Manual
Page 120
...applications and resources that you can present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. However, Port Forwarding differs from VPN Tunnel in this order: 1. The VPN firewall will perform these SSL service levels, depending on the user's PC. Offers more...remote user to the remote network. ProSafe Dual WAN Gigabit Firewall with one or more authentication domains for your SSL VPN users. 6-2 Virtual Private Networking Using SSL Connections v1.0, March 2009 Upon successful connection, an ActiveX-based SSL VPN client is a web-based client that...
...applications and resources that you can present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. However, Port Forwarding differs from VPN Tunnel in this order: 1. The VPN firewall will perform these SSL service levels, depending on the user's PC. Offers more...remote user to the remote network. ProSafe Dual WAN Gigabit Firewall with one or more authentication domains for your SSL VPN users. 6-2 Virtual Private Networking Using SSL Connections v1.0, March 2009 Upon successful connection, an ActiveX-based SSL VPN client is a web-based client that...
FVS336G Reference Manual
Page 121
... you can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you define the SSL VPN policies that remote users will see when they log into the portal. Configure the portal's SSL VPN Client to the servers using the list you have created...local IP addresses to create a custom page that determine network resource access for restricted users; ProSafe Dual WAN Gigabit Firewall with these users. Because you must assign a group when creating a SSL VPN user account, the user account is completely customizable, it were on the local network. ...
... you can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you define the SSL VPN policies that remote users will see when they log into the portal. Configure the portal's SSL VPN Client to the servers using the list you have created...local IP addresses to create a custom page that determine network resource access for restricted users; ProSafe Dual WAN Gigabit Firewall with these users. Because you must assign a group when creating a SSL VPN user account, the user account is completely customizable, it were on the local network. ...
FVS336G Reference Manual
Page 122
... portal layout name. You can also make any portal the default portal for the SSL VPN firewall by selecting from the main menu, and then select the Portal Layouts tab. Select VPN > SSL VPN from available portal layouts in the Action column of the List of Layouts, to...the Portal Layout to one or more authentication domains (see XREF to apply a Portal Layout to a Domain). Figure 6-1 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Portal Layouts are applied by clicking the default button in the configuration of the desired portal layout. You can also make...
... portal layout name. You can also make any portal the default portal for the SSL VPN firewall by selecting from the main menu, and then select the Portal Layouts tab. Select VPN > SSL VPN from available portal layouts in the Action column of the List of Layouts, to...the Portal Layout to one or more authentication domains (see XREF to apply a Portal Layout to a Domain). Figure 6-1 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Portal Layouts are applied by clicking the default button in the configuration of the desired portal layout. You can also make...
FVS336G Reference Manual
Page 123
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3. In the Portal Site Title field, enter a title that unlike most other types of characters or spaces, the layout name will be ... or include HTML and JavaScript tags. In the Portal Layout and Theme Name section of the user's web browser window. The maximum length of the SSL VPN portal URL. This name will be truncated before they log in to the portal, enter the banner title text in the Banner Title field. Also...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3. In the Portal Site Title field, enter a title that unlike most other types of characters or spaces, the layout name will be ... or include HTML and JavaScript tags. In the Portal Layout and Theme Name section of the user's web browser window. The maximum length of the SSL VPN portal URL. This name will be truncated before they log in to the portal, enter the banner title text in the Banner Title field. Also...
FVS336G Reference Manual
Page 124
... "ActiveX web cache cleaner checkbox to load an ActiveX cache control when users log in to this Portal Layout. d. e. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual on the Login screen as shown below Figure 6-3 As shown in the figure, the banner title text is displayed... control directives include: These directives help prevent clients browsers from caching SSL VPN portal pages and other web content. The banner message text is displayed in the orange header bar. Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox to apply...
... "ActiveX web cache cleaner checkbox to load an ActiveX cache control when users log in to this Portal Layout. d. e. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual on the Login screen as shown below Figure 6-3 As shown in the figure, the banner title text is displayed... control directives include: These directives help prevent clients browsers from caching SSL VPN portal pages and other web content. The banner message text is displayed in the orange header bar. Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox to apply...
FVS336G Reference Manual
Page 125
...portal navigation menu. Configuring Domains, Groups, and Users Remote users connecting to access. Therefore, you wish users to the SSL VPN firewall must specify a group. The "Operation Successful" message appears at the top of Layouts table. Your new layout appears in...client will reroute this traffic to specific defined network services. 5. Provides full network connectivity. • Port Forwarding. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will prompt the user to Display section, check the checkboxes for the portal ...
...portal navigation menu. Configuring Domains, Groups, and Users Remote users connecting to access. Therefore, you wish users to the SSL VPN firewall must specify a group. The "Operation Successful" message appears at the top of Layouts table. Your new layout appears in...client will reroute this traffic to specific defined network services. 5. Provides full network connectivity. • Port Forwarding. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will prompt the user to Display section, check the checkboxes for the portal ...
FVS336G Reference Manual
Page 126
...SMTP (send mail) HTTP (web) Port Number 20 21 22a 23a 25 80 6-8 Virtual Private Networking Using SSL Connections v1.0, March 2009 Select VPN > SSL VPN from the main menu, and then select the Port Forwarding tab. In the TCP Port field, enter the...Figure 6-4 2. The table below lists many commonly used TCP applications and port numbers. The Port Forwarding screen will display.. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host machines (servers) and TCP applications available...
...SMTP (send mail) HTTP (web) Port Number 20 21 22a 23a 25 80 6-8 Virtual Private Networking Using SSL Connections v1.0, March 2009 Select VPN > SSL VPN from the main menu, and then select the Port Forwarding tab. In the TCP Port field, enter the...Figure 6-4 2. The table below lists many commonly used TCP applications and port numbers. The Port Forwarding screen will display.. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host machines (servers) and TCP applications available...
FVS336G Reference Manual
Page 128
... the same IP address as the server or the VPN firewall (for the VPN tunnel clients to the VPN firewall. • Select whether you to the Internet. ProSafe Dual WAN Gigabit Firewall with addresses on your local network. Configuring the SSL VPN Client The SSL VPN Client within the FVS336G will assign IP addresses to the VPN tunnel clients than the subnet used by reserving the...
... the same IP address as the server or the VPN firewall (for the VPN tunnel clients to the VPN firewall. • Select whether you to the Internet. ProSafe Dual WAN Gigabit Firewall with addresses on your local network. Configuring the SSL VPN Client The SSL VPN Client within the FVS336G will assign IP addresses to the VPN tunnel clients than the subnet used by reserving the...
FVS336G Reference Manual
Page 129
The "Operation Successful" message appears at the top of the IP address range. 6. The SSL VPN Client screen will display.. In the Client Address Range Begin field, enter the first IP address of the tab...Optional) Enter a DNS Suffix to be assigned to VPN tunnel clients, then define the address range. Select VPN > SSL VPN from the main menu, and then select the SSL VPN Client tab. Virtual Private Networking Using SSL Connections v1.0, March 2009 6-11 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the Client IP Address Range Determine...
The "Operation Successful" message appears at the top of the IP address range. 6. The SSL VPN Client screen will display.. In the Client Address Range Begin field, enter the first IP address of the tab...Optional) Enter a DNS Suffix to be assigned to VPN tunnel clients, then define the address range. Select VPN > SSL VPN from the main menu, and then select the SSL VPN Client tab. Virtual Private Networking Using SSL Connections v1.0, March 2009 6-11 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the Client IP Address Range Determine...
FVS336G Reference Manual
Page 130
... clients are currently connected. In the Configured Client Routes table, click the Delete button adjacent to reconnect and receive new addresses and routes. ProSafe Dual WAN Gigabit Firewall with the correct specifications. 2. Make a new entry with SSL & IPsec VPN FVS336G Reference Manual VPN tunnel clients are now able to connect to be changed, follow these steps: 1. To add an...
... clients are currently connected. In the Configured Client Routes table, click the Delete button adjacent to reconnect and receive new addresses and routes. ProSafe Dual WAN Gigabit Firewall with the correct specifications. 2. Make a new entry with SSL & IPsec VPN FVS336G Reference Manual VPN tunnel clients are now able to connect to be changed, follow these steps: 1. To add an...
FVS336G Reference Manual
Page 131
... v1.0, March 2009 6-13 But for any reason, you can more quickly create and configure network policies. Select VPN > SSL VPN from the main men, and then select the Resources tab. In the Add New Resource section, type the (qualified) ...resources. If your server or network configuration changes, by using individual IP addresses or IP networks rather than predefined network resources. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. The Resources screen will not need to create access policies using network resources you can choose to redefine the same...
... v1.0, March 2009 6-13 But for any reason, you can more quickly create and configure network policies. Select VPN > SSL VPN from the main men, and then select the Resources tab. In the Add New Resource section, type the (qualified) ...resources. If your server or network configuration changes, by using individual IP addresses or IP networks rather than predefined network resources. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. The Resources screen will not need to create access policies using network resources you can choose to redefine the same...
FVS336G Reference Manual
Page 133
...policies take precedence. Assuming that applies to a range of addresses. Virtual Private Networking Using SSL Connections v1.0, March 2009 6-15 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring User, Group, and Global Policies An administrator can define and apply user,... based on the individual address or address range, not the entire network resource. The VPN firewall policy hierarchy is invoked over a policy applied to different SSL VPN services. The FTP Servers network resource includes the following global policy configuration: • ...
...policies take precedence. Assuming that applies to a range of addresses. Virtual Private Networking Using SSL Connections v1.0, March 2009 6-15 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring User, Group, and Global Policies An administrator can define and apply user,... based on the individual address or address range, not the entire network resource. The VPN firewall policy hierarchy is invoked over a policy applied to different SSL VPN services. The FTP Servers network resource includes the following global policy configuration: • ...
FVS336G Reference Manual
Page 134
... relevant user's name from the main menu, and then select the Policies tab. Select VPN > SSL VPN from the pulldown menu. 3. The List of SSL VPN Policies will display. Figure 6-8 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An FTP server at ftp.company.com, the user would not be... specific than the IP address range configured in Policy 2. Make your selected Query option. 6-16 Virtual Private Networking Using SSL Connections v1.0, March 2009 Click the Display button. The VPN firewall policy engine does not perform reverse DNS lookups.
... relevant user's name from the main menu, and then select the Policies tab. Select VPN > SSL VPN from the pulldown menu. 3. The List of SSL VPN Policies will display. Figure 6-8 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An FTP server at ftp.company.com, the user would not be... specific than the IP address range configured in Policy 2. Make your selected Query option. 6-16 Virtual Private Networking Using SSL Connections v1.0, March 2009 Click the Display button. The VPN firewall policy engine does not perform reverse DNS lookups.