FVS336G Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File ... ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 xi v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File ... ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 xi v1.0, March 2009
FVS336G Reference Manual
Page 65
... allow the selected application from the drop-down menu. 3. The Add LAN WAN Outbound Service screen is for Advanced Administrators only! Figure 4-2 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Creating a LAN WAN Outbound Services Rule An outbound rule will cause serious problems. To create a new outbound service rule in the Schedule menu. Change the...
... allow the selected application from the drop-down menu. 3. The Add LAN WAN Outbound Service screen is for Advanced Administrators only! Figure 4-2 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Creating a LAN WAN Outbound Services Rule An outbound rule will cause serious problems. To create a new outbound service rule in the Schedule menu. Change the...
FVS336G Reference Manual
Page 73
... made. To enable the appropriate Attack Checks for connectivity problems. - The various types of SYN requests to a target system. ProSafe Dual WAN Gigabit Firewall with half-open connections. When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G Reference Manual Attack Checks The Attack Checks menu allows you...
... made. To enable the appropriate Attack Checks for connectivity problems. - The various types of SYN requests to a target system. ProSafe Dual WAN Gigabit Firewall with half-open connections. When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G Reference Manual Attack Checks The Attack Checks menu allows you...
FVS336G Reference Manual
Page 98
...click on the VPN client icon in the system tray should receive the message "Successfully connected to My Connections\gw1". NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these...This information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. ProSafe Dual WAN Gigabit Firewall with a connection.
...click on the VPN client icon in the system tray should receive the message "Successfully connected to My Connections\gw1". NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these...This information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. ProSafe Dual WAN Gigabit Firewall with a connection.
FVS336G Reference Manual
Page 116
... on opposite ends of DPD failures allowed before tearing down the connection. To solve this problem, you can configure the FVS336G to Enable Dead Peer Detection. 5. Figure 5-25 4. The default is 3 failures. ...Because VPN routers do not normally pass NetBIOS traffic, these network services do not work for several basic network services such as shown in Figure 5-25. In Reconnect after failure count, set the interval between consecutive DPD R-U-THERE messages. ProSafe Dual WAN Gigabit Firewall...
... on opposite ends of DPD failures allowed before tearing down the connection. To solve this problem, you can configure the FVS336G to Enable Dead Peer Detection. 5. Figure 5-25 4. The default is 3 failures. ...Because VPN routers do not normally pass NetBIOS traffic, these network services do not work for several basic network services such as shown in Figure 5-25. In Reconnect after failure count, set the interval between consecutive DPD R-U-THERE messages. ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 153
... Certificate Revocation List (CRL) A CRL (Certificate Revocation List) file shows certificates that you have been revoked and are no problems ensue, the certificate will appear in the Active Self Certificates list. Managing Users, Authentication, and Certificates v1.0, March 2009 7-.... You should obtain the CRL for the requested data, copy the data from the CA on page 7-12. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. You should also periodically check your CA's Certificate Revocation List, as described in "Managing your Certificate...
... Certificate Revocation List (CRL) A CRL (Certificate Revocation List) file shows certificates that you have been revoked and are no problems ensue, the certificate will appear in the Active Self Certificates list. Managing Users, Authentication, and Certificates v1.0, March 2009 7-.... You should obtain the CRL for the requested data, copy the data from the CA on page 7-12. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. You should also periodically check your CA's Certificate Revocation List, as described in "Managing your Certificate...
FVS336G Reference Manual
Page 156
... default rule will be listed. ProSafe Dual WAN Gigabit Firewall with one of the firewall will be the limiting factor to throughput for most installations. In such an event and with SSL & IPsec VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each )... • Rollover mode: 1.5 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will cause serious problems. Each rule lets you...
... default rule will be listed. ProSafe Dual WAN Gigabit Firewall with one of the firewall will be the limiting factor to throughput for most installations. In such an event and with SSL & IPsec VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each )... • Rollover mode: 1.5 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will cause serious problems. Each rule lets you...
FVS336G Reference Manual
Page 159
...Filtering)" on page 4-18 for the procedure on how to increase WAN-side loading are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. all traffic received ...when the blocking of Trusted Domains. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for trusted domains by PCs even in the groups for which keyword blocking has been enabled will cause serious problems. Router and Network Management 8-5 v1...
...Filtering)" on page 4-18 for the procedure on how to increase WAN-side loading are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. all traffic received ...when the blocking of Trusted Domains. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for trusted domains by PCs even in the groups for which keyword blocking has been enabled will cause serious problems. Router and Network Management 8-5 v1...
FVS336G Reference Manual
Page 191
... Configuration and Password" on page 10-7 • "Problems with SSL & IPsec VPN. If the port is 100 Mbps, the LED will be amber. b. After approximately two minutes, verify that are lit for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 •... "Using the Diagnostics Utilities" on . 2. The WAN port LINK/ACT LEDs are connected. This chapter contains the following section. If...
... Configuration and Password" on page 10-7 • "Problems with SSL & IPsec VPN. If the port is 100 Mbps, the LED will be amber. b. After approximately two minutes, verify that are lit for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 •... "Using the Diagnostics Utilities" on . 2. The WAN port LINK/ACT LEDs are connected. This chapter contains the following section. If...
FVS336G Reference Manual
Page 192
ProSafe Dual WAN Gigabit Firewall with the cable or DSL modem. If all the LEDs stay on, there is a fault within the firewall. LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not ...VPN FVS336G Reference Manual Power LED Not On If the Power and other LEDs are using the 12 V DC power adapter supplied by NETGEAR for about 10 seconds and then turn off when your VPN firewall is...might have a hardware problem and should contact technical support. If all LEDs are still on : • Make sure that the power cord is properly connected to your VPN firewall and that the power ...
ProSafe Dual WAN Gigabit Firewall with the cable or DSL modem. If all the LEDs stay on, there is a fault within the firewall. LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not ...VPN FVS336G Reference Manual Power LED Not On If the Power and other LEDs are using the 12 V DC power adapter supplied by NETGEAR for about 10 seconds and then turn off when your VPN firewall is...might have a hardware problem and should contact technical support. If all LEDs are still on : • Make sure that the power cord is properly connected to your VPN firewall and that the power ...
FVS336G Reference Manual
Page 194
...: 1. Troubleshooting the ISP Connection If your VPN firewall is shown for your PC's host name. If 0.0.0.0 is able to obtain a WAN IP address from the ISP, the problem may be caching the old configuration. If your VPN firewall is unable to obtain an IP address from the... modem. 2. To check the WAN IP address: 1. Assign the PC Host Name of the VPN firewall's configuration at https://192.168.1.1 3. The changes may have been assigned a static IP address, your VPN firewall must request an IP address from your ISP. ProSafe Dual WAN Gigabit Firewall with the ISP, reapply power...
...: 1. Troubleshooting the ISP Connection If your VPN firewall is shown for your PC's host name. If 0.0.0.0 is able to obtain a WAN IP address from the ISP, the problem may be caching the old configuration. If your VPN firewall is unable to obtain an IP address from the... modem. 2. To check the WAN IP address: 1. Assign the PC Host Name of the VPN firewall's configuration at https://192.168.1.1 3. The changes may have been assigned a static IP address, your VPN firewall must request an IP address from your ISP. ProSafe Dual WAN Gigabit Firewall with the ISP, reapply power...
FVS336G Reference Manual
Page 196
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see that the network address of your VPN firewall listed as in your PC's Network Control Panel. • Check to your workstation are correct...connected and functioning. • If your ISP assigned a host name to your cable or DSL modem is the IP address of the following problems: • Wrong physical connections - Verify that the Ethernet card driver software and TCP/IP software are both installed and configured on your PC...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see that the network address of your VPN firewall listed as in your PC's Network Control Panel. • Check to your workstation are correct...connected and functioning. • If your ISP assigned a host name to your cable or DSL modem is the IP address of the following problems: • Wrong physical connections - Verify that the Ethernet card driver software and TCP/IP software are both installed and configured on your PC...
FVS336G Reference Manual
Page 197
...broadband modem, but one of several Network Time Servers on the rear panel of the VPN firewall. Refer to reboot. Use this is not known. Problems with SSL & IPsec VPN FVS336G Reference Manual • Your ISP could be rejecting the Ethernet MAC addresses of all but some... settings without knowing the administration password or IP address, you have just completed configuring the VPN firewall, wait at least five minutes and check the date and time again. ProSafe Dual WAN Gigabit Firewall with Date and Time The Administration | Time Zone menu displays the current date and time of...
...broadband modem, but one of several Network Time Servers on the rear panel of the VPN firewall. Refer to reboot. Use this is not known. Problems with SSL & IPsec VPN FVS336G Reference Manual • Your ISP could be rejecting the Ethernet MAC addresses of all but some... settings without knowing the administration password or IP address, you have just completed configuring the VPN firewall, wait at least five minutes and check the date and time again. ProSafe Dual WAN Gigabit Firewall with Date and Time The Administration | Time Zone menu displays the current date and time of...
FVS336G Reference Manual
Page 199
... Item Ping or trace an IP address Perform a DNS lookup Display the routing table Reboot the VPN firewall Packet trace Description Ping - Note: Rebooting will display the internal routing table, which can be displayed in...netgear.com) to the Diagnostics screen. Lists all routers between the source (this if the VPN firewall seems to have become unstable or is intended to be used by Technical Support to diagnose routing problems. Used to perform a remote reboot (restart). If the specified address is not operating normally. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G...
... Item Ping or trace an IP address Perform a DNS lookup Display the routing table Reboot the VPN firewall Packet trace Description Ping - Note: Rebooting will display the internal routing table, which can be displayed in...netgear.com) to the Diagnostics screen. Lists all routers between the source (this if the VPN firewall seems to have become unstable or is intended to be used by Technical Support to diagnose routing problems. Used to perform a remote reboot (restart). If the specified address is not operating normally. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements...
FVS336G Reference Manual
Page 71
...Rule An outbound rule will cause serious problems. To create a new outbound service rule in the LAN WAN Rules tab: Firewall Protection and Content Filtering 4-9 v1.2, June 2008 Note: This feature is for Advanced Administrators only! Click the LAN WAN Rules tab, shown in the Schedule ...by choosing Block Always from an internal IP LAN address to an external WAN IP address according to your specific needs (see "Administrator Tips" on page 4-33). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default Outbound Policy, follow these rules to ...
...Rule An outbound rule will cause serious problems. To create a new outbound service rule in the LAN WAN Rules tab: Firewall Protection and Content Filtering 4-9 v1.2, June 2008 Note: This feature is for Advanced Administrators only! Click the LAN WAN Rules tab, shown in the Schedule ...by choosing Block Always from an internal IP LAN address to an external WAN IP address according to your specific needs (see "Administrator Tips" on page 4-33). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default Outbound Policy, follow these rules to ...
FVS336G Reference Manual
Page 81
... of attack checks are : • WAN Security Checks - Check the boxes for connectivity problems. - No legitimate connections can be protected from the Internet or WAN side. Block TCP Flood. The various ...Firewall Protection and Content Filtering v1.2, June 2008 4-19 ProSafe Dual WAN Gigabit Firewall with half-open connections. Respond To Ping On Internet Ports-By default, the VPN firewall does not respond to save your settings. Figure 4-9 3. When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G...
... of attack checks are : • WAN Security Checks - Check the boxes for connectivity problems. - No legitimate connections can be protected from the Internet or WAN side. Block TCP Flood. The various ...Firewall Protection and Content Filtering v1.2, June 2008 4-19 ProSafe Dual WAN Gigabit Firewall with half-open connections. Respond To Ping On Internet Ports-By default, the VPN firewall does not respond to save your settings. Figure 4-9 3. When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G...
FVS336G Reference Manual
Page 127
...connection. 7. Enter the Detection Period to bridge NetBIOS traffic over the VPN tunnel. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. DPD R-U-THERE messages are sent only when the IPSec traffic is 10 seconds. 6. Virtual Private Networking Using ... 2. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these steps: 1. Click the Yes radio button to the desired VPN policy. To solve this problem, you can configure the FVS336G to set...
...connection. 7. Enter the Detection Period to bridge NetBIOS traffic over the VPN tunnel. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. DPD R-U-THERE messages are sent only when the IPSec traffic is 10 seconds. 6. Virtual Private Networking Using ... 2. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these steps: 1. Click the Yes radio button to the desired VPN policy. To solve this problem, you can configure the FVS336G to set...
FVS336G Reference Manual
Page 161
... CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST"). b. Start the Self Certificate request procedure. Managing Users, Authentication, and Certificates v1.2, June 2008 7-13 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Copy the contents of the Data to supply to CA text box into a text file, including all of the CA. Submit... REQUEST---" to a CA: a. d. c. When prompted for the requested data, copy the data from your certificate request to "---END CERTIFICATE REQUEST---". 7. If no problems ensue, the certificate will be issued. 8.
... CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST"). b. Start the Self Certificate request procedure. Managing Users, Authentication, and Certificates v1.2, June 2008 7-13 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Copy the contents of the Data to supply to CA text box into a text file, including all of the CA. Submit... REQUEST---" to a CA: a. d. c. When prompted for the requested data, copy the data from your certificate request to "---END CERTIFICATE REQUEST---". 7. If no problems ensue, the certificate will be issued. 8.
FVS336G Reference Manual
Page 166
...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be the limiting factor to the Internet. Incorrect configuration will cause serious problems.... there is bound by schedule, otherwise Allow • ALLOW always 8-2 Router and Network Management v1.2, June 2008 ProSafe Dual WAN Gigabit Firewall with one exception, the traffic that would have not defined any rules, only the default rule will be listed. ...
...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be the limiting factor to the Internet. Incorrect configuration will cause serious problems.... there is bound by schedule, otherwise Allow • ALLOW always 8-2 Router and Network Management v1.2, June 2008 ProSafe Dual WAN Gigabit Firewall with one exception, the traffic that would have not defined any rules, only the default rule will be listed. ...