FVS336G Reference Manual
Page 2
... of Microsoft Corporation. NETGEAR does not assume any liability that to which the receiver is compliant with the limits for help. If this document without notice. This equipment generates, uses, and can be determined by testing to part 15 of some ii 1.0, March 2009 EU Regulatory Compliance Statement The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec...
... of Microsoft Corporation. NETGEAR does not assume any liability that to which the receiver is compliant with the limits for help. If this document without notice. This equipment generates, uses, and can be determined by testing to part 15 of some ii 1.0, March 2009 EU Regulatory Compliance Statement The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec...
FVS336G Reference Manual
Page 3
equipment (for example, test transmitters) in accordance with the regulations may become the cause of conditions and the following disclaimer in the documentation and/or other materials provided with .... The copyright holder's name must reproduce the above copyright notice, this list of this equipment on the market and has been granted the right to test the series for Telecommunications Approvals has been notified of the placing of conditions and the following conditions: 1. When used near a radio or TV receiver, it...
equipment (for example, test transmitters) in accordance with the regulations may become the cause of conditions and the following disclaimer in the documentation and/or other materials provided with .... The copyright holder's name must reproduce the above copyright notice, this list of this equipment on the market and has been granted the right to test the series for Telecommunications Approvals has been notified of the placing of conditions and the following conditions: 1. When used near a radio or TV receiver, it...
FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN...
FVS336G Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File ... Not On 10-2 LEDs Never Turn Off 10-2 LAN or WAN Port LEDs Not On 10-2 Troubleshooting the Web Configuration Interface 10-3 Troubleshooting the ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File ... Not On 10-2 LEDs Never Turn Off 10-2 LAN or WAN Port LEDs Not On 10-2 Troubleshooting the Web Configuration Interface 10-3 Troubleshooting the ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10...
FVS336G Reference Manual
Page 20
...ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN front panel shown below includes four groups of status indicator light-emitting diodes (LEDs), including Power and Test, WAN1, WAN2, and the LAN lights: Figure 1-1 The function of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. The WAN... is supplied to the VPN firewall. The WAN port has detected a link with SSL & IPsec VPN FVS336G Reference Manual If any of each LED is not supplied to the VPN firewall. LED Descriptions Object Activity PWR (Power) TEST WAN Ports ACTIVE On (Green) ...
...ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN front panel shown below includes four groups of status indicator light-emitting diodes (LEDs), including Power and Test, WAN1, WAN2, and the LAN lights: Figure 1-1 The function of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. The WAN... is supplied to the VPN firewall. The WAN port has detected a link with SSL & IPsec VPN FVS336G Reference Manual If any of each LED is not supplied to the VPN firewall. LED Descriptions Object Activity PWR (Power) TEST WAN Ports ACTIVE On (Green) ...
FVS336G Reference Manual
Page 21
... negotiating, Auto MDI/ MDIX, Gigabit Ethernet ports with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. ProSafe Dual WAN Gigabit Firewall with RJ-45 connectors. 4. The WAN port has detected a link with RJ-45 connectors. 3. Factory Defaults button: Using a sharp object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the...
... negotiating, Auto MDI/ MDIX, Gigabit Ethernet ports with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. ProSafe Dual WAN Gigabit Firewall with RJ-45 connectors. 4. The WAN port has detected a link with RJ-45 connectors. 3. Factory Defaults button: Using a sharp object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the...
FVS336G Reference Manual
Page 32
...for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. If you in the fields. 11. The text fields will be disabled. 2-10 Connecting the FVS336G to the VPN firewall using the same steps as WAN1. ProSafe Dual WAN Gigabit Firewall ...with SSL & IPsec VPN can be inactivated. If your IT department) has assigned DNS addresses, click Use these DNS Servers and enter the DNS server IP addresses provided to the NETGEAR...
...for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. If you in the fields. 11. The text fields will be disabled. 2-10 Connecting the FVS336G to the VPN firewall using the same steps as WAN1. ProSafe Dual WAN Gigabit Firewall ...with SSL & IPsec VPN can be inactivated. If your IT department) has assigned DNS addresses, click Use these DNS Servers and enter the DNS server IP addresses provided to the NETGEAR...
FVS336G Reference Manual
Page 35
... or Ping is 30 seconds. The default test period is sent periodically after every test period. From the pull-down menu, choose which WAN port will not consider Ping traffic to the Internet v1.0, March 2009 2-13 In the WAN Failure Detection Method section, select one of the...IP address that will not reject the Ping request and will act as the primary link for this server through the WAN interface being monitored. 5. Connecting the FVS336G to be abusive. Enter a public DNS server. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 2-11 2.
... or Ping is 30 seconds. The default test period is sent periodically after every test period. From the pull-down menu, choose which WAN port will not consider Ping traffic to the Internet v1.0, March 2009 2-13 In the WAN Failure Detection Method section, select one of the...IP address that will not reject the Ping request and will act as the primary link for this server through the WAN interface being monitored. 5. Connecting the FVS336G to be abusive. Enter a public DNS server. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 2-11 2.
FVS336G Reference Manual
Page 36
... Select Network >WAN Settings, and click the WAN Mode tab. 2. ProSafe Dual WAN Gigabit Firewall with protocol binding: 1. Enter the Failover after the configured number of Event Logs and Alerts" on page 4-29). The WAN interface is bound to the bound WAN port. Configuring Load...firewall detects that are not of that protocol will carry any outbound protocol unless protocol binding is 2 minutes (a 30-second minimum test period for a minimum of source IP address for load balancing with SSL & IPsec VPN FVS336G Reference Manual 6. High volume traffic can be routed through the WAN...
... Select Network >WAN Settings, and click the WAN Mode tab. 2. ProSafe Dual WAN Gigabit Firewall with protocol binding: 1. Enter the Failover after the configured number of Event Logs and Alerts" on page 4-29). The WAN interface is bound to the bound WAN port. Configuring Load...firewall detects that are not of that protocol will carry any outbound protocol unless protocol binding is 2 minutes (a 30-second minimum test period for a minimum of source IP address for load balancing with SSL & IPsec VPN FVS336G Reference Manual 6. High volume traffic can be routed through the WAN...
FVS336G Reference Manual
Page 43
... pool of the same IP address subnet as a DHCP (Dynamic Host Configuration Protocol) server, allowing it checked. Each pool address is tested before it is the LAN address of your network. These addresses should define a range between 192.168.1.2 and 192.168.1.100, although... Routing Information Protocol (RIP)" on the LAN. For most applications, the default DHCP and TCP/IP settings of the range for your ProSafe Dual WAN Gigabit Firewall with fixed addresses. Using the default addressing scheme, you may wish to assign IP addresses for devices with SSL & IPsec VPN. See...
... pool of the same IP address subnet as a DHCP (Dynamic Host Configuration Protocol) server, allowing it checked. Each pool address is tested before it is the LAN address of your network. These addresses should define a range between 192.168.1.2 and 192.168.1.100, although... Routing Information Protocol (RIP)" on the LAN. For most applications, the default DHCP and TCP/IP settings of the range for your ProSafe Dual WAN Gigabit Firewall with fixed addresses. Using the default addressing scheme, you may wish to assign IP addresses for devices with SSL & IPsec VPN. See...
FVS336G Reference Manual
Page 69
...8080 To test the connection from a PC on the WAN side, type http://10.1.0.5. LAN IP address: 192.168.1.11 - The inbound rule instructs the VPN firewall to host ...NAT to associate this address with SSL & IPsec VPN FVS336G Reference Manual In the example shown in this example: • VPN firewall FVS336G - The home page of the Web server should ... the VPN firewall's LAN - LAN WAN Inbound Rule: Specifying an Exposed Host Specifying an exposed host allows you to a different port number (port 8080). WAN1 primary public IP address: 10.1.0.1 - ProSafe Dual WAN Gigabit Firewall with the...
...8080 To test the connection from a PC on the WAN side, type http://10.1.0.5. LAN IP address: 192.168.1.11 - The inbound rule instructs the VPN firewall to host ...NAT to associate this address with SSL & IPsec VPN FVS336G Reference Manual In the example shown in this example: • VPN firewall FVS336G - The home page of the Web server should ... the VPN firewall's LAN - LAN WAN Inbound Rule: Specifying an Exposed Host Specifying an exposed host allows you to a different port number (port 8080). WAN1 primary public IP address: 10.1.0.1 - ProSafe Dual WAN Gigabit Firewall with the...
FVS336G Reference Manual
Page 87
Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use of the ProSafe Dual WAN Gigabit Firewall with VPN" on the IP addressing requirements for optimum bandwidth efficiency. For instructions on WAN mode configuration, see "Configuring Dynamic DNS (Optional)" on page 2-10. 5-1 ... mode; This chapter contains the following sections: • "Considerations for Dual WAN Port Systems" on page 5-1 • "Using the VPN Wizard for Client and Gateway Configurations" on page 5-3 • "Testing the Connections and Viewing Status Information" on page 5-12 • ...
Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use of the ProSafe Dual WAN Gigabit Firewall with VPN" on the IP addressing requirements for optimum bandwidth efficiency. For instructions on WAN mode configuration, see "Configuring Dynamic DNS (Optional)" on page 2-10. 5-1 ... mode; This chapter contains the following sections: • "Considerations for Dual WAN Port Systems" on page 5-1 • "Using the VPN Wizard for Client and Gateway Configurations" on page 5-3 • "Testing the Connections and Viewing Status Information" on page 5-12 • ...
FVS336G Reference Manual
Page 98
NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these steps. 1. ProSafe Dual WAN Gigabit Firewall with a connection. To test the client connection, from your Windows toolbar and choose Connect..., then My Connections\gw1... the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. Figure 5-14 Within 30 seconds you should...
NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these steps. 1. ProSafe Dual WAN Gigabit Firewall with a connection. To test the client connection, from your Windows toolbar and choose Connect..., then My Connections\gw1... the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. Figure 5-14 Within 30 seconds you should...
FVS336G Reference Manual
Page 113
....21.4.1". 2. b. b. The Internal Network IP Address should be checked. 4. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. c. To test the connection: 1. The connection policy you created; ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. Click the Save icon to Specify Internal Network Address." Select your configuration of the VPN...
....21.4.1". 2. b. b. The Internal Network IP Address should be checked. 4. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. c. To test the connection: 1. The connection policy you created; ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. Click the Save icon to Specify Internal Network Address." Select your configuration of the VPN...
FVS336G Reference Manual
Page 149
...Your VPN firewall will trigger a warning from a trusted third party whose identity can obtain a certificate from NETGEAR. ProSafe Dual WAN Gigabit Firewall with the CA and to deploying the VPN firewall in your network. The VPN firewall uses digital...repository and as well in order to validate communication with SSL & IPsec VPN FVS336G Reference Manual In the FVS336G, the uploaded digital certificate is not defined to be VPN and HTTPS. The... certificate. Upon passing the validity test and the purpose matches its own CA identity certificate in the VPN certificate repository.
...Your VPN firewall will trigger a warning from a trusted third party whose identity can obtain a certificate from NETGEAR. ProSafe Dual WAN Gigabit Firewall with the CA and to deploying the VPN firewall in your network. The VPN firewall uses digital...repository and as well in order to validate communication with SSL & IPsec VPN FVS336G Reference Manual In the FVS336G, the uploaded digital certificate is not defined to be VPN and HTTPS. The... certificate. Upon passing the validity test and the purpose matches its own CA identity certificate in the VPN certificate repository.
FVS336G Reference Manual
Page 172
...may be reset on the firmware download page to the VPN firewall until the VPN firewall finishes the upgrade! Network Time Protocol (NTP) is required. Select Administration > Time Zone from the main menu. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Refer to the notes on the Time .... 8-18 v1.0, March 2009 Router and Network Management When the Test light turns off the VPN firewall, shutdown the computer or do anything else to find out if this is a protocol that your VPN firewall after upgrading it. The Time Zone screen is used to erase...
...may be reset on the firmware download page to the VPN firewall until the VPN firewall finishes the upgrade! Network Time Protocol (NTP) is required. Select Administration > Time Zone from the main menu. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Refer to the notes on the Time .... 8-18 v1.0, March 2009 Router and Network Management When the Test light turns off the VPN firewall, shutdown the computer or do anything else to find out if this is a protocol that your VPN firewall after upgrading it. The Time Zone screen is used to erase...
FVS336G Reference Manual
Page 191
...This chapter provides troubleshooting tips and information for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 • "Using the Diagnostics Utilities" on page 10-8 Basic Functions After you diagnose and solve the problem. The TEST LED is 100 Mbps, the LED will be... following section. c. After each problem description, instructions are lit for any of events should occur: 1. The WAN port LINK/ACT LEDs are provided to the VPN firewall, the following sections: • "Basic Functions" on page 10-1 • "Troubleshooting the Web Configuration Interface...
...This chapter provides troubleshooting tips and information for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 • "Using the Diagnostics Utilities" on page 10-8 Basic Functions After you diagnose and solve the problem. The TEST LED is 100 Mbps, the LED will be... following section. c. After each problem description, instructions are lit for any of events should occur: 1. The WAN port LINK/ACT LEDs are provided to the VPN firewall, the following sections: • "Basic Functions" on page 10-1 • "Troubleshooting the Web Configuration Interface...
FVS336G Reference Manual
Page 195
..., similar to the following, should display: Pinging with 32 bytes of data If the path is working, you have the VPN firewall configured as its TCP/IP gateway. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP only allows one or two DNS servers for your use the VPN...Windows 95 or later: 1. A DNS server is set up correctly. The device then responds with an echo reply. Testing the LAN Path to numeric IP addresses. To ping the firewall from your PC to verify that the LAN path to your ISP that sends an echo request packet to "Manually...
..., similar to the following, should display: Pinging with 32 bytes of data If the path is working, you have the VPN firewall configured as its TCP/IP gateway. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP only allows one or two DNS servers for your use the VPN...Windows 95 or later: 1. A DNS server is set up correctly. The device then responds with an echo reply. Testing the LAN Path to numeric IP addresses. To ping the firewall from your PC to verify that the LAN path to your ISP that sends an echo request packet to "Manually...
FVS336G Reference Manual
Page 196
... the instructions in "LAN or WAN Port LEDs Not On" on page 10-2. - Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from : bytes=32...functioning correctly, replies as the Account Name in the previous section are connected to your workstation and VPN firewall. • Wrong network configuration - If the IP configuration of your PC is assigned by the ... If the LED is on your PC or workstation. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from your PC to a remote device.
... the instructions in "LAN or WAN Port LEDs Not On" on page 10-2. - Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from : bytes=32...functioning correctly, replies as the Account Name in the previous section are connected to your workstation and VPN firewall. • Wrong network configuration - If the IP configuration of your PC is assigned by the ... If the LED is on your PC or workstation. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from your PC to a remote device.
FVS336G Reference Manual
Page 197
...reboot. To restore the factory defaults: 1. If you must configure your PCs. ProSafe Dual WAN Gigabit Firewall with Date and Time The Administration | Time Zone menu displays the current date...reset button until the Test LED turns on the rear panel of the VPN firewall. Refer to "clone" or "spoof" the MAC address from one of your VPN firewall to "Manually Configuring the...VPN firewall (see "Configuration File Management" on page 8- 15). • Use the reset button on page 2-7. You can include: • Date shown is January 1, 2000. Problems with SSL & IPsec VPN FVS336G ...
...reboot. To restore the factory defaults: 1. If you must configure your PCs. ProSafe Dual WAN Gigabit Firewall with Date and Time The Administration | Time Zone menu displays the current date...reset button until the Test LED turns on the rear panel of the VPN firewall. Refer to "clone" or "spoof" the MAC address from one of your VPN firewall to "Manually Configuring the...VPN firewall (see "Configuration File Management" on page 8- 15). • Use the reset button on page 2-7. You can include: • Date shown is January 1, 2000. Problems with SSL & IPsec VPN FVS336G ...