FVS336G Reference Manual
Page 1
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10257-04 v1.0
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10257-04 v1.0
FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
FVS336G Reference Manual
Page 14
...-10257-03 1.2 202-10257-04 1.0 October First publication 2007 November Text corrections 2007 June 2008 Updated to the NETGEAR website in personal injury or death. website at http://kbserver.netgear.com/products/FVS336G.asp. ProSafe Dual WAN Gigabit Firewall with router firmware update. March 2009 Adds these corrections and topics for the March 2009 firmware maintenance release: •...
...-10257-03 1.2 202-10257-04 1.0 October First publication 2007 November Text corrections 2007 June 2008 Updated to the NETGEAR website in personal injury or death. website at http://kbserver.netgear.com/products/FVS336G.asp. ProSafe Dual WAN Gigabit Firewall with router firmware update. March 2009 Adds these corrections and topics for the March 2009 firmware maintenance release: •...
FVS336G Reference Manual
Page 16
...repositories. 1-2 Introduction v1.0, March 2009 Dual WAN Ports for Increased Reliability or Outbound Load Balancing The FVS336G has two broadband WAN ports. Supports 25 concurrent IPsec VPN ... for a wide variety of the NETGEAR ProSafe VPN Client software (VPN01L) - Advanced VPN Support for Both IPsec and SSL The VPN firewall supports IPsec and SSL virtual private ... with dual WAN port gateways: • Single or multiple exposed hosts. • Virtual private networks. See "Network Planning for Dual WAN Ports" on the remote computer. - ProSafe Dual WAN Gigabit Firewall with ...
...repositories. 1-2 Introduction v1.0, March 2009 Dual WAN Ports for Increased Reliability or Outbound Load Balancing The FVS336G has two broadband WAN ports. Supports 25 concurrent IPsec VPN ... for a wide variety of the NETGEAR ProSafe VPN Client software (VPN01L) - Advanced VPN Support for Both IPsec and SSL The VPN firewall supports IPsec and SSL virtual private ... with dual WAN port gateways: • Single or multiple exposed hosts. • Virtual private networks. See "Network Planning for Dual WAN Ports" on the remote computer. - ProSafe Dual WAN Gigabit Firewall with ...
FVS336G Reference Manual
Page 19
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • Resource CD, including: - The firewall incorporates built-in the Warranty and Support information card provided with other helpful ...firewall: • Flash memory for MIB2. • Diagnostic Functions. Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • Resource CD, including: - The firewall incorporates built-in the Warranty and Support information card provided with other helpful ...firewall: • Flash memory for MIB2. • Diagnostic Functions. Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G...
FVS336G Reference Manual
Page 20
...no link. 1-6 Introduction v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual If any of each LED is described in case you need to return the firewall for failover. Front Panel Features The ProSafe Dual WAN Gigabit Firewall with a connected Ethernet device. Test mode... parts are incorrect, missing, or damaged, contact your NETGEAR dealer. The LAN port is operating at 100 Mbps. Data is initializing or the initialization has failed. LED Descriptions Object Activity PWR (Power) TEST WAN Ports ACTIVE On (Green) Off On (Amber) Blinking...
...no link. 1-6 Introduction v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual If any of each LED is described in case you need to return the firewall for failover. Front Panel Features The ProSafe Dual WAN Gigabit Firewall with a connected Ethernet device. Test mode... parts are incorrect, missing, or damaged, contact your NETGEAR dealer. The LAN port is operating at 100 Mbps. Data is initializing or the initialization has failed. LED Descriptions Object Activity PWR (Power) TEST WAN Ports ACTIVE On (Green) Off On (Amber) Blinking...
FVS336G Reference Manual
Page 23
... Guide is described in the installation guide. Chapter 2 Connecting the FVS336G to the Internet The initial Internet configuration of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for dual WAN operation). See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at: http://kbserver.netgear.com. 2. You can also select any necessary protocol bindings. Configure...
... Guide is described in the installation guide. Chapter 2 Connecting the FVS336G to the Internet The initial Internet configuration of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN for dual WAN operation). See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at: http://kbserver.netgear.com. 2. You can also select any necessary protocol bindings. Configure...
FVS336G Reference Manual
Page 32
... 2-10 Connecting the FVS336G to the VPN firewall using the same steps as WAN1. Configuring the WAN Mode (Required for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. The ISP will attempt to connect to use a dual WAN mode, click the ... click Logout or proceed to you in the fields. 11. When you intend to the NETGEAR Web site. Review the Domain Name Server (DNS) Servers options. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured on a mutually exclusive basis for either auto-...
... 2-10 Connecting the FVS336G to the VPN firewall using the same steps as WAN1. Configuring the WAN Mode (Required for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. The ISP will attempt to connect to use a dual WAN mode, click the ... click Logout or proceed to you in the fields. 11. When you intend to the NETGEAR Web site. Review the Domain Name Server (DNS) Servers options. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured on a mutually exclusive basis for either auto-...
FVS336G Reference Manual
Page 70
...Note: For security, NETGEAR strongly recommends that you can create an outbound rule to block that application from the range 1024 to 65535 by a service or port number. When a computer on your network. For example, a packet that blocked period. LAN WAN Outbound Rule: Blocking ...of services that you prevent users from the Internet. ProSafe Dual WAN Gigabit Firewall with destination port number 80 is an HTTP (Web server) request. Outbound Rules Example Outbound rules let you avoid creating an exposed host. Although the FVS336G already holds a list of the application. You can...
...Note: For security, NETGEAR strongly recommends that you can create an outbound rule to block that application from the range 1024 to 65535 by a service or port number. When a computer on your network. For example, a packet that blocked period. LAN WAN Outbound Rule: Blocking ...of services that you prevent users from the Internet. ProSafe Dual WAN Gigabit Firewall with destination port number 80 is an HTTP (Web server) request. Outbound Rules Example Outbound rules let you avoid creating an exposed host. Although the FVS336G already holds a list of the application. You can...
FVS336G Reference Manual
Page 74
... on the LAN. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual When blocking is enabled, the VPN firewall will limit the lifetime of partial connections and will be sent to the FVS336G. To disable this service, check this checkbox. - When the victimized system is flooded, it unreachable by NETGEAR" message. 4-18 Firewall Protection and Content Filtering...
... on the LAN. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual When blocking is enabled, the VPN firewall will limit the lifetime of partial connections and will be sent to the FVS336G. To disable this service, check this checkbox. - When the victimized system is flooded, it unreachable by NETGEAR" message. 4-18 Firewall Protection and Content Filtering...
FVS336G Reference Manual
Page 89
... and Gateway Configurations You use the VPN Wizard to set up . ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Using the VPN Wizard for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following scenarios: • Using the...
... and Gateway Configurations You use the VPN Wizard to set up . ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Using the VPN Wizard for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following scenarios: • Using the...
FVS336G Reference Manual
Page 91
...168.10.x. Enter the local LAN IP and Subnet Mask of the remote gateway. Click Apply to save your local WAN address are connecting to another NETGEAR VPN firewall, use the wizard to connect. 8. Both local and remote endpoints should be 192.168.1.x. If this information is not... IPsec VPN FVS336G Reference Manual • Both the remote WAN address and your settings: the VPN Policies page shows the policy is now enabled. For example, if the local subnet is the Fully Qualified Domain Name (FQDN) as either FQDN or IP addresses. ProSafe Dual WAN Gigabit Firewall with IP ...
...168.10.x. Enter the local LAN IP and Subnet Mask of the remote gateway. Click Apply to save your local WAN address are connecting to another NETGEAR VPN firewall, use the wizard to connect. 8. Both local and remote endpoints should be 192.168.1.x. If this information is not... IPsec VPN FVS336G Reference Manual • Both the remote WAN address and your settings: the VPN Policies page shows the policy is now enabled. For example, if the local subnet is the Fully Qualified Domain Name (FQDN) as either FQDN or IP addresses. ProSafe Dual WAN Gigabit Firewall with IP ...
FVS336G Reference Manual
Page 108
... RADIUS server. 7. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The FVS336G is the number of tries the VPN firewall will make to the RADIUS server before giving up. 8. Depending on...
... RADIUS server. 7. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The FVS336G is the number of tries the VPN firewall will make to the RADIUS server before giving up. 8. Depending on...
FVS336G Reference Manual
Page 209
... Navigator. Computer Network Configuration Requirements The FVS336G includes a built-in Appendix B, "Related Documents." NETGEAR recommends using Internet Explorer or Netscape Navigator 5.0 or above. For the initial connection to the Internet and configuration of your firewall, you must provide a standard 10 Mbps (10BASE-T) Ethernet interface. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • You can...
... Navigator. Computer Network Configuration Requirements The FVS336G includes a built-in Appendix B, "Related Documents." NETGEAR recommends using Internet Explorer or Netscape Navigator 5.0 or above. For the initial connection to the Internet and configuration of your firewall, you must provide a standard 10 Mbps (10BASE-T) Ethernet interface. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • You can...
FVS336G Reference Manual
Page 21
... & IPsec VPN. • Resource CD, including: - Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with your use of the VPN firewall: • Flash memory for MIB2. • Diagnostic Functions. The...
... & IPsec VPN. • Resource CD, including: - Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with your use of the VPN firewall: • Flash memory for MIB2. • Diagnostic Functions. The...
FVS336G Reference Manual
Page 27
Configure the Internet connections to your ISPs. During this chapter. See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at: http://kbserver.netgear.com. 2. Log in the installation guide. See "Logging into the VPN Firewall Router" on page 2-2 • "Navigating the Menus" on page 2-4 • "Configuring the Internet Connections" on...
Configure the Internet connections to your ISPs. During this chapter. See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at: http://kbserver.netgear.com. 2. Log in the installation guide. See "Logging into the VPN Firewall Router" on page 2-2 • "Navigating the Menus" on page 2-4 • "Configuring the Internet Connections" on...
FVS336G Reference Manual
Page 112
...PCs are unknown in seconds) to check the connection status of the VPN policy associated with this SA. • State. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN 5-16 Virtual Private Networking Using IPsec v1.2, June 2008 VPN Tunnel Connection Status Recent VPN tunnel...Active IPsec (SA)s table also lists current data for the VPN tunnel. The default setting using : • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Auth. The name of all active IKE Policies to be connected, an additional policy or ...
...PCs are unknown in seconds) to check the connection status of the VPN policy associated with this SA. • State. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN 5-16 Virtual Private Networking Using IPsec v1.2, June 2008 VPN Tunnel Connection Status Recent VPN tunnel...Active IPsec (SA)s table also lists current data for the VPN tunnel. The default setting using : • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Auth. The name of all active IKE Policies to be connected, an additional policy or ...
FVS336G Reference Manual
Page 119
...: 172.21.4.1 - Enable a Backup RADIUS Server (if required). 6. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. This is configured on the individual IKE policy screens. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN -
...: 172.21.4.1 - Enable a Backup RADIUS Server (if required). 6. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. This is configured on the individual IKE policy screens. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN -
FVS336G Reference Manual
Page 219
... such as the one provided with DHCP configuration, please refer to the link in the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. NETGEAR recommends using Internet Explorer or Netscape Navigator 5.0 or above. Network Planning for your cable or DSL modems..., and setting MTU size, port speed, and upload bandwidth. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • The VPN firewall is set to automatically get its TCP/IP configuration from the firewall via DHCP. You are readily available for Windows, Macintosh, or...
... such as the one provided with DHCP configuration, please refer to the link in the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. NETGEAR recommends using Internet Explorer or Netscape Navigator 5.0 or above. Network Planning for your cable or DSL modems..., and setting MTU size, port speed, and upload bandwidth. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • The VPN firewall is set to automatically get its TCP/IP configuration from the firewall via DHCP. You are readily available for Windows, Macintosh, or...