FVX538 Reference Manual
Page 7
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the...
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
... Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic to Dual WAN Port Systems B-8 Inbound Traffic: Dual WAN Ports for Improved Reliability B-9 Inbound Traffic: Dual WAN Ports for Load Balancing B-9 Virtual Private Networks (VPNs B-10 VPN Road Warrior (Client-to -Gateway Through a NAT Router B-17 VPN Telecommuter: Single...
... Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic to Dual WAN Port Systems B-8 Inbound Traffic: Dual WAN Ports for Improved Reliability B-9 Inbound Traffic: Dual WAN Ports for Load Balancing B-9 Virtual Private Networks (VPNs B-10 VPN Road Warrior (Client-to -Gateway Through a NAT Router B-17 VPN Telecommuter: Single...
FVX538 Reference Manual
Page 17
...8226; "Router Front and Rear Panels" on page 1-6 • "The Router's IP Address, Login Name, and Password" on time-of-day, Website addresses and address keywords. Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client ...software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and multimedia. • Built-in 10/100 Mbps ports plus browsing activity reporting and instant alerts-both via e-mail. The FVX538...
...8226; "Router Front and Rear Panels" on page 1-6 • "The Router's IP Address, Login Name, and Password" on time-of-day, Website addresses and address keywords. Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client ...software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and multimedia. • Built-in 10/100 Mbps ports plus browsing activity reporting and instant alerts-both via e-mail. The FVX538...
FVX538 Reference Manual
Page 18
... Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you are never disconnected. • Load balance, or use both Internet lines simultaneously for the outgoing traffic. Blocks access from the Internet to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). •...
... Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you are never disconnected. • Load balance, or use both Internet lines simultaneously for the outgoing traffic. Blocks access from the Internet to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). •...
FVX538 Reference Manual
Page 20
... from an SNMP-compliant system manager. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of personal computer, such as a DNS server to the attached PCs. The VPN firewall dynamically assigns network configuration information, including IP,...type of Internet connection, asking you change the system variables for your PC. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP).
... from an SNMP-compliant system manager. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of personal computer, such as a DNS server to the attached PCs. The VPN firewall dynamically assigns network configuration information, including IP,...type of Internet connection, asking you change the system variables for your PC. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP).
FVX538 Reference Manual
Page 22
... initialization has failed. The WAN port is being used because the port is not supplied to defaults). The system has booted successfully. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes each item...
... initialization has failed. The WAN port is being used because the port is not supplied to defaults). The system has booted successfully. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes each item...
FVX538 Reference Manual
Page 25
... Figure 1-5 Once the login screen displays, enter admin for the User Name and the password for Password. ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to... Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1.
... Figure 1-5 Once the login screen displays, enter admin for the User Name and the password for Password. ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to... Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1.
FVX538 Reference Manual
Page 29
...Server IP address; If Auto Detect does not find a connection, you will be prompted to check the physical connection between your firewall and the cable or DSL line or to check your ISP. Click WAN Status at the top right of the screen to...Username, Password); ProSafe VPN Firewall 200 FVX538 Reference Manual When Auto Detect successfully detects an active Internet service, it reports which connection type it discovered. Static IP address, Subnet, and Gateway IP; Table 2-1. No data is required. and related data supplied by your Router's MAC address (see "Setting the Router's MAC Address"...
...Server IP address; If Auto Detect does not find a connection, you will be prompted to check the physical connection between your firewall and the cable or DSL line or to check your ISP. Click WAN Status at the top right of the screen to...Username, Password); ProSafe VPN Firewall 200 FVX538 Reference Manual When Auto Detect successfully detects an active Internet service, it reports which connection type it discovered. Static IP address, Subnet, and Gateway IP; Table 2-1. No data is required. and related data supplied by your Router's MAC address (see "Setting the Router's MAC Address"...
FVX538 Reference Manual
Page 30
ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Does your WAN1 ISP Settings: 1. Set up the traffic meter for WAN2 ISP, if desired. The configure the WAN2 ISP settings: 1. Start by clicking the WAN Status link. 2. Next click Auto Detect on page 2-6. Set up the parameters for WAN2 ISP. Setting the router...to the Internet v1.0, March 2009 To manually configure your Internet connection require a login? Otherwise, select No. 2-4 Connecting the FVX538 to set to a Ping from your ISP, then you connect to the Internet through the Advanced options on page 2-6. But ...
ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Does your WAN1 ISP Settings: 1. Set up the traffic meter for WAN2 ISP, if desired. The configure the WAN2 ISP settings: 1. Start by clicking the WAN Status link. 2. Next click Auto Detect on page 2-6. Set up the parameters for WAN2 ISP. Setting the router...to the Internet v1.0, March 2009 To manually configure your Internet connection require a login? Otherwise, select No. 2-4 Connecting the FVX538 to set to a Ping from your ISP, then you connect to the Internet through the Advanced options on page 2-6. But ...
FVX538 Reference Manual
Page 31
... Name: Name of minutes to make the connection with the ISP server. - ProSafe VPN Firewall 200 FVX538 Reference Manual 2. Account Name (also known as WinPoET or Enternet, then your ISP charges you based on the connection that require data entry will identify the router to the Internet 2-5 v1.0, March 2009 This is idle for the PPPoE...
... Name: Name of minutes to make the connection with the ISP server. - ProSafe VPN Firewall 200 FVX538 Reference Manual 2. Account Name (also known as WinPoET or Enternet, then your ISP charges you based on the connection that require data entry will identify the router to the Internet 2-5 v1.0, March 2009 This is idle for the PPPoE...
FVX538 Reference Manual
Page 32
...box. Fill out the information described in the fields. Note: Domain Name Servers (DNS) convert Internet names such as www.google.com, www.netgear.com, etc. Click Reset to discard any Domain Name Servers (DNS) addresses, select the Get dynamically from the secondary menu. If you ...an ISP charges by traffic volume over a given period of time. ProSafe VPN Firewall 200 FVX538 Reference Manual If your settings work, then you may cause connectivity issues. If your ISP has not assigned any changes and revert to the router using DHCP network protocol. 4. Ensure that you fill in valid DNS...
...box. Fill out the information described in the fields. Note: Domain Name Servers (DNS) convert Internet names such as www.google.com, www.netgear.com, etc. Click Reset to discard any Domain Name Servers (DNS) addresses, select the Get dynamically from the secondary menu. If you ...an ISP charges by traffic volume over a given period of time. ProSafe VPN Firewall 200 FVX538 Reference Manual If your settings work, then you may cause connectivity issues. If your ISP has not assigned any changes and revert to the router using DHCP network protocol. 4. Ensure that you fill in valid DNS...
FVX538 Reference Manual
Page 33
Connecting the FVX538 to apply the settings. Select the WAN2 Traffic Meter tab and repeat steps 1 through the Router's WAN1 or WAN2 port. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this is selected specified restriction..., enter the monthly volume limit and select the desired behavior when the limit is specific to the incoming traffic only • Both Directions - ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-3 2. Table 2-2. Click Apply to the Internet 2-7 v1.0, March 2009 WAN1 or WAN2 can be applied to each wan interface...
Connecting the FVX538 to apply the settings. Select the WAN2 Traffic Meter tab and repeat steps 1 through the Router's WAN1 or WAN2 port. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this is selected specified restriction..., enter the monthly volume limit and select the desired behavior when the limit is specific to the incoming traffic only • Both Directions - ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-3 2. Table 2-2. Click Apply to the Internet 2-7 v1.0, March 2009 WAN1 or WAN2 can be applied to each wan interface...
FVX538 Reference Manual
Page 35
... Classical Routing. PCs on your LAN to support Auto-Rollover. Otherwise, selecting this method will not allow Internet access through this mode, the Router performs Routing, but without NAT. If your LAN) to receive any private IP address range, and these addresses to each PC on your LAN...) or look at the LEDs on the front panel (see "Router Front and Rear Panels" on your ISP has allocated many IP addresses to you, and you have assigned one of these IP addresses are functional. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to use a redundant ISP link for...
... Classical Routing. PCs on your LAN to support Auto-Rollover. Otherwise, selecting this method will not allow Internet access through this mode, the Router performs Routing, but without NAT. If your LAN) to receive any private IP address range, and these addresses to each PC on your LAN...) or look at the LEDs on the front panel (see "Router Front and Rear Panels" on your ISP has allocated many IP addresses to you, and you have assigned one of these IP addresses are functional. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to use a redundant ISP link for...
FVX538 Reference Manual
Page 36
...to Your ISPs" on page 2-2). • DNS lookup using DNS queries to a DNS server, or • By a Ping to detect router status. For each WAN interface, DNS queries or Ping requests are sent to this server through the WAN interface being monitored. • Ping... sent to this server through the WAN interface being monitored. 5. DNS query is 30 seconds. 2-10 Connecting the FVX538 to the specified IP address. ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is configured in one of the following ways: • By using this DNS Server (for example, a public ...
...to Your ISPs" on page 2-2). • DNS lookup using DNS queries to a DNS server, or • By a Ping to detect router status. For each WAN interface, DNS queries or Ping requests are sent to this server through the WAN interface being monitored. • Ping... sent to this server through the WAN interface being monitored. 5. DNS query is 30 seconds. 2-10 Connecting the FVX538 to the specified IP address. ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is configured in one of the following ways: • By using this DNS Server (for example, a public ...
FVX538 Reference Manual
Page 38
... configured for load balancing with protocol binding: 1. Check the Load Balancing radio button on the LAN through the WAN2 port. ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing To use WAN2 for specified traffic. All HTTP traffic will automatically channel FTP data from and... above, and click view protocol bindings (if protocol binding is bound to WAN2, then the router will be used to use multiple ISP links simultaneously, select Load Balancing. Note: NETGEAR recommends that are not of the same speed. Figure 2-5 2. The WAN1 Protocol Bindings screen...
... configured for load balancing with protocol binding: 1. Check the Load Balancing radio button on the LAN through the WAN2 port. ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing To use WAN2 for specified traffic. All HTTP traffic will automatically channel FTP data from and... above, and click view protocol bindings (if protocol binding is bound to WAN2, then the router will be used to use multiple ISP links simultaneously, select Load Balancing. Note: NETGEAR recommends that are not of the same speed. Figure 2-5 2. The WAN1 Protocol Bindings screen...
FVX538 Reference Manual
Page 40
...the Protocol Binding table. 5. If your convenience on the Dynamic DNS Configuration screen.) The VPN firewall firmware includes software that allows routers with your Internet account uses a dynamically assigned IP address, you must setup an account with... a DDNS provider such as DynDNS.org, TZO.com, or Oray.net. (Links to the Internet v1.0, March 2009 Modify the parameters for your network has a permanently assigned IP address, you selected. 4. ProSafe VPN Firewall 200 FVX538...
...the Protocol Binding table. 5. If your convenience on the Dynamic DNS Configuration screen.) The VPN firewall firmware includes software that allows routers with your Internet account uses a dynamically assigned IP address, you must setup an account with... a DDNS provider such as DynDNS.org, TZO.com, or Oray.net. (Links to the Internet v1.0, March 2009 Modify the parameters for your network has a permanently assigned IP address, you selected. 4. ProSafe VPN Firewall 200 FVX538...
FVX538 Reference Manual
Page 44
...) address. If you cannot establish an Internet connection and the Internet LED blinks continuously, you need full duplex. • Router's MAC Address - ProSafe VPN Firewall 200 FVX538 Reference Manual • Port Speed - In most cases, your ISP expects. otherwise, select 10M. The default is the default.... If you are sure you may have the router use the MAC address of the Internet (WAN) port. Use this ...
...) address. If you cannot establish an Internet connection and the Internet LED blinks continuously, you need full duplex. • Router's MAC Address - ProSafe VPN Firewall 200 FVX538 Reference Manual • Port Speed - In most cases, your ISP expects. otherwise, select 10M. The default is the default.... If you are sure you may have the router use the MAC address of the Internet (WAN) port. Use this ...
FVX538 Reference Manual
Page 46
...LAN IP services such as DHCP and allows you have no configured DHCP Relay Agent, your clients would only be sent over routers that enables DHCP clients to obtain IP addresses from the DHCP server which is therefore the routing protocol that do not support ...IP. These are suitable for a DHCP server somewhere else on the local subnet. ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you will not use the FVX538 as a DHCP server but rather as configured in the WAN settings page). When disabled...
...LAN IP services such as DHCP and allows you have no configured DHCP Relay Agent, your clients would only be sent over routers that enables DHCP clients to obtain IP addresses from the DHCP server which is therefore the routing protocol that do not support ...IP. These are suitable for a DHCP server somewhere else on the local subnet. ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you will not use the FVX538 as a DHCP server but rather as configured in the WAN settings page). When disabled...