FVX538 Reference Manual
Page 16
...-10062-07 1.0 202-10062-09 1.0 Aug. 2006 Product update: New firmware and a new user interface. IKE Keep Alive; Jan. 2007 Remove Trend Micro Jul. 2007 New features: IP/MAC Binding; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. website at http://kbserver.netgear.com/products/FVX538.asp. Session Limits; Dead Peer Detection; Oray Support...
...-10062-07 1.0 202-10062-09 1.0 Aug. 2006 Product update: New firmware and a new user interface. IKE Keep Alive; Jan. 2007 Remove Trend Micro Jul. 2007 New features: IP/MAC Binding; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. website at http://kbserver.netgear.com/products/FVX538.asp. Session Limits; Dead Peer Detection; Oray Support...
FVX538 Reference Manual
Page 34
.... all traffic except E-mail - Traffic by Protocol Click this option, you have not enabled the Traffic Meter, these statistics are updated in order for maximum bandwidth efficiency). • Auto-Rollover Mode. Check the checkbox and enter the desired increase. (The checkbox will... Use this function to know more details of the Specific Time month. The volume of the month. before restarting the counter. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. In this mode, the selected WAN interface is made primary and the other traffic will be blocked. ...
.... all traffic except E-mail - Traffic by Protocol Click this option, you have not enabled the Traffic Meter, these statistics are updated in order for maximum bandwidth efficiency). • Auto-Rollover Mode. Check the checkbox and enter the desired increase. (The checkbox will... Use this function to know more details of the Specific Time month. The volume of the month. before restarting the counter. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. In this mode, the selected WAN interface is made primary and the other traffic will be blocked. ...
FVX538 Reference Manual
Page 52
...must to update this IP address will be added to DHCP requests from the router will be edited manually for easier management. If a computer is be appended to the name. • IP Address: The current IP address of the computer. ProSafe VPN Firewall 200 FVX538 Reference Manual... Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is strongly recommended. • Scanning the Network: The router also scans the local network periodically using ...
...must to update this IP address will be added to DHCP requests from the router will be edited manually for easier management. If a computer is be appended to the name. • IP Address: The current IP address of the computer. ProSafe VPN Firewall 200 FVX538 Reference Manual... Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is strongly recommended. • Scanning the Network: The router also scans the local network periodically using ...
FVX538 Reference Manual
Page 102
... log to save your settings. Refer to retrieve the latest update; The IP address of the log by clicking send log. 3. The Logs screen will display. 2. Log entries are described in Table 4-4. Firewall Log Field Descriptions Field Date and Time Description or Action Source...type of event and what action was recorded. Figure 4-25 Table 4-4. Click Apply to delete all entries. ProSafe VPN Firewall 200 FVX538 Reference Manual 11. Click on the View Log icon opposite the Firewall Logs & E-mail tab. Click refresh log to Appendix C, "System Logs and Error Messages" for this log...
... log to save your settings. Refer to retrieve the latest update; The IP address of the log by clicking send log. 3. The Logs screen will display. 2. Log entries are described in Table 4-4. Firewall Log Field Descriptions Field Date and Time Description or Action Source...type of event and what action was recorded. Figure 4-25 Table 4-4. Click Apply to delete all entries. ProSafe VPN Firewall 200 FVX538 Reference Manual 11. Click on the View Log icon opposite the Firewall Logs & E-mail tab. Click refresh log to Appendix C, "System Logs and Error Messages" for this log...
FVX538 Reference Manual
Page 108
ProSafe VPN Firewall 200 FVX538 Reference Manual 1. To view the wizard default settings, click the VPN Default values link. Note: If you are using a dual WAN rollover configuration, after completing the wizard. • Gateway connection • Connection name... IP Addresses or Internet Names of 8 characters and should not exceed 49 characters. 5. Create a Connection Name. The key must manually update the VPN policy to enable VPN rollover. Choose which will not set to use as your connection type. 3. Enter a descriptive name for the connection. Select Gateway as...
ProSafe VPN Firewall 200 FVX538 Reference Manual 1. To view the wizard default settings, click the VPN Default values link. Note: If you are using a dual WAN rollover configuration, after completing the wizard. • Gateway connection • Connection name... IP Addresses or Internet Names of 8 characters and should not exceed 49 characters. 5. Create a Connection Name. The key must manually update the VPN policy to enable VPN rollover. Choose which will not set to use as your connection type. 3. Enter a descriptive name for the connection. Select Gateway as...
FVX538 Reference Manual
Page 110
...the gateway. • Configure the VPN client to connect to an appropriately short time. Figure 5-6 The tunnel will automatically establish when both firewalls are appropriately configured and enabled, Note: When using FQDN, if the dynamic DNS service is slow to update their servers when your DHCP WAN... address changes, the VPN tunnel will fail because the FQDN does not resolve to display the status of your new address. ProSafe VPN Firewall 200 FVX538 Reference Manual After both the local and target gateway ...
...the gateway. • Configure the VPN client to connect to an appropriately short time. Figure 5-6 The tunnel will automatically establish when both firewalls are appropriately configured and enabled, Note: When using FQDN, if the dynamic DNS service is slow to update their servers when your DHCP WAN... address changes, the VPN tunnel will fail because the FQDN does not resolve to display the status of your new address. ProSafe VPN Firewall 200 FVX538 Reference Manual After both the local and target gateway ...
FVX538 Reference Manual
Page 126
... track all of "Waiting for the requested data, copy the data from the CA, you have been revoked, and are updated by their own CRLs. Start the Self Certificate request procedure. 3. Uploading a Trusted Certificate After obtaining a new Certificate from your... Requests section. 2. Certificates are no problems ensue, the Certificate will be issued. Managing your certificate has not been revoked. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. When prompted for Certificate upload" To submit your new certificate: 1. Select the file name in the Active ...
... track all of "Waiting for the requested data, copy the data from the CA, you have been revoked, and are updated by their own CRLs. Start the Self Certificate request procedure. 3. Uploading a Trusted Certificate After obtaining a new Certificate from your... Requests section. 2. Certificates are no problems ensue, the Certificate will be issued. Managing your certificate has not been revoked. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. When prompted for Certificate upload" To submit your new certificate: 1. Select the file name in the Active ...
FVX538 Reference Manual
Page 127
... downloaded from the user, and a local User Database or an external authentication server, such as a VPN concentrator where one or more convenient for the VPN gateway router to upload" field. The name will appear in the "File to authenticate users from the same CA...it should now be released. ProSafe VPN Firewall 200 FVX538 Reference Manual • CA Identify - From the main menu under VPN, select Certificates. Click Back to return to the CRL: 1. Two types of the CA which issued this CRL was released. • Next Update - Select the Certificate Identify file...
... downloaded from the user, and a local User Database or an external authentication server, such as a VPN concentrator where one or more convenient for the VPN gateway router to upload" field. The name will appear in the "File to authenticate users from the same CA...it should now be released. ProSafe VPN Firewall 200 FVX538 Reference Manual • CA Identify - From the main menu under VPN, select Certificates. Click Back to return to the CRL: 1. Two types of the CA which issued this CRL was released. • Next Update - Select the Certificate Identify file...
FVX538 Reference Manual
Page 161
...be input on the Internet. To set Time, Date and NTP servers: 1. Select a NTP Server option by contacting a Default Netgear NTP Server on the Time Zone screen. Select Administration from the main menu and Settings Backup and Firmware Upgrade from the submenu....(Real-Time Clock) is updated regularly by checking one of the following radio boxes: • Use Default NTP Servers: If this is required in the Router Upgrade section. 3. Router and Network Management v1.0, March 2009 6-19 ProSafe VPN Firewall 200 FVX538 Reference Manual To upgrade router software: 1. From the Date...
...be input on the Internet. To set Time, Date and NTP servers: 1. Select a NTP Server option by contacting a Default Netgear NTP Server on the Time Zone screen. Select Administration from the main menu and Settings Backup and Firmware Upgrade from the submenu....(Real-Time Clock) is updated regularly by checking one of the following radio boxes: • Use Default NTP Servers: If this is required in the Router Upgrade section. 3. Router and Network Management v1.0, March 2009 6-19 ProSafe VPN Firewall 200 FVX538 Reference Manual To upgrade router software: 1. From the Date...
FVX538 Reference Manual
Page 163
...Figure 6-7 Router and Network Management v1.0, March 2009 6-21 Click this button to display Internet Traffic details. An e-mail can be displayed in MBytes scale and the counter starts only when traffic passed is programmed separately. ProSafe VPN Firewall 200 FVX538 Reference Manual ...• Internet Traffic Statistics - Displays statistics on Internet Traffic via the WAN port. Traffic counters are not available. • Traffic by Protocol - If you have not enabled the Traffic Meter, these statistics are updated in...
...Figure 6-7 Router and Network Management v1.0, March 2009 6-21 Click this button to display Internet Traffic details. An e-mail can be displayed in MBytes scale and the counter starts only when traffic passed is programmed separately. ProSafe VPN Firewall 200 FVX538 Reference Manual ...• Internet Traffic Statistics - Displays statistics on Internet Traffic via the WAN port. Traffic counters are not available. • Traffic by Protocol - If you have not enabled the Traffic Meter, these statistics are updated in...
FVX538 Reference Manual
Page 209
...20:44 [FVX538] [wand] [FW] Firewall Restarted Log generated when the firewall is restarted. None System Logs and Error Messages C-3 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-4. System Logs: NTP (continued) Explanation Recommended Action Message1: DNS resolution for the NTP server (time-f.netgear.com) Message2:... user admin from host with IP address 192.168.10.10 None Nov 28 14:55:09 [FVX538] [seclogin] Logout succeeded for NTP update from host with IP address 192.168.1.214. System Logs: Login/Logout Message Explanation Recommended Action Message...
...20:44 [FVX538] [wand] [FW] Firewall Restarted Log generated when the firewall is restarted. None System Logs and Error Messages C-3 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-4. System Logs: NTP (continued) Explanation Recommended Action Message1: DNS resolution for the NTP server (time-f.netgear.com) Message2:... user admin from host with IP address 192.168.10.10 None Nov 28 14:55:09 [FVX538] [seclogin] Logout succeeded for NTP update from host with IP address 192.168.1.214. System Logs: Login/Logout Message Explanation Recommended Action Message...
FVX538 Reference Manual
Page 14
... the full NETGEAR, Inc. ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. Your computer must have the free Adobe Acrobat reader installed in the manual. •A button to Print this Manual To print this manual includes the following specifications: Product Version Manual Publication Date ProSafe VPN Firewall 200 August 2006 For more information about network, Internet, firewall, and VPN technologies, see...
... the full NETGEAR, Inc. ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. Your computer must have the free Adobe Acrobat reader installed in the manual. •A button to Print this Manual To print this manual includes the following specifications: Product Version Manual Publication Date ProSafe VPN Firewall 200 August 2006 For more information about network, Internet, firewall, and VPN technologies, see...
FVX538 Reference Manual
Page 15
... the Complete Manual. Revision History Part Number Version Number Description 202-10062-04 1.0 Product update: New firmware and a new user interface. Printing a PDF version of paper, you can save paper and printer ink by selecting this feature. ProSafe VPN Firewall 200 FVX538 Reference Manual • Click the PDF of This Chapter link at the top left...
... the Complete Manual. Revision History Part Number Version Number Description 202-10062-04 1.0 Product update: New firmware and a new user interface. Printing a PDF version of paper, you can save paper and printer ink by selecting this feature. ProSafe VPN Firewall 200 FVX538 Reference Manual • Click the PDF of This Chapter link at the top left...
FVX538 Reference Manual
Page 20
...ProSafe VPN Firewall 200 within minutes after connecting it to run a login program such as EnterNet or WinPOET on your local network, you can have the Trend Micro OfficeScan client installed and updated... with current pattern files installed. • Both products are specified, the firewall provides its use of an inexpensive single-user ISP account. • Automatic Configuration of PCs on your NETGEAR VPN Firewall to enforce antivirus policies - The VPN firewall...ProSafe VPN Firewall 200 FVX538 Reference Manual • IP Address Sharing by simulating a dial-up connection.
...ProSafe VPN Firewall 200 within minutes after connecting it to run a login program such as EnterNet or WinPOET on your local network, you can have the Trend Micro OfficeScan client installed and updated... with current pattern files installed. • Both products are specified, the firewall provides its use of an inexpensive single-user ISP account. • Automatic Configuration of PCs on your NETGEAR VPN Firewall to enforce antivirus policies - The VPN firewall...ProSafe VPN Firewall 200 FVX538 Reference Manual • IP Address Sharing by simulating a dial-up connection.
FVX538 Reference Manual
Page 37
ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. If this is selected specified restriction will be applied ... the checkbox and enter the desired increase. (The checkbox will be displayed in a sub-window.Traffic counters are updated in MBytes scale, counter starts only when traffic passed is only applied once.) This month's limit This displays the... limit for this link if you wish to know more details of Internet traffic passing through the Router's WAN1 or WAN2 port. Send E-mail Report If checked, an E-mail report will automatically be applied to and...
ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. If this is selected specified restriction will be applied ... the checkbox and enter the desired increase. (The checkbox will be displayed in a sub-window.Traffic counters are updated in MBytes scale, counter starts only when traffic passed is only applied once.) This month's limit This displays the... limit for this link if you wish to know more details of Internet traffic passing through the Router's WAN1 or WAN2 port. Send E-mail Report If checked, an E-mail report will automatically be applied to and...
FVX538 Reference Manual
Page 55
...Groups from the Group pull-down menu, select Reserved (DHCP Client) to direct the router to identify each PC, users cannot avoid these restrictions by changing their IP address.... you can edit the entry manually to update this will be outside the range of Traffic" on page 4-25). - For each Group using the Firewall Rules screen (see "Enabling Source MAC ... Sites (Content Filtering)" on page 4-1). - You can be appended by clicking Edit. ProSafe VPN Firewall 200 FVX538 Reference Manual - Hence, changing a computer's IP address does not affect any restrictions applied...
...Groups from the Group pull-down menu, select Reserved (DHCP Client) to direct the router to identify each PC, users cannot avoid these restrictions by changing their IP address.... you can edit the entry manually to update this will be outside the range of Traffic" on page 4-25). - For each Group using the Firewall Rules screen (see "Enabling Source MAC ... Sites (Content Filtering)" on page 4-1). - You can be appended by clicking Edit. ProSafe VPN Firewall 200 FVX538 Reference Manual - Hence, changing a computer's IP address does not affect any restrictions applied...
FVX538 Reference Manual
Page 64
...display. 2. Enter the IP address of the PCs to be allowed web access unless they have the Trend Micro OfficeScan client installed and updated with the latest virus definitions. Then enter the 5-digit port number used for communications between the Office Scan clients and the server in the... Security from the main menu and Trend Micro from the submenu. The Trend Micro screen will appear in the Host Exclusion List table. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual will not be excluded in the Add Host table and then click Add. To enable Trend Micro: 1. Enter the Office Scan ...
...display. 2. Enter the IP address of the PCs to be allowed web access unless they have the Trend Micro OfficeScan client installed and updated with the latest virus definitions. Then enter the 5-digit port number used for communications between the Office Scan clients and the server in the... Security from the main menu and Trend Micro from the submenu. The Trend Micro screen will appear in the Host Exclusion List table. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual will not be excluded in the Add Host table and then click Add. To enable Trend Micro: 1. Enter the Office Scan ...
FVX538 Reference Manual
Page 100
Click on the View Log icon opposite the Firewall Logs & E-mail tab. If the E-mail Logs options as been enabled, you can send a copy of the log by clicking send log. 3. SysLog ...Informational: Informational messages 7 Debug: Debug level messages To view the Firewall logs: 1. and click clear log to retrieve the latest update; Log entries are described in Table 4-4. Figure 4-22 4-34 Firewall Protection and Content Filtering v1.0, August 2006 The Logs screen will display. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-3. Click refresh log to delete all entries.
Click on the View Log icon opposite the Firewall Logs & E-mail tab. If the E-mail Logs options as been enabled, you can send a copy of the log by clicking send log. 3. SysLog ...Informational: Informational messages 7 Debug: Debug level messages To view the Firewall logs: 1. and click clear log to retrieve the latest update; Log entries are described in Table 4-4. Figure 4-22 4-34 Firewall Protection and Content Filtering v1.0, August 2006 The Logs screen will display. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-3. Click refresh log to delete all entries.
FVX538 Reference Manual
Page 132
Submit the CA form. From the main menu, under VPN, select Certificates. Click Browse, and locate the certificate file on a regular basis. Scroll back to the Self Certificate Requests section. 2. Certificates are no problems ensue...CRL table lists your CRLs up-to this device. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. Copy the contents of the Data to supply to a CA: 1. If no longer valid. Uploading a Trusted Certificate After obtaining a new Certificate from your CAs, you have been revoked, and are updated by their issuing CA authority on your Request details...
Submit the CA form. From the main menu, under VPN, select Certificates. Click Browse, and locate the certificate file on a regular basis. Scroll back to the Self Certificate Requests section. 2. Certificates are no problems ensue...CRL table lists your CRLs up-to this device. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. Copy the contents of the Data to supply to a CA: 1. If no longer valid. Uploading a Trusted Certificate After obtaining a new Certificate from your CAs, you have been revoked, and are updated by their issuing CA authority on your Request details...
FVX538 Reference Manual
Page 133
ProSafe VPN Firewall 200 FVX538 Reference Manual • CA Identify - The date when this CRL. • Last Update - Select the Certificate Identify file. If you have a previous CA Identity from the user, and a local User Database or an external authentication server, such as a VPN concentrator where one or ... Private Networking v1.0, August 2006 5-31 Figure 5-25 Extended Authentication (XAUTH) Configuration When connecting many VPN clients to a VPN gateway router, an administrator may want a unique user authentication method beyond relying on a single common preshared key for the...
ProSafe VPN Firewall 200 FVX538 Reference Manual • CA Identify - The date when this CRL. • Last Update - Select the Certificate Identify file. If you have a previous CA Identity from the user, and a local User Database or an external authentication server, such as a VPN concentrator where one or ... Private Networking v1.0, August 2006 5-31 Figure 5-25 Extended Authentication (XAUTH) Configuration When connecting many VPN clients to a VPN gateway router, an administrator may want a unique user authentication method beyond relying on a single common preshared key for the...