FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-7 Setting Up Address Reservation 3-9 Configuring and Enabling the DMZ ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-7 Setting Up Address Reservation 3-9 Configuring and Enabling the DMZ ...
FVX538 Reference Manual
Page 18
...• Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of Death, SYN Flood, LAND Attack, ...from the Internet to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive ...
...• Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of Death, SYN Flood, LAND Attack, ...from the Internet to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive ...
FVX538 Reference Manual
Page 20
... NAT. A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS addresses are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to "Internet ...(SNMP) to let you change the system variables for connecting remote hosts to the network. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). The...
... NAT. A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS addresses are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to "Internet ...(SNMP) to let you change the system variables for connecting remote hosts to the network. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). The...
FVX538 Reference Manual
Page 40
.... However, if your Internet account uses a dynamically assigned IP address, you must setup an account with your convenience on this network can register a domain name and have...Dynamic DNS (If Needed) Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to DynDNS, TZO, and Oray are provided for the...on the Dynamic DNS Configuration screen.) The VPN firewall firmware includes software that notifies dynamic DNS servers of changes in the Protocol Binding table. 5. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-6 3. The modified ...
.... However, if your Internet account uses a dynamically assigned IP address, you must setup an account with your convenience on this network can register a domain name and have...Dynamic DNS (If Needed) Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to DynDNS, TZO, and Oray are provided for the...on the Dynamic DNS Configuration screen.) The VPN firewall firmware includes software that notifies dynamic DNS servers of changes in the Protocol Binding table. 5. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-6 3. The modified ...
FVX538 Reference Manual
Page 46
...is on the local subnet. DHCP Relay options allow you have no configured DHCP Relay Agent, your clients would only be sent over routers that enables DHCP clients to obtain IP addresses from a DHCP server on your DHCP server. To enable clients to obtain IP addresses from... when the DNS proxy is not located on the same subnet. ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you to configure a secondary or "multi-home" LAN IP setup in the LAN. All DHCP clients will receive the DNS IP addresses...
...is on the local subnet. DHCP Relay options allow you have no configured DHCP Relay Agent, your clients would only be sent over routers that enables DHCP clients to obtain IP addresses from a DHCP server on your DHCP server. To enable clients to obtain IP addresses from... when the DNS proxy is not located on the same subnet. ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you to configure a secondary or "multi-home" LAN IP setup in the LAN. All DHCP clients will receive the DNS IP addresses...
FVX538 Reference Manual
Page 47
ProSafe VPN Firewall 200 FVX538 Reference Manual 1. Select Network Configuration from the primary menu and LAN Setup from the submenu. Enter the IP Address of the router (this is optional). Your router will function as the subnet mask (computed by the router). 4. Check the Enable DHCP Server radio button. By default, the router... you will display. Enable DHCP Server is selected, enter the following parameters: a. The LAN Setup screen will manually configure all computers connected to the router's LAN. Enter the Domain Name of your network will be the DHCP server, or if you...
ProSafe VPN Firewall 200 FVX538 Reference Manual 1. Select Network Configuration from the primary menu and LAN Setup from the submenu. Enter the IP Address of the router (this is optional). Your router will function as the subnet mask (computed by the router). 4. Check the Enable DHCP Server radio button. By default, the router... you will display. Enable DHCP Server is selected, enter the following parameters: a. The LAN Setup screen will manually configure all computers connected to the router's LAN. Enter the Domain Name of your network will be the DHCP server, or if you...
FVX538 Reference Manual
Page 48
...the Enable LDAP Information checkbox and fill in the IP address pool. ProSafe VPN Firewall 200 FVX538 Reference Manual b. This address specifies the first of the contiguous addresses in ... and log in LAN TCP/IP Setup section). Secondary DNS Server. (Optional) If an IP address is specified, the VPN firewall will provide its own LAN IP ...address as the secondary DNS server IP address. This box can specify the Windows NetBios Server IP if one is the default start address. h. For example, if you change the LAN IP address of the router...
...the Enable LDAP Information checkbox and fill in the IP address pool. ProSafe VPN Firewall 200 FVX538 Reference Manual b. This address specifies the first of the contiguous addresses in ... and log in LAN TCP/IP Setup section). Secondary DNS Server. (Optional) If an IP address is specified, the VPN firewall will provide its own LAN IP ...address as the secondary DNS server IP address. This box can specify the Windows NetBios Server IP if one is the default start address. h. For example, if you change the LAN IP address of the router...
FVX538 Reference Manual
Page 49
....0.0.0), then you have completed the LAN IP setup, all outbound traffic is enabled, then clients can add aliases to the LAN port and give computers on those requests to the Internet. Click Apply to Chapter 4, "Firewall Protection and Content Filtering. However, when the...IP addresses of the router. To change these traffic rules, refer to save your settings. 6. LAN Configuration 3-5 v1.0, March 2009 For example, if the DNS servers for all inbound traffic is particularly useful in the WAN settings page). - ProSafe VPN Firewall 200 FVX538 Reference Manual The feature ...
....0.0.0), then you have completed the LAN IP setup, all outbound traffic is enabled, then clients can add aliases to the LAN port and give computers on those requests to the Internet. Click Apply to Chapter 4, "Firewall Protection and Content Filtering. However, when the...IP addresses of the router. To change these traffic rules, refer to save your settings. 6. LAN Configuration 3-5 v1.0, March 2009 For example, if the DNS servers for all inbound traffic is particularly useful in the WAN settings page). - ProSafe VPN Firewall 200 FVX538 Reference Manual The feature ...
FVX538 Reference Manual
Page 52
...ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is configured, by the DHCP server, then an asterisk is be appended to the name. • IP Address: The current IP address of this, leaving the DHCP Server feature enabled (on the LAN Setup... screen) is assigned a static IP address, you must to the Network Database. Computers that do not support the NetBIOS protocol will be listed as Unknown. If a computer is strongly recommended. • Scanning the Network: The router also...
...ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is configured, by the DHCP server, then an asterisk is be appended to the name. • IP Address: The current IP address of this, leaving the DHCP Server feature enabled (on the LAN Setup... screen) is assigned a static IP address, you must to the Network Database. Computers that do not support the NetBIOS protocol will be listed as Unknown. If a computer is strongly recommended. • Scanning the Network: The router also...
FVX538 Reference Manual
Page 54
... server, for example) and give public access to the LAN, has fewer firewall restrictions, by default. From the main menu, select Network Configuration and then select DMZ Setup from the submenu. The DMZ Setup screen will not be dedicated as 192.168.1.101). 3-10 v1.0, March ... the DMZ port: 1. Make sure that are incompatible with them . ProSafe VPN Firewall 200 FVX538 Reference Manual To reserve an IP address, use the Groups and Hosts screen under the Network Configuration menu, LAN Groups submenu (see "Router Front and Rear Panels" on page 3-7). Enter an IP Address and ...
... server, for example) and give public access to the LAN, has fewer firewall restrictions, by default. From the main menu, select Network Configuration and then select DMZ Setup from the submenu. The DMZ Setup screen will not be dedicated as 192.168.1.101). 3-10 v1.0, March ... the DMZ port: 1. Make sure that are incompatible with them . ProSafe VPN Firewall 200 FVX538 Reference Manual To reserve an IP address, use the Groups and Hosts screen under the Network Configuration menu, LAN Groups submenu (see "Router Front and Rear Panels" on page 3-7). Enter an IP Address and ...
FVX538 Reference Manual
Page 107
... and parameters on both sides of the VPN tunnel match or mirror each other precisely, which can be a daunting task. The section below provides wizard and NETGEAR VPN Client configuration procedures for the network connection:...VPN Wizard. The VPN Wizard efficiently guides you through the setup procedure with the Wizard Figure 5-3 Follow these steps to set the parameters for the following scenarios: • Using the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure multiple gateway or client VPN tunnel policies. ProSafe VPN Firewall 200 FVX538...
... and parameters on both sides of the VPN tunnel match or mirror each other precisely, which can be a daunting task. The section below provides wizard and NETGEAR VPN Client configuration procedures for the network connection:...VPN Wizard. The VPN Wizard efficiently guides you through the setup procedure with the Wizard Figure 5-3 Follow these steps to set the parameters for the following scenarios: • Using the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure multiple gateway or client VPN tunnel policies. ProSafe VPN Firewall 200 FVX538...
FVX538 Reference Manual
Page 119
... traffic matches an existing VPN Policy. ProSafe VPN Firewall 200 FVX538 Reference Manual To view FVX538 VPN logs, go to set up a VPN tunnel, both a VPN Policy and an IKE Policy are established and populated in both the VPN Policy and IKE Policy. Figure 5-19 VPN Tunnel Policies When you selected as the VPN Tunnel connection name during Wizard setup identifies both Policy Tables...
... traffic matches an existing VPN Policy. ProSafe VPN Firewall 200 FVX538 Reference Manual To view FVX538 VPN logs, go to set up a VPN tunnel, both a VPN Policy and an IKE Policy are established and populated in both the VPN Policy and IKE Policy. Figure 5-19 VPN Tunnel Policies When you selected as the VPN Tunnel connection name during Wizard setup identifies both Policy Tables...
FVX538 Reference Manual
Page 167
... Management v1.0, March 2009 6-25 ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Router Configuration and System Status The Router Status screen provides status and usage information. This is the current software the router is the Account Name that you entered in the LAN IP Setup page. DHCP can be either Server or None. Router Status Fields Item System Name...
... Management v1.0, March 2009 6-25 ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Router Configuration and System Status The Router Status screen provides status and usage information. This is the current software the router is the Account Name that you entered in the LAN IP Setup page. DHCP can be either Server or None. Router Status Fields Item System Name...
FVX538 Reference Manual
Page 171
...Monitoring from the main menu and Diagnostics from the submenu. Router and Network Management v1.0, March 2009 6-29 Figure 6-15 Performing Diagnostics You can view the DHCP log from the LAN Setup screen. When the LAN Setup screen displays, click the DHCP Log link. Select Network ...Configuration from the main menu and LAN Setup from the submenu. Note: For normal operation, diagnostics are not required. ProSafe VPN Firewall 200 FVX538 Reference Manual DHCP Log You ...
...Monitoring from the main menu and Diagnostics from the submenu. Router and Network Management v1.0, March 2009 6-29 Figure 6-15 Performing Diagnostics You can view the DHCP log from the LAN Setup screen. When the LAN Setup screen displays, click the DHCP Log link. Select Network ...Configuration from the main menu and LAN Setup from the submenu. Note: For normal operation, diagnostics are not required. ProSafe VPN Firewall 200 FVX538 Reference Manual DHCP Log You ...
FVX538 Reference Manual
Page 232
ProSafe VPN Firewall 200 FVX538 Reference Manual Content Filtering 4-1 about 4-29 Block Sites 4-29 enabling 4-30 firewall protection, about 4-1 content filtering 1-2, 4-1 crossover cable 1-3, 7-2 Customized Service editing 4-27 customized...Group IKE Policy 5-17 Disable DHCP Server 3-1, 3-3 DMZ about 3-10 firewall security 3-10 DMZ Port increasing traffic 6-7 DMZ port 1-3 setting up 3-10 DMZ Setup screen 3-10 DMZ WAN Inbound Rule example of 4-23 DMZ WAN ...2-6 DNS lookup 2-10 DNS Proxy 1-4 DNS queries Auto-Rollover 2-10 Domain Name router 3-3 Domain Name Blocking 4-29 v1.0, March 2009 See DoS.
ProSafe VPN Firewall 200 FVX538 Reference Manual Content Filtering 4-1 about 4-29 Block Sites 4-29 enabling 4-30 firewall protection, about 4-1 content filtering 1-2, 4-1 crossover cable 1-3, 7-2 Customized Service editing 4-27 customized...Group IKE Policy 5-17 Disable DHCP Server 3-1, 3-3 DMZ about 3-10 firewall security 3-10 DMZ Port increasing traffic 6-7 DMZ port 1-3 setting up 3-10 DMZ Setup screen 3-10 DMZ WAN Inbound Rule example of 4-23 DMZ WAN ...2-6 DNS lookup 2-10 DNS Proxy 1-4 DNS queries Auto-Rollover 2-10 Domain Name router 3-3 Domain Name Blocking 4-29 v1.0, March 2009 See DoS.
FVX538 Reference Manual
Page 234
...Subnet Mask router default 3-3 IP/MAC Binding screen 4-33 IPsec 4-17 IPSec Connection Status screen 6-27 IPSec Host 5-24, 5-25 IPsec Host XAUTH, with 5-31 XAUTH, adding to 2-1 Internet connection configuring 2-2 manual configuration 2-4 Internet service connection types 2-3 Internet Service Provider. See ISP. See IGP. ProSafe VPN Firewall 200 FVX538 Reference ...Idle TImeout 2-5 Idle Timeout 2-5 Keyword Blocking 4-29 applying 4-30 Keyword Filtering 1-3 L L2TP 4-17 LAN configuration 3-1 using LAN IP setup options 3-2 LAN DMZ Inbound Services adding rule 4-16 Index-4 v1.0, March 2009
...Subnet Mask router default 3-3 IP/MAC Binding screen 4-33 IPsec 4-17 IPSec Connection Status screen 6-27 IPSec Host 5-24, 5-25 IPsec Host XAUTH, with 5-31 XAUTH, adding to 2-1 Internet connection configuring 2-2 manual configuration 2-4 Internet service connection types 2-3 Internet Service Provider. See ISP. See IGP. ProSafe VPN Firewall 200 FVX538 Reference ...Idle TImeout 2-5 Idle Timeout 2-5 Keyword Blocking 4-29 applying 4-30 Keyword Filtering 1-3 L L2TP 4-17 LAN configuration 3-1 using LAN IP setup options 3-2 LAN DMZ Inbound Services adding rule 4-16 Index-4 v1.0, March 2009
FVX538 Reference Manual
Page 235
...4-15 LAN DMZ Rules 4-14 LAN DMZ Rules screen 4-14 LAN DMZ service rule modifying 4-15 LAN Security Checks 4-17 LAN Setup screen 3-3, 6-29 LAN side bandwidth capacity 6-1 LAN WAN Inbound Rule example of 4-20, 4-23 LAN WAN Inbound Services Rules ...15 view protocol bindings 2-12 Load balancing mode bandwidth capacity 6-1 Log Entry Descriptions C-1 logging in default login 2-1 M MAC Address format of 4-32 ProSafe VPN Firewall 200 FVX538 Reference Manual MAC address 7-6 configuring 2-3, 2-4 format of 2-18 spoofing 7-5 MAC addresses blocked, adding 4-32 Maximum Failover 2-11 ModeConfig 5-29 about ...
...4-15 LAN DMZ Rules 4-14 LAN DMZ Rules screen 4-14 LAN DMZ service rule modifying 4-15 LAN Security Checks 4-17 LAN Setup screen 3-3, 6-29 LAN side bandwidth capacity 6-1 LAN WAN Inbound Rule example of 4-20, 4-23 LAN WAN Inbound Services Rules ...15 view protocol bindings 2-12 Load balancing mode bandwidth capacity 6-1 Log Entry Descriptions C-1 logging in default login 2-1 M MAC Address format of 4-32 ProSafe VPN Firewall 200 FVX538 Reference Manual MAC address 7-6 configuring 2-3, 2-4 format of 2-18 spoofing 7-5 MAC addresses blocked, adding 4-32 Maximum Failover 2-11 ModeConfig 5-29 about ...
FVX538 Reference Manual
Page 238
ProSafe VPN Firewall 200 FVX538 Reference Manual Settings Backup & Upgrade screen 6-15 Settings Backup and Firmware Upgrade 6-16 Simple Network Management Protocol. Single WAN ... 6-8 Traffic Meter 2-6 traffic meter 2-4 programming 2-6 WAN2 ISP settings 2-4 Traffic Meter screen router monitoring 6-20 Traffic Meter Settings 2-7 definitions 2-7 Troubleshooting NTP 7-7 troubleshooting 7-1 browsers 7-3 configuration settings, using sniffer 7-3 defaults 7-3 ISP connection 7-4 testing your setup 7-6 Web configuration 7-2 Trusted Certificates 5-19 Trusted Domains building list of 6-19 Time Zone ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Settings Backup & Upgrade screen 6-15 Settings Backup and Firmware Upgrade 6-16 Simple Network Management Protocol. Single WAN ... 6-8 Traffic Meter 2-6 traffic meter 2-4 programming 2-6 WAN2 ISP settings 2-4 Traffic Meter screen router monitoring 6-20 Traffic Meter Settings 2-7 definitions 2-7 Troubleshooting NTP 7-7 troubleshooting 7-1 browsers 7-3 configuration settings, using sniffer 7-3 defaults 7-3 ISP connection 7-4 testing your setup 7-6 Web configuration 7-2 Trusted Certificates 5-19 Trusted Domains building list of 6-19 Time Zone ...
FVX538 Reference Manual
Page 240
ProSafe VPN Firewall 200 FVX538 Reference Manual manual setup 2-4 WAN1 ISP Settings screen 2-2 WAN1 Protocol Bindings 2-12 WAN1 Protocol Bindings screen 2-13 WAN1 Traffic Meter 2-6 WAN2 ISP settings 2-4 WAN2 ISP Settings manual setup 2-6 WAN2 Protocol Bindings 2-13 WAN2 Protocol Bindings screen. 2-13 WAN2 Traffic Meter 2-7 Web Components 4-29 blocking 4-30 filtering, about 4-29 Web configuration troubleshooting 7-2 WiKID 6-11 WinPoET 2-5 X XAUTH IPSec Host 5-24 types of 5-23 Index-10 v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual manual setup 2-4 WAN1 ISP Settings screen 2-2 WAN1 Protocol Bindings 2-12 WAN1 Protocol Bindings screen 2-13 WAN1 Traffic Meter 2-6 WAN2 ISP settings 2-4 WAN2 ISP Settings manual setup 2-6 WAN2 Protocol Bindings 2-13 WAN2 Protocol Bindings screen. 2-13 WAN2 Traffic Meter 2-7 Web Components 4-29 blocking 4-30 filtering, about 4-29 Web configuration troubleshooting 7-2 WiKID 6-11 WinPoET 2-5 X XAUTH IPSec Host 5-24 types of 5-23 Index-10 v1.0, March 2009
FVX538 Reference Manual
Page 17
...VPN firewall supports multiple Web content filtering options, plus 1 Gigabit Switch port. • One console port for local management. • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall ...and instant alerts-both via e-mail. The FVX538 is a plug-and-play device that protects your local area network (LAN) to 200 simultaneous IPSec VPN tunnels. • Bundled with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Proactive ...
...VPN firewall supports multiple Web content filtering options, plus 1 Gigabit Switch port. • One console port for local management. • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall ...and instant alerts-both via e-mail. The FVX538 is a plug-and-play device that protects your local area network (LAN) to 200 simultaneous IPSec VPN tunnels. • Bundled with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Proactive ...