FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-7 Setting Up ...RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service Blocking 4-3 Inbound Rules (Port Forwarding 4-6 Order of ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-7 Setting Up ...RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service Blocking 4-3 Inbound Rules (Port Forwarding 4-6 Order of ...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS) Priorities 4-27 Setting a Schedule to Block or Allow Specific Traffic 4-28 Setting Block Sites (Content Filtering 4-29 Enabling Source MAC Filtering 4-31 IP/MAC Binding ...4-33 Port Triggering ...4-35 Bandwidth Limiting ...4-37...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS) Priorities 4-27 Setting a Schedule to Block or Allow Specific Traffic 4-28 Setting Block Sites (Content Filtering 4-29 Enabling Source MAC Filtering 4-31 IP/MAC Binding ...4-33 Port Triggering ...4-35 Bandwidth Limiting ...4-37...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce...
FVX538 Reference Manual
Page 18
... • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you are never disconnected. ...such as off-limits. 1-2 Introduction v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based... SYN Flood, LAND Attack, and IP Spoofing. • Secure Firewall. Blocks unwanted traffic from your LAN. • Block Sites. Blocks access from the Internet to your LAN...
... • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you are never disconnected. ...such as off-limits. 1-2 Introduction v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based... SYN Flood, LAND Attack, and IP Spoofing. • Secure Firewall. Blocks unwanted traffic from your LAN. • Block Sites. Blocks access from the Internet to your LAN...
FVX538 Reference Manual
Page 51
... are : • Generally, you do not need to use a Fixed IP on that PC. ProSafe VPN Firewall 200 FVX538 Reference Manual Creating the Network Database Some advantages of the Network Database are assigned dynamic IP addresses by the Block Sites feature (see "Enabling Source MAC Filtering" on page 4-31). If ...never change, you can also create Firewall Rules to apply to Block or Allow Specific Kinds of Traffic" on page 4-29). - Because the address allocated by the DHCP Server will be covered by this router. Hence, changing a computer's IP address does not affect any restrictions...
... are : • Generally, you do not need to use a Fixed IP on that PC. ProSafe VPN Firewall 200 FVX538 Reference Manual Creating the Network Database Some advantages of the Network Database are assigned dynamic IP addresses by the Block Sites feature (see "Enabling Source MAC Filtering" on page 4-31). If ...never change, you can also create Firewall Rules to apply to Block or Allow Specific Kinds of Traffic" on page 4-29). - Because the address allocated by the DHCP Server will be covered by this router. Hence, changing a computer's IP address does not affect any restrictions...
FVX538 Reference Manual
Page 61
... Filtering The ProSafe VPN Firewall 200 provides you with a hacker intrusion or attack, and for dealing with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. You can establish restricted access policies based on page 3-6 to set up LAN Groups). A firewall is a special category of router that can further segment keyword blocking to...
... Filtering The ProSafe VPN Firewall 200 provides you with a hacker intrusion or attack, and for dealing with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. You can establish restricted access policies based on page 3-6 to set up LAN Groups). A firewall is a special category of router that can further segment keyword blocking to...
FVX538 Reference Manual
Page 67
... to be the address of inbound traffic that would otherwise be blocked by the firewall. Select the desired option: • Any - Firewall Protection and Content Filtering 4-7 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Local PCs must access the local server using the external WAN IP address will fail. Note: See "Port Triggering" on your Server...
... to be the address of inbound traffic that would otherwise be blocked by the firewall. Select the desired option: • Any - Firewall Protection and Content Filtering 4-7 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Local PCs must access the local server using the external WAN IP address will fail. Note: See "Port Triggering" on your Server...
FVX538 Reference Manual
Page 71
... to your changes and reset the fields on this screen. Firewall Protection and Content Filtering v1.0, March 2009 4-11 Note: This feature is for Advanced Administrators only! ProSafe VPN Firewall 200 FVX538 Reference Manual LAN WAN Outbound Services Rules You may define rules... that will be listed on the Outbound Services table. The new rule will specify exceptions to the schedule created in the Schedule menu. The outbound rule will block the selected application from any internal IP...
... to your changes and reset the fields on this screen. Firewall Protection and Content Filtering v1.0, March 2009 4-11 Note: This feature is for Advanced Administrators only! ProSafe VPN Firewall 200 FVX538 Reference Manual LAN WAN Outbound Services Rules You may define rules... that will be listed on the Outbound Services table. The new rule will specify exceptions to the schedule created in the Schedule menu. The outbound rule will block the selected application from any internal IP...
FVX538 Reference Manual
Page 85
...client computers. Adding Customized Services Services are typically chosen from any internal IP address to any attempt to use in RFC1700, "Assigned Numbers." For example, a packet that blocked period. Use the Services screen to add additional services and applications to ...the requested service is an HTTP (Web server) request. Firewall Protection and Content Filtering v1.0, March 2009 4-25 ProSafe VPN Firewall 200 FVX538 Reference Manual LAN WAN Outbound Rule: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during that is sent with ...
...client computers. Adding Customized Services Services are typically chosen from any internal IP address to any attempt to use in RFC1700, "Assigned Numbers." For example, a packet that blocked period. Use the Services screen to add additional services and applications to ...the requested service is an HTTP (Web server) request. Firewall Protection and Content Filtering v1.0, March 2009 4-25 ProSafe VPN Firewall 200 FVX538 Reference Manual LAN WAN Outbound Rule: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during that is sent with ...
FVX538 Reference Manual
Page 88
...be applied. The Schedule 1 screen will display. 4-28 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Maximize-Reliability: Used when data needs to travel to the destination over the link is high. The IP packets for services with this priority are marked with a... to reach the destination must be low. Select Security from the main menu and Schedule from the sub-menu. The IP packets for the packet to Block or Allow Specific Traffic Schedules define the timeframes under which firewall rules may be selected when defining...
...be applied. The Schedule 1 screen will display. 4-28 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Maximize-Reliability: Used when data needs to travel to the destination over the link is high. The IP packets for services with this priority are marked with a... to reach the destination must be low. Select Security from the main menu and Schedule from the sub-menu. The IP packets for the packet to Block or Allow Specific Traffic Schedules define the timeframes under which firewall rules may be selected when defining...
FVX538 Reference Manual
Page 93
... be Blocked table. If the router sees packets with a matching IP address, but inconsistent IP address in the box to the left of dropped packets that you to bind an IP address to any external network. The router will appear in IP/MAC Table. Click Apply to -IP Binding. The total count of MAC addresses, click Select All. ProSafe VPN Firewall 200 FVX538...
... be Blocked table. If the router sees packets with a matching IP address, but inconsistent IP address in the box to the left of dropped packets that you to bind an IP address to any external network. The router will appear in IP/MAC Table. Click Apply to -IP Binding. The total count of MAC addresses, click Select All. ProSafe VPN Firewall 200 FVX538...
FVX538 Reference Manual
Page 95
... Enable pull-down menu, indicate if the rule is required because this Router cannot be partially blocked by the firewall. As such, it would be used by another PC. The Port ... operates as a new connection request rather than a response. ProSafe VPN Firewall 200 FVX538 Reference Manual To remove an entry from the submenu. The VPN firewall records this connection, opens the additional INCOMING port or ports ... the table, select the IP/MAC Bind entry and click Delete. Using this response would be handled in the Name field. 2. The VPN firewall matches the response to the...
... Enable pull-down menu, indicate if the rule is required because this Router cannot be partially blocked by the firewall. As such, it would be used by another PC. The Port ... operates as a new connection request rather than a response. ProSafe VPN Firewall 200 FVX538 Reference Manual To remove an entry from the submenu. The VPN firewall records this connection, opens the additional INCOMING port or ports ... the table, select the IP/MAC Bind entry and click Delete. Using this response would be handled in the Name field. 2. The VPN firewall matches the response to the...
FVX538 Reference Manual
Page 103
...4-43 The name or IP address of Traffic" on page 3-6) - Block sites (see "Port Triggering" on page 6-10). 2. Firewall Log Field Descriptions (continued) Field Source port and interface Destination Destination port and interface Description The service port number of the VPN firewall: - Source MAC filtering... "Services-Based Rules" on the LAN, WAN or DMZ. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-4. As an option, you can further refine your system, you can enable remote management if you have to Block or Allow Specific Kinds of the destination device or Web site...
...4-43 The name or IP address of Traffic" on page 3-6) - Block sites (see "Port Triggering" on page 6-10). 2. Firewall Log Field Descriptions (continued) Field Source port and interface Destination Destination port and interface Description The service port number of the VPN firewall: - Source MAC filtering... "Services-Based Rules" on the LAN, WAN or DMZ. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-4. As an option, you can further refine your system, you can enable remote management if you have to Block or Allow Specific Kinds of the destination device or Web site...
FVX538 Reference Manual
Page 145
...Group using the Services menu (see "Managing Groups and Hosts (LAN Groups)" on page 3-6to assign PCs to Block or Allow Specific Traffic" on how to use this Router is strongly recommended. • Scanning the Network - Groups and Hosts. PCs and devices become known by the ...IP address. - See "Using Rules to all known PCs and network devices. Single address: The rule applies to DHCP client requests from PCs and other network devices. The Rules menu contains a list of this, leaving the DHCP Server feature (on how to use this feature. ProSafe VPN Firewall 200 FVX538...
...Group using the Services menu (see "Managing Groups and Hosts (LAN Groups)" on page 3-6to assign PCs to Block or Allow Specific Traffic" on how to use this Router is strongly recommended. • Scanning the Network - Groups and Hosts. PCs and devices become known by the ...IP address. - See "Using Rules to all known PCs and network devices. Single address: The rule applies to DHCP client requests from PCs and other network devices. The Rules menu contains a list of this, leaving the DHCP Server feature (on how to use this feature. ProSafe VPN Firewall 200 FVX538...
FVX538 Reference Manual
Page 147
... block or allow specific traffic. Incorrect configuration will be listed. Router and Network Management 6-5 v1.0, March 2009 Enable this firewall is for Advanced Administrators only! Warning: This feature is between two VPN tunnel end points. • Drop fragmented IP ... by the rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW always • ALLOW by schedule, otherwise Block You can not use it (i.e., the service is unavailable). ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Firewall Features That Increase Traffic Features that...
... block or allow specific traffic. Incorrect configuration will be listed. Router and Network Management 6-5 v1.0, March 2009 Enable this firewall is for Advanced Administrators only! Warning: This feature is between two VPN tunnel end points. • Drop fragmented IP ... by the rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW always • ALLOW by schedule, otherwise Block You can not use it (i.e., the service is unavailable). ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Firewall Features That Increase Traffic Features that...
FVX538 Reference Manual
Page 148
... according to function correctly that you can further refine their IP address. - ProSafe VPN Firewall 200 FVX538 Reference Manual • Enable DNS Proxy - Select the desired IP Address in the Port Triggering table, and associates them with the PC. 6-6 Router and Network Management v1.0, March 2009 Single address: The ... applied on the Schedule 1, Schedule 2, or Schedule 3 time schedule (see "Setting a Schedule to Block or Allow Specific Traffic" on how to use this to set the firewall to operate in the list, you must define it using a port number defined in the Port Triggering...
... according to function correctly that you can further refine their IP address. - ProSafe VPN Firewall 200 FVX538 Reference Manual • Enable DNS Proxy - Select the desired IP Address in the Port Triggering table, and associates them with the PC. 6-6 Router and Network Management v1.0, March 2009 Single address: The ... applied on the Schedule 1, Schedule 2, or Schedule 3 time schedule (see "Setting a Schedule to Block or Allow Specific Traffic" on how to use this to set the firewall to operate in the list, you must define it using a port number defined in the Port Triggering...
FVX538 Reference Manual
Page 162
... to the Default Netgear NTP servers. 4. If required, you can also view status information about the firewall, WAN ports, LAN ports, and VPN tunnels and program SNMP connections. Click Apply to save your previous settings. You can also enter the address of another NTP server in the Server 1 Name/IP Address field. ProSafe VPN Firewall 200 FVX538 Reference Manual...
... to the Default Netgear NTP servers. 4. If required, you can also view status information about the firewall, WAN ports, LAN ports, and VPN tunnels and program SNMP connections. Click Apply to save your previous settings. You can also enter the address of another NTP server in the Server 1 Name/IP Address field. ProSafe VPN Firewall 200 FVX538 Reference Manual...
FVX538 Reference Manual
Page 214
... filtering with java components • The URL blocked due to java content filtering is [URL] along with source and destination IP addressed, protocol, source port and destination port. • For other parameters, refer to Table C-1. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-12. None Jan 23 16:53:32 [FVX538] [kernel] [JAVA_BLOCKED] [URL]==>[ www.java.com/js...
... filtering with java components • The URL blocked due to java content filtering is [URL] along with source and destination IP addressed, protocol, source port and destination port. • For other parameters, refer to Table C-1. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-12. None Jan 23 16:53:32 [FVX538] [kernel] [JAVA_BLOCKED] [URL]==>[ www.java.com/js...
FVX538 Reference Manual
Page 232
... name 1-9, 2-1 denial of service attack 4-16, 4-17 Denial of 2-6 server IP address 3-4 DNS addresses 2-6 DNS lookup 2-10 DNS Proxy 1-4 DNS queries Auto-Rollover 2-10 Domain Name router 3-3 Domain Name Blocking 4-29 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Content Filtering 4-1 about 4-29 Block Sites 4-29 enabling 4-30 firewall protection, about 4-1 content filtering 1-2, 4-1 crossover cable 1-3, 7-2 Customized Service editing...
... name 1-9, 2-1 denial of service attack 4-16, 4-17 Denial of 2-6 server IP address 3-4 DNS addresses 2-6 DNS lookup 2-10 DNS Proxy 1-4 DNS queries Auto-Rollover 2-10 Domain Name router 3-3 Domain Name Blocking 4-29 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Content Filtering 4-1 about 4-29 Block Sites 4-29 enabling 4-30 firewall protection, about 4-1 content filtering 1-2, 4-1 crossover cable 1-3, 7-2 Customized Service editing...
FVX538 Reference Manual
Page 234
... auto-generated 7-3 DHCP address pool 3-1 how to assign 3-1 multi home LAN 3-5 reserved 3-9 IP Subnet Mask router default 3-3 IP/MAC Binding screen 4-33 IPsec 4-17 IPSec Connection Status screen 6-27 IPSec Host 5-24, 5-25 IPsec Host ...alive 5-18 Keep Connected Idle TImeout 2-5 Idle Timeout 2-5 Keyword Blocking 4-29 applying 4-30 Keyword Filtering 1-3 L L2TP 4-17 LAN configuration 3-1 using LAN IP setup options 3-2 LAN DMZ Inbound Services adding rule 4-16 Index-4 v1.0, March 2009 See IGP. ProSafe VPN Firewall 200 FVX538 Reference Manual H hardware requirements B-3 Hosting A Local Public Web...
... auto-generated 7-3 DHCP address pool 3-1 how to assign 3-1 multi home LAN 3-5 reserved 3-9 IP Subnet Mask router default 3-3 IP/MAC Binding screen 4-33 IPsec 4-17 IPSec Connection Status screen 6-27 IPSec Host 5-24, 5-25 IPsec Host ...alive 5-18 Keep Connected Idle TImeout 2-5 Idle Timeout 2-5 Keyword Blocking 4-29 applying 4-30 Keyword Filtering 1-3 L L2TP 4-17 LAN configuration 3-1 using LAN IP setup options 3-2 LAN DMZ Inbound Services adding rule 4-16 Index-4 v1.0, March 2009 See IGP. ProSafe VPN Firewall 200 FVX538 Reference Manual H hardware requirements B-3 Hosting A Local Public Web...