FVX538 Reference Manual
Page 7
... Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the Traffic Meter (if...
... Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the Traffic Meter (if...
FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-7 Setting Up Address Reservation 3-9 Configuring and Enabling the DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-7 Setting Up Address Reservation 3-9 Configuring and Enabling the DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS) ... 5-3 Creating a Client to Gateway VPN Tunnel 5-6 Use the VPN Wizard Configure the Gateway for a Client Tunnel 5-7 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS) ... 5-3 Creating a Client to Gateway VPN Tunnel 5-6 Use the VPN Wizard Configure the Gateway for a Client Tunnel 5-7 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 Service Blocking 6-2 Block Sites...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 Service Blocking 6-2 Block Sites...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions ...7-1 Power LED Not On 7-1 LEDs Never Turn Off 7-2 LAN or Internet Port LEDs ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions ...7-1 Power LED Not On 7-1 LEDs Never Turn Off 7-2 LAN or Internet Port LEDs ...
FVX538 Reference Manual
Page 15
... Scope The conventions, formats, and scope of note may result in a malfunction or damage to install, configure and troubleshoot the ProSafe VPN Firewall 200. This manual uses the following paragraphs. • Typographical Conventions. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment. The information in the following typographical conventions: Italics Bold Fixed italics...
... Scope The conventions, formats, and scope of note may result in a malfunction or damage to install, configure and troubleshoot the ProSafe VPN Firewall 200. This manual uses the following paragraphs. • Typographical Conventions. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment. The information in the following typographical conventions: Italics Bold Fixed italics...
FVX538 Reference Manual
Page 16
... on the NETGEAR, Inc. Dead Peer Detection; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Failure to Appendix C Mar. 08 Maintenance release Mar. 09 Adds these corrections and topics for the March 2009 firmware maintenance release: • WIKID 2 factor authentication • SIP AGL support • DHCP Relay support • Update VPN configuration procedure topics...
... on the NETGEAR, Inc. Dead Peer Detection; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Failure to Appendix C Mar. 08 Maintenance release Mar. 09 Adds these corrections and topics for the March 2009 firmware maintenance release: • WIKID 2 factor authentication • SIP AGL support • DHCP Relay support • Update VPN configuration procedure topics...
FVX538 Reference Manual
Page 17
Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and multimedia. • Built-in 10/100 Mbps ports plus browsing activity reporting and instant alerts-both via e-mail. The FVX538 is a plug-and-play device that protects...
Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and multimedia. • Built-in 10/100 Mbps ports plus browsing activity reporting and instant alerts-both via e-mail. The FVX538 is a plug-and-play device that protects...
FVX538 Reference Manual
Page 18
...configured on page B-1 for Increased Reliability or Outbound Load Balancing The FVX538 has two broadband WAN ports, WAN1 and WAN2, each capable of operating independently at speeds of either 10 Mbps or 100 Mbps. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe...8226; Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is a true firewall, using stateful packet inspection to : • Provide backup and rollover if one ...
...configured on page B-1 for Increased Reliability or Outbound Load Balancing The FVX538 has two broadband WAN ports, WAN1 and WAN2, each capable of operating independently at speeds of either 10 Mbps or 100 Mbps. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe...8226; Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is a true firewall, using stateful packet inspection to : • Provide backup and rollover if one ...
FVX538 Reference Manual
Page 19
... network. Instead of full-duplex or half-duplex operation. Autosensing Ethernet Connections with NAT. You can configure the firewall to email the log to either type of your network. This feature also eliminates the need to make the right ... its internal 8-port 10/100 switch, the FVX538 can have it forwarded to one of cable to worry about crossover cables, as blocked incoming traffic, port scans, attacks, and administrator logins. Introduction 1-3 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. The...
... network. Instead of full-duplex or half-duplex operation. Autosensing Ethernet Connections with NAT. You can configure the firewall to email the log to either type of your network. This feature also eliminates the need to make the right ... its internal 8-port 10/100 switch, the FVX538 can have it forwarded to one of cable to worry about crossover cables, as blocked incoming traffic, port scans, attacks, and administrator logins. Introduction 1-3 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. The...
FVX538 Reference Manual
Page 20
... Management You can install, configure, and operate the ProSafe VPN Firewall 200 within minutes after connecting it to easily configure your type of personal computer, such as a DNS server to ensure the VPN tunnels are specified, the firewall provides its own address as Windows, Macintosh, or Linux. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol...
... Management You can install, configure, and operate the ProSafe VPN Firewall 200 within minutes after connecting it to easily configure your type of personal computer, such as a DNS server to ensure the VPN tunnels are specified, the firewall provides its own address as Windows, Macintosh, or Linux. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol...
FVX538 Reference Manual
Page 27
Chapter 2 Connecting the FVX538 to the Internet This chapter includes these topics: • "Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. If you enable remote management, you are not... the same as any user name or password you may use to log in Chapter 5, "Virtual Private Networking." Connecting the FVX538 to configure...
Chapter 2 Connecting the FVX538 to the Internet This chapter includes these topics: • "Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. If you enable remote management, you are not... the same as any user name or password you may use to log in Chapter 5, "Virtual Private Networking." Connecting the FVX538 to configure...
FVX538 Reference Manual
Page 28
ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the Internet Connections to Your ISPs You should display when you log in Figure 2-1 should first configure your Internet connections to the Internet v1.0, March 2009 Click Auto Detect at the bottom of the screen to the Internet: 1. Figure 2-1 2. Auto Detect will most likely support. 2-2 Connecting the FVX538... to your ISPs on WAN port 1, and then configure WAN port 2 second. The WAN1 ISP Settings screen similar to the one that...
ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the Internet Connections to Your ISPs You should display when you log in Figure 2-1 should first configure your Internet connections to the Internet v1.0, March 2009 Click Auto Detect at the bottom of the screen to the Internet: 1. Figure 2-1 2. Auto Detect will most likely support. 2-2 Connecting the FVX538... to your ISPs on WAN port 1, and then configure WAN port 2 second. The WAN1 ISP Settings screen similar to the one that...
FVX538 Reference Manual
Page 30
... of ISP connection, etc., before you must continue with your ISP, select Yes. Unless your ISP automatically assigns your configuration automatically via DHCP, you can bypass the Auto Detect feature and connect your network has a unique 48-bit local Ethernet...then you begin. Setting the router's MAC address is also referred to set to the Internet v1.0, March 2009 See "Programming the Traffic Meter (if Desired)" on your router manually. ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Setting the Router's MAC Address Each computer or router on page 2-6. Ensure that ...
... of ISP connection, etc., before you must continue with your ISP, select Yes. Unless your ISP automatically assigns your configuration automatically via DHCP, you can bypass the Auto Detect feature and connect your network has a unique 48-bit local Ethernet...then you begin. Setting the router's MAC address is also referred to set to the Internet v1.0, March 2009 See "Programming the Traffic Meter (if Desired)" on your router manually. ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Setting the Router's MAC Address Each computer or router on page 2-6. Ensure that ...
FVX538 Reference Manual
Page 31
ProSafe VPN Firewall 200 FVX538 Reference Manual 2. What type of minutes to your full email address here. - Select this connection and configure the following fields: a. Account Name: Valid account name for the PPTP connection (usually your email "ID" assigned by your network administrator. ... field. Server IP Address: IP address of minutes to you based on . The text box fields that require data entry will identify the router to wait before disconnecting in . - If your ISP has assigned one. If your connection is Austria Telecom or any login information, then ...
ProSafe VPN Firewall 200 FVX538 Reference Manual 2. What type of minutes to your full email address here. - Select this connection and configure the following fields: a. Account Name: Valid account name for the PPTP connection (usually your email "ID" assigned by your network administrator. ... field. Server IP Address: IP address of minutes to you based on . The text box fields that require data entry will identify the router to wait before disconnecting in . - If your ISP has assigned one. If your connection is Austria Telecom or any login information, then ...
FVX538 Reference Manual
Page 32
... Get dynamically from ISP radio box. Note: Domain Name Servers (DNS) convert Internet names such as www.google.com, www.netgear.com, etc. To configure your ISP has assigned DNS addresses, select the Use these DNS Servers radio box. Repeat steps 1 through 7 above. The WAN1... 1. To enable the traffic meter: 1. Click Reset to save the settings. 6. Fill out the information described in the fields. ProSafe VPN Firewall 200 FVX538 Reference Manual If your ISP has not assigned any changes and revert to the router using DHCP network protocol. 4. Select the WAN2 ISP Settings tab.
... Get dynamically from ISP radio box. Note: Domain Name Servers (DNS) convert Internet names such as www.google.com, www.netgear.com, etc. To configure your ISP has assigned DNS addresses, select the Use these DNS Servers radio box. Repeat steps 1 through 7 above. The WAN1... 1. To enable the traffic meter: 1. Click Reset to save the settings. 6. Fill out the information described in the fields. ProSafe VPN Firewall 200 FVX538 Reference Manual If your ISP has not assigned any changes and revert to the router using DHCP network protocol. 4. Select the WAN2 ISP Settings tab.
FVX538 Reference Manual
Page 33
...ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-3 2. Note: Both incoming and outgoing traffic are included in the limit. Click Apply to set the Traffic Meter the the WAN2 port. If this if you wish to each wan interface. • No Limit - Table 2-2. Select the WAN2 Traffic Meter tab and repeat steps 1 through the Router...'s WAN1 or WAN2 port. the entire configuration is specific to record the volume of Internet traffic passing through 3 to apply the settings.
...ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-3 2. Note: Both incoming and outgoing traffic are included in the limit. Click Apply to set the Traffic Meter the the WAN2 port. If this if you wish to each wan interface. • No Limit - Table 2-2. Select the WAN2 Traffic Meter tab and repeat steps 1 through the Router...'s WAN1 or WAN2 port. the entire configuration is specific to record the volume of Internet traffic passing through 3 to apply the settings.
FVX538 Reference Manual
Page 34
... AM or PM and the day of the Specific Time month. before restarting the counter. Configuring the WAN Mode (Required for each protocol will be blocked. • If using this function to continue accessing the Internet. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. Check the checkbox and enter the desired increase. (The checkbox will be...
... AM or PM and the day of the Specific Time month. before restarting the counter. Configuring the WAN Mode (Required for each protocol will be blocked. • If using this function to continue accessing the Internet. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. Check the checkbox and enter the desired increase. (The checkbox will be...
FVX538 Reference Manual
Page 35
... on the front panel (see "Router Front and Rear Panels" on a specific WAN interface. Setting Up Auto-Rollover Mode If you want to use a redundant ISP link for backup purposes, ensure that the backup WAN port has already been configured. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to... use a redundant ISP link for backup purposes, select the WAN port that will act as the primary link for this Router. NAT is done with the protocol binding rules of...
... on the front panel (see "Router Front and Rear Panels" on a specific WAN interface. Setting Up Auto-Rollover Mode If you want to use a redundant ISP link for backup purposes, ensure that the backup WAN port has already been configured. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to... use a redundant ISP link for backup purposes, select the WAN port that will act as the primary link for this Router. NAT is done with the protocol binding rules of...
FVX538 Reference Manual
Page 36
... Servers (ISP DNS Servers) - The WAN Mode screen will not consider the traffic abuse. DNS query is detected in seconds. ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is configured in Auto-Rollover Mode, the router uses the WAN Failure Detection Method to check the connection of the primary link at regular intervals to this IP...
... Servers (ISP DNS Servers) - The WAN Mode screen will not consider the traffic abuse. DNS query is detected in seconds. ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is configured in Auto-Rollover Mode, the router uses the WAN Failure Detection Method to check the connection of the primary link at regular intervals to this IP...