FVX538 Reference Manual
Page 7
... Outbound Load Balancing 1-2 A Powerful, True Firewall with Content Filtering 1-2 Security Features ...1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring...
... Outbound Load Balancing 1-2 A Powerful, True Firewall with Content Filtering 1-2 Security Features ...1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
... Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic to Dual WAN Port Systems B-8 Inbound Traffic: Dual WAN Ports for Improved Reliability B-9 Inbound Traffic: Dual WAN Ports for Load Balancing B-9 Virtual Private Networks (VPNs B-10 VPN Road Warrior (Client-to -Gateway: Dual Gateway WAN Ports for Load Balancing ... B-18 VPN Telecommuter...
... Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic to Dual WAN Port Systems B-8 Inbound Traffic: Dual WAN Ports for Improved Reliability B-9 Inbound Traffic: Dual WAN Ports for Load Balancing B-9 Virtual Private Networks (VPNs B-10 VPN Road Warrior (Client-to -Gateway: Dual Gateway WAN Ports for Load Balancing ... B-18 VPN Telecommuter...
FVX538 Reference Manual
Page 17
...load balancing. The WAN ports do not respond at all to unsolicited traffic (stealth mode). • Support for up to 200 simultaneous IPSec VPN tunnels. • Support for traffic prioritization, voice, and multimedia. • Built-in 10/100 Mbps ports plus browsing activity reporting and instant alerts-both via e-mail. The FVX538... network from attacks and intrusions. Introduction 1-1 v1.0, March 2009 Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support ...
...load balancing. The WAN ports do not respond at all to unsolicited traffic (stealth mode). • Support for up to 200 simultaneous IPSec VPN tunnels. • Support for traffic prioritization, voice, and multimedia. • Built-in 10/100 Mbps ports plus browsing activity reporting and instant alerts-both via e-mail. The FVX538... network from attacks and intrusions. Introduction 1-1 v1.0, March 2009 Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support ...
FVX538 Reference Manual
Page 18
.... ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability. • Front panel LEDs for easy monitoring of either 10 Mbps or 100 Mbps. The firewall balances...
.... ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability. • Front panel LEDs for easy monitoring of either 10 Mbps or 100 Mbps. The firewall balances...
FVX538 Reference Manual
Page 34
... will be configured on a mutually exclusive basis for either auto-rollover (for increased system reliability) or load balancing (for this function to work (see "E-Mail counter Notifications of Event Logs and Alerts" on Internet ...If using this option, you have reached the monthly limit, but need to know more details of the ProSafe VPN Firewall 200 can be blocked. • Block all traffic - Traffic by Protocol Click this to temporarily increase the... to work . Only E-mail traffic will be allowed. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2.
... will be configured on a mutually exclusive basis for either auto-rollover (for increased system reliability) or load balancing (for this function to work (see "E-Mail counter Notifications of Event Logs and Alerts" on Internet ...If using this option, you have reached the monthly limit, but need to know more details of the ProSafe VPN Firewall 200 can be blocked. • Block all traffic - Traffic by Protocol Click this to temporarily increase the... to work . Only E-mail traffic will be allowed. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2.
FVX538 Reference Manual
Page 35
...To learn the status of the WAN ports, you can use Classical Routing for routing private IP addresses within a campus environment. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to use a redundant ISP link for backup purposes, ensure that the backup WAN port has already ...Router performs Routing, but without NAT. For both alternatives, you have a valid Internet IP address. PCs on your LAN can choose Classical Routing. Ensure that the backup WAN port has also been configured and that are not visible from the Internet. - Note: Scenarios could arise when load balancing...
...To learn the status of the WAN ports, you can use Classical Routing for routing private IP addresses within a campus environment. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to use a redundant ISP link for backup purposes, ensure that the backup WAN port has already ...Router performs Routing, but without NAT. For both alternatives, you have a valid Internet IP address. PCs on your LAN can choose Classical Routing. Ensure that the backup WAN port has also been configured and that are not visible from the Internet. - Note: Scenarios could arise when load balancing...
FVX538 Reference Manual
Page 38
...port. To configure the dual WAN ports for the WAN2 port. ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing To use WAN2 for specified traffic. Check the Load Balancing radio button on the LAN through the WAN1 port. Figure 2-5 2. Note: NETGEAR recommends that are bound to the computers on the WAN Mode ... to segregate traffic between links that all other traffic goes out the other port is bound to WAN2, then the router will be routed through the port connected to the Internet v1.0, March 2009 In Load Balancing mode, both links will display.
...port. To configure the dual WAN ports for the WAN2 port. ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing To use WAN2 for specified traffic. Check the Load Balancing radio button on the LAN through the WAN1 port. Figure 2-5 2. Note: NETGEAR recommends that are bound to the computers on the WAN Mode ... to segregate traffic between links that all other traffic goes out the other port is bound to WAN2, then the router will be routed through the port connected to the Internet v1.0, March 2009 In Load Balancing mode, both links will display.
FVX538 Reference Manual
Page 41
... Dynamic DNS: 1. Connecting the FVX538 to your ISP assigns a private WAN IP address such as exposed hosts and virtual private networks regardless of whether you have a fixed or dynamic IP address. • For load balancing mode, you may still need...Load Balancing or Auto Rollover). The WAN Mode section displays the currently configured WAN mode (for the resulting FQDN to the Internet v1.0, March 2009 2-15 Only those options that match the configured WAN Mode will display. Select Network Configuration from the primary menu and Dynamic DNS from the submenu. ProSafe VPN Firewall 200 FVX538...
... Dynamic DNS: 1. Connecting the FVX538 to your ISP assigns a private WAN IP address such as exposed hosts and virtual private networks regardless of whether you have a fixed or dynamic IP address. • For load balancing mode, you may still need...Load Balancing or Auto Rollover). The WAN Mode section displays the currently configured WAN mode (for the resulting FQDN to the Internet v1.0, March 2009 2-15 Only those options that match the configured WAN Mode will display. Select Network Configuration from the primary menu and Dynamic DNS from the submenu. ProSafe VPN Firewall 200 FVX538...
FVX538 Reference Manual
Page 66
... interface in Load Balancing mode. This determines whether packets covered by this rule are logged. This is enabled, how the PCs will be done on the LAN interface for all the bandwidth of your local computers. Inbound Rules (Port Forwarding) Because the FVX538 uses Network... PC is assigned by DHCP, it matches or not. Bandwidth Limiting for consuming all WAN modes. This is to the Internet. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-2. Outbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in the LAN Groups menu ...
... interface in Load Balancing mode. This determines whether packets covered by this rule are logged. This is enabled, how the PCs will be done on the LAN interface for all the bandwidth of your local computers. Inbound Rules (Port Forwarding) Because the FVX538 uses Network... PC is assigned by DHCP, it matches or not. Bandwidth Limiting for consuming all WAN modes. This is to the Internet. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-2. Outbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in the LAN Groups menu ...
FVX538 Reference Manual
Page 68
...the available WAN interface in Load Balancing mode. Bandwidth Limiting will be done on the user-specified interface in the single port and Auto-Failover modes. Select the desired action: • Always - Your ISP may suspend your VPN firewall. Bandwidth Limiting for outbound traffic... your host. This is sent to the DMZ interface. If you to the Acceptable Use Policy of our internet link. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-3. Inbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in your account if...
...the available WAN interface in Load Balancing mode. Bandwidth Limiting will be done on the user-specified interface in the single port and Auto-Failover modes. Select the desired action: • Always - Your ISP may suspend your VPN firewall. Bandwidth Limiting for outbound traffic... your host. This is sent to the DMZ interface. If you to the Acceptable Use Policy of our internet link. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-3. Inbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in your account if...
FVX538 Reference Manual
Page 97
Click Edit in Load Balancing mode. • Bandwidth limiting does not apply to cancel any of the fields for limiting traffic, thus preventing...data is handled on the user-specified interface in the Action column opposite the rule you wish to the Port Triggering Rules table. Firewall Protection and Content Filtering v1.0, March 2009 4-37 To edit or modify a rule: 1. Click Reset to the DMZ interface. ... Edit Port Triggering Rule screen will appear in both the single port and Auto- Your changes will display. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual 6.
Click Edit in Load Balancing mode. • Bandwidth limiting does not apply to cancel any of the fields for limiting traffic, thus preventing...data is handled on the user-specified interface in the Action column opposite the rule you wish to the Port Triggering Rules table. Firewall Protection and Content Filtering v1.0, March 2009 4-37 To edit or modify a rule: 1. Click Reset to the DMZ interface. ... Edit Port Triggering Rule screen will appear in both the single port and Auto- Your changes will display. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual 6.
FVX538 Reference Manual
Page 98
... b. c. The Bandwidth Profile table lists the currently defined bandwidth profiles: 4-38 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual For example, when a new connection is deleted when all the connections...firewall rule corresponding to the connection. • If the rule has a bandwidth profile specification, then the device will create a bandwidth class in Kbps for the profile. WAN: Specify the WAN interface (if in Kbps for the profile. Maximum Bandwidth: Specify the maximum bandwidth value in Load Balancing...
... b. c. The Bandwidth Profile table lists the currently defined bandwidth profiles: 4-38 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual For example, when a new connection is deleted when all the connections...firewall rule corresponding to the connection. • If the rule has a bandwidth profile specification, then the device will create a bandwidth class in Kbps for the profile. WAN: Specify the WAN interface (if in Kbps for the profile. Maximum Bandwidth: Specify the maximum bandwidth value in Load Balancing...
FVX538 Reference Manual
Page 99
...someone on your LAN or DMZ; For example, your VPN firewall will display in case of Load Balancing mode for the profile. denied incoming and outgoing service requests; To edit a Bandwidth Profile: 1. c. d. Click Apply. ProSafe VPN Firewall 200 FVX538 Reference Manual • Name: Displays the user-defined ...following fields: a. e. hacker probes and Login attempts; Maximum Bandwidth: Specify the maximum bandwidth value in Kbps for the Load Balancing mode. Direction: Specify the direction for the profile. WAN: Specify WAN in the Bandwidth Profile table. Your modified profile...
...someone on your LAN or DMZ; For example, your VPN firewall will display in case of Load Balancing mode for the profile. denied incoming and outgoing service requests; To edit a Bandwidth Profile: 1. c. d. Click Apply. ProSafe VPN Firewall 200 FVX538 Reference Manual • Name: Displays the user-defined ...following fields: a. e. hacker probes and Login attempts; Maximum Bandwidth: Specify the maximum bandwidth value in Kbps for the Load Balancing mode. Direction: Specify the direction for the profile. WAN: Specify WAN in the Bandwidth Profile table. Your modified profile...
FVX538 Reference Manual
Page 105
... page B-10 for more on page 2-8. The use the virtual private networking (VPN) features of the VPN firewall. FQDN is mandatory when the WAN ports are in load balancing or rollover mode; Virtual Private Networking 5-1 v1.0, March 2009 For instructions on WAN mode configuration, see "Configuring ... 5-29 Considerations for Dual WAN Port Systems If both of the WAN ports of the VPN firewall are configured, you can enable either Auto-Rollover mode for increased system reliability or Load Balancing mode for Client and Gateway Configurations" on page 5-3 • "Testing the Connections and...
... page B-10 for more on page 2-8. The use the virtual private networking (VPN) features of the VPN firewall. FQDN is mandatory when the WAN ports are in load balancing or rollover mode; Virtual Private Networking 5-1 v1.0, March 2009 For instructions on WAN mode configuration, see "Configuring ... 5-29 Considerations for Dual WAN Port Systems If both of the WAN ports of the VPN firewall are configured, you can enable either Auto-Rollover mode for increased system reliability or Load Balancing mode for Client and Gateway Configurations" on page 5-3 • "Testing the Connections and...
FVX538 Reference Manual
Page 106
... Figure 5-1 WAN Load Balancing: FQDN Optional for VPN Firewall Rest of Firewall Functions Firewall WAN Port Functions Load Balancing Control Figure 5-2 WAN 1 Port WAN 2 Port Internet FQDN required for dynamic IP addresses FQDN optional for static IP addresses Table 5-1 summarizes the WAN addressing requirements (FQDN or IP address) for VPNs in either dual WAN mode. Table 5-1. ProSafe VPN Firewall 200 FVX538 Reference Manual The...
... Figure 5-1 WAN Load Balancing: FQDN Optional for VPN Firewall Rest of Firewall Functions Firewall WAN Port Functions Load Balancing Control Figure 5-2 WAN 1 Port WAN 2 Port Internet FQDN required for dynamic IP addresses FQDN optional for static IP addresses Table 5-1 summarizes the WAN addressing requirements (FQDN or IP address) for VPNs in either dual WAN mode. Table 5-1. ProSafe VPN Firewall 200 FVX538 Reference Manual The...
FVX538 Reference Manual
Page 143
...to low-peak times to prevent bottlenecks from occurring in the first place. Router and Network Management 6-1 v1.0, March 2009 Bandwidth Capacity The maximum bandwidth capacity of your ProSafe VPN Firewall 200. At 1.5 Mbps, the WAN ports will support the following sections: ...Router" on the traffic being carried, the WAN side of controlling the traffic through the VPN firewall so that the necessary traffic gets through when there is as follows: • LAN side: 1,800 Mbps (eight LAN ports at 100 Mbps each, plus one Gigabit LAN port) • WAN side: 200 Mbps (load balancing...
...to low-peak times to prevent bottlenecks from occurring in the first place. Router and Network Management 6-1 v1.0, March 2009 Bandwidth Capacity The maximum bandwidth capacity of your ProSafe VPN Firewall 200. At 1.5 Mbps, the WAN ports will support the following sections: ...Router" on the traffic being carried, the WAN side of controlling the traffic through the VPN firewall so that the necessary traffic gets through when there is as follows: • LAN side: 1,800 Mbps (eight LAN ports at 100 Mbps each, plus one Gigabit LAN port) • WAN side: 200 Mbps (load balancing...
FVX538 Reference Manual
Page 144
...is no backup in load balancing mode increases the ...loading. Warning: This feature is bound by schedule, otherwise Block As you define your LAN. - Single address: The rule will be applied to the following criteria: • LAN Users - ProSafe VPN Firewall 200 FVX538...VPN firewall. These settings determine which computers on your firewall rules, you have been sent on the failed WAN port gets diverted to the WAN port that is applied to a range of the VPN firewall that is for outbound traffic. VPN Firewall Features That Reduce Traffic Features of addresses. 6-2 Router...
...is no backup in load balancing mode increases the ...loading. Warning: This feature is bound by schedule, otherwise Block As you define your LAN. - Single address: The rule will be applied to the following criteria: • LAN Users - ProSafe VPN Firewall 200 FVX538...VPN firewall. These settings determine which computers on your firewall rules, you have been sent on the failed WAN port gets diverted to the WAN port that is applied to a range of the VPN firewall that is for outbound traffic. VPN Firewall Features That Reduce Traffic Features of addresses. 6-2 Router...
FVX538 Reference Manual
Page 187
... Need to Do Before You Begin The ProSafe VPN Firewall 200 is a powerful and versatile solution for Dual WAN Ports This appendix describes the factors to think through the following implications: Fully qualified domain name - b. Appendix B Network Planning for your networking needs. For load balancing mode, you begin: 1. For load balancing mode, you may need a fully qualified domain...
... Need to Do Before You Begin The ProSafe VPN Firewall 200 is a powerful and versatile solution for Dual WAN Ports This appendix describes the factors to think through the following implications: Fully qualified domain name - b. Appendix B Network Planning for your networking needs. For load balancing mode, you begin: 1. For load balancing mode, you may need a fully qualified domain...
FVX538 Reference Manual
Page 193
The Load Balancing Case for Firewalls With Dual WAN Ports Load balancing for Dual WAN Ports B-7 v1.0, March 2009 Each IP address is either ...IP addresses of each WAN port is fixed. Figure B-3 Network Planning for the dual WAN port case is static. ProSafe VPN Firewall 200 FVX538 Reference Manual The Roll-over , the IP address of the active WAN port always changes. Figure B-2 Features such...the IP address. Only one WAN port is active at a time and when it rolls over Case for Firewalls With Dual WAN Ports Rollover for the dual WAN port case is always required, even when the IP ...
The Load Balancing Case for Firewalls With Dual WAN Ports Load balancing for Dual WAN Ports B-7 v1.0, March 2009 Each IP address is either ...IP addresses of each WAN port is fixed. Figure B-3 Network Planning for the dual WAN port case is static. ProSafe VPN Firewall 200 FVX538 Reference Manual The Roll-over , the IP address of the active WAN port always changes. Figure B-2 Features such...the IP address. Only one WAN port is active at a time and when it rolls over Case for Firewalls With Dual WAN Ports Rollover for the dual WAN port case is always required, even when the IP ...