FVX538 Reference Manual
Page 7
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the Traffic...
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the Traffic...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service...Secure Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service...Secure Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions ...7-1 Power LED Not On 7-1 LEDs Never Turn Off 7-2 LAN or Internet Port LEDs Not On 7-2 Troubleshooting the ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions ...7-1 Power LED Not On 7-1 LEDs Never Turn Off 7-2 LAN or Internet Port LEDs Not On 7-2 Troubleshooting the ...
FVX538 Reference Manual
Page 12
...: Dual Gateway WAN Ports for Improved Reliability ........ B-14 VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability B-15 VPN Gateway-to -Gateway B-11 VPN Road Warrior: Single Gateway WAN Port (Reference Case B-12 VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN...
...: Dual Gateway WAN Ports for Improved Reliability ........ B-14 VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability B-15 VPN Gateway-to -Gateway B-11 VPN Road Warrior: Single Gateway WAN Port (Reference Case B-12 VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN...
FVX538 Reference Manual
Page 13
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
FVX538 Reference Manual
Page 19
... will accommodate either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. NAT opens a temporary path to the correct configuration. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. The FVX538 will automatically sense whether the Ethernet cable plugged into the port should have it forwarded to maintain security, as Auto Uplink will...
... will accommodate either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. NAT opens a temporary path to the correct configuration. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. The FVX538 will automatically sense whether the Ethernet cable plugged into the port should have it forwarded to maintain security, as Auto Uplink will...
FVX538 Reference Manual
Page 20
...VPN routers and clients. • SNMP. Browser-based configuration allows you only for the information required for MIB2. 1-4 Introduction v1.0, March 2009 The SNMP system configuration lets you monitor and manage log resources from the LAN. • PPP over a DSL connection by DHCP. The VPN firewall... • VPN Wizard. The VPN firewall automatically senses the type of Internet connection, asking you to attached PCs on your Internet service provider (ISP). ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the ...
...VPN routers and clients. • SNMP. Browser-based configuration allows you only for the information required for MIB2. 1-4 Introduction v1.0, March 2009 The SNMP system configuration lets you monitor and manage log resources from the LAN. • PPP over a DSL connection by DHCP. The VPN firewall... • VPN Wizard. The VPN firewall automatically senses the type of Internet connection, asking you to attached PCs on your Internet service provider (ISP). ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the ...
FVX538 Reference Manual
Page 25
... 1-5 Once the login screen displays, enter admin for the User Name and the password for Password. ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 ... reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Introduction 1-9 v1.0, March 2009
... 1-5 Once the login screen displays, enter admin for the User Name and the password for Password. ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 ... reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Introduction 1-9 v1.0, March 2009
FVX538 Reference Manual
Page 27
... management at this time so that you are covered in Appendix D, "Related Documents. Connect to the VPN firewall: 1. Chapter 2 Connecting the FVX538 to the Internet This chapter includes these topics: • "Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. If you...
... management at this time so that you are covered in Appendix D, "Related Documents. Connect to the VPN firewall: 1. Chapter 2 Connecting the FVX538 to the Internet This chapter includes these topics: • "Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. If you...
FVX538 Reference Manual
Page 28
... configure the WAN ports and connect to automatically detect the type of the screen to the Internet: 1. Figure 2-1 2. ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the Internet Connections to Your ISPs You should display when you log in. (If the screen does not display, select the primary menu option Network Configuration and the sub-menu... connections to the Internet v1.0, March 2009 The WAN1 ISP Settings screen similar to the one that your ISP will most likely support. 2-2 Connecting the FVX538 to your ISPs on WAN port 1, and then configure WAN port 2 second.
... configure the WAN ports and connect to automatically detect the type of the screen to the Internet: 1. Figure 2-1 2. ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the Internet Connections to Your ISPs You should display when you log in. (If the screen does not display, select the primary menu option Network Configuration and the sub-menu... connections to the Internet v1.0, March 2009 The WAN1 ISP Settings screen similar to the one that your ISP will most likely support. 2-2 Connecting the FVX538 to your ISPs on WAN port 1, and then configure WAN port 2 second.
FVX538 Reference Manual
Page 31
... your ISP has not assigned any other ISP that require data entry will identify the router to wait before disconnecting in the timeout field. 3. Domain Name: Your domain name or... the number of minutes to keep the connection always on the connection that you have logged in the following highlighted fields: - Idle Timeout: Check the Keep Connected radio box ...for the PPPoE connection - b. This is usually provided by the ISP or your ISP). ProSafe VPN Firewall 200 FVX538 Reference Manual 2. This will be highlighted, based on . Subnet Mask: This is usually provided...
... your ISP has not assigned any other ISP that require data entry will identify the router to wait before disconnecting in the timeout field. 3. Domain Name: Your domain name or... the number of minutes to keep the connection always on the connection that you have logged in the following highlighted fields: - Idle Timeout: Check the Keep Connected radio box ...for the PPPoE connection - b. This is usually provided by the ISP or your ISP). ProSafe VPN Firewall 200 FVX538 Reference Manual 2. This will be highlighted, based on . Subnet Mask: This is usually provided...
FVX538 Reference Manual
Page 34
...the time fields and select AM or PM and the day of the ProSafe VPN Firewall 200 can be allowed. Fill in order for maximum bandwidth efficiency). • Auto-Rollover Mode. The volume of Event Logs and Alerts" on Internet Traffic via the WAN port. before restarting ... counters are not available. In this mode, the selected WAN interface is at a specific time and day of the Specific Time month. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. Check the checkbox and enter the desired increase. (The checkbox will be blocked. • Block all traffic - ...
...the time fields and select AM or PM and the day of the ProSafe VPN Firewall 200 can be allowed. Fill in order for maximum bandwidth efficiency). • Auto-Rollover Mode. The volume of Event Logs and Alerts" on Internet Traffic via the WAN port. before restarting ... counters are not available. In this mode, the selected WAN interface is at a specific time and day of the Specific Time month. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 2-2. Check the checkbox and enter the desired increase. (The checkbox will be blocked. • Block all traffic - ...
FVX538 Reference Manual
Page 37
... occurs, an alert will be generated (see "E-Mail Notifications of Event Logs and Alerts" on the original primary WAN interface by reapplying the Auto-Rollover settings in the WAN Port Mode menu. Connecting the FVX538 to save your settings. 8. The Failover default is 2 minutes (a 30...39). The rollover link is considered down after this. The WAN interface is brought up after the configured number of 4 tests). 7. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-4 6. Click Reset to revert to roll over after the primary WAN interface fails is 4 failures. Enter the ...
... occurs, an alert will be generated (see "E-Mail Notifications of Event Logs and Alerts" on the original primary WAN interface by reapplying the Auto-Rollover settings in the WAN Port Mode menu. Connecting the FVX538 to save your settings. 8. The Failover default is 2 minutes (a 30...39). The rollover link is considered down after this. The WAN interface is brought up after the configured number of 4 tests). 7. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-4 6. Click Reset to revert to roll over after the primary WAN interface fails is 4 failures. Enter the ...
FVX538 Reference Manual
Page 41
ProSafe VPN Firewall 200 FVX538 Reference Manual IP address will display. The WAN Mode section displays the ... the need a fully qualified domain name (FQDN) to the Internet v1.0, March 2009 2-15 Connecting the FVX538 to implement features such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private ...for convenience or if you have configured your account information in the firewall, whenever your ISP-assigned IP address changes, your firewall will automatically contact your DDNS service provider, log in to your account, and register your new IP address. ...
ProSafe VPN Firewall 200 FVX538 Reference Manual IP address will display. The WAN Mode section displays the ... the need a fully qualified domain name (FQDN) to the Internet v1.0, March 2009 2-15 Connecting the FVX538 to implement features such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private ...for convenience or if you have configured your account information in the firewall, whenever your ISP-assigned IP address changes, your firewall will automatically contact your DDNS service provider, log in to your account, and register your new IP address. ...
FVX538 Reference Manual
Page 42
...In the Host and Domain Name field, enter the entire FQDN name that your dynamic DNS service provider gave you when logging into your DDNS account. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-7 2. Access the Web site of one of the Dynamic DNS Service you may check the Use... wildcards radio box to activate this feature. 2-16 Connecting the FVX538 to identify you (for your DDNS account. b. Click the tab...
...In the Host and Domain Name field, enter the entire FQDN name that your dynamic DNS service provider gave you when logging into your DDNS account. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-7 2. Access the Web site of one of the Dynamic DNS Service you may check the Use... wildcards radio box to activate this feature. 2-16 Connecting the FVX538 to identify you (for your DDNS account. b. Click the tab...
FVX538 Reference Manual
Page 43
...this is rarely required, and should not be aliased to the same IP address as yourhost.dyndns.org 5. ProSafe VPN Firewall 200 FVX538 Reference Manual For example, the wildcard feature will display. Connecting the FVX538 to the previous settings. Figure 2-8 3. Click Reset to return to the Internet v1.0, March 2009 2-17... *.yourhost.dyndns.org to be done unless you have to access the WAN1 Advanced Options screen. If you haven't already, log in to the firewall at the default LAN address of http://192.168.1.1, default user name of admin, and default password of password (or whatever...
...this is rarely required, and should not be aliased to the same IP address as yourhost.dyndns.org 5. ProSafe VPN Firewall 200 FVX538 Reference Manual For example, the wildcard feature will display. Connecting the FVX538 to the previous settings. Figure 2-8 3. Click Reset to return to the Internet v1.0, March 2009 2-17... *.yourhost.dyndns.org to be done unless you have to access the WAN1 Advanced Options screen. If you haven't already, log in to the firewall at the default LAN address of http://192.168.1.1, default user name of admin, and default password of password (or whatever...
FVX538 Reference Manual
Page 48
... must enter http://10.0.0.1 in LAN TCP/IP Setup section). For example, if you change the LAN IP address of the router (the IP Address in your network. ProSafe VPN Firewall 200 FVX538 Reference Manual b. Any new DHCP client joining the LAN will provide its own LAN IP address as the LAN TCP/IP address...open a new connection to clients. This box can specify the Windows NetBios Server IP if one is specified, the VPN firewall will be leased to the new IP address and log in the same "network" as the primary DNS server IP address. This is optional-the default is the default ending...
... must enter http://10.0.0.1 in LAN TCP/IP Setup section). For example, if you change the LAN IP address of the router (the IP Address in your network. ProSafe VPN Firewall 200 FVX538 Reference Manual b. Any new DHCP client joining the LAN will provide its own LAN IP address as the LAN TCP/IP address...open a new connection to clients. This box can specify the Windows NetBios Server IP if one is specified, the VPN firewall will be leased to the new IP address and log in the same "network" as the primary DNS server IP address. This is optional-the default is the default ending...
FVX538 Reference Manual
Page 61
...Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network. Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe VPN Firewall 200 to protect your network ...Bandwidth Limiting" on page 4-37 • "E-Mail Notifications of Event Logs and Alerts" on page 4-39 • "Administrator Tips" on page 4-43 About Firewall Protection and Content Filtering The ProSafe VPN Firewall 200 provides you with a hacker intrusion or attack, and for controlling the ...
...Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network. Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe VPN Firewall 200 to protect your network ...Bandwidth Limiting" on page 4-37 • "E-Mail Notifications of Event Logs and Alerts" on page 4-39 • "Administrator Tips" on page 4-43 About Firewall Protection and Content Filtering The ProSafe VPN Firewall 200 provides you with a hacker intrusion or attack, and for controlling the ...
FVX538 Reference Manual
Page 66
... is useful when debugging your host. The limiting will be done on page 3-9. 4-6 Firewall Protection and Content Filtering v1.0, March 2009 Outbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in Load Balancing mode. Select the desired action: ... always log traffic considered by this , use the Reserved IP address feature in the single port and Auto-Failover modes. Whether or not DHCP is enabled, how the PCs will not apply to the Internet. To avoid this rule are logged. ProSafe VPN Firewall 200 FVX538 Reference Manual...
... is useful when debugging your host. The limiting will be done on page 3-9. 4-6 Firewall Protection and Content Filtering v1.0, March 2009 Outbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in Load Balancing mode. Select the desired action: ... always log traffic considered by this , use the Reserved IP address feature in the single port and Auto-Failover modes. Whether or not DHCP is enabled, how the PCs will not apply to the Internet. To avoid this rule are logged. ProSafe VPN Firewall 200 FVX538 Reference Manual...
FVX538 Reference Manual
Page 68
... Remember that are unsure, refer to run any active services at your location. Inbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in the single port and Auto-Failover modes. It is to provide a solution for ... be done on the server application security and invoke the user password or privilege levels, if provided. 4-8 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-3. The purpose of your rules. • Never - Note: Some residential broadband ISP ...
... Remember that are unsure, refer to run any active services at your location. Inbound Rules (continued) Item Bandwidth Profile Log Description Bandwidth Limiting determines the way in the single port and Auto-Failover modes. It is to provide a solution for ... be done on the server application security and invoke the user password or privilege levels, if provided. 4-8 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Table 4-3. The purpose of your rules. • Never - Note: Some residential broadband ISP ...