FVX538 Reference Manual
Page 7
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the...
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
... a NAT Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing B-20 Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall Restart ...C-3 ... Load Balancing B-13 VPN Gateway-to-Gateway B-14 VPN Gateway-to -Gateway B-11 VPN Road Warrior: Single Gateway WAN Port (Reference Case B-12 VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic...
... a NAT Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing B-20 Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall Restart ...C-3 ... Load Balancing B-13 VPN Gateway-to-Gateway B-14 VPN Gateway-to -Gateway B-11 VPN Road Warrior: Single Gateway WAN Port (Reference Case B-12 VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic...
FVX538 Reference Manual
Page 17
...200 simultaneous IPSec VPN tunnels. • Support for up to the Internet through an external access device such as a cable modem or DSL modem. This chapter contains the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-5 • "Router... support. Introduction 1-1 v1.0, March 2009 Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of -day, Website addresses and address keywords. The FVX538 is a plug-and-play device that protects your local area ...
...200 simultaneous IPSec VPN tunnels. • Support for up to the Internet through an external access device such as a cable modem or DSL modem. This chapter contains the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-5 • "Router... support. Introduction 1-1 v1.0, March 2009 Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of -day, Website addresses and address keywords. The FVX538 is a plug-and-play device that protects your local area ...
FVX538 Reference Manual
Page 18
...gateways: • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of status and activity. • Flash memory for ... of either 10 Mbps or 100 Mbps. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive ...
...gateways: • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of status and activity. • Flash memory for ... of either 10 Mbps or 100 Mbps. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive ...
FVX538 Reference Manual
Page 20
...VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the VPN tunnels are specified, the firewall...documentation is enabled and no DNS addresses are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. PPPoE is a protocol for connecting remote... any type of ISP account. • VPN Wizard. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP...
...VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the VPN tunnels are specified, the firewall...documentation is enabled and no DNS addresses are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. PPPoE is a protocol for connecting remote... any type of ISP account. • VPN Wizard. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP...
FVX538 Reference Manual
Page 22
... Ports and LEDs Two RJ-45 WAN ports N-way automatic speed negotiation, Auto MDI/MDIX. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5...link. 1-6 Introduction v1.0, March 2009 Object Descriptions Object Activity Description 1. Writing to Flash memory (during upgrading or resetting to the firewall. 2. Active LED On (Green) On (Amber) Off The WAN port has a valid Internet connection. The WAN port is...
... Ports and LEDs Two RJ-45 WAN ports N-way automatic speed negotiation, Auto MDI/MDIX. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5...link. 1-6 Introduction v1.0, March 2009 Object Descriptions Object Activity Description 1. Writing to Flash memory (during upgrading or resetting to the firewall. 2. Active LED On (Green) On (Amber) Off The WAN port has a valid Internet connection. The WAN port is...
FVX538 Reference Manual
Page 25
ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • ...User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password for...
ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • ...User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password for...
FVX538 Reference Manual
Page 29
... PPPoE PPTP DHCP (Dynamic IP) Fixed (Static) IP Data Required Login (Username, Password); and related data supplied by your Router's MAC address (see "Setting the Router's MAC Address" on page 2-4). 3. Click WAN Status at the top right of the screen to the Internet 2-3 v1.0,... Detect does not find a connection, you will be prompted to check the physical connection between your firewall and the cable or DSL line or to check your ISP. ProSafe VPN Firewall 200 FVX538 Reference Manual When Auto Detect successfully detects an active Internet service, it reports which connection type it ...
... PPPoE PPTP DHCP (Dynamic IP) Fixed (Static) IP Data Required Login (Username, Password); and related data supplied by your Router's MAC address (see "Setting the Router's MAC Address" on page 2-4). 3. Click WAN Status at the top right of the screen to the Internet 2-3 v1.0,... Detect does not find a connection, you will be prompted to check the physical connection between your firewall and the cable or DSL line or to check your ISP. ProSafe VPN Firewall 200 FVX538 Reference Manual When Auto Detect successfully detects an active Internet service, it reports which connection type it ...
FVX538 Reference Manual
Page 30
... (If Needed)" on the WAN1 ISP Settings and WAN2 ISP Settings screen (see Figure 2-1). Otherwise, select No. 2-4 Connecting the FVX538 to the Internet through the Advanced options on page 2-17). This is also referred to a Ping from your configuration automatically via DHCP...you need the configuration parameters from the Internet, use the Rules menu (Figure 4-2 on your router manually. The configure the WAN2 ISP settings: 1. Set up the traffic meter for WAN 1 ISP if desired. ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Set up the traffic meter for WAN2 ISP.
... (If Needed)" on the WAN1 ISP Settings and WAN2 ISP Settings screen (see Figure 2-1). Otherwise, select No. 2-4 Connecting the FVX538 to the Internet through the Advanced options on page 2-17). This is also referred to a Ping from your configuration automatically via DHCP...you need the configuration parameters from the Internet, use the Rules menu (Figure 4-2 on your router manually. The configure the WAN2 ISP settings: 1. Set up the traffic meter for WAN 1 ISP if desired. ProSafe VPN Firewall 200 FVX538 Reference Manual 4. Set up the traffic meter for WAN2 ISP.
FVX538 Reference Manual
Page 31
... Idle Timeout: Select Keep Connected, to the Internet 2-5 v1.0, March 2009 Connecting the FVX538 to keep the connection always on the connection that require data entry will identify the router to wait before disconnecting, in the timeout field. What type of IPS connection do you ... as WinPoET or Enternet, then your ISP. To logout after the connection is usually provided by your ISP, or your network administrator. ProSafe VPN Firewall 200 FVX538 Reference Manual 2. Then, fill in . - Domain Name: Your domain name or workgroup name assigned by the ISP or your ISPs ...
... Idle Timeout: Select Keep Connected, to the Internet 2-5 v1.0, March 2009 Connecting the FVX538 to keep the connection always on the connection that require data entry will identify the router to wait before disconnecting, in the timeout field. What type of IPS connection do you ... as WinPoET or Enternet, then your ISP. To logout after the connection is usually provided by your ISP, or your network administrator. ProSafe VPN Firewall 200 FVX538 Reference Manual 2. Then, fill in . - Domain Name: Your domain name or workgroup name assigned by the ISP or your ISPs ...
FVX538 Reference Manual
Page 32
...automatically assign an IP address to the previous settings. 7. Repeat steps 1 through 7 above. ProSafe VPN Firewall 200 FVX538 Reference Manual If your ISP has assigned DNS addresses, select the Use these DNS Servers radio ...will display. 2. To configure your ISP has not assigned any changes and revert to the router using DHCP network protocol. 4. From the primary menu, select Monitoring, and then select ... to look at traffic types over a period of time or if you want to the NETGEAR Web site. Programming the Traffic Meter (if Desired) The traffic meter is useful when an...
...automatically assign an IP address to the previous settings. 7. Repeat steps 1 through 7 above. ProSafe VPN Firewall 200 FVX538 Reference Manual If your ISP has assigned DNS addresses, select the Use these DNS Servers radio ...will display. 2. To configure your ISP has not assigned any changes and revert to the router using DHCP network protocol. 4. From the primary menu, select Monitoring, and then select ... to look at traffic types over a period of time or if you want to the NETGEAR Web site. Programming the Traffic Meter (if Desired) The traffic meter is useful when an...
FVX538 Reference Manual
Page 33
... to each wan interface. • No Limit - Note: Both incoming and outgoing traffic are included in the limit. Connecting the FVX538 to apply the settings. If this if your ISP charges for additional traffic. the entire configuration is reached. If enabled, enter the... repeat steps 1 through the Router's WAN1 or WAN2 port. Click Reset to return to set the Traffic Meter the the WAN2 port. If this if you wish to record the volume of Internet traffic passing through 3 to the previous settings. 3. Table 2-2. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-3 2.
... to each wan interface. • No Limit - Note: Both incoming and outgoing traffic are included in the limit. Connecting the FVX538 to apply the settings. If this if your ISP charges for additional traffic. the entire configuration is reached. If enabled, enter the... repeat steps 1 through the Router's WAN1 or WAN2 port. Click Reset to return to set the Traffic Meter the the WAN2 port. If this if you wish to record the volume of Internet traffic passing through 3 to the previous settings. 3. Table 2-2. ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-3 2.
FVX538 Reference Manual
Page 35
... to you, and you have a single Internet IP address, you MUST use any incoming data. - NAT is only a single device (the Router) and a single IP address. To gain Internet access, each PC, you can use NAT. Otherwise, selecting this method will not allow Internet ...and these addresses to each PC on a specific WAN interface. From the Internet, there is the default setting. • Classical Routing. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to use Classical Routing for routing private IP addresses within a campus environment. Ensure that the backup WAN port has...
... to you, and you have a single Internet IP address, you MUST use any incoming data. - NAT is only a single device (the Router) and a single IP address. To gain Internet access, each PC, you can use NAT. Otherwise, selecting this method will not allow Internet ...and these addresses to each PC on a specific WAN interface. From the Internet, there is the default setting. • Classical Routing. ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to use Classical Routing for routing private IP addresses within a campus environment. Ensure that the backup WAN port has...
FVX538 Reference Manual
Page 36
... the WAN Failure Detection Method to check the connection of the primary link at regular intervals to detect router status. ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is sent periodically after every test period. For each WAN interface, DNS queries or Ping requests are not received, the ...seconds. In this case, DNS queries are sent to this mode from the pull-down . Link failure is 30 seconds. 2-10 Connecting the FVX538 to Your ISPs" on page 2-2). • DNS lookup using this server through the WAN interface being monitored. 5. Queries are sent to the...
... the WAN Failure Detection Method to check the connection of the primary link at regular intervals to detect router status. ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is sent periodically after every test period. For each WAN interface, DNS queries or Ping requests are not received, the ...seconds. In this case, DNS queries are sent to this mode from the pull-down . Link failure is 30 seconds. 2-10 Connecting the FVX538 to Your ISPs" on page 2-2). • DNS lookup using this server through the WAN interface being monitored. 5. Queries are sent to the...
FVX538 Reference Manual
Page 38
...and to the low speed link. High volume traffic can be used to segregate traffic between links that are bound to WAN2, then the router will carry data for the protocols that all other traffic goes out the other port is needed). The WAN1 Protocol Bindings screen will be ...is to the Internet v1.0, March 2009 Note: NETGEAR recommends that are not of the same speed. The only way to make certain traffic goes out one port and all specific traffic (for example, HTTP) be routed through the WAN2 port. ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing To use ...
...and to the low speed link. High volume traffic can be used to segregate traffic between links that are bound to WAN2, then the router will carry data for the protocols that all other traffic goes out the other port is needed). The WAN1 Protocol Bindings screen will be ...is to the Internet v1.0, March 2009 Note: NETGEAR recommends that are not of the same speed. The only way to make certain traffic goes out one port and all specific traffic (for example, HTTP) be routed through the WAN2 port. ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing To use ...
FVX538 Reference Manual
Page 40
... your IP address by others on this network can register a domain name and have that allows routers with a DDNS provider such as DynDNS.org, TZO.com, or Oray.net. (Links to the Internet v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-6 3. Modify the parameters for your Internet account uses a dynamically assigned IP address...
... your IP address by others on this network can register a domain name and have that allows routers with a DDNS provider such as DynDNS.org, TZO.com, or Oray.net. (Links to the Internet v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-6 3. Modify the parameters for your Internet account uses a dynamically assigned IP address...
FVX538 Reference Manual
Page 44
.... ProSafe VPN Firewall 200 FVX538 Reference Manual • Port Speed - The default is the default. The format for the MAC address is also referred to manually select the port speed. If you cannot establish an Internet connection and the Internet LED blinks continuously, you may have the router use... then select either uppercase or lowercase letters A-F). otherwise, select 10M. Use the half-duplex settings unless you need full duplex. • Router's MAC Address - Use this Computer's MAC address to the Internet v1.0, March 2009 If you select Use This MAC Address and then ...
.... ProSafe VPN Firewall 200 FVX538 Reference Manual • Port Speed - The default is the default. The format for the MAC address is also referred to manually select the port speed. If you cannot establish an Internet connection and the Internet LED blinks continuously, you may have the router use... then select either uppercase or lowercase letters A-F). otherwise, select 10M. Use the half-duplex settings unless you need full duplex. • Router's MAC Address - Use this Computer's MAC address to the Internet v1.0, March 2009 If you select Use This MAC Address and then ...
FVX538 Reference Manual
Page 46
... is on the local subnet. The default values are advanced settings most users and situations. If you have to the router and the router, in Auto Rollover mode. All DHCP clients will receive the Primary/Secondary DNS IP along with route diversity and failover....IP addresses of the active connection. Configuring the LAN Setup Options The LAN IP Setup menu allows configuration of lease). ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you entered a WINS server address in the DHCP Setup menu...
... is on the local subnet. The default values are advanced settings most users and situations. If you have to the router and the router, in Auto Rollover mode. All DHCP clients will receive the Primary/Secondary DNS IP along with route diversity and failover....IP addresses of the active connection. Configuring the LAN Setup Options The LAN IP Setup menu allows configuration of lease). ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you entered a WINS server address in the DHCP Setup menu...