FVX538 Reference Manual
Page 1
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
FVX538 Reference Manual
Page 2
...TV technician for example, test transmitters) in the operating instructions. NETGEAR does not assume any liability that to the use or application of Microsoft Corporation. However, there is no guarantee that the ProSafe VPN Firewall 200 has been suppressed in accordance with the conditions set out in... accordance with the regulations may, however, be determined by turning the equipment off and on, the user is verified by NETGEAR, Inc. Das vorschriftsmäß...
...TV technician for example, test transmitters) in the operating instructions. NETGEAR does not assume any liability that to the use or application of Microsoft Corporation. However, there is no guarantee that the ProSafe VPN Firewall 200 has been suppressed in accordance with the conditions set out in... accordance with the regulations may, however, be determined by turning the equipment off and on, the user is verified by NETGEAR, Inc. Das vorschriftsmäß...
FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS)... Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS)... Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
...VPN Telecommuter (Client-to-Gateway Through a NAT Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing B-20 Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall... B-13 VPN Gateway-to-Gateway B-14 VPN Gateway-to -Gateway B-11 VPN Road Warrior: Single Gateway WAN Port (Reference Case B-12 VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual...
...VPN Telecommuter (Client-to-Gateway Through a NAT Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing B-20 Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall... B-13 VPN Gateway-to-Gateway B-14 VPN Gateway-to -Gateway B-11 VPN Road Warrior: Single Gateway WAN Port (Reference Case B-12 VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual...
FVX538 Reference Manual
Page 13
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
FVX538 Reference Manual
Page 14
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
FVX538 Reference Manual
Page 15
... computer and Internet skills. The information in this type of this manual are described in a malfunction or damage to install, configure and troubleshoot the ProSafe VPN Firewall 200. Conventions, Formats and Scope The conventions, formats, and scope of note may result in the following typographical conventions: Italics Bold Fixed italics Emphasis, ...server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment.
... computer and Internet skills. The information in this type of this manual are described in a malfunction or damage to install, configure and troubleshoot the ProSafe VPN Firewall 200. Conventions, Formats and Scope The conventions, formats, and scope of note may result in the following typographical conventions: Italics Bold Fixed italics Emphasis, ...server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment.
FVX538 Reference Manual
Page 16
... topic xvi About This Manual v1.0, March 2009 Session Limits; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Dead Peer Detection; Note: Updates to the NETGEAR website in personal injury or death. Bandwidth Limits; For more information about network, Internet, firewall, and VPN technologies, see the links to this notice may result in Appendix...
... topic xvi About This Manual v1.0, March 2009 Session Limits; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Dead Peer Detection; Note: Updates to the NETGEAR website in personal injury or death. Bandwidth Limits; For more information about network, Internet, firewall, and VPN technologies, see the links to this notice may result in Appendix...
FVX538 Reference Manual
Page 17
...DSL modem. Introduction 1-1 v1.0, March 2009 For example, the FVX538 provides support for Stateful Packet Inspection, Denial of -day, Website addresses and address keywords. Chapter 1 Introduction The ProSafe VPN Firewall 200 with eight 10/100 ports and one 1/100/1000 port ...Router's IP Address, Login Name, and Password" on time-of Service (DoS) attack protection and multi-NAT support. The FVX538 is a plug-and-play device that protects your local area network (LAN) to 400 internal LAN users (and 50K connections). • Bundled with the 5-user license of the NETGEAR ProSafe VPN...
...DSL modem. Introduction 1-1 v1.0, March 2009 For example, the FVX538 provides support for Stateful Packet Inspection, Denial of -day, Website addresses and address keywords. Chapter 1 Introduction The ProSafe VPN Firewall 200 with eight 10/100 ports and one 1/100/1000 port ...Router's IP Address, Login Name, and Password" on time-of Service (DoS) attack protection and multi-NAT support. The FVX538 is a plug-and-play device that protects your local area network (LAN) to 400 internal LAN users (and 50K connections). • Bundled with the 5-user license of the NETGEAR ProSafe VPN...
FVX538 Reference Manual
Page 18
ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability. ... • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of status and activity. • Flash memory...
ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability. ... • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of status and activity. • Flash memory...
FVX538 Reference Manual
Page 19
... the local network. Autosensing Ethernet Connections with Auto Uplink With its URL keyword filtering feature, the FVX538 prevents objectionable content from the Internet is normally discarded by NAT. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. The firewall incorporates Auto UplinkTM technology. Introduction 1-3 v1.0, March 2009 You can specify forwarding of single ports or...
... the local network. Autosensing Ethernet Connections with Auto Uplink With its URL keyword filtering feature, the FVX538 prevents objectionable content from the Internet is normally discarded by NAT. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. The firewall incorporates Auto UplinkTM technology. Introduction 1-3 v1.0, March 2009 You can specify forwarding of single ports or...
FVX538 Reference Manual
Page 20
... VPNC-compliant VPN routers and clients. • SNMP. The VPN firewall supports the Simple Network Management Protocol (SNMP) to easily configure your firewall from an SNMP... operate the ProSafe VPN Firewall 200 within minutes after connecting it to the Internet over Ethernet (PPPoE). The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according ...assigned by DHCP. The VPN firewall allows several networked PCs to the attached PCs. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control ...
... VPNC-compliant VPN routers and clients. • SNMP. The VPN firewall supports the Simple Network Management Protocol (SNMP) to easily configure your firewall from an SNMP... operate the ProSafe VPN Firewall 200 within minutes after connecting it to the Internet over Ethernet (PPPoE). The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according ...assigned by DHCP. The VPN firewall allows several networked PCs to the attached PCs. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control ...
FVX538 Reference Manual
Page 21
... to return the firewall for repair. Maintenance and Support NETGEAR offers the following items: • ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 ProSafe VPN Firewall 200 • Resource CD, including: - Application Notes and other helpful information. - ProSafe VPN Client Software - The firewall incorporates built-in...
... to return the firewall for repair. Maintenance and Support NETGEAR offers the following items: • ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 ProSafe VPN Firewall 200 • Resource CD, including: - Application Notes and other helpful information. - ProSafe VPN Client Software - The firewall incorporates built-in...
FVX538 Reference Manual
Page 22
Power is being used because the port is operating at 10 Mbps. Writing to Flash memory (during upgrading or resetting to the firewall. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes each item on...
Power is being used because the port is operating at 10 Mbps. Writing to Flash memory (during upgrading or resetting to the firewall. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes each item on...
FVX538 Reference Manual
Page 23
... (Green) Off Port for connecting to an optional console terminal. The LAN port has no link. Default baud rate Port is operating at 10 Mbps. 6. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. The LAN port is 115.2K; Console DB9 male connector Port for the factory defaults). The LAN port is operating as a normal...
... (Green) Off Port for connecting to an optional console terminal. The LAN port has no link. Default baud rate Port is operating at 10 Mbps. 6. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. The LAN port is 115.2K; Console DB9 male connector Port for the factory defaults). The LAN port is operating as a normal...
FVX538 Reference Manual
Page 24
ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. Figure 1-3 1-8 v1.0, March 2009 Introduction AC power in Figure 1-3). On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2.
ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. Figure 1-3 1-8 v1.0, March 2009 Introduction AC power in Figure 1-3). On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2.
FVX538 Reference Manual
Page 25
ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • ...User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password for...
ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • ...User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password for...