Hub and Spoke VPN network using the VPN Prosafe Client
Page 3
... name: BoxtoBox) - 1x Client-to-Box policy on the FVX538 to connect to the VPN clients (Policy name: LAN1toVPN) - 1x Manual VPN policy using the IKE policy used for the box-to-box connection to allow the VPN clients to connect to the LAN behind the FVS338 (Policy name: LAN2toClient) FVS338 - 1x...policy from the FVS338 to the FVX538 (Policy name: BoxtoBox) - 1x Manual VPN policy using the IKE policy used for the box-to-box connection to allow the FVS338 to connect to the VPN clients (Policy name: LAN2toClient) VPN Client - 1x Policy connecting to the Public address of the FVS338 specifying as...
... name: BoxtoBox) - 1x Client-to-Box policy on the FVX538 to connect to the VPN clients (Policy name: LAN1toVPN) - 1x Manual VPN policy using the IKE policy used for the box-to-box connection to allow the VPN clients to connect to the LAN behind the FVS338 (Policy name: LAN2toClient) FVS338 - 1x...policy from the FVS338 to the FVX538 (Policy name: BoxtoBox) - 1x Manual VPN policy using the IKE policy used for the box-to-box connection to allow the FVS338 to connect to the VPN clients (Policy name: LAN2toClient) VPN Client - 1x Policy connecting to the Public address of the FVS338 specifying as...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 6
... (Policy name: LAN2Client) Access the VPN Wizard via the VPN configuration page. In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP address to be the ... IKE Policy is set to BoxtoBox Click on Apply Version 1.0 In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP address to be the ...
... (Policy name: LAN2Client) Access the VPN Wizard via the VPN configuration page. In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP address to be the ... IKE Policy is set to BoxtoBox Click on Apply Version 1.0 In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP address to be the ...
Configuring a Hub-and-Spoke VPN Using the NETGEAR VPN Client
Page 2
... WAN2 IP address subnet: 255.255.255.0 • NETGEAR ProSafe VPN client, version 10.7.2 (Build 12) o IP address: 192.168.1.100 IP Address Requirements This configuration requires advanced IP address planning. You can create the IKE and VPN policies using the IKE policy created in the same client policy... behind FVX 538 #2. Create an IKE policy for VPN to address both Local Area Network #1 and Local Area Network #2 in Step 1. The VPN client policy needs to FVX538 #2. 2. Note: You can also create the IKE and VPN policies manually. The local IP subnet is the LAN subnet behind...
... WAN2 IP address subnet: 255.255.255.0 • NETGEAR ProSafe VPN client, version 10.7.2 (Build 12) o IP address: 192.168.1.100 IP Address Requirements This configuration requires advanced IP address planning. You can create the IKE and VPN policies using the IKE policy created in the same client policy... behind FVX 538 #2. Create an IKE policy for VPN to address both Local Area Network #1 and Local Area Network #2 in Step 1. The VPN client policy needs to FVX538 #2. 2. Note: You can also create the IKE and VPN policies manually. The local IP subnet is the LAN subnet behind...
FVX538v2 Installation Guide
Page 1
...Wait approximately 2 minutes until they power up a simple dual WAN port rollover configuration. Green indicates your network. 2. You are ready to restart your connection type. If connecting manually, click Apply to the Reference Manual for Internet Access Before you have the configuration parameters from... FVX538 ProSafe VPN Firewall 200 Reference Manual or the NETGEAR Knowledgebase at the bottom of inactivity, after several minutes, see the Troubleshooting section of your settings. A link to the manual is on how to do this, please refer to the modem and the WAN port,...
...Wait approximately 2 minutes until they power up a simple dual WAN port rollover configuration. Green indicates your network. 2. You are ready to restart your connection type. If connecting manually, click Apply to the Reference Manual for Internet Access Before you have the configuration parameters from... FVX538 ProSafe VPN Firewall 200 Reference Manual or the NETGEAR Knowledgebase at the bottom of inactivity, after several minutes, see the Troubleshooting section of your settings. A link to the manual is on how to do this, please refer to the modem and the WAN port,...
FVX538v2 Installation Guide
Page 2
... common problems you can be primary. All rights reserved. Now, Configure WAN Rollover Mode The dual WAN ports of the FVX538 ProSafe™ VPN Firewall 200 can use our telephone support service. refer to the manual is up after this. 4. Fill in accordance with the laws of ...are securely plugged in. • The WAN Link/Act light on the modems. Wait for selecting NETGEAR products. In this , please see the online FVX538 ProSafe VPN Firewall 200 Reference Manual; The minimum test period is four. The minimum number of NETGEAR, Inc., in this product should be configured...
... common problems you can be primary. All rights reserved. Now, Configure WAN Rollover Mode The dual WAN ports of the FVX538 ProSafe™ VPN Firewall 200 can use our telephone support service. refer to the manual is up after this. 4. Fill in accordance with the laws of ...are securely plugged in. • The WAN Link/Act light on the modems. Wait for selecting NETGEAR products. In this , please see the online FVX538 ProSafe VPN Firewall 200 Reference Manual; The minimum test period is four. The minimum number of NETGEAR, Inc., in this product should be configured...
FVX538v2 Product datasheet
Page 2
...100/1000 Mbps LAN port; VPN Functionality: Two hundred (200) dedicated VPN tunnels, Manual key and Internet Key Exchange ...- Advanced features include block Java/URL/ ActiveX based on WAN, PPPoE client support • Performance Features: - configuration...ProSafe™ VPN Firewall 200 NETGEAR Related Products • Accessories: - VPN01L and VPN05L ProSafe VPN Client Software - FVS124G ProSafe Gigabit VPN Firewall 25 - FVS338 ProSafe VPN Firewall 50 - WAG302 ProSafe Dual Band Access Point - NETGEAR, the NETGEAR logo, Connect with X.509 v.3 certificate support, remote access VPN...
...100/1000 Mbps LAN port; VPN Functionality: Two hundred (200) dedicated VPN tunnels, Manual key and Internet Key Exchange ...- Advanced features include block Java/URL/ ActiveX based on WAN, PPPoE client support • Performance Features: - configuration...ProSafe™ VPN Firewall 200 NETGEAR Related Products • Accessories: - VPN01L and VPN05L ProSafe VPN Client Software - FVS124G ProSafe Gigabit VPN Firewall 25 - FVS338 ProSafe VPN Firewall 50 - WAG302 ProSafe Dual Band Access Point - NETGEAR, the NETGEAR logo, Connect with X.509 v.3 certificate support, remote access VPN...
FVX538v2 Reference Manual
Page 1
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10062-10 v1.0 January 2010
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10062-10 v1.0 January 2010
FVX538v2 Reference Manual
Page 7
Contents ProSafe VPN Firewall 200 FVX538 Reference Manual About This Manual Conventions, Formats and Scope xiii How to Print This Manual xiv Revision History ...xiv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 A Powerful, True Firewall with Content Filtering 1-2 Security Features ...1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-4 Easy Installation and Management...
Contents ProSafe VPN Firewall 200 FVX538 Reference Manual About This Manual Conventions, Formats and Scope xiii How to Print This Manual xiv Revision History ...xiv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 A Powerful, True Firewall with Content Filtering 1-2 Security Features ...1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-4 Easy Installation and Management...
FVX538v2 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing 2-11 Configuring Dynamic DNS (Optional 2-14 Configuring the Advanced WAN Options (Optional 2-16 Additional WAN Related Configuration 2-17 Chapter 3 LAN Configuration Choosing the VPN Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-6 Viewing the Network Database 3-7 Adding Devices...
ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing 2-11 Configuring Dynamic DNS (Optional 2-14 Configuring the Advanced WAN Options (Optional 2-16 Additional WAN Related Configuration 2-17 Chapter 3 LAN Configuration Choosing the VPN Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Managing Groups and Hosts (LAN Groups 3-6 Creating the Network Database 3-6 Viewing the Network Database 3-7 Adding Devices...
FVX538v2 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Adding Customized Services 4-24 Specifying Quality of Service (QoS) Priorities 4-26 Creating Bandwidth Profiles 4-27 Setting a Schedule to Block ...Virtual Private Networking Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for Client and Gateway Configurations 5-3 Creating Gateway to Gateway VPN Tunnels with the Wizard 5-3 Creating a Client to Gateway VPN Tunnel 5-6 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 VPN Firewall VPN Connection Status and Logs ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Adding Customized Services 4-24 Specifying Quality of Service (QoS) Priorities 4-26 Creating Bandwidth Profiles 4-27 Setting a Schedule to Block ...Virtual Private Networking Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for Client and Gateway Configurations 5-3 Creating Gateway to Gateway VPN Tunnels with the Wizard 5-3 Creating a Client to Gateway VPN Tunnel 5-6 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 VPN Firewall VPN Connection Status and Logs ...
FVX538v2 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Keepalives and Dead Peer Detection 5-42 Configuring Keepalives 5-42 Configuring Dead Peer Detection 5-43 Configuring NetBIOS Bridging with VPN 5-44 Chapter 6 VPN Firewall and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 VPN Firewall...the VPN Firewall Configuration and System Status 6-30 Monitoring VPN Firewall Statistics 6-31 Monitoring WAN Ports Status 6-32 Monitoring Attached Devices 6-33 Monitoring VPN Tunnel Connection Status 6-34 Viewing the VPN ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Keepalives and Dead Peer Detection 5-42 Configuring Keepalives 5-42 Configuring Dead Peer Detection 5-43 Configuring NetBIOS Bridging with VPN 5-44 Chapter 6 VPN Firewall and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 VPN Firewall...the VPN Firewall Configuration and System Status 6-30 Monitoring VPN Firewall Statistics 6-31 Monitoring WAN Ports Status 6-32 Monitoring Attached Devices 6-33 Monitoring VPN Tunnel Connection Status 6-34 Viewing the VPN ...
FVX538v2 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Power LED Not On 7-2 LEDs Never Turn Off 7-2 LAN or Internet Port LEDs Not On 7-2 Troubleshooting the Web Configuration Interface 7-3 Troubleshooting the ISP Connection 7-4 Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your VPN Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the...
ProSafe VPN Firewall 200 FVX538 Reference Manual Power LED Not On 7-2 LEDs Never Turn Off 7-2 LAN or Internet Port LEDs Not On 7-2 Troubleshooting the Web Configuration Interface 7-3 Troubleshooting the ISP Connection 7-4 Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your VPN Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the...
FVX538v2 Reference Manual
Page 12
ProSafe VPN Firewall 200 FVX538 Reference Manual Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall Restart ...C-3 IPSec Restart ...C-4 WAN Status ...C-4 Web Filtering and Content Filtering Logs C-7 Traffic Metering Logs C-9 Unicast Logs ...C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-14 LAN to DMZ Logs...
ProSafe VPN Firewall 200 FVX538 Reference Manual Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall Restart ...C-3 IPSec Restart ...C-4 WAN Status ...C-4 Web Filtering and Content Filtering Logs C-7 Traffic Metering Logs C-9 Unicast Logs ...C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-14 LAN to DMZ Logs...
FVX538v2 Reference Manual
Page 13
...warning. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment. This manual uses the following formats to highlight a procedure that will save time or resources. Failure to take heed of this notice may result in this manual is used to ...a malfunction or damage to install, configure and troubleshoot the ProSafe VPN Firewall 200. Conventions, Formats and Scope The conventions, formats, and scope of this type of importance or special interest. Warning: Ignoring this manual are described in personal injury or death. xiii v1.0,...
...warning. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment. This manual uses the following formats to highlight a procedure that will save time or resources. Failure to take heed of this notice may result in this manual is used to ...a malfunction or damage to install, configure and troubleshoot the ProSafe VPN Firewall 200. Conventions, Formats and Scope The conventions, formats, and scope of this type of importance or special interest. Warning: Ignoring this manual are described in personal injury or death. xiii v1.0,...
FVX538v2 Reference Manual
Page 14
... paper and printer ink by selecting this feature. Product Version Manual Publication Date ProSafe VPN Firewall 200 January 2010 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in order to Appendix C Mar. 08 Maintenance release xiv About This Manual v1.0, January 2010 Note: Product updates are available on the...
... paper and printer ink by selecting this feature. Product Version Manual Publication Date ProSafe VPN Firewall 200 January 2010 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in order to Appendix C Mar. 08 Maintenance release xiv About This Manual v1.0, January 2010 Note: Product updates are available on the...
FVX538v2 Reference Manual
Page 15
ProSafe VPN Firewall 200 FVX538 Reference Manual 202-10062-09 1.0 202-10062-10 1.0 Mar. 09 January 2010 Adds these corrections and topics for the March 2009 firmware maintenance release: • WIKID 2 factor authentication • SIP ALG support • DHCP Relay support • Update VPN configuration procedure...DNS submenu (see "Configuring Dynamic DNS (Optional)"). • Support for an address range for inbound LAN rules on the Add LAN WAN Inbound Service screen (see "Inbound Rules (Port Forwarding)" and "Inbound Rules Examples"). • Support for more clarity. • ...
ProSafe VPN Firewall 200 FVX538 Reference Manual 202-10062-09 1.0 202-10062-10 1.0 Mar. 09 January 2010 Adds these corrections and topics for the March 2009 firmware maintenance release: • WIKID 2 factor authentication • SIP ALG support • DHCP Relay support • Update VPN configuration procedure...DNS submenu (see "Configuring Dynamic DNS (Optional)"). • Support for an address range for inbound LAN rules on the Add LAN WAN Inbound Service screen (see "Inbound Rules (Port Forwarding)" and "Inbound Rules Examples"). • Support for more clarity. • ...
FVX538v2 Reference Manual
Page 16
xvi About This Manual v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual 202-10062-10 1.0 (continued) January 2010 (continued) • Updated the LAN Multi-homing screen (Figure 3-4) and revised the "Configuring Multi Home LAN IP ... RIP Configuration screen (Figure 3-8). • Revised the "Viewing Rules and Order of Precedence for Rules" section and updated the LAN WAN Rules screen (Figure 4-2). • Updated the Add LAN WAN Inbound Service screen (Figure 4-3), related screens in the "Inbound Rules Examples" section, and the Inbound Rules table (Table 4-3) to ...
xvi About This Manual v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual 202-10062-10 1.0 (continued) January 2010 (continued) • Updated the LAN Multi-homing screen (Figure 3-4) and revised the "Configuring Multi Home LAN IP ... RIP Configuration screen (Figure 3-8). • Revised the "Viewing Rules and Order of Precedence for Rules" section and updated the LAN WAN Rules screen (Figure 4-2). • Updated the Add LAN WAN Inbound Service screen (Figure 4-3), related screens in the "Inbound Rules Examples" section, and the Inbound Rules table (Table 4-3) to ...
FVX538v2 Reference Manual
Page 18
...See "Network Planning for the planning factors to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • One console port for local management. • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for ...configured on page B-1 for Dual WAN Ports" on a mutually-exclusive basis to: • Provide backup and rollover if one line is a true firewall, using stateful packet inspection to consider when implementing the following capabilities with dual WAN port gateways: • Single...
...See "Network Planning for the planning factors to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • One console port for local management. • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for ...configured on page B-1 for Dual WAN Ports" on a mutually-exclusive basis to: • Provide backup and rollover if one line is a true firewall, using stateful packet inspection to consider when implementing the following capabilities with dual WAN port gateways: • Single...
FVX538v2 Reference Manual
Page 19
...a response to worry about crossover cables, as described in this traffic, you can configure the VPN firewall to log and report attempts to a switch or hub. Both the LAN and WAN interfaces are discarded, preventing users outside the LAN from directly accessing the PCs on the LAN, ... local network. The FVX538 will automatically sense whether the Ethernet cable plugged into the port should have configured an inbound rule. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. You can have it forwarded to one of cable to specific PCs based on your network....
...a response to worry about crossover cables, as described in this traffic, you can configure the VPN firewall to log and report attempts to a switch or hub. Both the LAN and WAN interfaces are discarded, preventing users outside the LAN from directly accessing the PCs on the LAN, ... local network. The FVX538 will automatically sense whether the Ethernet cable plugged into the port should have configured an inbound rule. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. You can have it forwarded to one of cable to specific PCs based on your network....
FVX538v2 Reference Manual
Page 20
...need to run a login program such as a DNS server to the Internet over Ethernet (PPPoE). The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the network. When DHCP is enabled and no DNS addresses are interoperable with other VPNC-..., gateway, and domain name server (DNS) addresses, to ensure the VPN tunnels are specified, the VPN firewall provides its own address as EnterNet or WinPOET on your PC. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The FVX538 supports the Transmission Control Protocol/Internet Protocol ...
...need to run a login program such as a DNS server to the Internet over Ethernet (PPPoE). The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the network. When DHCP is enabled and no DNS addresses are interoperable with other VPNC-..., gateway, and domain name server (DNS) addresses, to ensure the VPN tunnels are specified, the VPN firewall provides its own address as EnterNet or WinPOET on your PC. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The FVX538 supports the Transmission Control Protocol/Internet Protocol ...