FVG318 Reference Manual
Page 10
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes 8-5 Configuring RIP ...8-6 Static Route Example 8-7 Enabling Remote Management Access 8-8 SNMP Administration 8-10 Enabling Universal Plug and Play (UPnP 8-12 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On 9-1 LEDs Never Turn Off 9-2 LAN or Internet Port LEDs Not On 9-2 Troubleshooting the Web Configuration Interface 9-2 Troubleshooting the ISP Connection 9-3 Troubleshooting...
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes 8-5 Configuring RIP ...8-6 Static Route Example 8-7 Enabling Remote Management Access 8-8 SNMP Administration 8-10 Enabling Universal Plug and Play (UPnP 8-12 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On 9-1 LEDs Never Turn Off 9-2 LAN or Internet Port LEDs Not On 9-2 Troubleshooting the Web Configuration Interface 9-2 Troubleshooting the ISP Connection 9-3 Troubleshooting...
FVG318 Reference Manual
Page 17
... FVG318 allows Internet access for Denial of the NETGEAR® ProSafe 802.11g Wireless VPN Firewall, Model FVG318. In addition to NAT, the built-in eight-port 10/100 Mbps switch. • Ethernet connection to a WAN device, such as a cable modem or DSL modem and provides 802.11b/g wireless LAN connectivity. Unlike simple Internet sharing firewalls that protects your local area network (LAN) to the Internet...
... FVG318 allows Internet access for Denial of the NETGEAR® ProSafe 802.11g Wireless VPN Firewall, Model FVG318. In addition to NAT, the built-in eight-port 10/100 Mbps switch. • Ethernet connection to a WAN device, such as a cable modem or DSL modem and provides 802.11b/g wireless LAN connectivity. Unlike simple Internet sharing firewalls that protects your local area network (LAN) to the Internet...
FVG318 Reference Manual
Page 20
... hosts to share an Internet account using the Dynamic Host Configuration Protocol (DHCP). The firewall obtains actual DNS addresses from...8226; DNS Proxy. The firewall allows you can choose a nonstandard port number. • Visual monitoring. The VPN firewall dynamically assigns network configuration ...firewall incorporates built-in diagnostic functions such as a DNS server to the network. For security, you can install, configure, and operate the ProSafe 802.11g Wireless VPN Firewall within minutes after connecting it to the attached PCs. ProSafe 802.11g Wireless VPN Firewall FVG318...
... hosts to share an Internet account using the Dynamic Host Configuration Protocol (DHCP). The firewall obtains actual DNS addresses from...8226; DNS Proxy. The firewall allows you can choose a nonstandard port number. • Visual monitoring. The VPN firewall dynamically assigns network configuration ...firewall incorporates built-in diagnostic functions such as a DNS server to the network. For security, you can install, configure, and operate the ProSafe 802.11g Wireless VPN Firewall within minutes after connecting it to the attached PCs. ProSafe 802.11g Wireless VPN Firewall FVG318...
FVG318 Reference Manual
Page 22
... the LEDs on . The Local port is initializing. The wireless interface is on the front panel of the firewall. These LEDs are green when lit. The wireless interface is off. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual You can use some of the VPN firewall contains the port connections listed below. LED Descriptions LED Label PWR TEST INTERNET 100 (100 Mbps) LINK/ACT (Link...
... the LEDs on . The Local port is initializing. The wireless interface is on the front panel of the firewall. These LEDs are green when lit. The wireless interface is off. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual You can use some of the VPN firewall contains the port connections listed below. LED Descriptions LED Label PWR TEST INTERNET 100 (100 Mbps) LINK/ACT (Link...
FVG318 Reference Manual
Page 36
... also enter the address of the FVG318 and wireless computer must be set to save your network in securely and the modem and VPN firewall router are some tips for correcting simple problems you prefer to the modem is plugged in the correct sequence. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Select the Use Custom NTP Servers if you may...
... also enter the address of the FVG318 and wireless computer must be set to save your network in securely and the modem and VPN firewall router are some tips for correcting simple problems you prefer to the modem is plugged in the correct sequence. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Select the Use Custom NTP Servers if you may...
FVG318 Reference Manual
Page 66
... Acceptable Use Policy of inbound rules: 4-6 Firewall Protection and Content Filtering v1.0, September 2007 The rule tells the firewall to direct inbound traffic for your network. The parameters are : - You can select Any, a Single address, or a Range unless NAT is enabled and the destination is shown in the start box. • Log. Never - ProSafe 802.11g Wireless VPN Firewall FVG318...
... Acceptable Use Policy of inbound rules: 4-6 Firewall Protection and Content Filtering v1.0, September 2007 The rule tells the firewall to direct inbound traffic for your network. The parameters are : - You can select Any, a Single address, or a Range unless NAT is enabled and the destination is shown in the start box. • Log. Never - ProSafe 802.11g Wireless VPN Firewall FVG318...
FVG318 Reference Manual
Page 68
... to access the server using the Dynamic DNS feature in the Advanced menus so that external users can always find your ISP, the IP address may change periodically as the DHCP lease expires. This is called service blocking or port filtering. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Considerations for ... outbound rule to block that application from a local PC based on your network. You can define an outbound rule to block Internet access from any internal IP address to any external address according to the schedule that you have created in Local Public Web Server...
... to access the server using the Dynamic DNS feature in the Advanced menus so that external users can always find your ISP, the IP address may change periodically as the DHCP lease expires. This is called service blocking or port filtering. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Considerations for ... outbound rule to block that application from a local PC based on your network. You can define an outbound rule to block Internet access from any internal IP address to any external address according to the schedule that you have created in Local Public Web Server...
FVG318 Reference Manual
Page 70
...Port Number checkbox and type 2000 in the Port field. Select the port number checkbox and enter a port number ONLY if the server is listening on the default port 23, then the box can have configured an inbound rule. The DMZ Server screen is used for setting up a firewall... you have it is listening on a port other applications that PC's IP address is entered as ftp, ssh, telnet, ping, etc. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Default DMZ Server Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to ...
...Port Number checkbox and type 2000 in the Port field. Select the port number checkbox and enter a port number ONLY if the server is listening on the default port 23, then the box can have configured an inbound rule. The DMZ Server screen is used for setting up a firewall... you have it is listening on a port other applications that PC's IP address is entered as ftp, ssh, telnet, ping, etc. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Default DMZ Server Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to ...
FVG318 Reference Manual
Page 71
...screen allows you to specify if the router should be disabled at other times to prevent hackers from the LAN and WAN networks. This setting is enabled, the router will drop all invalid TCP packets and be used as the Default DMZ Server, it...check this box. The various types of the firewall, and is recommended that you want to port scans from the Internet. If this option is enabled, the router will not respond to enable. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . If this option is enabled, the router will display. 2. To access the Attack Check...
...screen allows you to specify if the router should be disabled at other times to prevent hackers from the LAN and WAN networks. This setting is enabled, the router will drop all invalid TCP packets and be used as the Default DMZ Server, it...check this box. The various types of the firewall, and is recommended that you want to port scans from the Internet. If this option is enabled, the router will not respond to enable. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . If this option is enabled, the router will display. 2. To access the Attack Check...
FVG318 Reference Manual
Page 72
... the authors of this router is used by a service or port number. Although the FVG318 already holds a list of services that can usually be enabled. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Attack Check Type Description VPN Pass through IPSec/PPTP/L2TPa Typically, the router is connected to another VPN endpoint on the WAN (placing this router in between two VPN end points), all...
... the authors of this router is used by a service or port number. Although the FVG318 already holds a list of services that can usually be enabled. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Attack Check Type Description VPN Pass through IPSec/PPTP/L2TPa Typically, the router is connected to another VPN endpoint on the WAN (placing this router in between two VPN end points), all...
FVG318 Reference Manual
Page 81
...a single PC? • Will either endpoint use FVG318s on the WAN port, configure the VPN using FDQN. When planning your VPN tunnels? - Otherwise, the side using VPNC defaults (see Chapter 6, "Advanced Virtual ...NETGEAR VPN-enabled firewalls is configured on each endpoint with a dynamic IP address to initiate or respond to connect branch or home offices and business partners over the Internet. Parameters recommended by a range of the tunnel to network resources across the Internet. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN between the two VPN...
...a single PC? • Will either endpoint use FVG318s on the WAN port, configure the VPN using FDQN. When planning your VPN tunnels? - Otherwise, the side using VPNC defaults (see Chapter 6, "Advanced Virtual ...NETGEAR VPN-enabled firewalls is configured on each endpoint with a dynamic IP address to initiate or respond to connect branch or home offices and business partners over the Internet. Parameters recommended by a range of the tunnel to network resources across the Internet. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN between the two VPN...
FVG318 Reference Manual
Page 115
... for configuring Gateway A. Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. The IKE Phase 1 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode...VPN that uses a preshared secret for authentication. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 1: Gateway-to-Gateway with no kilobytes rekeying • Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4 subnets Advanced Virtual Private Networking 6-9 v1.0, September 2007 Gateway B's WAN (Internet...
... for configuring Gateway A. Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. The IKE Phase 1 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode...VPN that uses a preshared secret for authentication. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 1: Gateway-to-Gateway with no kilobytes rekeying • Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4 subnets Advanced Virtual Private Networking 6-9 v1.0, September 2007 Gateway B's WAN (Internet...
FVG318 Reference Manual
Page 116
... as seen in Figure 6-5 Note: FVG318 FVG318 Figure 6-5 Use this scenario illustration and configuration screens as in to the FVG318 labeled Gateway A as a model to build your configuration. 1. Configure the WAN (Internet) and LAN IP addresses of password, or using whatever password and LAN address you have chosen. 2. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual FVG318 Gateway A to access the WAN ISP...
... as seen in Figure 6-5 Note: FVG318 FVG318 Figure 6-5 Use this scenario illustration and configuration screens as in to the FVG318 labeled Gateway A as a model to build your configuration. 1. Configure the WAN (Internet) and LAN IP addresses of password, or using whatever password and LAN address you have chosen. 2. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual FVG318 Gateway A to access the WAN ISP...
FVG318 Reference Manual
Page 120
... click OK. 3. To view the FVG318 event log and status of Gateway B. To test connectivity between the FVG318 Gateway A and Gateway B WAN ports, follow these steps: a. To test connectivity to the WAN interface of the FVG318 and go to VPN > IPSec Connection Status to run this... back from timed out to the FVG318 on LAN A, on a Windows PC click the Start button on the Internet WAN port by checking the check box. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To test the Gateway A FVG318 LAN and the Gateway B LAN connection: 1. Using our example, from timed out to...
... click OK. 3. To view the FVG318 event log and status of Gateway B. To test connectivity between the FVG318 Gateway A and Gateway B WAN ports, follow these steps: a. To test connectivity to the WAN interface of the FVG318 and go to VPN > IPSec Connection Status to run this... back from timed out to the FVG318 on LAN A, on a Windows PC click the Start button on the Internet WAN port by checking the check box. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To test the Gateway A FVG318 LAN and the Gateway B LAN connection: 1. Using our example, from timed out to...
FVG318 Reference Manual
Page 126
.... Indicates if the WAN port is NETGEAR. DNS server IP address of the WAN port (if not assigned, it will be the same as the primary DNS server). Secondary DNS server IP address of the WAN port. These parameters apply to ...router is up or down. The protocol on the WAN port used to the Internet (WAN) port of the wireless access point. The firewall firmware version. This field can show DHCP Client, Fixed IP, PPPoE, BPA or PPTP. For example, if set to Client, the firewall is shown, the firewall cannot connect to the firewall. ProSafe 802.11g Wireless VPN Firewall FVG318...
.... Indicates if the WAN port is NETGEAR. DNS server IP address of the WAN port (if not assigned, it will be the same as the primary DNS server). Secondary DNS server IP address of the WAN port. These parameters apply to ...router is up or down. The protocol on the WAN port used to the Internet (WAN) port of the wireless access point. The firewall firmware version. This field can show DHCP Client, Fixed IP, PPPoE, BPA or PPTP. For example, if set to Client, the firewall is shown, the firewall cannot connect to the firewall. ProSafe 802.11g Wireless VPN Firewall FVG318...
FVG318 Reference Manual
Page 139
... interface to as few external IP addresses as practical. • To allow access from any common service port. Note: For enhanced security, restrict access to a custom port by entering that number in the box provided. Click Apply to define the allowed range. • To...4. Choose a number between 1024 and 65535, but do not use the number of any IP address on the Internet, select Everyone. • To allow access from a range of IP addresses on the Internet, select Only this PC. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 8-6 2. Enter a beginning and ending IP ...
... interface to as few external IP addresses as practical. • To allow access from any common service port. Note: For enhanced security, restrict access to a custom port by entering that number in the box provided. Click Apply to define the allowed range. • To...4. Choose a number between 1024 and 65535, but do not use the number of any IP address on the Internet, select Everyone. • To allow access from a range of IP addresses on the Internet, select Only this PC. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 8-6 2. Enter a beginning and ending IP ...
FVG318 Reference Manual
Page 143
... 30 seconds, verify that: a. The TEST LED is lit. The Internet port LED is not lit. If a LAN port is connected to your ProSafe 802.11g Wireless VPN Firewall. If the port is green. Power LED Not On If the Power and other LEDs are off when your firewall is turned on: • Make sure that the power cord is... properly connected to a 100 Mbps device, verify that the port's LED is 10 Mbps, the LED will be green. The LAN port LEDs are using the 12 V DC power adapter supplied by NETGEAR for any of these...
... 30 seconds, verify that: a. The TEST LED is lit. The Internet port LED is not lit. If a LAN port is connected to your ProSafe 802.11g Wireless VPN Firewall. If the port is green. Power LED Not On If the Power and other LEDs are off when your firewall is turned on: • Make sure that the power cord is... properly connected to a 100 Mbps device, verify that the port's LED is 10 Mbps, the LED will be green. The LAN port LEDs are using the 12 V DC power adapter supplied by NETGEAR for any of these...
FVG318 Reference Manual
Page 144
...• Cycle the power to see if the firewall recovers. • Clear the firewall's configuration to factory defaults. If the error persists, you are using the correct cable: When connecting the firewall's Internet port to a cable or DSL modem, use the cable that power is turned on briefly and .... If all LEDs are still on page 9-6. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turn off. LAN or Internet Port LEDs Not On If either the LAN LEDs or Internet LED do not light when the Ethernet connection is...
...• Cycle the power to see if the firewall recovers. • Clear the firewall's configuration to factory defaults. If the error persists, you are using the correct cable: When connecting the firewall's Internet port to a cable or DSL modem, use the cable that power is turned on briefly and .... If all LEDs are still on page 9-6. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turn off. LAN or Internet Port LEDs Not On If either the LAN LEDs or Internet LED do not light when the Ethernet connection is...
FVG318 Reference Manual
Page 145
...using the Web Configuration Manager. Troubleshooting 9-3 v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: If your PC's IP address is in this information. These auto-generated addresses are in "Restoring the Default Configuration and Password" on page 9-6. • Make sure your IP address is shown as http://www.netgear...reach a DHCP server. Make sure that an IP address is shown for the WAN Port If 0.0.0.0 is explained in the range of the firewall's configuration at http://192.168.0.1 3. Under the Maintenance heading, select Router Status 4.
...using the Web Configuration Manager. Troubleshooting 9-3 v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: If your PC's IP address is in this information. These auto-generated addresses are in "Restoring the Default Configuration and Password" on page 9-6. • Make sure your IP address is shown as http://www.netgear...reach a DHCP server. Make sure that an IP address is shown for the WAN Port If 0.0.0.0 is explained in the range of the firewall's configuration at http://192.168.0.1 3. Under the Maintenance heading, select Router Status 4.
FVG318 Reference Manual
Page 147
... follow the instructions in your PC or workstation. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to your firewall is set up correctly. Testing the LAN Path to... Your Firewall You can ping the firewall from a PC running Windows 95 or later: 1. Click on . In the field provided, type ping followed by using the ping utility in "LAN or Internet Port LEDs Not On...
... follow the instructions in your PC or workstation. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to your firewall is set up correctly. Testing the LAN Path to... Your Firewall You can ping the firewall from a PC running Windows 95 or later: 1. Click on . In the field provided, type ping followed by using the ping utility in "LAN or Internet Port LEDs Not On...