FVG318 Reference Manual
Page 8
...Content Filtering Firewall Protection and Content Filtering Overview 4-1 Block Sites ...4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-4 Inbound Rules (Port Forwarding 4-6 Outbound Rules (Service Blocking 4-8 Order of Precedence for Rules 4-9 Default DMZ Server 4-10 Attack Checks ...4-11 Services ...4-12 Using a Schedule to Block or Allow Specific Traffic 4-13 Getting E-Mail Notifications of Firewall Logs 4-14 Chapter 5 Basic Virtual Private Networking Overview of VPN Configuration 5-2 Client-to-Gateway VPN Tunnels 5-2 Gateway-to-Gateway VPN Tunnels 5-2 Planning a VPN...
...Content Filtering Firewall Protection and Content Filtering Overview 4-1 Block Sites ...4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-4 Inbound Rules (Port Forwarding 4-6 Outbound Rules (Service Blocking 4-8 Order of Precedence for Rules 4-9 Default DMZ Server 4-10 Attack Checks ...4-11 Services ...4-12 Using a Schedule to Block or Allow Specific Traffic 4-13 Getting E-Mail Notifications of Firewall Logs 4-14 Chapter 5 Basic Virtual Private Networking Overview of VPN Configuration 5-2 Client-to-Gateway VPN Tunnels 5-2 Gateway-to-Gateway VPN Tunnels 5-2 Planning a VPN...
FVG318 Reference Manual
Page 10
......8-6 Static Route Example 8-7 Enabling Remote Management Access 8-8 SNMP Administration 8-10 Enabling Universal Plug and Play (UPnP 8-12 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On 9-1 LEDs Never Turn Off 9-2 LAN or Internet Port LEDs Not On 9-2 Troubleshooting the Web Configuration Interface 9-2 Troubleshooting the ISP Connection 9-3 Troubleshooting a TCP/IP Network Using a Ping Utility 9-5 Testing the LAN Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-6 Problems with Date...
......8-6 Static Route Example 8-7 Enabling Remote Management Access 8-8 SNMP Administration 8-10 Enabling Universal Plug and Play (UPnP 8-12 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On 9-1 LEDs Never Turn Off 9-2 LAN or Internet Port LEDs Not On 9-2 Troubleshooting the Web Configuration Interface 9-2 Troubleshooting the ISP Connection 9-3 Troubleshooting a TCP/IP Network Using a Ping Utility 9-5 Testing the LAN Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-6 Problems with Date...
FVG318 Reference Manual
Page 17
... external access device such as a cable modem or DSL modem. • Extensive protocol support. • Flash memory for firmware upgrade. 1-1 v1.0, September 2007 Key Features of the VPN Firewall Router The ProSafe 802.11g Wireless VPN Firewall with multiple Web content filtering options, plus browsing activity reporting and instant alerts-both via e-mail. Chapter 1 Introduction This chapter describes the features of -day, Web site addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 users. The VPN firewall provides...
... external access device such as a cable modem or DSL modem. • Extensive protocol support. • Flash memory for firmware upgrade. 1-1 v1.0, September 2007 Key Features of the VPN Firewall Router The ProSafe 802.11g Wireless VPN Firewall with multiple Web content filtering options, plus browsing activity reporting and instant alerts-both via e-mail. Chapter 1 Introduction This chapter describes the features of -day, Web site addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 users. The VPN firewall provides...
FVG318 Reference Manual
Page 19
... LAN from directly accessing the PCs on the LAN. • Port Forwarding with NAT. You can connect to either type of ports. For further information about crossover cables, as described in this section. • PCs Hidden by screening for requests originating from reaching your PCs. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318 logs security events such as to a switch or hub. You can configure the firewall to log...
... LAN from directly accessing the PCs on the LAN. • Port Forwarding with NAT. You can connect to either type of ports. For further information about crossover cables, as described in this section. • PCs Hidden by screening for requests originating from reaching your PCs. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318 logs security events such as to a switch or hub. You can configure the firewall to log...
FVG318 Reference Manual
Page 20
...features simplify installation and management tasks: • Browser-based management. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Address Sharing by your Internet service provider (ISP). The VPN firewall dynamically assigns network configuration information, including IP, gateway, and Domain Name Server (DNS) addresses, to -Point Protocol over a DSL connection by DHCP. A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS addresses are specified, the firewall provides its status and activity. 1-4 Introduction...
...features simplify installation and management tasks: • Browser-based management. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Address Sharing by your Internet service provider (ISP). The VPN firewall dynamically assigns network configuration information, including IP, gateway, and Domain Name Server (DNS) addresses, to -Point Protocol over a DSL connection by DHCP. A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS addresses are specified, the firewall provides its status and activity. 1-4 Introduction...
FVG318 Reference Manual
Page 25
... these instructions to set up the VPN firewall router, be sure to use the computer you set up the firewall on your LAN, connect to the Internet, perform basic configuration of your ProSafe 802.11g Wireless VPN Firewall using the Setup Wizard, or how to manually configure your Internet connection. Installing Your FVG318 • For Cable Modem Service: When you first registered with your cable modem service provider. • For DSL Service: You may need information such as the DSL login name and password...
... these instructions to set up the VPN firewall router, be sure to use the computer you set up the firewall on your LAN, connect to the Internet, perform basic configuration of your ProSafe 802.11g Wireless VPN Firewall using the Setup Wizard, or how to manually configure your Internet connection. Installing Your FVG318 • For Cable Modem Service: When you first registered with your cable modem service provider. • For DSL Service: You may need information such as the DSL login name and password...
FVG318 Reference Manual
Page 30
.... Note: You might want to enable remote management at the bottom of the WAN ISP Settings screen. Remote management enable is active. A message will automatically attempt to the Internet v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 4. See "Enabling Remote Management Access" on the WAN ISP screen. Click Auto Detect at this time so that the Internet connection is cleared with a factory default reset. 2-6 Connecting the Firewall to detect your connection type. Select Network Configuration. The WAN ISP Settings screen will display. Figure...
.... Note: You might want to enable remote management at the bottom of the WAN ISP Settings screen. Remote management enable is active. A message will automatically attempt to the Internet v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 4. See "Enabling Remote Management Access" on the WAN ISP screen. Click Auto Detect at this time so that the Internet connection is cleared with a factory default reset. 2-6 Connecting the Firewall to detect your connection type. Select Network Configuration. The WAN ISP Settings screen will display. Figure...
FVG318 Reference Manual
Page 31
... Wireless VPN Firewall FVG318 Reference Manual Note: When you enable remote management, we strongly advise that you change your ISP). For example, if your router detected a PPPoE or PPPoA service, you must provide the fixed addresses for the procedure on how to the Internet 2-7 v1.0, September 2007 option based on page 7-6 for Static IP. Login. See "Changing the Administrator Password" on the type of data you will need to the Internet, select Yes. Login (Username, Password). Internet...
... Wireless VPN Firewall FVG318 Reference Manual Note: When you enable remote management, we strongly advise that you change your ISP). For example, if your router detected a PPPoE or PPPoA service, you must provide the fixed addresses for the procedure on how to the Internet 2-7 v1.0, September 2007 option based on page 7-6 for Static IP. Login. See "Changing the Administrator Password" on the type of data you will need to the Internet, select Yes. Login (Username, Password). Internet...
FVG318 Reference Manual
Page 46
... default LAN address of http://192.168.0.1 with the access point must match the SSID configured in Appendix B. 6. The SSID for the wireless network name (SSID). Select a channel that is NETGEAR. Once you can enable security settings appropriate to your VPN firewall router. It should not be necessary to change the wireless channel unless you will not get a wireless connection to the FVG318. 5. Set the Regulatory Domain correctly. 4. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Setting...
... default LAN address of http://192.168.0.1 with the access point must match the SSID configured in Appendix B. 6. The SSID for the wireless network name (SSID). Select a channel that is NETGEAR. Once you can enable security settings appropriate to your VPN firewall router. It should not be necessary to change the wireless channel unless you will not get a wireless connection to the FVG318. 5. Set the Regulatory Domain correctly. 4. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Setting...
FVG318 Reference Manual
Page 47
..., or security settings, you click on MAC addresses, follow these steps: 1. For initial configuration and test, leave the Wireless Card Access List set to "All Wireless Stations" and the Encryption Strength set to save your computer to the VPN firewall router, then you configured in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of your changes. Click Apply to "Disable." 8. Figure 3-4 Configuring Wireless Connectivity 3-9 v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 7. Program...
..., or security settings, you click on MAC addresses, follow these steps: 1. For initial configuration and test, leave the Wireless Card Access List set to "All Wireless Stations" and the Encryption Strength set to save your computer to the VPN firewall router, then you configured in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of your changes. Click Apply to "Disable." 8. Figure 3-4 Configuring Wireless Connectivity 3-9 v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 7. Program...
FVG318 Reference Manual
Page 48
... MAC address and click Add to select it, then click Delete. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of available wireless cards the FVG318 has discovered in your wireless adapter to match the new wireless settings or access the VPN firewall router from the table, click to Trusted List. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. You can manually enter the MAC address. • Add a wireless station manually be entering the device MAC Address...
... MAC address and click Add to select it, then click Delete. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of available wireless cards the FVG318 has discovered in your wireless adapter to match the new wireless settings or access the VPN firewall router from the table, click to Trusted List. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. You can manually enter the MAC address. • Add a wireless station manually be entering the device MAC Address...
FVG318 Reference Manual
Page 70
... by the rule. 6. For example, if a machine on the DMZ side is running a telnet server on port 2000, then select the Translate to save your settings. 4-10 Firewall Protection and Content Filtering v1.0, September 2007 From the WAN Users pull-down menu, select the service to allow or block. When the DMZ WAN Rules screen displays, click Add. 3. Click Apply to Port Number checkbox and type 2000 in the list can be a Default DMZ server: 1. In some...
... by the rule. 6. For example, if a machine on the DMZ side is running a telnet server on port 2000, then select the Translate to save your settings. 4-10 Firewall Protection and Content Filtering v1.0, September 2007 From the WAN Users pull-down menu, select the service to allow or block. When the DMZ WAN Rules screen displays, click Add. 3. Click Apply to Port Number checkbox and type 2000 in the list can be a Default DMZ server: 1. In some...
FVG318 Reference Manual
Page 72
... example, a packet that connects to the list for other players' moves. This information can pass through must determine which port number or range of the application. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Attack Check Type Description VPN Pass through NAT, the packets become invalid. When you are functions performed by a service or port number. The Services screen will be sent to the Remote VPN Gateway are typically chosen from user groups of tunnel...
... example, a packet that connects to the list for other players' moves. This information can pass through must determine which port number or range of the application. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Attack Check Type Description VPN Pass through NAT, the packets become invalid. When you are functions performed by a service or port number. The Services screen will be sent to the Remote VPN Gateway are typically chosen from user groups of tunnel...
FVG318 Reference Manual
Page 81
... DHCP addressing, where the IP address of the WAN port can change from time to configure your VPN, you use Fully Qualified Domain Names (FQDNs)? FQDNs supplied by a range of IP addresses), or a single PC? • Will the remote end be any device on the WAN port, configure the VPN using VPNC defaults (see Chapter 6, "Advanced Virtual Private Networking") Table 5-1. When DynDNS is a good way to network resources across the Internet. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN...
... DHCP addressing, where the IP address of the WAN port can change from time to configure your VPN, you use Fully Qualified Domain Names (FQDNs)? FQDNs supplied by a range of IP addresses), or a single PC? • Will the remote end be any device on the WAN port, configure the VPN using VPNC defaults (see Chapter 6, "Advanced Virtual Private Networking") Table 5-1. When DynDNS is a good way to network resources across the Internet. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN...
FVG318 Reference Manual
Page 116
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual FVG318 Gateway A to access the WAN ISP Settings menu. 6-10 Advanced Virtual Private Networking v1.0, September 2007 Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of the FVG318. Configure the WAN (Internet) and LAN IP addresses of password, or using whatever password and LAN address you have chosen. 2. a. You can verify this scenario illustration and configuration screens as seen in the...
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual FVG318 Gateway A to access the WAN ISP Settings menu. 6-10 Advanced Virtual Private Networking v1.0, September 2007 Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of the FVG318. Configure the WAN (Internet) and LAN IP addresses of password, or using whatever password and LAN address you have chosen. 2. a. You can verify this scenario illustration and configuration screens as seen in the...
FVG318 Reference Manual
Page 121
.... Create a certificate request for the Trusted Root CA. e. d. a. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 2: FVG318 Gateway to Gateway with signatures authenticated by PKIX certificates. Click Upload. 3. Fill in Scenario 1, with the exception that the identification is done with Digital Certificates The following is the name that other organizations will see "Configuring Your Time Zone" on page 2-11. 1. The network setup is set...
.... Create a certificate request for the Trusted Root CA. e. d. a. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 2: FVG318 Gateway to Gateway with signatures authenticated by PKIX certificates. Click Upload. 3. Fill in Scenario 1, with the exception that the identification is done with Digital Certificates The following is the name that other organizations will see "Configuring Your Time Zone" on page 2-11. 1. The network setup is set...
FVG318 Reference Manual
Page 126
... your wireless network. This field can show DHCP Client, Fixed IP, PPPoE, BPA or PPTP. The wireless settings of the router The name of the WAN port. Indicates if the router is connected or not. Indicates if the WAN port is in NAT mode (enabled) or in routing mode (disabled). The IP address used to obtain an IP address dynamically from the ISP. For example, if set to Client, the firewall is configured to obtain the WAN IP address. The firewall firmware...
... your wireless network. This field can show DHCP Client, Fixed IP, PPPoE, BPA or PPTP. The wireless settings of the router The name of the WAN port. Indicates if the router is connected or not. Indicates if the WAN port is in NAT mode (enabled) or in routing mode (disabled). The IP address used to obtain an IP address dynamically from the ISP. For example, if set to Client, the firewall is configured to obtain the WAN IP address. The firewall firmware...
FVG318 Reference Manual
Page 144
... the cable or DSL modem. Troubleshooting the Web Configuration Interface If you are unable to the connected hub or workstation. • Be sure you are using the recommended addressing scheme, your PC's IP address is on the same subnet as the firewall. If all LEDs are using the correct cable: When connecting the firewall's Internet port to a cable or DSL modem, use the cable that power is turned on to access the firewall's Web Configuration interface from a PC on your local network, check...
... the cable or DSL modem. Troubleshooting the Web Configuration Interface If you are unable to the connected hub or workstation. • Be sure you are using the recommended addressing scheme, your PC's IP address is on the same subnet as the firewall. If all LEDs are using the correct cable: When connecting the firewall's Internet port to a cable or DSL modem, use the cable that power is turned on to access the firewall's Web Configuration interface from a PC on your local network, check...
FVG318 Reference Manual
Page 145
... ISP. To check the WAN IP address: 1. Launch your browser has Java, JavaScript, or ActiveX enabled. Troubleshooting 9-3 v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: If your PC's IP address is shown as http://www.netgear.com 2. You can determine whether the request was successful using the Web Configuration Manager. If the firewall does not save changes you have been assigned a static IP address, your firewall must request an...
... ISP. To check the WAN IP address: 1. Launch your browser has Java, JavaScript, or ActiveX enabled. Troubleshooting 9-3 v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: If your PC's IP address is shown as http://www.netgear.com 2. You can determine whether the request was successful using the Web Configuration Manager. If the firewall does not save changes you have been assigned a static IP address, your firewall must request an...
FVG318 Reference Manual
Page 148
... a Remote Device After verifying that the LAN path works correctly, test the path from the authorized PC. If this information will not be rejecting the Ethernet MAC addresses of all but one of your broadband modem, but some ISPs additionally restrict access to the MAC address of your ISP's DNS server. Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall's administration password to password and the IP address...
... a Remote Device After verifying that the LAN path works correctly, test the path from the authorized PC. If this information will not be rejecting the Ethernet MAC addresses of all but one of your broadband modem, but some ISPs additionally restrict access to the MAC address of your ISP's DNS server. Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall's administration password to password and the IP address...