FVG318 Reference Manual
Page 8
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Chapter 3 Configuring Wireless Connectivity Observing Performance, Placement, and Range Guidelines 3-1 Implementing Appropriate Wireless Security 3-2 Understanding Wireless ... Kinds of Traffic 4-4 Inbound Rules (Port Forwarding 4-6 Outbound Rules (Service Blocking 4-8 Order of Precedence for Rules 4-9 Default DMZ Server 4-10 Attack Checks ...4-11 Services ...4-12 Using a Schedule to Block or Allow Specific Traffic 4-13 Getting E-Mail Notifications of Firewall Logs 4-14 Chapter 5 Basic Virtual Private Networking Overview ...
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Chapter 3 Configuring Wireless Connectivity Observing Performance, Placement, and Range Guidelines 3-1 Implementing Appropriate Wireless Security 3-2 Understanding Wireless ... Kinds of Traffic 4-4 Inbound Rules (Port Forwarding 4-6 Outbound Rules (Service Blocking 4-8 Order of Precedence for Rules 4-9 Default DMZ Server 4-10 Attack Checks ...4-11 Services ...4-12 Using a Schedule to Block or Allow Specific Traffic 4-13 Getting E-Mail Notifications of Firewall Logs 4-14 Chapter 5 Basic Virtual Private Networking Overview ...
FVG318 Reference Manual
Page 11
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case C-7 Configuring the VPN Tunnel C-7 Viewing and Editing the VPN Parameters C-8 Initiating and Checking the VPN Connections C-9 The FVG318-to-FVL328 Case C-10 Configuring the VPN Tunnel C-10 Viewing and Editing the VPN Parameters C-11 Initiating and Checking the VPN Connections C-12 The FVG318-to-VPN Client Case C-13 Client-to-Gateway VPN Tunnel Overview C-13 Configuring the VPN Tunnel C-14 Initiating and Checking the VPN Connections C-18 Contents xi v1.0, September 2007
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case C-7 Configuring the VPN Tunnel C-7 Viewing and Editing the VPN Parameters C-8 Initiating and Checking the VPN Connections C-9 The FVG318-to-FVL328 Case C-10 Configuring the VPN Tunnel C-10 Viewing and Editing the VPN Parameters C-11 Initiating and Checking the VPN Connections C-12 The FVG318-to-VPN Client Case C-13 Client-to-Gateway VPN Tunnel Overview C-13 Configuring the VPN Tunnel C-14 Initiating and Checking the VPN Connections C-18 Contents xi v1.0, September 2007
FVG318 Reference Manual
Page 18
Automatically detects and thwarts DoS attacks such as Ping of data. The access point provides: • 802.11b standards-based wireless networking at up to 11 Mbps. • 802.11g wireless networking at up to 54 Mbps, which conforms to have a higher priority than normal traffic. For WMM to...name broadcast can connect. Its firewall features include: • DoS protection. A Powerful, True Firewall with all of the strong security of the 802.11e standard. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 802.11g and 802.11b Wireless Networking The VPN firewall includes an...
Automatically detects and thwarts DoS attacks such as Ping of data. The access point provides: • 802.11b standards-based wireless networking at up to 11 Mbps. • 802.11g wireless networking at up to 54 Mbps, which conforms to have a higher priority than normal traffic. For WMM to...name broadcast can connect. Its firewall features include: • DoS protection. A Powerful, True Firewall with all of the strong security of the 802.11e standard. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 802.11g and 802.11b Wireless Networking The VPN firewall includes an...
FVG318 Reference Manual
Page 35
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. The Time Zone screen will...to the standard time. 4. Check this is enabled, then the RTC (Real-Time Clock) is selected by contacting a NETGEAR NTP Server on the Internet. From the Date/Time pull-down menu, select your time zone: 1. Automatically Adjust for time...-stamping log entries. 3. Click Apply to the Internet v1.0, September 2007 2-11 Select Administration > Time Zone from one hour to localize the time for your log entries, you must specify your ...
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. The Time Zone screen will...to the standard time. 4. Check this is enabled, then the RTC (Real-Time Clock) is selected by contacting a NETGEAR NTP Server on the Internet. From the Date/Time pull-down menu, select your time zone: 1. Automatically Adjust for time...-stamping log entries. 3. Click Apply to the Internet v1.0, September 2007 2-11 Select Administration > Time Zone from one hour to localize the time for your log entries, you must specify your ...
FVG318 Reference Manual
Page 43
...disable broadcast of Trusted PCs MAC addresses. The options are no wireless communications through the FVG318. - All 802.11b wireless stations can be used. 802.11g wireless stations can still be used if they can be legal to operate the wireless features of the...Disabling SSID broadcast somewhat hampers the wireless network "discovery" feature of Name (SSID). ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - This field determines which allows both 802.11g and 802.11b wireless stations to use Channel 11. - Enables the wireless radio. Disable: No data encryption is "g & b"...
...disable broadcast of Trusted PCs MAC addresses. The options are no wireless communications through the FVG318. - All 802.11b wireless stations can be used. 802.11g wireless stations can still be used if they can be legal to operate the wireless features of the...Disabling SSID broadcast somewhat hampers the wireless network "discovery" feature of Name (SSID). ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual - This field determines which allows both 802.11g and 802.11b wireless stations to use Channel 11. - Enables the wireless radio. Disable: No data encryption is "g & b"...
FVG318 Reference Manual
Page 49
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-5 3. The WEP fields section will be populated with key values. - Encryption: Select the desired WEP Encryption: • ... this phrase is set to 64 bit, then each of printable characters (this can be populated with a key value. Configuring Wireless Connectivity v1.0, September 2007 3-11
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-5 3. The WEP fields section will be populated with key values. - Encryption: Select the desired WEP Encryption: • ... this phrase is set to 64 bit, then each of printable characters (this can be populated with a key value. Configuring Wireless Connectivity v1.0, September 2007 3-11
FVG318 Reference Manual
Page 58
... Screen will be highlighted. 3-20 v1.0, September 2007 Configuring Wireless Connectivity Nevertheless, the wireless adapter hardware and driver must also support WPA and WPA2. Figure 3-11 3. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK and WPA2-PSK Note: Not all wireless adapters support WPA and WPA2.
... Screen will be highlighted. 3-20 v1.0, September 2007 Configuring Wireless Connectivity Nevertheless, the wireless adapter hardware and driver must also support WPA and WPA2. Figure 3-11 3. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK and WPA2-PSK Note: Not all wireless adapters support WPA and WPA2.
FVG318 Reference Manual
Page 71
... to save your network. Click Apply to an ICMP Echo (ping) packet coming in the following table. 3. Firewall Protection and Content Filtering v1.0, September 2007 4-11 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Note: For security, NETGEAR strongly recommends that the option be protected protect from the Internet.
... to save your network. Click Apply to an ICMP Echo (ping) packet coming in the following table. 3. Firewall Protection and Content Filtering v1.0, September 2007 4-11 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual . Note: For security, NETGEAR strongly recommends that the option be protected protect from the Internet.
FVG318 Reference Manual
Page 77
... PC that logs are available for Windows, Macintosh, and Linux computers. Note: You can configure the firewall to send system logs to Local7). 11. The firewall logs security-related events such as e-mail the logs by clicking the View Log link on your selection, specify: • Day...daily or weekly. 10. If you enabled e-mail notification, you leave this schedule section, you want the router to send logs to a schedule. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Enter the Return E-Mail Address to save your settings. This e-mail address will receive these logs...
... PC that logs are available for Windows, Macintosh, and Linux computers. Note: You can configure the firewall to send system logs to Local7). 11. The firewall logs security-related events such as e-mail the logs by clicking the View Log link on your selection, specify: • Day...daily or weekly. 10. If you enabled e-mail notification, you leave this schedule section, you want the router to send logs to a schedule. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Enter the Return E-Mail Address to save your settings. This e-mail address will receive these logs...
FVG318 Reference Manual
Page 89
You will need to provide: - In the Network Security Policy list on My Identity. Configure the VPN Client Identity. Provide information about the remote VPN client PC. a. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-9 5. The Pre-Shared Key that you configured in the FVG318. - Figure 5-10 Basic Virtual Private Networking v1.0, September 2007 5-11 Either a fixed IP address or a "fixed virtual" IP address of the Security Policy Editor window, click on the left side of the VPN client PC.
You will need to provide: - In the Network Security Policy list on My Identity. Configure the VPN Client Identity. Provide information about the remote VPN client PC. a. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-9 5. The Pre-Shared Key that you configured in the FVG318. - Figure 5-10 Basic Virtual Private Networking v1.0, September 2007 5-11 Either a fixed IP address or a "fixed virtual" IP address of the Security Policy Editor window, click on the left side of the VPN client PC.
FVG318 Reference Manual
Page 90
... the Internet Interface box, select the adapter you have only one adapter. In the Pre-Shared Key dialog box, click the Enter Key button. Figure 5-11 6. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual b. Select IP Address in the ID Type box. d. You may also choose Any if you will be used...
... the Internet Interface box, select the adapter you have only one adapter. In the Pre-Shared Key dialog box, click the Enter Key button. Figure 5-11 6. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual b. Select IP Address in the ID Type box. d. You may also choose Any if you will be used...
FVG318 Reference Manual
Page 117
The LAN Setup screen will display. Figure 6-7 Advanced Virtual Private Networking v1.0, September 2007 6-11 Select Network Configuration > LAN Setup. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual WAN IP addresses ISP provides these addresses Figure 6-6 b. For more information on page 2-7. c. Configure the WAN Internet Address according to the settings above and click Apply to save your Internet Connection" on configuring the WAN IP settings, please see "Manually Configuring your settings.
The LAN Setup screen will display. Figure 6-7 Advanced Virtual Private Networking v1.0, September 2007 6-11 Select Network Configuration > LAN Setup. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual WAN IP addresses ISP provides these addresses Figure 6-6 b. For more information on page 2-7. c. Configure the WAN Internet Address according to the settings above and click Apply to save your Internet Connection" on configuring the WAN IP settings, please see "Manually Configuring your settings.
FVG318 Reference Manual
Page 121
... certificates differs from the menu. Obtain the root certificate (that other organizations will see "Configuring Your Time Zone" on page 2-11. 1. Install the trusted CA certificate for its members. Save the certificate as a Windows 2000 certificate server, which an organization...FVG318. In the Self Certificate Requests section, click Browse to you via e-mail. a. Create a certificate request for authentication. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 2: FVG318 Gateway to Gateway with Digital Certificates The following is a ...
... certificates differs from the menu. Obtain the root certificate (that other organizations will see "Configuring Your Time Zone" on page 2-11. 1. Install the trusted CA certificate for its members. Save the certificate as a Windows 2000 certificate server, which an organization...FVG318. In the Self Certificate Requests section, click Browse to you via e-mail. a. Create a certificate request for authentication. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 2: FVG318 Gateway to Gateway with Digital Certificates The following is a ...
FVG318 Reference Manual
Page 123
... location of the file you want to the CA administrator. Figure 6-11 4. Save the certificate you get back from the Trusted Root CA and save it to back to display the data. Select the checkbox of a Windows 2000 internal CA, you . ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual g. Click Generate The...
... location of the file you want to the CA administrator. Figure 6-11 4. Save the certificate you get back from the Trusted Root CA and save it to back to display the data. Select the checkbox of a Windows 2000 internal CA, you . ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual g. Click Generate The...
FVG318 Reference Manual
Page 141
Enter the community string to which the agent belongs. Click Add to modify. Advanced Configuration v1.0, September 2007 8-11 Enter the SNMP trap port to which the trap messages will be displayed in the SNMP Configuration table. To Edit or modify ...used to listen for this router. The following MIB (Management Information Base) fields are configured to determine the list of an SNMP trap agent. 2. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To create a new SNMP configuration entry: 1. The configuration will be modified: • SysContact: The name ...
Enter the community string to which the agent belongs. Click Add to modify. Advanced Configuration v1.0, September 2007 8-11 Enter the SNMP trap port to which the trap messages will be displayed in the SNMP Configuration table. To Edit or modify ...used to listen for this router. The following MIB (Management Information Base) fields are configured to determine the list of an SNMP trap agent. 2. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To create a new SNMP configuration entry: 1. The configuration will be modified: • SysContact: The name ...
FVG318 Reference Manual
Page 152
...actual data throughput rate. A-2 Default Settings and Technical Specifications v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Feature Default Behavior DHCP Starting IP Address ...Point Connections All wireless stations allowed a. otherwise, varies by region) RF Channel 11 until the region is selected Operating Mode g and b until the region ... Saving Disabled Time SNMP Disabled Firewall Inbound (communications coming in from IEEE Standard 802.11 specifications. Maximum Wireless signal rate derived from Disabled (except traffic on port 80...
...actual data throughput rate. A-2 Default Settings and Technical Specifications v1.0, September 2007 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Feature Default Behavior DHCP Starting IP Address ...Point Connections All wireless stations allowed a. otherwise, varies by region) RF Channel 11 until the region is selected Operating Mode g and b until the region ... Saving Disabled Time SNMP Disabled Firewall Inbound (communications coming in from IEEE Standard 802.11 specifications. Maximum Wireless signal rate derived from Disabled (except traffic on port 80...
FVG318 Reference Manual
Page 167
...: 255.255.255.0 (in at the default address of http://192.168.0.1 with the default user name of admin and default password of NETGEAR FVG318 v1.0, September 2007 C-11 IP Address: 10.5.6.1 (in to the LAN IP address of LAN IP addresses specified on FVG318 A and FVL328 B will now flow over...used in this example, you have chosen). Log in this example), must be unique at each VPN tunnel endpoint • Remote LAN IP Subnet - ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Pre-Shared Key: 12345678 (in this example), must be the same at both VPN tunnel endpoints ...
...: 255.255.255.0 (in at the default address of http://192.168.0.1 with the default user name of admin and default password of NETGEAR FVG318 v1.0, September 2007 C-11 IP Address: 10.5.6.1 (in to the LAN IP address of LAN IP addresses specified on FVG318 A and FVL328 B will now flow over...used in this example, you have chosen). Log in this example), must be unique at each VPN tunnel endpoint • Remote LAN IP Subnet - ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Pre-Shared Key: 12345678 (in this example), must be the same at both VPN tunnel endpoints ...
FVG318 Reference Manual
Page 173
Figure C-11 g. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Under My Identity, select Domain Name for the ID Type and then enter fvs_remote. (Domain Name must match the Remote Identity Data parameter of the IKE Policy Configuration screen shown in Figure C-11 for the ... the File menu. Verify the Authentication (Phase 1) and Key Exchange (Phase 1) Proposal 1 screen parameters (see Figure C-11) match the IKE SA Parameters of NETGEAR FVG318 v1.0, September 2007 C-17 VPN Configuration of the IKE Policy Configuration screen shown in Figure C-10 for the gateway ...
Figure C-11 g. ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Under My Identity, select Domain Name for the ID Type and then enter fvs_remote. (Domain Name must match the Remote Identity Data parameter of the IKE Policy Configuration screen shown in Figure C-11 for the ... the File menu. Verify the Authentication (Phase 1) and Key Exchange (Phase 1) Proposal 1 screen parameters (see Figure C-11) match the IKE SA Parameters of NETGEAR FVG318 v1.0, September 2007 C-17 VPN Configuration of the IKE Policy Configuration screen shown in Figure C-10 for the gateway ...