FVL328 Reference Manual
Page 9
... the Default Reset Button 8-7 Problems with Date and Time 8-8 Appendix A Technical Specifications Appendix B Networks, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 What is a Router B-1 Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet...DHCP B-9 Internet Security and Firewalls B-10 What is a Firewall B-10 Stateful Packet Inspection B-10 Denial of Service Attack B-11 Ethernet Cabling ...B-11 Category 5 Cable Quality B-11 Inside Twisted Pair Cables B-12 Uplink Switches, Crossover Cables, and MDI/MDIX Switching...
... the Default Reset Button 8-7 Problems with Date and Time 8-8 Appendix A Technical Specifications Appendix B Networks, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 What is a Router B-1 Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet...DHCP B-9 Internet Security and Firewalls B-10 What is a Firewall B-10 Stateful Packet Inspection B-10 Denial of Service Attack B-11 Ethernet Cabling ...B-11 Category 5 Cable Quality B-11 Inside Twisted Pair Cables B-12 Uplink Switches, Crossover Cables, and MDI/MDIX Switching...
FVL328 Reference Manual
Page 13
... This Manual This chapter introduces the Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2. Scope This manual is provided in the Appendices and on the NETGEAR Web site at http://kbserver.netgear.com/products/FVL328.asp. Manual Specifications Product Firmware Version Number Manual Part Number Manual Publication Date FVL328 Prosafe High Speed VPN Firewall Version 2.0 Release 05 202-10030-02...
... This Manual This chapter introduces the Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2. Scope This manual is provided in the Appendices and on the NETGEAR Web site at http://kbserver.netgear.com/products/FVL328.asp. Manual Specifications Product Firmware Version Number Manual Part Number Manual Publication Date FVL328 Prosafe High Speed VPN Firewall Version 2.0 Release 05 202-10030-02...
FVL328 Reference Manual
Page 32
...specific computer's Ethernet MAC address, select "Use this is a host on the Internet port. You must obtain it also. They will then only accept traffic from only one computer that translates Internet names (such as www.netgear...your ISP's services such as that computer. The Router's MAC Address is first opened. This feature allows your firewall to masquerade as mail or news servers. Click ...to the Fixed IP menu. 3-8 Connecting the FVL328 to the Internet May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Configuring for a Wizard-...
...specific computer's Ethernet MAC address, select "Use this is a host on the Internet port. You must obtain it also. They will then only accept traffic from only one computer that translates Internet names (such as www.netgear...your ISP's services such as that computer. The Router's MAC Address is first opened. This feature allows your firewall to masquerade as mail or news servers. Click ...to the Fixed IP menu. 3-8 Connecting the FVL328 to the Internet May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Configuring for a Wizard-...
FVL328 Reference Manual
Page 44
...save the new configuration. Under MTU Size, select Custom. 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. You shouldn't check this is rarely required, and should only be used as the DMZ Server for most cases, your router can be done unless you are larger than the configured MTU size.... For some ISPs you cannot use the IP address you entered, not the default WAN IP address. • If you only have a specific reason to the selected PC. • Out-going traffic from the Internet, click this IP address. • Click Apply. Any packets sent through...
...save the new configuration. Under MTU Size, select Custom. 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. You shouldn't check this is rarely required, and should only be used as the DMZ Server for most cases, your router can be done unless you are larger than the configured MTU size.... For some ISPs you cannot use the IP address you entered, not the default WAN IP address. • If you only have a specific reason to the selected PC. • Out-going traffic from the Internet, click this IP address. • Click Apply. Any packets sent through...
FVL328 Reference Manual
Page 55
...access by outsiders to private resources, selectively allowing only specific outside users to . A firewall has two default rules, one for inbound traffic and one side of the firewall to the other. The default rules of the FVL328 are: • Inbound: Block all access from ... what outside resources local users can have access to access specific resources. These default rules are shown here: Figure 5-2: Rules menu Protecting Your Network 5-5 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Using Inbound/Outbound Rules to Block or...
...access by outsiders to private resources, selectively allowing only specific outside users to . A firewall has two default rules, one for inbound traffic and one side of the firewall to the other. The default rules of the FVL328 are: • Inbound: Block all access from ... what outside resources local users can have access to access specific resources. These default rules are shown here: Figure 5-2: Rules menu Protecting Your Network 5-5 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Using Inbound/Outbound Rules to Block or...
FVL328 Reference Manual
Page 57
The rule tells the router to the Internet, and outside users cannot directly address any server ...can make a local server (for your network. Following are unsure, refer to enable either blocking or allowing specific Internet traffic on the destination port number. If you can always find your network. • If the IP... the Internet. Remember that are used on your firewall to the Acceptable Use Policy of inbound rules: Protecting Your Network 5-7 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Examples of the local server...
The rule tells the router to the Internet, and outside users cannot directly address any server ...can make a local server (for your network. Following are unsure, refer to enable either blocking or allowing specific Internet traffic on the destination port number. If you can always find your network. • If the IP... the Internet. Remember that are used on your firewall to the Acceptable Use Policy of inbound rules: Protecting Your Network 5-7 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Examples of the local server...
FVL328 Reference Manual
Page 70
the Syslog data is broadcast, rather than sent to this option, and enter the IP address of your Syslog server has a fixed IP address, select this Syslog server IP address - Use this if your Syslog Server does not have a Syslog server. • Broadcast on LAN - If your Syslog server. 5-20 May 2004, 202-10030-02 Protecting Your Network select this if you do not have a fixed IP address. • Send to a specific Syslog server. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • Disable -
the Syslog data is broadcast, rather than sent to this option, and enter the IP address of your Syslog server has a fixed IP address, select this Syslog server IP address - Use this if your Syslog Server does not have a Syslog server. • Broadcast on LAN - If your Syslog server. 5-20 May 2004, 202-10030-02 Protecting Your Network select this if you do not have a fixed IP address. • Send to a specific Syslog server. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • Disable -
FVL328 Reference Manual
Page 72
...still handles the encryption. • VPN Policies: Apply the IKE policy to manually input the authentication scheme and encryption key values. VPN Manual policies manage the keys according to settings you to specific traffic which requires a VPN tunnel. Or, you manually enter all...use IKE policies to further automate the process, you can change . Using CAs reduces the amount of the VPN policy table. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • IKE Policies: Define the authentication scheme and automatically generate the encryption keys. ...
...still handles the encryption. • VPN Policies: Apply the IKE policy to manually input the authentication scheme and encryption key values. VPN Manual policies manage the keys according to settings you to specific traffic which requires a VPN tunnel. Or, you manually enter all...use IKE policies to further automate the process, you can change . Using CAs reduces the amount of the VPN policy table. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • IKE Policies: Define the authentication scheme and automatically generate the encryption keys. ...
FVL328 Reference Manual
Page 135
... (3.96 cm) W: 10.0 in (25.4 cm) D: 9.0 in (17.8 cm) Weight: 2.72 lb. (1.23 Kg) Environmental Specifications Operating temperature: 32°-140° F (0° to 40° C) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Technical Specifications A-1 May 2004, 202-10030-02 Appendix A Technical Specifications This appendix provides technical specifications for the FVL328 Prosafe High Speed VPN Firewall.
... (3.96 cm) W: 10.0 in (25.4 cm) D: 9.0 in (17.8 cm) Weight: 2.72 lb. (1.23 Kg) Environmental Specifications Operating temperature: 32°-140° F (0° to 40° C) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Technical Specifications A-1 May 2004, 202-10030-02 Appendix A Technical Specifications This appendix provides technical specifications for the FVL328 Prosafe High Speed VPN Firewall.
FVL328 Reference Manual
Page 136
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Meets requirements of: Interface Specifications Local: Internet: Certifications Firewall: VPN: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 ICSA Certified, Small/Medium Business (SMB) Category version 4.0 VPNC Certified - VPNC Logos: Basic Interoperability Basic Conformance Rekeying Conformance Certificates Conformance A-2 Technical Specifications May 2004, 202-10030-02
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Meets requirements of: Interface Specifications Local: Internet: Certifications Firewall: VPN: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 ICSA Certified, Small/Medium Business (SMB) Category version 4.0 VPNC Certified - VPNC Logos: Basic Interoperability Basic Conformance Rekeying Conformance Certificates Conformance A-2 Technical Specifications May 2004, 202-10030-02
FVL328 Reference Manual
Page 143
...figure illustrates a single IP address operation. The following three blocks of IP addresses specifically for Management of IP Address Space. For more information about IP address translation, ...the Internet. Networks, Routing, and Firewall Basics B-7 May 2004, 202-10030-02 The router accomplishes this range. For more costly than a router. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 When a ...255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 NETGEAR recommends that you had to obtain a range of the local network address with a modem,...
...figure illustrates a single IP address operation. The following three blocks of IP addresses specifically for Management of IP Address Space. For more information about IP address translation, ...the Internet. Networks, Routing, and Firewall Basics B-7 May 2004, 202-10030-02 The router accomplishes this range. For more costly than a router. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 When a ...255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 NETGEAR recommends that you had to obtain a range of the local network address with a modem,...
FVL328 Reference Manual
Page 153
...Your Network C-3 May 2004, 202-10030-02 If you were given DNS server addresses, fill in the following information. Some ISPs use a specific host or domain name like CCA7324-A or home. Your ISP might call this page. For example, 169.254.141.148 could be entered... as the login name. ISP Login Name: The login name and password are case sensitive and must be a valid IP address. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Worksheet for Recording Your Internet Connection Information Print this your account, user, host, computer, or system name. •...
...Your Network C-3 May 2004, 202-10030-02 If you were given DNS server addresses, fill in the following information. Some ISPs use a specific host or domain name like CCA7324-A or home. Your ISP might call this page. For example, 169.254.141.148 could be entered... as the login name. ISP Login Name: The login name and password are case sensitive and must be a valid IP address. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Worksheet for Recording Your Internet Connection Information Print this your account, user, host, computer, or system name. •...
FVL328 Reference Manual
Page 154
...Protocol). If a Network Interface Card (NIC) is already installed in private networks. The FVL328 Firewall is probably already installed as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the computers are rebooted: • PC...(the firewall)-192.168.0.1 These addresses are part of these configuration items, refer to purchase a third-party TCP/ IP application package such as its specific network configuration information automatically from a DHCP server during bootup. Model FVL328 ProSafe High-Speed VPN Firewall Reference ...
...Protocol). If a Network Interface Card (NIC) is already installed in private networks. The FVL328 Firewall is probably already installed as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the computers are rebooted: • PC...(the firewall)-192.168.0.1 These addresses are part of these configuration items, refer to purchase a third-party TCP/ IP application package such as its specific network configuration information automatically from a DHCP server during bootup. Model FVL328 ProSafe High-Speed VPN Firewall Reference ...
FVL328 Reference Manual
Page 156
... for Microsoft Networks: a. On each PC must be assigned specific information about itself and resources that are available on its network. If you need Client for Microsoft Networks. If you need to install a new adapter, follow these steps: a. Select Microsoft. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Note: It is to allow...
... for Microsoft Networks: a. On each PC must be assigned specific information about itself and resources that are available on its network. If you need Client for Microsoft Networks. If you need to install a new adapter, follow these steps: a. Select Microsoft. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Note: It is to allow...
FVL328 Reference Manual
Page 176
... page E-11. Understand the Process Before You Begin This document provides case studies on both sides. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Key Management IPSec uses the Internet Key Exchange (IKE) protocol to aid system administrators...html. http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium - Try to facilitate IPSec VPN vendor interoperability. Additional information regarding inter-vendor interoperability may arise from normal firewall or WAN processes. The VPN Consortium has developed specific scenarios to facilitate...
... page E-11. Understand the Process Before You Begin This document provides case studies on both sides. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Key Management IPSec uses the Internet Key Exchange (IKE) protocol to aid system administrators...html. http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium - Try to facilitate IPSec VPN vendor interoperability. Additional information regarding inter-vendor interoperability may arise from normal firewall or WAN processes. The VPN Consortium has developed specific scenarios to facilitate...
FVL328 Reference Manual
Page 177
... be separate and distinct. Virtual Private Networking E-7 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 VPN Process Overview Even though IPSec is , each set of terms and procedures for connecting two gateways before diving into the specifics. It is important to understand that you will have a "public" facing address...
... be separate and distinct. Virtual Private Networking E-7 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 VPN Process Overview Even though IPSec is , each set of terms and procedures for connecting two gateways before diving into the specifics. It is important to understand that you will have a "public" facing address...
FVL328 Reference Manual
Page 178
...both gateways to understand how to open specific protocols, ports, and addresses that you intend to understand that allows two entities (networks, PCs, routers, firewalls, gateways) to the firewall instructions for both gateway LAN Connections. Setting Up a VPN Tunnel Between Gateways An SA, frequently ... to know the subnet mask of information that many gateways are also firewalls. Please refer to "trust each other" and communicate securely as they pass information over the Internet. Table 8-2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 8-1.
...both gateways to understand how to open specific protocols, ports, and addresses that you intend to understand that allows two entities (networks, PCs, routers, firewalls, gateways) to the firewall instructions for both gateway LAN Connections. Setting Up a VPN Tunnel Between Gateways An SA, frequently ... to know the subnet mask of information that many gateways are also firewalls. Please refer to "trust each other" and communicate securely as they pass information over the Internet. Table 8-2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 8-1.
FVL328 Reference Manual
Page 182
... 2474] K. Baker, D. Floyd, A Proposal to Add Explicit Congestion Notification (ECN) to IP, January 1999. • [RFC 2408] D. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. •...
... 2474] K. Baker, D. Floyd, A Proposal to Add Explicit Congestion Notification (ECN) to IP, January 1999. • [RFC 2408] D. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. •...
FVL328 Reference Manual
Page 225
...2004, 202-10030-02 Authentication Header Certificate Authority. Usually, this process is to confirm an individual's claimed identity. DoS. IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES (Triple DES) achieves a high level of security by several protocols, including Secure ...Sockets Layer (SSL) and Internet Protocol Security (IPSec). As such, it with three different, unrelated keys. IEEE specification for wireless networking at 2.5GHz. The role of the CA in this means that issues digital certificates used by encrypting the ...
...2004, 202-10030-02 Authentication Header Certificate Authority. Usually, this process is to confirm an individual's claimed identity. DoS. IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES (Triple DES) achieves a high level of security by several protocols, including Secure ...Sockets Layer (SSL) and Internet Protocol Security (IPSec). As such, it with three different, unrelated keys. IEEE specification for wireless networking at 2.5GHz. The role of the CA in this means that issues digital certificates used by encrypting the ...