FVS114 Reference Manual
Page 6
... Local Public Web Server 4-6 Inbound Rule Example: Allowing a Videoconference from Restricted Addresses 4-7 Considerations for Inbound Rules 4-8 Outbound Rules (Service Blocking 4-8 Outbound Rule Example: Blocking Instant Messenger 4-9 Order of Precedence for Rules 4-10 Services ...4-11 Using a Schedule to Block or Allow Specific Traffic 4-13 Time Zone ...4-14 Getting E-Mail Notifications of Event Logs and Alerts 4-15 Viewing Logs of Web Access or Attempted Web Access 4-17 Syslog ...4-18 Chapter 5 Basic Virtual Private Networking Overview of VPN Configuration 5-2 Client-to-Gateway VPN...
... Local Public Web Server 4-6 Inbound Rule Example: Allowing a Videoconference from Restricted Addresses 4-7 Considerations for Inbound Rules 4-8 Outbound Rules (Service Blocking 4-8 Outbound Rule Example: Blocking Instant Messenger 4-9 Order of Precedence for Rules 4-10 Services ...4-11 Using a Schedule to Block or Allow Specific Traffic 4-13 Time Zone ...4-14 Getting E-Mail Notifications of Event Logs and Alerts 4-15 Viewing Logs of Web Access or Attempted Web Access 4-17 Syslog ...4-18 Chapter 5 Basic Virtual Private Networking Overview of VPN Configuration 5-2 Client-to-Gateway VPN...
FVS114 Reference Manual
Page 7
... the FVS114 6-14 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets 6-15 FVS114 Scenario 1: FVS114 to Gateway B IKE and VPN Policies 6-16 How to Check VPN Connections 6-21 Testing the Gateway A FVS114 LAN and the Gateway B LAN 6-21 FVS114 Scenario 2: FVS114 to FVS114 with RSA Certificates 6-22 Chapter 7 Maintenance Viewing VPN Firewall Status Information 7-1 Viewing a List of Attached Devices 7-5 Upgrading the Firewall Software 7-5 Configuration File Management 7-6 Backing Up the Configuration 7-7 Restoring the Configuration 7-7 Contents vii 202-10098...
... the FVS114 6-14 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets 6-15 FVS114 Scenario 1: FVS114 to Gateway B IKE and VPN Policies 6-16 How to Check VPN Connections 6-21 Testing the Gateway A FVS114 LAN and the Gateway B LAN 6-21 FVS114 Scenario 2: FVS114 to FVS114 with RSA Certificates 6-22 Chapter 7 Maintenance Viewing VPN Firewall Status Information 7-1 Viewing a List of Attached Devices 7-5 Upgrading the Firewall Software 7-5 Configuration File Management 7-6 Backing Up the Configuration 7-7 Restoring the Configuration 7-7 Contents vii 202-10098...
FVS114 Reference Manual
Page 8
... Using Address Reservation 8-7 Configuring Static Routes 8-8 Static Route Example 8-10 Enabling Remote Management Access 8-10 UPnP ...8-13 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On 9-1 LEDs Never Turn Off 9-2 LAN or Internet Port LEDs Not On 9-2 Troubleshooting the Web Configuration Interface 9-3 Troubleshooting the ISP Connection 9-4 Troubleshooting a TCP/IP Network Using a Ping Utility 9-5 Testing the LAN Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-7 Problems with Date...
... Using Address Reservation 8-7 Configuring Static Routes 8-8 Static Route Example 8-10 Enabling Remote Management Access 8-10 UPnP ...8-13 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On 9-1 LEDs Never Turn Off 9-2 LAN or Internet Port LEDs Not On 9-2 Troubleshooting the Web Configuration Interface 9-3 Troubleshooting the ISP Connection 9-4 Troubleshooting a TCP/IP Network Using a Ping Utility 9-5 Testing the LAN Path to Your Firewall 9-5 Testing the Path from Your PC to a Remote Device 9-6 Restoring the Default Configuration and Password 9-7 Problems with Date...
FVS114 Reference Manual
Page 17
... a WAN device, such as a cable modem or DSL modem. The FVS114 VPN Firewall provides you with four-port switch connects your network from hackers. both via e-mail. In addition to 253 users. The FVS114 VPN Firewall provides the following features: • Easy, Web-based setup for installation and management. • Content filtering and site blocking security. • Built-in firewall protects you can establish restricted access policies based on Network Address Translation (NAT) for security, the FVS114 uses stateful packet inspection for firmware upgrade...
... a WAN device, such as a cable modem or DSL modem. The FVS114 VPN Firewall provides you with four-port switch connects your network from hackers. both via e-mail. In addition to 253 users. The FVS114 VPN Firewall provides the following features: • Easy, Web-based setup for installation and management. • Content filtering and site blocking security. • Built-in firewall protects you can establish restricted access policies based on Network Address Translation (NAT) for security, the FVS114 uses stateful packet inspection for firmware upgrade...
FVS114 Reference Manual
Page 18
... configure the firewall to email the log to you to control access to Internet content by NAT NAT opens a temporary path to your LAN. • Blocks access from reaching your LAN to Internet locations or services that you to direct incoming traffic to specific PCs based on the service port number of the incoming request, or to maintain security, as described in this section. • PCs Hidden by screening for keywords within Web addresses...
... configure the firewall to email the log to you to control access to Internet content by NAT NAT opens a temporary path to your LAN. • Blocks access from reaching your LAN to Internet locations or services that you to direct incoming traffic to specific PCs based on the service port number of the incoming request, or to maintain security, as described in this section. • PCs Hidden by screening for keywords within Web addresses...
FVS114 Reference Manual
Page 20
... the ProSafe VPN Firewall FVS114 Easy Installation and Management You can limit remote management access to a specified remote IP address or range of the FVS114 VPN Firewall: • Flash memory for your firewall from a remote location on the Internet. For security, you can choose a nonstandard port number. • Visual monitoring The FVS114 VPN Firewall's front panel LEDs provide an easy way to easily configure your type of personal computer, such as Windows, Macintosh, or Linux. Maintenance and Support NETGEAR...
... the ProSafe VPN Firewall FVS114 Easy Installation and Management You can limit remote management access to a specified remote IP address or range of the FVS114 VPN Firewall: • Flash memory for your firewall from a remote location on the Internet. For security, you can choose a nonstandard port number. • Visual monitoring The FVS114 VPN Firewall's front panel LEDs provide an easy way to easily configure your type of personal computer, such as Windows, Macintosh, or Linux. Maintenance and Support NETGEAR...
FVS114 Reference Manual
Page 34
... Internet connection. Once you have trouble connecting to the Internet, use the Smart Setup Wizard to assist with manual configuration or to your Internet connection. At the end of the Setup Wizard, click the Test button to the VPN firewall router by typing http://www.routerlogin.net in to verify the Internet connection settings, follow this procedure. 1. To change the password, see "Changing the Administrator Password" on page 3-6 to correct basic problems, or refer to Chapter 9, "Troubleshooting." 3-10 Connecting the Firewall...
... Internet connection. Once you have trouble connecting to the Internet, use the Smart Setup Wizard to assist with manual configuration or to your Internet connection. At the end of the Setup Wizard, click the Test button to the VPN firewall router by typing http://www.routerlogin.net in to verify the Internet connection settings, follow this procedure. 1. To change the password, see "Changing the Administrator Password" on page 3-6 to correct basic problems, or refer to Chapter 9, "Troubleshooting." 3-10 Connecting the Firewall...
FVS114 Reference Manual
Page 43
...; Service. Block UDP flood - This is excessively large number of UDP packets. Firewall Protection and Content Filtering 4-5 202-10098-01, April 2005 Choose how you select a range of addresses, enter the range in the start box. • Log. Never - no log entries will be enabled. - Block TCP flood - traffic of this setting is disbled, PCs only your LAN will not be restricted by source IP address. Enable VPN Passthrough (IPSec, PPTP...
...; Service. Block UDP flood - This is excessively large number of UDP packets. Firewall Protection and Content Filtering 4-5 202-10098-01, April 2005 Choose how you select a range of addresses, enter the range in the start box. • Log. Never - no log entries will be enabled. - Block TCP flood - traffic of this setting is disbled, PCs only your LAN will not be restricted by source IP address. Enable VPN Passthrough (IPSec, PPTP...
FVS114 Reference Manual
Page 59
... endpoint use FVS114s on other endpoint. See "How to Set Up a Gateway-to-Gateway VPN Configuration" on the remote LAN, a portion of the remote network (as defined by a subnet or by a range of the WAN port can change from time to time. When DynDNS is a good way to connect branch or home offices and business partners over the Internet. Reference Manual for the ProSafe VPN Firewall FVS114 VPN Gateway A VPN Tunnel VPN Gateway B PCs PCs Figure 5-2: Gateway-to-gateway VPN tunnel A VPN between...
... endpoint use FVS114s on other endpoint. See "How to Set Up a Gateway-to-Gateway VPN Configuration" on the remote LAN, a portion of the remote network (as defined by a subnet or by a range of the WAN port can change from time to time. When DynDNS is a good way to connect branch or home offices and business partners over the Internet. Reference Manual for the ProSafe VPN Firewall FVS114 VPN Gateway A VPN Tunnel VPN Gateway B PCs PCs Figure 5-2: Gateway-to-gateway VPN tunnel A VPN between...
FVS114 Reference Manual
Page 60
... level of IPSec VPN encryption will you use? - Note: NETGEAR publishes additional interoperability scenarios with three different, unrelated keys. - The Data Encryption Standard (DES) processes input data that is the optimal choice for the ProSafe VPN Firewall FVS114 FQDNs supplied by Dynamic DNS providers can allow a VPN endpoint with a dynamic IP address to initiate or respond to configure your VPN tunnels? - Reference Manual for security conscience organizations, but the hardware at each...
... level of IPSec VPN encryption will you use? - Note: NETGEAR publishes additional interoperability scenarios with three different, unrelated keys. - The Data Encryption Standard (DES) processes input data that is the optimal choice for the ProSafe VPN Firewall FVS114 FQDNs supplied by Dynamic DNS providers can allow a VPN endpoint with a dynamic IP address to initiate or respond to configure your VPN tunnels? - Reference Manual for security conscience organizations, but the hardware at each...
FVS114 Reference Manual
Page 104
... Basic Settings menu. 6-16 Advanced Virtual Private Networking 202-10098-01, April 2005 Log in to the FVS114 labeled Gateway A as a model to build your configuration. 1. a. Reference Manual for the ProSafe VPN Firewall FVS114 The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 2 (1024 bits) • Perfect forward secrecy for all IP protocols, all ports are open on...
... Basic Settings menu. 6-16 Advanced Virtual Private Networking 202-10098-01, April 2005 Log in to the FVS114 labeled Gateway A as a model to build your configuration. 1. a. Reference Manual for the ProSafe VPN Firewall FVS114 The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 2 (1024 bits) • Perfect forward secrecy for all IP protocols, all ports are open on...
FVS114 Reference Manual
Page 118
... the WAN IP address. The MAC address used by the Internet (WAN) port of the firewall. The MAC address used by the Local (LAN) port of the firewall. If no address is configured to the Internet. The default is active for the ProSafe VPN Firewall FVS114 This screen shows the following parameters: Table 7-1. The firewall firmware version. For example, if set to Client, the firewall is shown, the firewall cannot connect to obtain an IP address dynamically from the ISP. Reference Manual for the LAN attached devices...
... the WAN IP address. The MAC address used by the Internet (WAN) port of the firewall. The MAC address used by the Local (LAN) port of the firewall. If no address is configured to the Internet. The default is active for the ProSafe VPN Firewall FVS114 This screen shows the following parameters: Table 7-1. The firewall firmware version. For example, if set to Client, the firewall is shown, the firewall cannot connect to obtain an IP address dynamically from the ISP. Reference Manual for the LAN attached devices...
FVS114 Reference Manual
Page 128
... a 'Ping' from the Internet is normally discarded by the firewall unless the traffic is a response to one local PC can be a security problem. But this is rarely required, and should not be a DMZ server: a. In some online games and videoconferencing applications that may need to reduce the MTU. If you know that server. Reference Manual for the ProSafe VPN Firewall FVS114 • Default DMZ Server: Specifying a Default DMZ Server allows you to set...
... a 'Ping' from the Internet is normally discarded by the firewall unless the traffic is a response to one local PC can be a security problem. But this is rarely required, and should not be a DMZ server: a. In some online games and videoconferencing applications that may need to reduce the MTU. If you know that server. Reference Manual for the ProSafe VPN Firewall FVS114 • Default DMZ Server: Specifying a Default DMZ Server allows you to set...
FVS114 Reference Manual
Page 129
... used to Configure Dynamic DNS If your IP address by the firewall. However, if your Internet account uses a dynamically assigned IP address, you have that name linked with a different level of security by public Domain Name Servers (DNS). Reference Manual for the ProSafe VPN Firewall FVS114 Note: For security, NETGEAR strongly recommends that you want the firewall to respond to a ping from the Internet. Type the IP address for our application is Exposed Host. A true DMZ port...
... used to Configure Dynamic DNS If your IP address by the firewall. However, if your Internet account uses a dynamically assigned IP address, you have that name linked with a different level of security by public Domain Name Servers (DNS). Reference Manual for the ProSafe VPN Firewall FVS114 Note: For security, NETGEAR strongly recommends that you want the firewall to respond to a ping from the Internet. Type the IP address for our application is Exposed Host. A true DMZ port...
FVS114 Reference Manual
Page 141
... TEST LED is turned on power to the firewall, the following section. The LAN port LEDs are provided to the connected device. After each problem description, instructions are lit for this product. Basic Functioning After you are using the 12 V DC power adapter supplied by NETGEAR for any of events should contact technical support. After approximately 30 seconds, verify that are off when your FVS114 ProSafe VPN Firewall. Power LED Not...
... TEST LED is turned on power to the firewall, the following section. The LAN port LEDs are provided to the connected device. After each problem description, instructions are lit for this product. Basic Functioning After you are using the 12 V DC power adapter supplied by NETGEAR for any of events should contact technical support. After approximately 30 seconds, verify that are off when your FVS114 ProSafe VPN Firewall. Power LED Not...
FVS114 Reference Manual
Page 142
... error persists, you are secure at the firewall and at the hub or workstation. • Make sure that was supplied with the cable or DSL modem. This will set the firewall's IP address to 192.168.0.1. This procedure is explained in "Restoring the Default Configuration and Password" on to the connected hub or workstation. • Be sure you might have a hardware problem and should contact technical support. LAN or Internet Port LEDs...
... error persists, you are secure at the firewall and at the hub or workstation. • Make sure that was supplied with the cable or DSL modem. This will set the firewall's IP address to 192.168.0.1. This procedure is explained in "Restoring the Default Configuration and Password" on to the connected hub or workstation. • Be sure you might have a hardware problem and should contact technical support. LAN or Internet Port LEDs...
FVS114 Reference Manual
Page 143
... of Windows and MacOS will set the firewall's IP address to 192.168.0.1. If you are lost. • Click the Refresh or Reload button in the Web browser. This will generate and assign an IP address if the computer cannot reach a DHCP server. Reference Manual for the ProSafe VPN Firewall FVS114 Troubleshooting the Web Configuration Interface If you are unable to access the firewall's Web Configuration interface from the PC to the firewall and reboot...
... of Windows and MacOS will set the firewall's IP address to 192.168.0.1. If you are lost. • Click the Refresh or Reload button in the Web browser. This will generate and assign an IP address if the computer cannot reach a DHCP server. Reference Manual for the ProSafe VPN Firewall FVS114 Troubleshooting the Web Configuration Interface If you are unable to access the firewall's Web Configuration interface from the PC to the firewall and reboot...
FVS114 Reference Manual
Page 144
... Web Configuration Manager. Reference Manual for the ProSafe VPN Firewall FVS114 Troubleshooting the ISP Connection If your firewall is unable to access the Internet, you should first determine whether the firewall is able to your firewall. Unless you may check for your cable or DSL modem to the cable or DSL modem. 4. Under the Maintenance heading, select Router Status 4. If your firewall is unable to obtain an IP address from the ISP, the problem may check for your PC's MAC address...
... Web Configuration Manager. Reference Manual for the ProSafe VPN Firewall FVS114 Troubleshooting the ISP Connection If your firewall is unable to access the Internet, you should first determine whether the firewall is able to your firewall. Unless you may check for your cable or DSL modem to the cable or DSL modem. 4. Under the Maintenance heading, select Router Status 4. If your firewall is unable to obtain an IP address from the ISP, the problem may check for your PC's MAC address...
FVS114 Reference Manual
Page 147
... ProSafe VPN Firewall FVS114 - Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall's administration password to password and the IP address to reboot. If you have just completed configuring the firewall, wait at least five minutes and check the date and time again. • Time is the case, you must configure your firewall to obtain the current time from the MAC address of your Internet access settings are not known. 1. Reference Manual for Daylight Savings Time...
... ProSafe VPN Firewall FVS114 - Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall's administration password to password and the IP address to reboot. If you have just completed configuring the firewall, wait at least five minutes and check the date and time again. • Time is the case, you must configure your firewall to obtain the current time from the MAC address of your Internet access settings are not known. 1. Reference Manual for Daylight Savings Time...
FVS114 Reference Manual
Page 204
... includes IP addresses, DNS addresses, and gateway (router) addresses. EAP, an extension to PPP, supports such authentication methods as more areas around the world gain access. Reference Manual for the ProSafe VPN Firewall FVS114 Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for authentication that supports multiple authentication methods. The Internet however, is returned. ADSL is a general protocol for services that allows data to...
... includes IP addresses, DNS addresses, and gateway (router) addresses. EAP, an extension to PPP, supports such authentication methods as more areas around the world gain access. Reference Manual for the ProSafe VPN Firewall FVS114 Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for authentication that supports multiple authentication methods. The Internet however, is returned. ADSL is a general protocol for services that allows data to...