FVS114 Reference Manual
Page 9
What is a Router B-2 Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet Addressing B-5 Private IP Addresses B-7 Single IP Address Operation Using NAT B-8 MAC Addresses and Address Resolution Protocol B-9 Related Documents B-9 Domain Name Server B-9 IP Configuration by DHCP B-10 Internet Security and Firewalls B-10 What is a ... ...C-5 Key Management ...C-6 Understand the Process Before You Begin C-6 VPN Process Overview C-7 Network Interfaces and Addresses C-7 Interface Addressing C-7 Firewalls ...C-8 Contents ix 202-10098-01, April 2005
What is a Router B-2 Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet Addressing B-5 Private IP Addresses B-7 Single IP Address Operation Using NAT B-8 MAC Addresses and Address Resolution Protocol B-9 Related Documents B-9 Domain Name Server B-9 IP Configuration by DHCP B-10 Internet Security and Firewalls B-10 What is a ... ...C-5 Key Management ...C-6 Understand the Process Before You Begin C-6 VPN Process Overview C-7 Network Interfaces and Addresses C-7 Interface Addressing C-7 Firewalls ...C-8 Contents ix 202-10098-01, April 2005
FVS114 Reference Manual
Page 13
... Firewall April 2005 Note: Product updates are available on the NETGEAR Web site. About This Manual 1-1 202-10098-01, April 2005 Typographical Conventions italics bold fixed Emphasis, books, CDs, URL names User input Screen text, file and server names, extensions, commands, IP addresses This guide uses the following typographical conventions: Table 1-1. This guide...
... Firewall April 2005 Note: Product updates are available on the NETGEAR Web site. About This Manual 1-1 202-10098-01, April 2005 Typographical Conventions italics bold fixed Emphasis, books, CDs, URL names User input Screen text, file and server names, extensions, commands, IP addresses This guide uses the following typographical conventions: Table 1-1. This guide...
FVS114 Reference Manual
Page 19
... Attached PCs by DHCP The FVS114 VPN Firewall dynamically assigns network configuration information, including IP, gateway, and Domain Name Server (DNS) addresses, to attached PCs on the LAN using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP).... of cable to make the right connection. This feature eliminates the need to worry about TCP/IP, refer to Appendix B, "Network, Routing, and Firewall Basics." • IP Address Sharing by NAT The FVS114 VPN Firewall allows several networked PCs to share an Internet account using...
... Attached PCs by DHCP The FVS114 VPN Firewall dynamically assigns network configuration information, including IP, gateway, and Domain Name Server (DNS) addresses, to attached PCs on the LAN using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP).... of cable to make the right connection. This feature eliminates the need to worry about TCP/IP, refer to Appendix B, "Network, Routing, and Firewall Basics." • IP Address Sharing by NAT The FVS114 VPN Firewall allows several networked PCs to share an Internet account using...
FVS114 Reference Manual
Page 20
For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can install, configure, and operate the FVS114 ProSafe VPN Firewall within minutes after connecting it to the network. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management Browser...
For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can install, configure, and operate the FVS114 ProSafe VPN Firewall within minutes after connecting it to the network. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management Browser...
FVS114 Reference Manual
Page 30
... Resource CD for help with this. • Some cable modem ISPs require you may have. The firewall will then capture and use the MAC address of the computer that you are correct. • LAN connected computers must be using . Use the status lights on the front of each powered... this sequence: 1. Restart the network in "Backing Up the Configuration" on the VPN firewall router and wait one minute 4. Click Apply to obtain an IP address automatically via DHCP. Turn off the VPN firewall router, shut down the computer, and unplug and turn solid green or if the test light does...
... Resource CD for help with this. • Some cable modem ISPs require you may have. The firewall will then capture and use the MAC address of the computer that you are correct. • LAN connected computers must be using . Use the status lights on the front of each powered... this sequence: 1. Restart the network in "Backing Up the Configuration" on the VPN firewall router and wait one minute 4. Click Apply to obtain an IP address automatically via DHCP. Turn off the VPN firewall router, shut down the computer, and unplug and turn solid green or if the test light does...
FVS114 Reference Manual
Page 31
...then press Enter. 192.168.0.1 is password. You can bypass the Smart Wizard Configuration Assistant feature by typing the IP address of the VPN firewall router in the address field of your settings. The default password is restored when you use the factory reset button. If you do not...a user name or password. Table 3-1. Configuration Enter the standard Settings Have Been URL to access the Applied VPN firewall router Enter the IP address of the VPN firewall router Connect to the VPN firewall router by clicking Apply when you finish entering your browser, then press Enter: ...
...then press Enter. 192.168.0.1 is password. You can bypass the Smart Wizard Configuration Assistant feature by typing the IP address of the VPN firewall router in the address field of your settings. The default password is restored when you use the factory reset button. If you do not...a user name or password. Table 3-1. Configuration Enter the standard Settings Have Been URL to access the Applied VPN firewall router Enter the IP address of the VPN firewall router Connect to the VPN firewall router by clicking Apply when you finish entering your browser, then press Enter: ...
FVS114 Reference Manual
Page 36
... your ISP has assigned you in order to access the Internet. c. They will automatically log you a permanent, fixed (static) IP address for the ProSafe VPN Firewall FVS114 a. You must launch a login program such as Enternet or WinPOET in the settings according to access the .... Reference Manual for your PC in . 3-12 Connecting the Firewall to the Internet 202-10098-01, April 2005 Also enter the netmask and the Gateway IP address. The Gateway is first opened. e. Note: After you finish setting up your firewall, you will be using . Account: Enter your Account Name (may...
... your ISP has assigned you in order to access the Internet. c. They will automatically log you a permanent, fixed (static) IP address for the ProSafe VPN Firewall FVS114 a. You must launch a login program such as Enternet or WinPOET in the settings according to access the .... Reference Manual for your PC in . 3-12 Connecting the Firewall to the Internet 202-10098-01, April 2005 Also enter the netmask and the Gateway IP address. The Gateway is first opened. e. Note: After you finish setting up your firewall, you will be using . Account: Enter your Account Name (may...
FVS114 Reference Manual
Page 41
... users to block or allow specific traffic passing through from one Trusted User, which is specified, only Web sites with a fixed or reserved IP address. A firewall has two default rules, one for inbound traffic and one for the ProSafe VPN Firewall FVS114 • Turn Cookies filtering on...delete a keyword or domain, select it in the Trusted User box and click Apply. Inbound rules (WAN to LAN) restrict access by an IP address, you wish to private resources, selectively allowing only specific outside . Outbound rules (LAN to WAN) determine what outside resources local users can be...
... users to block or allow specific traffic passing through from one Trusted User, which is specified, only Web sites with a fixed or reserved IP address. A firewall has two default rules, one for inbound traffic and one for the ProSafe VPN Firewall FVS114 • Turn Cookies filtering on...delete a keyword or domain, select it in the Trusted User box and click Apply. Inbound rules (WAN to LAN) restrict access by an IP address, you wish to private resources, selectively allowing only specific outside . Outbound rules (LAN to WAN) determine what outside resources local users can be...
FVS114 Reference Manual
Page 42
... prompt, enter the number of the table and click Edit. You can block or allow access based on the service or application, source or destination IP addresses, and time of day. To create a new rule, click the Add button. To edit an existing rule, select its button on the left side of...
... prompt, enter the number of the table and click Edit. You can block or allow access based on the service or application, source or destination IP addresses, and time of day. To create a new rule, click the Add button. To edit an existing rule, select its button on the left side of...
FVS114 Reference Manual
Page 43
... determine how certain types of packets are widely used to establish a secure connection, and are handled by source IP address. In some situations, this type that case, you must enter a Single LAN address in the start box. • Log. This setting should be normally be logged. • Options. From... or blocked. The parameters are : - Use the Services menu to be from the opposite (LAN or WAN) of the Source Address. If enabled, fragmented IP packets are not limited to the schedule you can select whether the traffic will be enabled. - This is excessively large number of ...
... determine how certain types of packets are widely used to establish a secure connection, and are handled by source IP address. In some situations, this type that case, you must enter a Single LAN address in the start box. • Log. This setting should be normally be logged. • Options. From... or blocked. The parameters are : - Use the Services menu to be from the opposite (LAN or WAN) of the Source Address. If enabled, fragmented IP packets are not limited to the schedule you can select whether the traffic will be enabled. - This is excessively large number of ...
FVS114 Reference Manual
Page 44
...NAT), your location. Your ISP may also be generated by defining an inbound rule you to the IP address of your Web server at any active services at your network presents only one IP address to one local server based on your local network, you are necessary for a particular service to... the Internet, and outside IP address to run any of your ISP. This setting should normally be enabled. ...
...NAT), your location. Your ISP may also be generated by defining an inbound rule you to the IP address of your Web server at any active services at your network presents only one IP address to one local server based on your local network, you are necessary for a particular service to... the Internet, and outside IP address to run any of your ISP. This setting should normally be enabled. ...
FVS114 Reference Manual
Page 45
...4-4, CU-SEEME connections are allowed only from restricted addresses Firewall Protection and Content Filtering 4-7 202-10098-01, April 2005 Figure 4-4: Rule example: a videoconference from a specified range of external IP addresses. Reference Manual for the ProSafe VPN Firewall FVS114 ...Figure 4-3: Rule example: a local public Web server Inbound Rule Example: Allowing a Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to ...
...4-4, CU-SEEME connections are allowed only from restricted addresses Firewall Protection and Content Filtering 4-7 202-10098-01, April 2005 Figure 4-4: Rule example: a videoconference from a specified range of external IP addresses. Reference Manual for the ProSafe VPN Firewall FVS114 ...Figure 4-3: Rule example: a local public Web server Inbound Rule Example: Allowing a Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to ...
FVS114 Reference Manual
Page 46
... This is rebooted. To avoid this example). You can always find your network. • If the IP address of the local server PC is assigned by your ISP, the IP address may change periodically as the DHCP lease expires. Outbound Rules (Service Blocking) The FVS114 allows you to ...using the Dyamic DNS feature in this , use of certain Internet services by PCs on : • IP address of the local PC (source address) • IP address of the Internet site being contacted (destination address) • Time of day • Type of service being requested (service port number) Following is ...
... This is rebooted. To avoid this example). You can always find your network. • If the IP address of the local server PC is assigned by your ISP, the IP address may change periodically as the DHCP lease expires. Outbound Rules (Service Blocking) The FVS114 allows you to ...using the Dyamic DNS feature in this , use of certain Internet services by PCs on : • IP address of the local PC (source address) • IP address of the Internet site being contacted (destination address) • Time of day • Type of service being requested (service port number) Following is ...
FVS114 Reference Manual
Page 47
... Firewall Protection and Content Filtering 4-9 202-10098-01, April 2005 You can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you can also have created in the Schedule menu. Reference Manual for the ProSafe VPN Firewall FVS114 Outbound Rule...
... Firewall Protection and Content Filtering 4-9 202-10098-01, April 2005 You can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you can also have created in the Schedule menu. Reference Manual for the ProSafe VPN Firewall FVS114 Outbound Rule...
FVS114 Reference Manual
Page 53
...mail menu • Turn e-mail notification on. Enter the name or IP address of Service attack is detected. If a Port Scan is detected. - Enter the e-mail address to which logs and alerts are immediately sent to the specified e-mail address when any of the following events occur: - If you wish to receive...the firewall. • Send alerts and logs by e-mail. Firewall Protection and Content Filtering 202-10098-01, April 2005 4-15 This e-mail address will not be used as mail.myISP.com). If your enable e-mail notification, these boxes cannot be able to find this box blank, ...
...mail menu • Turn e-mail notification on. Enter the name or IP address of Service attack is detected. If a Port Scan is detected. - Enter the e-mail address to which logs and alerts are immediately sent to the specified e-mail address when any of the following events occur: - If you wish to receive...the firewall. • Send alerts and logs by e-mail. Firewall Protection and Content Filtering 202-10098-01, April 2005 4-15 This e-mail address will not be used as mail.myISP.com). If your enable e-mail notification, these boxes cannot be able to find this box blank, ...
FVS114 Reference Manual
Page 56
... You can configure the firewall to send system logs to an external PC that is running a syslog logging program. Destination The name or IP address of the logging PC and click the Enable Syslog check box. Reference Manual for the ProSafe VPN Firewall FVS114 Log entries are described in ...the log entries. Description or Action The type of the initiating device, and whether it 's on interface the LAN or WAN. Enter the IP address of the destination device or Web site. Source port and interface The service port number of event and what action was recorded. Button Refresh Clear...
... You can configure the firewall to send system logs to an external PC that is running a syslog logging program. Destination The name or IP address of the logging PC and click the Enable Syslog check box. Reference Manual for the ProSafe VPN Firewall FVS114 Log entries are described in ...the log entries. Description or Action The type of the initiating device, and whether it 's on interface the LAN or WAN. Enter the IP address of the destination device or Web site. Source port and interface The service port number of event and what action was recorded. Button Refresh Clear...
FVS114 Reference Manual
Page 59
... the other end, and vice versa. This set up this case, use FVS114s on other endpoint. You must configure each end of IP addresses), or a single PC? • Will either endpoint use Fully Qualified Domain Names (FQDNs)? Many DSL accounts are provisioned with a ...VPN using FDQN. In this configuration. Under these circumstances, configuring the WAN port with DHCP addressing, where the IP address of configuration information defines a security association (SA) between two or more NETGEAR VPN-enabled firewalls is configured on one end to network resources across the Internet.
... the other end, and vice versa. This set up this case, use FVS114s on other endpoint. You must configure each end of IP addresses), or a single PC? • Will either endpoint use Fully Qualified Domain Names (FQDNs)? Many DSL accounts are provisioned with a ...VPN using FDQN. In this configuration. Under these circumstances, configuring the WAN port with DHCP addressing, where the IP address of configuration information defines a security association (SA) between two or more NETGEAR VPN-enabled firewalls is configured on one end to network resources across the Internet.
FVS114 Reference Manual
Page 60
...What level of IPSec VPN encryption will you use? - AES - AES (Advanced Encryption Standard) is 64 bits wide, encrypting these values using a dynamic IP address must support it. • What level of authentication will you use to a tunnel request. Advanced methods (see Table 5-1) - Reference Manual for security ...a higher level of security by encrypting the data three times using VPNC defaults (see Chapter 6, "Advanced Virtual Private Networking") Table 5-1. Note: NETGEAR publishes additional interoperability scenarios with three different, unrelated keys. - DES -
...What level of IPSec VPN encryption will you use? - AES - AES (Advanced Encryption Standard) is 64 bits wide, encrypting these values using a dynamic IP address must support it. • What level of authentication will you use to a tunnel request. Advanced methods (see Table 5-1) - Reference Manual for security ...a higher level of security by encrypting the data three times using VPNC defaults (see Chapter 6, "Advanced Virtual Private Networking") Table 5-1. Note: NETGEAR publishes additional interoperability scenarios with three different, unrelated keys. - DES -
FVS114 Reference Manual
Page 65
.... 1. a. A "New Connection" listing appears in the Product Quick Find drop-down menu for the ProSafe VPN Firewall FVS114 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC This procedure describes how to Another Client" on LAN A. You may need to insert your PC, you may...message stating "The NETGEAR ProSafe VPN Component requires at least one dial-up adapter installed in the VPN Settings of the FVS114 on page 5-17. The PC must have a modem or dial-up adapter be running on another client running the client has a dynamically assigned IP address. Go to complete...
.... 1. a. A "New Connection" listing appears in the Product Quick Find drop-down menu for the ProSafe VPN Firewall FVS114 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC This procedure describes how to Another Client" on LAN A. You may need to insert your PC, you may...message stating "The NETGEAR ProSafe VPN Component requires at least one dial-up adapter installed in the VPN Settings of the FVS114 on page 5-17. The PC must have a modem or dial-up adapter be running on another client running the client has a dynamically assigned IP address. Go to complete...
FVS114 Reference Manual
Page 67
...in the NETGEAR ProSafe VPN Client software. Configure the Security Policy in the Mask field as the network address of the FVS114. In this example, 22.23.24.25 would be used. Basic Virtual Private Networking 202-10098-01, April 2005 5-11 Enter the public WAN IP Address of the ... new connection by double clicking its name or clicking on the Security Policy subheading to allow all traffic through the VPN tunnel. Select IP Address in the ID Type menu below the connection name. My Identity and Security Policy subheadings appear below the check box. Select the Connect...
...in the NETGEAR ProSafe VPN Client software. Configure the Security Policy in the Mask field as the network address of the FVS114. In this example, 22.23.24.25 would be used. Basic Virtual Private Networking 202-10098-01, April 2005 5-11 Enter the public WAN IP Address of the ... new connection by double clicking its name or clicking on the Security Policy subheading to allow all traffic through the VPN tunnel. Select IP Address in the ID Type menu below the connection name. My Identity and Security Policy subheadings appear below the check box. Select the Connect...