Reference Manual
Page 10
... Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 VPN Firewall Features That Increase Traffic 6-4 Using QoS to Shift the Traffic Mix 6-7 Tools for Traffic Management 6-8 Configuring Users, Administrative Settings, and Remote Management 6-8 Changing Passwords and Settings 6-8 Adding External Users 6-10 Configuring an External Server for Authentication 6-11 Enabling Remote Management Access 6-14 Using an SNMP Manager 6-16 Managing the Configuration File 6-18 Configuring Date and Time Service 6-21 Monitoring System Performance 6-23 Activating...
... Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 VPN Firewall Features That Increase Traffic 6-4 Using QoS to Shift the Traffic Mix 6-7 Tools for Traffic Management 6-8 Configuring Users, Administrative Settings, and Remote Management 6-8 Changing Passwords and Settings 6-8 Adding External Users 6-10 Configuring an External Server for Authentication 6-11 Enabling Remote Management Access 6-14 Using an SNMP Manager 6-16 Managing the Configuration File 6-18 Configuring Date and Time Service 6-21 Monitoring System Performance 6-23 Activating...
Reference Manual
Page 11
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting the Web Configuration Interface 7-3 Troubleshooting the ISP Connection 7-4 Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your VPN Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Using the Diagnostics Utilities 7-8 Appendix A Default Settings and Technical Specifications Appendix B Two Factor Authentication Why do I need Two-Factor Authentication B-1 What are the benefits ...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Troubleshooting the Web Configuration Interface 7-3 Troubleshooting the ISP Connection 7-4 Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your VPN Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Using the Diagnostics Utilities 7-8 Appendix A Default Settings and Technical Specifications Appendix B Two Factor Authentication Why do I need Two-Factor Authentication B-1 What are the benefits ...
Reference Manual
Page 15
... v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 202-10521-02 1.0 202-10521-02 1.1 About This Manual April 2010 Added the following new features for the April 2010 firmware maintenance release: • Connection reset and delay options on the Broadband ISP Settings screen (see "Manually Configuring Your Internet Connection"). • Support for an address range for inbound LAN rules on the Add LAN WAN Inbound Service screen (see "Inbound Rules (Port Forwarding)" and "Inbound Rules Examples"). • Support for SIP Sessions" * "Configuring UPnP (Universal...
... v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 202-10521-02 1.0 202-10521-02 1.1 About This Manual April 2010 Added the following new features for the April 2010 firmware maintenance release: • Connection reset and delay options on the Broadband ISP Settings screen (see "Manually Configuring Your Internet Connection"). • Support for an address range for inbound LAN rules on the Add LAN WAN Inbound Service screen (see "Inbound Rules (Port Forwarding)" and "Inbound Rules Examples"). • Support for SIP Sessions" * "Configuring UPnP (Universal...
Reference Manual
Page 18
... to other IPsec gateways and clients. • Bundled with a single-user license of VPN client software on the remote computer. • IPsec VPN with broad protocol support for secure connection to defend against hacker attacks. You can configure the VPN firewall to email the log to your LAN. • Block Sites. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, Web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support...
... to other IPsec gateways and clients. • Bundled with a single-user license of VPN client software on the remote computer. • IPsec VPN with broad protocol support for secure connection to defend against hacker attacks. You can configure the VPN firewall to email the log to your LAN. • Block Sites. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, Web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support...
Reference Manual
Page 20
... VPN tunnels are specified, the VPN firewall provides its own address as Windows, Macintosh, or Linux. This technique, known as EnterNet or WinPOET on your Internet service provider (ISP). This feature greatly simplifies configuration of PCs on the LAN using only a single IP address, which may be statically or dynamically assigned by NAT. The following features simplify installation and management tasks: • Browser-Based Management. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Extensive Protocol Support The FVS318G supports...
... VPN tunnels are specified, the VPN firewall provides its own address as Windows, Macintosh, or Linux. This technique, known as EnterNet or WinPOET on your Internet service provider (ISP). This feature greatly simplifies configuration of PCs on the LAN using only a single IP address, which may be statically or dynamically assigned by NAT. The following features simplify installation and management tasks: • Browser-Based Management. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Extensive Protocol Support The FVS318G supports...
Reference Manual
Page 36
... to enable. c. If it appears, you may check the Use wildcards checkbox to the screen for example: .dyndns.org). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 2-9 2. Each DNS service provider requires registration. After setting up an account. If your WAN IP address does not change often, you can configure the required settings on the corresponding screen for the DNS service. 3. Click the tab of the DNS service providers and set up your DNS service provider...
... to enable. c. If it appears, you may check the Use wildcards checkbox to the screen for example: .dyndns.org). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 2-9 2. Each DNS service provider requires registration. After setting up an account. If your WAN IP address does not change often, you can configure the required settings on the corresponding screen for the DNS service. 3. Click the tab of the DNS service providers and set up your DNS service provider...
Reference Manual
Page 39
... C, "Related Documents for both the LAN and DMZ settings. Specify the pool of your ProSafe Gigabit 8 Port VPN Firewall FVS318G, including the following sections: • "Choosing the VPN Firewall DHCP Options" on this page • "Configuring the LAN Setup Options" on page 3-2 • "Managing Groups and Hosts (LAN Groups)" on page 3-5 • "Configuring Multi Home LAN IP Addresses" on page 3-10 • "Configuring and Enabling the DMZ Port" on page 3-11 • "Configuring Static Routes" on page 3-14 • "Configuring Routing Information...
... C, "Related Documents for both the LAN and DMZ settings. Specify the pool of your ProSafe Gigabit 8 Port VPN Firewall FVS318G, including the following sections: • "Choosing the VPN Firewall DHCP Options" on this page • "Configuring the LAN Setup Options" on page 3-2 • "Managing Groups and Hosts (LAN Groups)" on page 3-5 • "Configuring Multi Home LAN IP Addresses" on page 3-10 • "Configuring and Enabling the DMZ Port" on page 3-11 • "Configuring Static Routes" on page 3-14 • "Configuring Routing Information...
Reference Manual
Page 54
..., enter 255.255.255.255. 8. If multiple routes to which the route leads. 7. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. If the destination is 134.177.0.0. In the Metric field, enter the metric priority for connecting to Static Routes table. The new static route will forward your primary Internet access is accessible. 9. From the Interface pull-down menu, select the physical network interface (Broadband, DMZ, or LAN) through a cable modem to an ISP, and • you are...
..., enter 255.255.255.255. 8. If multiple routes to which the route leads. 7. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. If the destination is 134.177.0.0. In the Metric field, enter the metric priority for connecting to Static Routes table. The new static route will forward your primary Internet access is accessible. 9. From the Interface pull-down menu, select the physical network interface (Broadband, DMZ, or LAN) through a cable modem to an ISP, and • you are...
Reference Manual
Page 59
... another way to block outbound traffic from the LAN side. Additional services can be covered by PCs on the traffic's category of Service (QoS) Priorities" on page 4-24). Firewall Protection and Content Filtering 4-3 v1.1, August 2010 This is configured to disallow it using the Services menu (see "Specifying Quality of service. • Outbound Rules (service blocking). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Services-Based Rules The rules to block traffic are only useful if the traffic is in the factory default list. Each service has its...
... another way to block outbound traffic from the LAN side. Additional services can be covered by PCs on the traffic's category of Service (QoS) Priorities" on page 4-24). Firewall Protection and Content Filtering 4-3 v1.1, August 2010 This is configured to disallow it using the Services menu (see "Specifying Quality of service. • Outbound Rules (service blocking). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Services-Based Rules The rules to block traffic are only useful if the traffic is in the factory default list. Each service has its...
Reference Manual
Page 121
... using the IKE (Internet Key Exchange) protocol to create a VPN policy, only the Auto method is displayed in view (see "Managing Certificates" on each end (both a public key and a private key. You can create two types of certificates for each certificate, there is not important.) 3. However, if you to add additional policies-either Auto or Manual-and to perform authentication (see Figure 5-18 on page 5-16). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. The use are...
... using the IKE (Internet Key Exchange) protocol to create a VPN policy, only the Auto method is displayed in view (see "Managing Certificates" on each end (both a public key and a private key. You can create two types of certificates for each certificate, there is not important.) 3. However, if you to add additional policies-either Auto or Manual-and to perform authentication (see Figure 5-18 on page 5-16). ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 4. The use are...
Reference Manual
Page 128
... VPN Policies table. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 5-3. Click the view selected button to the List of VPN Policies table, click the edit button to save your settings. The VPN policy is added to display the selected IKE policy. 5. The VPN firewall uses Digital Certificates (also known as the Add VPN Policy screen (see Table 5-3). 5. Add VPN Policy Settings (continued) Item PFS Key Group Select IKE Policy Description (or Subfield and Description) Select this VPN firewall during the Internet Key...
... VPN Policies table. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 5-3. Click the view selected button to the List of VPN Policies table, click the edit button to save your settings. The VPN policy is added to display the selected IKE policy. 5. The VPN firewall uses Digital Certificates (also known as the Add VPN Policy screen (see Table 5-3). 5. Add VPN Policy Settings (continued) Item PFS Key Group Select IKE Policy Description (or Subfield and Description) Select this VPN firewall during the Internet Key...
Reference Manual
Page 157
... Internet IP addresses. • Services. The Network Database is applied to a single Internet IP address. - This will be covered a rule. Once a schedule is to be applied. VPN Firewall and Network Management 6-3 v1.1, August 2010 If the desired service or application does not appear in the Network Database. DHCP Client Request. If you have set firewall rules on page 4-24). • Groups and Hosts. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • WAN Users. Address range. You can apply these rules...
... Internet IP addresses. • Services. The Network Database is applied to a single Internet IP address. - This will be covered a rule. Once a schedule is to be applied. VPN Firewall and Network Management 6-3 v1.1, August 2010 If the desired service or application does not appear in the Network Database. DHCP Client Request. If you have set firewall rules on page 4-24). • Groups and Hosts. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • WAN Users. Address range. You can apply these rules...
Reference Manual
Page 159
... Management 6-5 v1.1, August 2010 Protects the VPN firewall from responding to the following criteria: • LAN Users. The default rule blocks all existing rules for inbound traffic If you specify the desired action for the connections covered by the rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW always • ALLOW by this firewall is for unsupported services. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Port Forwarding The VPN firewall always blocks DoS (Denial of UDP sessions created from the LAN. • Enable...
... Management 6-5 v1.1, August 2010 Protects the VPN firewall from responding to the following criteria: • LAN Users. The default rule blocks all existing rules for inbound traffic If you specify the desired action for the connections covered by the rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW always • ALLOW by this firewall is for unsupported services. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Port Forwarding The VPN firewall always blocks DoS (Denial of UDP sessions created from the LAN. • Enable...
Reference Manual
Page 162
... includes the following subsections: • "Changing Passwords and Settings" on page 6-8 • "Adding External Users" on page 6-10 • "Configuring an External Server for Authentication" on page 6-11 • "Enabling Remote Management Access" on page 6-14 • "Using an SNMP Manager" on page 6-16 • "Managing the Configuration File" on page 6-18 • "Configuring Date and Time Service" on page 6-9). 2. b. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual See "Specifying Quality of Service (QoS) Priorities" on page 4-26 for the...
... includes the following subsections: • "Changing Passwords and Settings" on page 6-8 • "Adding External Users" on page 6-10 • "Configuring an External Server for Authentication" on page 6-11 • "Enabling Remote Management Access" on page 6-14 • "Using an SNMP Manager" on page 6-16 • "Managing the Configuration File" on page 6-18 • "Configuring Date and Time Service" on page 6-9). 2. b. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual See "Specifying Quality of Service (QoS) Priorities" on page 4-26 for the...
Reference Manual
Page 174
... page before upgrading the VPN firewall's software. 6-20 VPN Firewall and Network Management v1.1, August 2010 You must manually restart the VPN firewall for the default settings to the Internet. To download a firmware version and upgrade the VPN firewall: 1. On the Settings Backup and Firmware Upgrade screen, click default. 2. Manually restart the VPN firewall in order for the restored settings to the original factory default settings: 1. After rebooting, the VPN firewall's password will be password and the LAN IP address will be 192.168.1.1. The VPN firewall will change to...
... page before upgrading the VPN firewall's software. 6-20 VPN Firewall and Network Management v1.1, August 2010 You must manually restart the VPN firewall for the default settings to the Internet. To download a firmware version and upgrade the VPN firewall: 1. On the Settings Backup and Firmware Upgrade screen, click default. 2. Manually restart the VPN firewall in order for the restored settings to the original factory default settings: 1. After rebooting, the VPN firewall's password will be password and the LAN IP address will be 192.168.1.1. The VPN firewall will change to...
Reference Manual
Page 193
... • "Troubleshooting the Web Configuration Interface" on page 7-3 • "Troubleshooting the ISP Connection" on page 7-4 • "Troubleshooting a TCP/IP Network Using a Ping Utility" on page 7-5 • "Restoring the Default Configuration and Password" on page 7-7 • "Problems with Date and Time" on page 7-7 • "Using the Diagnostics Utilities" on page 7-8 Basic Functions After you turn on . 2. The LAN port LEDs are connected. After approximately 2 minutes, verify that are lit for your ProSafe Gigabit 8 Port VPN Firewall FVS318G. The Internet port LED is...
... • "Troubleshooting the Web Configuration Interface" on page 7-3 • "Troubleshooting the ISP Connection" on page 7-4 • "Troubleshooting a TCP/IP Network Using a Ping Utility" on page 7-5 • "Restoring the Default Configuration and Password" on page 7-7 • "Problems with Date and Time" on page 7-7 • "Using the Diagnostics Utilities" on page 7-8 Basic Functions After you turn on . 2. The LAN port LEDs are connected. After approximately 2 minutes, verify that are lit for your ProSafe Gigabit 8 Port VPN Firewall FVS318G. The Internet port LED is...
Reference Manual
Page 194
.... ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Power LED Not On If the Power and other LEDs are off when your VPN firewall is turned on: • Make sure that the power cord is properly connected to your VPN firewall and that the power supply adapter is properly connected to a functioning power outlet. • Check that you are using the correct cable: When connecting the VPN firewall's Internet port to a cable or DSL modem, use the cable that was supplied with the cable or DSL modem. If the error...
.... ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Power LED Not On If the Power and other LEDs are off when your VPN firewall is turned on: • Make sure that the power cord is properly connected to your VPN firewall and that the power supply adapter is properly connected to a functioning power outlet. • Check that you are using the correct cable: When connecting the VPN firewall's Internet port to a cable or DSL modem, use the cable that was supplied with the cable or DSL modem. If the error...
Reference Manual
Page 196
... incorrectly set the login name and password. 7-4 Troubleshooting v1.1, August 2010 Turn off power to the cable or DSL modem. 2. If your VPN firewall is still unable to obtain an IP address from the ISP. If your VPN firewall is unable to obtain an IP address from the submenu. 4. Unless you have been assigned a static IP address, your VPN firewall. 3. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If the VPN firewall does not save changes you have made in the Web Configuration Interface, check the...
... incorrectly set the login name and password. 7-4 Troubleshooting v1.1, August 2010 Turn off power to the cable or DSL modem. 2. If your VPN firewall is still unable to obtain an IP address from the ISP. If your VPN firewall is unable to obtain an IP address from the submenu. 4. Unless you have been assigned a static IP address, your VPN firewall. 3. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If the VPN firewall does not save changes you have made in the Web Configuration Interface, check the...
Reference Manual
Page 214
... command line interface 6-16 configuration automatic by DHCP 1-4 Connecting the VPN firewall 2-1 Content Filtering 4-1 about 1-2, 4-30 Block Sites 4-30 enabling 4-32 firewall protection, about 4-1 CRL 5-32 managing 5-38 crossover cable 1-3, 7-2 CSR 5-35 Customized Services adding 4-3, 4-25 editing 4-26 D Data Encryption Standard. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual certificates CRL 5-32 management of 5-35 trusted (CA certificates) 5-32 Classical Routing definition of 4-16 modifying 4-12, 4-14 DMZ WAN Rules screen 4-12 DNS ISP server addresses 2-9 server IP address...
... command line interface 6-16 configuration automatic by DHCP 1-4 Connecting the VPN firewall 2-1 Content Filtering 4-1 about 1-2, 4-30 Block Sites 4-30 enabling 4-32 firewall protection, about 4-1 CRL 5-32 managing 5-38 crossover cable 1-3, 7-2 CSR 5-35 Customized Services adding 4-3, 4-25 editing 4-26 D Data Encryption Standard. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual certificates CRL 5-32 management of 5-35 trusted (CA certificates) 5-32 Classical Routing definition of 4-16 modifying 4-12, 4-14 DMZ WAN Rules screen 4-12 DNS ISP server addresses 2-9 server IP address...
Reference Manual
Page 218
... connection 2-7 PPTP 2-5 precedence, order of for rules 4-24 pre-shared key 5-21 protocol numbers assigned 4-24 protocols Routing Information Protocol 1-4 Q QoS 4-3 about 4-37 adding a rule 4-38 increasing traffic 6-6 modifying a rule 4-39 rules of use with 3-15 versions of 3-18 RIP Configuration screen 3-17 router administration tips on 4-42 router broadcast RIP, use 4-38 status 6-36 Port Triggering screen 4-38, 6-36 ports explanation of WAN and LAN 1-6 PPP over Ethernet. See PPPoE. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual service blocking 4-3 Port Forwarding Inbound...
... connection 2-7 PPTP 2-5 precedence, order of for rules 4-24 pre-shared key 5-21 protocol numbers assigned 4-24 protocols Routing Information Protocol 1-4 Q QoS 4-3 about 4-37 adding a rule 4-38 increasing traffic 6-6 modifying a rule 4-39 rules of use with 3-15 versions of 3-18 RIP Configuration screen 3-17 router administration tips on 4-42 router broadcast RIP, use 4-38 status 6-36 Port Triggering screen 4-38, 6-36 ports explanation of WAN and LAN 1-6 PPP over Ethernet. See PPPoE. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual service blocking 4-3 Port Forwarding Inbound...