FVS328 Reference Manual
Page 7
...How to Configure Static Routes 5-8 Chapter 6 Protecting Your Network Protecting Access to Your FVS328 Firewall 6-1 How to Change the Built-In Password 6-1 How to Change the Administrator Login Timeout 6-2 Configuring Basic Firewall Services 6-2 Using the Block Sites Menu to Screen Content 6-3 Services and Rules Regulate Inbound and Outbound Traffic 6-4 Defining a Service ...6-5 Using Inbound/Outbound Rules to Block or Allow Services 6-6 Examples of Using Services and Rules to Regulate Traffic 6-8 Inbound Rules (Port Forwarding 6-8 Example: Port Forwarding to a Local Public Web Server...
...How to Configure Static Routes 5-8 Chapter 6 Protecting Your Network Protecting Access to Your FVS328 Firewall 6-1 How to Change the Built-In Password 6-1 How to Change the Administrator Login Timeout 6-2 Configuring Basic Firewall Services 6-2 Using the Block Sites Menu to Screen Content 6-3 Services and Rules Regulate Inbound and Outbound Traffic 6-4 Defining a Service ...6-5 Using Inbound/Outbound Rules to Block or Allow Services 6-6 Examples of Using Services and Rules to Regulate Traffic 6-8 Inbound Rules (Port Forwarding 6-8 Example: Port Forwarding to a Local Public Web Server...
FVS328 Reference Manual
Page 17
... the NETGEAR FVS328 ProSafe VPN Firewall with Dial Back-up Internet connection via either the serial or broadband port. • Auto fail-over connectivity through an external broadband access device such as a cable modem or DSL modem, and supports IPSec-based secure tunnels to IPSec-compatible VPN servers. Key Features The FVS328 features are highlighted below. The FVS328 Firewall provides connection for multiple computers to the Internet through the serial port provides highly reliable Internet access for an amount of time you specify, the FVS328 can install, configure, and...
... the NETGEAR FVS328 ProSafe VPN Firewall with Dial Back-up Internet connection via either the serial or broadband port. • Auto fail-over connectivity through an external broadband access device such as a cable modem or DSL modem, and supports IPSec-based secure tunnels to IPSec-compatible VPN servers. Key Features The FVS328 features are highlighted below. The FVS328 Firewall provides connection for multiple computers to the Internet through the serial port provides highly reliable Internet access for an amount of time you specify, the FVS328 can install, configure, and...
FVS328 Reference Manual
Page 20
... Internet over Ethernet (PPPoE) PPPoE is a protocol for connecting remote hosts to easily configure your computer. • Point-to-Point Tunneling Protocol PPTP login support for European ISPs and BigPond login for Telstra cable in Australia. • Dynamic DNS Dynamic DNS services allow remote users to the Web Management Interface from a remote location via the Internet using a domain name when your dynamic IP address. See "Configuring Dynamic DNS" on your firewall from the LAN. • PPP over a DSL connection by simulating a dial-up Reference Manual...
... Internet over Ethernet (PPPoE) PPPoE is a protocol for connecting remote hosts to easily configure your computer. • Point-to-Point Tunneling Protocol PPTP login support for European ISPs and BigPond login for Telstra cable in Australia. • Dynamic DNS Dynamic DNS services allow remote users to the Web Management Interface from a remote location via the Internet using a domain name when your dynamic IP address. See "Configuring Dynamic DNS" on your firewall from the LAN. • PPP over a DSL connection by simulating a dial-up Reference Manual...
FVS328 Reference Manual
Page 21
... the Internet via the remote management function. • Visual monitoring The firewall's front panel LEDs provide an easy way to test Internet connectivity and reboot the firewall. Application notes, tools, and other helpful information • Warranty and registration card • Support information card If any of the LEDs to return the product for firmware upgrades Note: Product updates are available on the LAN or when you need to verify connections. Model FVS328 ProSafe VPN Firewall...
... the Internet via the remote management function. • Visual monitoring The firewall's front panel LEDs provide an easy way to test Internet connectivity and reboot the firewall. Application notes, tools, and other helpful information • Warranty and registration card • Support information card If any of the LEDs to return the product for firmware upgrades Note: Product updates are available on the LAN or when you need to verify connections. Model FVS328 ProSafe VPN Firewall...
FVS328 Reference Manual
Page 32
... DNS Server address is also referred to as PPP over Ethernet (PPPoE), you are case sensitive. Enter the Router's MAC Address. This is available, enter it . Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Connections that use fixed IP address assignment. Configuring a Wizard-Detected Login Account If the Setup Wizard determines that the settings take effect. 5. If you finish configuring the firewall, reboot your computers so that your ISP. NAT allows all LAN computers...
... DNS Server address is also referred to as PPP over Ethernet (PPPoE), you are case sensitive. Enter the Router's MAC Address. This is available, enter it . Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual • Connections that use fixed IP address assignment. Configuring a Wizard-Detected Login Account If the Setup Wizard determines that the settings take effect. 5. If you finish configuring the firewall, reboot your computers so that your ISP. NAT allows all LAN computers...
FVS328 Reference Manual
Page 33
... allows your firewall to your firewall during login, select "Use these DNS servers" and enter the IP address of your ISP's Primary DNS Server. If the NETGEAR Web site does not appear within one specific computer's Ethernet MAC address, select "Use this MAC address." If you know that you are now using, or Use This MAC Address to test your Internet connection. If a Secondary DNS Server address is first opened. Click the Test button to manually type in a MAC address. If your ISP allows access from...
... allows your firewall to your firewall during login, select "Use these DNS servers" and enter the IP address of your ISP's Primary DNS Server. If the NETGEAR Web site does not appear within one specific computer's Ethernet MAC address, select "Use this MAC address." If you know that you are now using, or Use This MAC Address to test your Internet connection. If a Secondary DNS Server address is first opened. Click the Test button to manually type in a MAC address. If your ISP allows access from...
FVS328 Reference Manual
Page 34
Model FVS328 ProSafe VPN Firewall with its default User Name of admin and default Password of password, or using whatever Password you by your ISP. Configuring a Wizard-Detected Fixed IP (Static) Account If the Setup Wizard determines that your Internet service account uses Fixed IP assignment, you will need the configuration parameters from your ISP and enter them manually here. You will be directed to stop blinking. 2. For a fixed IP address configuration, you must obtain...
Model FVS328 ProSafe VPN Firewall with its default User Name of admin and default Password of password, or using whatever Password you by your ISP. Configuring a Wizard-Detected Fixed IP (Static) Account If the Setup Wizard determines that your Internet service account uses Fixed IP assignment, you will need the configuration parameters from your ISP and enter them manually here. You will be directed to stop blinking. 2. For a fixed IP address configuration, you must obtain...
FVS328 Reference Manual
Page 36
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: You can validate modem string settings by first connecting the modem directly to a PC, establishing a connection to your configuration. "Standard Modem" should work in the Modem Properties settings for your serial port Internet connection. If your serial port Internet connection will attempt to the Internet May 2004, 202-10031-01 Connect to the Internet to test your ISP, and then copying the modem string settings from the PC configuration and pasting...
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: You can validate modem string settings by first connecting the modem directly to a PC, establishing a connection to your configuration. "Standard Modem" should work in the Modem Properties settings for your serial port Internet connection. If your serial port Internet connection will attempt to the Internet May 2004, 202-10031-01 Connect to the Internet to test your ISP, and then copying the modem string settings from the PC configuration and pasting...
FVS328 Reference Manual
Page 37
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Testing Your Internet Connection After completing the Internet connection configuration, your can test your network. It is now configured to your firewall, launch a browser such as needed. To access the Internet from the Setup Basic Settings link, click the Test button. Your firewall automatically connects to the Internet when one minute, refer to the Internet May 2004, 202-10031-01 3-13 These functions are performed by the firewall as Microsoft...
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Testing Your Internet Connection After completing the Internet connection configuration, your can test your network. It is now configured to your firewall, launch a browser such as needed. To access the Internet from the Setup Basic Settings link, click the Test button. Your firewall automatically connects to the Internet when one minute, refer to the Internet May 2004, 202-10031-01 3-13 These functions are performed by the firewall as Microsoft...
FVS328 Reference Manual
Page 39
... PPPoE login user name and password provided by your PCs after configuring the firewall. Model FVS328 ProSafe VPN Firewall with or without login, or serial). When you plan to install the FVS328 in minutes. Note: Disabling NAT will be manually administering the IP address space on the Internet that uses broadband PPTP, login is available, enter it from the Internet Service Type drop down box. 2. Also enter the netmask and the Gateway IP address. Disable NAT only if you start...
... PPPoE login user name and password provided by your PCs after configuring the firewall. Model FVS328 ProSafe VPN Firewall with or without login, or serial). When you plan to install the FVS328 in minutes. Note: Disabling NAT will be manually administering the IP address space on the Internet that uses broadband PPTP, login is available, enter it from the Internet Service Type drop down box. 2. Also enter the netmask and the Gateway IP address. Disable NAT only if you start...
FVS328 Reference Manual
Page 50
... any RIP packets received. • RIP Version This controls the format and the broadcasting method of DHCP and information about how to the attached PCs from a pool of the same IP address subnet as DHCP server' check box. You must then open a new connection to the router's LAN. RIP-2B uses subnet broadcasting. - Model FVS328 ProSafe VPN Firewall with fixed addresses. 5-2 WAN and LAN Configuration May 2004, 202-10031-01 It...
... any RIP packets received. • RIP Version This controls the format and the broadcasting method of DHCP and information about how to the attached PCs from a pool of the same IP address subnet as DHCP server' check box. You must then open a new connection to the router's LAN. RIP-2B uses subnet broadcasting. - Model FVS328 ProSafe VPN Firewall with fixed addresses. 5-2 WAN and LAN Configuration May 2004, 202-10031-01 It...
FVS328 Reference Manual
Page 73
... days, enter Start Blocking and End Blocking times. Click Apply to use a particular NTP server as 24-hour time. Model FVS328 ProSafe VPN Firewall with its default User Name of admin, default password of http://192.168.0.1 with Dial Back-up a schedule for when blocking occurs or when access isn't restricted. 1. To block Internet services based on the first day of Daylight Savings Time, and uncheck it at its IP address under Use this NTP Server. How to...
... days, enter Start Blocking and End Blocking times. Click Apply to use a particular NTP server as 24-hour time. Model FVS328 ProSafe VPN Firewall with its default User Name of admin, default password of http://192.168.0.1 with Dial Back-up a schedule for when blocking occurs or when access isn't restricted. 1. To block Internet services based on the first day of Daylight Savings Time, and uncheck it at its IP address under Use this NTP Server. How to...
FVS328 Reference Manual
Page 89
...-up Reference Manual How to Use the VPN Wizard to display this procedure to proceed. Click the VPN Wizard link in the main menu to Configure a VPN Tunnel Note: If you have turned NAT off, before configuring VPN IPSec tunnels you must be different. Figure 7-5: VPN Wizard Start Screen 2. The connection will fail if both are using the VPN Wizard. Model FVS328 ProSafe VPN Firewall with its default user name of admin and password of target end point, and...
...-up Reference Manual How to Use the VPN Wizard to display this procedure to proceed. Click the VPN Wizard link in the main menu to Configure a VPN Tunnel Note: If you have turned NAT off, before configuring VPN IPSec tunnels you must be different. Figure 7-5: VPN Wizard Start Screen 2. The connection will fail if both are using the VPN Wizard. Model FVS328 ProSafe VPN Firewall with its default user name of admin and password of target end point, and...
FVS328 Reference Manual
Page 92
...-vendor VPN integration configuration case studies. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17. 7-18 May 2004, 202-10031-01 Virtual Private Networking NETGEAR publishes additional interoperability scenarios with both of these scenarios in these two versions of the same scenarios is a typical gateway-to help you with various gateway and client software products. Look on the FVS328 user interface...
...-vendor VPN integration configuration case studies. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17. 7-18 May 2004, 202-10031-01 Virtual Private Networking NETGEAR publishes additional interoperability scenarios with both of these scenarios in these two versions of the same scenarios is a typical gateway-to help you with various gateway and client software products. Look on the FVS328 user interface...
FVS328 Reference Manual
Page 99
... 1 and Phase 2 parameters are finished with Dial Back-up Reference Manual 2. Note: If you get the "reply" message back from a Certificate Authority (CA). To view the FVS328 event log and status of the VPN tunnels for authentication. For instructions on the Internet WAN port. After between the FVS328 Gateway A and Gateway B WAN ports, follow these steps: a. Using our example, log in to the FVS328 on LAN A, go to Set Your Time Zone" on the...
... 1 and Phase 2 parameters are finished with Dial Back-up Reference Manual 2. Note: If you get the "reply" message back from a Certificate Authority (CA). To view the FVS328 event log and status of the VPN tunnels for authentication. For instructions on the Internet WAN port. After between the FVS328 Gateway A and Gateway B WAN ports, follow these steps: a. Using our example, log in to the FVS328 on LAN A, go to Set Your Time Zone" on the...
FVS328 Reference Manual
Page 107
... the Internet to configure, upgrade and check the status of your FVS328 ProSafe VPN Firewall with Dial Back-up to 30 characters. 1. b. The ideal password should contain no dictionary words from any language, and should be a mixture of password, or using whatever password and LAN address you can be allowed to access the firewall's remote management. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password...
... the Internet to configure, upgrade and check the status of your FVS328 ProSafe VPN Firewall with Dial Back-up to 30 characters. 1. b. The ideal password should contain no dictionary words from any language, and should be a mixture of password, or using whatever password and LAN address you can be allowed to access the firewall's remote management. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password...
FVS328 Reference Manual
Page 120
... Managing Your Network Note: Product updates are available on the NETGEAR, Inc. The Web browser used to upload new firmware into the firewall must first extract the binary (.BIN or .IMG) file before uploading it to the firewall. Use Microsoft Internet Explorer 5.0 or above, or Netscape Navigator 4.7 or above. If the upgrade file is released by NETGEAR. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 8-9: Diagnostics menu Upgrading the Router's Firmware...
... Managing Your Network Note: Product updates are available on the NETGEAR, Inc. The Web browser used to upload new firmware into the firewall must first extract the binary (.BIN or .IMG) file before uploading it to the firewall. Use Microsoft Internet Explorer 5.0 or above, or Netscape Navigator 4.7 or above. If the upgrade file is released by NETGEAR. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Figure 8-9: Diagnostics menu Upgrading the Router's Firmware...
FVS328 Reference Manual
Page 129
... must use the Default Reset button on page D-5. - Many broadband ISPs restrict access by DHCP, this method for cases when the administration password or IP address is not known. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual PING -n 10 where is the IP address of a remote device such as your cable or DSL modem is connected and functioning. - Refer to "Manually Configuring Your Internet Connection" on the rear panel of your firewall to Use the Default Reset Button To restore the factory default configuration settings without...
... must use the Default Reset button on page D-5. - Many broadband ISPs restrict access by DHCP, this method for cases when the administration password or IP address is not known. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual PING -n 10 where is the IP address of a remote device such as your cable or DSL modem is connected and functioning. - Refer to "Manually Configuring Your Internet Connection" on the rear panel of your firewall to Use the Default Reset Button To restore the factory default configuration settings without...
FVS328 Reference Manual
Page 192
... dynamic DNS service will not work because private addresses will not be secure. Type the User Name for your configuration. Note: The router supports only basic DDNS and the login and password may call this example we used netgear as the service provider. - Model FVS328 ProSafe VPN Firewall with FQDN to FVS328 May 2004, 202-10031-01 Figure G-3: NETGEAR FVS318 VPN Settings Pre-Configuration 7. Click the VPN Settings link on the left side of the Settings management GUI. In this example we...
... dynamic DNS service will not work because private addresses will not be secure. Type the User Name for your configuration. Note: The router supports only basic DDNS and the login and password may call this example we used netgear as the service provider. - Model FVS328 ProSafe VPN Firewall with FQDN to FVS328 May 2004, 202-10031-01 Figure G-3: NETGEAR FVS318 VPN Settings Pre-Configuration 7. Click the VPN Settings link on the left side of the Settings management GUI. In this example we...
FVS328 Reference Manual
Page 227
... contents 2-5 password restoring 9-7 PC, using to configure D-12 ping 5-6 PKIX 7-25 port filtering 6-11 port forwarding behind NAT C-8 port numbers 6-5 PPP over Ethernet 2-4, D-9 PPPoE 2-4, 3-8, D-9 PPTP 3-15 Primary DNS Server 3-8, 3-9, 3-10, 3-15 protocols Address Resolution C-9 DHCP 2-3, C-10 Routing Information 2-3, C-2 support 2-3 TCP/IP 2-3 publications, related C-1 R rear panel 2-7 reset button, clearing config 9-7 restore factory settings 8-13 RFC 1466 C-7, C-9 1597 C-7, C-9 1631 C-8, C-9 finding C-7 RIP (Router Information Protocol) 5-1 router concepts C-1 Routing Information Protocol...
... contents 2-5 password restoring 9-7 PC, using to configure D-12 ping 5-6 PKIX 7-25 port filtering 6-11 port forwarding behind NAT C-8 port numbers 6-5 PPP over Ethernet 2-4, D-9 PPPoE 2-4, 3-8, D-9 PPTP 3-15 Primary DNS Server 3-8, 3-9, 3-10, 3-15 protocols Address Resolution C-9 DHCP 2-3, C-10 Routing Information 2-3, C-2 support 2-3 TCP/IP 2-3 publications, related C-1 R rear panel 2-7 reset button, clearing config 9-7 restore factory settings 8-13 RFC 1466 C-7, C-9 1597 C-7, C-9 1631 C-8, C-9 finding C-7 RIP (Router Information Protocol) 5-1 router concepts C-1 Routing Information Protocol...