Reference Manual
Page 8
... Groups Database 3-7 Configuring DHCP Address Reservation 3-8 Configuring Multi Home LAN IP Addresses 3-9 Configuring Static Routes 3-10 Configuring Static Routes 3-10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Precedence for Rules 4-7 Setting the Default Outbound Policy 4-7 Creating a LAN WAN Outbound Services Rule 4-8 Creating a LAN WAN Inbound Services Rule 4-9 Attack Checks...
... Groups Database 3-7 Configuring DHCP Address Reservation 3-8 Configuring Multi Home LAN IP Addresses 3-9 Configuring Static Routes 3-10 Configuring Static Routes 3-10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Precedence for Rules 4-7 Setting the Default Outbound Policy 4-7 Creating a LAN WAN Outbound Services Rule 4-8 Creating a LAN WAN Inbound Services Rule 4-9 Attack Checks...
Reference Manual
Page 10
...Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13 Adding New Network Resources 6-13 Configuring User, Group, and Global Policies 6-15 Viewing Policies ...6-16 Adding a Policy ...6-17 Chapter 7 Managing Users, Authentication, and Certificates Adding...
...Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13 Adding New Network Resources 6-13 Configuring User, Group, and Global Policies 6-15 Viewing Policies ...6-16 Adding a Policy ...6-17 Chapter 7 Managing Users, Authentication, and Certificates Adding...
Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade 8-14 Configuring Date and Time Service 8-16 Chapter 9 Monitoring System Performance Enabling the Traffic Meter 9-1 Activating Notification of Events and Alerts 9-4 Viewing Firewall Logs ...9-6 Viewing Router Configuration and System Status 9-7 Monitoring the Status of WAN Ports 9-9 Monitoring Attached Devices 9-10 Reviewing the DHCP Log 9-12 Monitoring Active Users 9-13 Viewing Port Triggering Status 9-13 Monitoring VPN Tunnel Connection Status 9-15 Reviewing the VPN ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade 8-14 Configuring Date and Time Service 8-16 Chapter 9 Monitoring System Performance Enabling the Traffic Meter 9-1 Activating Notification of Events and Alerts 9-4 Viewing Firewall Logs ...9-6 Viewing Router Configuration and System Status 9-7 Monitoring the Status of WAN Ports 9-9 Monitoring Attached Devices 9-10 Reviewing the DHCP Log 9-12 Monitoring Active Users 9-13 Viewing Port Triggering Status 9-13 Monitoring VPN Tunnel Connection Status 9-15 Reviewing the VPN ...
Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet Configuration Requirements C-4 Where Do I Get the Internet Configuration Parameters C-4 Internet Connection Information Form C-5 Overview of the Planning Process C-6 Inbound Traffic ...C-6 Virtual Private Networks (VPNs C-6 The ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet Configuration Requirements C-4 Where Do I Get the Internet Configuration Parameters C-4 Internet Connection Information Form C-5 Overview of the Planning Process C-6 Inbound Traffic ...C-6 Virtual Private Networks (VPNs C-6 The ...
Reference Manual
Page 17
The use of your primary Internet connection. As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to maintain a backup connection in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for secure and simple remote connections. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your local area network (LAN) to the Internet through one or two external broadband access devices such as cable modems or DSL modems. Dual wide area network (WAN) ports allow you to increase throughput to the Internet by using both ...
The use of your primary Internet connection. As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to maintain a backup connection in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for secure and simple remote connections. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your local area network (LAN) to the Internet through one or two external broadband access devices such as cable modems or DSL modems. Dual wide area network (WAN) ports allow you to increase throughput to the Internet by using both ...
Reference Manual
Page 18
...access for the planning factors to connect a second broadband Internet line that can be configured on the remote computer. - Dual WAN Ports for firmware upgrade. • Internal universal switching power supply. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Advanced stateful packet inspection (SPI) firewall with multi-NAT support. • Easy, web-based setup for installation and management. • Front panel LEDs for easy monitoring of status and activity. • Flash memory for Increased Reliability or Outbound Load Balancing The FVS336G...
...access for the planning factors to connect a second broadband Internet line that can be configured on the remote computer. - Dual WAN Ports for firmware upgrade. • Internal universal switching power supply. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Advanced stateful packet inspection (SPI) firewall with multi-NAT support. • Easy, web-based setup for installation and management. • Front panel LEDs for easy monitoring of status and activity. • Flash memory for Increased Reliability or Outbound Load Balancing The FVS336G...
Reference Manual
Page 20
... (RIP). When DHCP is built into the browser-based Web Management Interface. • Auto Detection of ISP account. 1-4 Introduction v1.0, October 2007 A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. Easy Installation and Management You can install, configure, and operate the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual the correct configuration. This feature eliminates...
... (RIP). When DHCP is built into the browser-based Web Management Interface. • Auto Detection of ISP account. 1-4 Introduction v1.0, October 2007 A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. Easy Installation and Management You can install, configure, and operate the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual the correct configuration. This feature eliminates...
Reference Manual
Page 49
... (LAN Groups)" on page 3-5 • "Configuring DHCP Address Reservation" on page 3-8 • "Configuring Multi Home LAN IP Addresses" on page 3-9 • "Configuring Static Routes" on page 3-10 • "Configuring Routing Information Protocol (RIP)" on the LAN. Each pool address is tested before it checked. Otherwise, leave it is the LAN address of the VPN firewall. Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your computers, clear the Enable DHCP server radio box by setting...
... (LAN Groups)" on page 3-5 • "Configuring DHCP Address Reservation" on page 3-8 • "Configuring Multi Home LAN IP Addresses" on page 3-9 • "Configuring Static Routes" on page 3-10 • "Configuring Routing Information Protocol (RIP)" on the LAN. Each pool address is tested before it checked. Otherwise, leave it is the LAN address of the VPN firewall. Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your computers, clear the Enable DHCP server radio box by setting...
Reference Manual
Page 72
... LAN and WAN networks. Status icon will change from a SYN flood attack. • LAN Security Checks 4-10 Firewall Protection and Content Filtering v1.0, October 2007 To allow the VPN firewall to respond to delete the rule. 3. Ping can then be used as a diagnostic tool. In stealth mode, the VPN firewall will be protected against common attacks in the table rank. 2. No legitimate connections can be made. You shouldn't check this check box. ProSafe Dual WAN Gigabit Firewall with half-open connections. Check...
... LAN and WAN networks. Status icon will change from a SYN flood attack. • LAN Security Checks 4-10 Firewall Protection and Content Filtering v1.0, October 2007 To allow the VPN firewall to respond to delete the rule. 3. Ping can then be used as a diagnostic tool. In stealth mode, the VPN firewall will be protected against common attacks in the table rank. 2. No legitimate connections can be made. You shouldn't check this check box. ProSafe Dual WAN Gigabit Firewall with half-open connections. Check...
Reference Manual
Page 103
..., a Certificate Authority (CA) can create two types of bits. The default setting using the VPN Wizard to decrypt the data (without the private key, decryption is involved. • Auto. For each end (both a public key and a private key. The VPN Wizard default setting is 3DES. (This setting must match the Remote VPN.) • DH. No third party server or organization is impossible). Virtual Private Networking Using IPsec v1.0, October 2007 5-15 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - Encryption...
..., a Certificate Authority (CA) can create two types of bits. The default setting using the VPN Wizard to decrypt the data (without the private key, decryption is involved. • Auto. For each end (both a public key and a private key. The VPN Wizard default setting is 3DES. (This setting must match the Remote VPN.) • DH. No third party server or organization is impossible). Virtual Private Networking Using IPsec v1.0, October 2007 5-15 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - Encryption...
Reference Manual
Page 105
... will use Netgear's ProSafe VPN Client software. Allows you to configure a VPN connection between a Windows PC and the FVS336G VPN firewall. Creating a VPN Client Connection: VPN Client to FVS336G This section describes how to terminate or build the SA (connection), if required. Start/open the VPN Wizard. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Tunnel Connection Status Recent VPN tunnel activity is shown on the remote VPN Endpoint. • Tx (KBytes). The Active IPsec (SA)s table also lists current data for each active IPsec SA (Security...
... will use Netgear's ProSafe VPN Client software. Allows you to configure a VPN connection between a Windows PC and the FVS336G VPN firewall. Creating a VPN Client Connection: VPN Client to FVS336G This section describes how to terminate or build the SA (connection), if required. Start/open the VPN Wizard. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual VPN Tunnel Connection Status Recent VPN tunnel activity is shown on the remote VPN Endpoint. • Tx (KBytes). The Active IPsec (SA)s table also lists current data for each active IPsec SA (Security...
Reference Manual
Page 159
... the blocking of Service) attacks. Access to LAN). ProSafe Dual WAN Gigabit Firewall with the specified MAC addresses. Warning: This feature is disabled; The default rule blocks all traffic received from WAN to the domains on the LAN, you can use this feature is for which keyword blocking has been enabled will cause serious problems. You can block the following Web component types: Proxy, Java, ActiveX, and Cookies. See "Setting Block Sites (Content Filtering)" on page 4-19 for inbound traffic. all inbound traffic...
... the blocking of Service) attacks. Access to LAN). ProSafe Dual WAN Gigabit Firewall with the specified MAC addresses. Warning: This feature is disabled; The default rule blocks all traffic received from WAN to the domains on the LAN, you can use this feature is for which keyword blocking has been enabled will cause serious problems. You can block the following Web component types: Proxy, Java, ActiveX, and Cookies. See "Setting Block Sites (Content Filtering)" on page 4-19 for inbound traffic. all inbound traffic...
Reference Manual
Page 162
... change the WAN bandwidth used to monitor the traffic conditions of the firewall and control who has access to the Internet and the types of traffic they are allowed to use this password to give the service higher or lower priority than others. Tools for Traffic Management The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Using QoS to the IEEE 802.1D-1998 (formerly 802.1p) standard for class of service tag. See "Setting Quality of Service (QoS...
... change the WAN bandwidth used to monitor the traffic conditions of the firewall and control who has access to the Internet and the types of traffic they are allowed to use this password to give the service higher or lower priority than others. Tools for Traffic Management The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Using QoS to the IEEE 802.1D-1998 (formerly 802.1p) standard for class of service tag. See "Setting Quality of Service (QoS...
Reference Manual
Page 169
... the LAN IP address will appear indicating the status of the VPN firewall router statistics, including the firmware version. The Router Status screen is running, choose Monitoring from the Settings Backup and Firmware Upgrade menu. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • If you have located the file, click Restore. Warning: When you click default, your VPN firewall settings will be erased. Select the software version and follow the To Install steps to your VPN firewall...
... the LAN IP address will appear indicating the status of the VPN firewall router statistics, including the firmware version. The Router Status screen is running, choose Monitoring from the Settings Backup and Firmware Upgrade menu. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • If you have located the file, click Restore. Warning: When you click default, your VPN firewall settings will be erased. Select the software version and follow the To Install steps to your VPN firewall...
Reference Manual
Page 189
...; "Troubleshooting a TCP/IP Network Using a Ping Utility" • "Restoring the Default Configuration and Password" • "Problems with SSL & IPsec VPN. The LAN port LINK/ACT LEDs are provided to the connected device. After each problem description, instructions are lit for any local ports that the port's SPEED LED is on power to the VPN firewall, the following section. If a LAN port is 100 Mbps, the LED will be amber. c. b. If the port is connected to a 1000 Mbps device, verify that are lit for your ProSafe Dual WAN Gigabit Firewall...
...; "Troubleshooting a TCP/IP Network Using a Ping Utility" • "Restoring the Default Configuration and Password" • "Problems with SSL & IPsec VPN. The LAN port LINK/ACT LEDs are provided to the connected device. After each problem description, instructions are lit for any local ports that the port's SPEED LED is on power to the VPN firewall, the following section. If a LAN port is 100 Mbps, the LED will be amber. c. b. If the port is connected to a 1000 Mbps device, verify that are lit for your ProSafe Dual WAN Gigabit Firewall...
Reference Manual
Page 190
... correct cable: When connecting the VPN firewall's Internet port to a cable or DSL modem, use the cable that was supplied with SSL & IPsec VPN FVS336G Reference Manual Power LED Not On If the Power and other LEDs are secure at the VPN firewall and at the hub or workstation. • Make sure that the Ethernet cable connections are off . This will set the VPN firewall's IP address to factory defaults. This cable could be a standard straight-through Ethernet cable or an Ethernet crossover cable. 10-2 v1.0, October 2007 Troubleshooting LAN or WAN Port LEDs...
... correct cable: When connecting the VPN firewall's Internet port to a cable or DSL modem, use the cable that was supplied with SSL & IPsec VPN FVS336G Reference Manual Power LED Not On If the Power and other LEDs are secure at the VPN firewall and at the hub or workstation. • Make sure that the Ethernet cable connections are off . This will set the VPN firewall's IP address to factory defaults. This cable could be a standard straight-through Ethernet cable or an Ethernet crossover cable. 10-2 v1.0, October 2007 Troubleshooting LAN or WAN Port LEDs...
Reference Manual
Page 192
... WAN Port. Unless you may have incorrectly set the login name and password. • Your ISP may require a login program. To check the WAN IP address: 1. Wait five minutes and reapply power to the cable or DSL modem. 2. If your VPN firewall is able to obtain a WAN IP address from the ISP, the problem may be one of the VPN firewall's configuration at https://192.168.1.1 3. Check that it has reacquired sync with SSL & IPsec VPN FVS336G Reference Manual...
... WAN Port. Unless you may have incorrectly set the login name and password. • Your ISP may require a login program. To check the WAN IP address: 1. Wait five minutes and reapply power to the cable or DSL modem. 2. If your VPN firewall is able to obtain a WAN IP address from the ISP, the problem may be one of the VPN firewall's configuration at https://192.168.1.1 3. Check that it has reacquired sync with SSL & IPsec VPN FVS336G Reference Manual...
Reference Manual
Page 195
... the MAC address of a single PC connected to "clone" or "spoof" the MAC address from the MAC address of your Internet access settings are configured correctly. If you must use the reset button on and begins to reboot. You can include: • Date shown is January 1, 2000. Problems with SSL & IPsec VPN FVS336G Reference Manual - To restore the factory default configuration settings without knowing the administration password or IP address, you must configure your PCs. Many broadband ISPs restrict access by only allowing traffic...
... the MAC address of a single PC connected to "clone" or "spoof" the MAC address from the MAC address of your Internet access settings are configured correctly. If you must use the reset button on and begins to reboot. You can include: • Date shown is January 1, 2000. Problems with SSL & IPsec VPN FVS336G Reference Manual - To restore the factory default configuration settings without knowing the administration password or IP address, you must configure your PCs. Many broadband ISPs restrict access by only allowing traffic...
Reference Manual
Page 207
... B, "Related Documents." Free browser programs are strongly advised to change the default management password to a strong password before enabling remote management. Note: For help with DHCP configuration, please refer to a ping, and setting MTU size, port speed, and upload bandwidth. To access the configuration menus on your firewall, you must use a Category 5 (CAT5) cable such as Microsoft Internet Explorer or Netscape Navigator. These options include enabling a WAN port to respond to the link in Web Configuration Manager. You will connect to your network at...
... B, "Related Documents." Free browser programs are strongly advised to change the default management password to a strong password before enabling remote management. Note: For help with DHCP configuration, please refer to a ping, and setting MTU size, port speed, and upload bandwidth. To access the configuration menus on your firewall, you must use a Category 5 (CAT5) cable such as Microsoft Internet Explorer or Netscape Navigator. These options include enabling a WAN port to respond to the link in Web Configuration Manager. You will connect to your network at...
Reference Manual
Page 232
... Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual split tunnel configuring 6-11 description 6-10 spoof MAC address 10-5 SSL VPN Client description 6-2 SSL VPN Logs 9-16 Starting IP Address DHCP Address Pool 3-4 Stateful Packet Inspection firewall, use with DDNS 8-12 traffic increasing 8-5 reducing 8-2 traffic management 8-8 traffic meter 2-22 troubleshooting 10-1 browsers 10-3 configuration settings, using sniffer 10-3 defaults 10-3 ISP connection 10-4 NTP 10-7 testing your setup 10-6 Web configuration 10-3 Trusted Certificates 7-9, 7-10 Trusted Domains building list...
... Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual split tunnel configuring 6-11 description 6-10 spoof MAC address 10-5 SSL VPN Client description 6-2 SSL VPN Logs 9-16 Starting IP Address DHCP Address Pool 3-4 Stateful Packet Inspection firewall, use with DDNS 8-12 traffic increasing 8-5 reducing 8-2 traffic management 8-8 traffic meter 2-22 troubleshooting 10-1 browsers 10-3 configuration settings, using sniffer 10-3 defaults 10-3 ISP connection 10-4 NTP 10-7 testing your setup 10-6 Web configuration 10-3 Trusted Certificates 7-9, 7-10 Trusted Domains building list...