Reference Manual
Page 3
... any products derived from this equipment on the market and has been granted the right to test the series for compliance with or without his specific prior written permission. Federal Office for Telecommunications Approvals has been notified of the placing of correctness or fitness for purpose. When used in a residential area...
... any products derived from this equipment on the market and has been granted the right to test the series for compliance with or without his specific prior written permission. Federal Office for Telecommunications Approvals has been notified of the placing of correctness or fitness for purpose. When used in a residential area...
Reference Manual
Page 5
...Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS336G October 2007 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN Business English 202-10257-01 1.0 v 1.0, October 2007... 1995-2002 Jean-loup Gailly and Mark Adler. zlib.h -- In no event will the authors be plainly marked as -is', without specific prior written permission. Permission is provided 'as such, and must not claim that the software was developed by RFCs (Request for Comments...
...Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS336G October 2007 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN Business English 202-10257-01 1.0 v 1.0, October 2007... 1995-2002 Jean-loup Gailly and Mark Adler. zlib.h -- In no event will the authors be plainly marked as -is', without specific prior written permission. Permission is provided 'as such, and must not claim that the software was developed by RFCs (Request for Comments...
Reference Manual
Page 8
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Network Address Translation 2-13 Classical Routing 2-13 Configuring Auto-Rollover Mode 2-14 Configuring Load Balancing 2-16 Configuring Dynamic DNS...10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Precedence for Rules 4-7 Setting the Default Outbound Policy 4-7 Creating a LAN WAN Outbound Services Rule ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Network Address Translation 2-13 Classical Routing 2-13 Configuring Auto-Rollover Mode 2-14 Configuring Load Balancing 2-16 Configuring Dynamic DNS...10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Precedence for Rules 4-7 Setting the Default Outbound Policy 4-7 Creating a LAN WAN Outbound Services Rule ...
Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer ...
Reference Manual
Page 14
... dedicated to the NETGEAR website in Appendix B, "Related Documents. Each page in the HTML version of the manual is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Danger:...the browser menu to Use This Manual The HTML version of this manual, you can choose one page at http://kbserver.netgear.com/products/FVS336G.asp. How to print the page contents. online knowledge base for browsing forwards or backwards through the manual one of contents...
... dedicated to the NETGEAR website in Appendix B, "Related Documents. Each page in the HTML version of the manual is written for the VPN firewall according to these specifications: Product Version Manual Publication Date ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Danger:...the browser menu to Use This Manual The HTML version of this manual, you can choose one page at http://kbserver.netgear.com/products/FVS336G.asp. How to print the page contents. online knowledge base for browsing forwards or backwards through the manual one of contents...
Reference Manual
Page 39
...on your LAN to share a single public Internet IP address. To gain Internet access, each PC, you can map incoming traffic on a specific WAN interface, configure protocol binding rules for that are not visible from the Internet. • The VPN firewall uses NAT to select the ...PC (on your LAN must also choose either NAT or classical routing, as the primary link for certain traffic or applications. Connecting the FVS336G to be bypassed for this mode. The VPN firewall distributes the outbound traffic equally among the WAN interfaces that WAN interface. Network Address Translation...
...on your LAN to share a single public Internet IP address. To gain Internet access, each PC, you can map incoming traffic on a specific WAN interface, configure protocol binding rules for that are not visible from the Internet. • The VPN firewall uses NAT to select the ...PC (on your LAN must also choose either NAT or classical routing, as the primary link for certain traffic or applications. Connecting the FVS336G to be bypassed for this mode. The VPN firewall distributes the outbound traffic equally among the WAN interfaces that WAN interface. Network Address Translation...
Reference Manual
Page 53
.... So changing a PC's IP address does not affect any restrictions on PCs. You can also create Firewall Rules to apply to Block or Allow Specific Kinds of Traffic" on page 4-19). - You can just select the desired PC or device. • No need to ensure it always has... 3-5 v1.0, October 2007 The local network is strongly recommended. • Scanning the Network. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table in the LAN Groups menu contains a list of all known PCs...
.... So changing a PC's IP address does not affect any restrictions on PCs. You can also create Firewall Rules to apply to Block or Allow Specific Kinds of Traffic" on page 4-19). - You can just select the desired PC or device. • No need to ensure it always has... 3-5 v1.0, October 2007 The local network is strongly recommended. • Scanning the Network. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table in the LAN Groups menu contains a list of all known PCs...
Reference Manual
Page 63
.... This chapter contains the following sections: • "About Firewall Protection and Content Filtering" • "Using Rules to Block or Allow Specific Kinds of Traffic" • "Setting a Schedule to Block or Allow Specific Traffic" • "Enabling Source MAC Filtering" • "Port Triggering" • "E-Mail Notifications of Event Logs and Alerts" • "Administrator Tips...
.... This chapter contains the following sections: • "About Firewall Protection and Content Filtering" • "Using Rules to Block or Allow Specific Kinds of Traffic" • "Setting a Schedule to Block or Allow Specific Traffic" • "Enabling Source MAC Filtering" • "Port Triggering" • "E-Mail Notifications of Event Logs and Alerts" • "Administrator Tips...
Reference Manual
Page 64
... users can be added to the outside. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual intrusions. Using Rules to Block or Allow Specific Kinds of the FVS336G are based on page 4-17). 4-2 Firewall Protection and Content Filtering v1.0, October 2007 Inbound rules ...considers whether the incoming packet is in response to . The default rules of Traffic Firewall rules are used to block or allow specific traffic passing through the system (see "Adding Customized Services" on the VPN firewall can have rules defined for outbound traffic. ...
... users can be added to the outside. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual intrusions. Using Rules to Block or Allow Specific Kinds of the FVS336G are based on page 4-17). 4-2 Firewall Protection and Content Filtering v1.0, October 2007 Inbound rules ...considers whether the incoming packet is in response to . The default rules of Traffic Firewall rules are used to block or allow specific traffic passing through the system (see "Adding Customized Services" on the VPN firewall can have rules defined for outbound traffic. ...
Reference Manual
Page 65
...and devices on page 4-16). This is selected, you must define it using the Services menu (see "Setting a Schedule to Block or Allow Specific Traffic" on page 3-5. These settings determine which this rule will be used by this rule. • This drop down menu gets activated only ... "Managing Groups and Hosts (LAN Groups)" on page 4-18). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Outbound Rules (Service Blocking) The FVS336G allows you to block the use of traffic that particular PC. • Address range - If the desired service or application...
...and devices on page 4-16). This is selected, you must define it using the Services menu (see "Setting a Schedule to Block or Allow Specific Traffic" on page 3-5. These settings determine which this rule will be used by this rule. • This drop down menu gets activated only ... "Managing Groups and Hosts (LAN Groups)" on page 4-18). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Outbound Rules (Service Blocking) The FVS336G allows you to block the use of traffic that particular PC. • Address range - If the desired service or application...
Reference Manual
Page 67
...port number configured here. If this option is selected, you must define it using the Services menu (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-23 for packets covered by this rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW ...October 2007 Table 4-2. WAN Users These settings determine which computer on page 4-16). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Local PCs must access the local server using the external WAN IP address will have the destination port number modified to...
...port number configured here. If this option is selected, you must define it using the Services menu (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-23 for packets covered by this rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW ...October 2007 Table 4-2. WAN Users These settings determine which computer on page 4-16). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Local PCs must access the local server using the external WAN IP address will have the destination port number modified to...
Reference Manual
Page 69
...cases, the order of precedence of two or more rules may be applied to block specific types of Allow Always can then be important in the Rules Table, beginning at the top (those with SSL & IPsec VPN FVS336G Reference Manual Figure 4-1 Order of a packet. For example, you should place the ...most specific services or addresses). The default policy of traffic from going out from the LAN to the tables in ...
...cases, the order of precedence of two or more rules may be applied to block specific types of Allow Always can then be important in the Rules Table, beginning at the top (those with SSL & IPsec VPN FVS336G Reference Manual Figure 4-1 Order of a packet. For example, you should place the ...most specific services or addresses). The default policy of traffic from going out from the LAN to the tables in ...
Reference Manual
Page 70
... Block Always from an internal IP LAN address to an external WAN IP address according to your specific needs (see "Administrator Tips" on page 4-25). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default Outbound Policy, follow these rules to the schedule created in Figure...
... Block Always from an internal IP LAN address to an external WAN IP address according to your specific needs (see "Administrator Tips" on page 4-25). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default Outbound Policy, follow these rules to the schedule created in Figure...
Reference Manual
Page 72
...should be made. When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G Reference Manual Modifying Rules To make any changes to the rule definition of partial connections and will not respond to port scans from the...; Click Delete to discovery and attacks. - ProSafe Dual WAN Gigabit Firewall with half-open connections. Attack Checks This screen allows you have a specific reason to an existing outbound or inbound service rule: 1. Ping can then be protected against common attacks in the LAN and WAN networks. No...
...should be made. When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G Reference Manual Modifying Rules To make any changes to the rule definition of partial connections and will not respond to port scans from the...; Click Delete to discovery and attacks. - ProSafe Dual WAN Gigabit Firewall with half-open connections. Attack Checks This screen allows you have a specific reason to an existing outbound or inbound service rule: 1. Ping can then be protected against common attacks in the LAN and WAN networks. No...
Reference Manual
Page 80
...Throughput. Setting a Schedule to be low. The Schedule 1 screen is assigned to the traffic. Used when data has to Block or Allow Specific Traffic If you enabled Content Filtering in the Internet Protocol Suite" standards, RFC 1349. The IP packets for services with this service. The IP... of 0. • Minimize-Cost. Used when data needs to travel to the destination over a reliable link and with SSL & IPsec VPN FVS336G Reference Manual • On the Services screen in the Custom Services Table for services with this priority are defined by configuring one of 1. ...
...Throughput. Setting a Schedule to be low. The Schedule 1 screen is assigned to the traffic. Used when data has to Block or Allow Specific Traffic If you enabled Content Filtering in the Internet Protocol Suite" standards, RFC 1349. The IP packets for services with this service. The IP... of 0. • Minimize-Cost. Used when data needs to travel to the destination over a reliable link and with SSL & IPsec VPN FVS336G Reference Manual • On the Services screen in the Custom Services Table for services with this priority are defined by configuring one of 1. ...
Reference Manual
Page 81
...PM) to Web Components blocking when the blocking of day, select either All Days or Specific Days. If you chose Specific Days, select each day that the schedule will see a "Blocked by NETGEAR" message. Setting Block Sites (Content Filtering) To restrict internal LAN users from any Web...types: Proxy, Java, ActiveX, and Cookies. Select either All Day or Specific Times. Several types of these features are available: • Web Components blocking. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . By default, these features and users try to access ...
...PM) to Web Components blocking when the blocking of day, select either All Days or Specific Days. If you chose Specific Days, select each day that the schedule will see a "Blocked by NETGEAR" message. Setting Block Sites (Content Filtering) To restrict internal LAN users from any Web...types: Proxy, Java, ActiveX, and Cookies. Select either All Day or Specific Times. Several types of these features are available: • Web Components blocking. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . By default, these features and users try to access ...
Reference Manual
Page 87
... Enter the End Port range (1 - 65534). 6. denied incoming and outgoing service requests; In addition, if you have to Block or Allow Specific Kinds of managing the traffic through your VPN firewall will log security-related events such as: accepted and dropped packets on the Firewall Logs & ... to the Port Triggering Rules table. Administrator Tips Consider the following optional features of your control with SSL & IPsec VPN FVS336G Reference Manual 4. As an option, you input on different segments of the VPN firewall: Firewall Protection and Content Filtering v1.0, October ...
... Enter the End Port range (1 - 65534). 6. denied incoming and outgoing service requests; In addition, if you have to Block or Allow Specific Kinds of managing the traffic through your VPN firewall will log security-related events such as: accepted and dropped packets on the Firewall Logs & ... to the Port Triggering Rules table. Administrator Tips Consider the following optional features of your control with SSL & IPsec VPN FVS336G Reference Manual 4. As an option, you input on different segments of the VPN firewall: Firewall Protection and Content Filtering v1.0, October ...
Reference Manual
Page 88
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Groups and hosts (see "Managing Groups and Hosts (LAN Groups)" on page 3-5) • Services (see "Services-Based Rules" on page 4-2) • Schedules (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-18) • Block sites (see "Setting Block...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Groups and hosts (see "Managing Groups and Hosts (LAN Groups)" on page 3-5) • Services (see "Services-Based Rules" on page 4-2) • Schedules (see "Setting a Schedule to Block or Allow Specific Traffic" on page 4-18) • Block sites (see "Setting Block...
Reference Manual
Page 89
... Port Systems" • "Configuring an IPsec VPN Connection using the VPN Wizard" • "Managing VPN Tunnel Policies" • "Creating a VPN Client Connection: VPN Client to FVS336G" • "Manually Assigning IP Addresses to Remote Users (ModeConfig)" • "Extended Authentication (XAUTH) Configuration" Tip: When configuring VPN for a dual WAN port network, use the... This chapter describes how to use the VPN Wizard to configure the basic parameters and then edit the VPN and IKE Policy menus for the specific VPN application, if necessary.
... Port Systems" • "Configuring an IPsec VPN Connection using the VPN Wizard" • "Managing VPN Tunnel Policies" • "Creating a VPN Client Connection: VPN Client to FVS336G" • "Manually Assigning IP Addresses to Remote Users (ModeConfig)" • "Extended Authentication (XAUTH) Configuration" Tip: When configuring VPN for a dual WAN port network, use the... This chapter describes how to use the VPN Wizard to configure the basic parameters and then edit the VPN and IKE Policy menus for the specific VPN application, if necessary.
Reference Manual
Page 119
..., secure, user portal experience from virtually any available platform. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their computers. Using the familiar Secure Sockets Layer (SSL) protocol...
..., secure, user portal experience from virtually any available platform. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their computers. Using the familiar Secure Sockets Layer (SSL) protocol...