Reference Manual
Page 2
... their respective holders. Other brand and product names are registered trademarks of Microsoft Corporation. However, there is a trademark of NETGEAR, Inc. Testsender) kann jedoch gewissen Beschränkungen unterliegen. All rights reserved. These limits are registered trademarks and ProSafe ...;llung der Vorschriften hin zu überprüfen. Trademarks NETGEAR and the NETGEAR logo are designed to correct the interference by NETGEAR, Inc. This equipment generates, uses, and can be determined by testing to the following measures: • Reorient or relocate the receiving...
... their respective holders. Other brand and product names are registered trademarks of Microsoft Corporation. However, there is a trademark of NETGEAR, Inc. Testsender) kann jedoch gewissen Beschränkungen unterliegen. All rights reserved. These limits are registered trademarks and ProSafe ...;llung der Vorschriften hin zu überprüfen. Trademarks NETGEAR and the NETGEAR logo are designed to correct the interference by NETGEAR, Inc. This equipment generates, uses, and can be determined by testing to the following measures: • Reorient or relocate the receiving...
Reference Manual
Page 3
... (c) 2001, Dr Brian Gladman , Worcester, UK. This software is provided 'as is in the second category (information equipment to be used to test the series for compliance with the distribution. 3. When used in a residential area or an adjacent area thereto) and conforms to the following conditions: ...or promote any products derived from this list of conditions and the following disclaimer. 2. iii 1.0, October 2007 equipment (for example, test transmitters) in accordance with the regulations may become the cause of radio interference. Read instructions for correct handling.
... (c) 2001, Dr Brian Gladman , Worcester, UK. This software is provided 'as is in the second category (information equipment to be used to test the series for compliance with the distribution. 3. When used in a residential area or an adjacent area thereto) and conforms to the following conditions: ...or promote any products derived from this list of conditions and the following disclaimer. 2. iii 1.0, October 2007 equipment (for example, test transmitters) in accordance with the regulations may become the cause of radio interference. Read instructions for correct handling.
Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Enabling Source MAC Filtering 4-22 Port Triggering ...4-23 E-Mail Notifications of Event Logs and Alerts 4-25 Administrator Tips ...4-25 Chapter 5 Virtual ...the IKE Policy Table 5-14 VPN Policy ...5-15 VPN Tunnel Connection Status 5-17 Creating a VPN Client Connection: VPN Client to FVS336G 5-17 Configuring the FVS336G 5-17 Configuring the VPN Client 5-18 Testing the Connection 5-19 Manually Assigning IP Addresses to Remote Users (ModeConfig 5-20 Mode Config Operation 5-20 Configuring the VPN Firewall ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Enabling Source MAC Filtering 4-22 Port Triggering ...4-23 E-Mail Notifications of Event Logs and Alerts 4-25 Administrator Tips ...4-25 Chapter 5 Virtual ...the IKE Policy Table 5-14 VPN Policy ...5-15 VPN Tunnel Connection Status 5-17 Creating a VPN Client Connection: VPN Client to FVS336G 5-17 Configuring the FVS336G 5-17 Configuring the VPN Client 5-18 Testing the Connection 5-19 Manually Assigning IP Addresses to Remote Users (ModeConfig 5-20 Mode Config Operation 5-20 Configuring the VPN Firewall ...
Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade 8-14 Configuring Date and Time Service 8-16 Chapter 9 Monitoring System Performance Enabling the Traffic Meter 9-1 Activating ...10-2 Troubleshooting the Web Configuration Interface 10-3 Troubleshooting the ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Settings Backup and Firmware Upgrade 8-14 Configuring Date and Time Service 8-16 Chapter 9 Monitoring System Performance Enabling the Traffic Meter 9-1 Activating ...10-2 Troubleshooting the Web Configuration Interface 10-3 Troubleshooting the ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time...
Reference Manual
Page 22
..., WAN2, and the LAN lights: Figure 1-1 The function of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. LED Descriptions Object Activity PWR (Power) TEST WAN Ports ACTIVE On (Green) Off On (Amber) Blinking (Amber) Off On (Green) On (Amber) Description Power is operating ... The LAN port is in standby for repair. Front Panel Features The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - The Internet connection is down or not being used because the port is operating at 10 Mbps. 1-6 Introduction v1.0, October 2007...
..., WAN2, and the LAN lights: Figure 1-1 The function of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. LED Descriptions Object Activity PWR (Power) TEST WAN Ports ACTIVE On (Green) Off On (Amber) Blinking (Amber) Off On (Green) On (Amber) Description Power is operating ... The LAN port is in standby for repair. Front Panel Features The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual - The Internet connection is down or not being used because the port is operating at 10 Mbps. 1-6 Introduction v1.0, October 2007...
Reference Manual
Page 23
... 100 Mbps. The WAN port has no link. Using a sharp object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the VPN firewall to right, the rear panel contains the following elements: 1. Introduction 1-7 v1.0, October 2007 ProSafe Dual WAN... Mbps. The LAN port is being transmitted or received by the WAN port. The WAN port has detected a link with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. Rear Panel Features The rear panel of the ProSafe Dual WAN Gigabit Firewall with RJ-45 connectors. Four switched N-way automatic ...
... 100 Mbps. The WAN port has no link. Using a sharp object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the VPN firewall to right, the rear panel contains the following elements: 1. Introduction 1-7 v1.0, October 2007 ProSafe Dual WAN... Mbps. The LAN port is being transmitted or received by the WAN port. The WAN port has detected a link with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. Rear Panel Features The rear panel of the ProSafe Dual WAN Gigabit Firewall with RJ-45 connectors. Four switched N-way automatic ...
Reference Manual
Page 38
... DNS server IP addresses provided to you in the fields. 12. If you are finished, click Logout or proceed to the NETGEAR Web site. The selected WAN interface is made , NETGEAR's Web site appears. 14. As long as WAN1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured...WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 11. Once the primary WAN interface goes down, the rollover link is the rollover link. Click Test to the original primary link once the original primary link is sent over the primary link...
... DNS server IP addresses provided to you in the fields. 12. If you are finished, click Logout or proceed to the NETGEAR Web site. The selected WAN interface is made , NETGEAR's Web site appears. 14. As long as WAN1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured...WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 11. Once the primary WAN interface goes down, the rollover link is the rollover link. Click Test to the original primary link once the original primary link is sent over the primary link...
Reference Manual
Page 41
...Using WAN port. 3. DNS queries are sent to this server through the WAN interface being monitored. • Ping to this mode. 4. Connecting the FVS336G to the DNS server configured on the WAN ISP pages (see "Configuring the Internet Connections" on page 2-5). • DNS lookup using ISP DNS Servers.... DNS queries are sent to the Internet v1.0, October 2007 2-15 The default test period is sent periodically after every test period. From the pull-down menu, choose which WAN port will not consider Ping traffic to this DNS Server. The DNS ...
...Using WAN port. 3. DNS queries are sent to this server through the WAN interface being monitored. • Ping to this mode. 4. Connecting the FVS336G to the DNS server configured on the WAN ISP pages (see "Configuring the Internet Connections" on page 2-5). • DNS lookup using ISP DNS Servers.... DNS queries are sent to the Internet v1.0, October 2007 2-15 The default test period is sent periodically after every test period. From the pull-down menu, choose which WAN port will not consider Ping traffic to this DNS Server. The DNS ...
Reference Manual
Page 42
...the dual WAN ports for a minimum of the same speed. The WAN interface is 2 minutes (a 30-second minimum test period for load balancing with SSL & IPsec VPN FVS336G Reference Manual 6. The default time to roll over after the primary WAN interface fails is considered down after this. ...you can be routed through the WAN port connected to save your settings. In the Port Mode section, select Load Balancing. 2-16 Connecting the FVS336G to the primary WAN interface. For example, if the HTTPS protocol is bound to elicit a reply. ProSafe Dual WAN Gigabit Firewall with protocol...
...the dual WAN ports for a minimum of the same speed. The WAN interface is 2 minutes (a 30-second minimum test period for load balancing with SSL & IPsec VPN FVS336G Reference Manual 6. The default time to roll over after the primary WAN interface fails is considered down after this. ...you can be routed through the WAN port connected to save your settings. In the Port Mode section, select Load Balancing. 2-16 Connecting the FVS336G to the primary WAN interface. For example, if the HTTPS protocol is bound to elicit a reply. ProSafe Dual WAN Gigabit Firewall with protocol...
Reference Manual
Page 49
... DHCP and TCP/IP settings of your network. Specify the pool of IP addresses to avoid duplicate addresses on the LAN. Each pool address is tested before it is the LAN address of your computers, clear the Enable DHCP server radio box by setting the Starting IP Address and Ending IP...
... DHCP and TCP/IP settings of your network. Specify the pool of IP addresses to avoid duplicate addresses on the LAN. Each pool address is tested before it is the LAN address of your computers, clear the Enable DHCP server radio box by setting the Starting IP Address and Ending IP...
Reference Manual
Page 77
... an exposed host allows you have not yet defined. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Web server PC on the Internet for Web service: 8080 Figure 4-7 To test the connection from a PC on your LAN as this host: 1. Create an inbound rule that you to...
... an exposed host allows you have not yet defined. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Web server PC on the Internet for Web service: 8080 Figure 4-7 To test the connection from a PC on your LAN as this host: 1. Create an inbound rule that you to...
Reference Manual
Page 105
... of all active IKE Policies to be unknown, the PC must be behind NAT routers. Using the FVS336G's VPN Wizard, we will use Netgear's ProSafe VPN Client software. This procedure was developed and tested using: • Netgear FVS336G ProSafe Dual WAN Gigabit Firewall with this SA. • Endpoint. The name of the SA. Since the...
... of all active IKE Policies to be unknown, the PC must be behind NAT routers. Using the FVS336G's VPN Wizard, we will use Netgear's ProSafe VPN Client software. This procedure was developed and tested using: • Netgear FVS336G ProSafe Dual WAN Gigabit Firewall with this SA. • Endpoint. The name of the SA. Since the...
Reference Manual
Page 107
...and Y are an arbitrary pair of the form ".fvg_remote.com", where each user. In this example, it is the policy name used in the FVS336G configuration. Click Enter Key and then enter your computer's Network Adapter. For the Phase 1 Negotiation Mode, check the Aggressive Mode radio box. 9. ...Before leaving the My Identity menu, click Pre-Shared Key. 6. In the left frame, click My Identity. 8. Testing the Connection 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 7. Note: X may not be necessary. 11. Your current IP address will be enabled. 10. ...
...and Y are an arbitrary pair of the form ".fvg_remote.com", where each user. In this example, it is the policy name used in the FVS336G configuration. Click Enter Key and then enter your computer's Network Adapter. For the Phase 1 Negotiation Mode, check the Aggressive Mode radio box. 9. ...Before leaving the My Identity menu, click Pre-Shared Key. 6. In the left frame, click My Identity. 8. Testing the Connection 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 7. Note: X may not be necessary. 11. Your current IP address will be enabled. 10. ...
Reference Manual
Page 113
... method for requesting individual authentication information from the PFS Key Group pull-down menu. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Check the Enable Perfect Forward Secrecy (PFS) radio button, and choose the DiffieHellman Group 2 from the user, and a..., an administrator may want a unique user authentication method beyond relying on the left -side of the menu and choose Proposal 1. To test the connection: 1. The connection policy you must specify the authentication type to authenticate users from a stored list of the remote VPN gateways...
... method for requesting individual authentication information from the PFS Key Group pull-down menu. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Check the Enable Perfect Forward Secrecy (PFS) radio button, and choose the DiffieHellman Group 2 from the user, and a..., an administrator may want a unique user authentication method beyond relying on the left -side of the menu and choose Proposal 1. To test the connection: 1. The connection policy you must specify the authentication type to authenticate users from a stored list of the remote VPN gateways...
Reference Manual
Page 170
...upgrade to your VPN firewall will reboot. To upgrade the router software: 1. Refer to the release notes included with SSL & IPsec VPN FVS336G Reference Manual After downloading an upgrade file, you may need to unzip (uncompress) it before doing anything else to the VPN firewall until ...Backup and Firmware Upgrade from the main menu. In the Router Upgrade section, click Browse. 3. Locate the downloaded file and click Upload. When the Test light turns off the VPN firewall, shutdown the computer or do anything . 4. Network Time Protocol (NTP) is a protocol that your VPN firewall ...
...upgrade to your VPN firewall will reboot. To upgrade the router software: 1. Refer to the release notes included with SSL & IPsec VPN FVS336G Reference Manual After downloading an upgrade file, you may need to unzip (uncompress) it before doing anything else to the VPN firewall until ...Backup and Firmware Upgrade from the main menu. In the Router Upgrade section, click Browse. 3. Locate the downloaded file and click Upload. When the Test light turns off the VPN firewall, shutdown the computer or do anything . 4. Network Time Protocol (NTP) is a protocol that your VPN firewall ...
Reference Manual
Page 189
... and solve the problem. After approximately two minutes, verify that are connected. If any of events should occur: 1. This chapter contains the following section. The TEST LED is on power to the VPN firewall, the following sequence of these conditions does not occur, refer to the connected device. If the port...
... and solve the problem. After approximately two minutes, verify that are connected. If any of events should occur: 1. This chapter contains the following section. The TEST LED is on power to the VPN firewall, the following sequence of these conditions does not occur, refer to the connected device. If the port...
Reference Manual
Page 193
... Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that you will provide the addresses of the VPN firewall; Testing the LAN Path to Your VPN Firewall You can obtain an IP address, but your PC is unable to load any DNS server addresses. Click... OK. The device then responds with SSL & IPsec VPN FVS336G Reference Manual • Your ISP only allows one or two DNS servers for example: ping 192.168.1.1 3. In the field provided, type "ping" followed...
... Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that you will provide the addresses of the VPN firewall; Testing the LAN Path to Your VPN Firewall You can obtain an IP address, but your PC is unable to load any DNS server addresses. Click... OK. The device then responds with SSL & IPsec VPN FVS336G Reference Manual • Your ISP only allows one or two DNS servers for example: ping 192.168.1.1 3. In the field provided, type "ping" followed...
Reference Manual
Page 194
... of the IP address specified by DHCP, this message: Request timed out If the path is not functioning correctly, you do not receive replies: - Testing the Path from Your PC to see this information will not be visible in the previous section are displayed. Check to a Remote Device After verifying...enter that the corresponding Link LEDs are on . Check that host name as the default gateway. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see that the LAN path works...
... of the IP address specified by DHCP, this message: Request timed out If the path is not functioning correctly, you do not receive replies: - Testing the Path from Your PC to see this information will not be visible in the previous section are displayed. Check to a Remote Device After verifying...enter that the corresponding Link LEDs are on . Check that host name as the default gateway. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see that the LAN path works...
Reference Manual
Page 195
... of your Internet access settings are configured correctly. Use this is January 1, 2000. Press and hold the reset button until the Test LED turns on page 2-9. Problems with SSL & IPsec VPN FVS336G Reference Manual - Each entry in two ways: • Use the Erase function of the VPN firewall (see "Settings Backup and...
... of your Internet access settings are configured correctly. Use this is January 1, 2000. Press and hold the reset button until the Test LED turns on page 2-9. Problems with SSL & IPsec VPN FVS336G Reference Manual - Each entry in two ways: • Use the Erase function of the VPN firewall (see "Settings Backup and...
Reference Manual
Page 197
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 10-1. Used to send a ping packet request to a specified IP address-most often, to find...v1.0, October 2007 10-9 This operation will be reached through a VPN tunnel, check Ping through the VPN firewall (for example, www.netgear.com) to the VPN firewall (such as your management session) or through VPN tunnel. The traceroute results will display the internal routing ...the request times out (no reply is received), it usually means that interface. You can request a DNS lookup to test a connection.
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 10-1. Used to send a ping packet request to a specified IP address-most often, to find...v1.0, October 2007 10-9 This operation will be reached through a VPN tunnel, check Ping through the VPN firewall (for example, www.netgear.com) to the VPN firewall (such as your management session) or through VPN tunnel. The traceroute results will display the internal routing ...the request times out (no reply is received), it usually means that interface. You can request a DNS lookup to test a connection.