FVS336G Reference Manual
Page 2
...ätigt, daß das ProSafe Dual WAN Gigabit Firewall with the limits for help. NETGEAR does not assume any liability that may cause harmful interference to part 15 of NETGEAR, Inc. EU Regulatory Compliance Statement The ProSafe Dual WAN Gigabit Firewall with the following EU Council Directives: 89/336/EEC and LVD 73/23/EEC. Certificate of the product(s) or circuit layout...
...ätigt, daß das ProSafe Dual WAN Gigabit Firewall with the limits for help. NETGEAR does not assume any liability that may cause harmful interference to part 15 of NETGEAR, Inc. EU Regulatory Compliance Statement The ProSafe Dual WAN Gigabit Firewall with the following EU Council Directives: 89/336/EEC and LVD 73/23/EEC. Certificate of the product(s) or circuit layout...
FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding... Login Policies 7-5 Changing Passwords and Settings 7-7 RADIUS Server External Authentication 7-9 Managing Certificates 7-10 Viewing and Loading CA Certificates 7-11 Viewing Active Self Certificates 7-12 Obtaining a Self Certificate from a Certificate Authority 7-13 Managing your Certificate Revocation List (CRL 7-15 Chapter 8 Router and Network Management Performance Management 8-1 ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding... Login Policies 7-5 Changing Passwords and Settings 7-7 RADIUS Server External Authentication 7-9 Managing Certificates 7-10 Viewing and Loading CA Certificates 7-11 Viewing Active Self Certificates 7-12 Obtaining a Self Certificate from a Certificate Authority 7-13 Managing your Certificate Revocation List (CRL 7-15 Chapter 8 Router and Network Management Performance Management 8-1 ...
FVS336G Reference Manual
Page 14
... • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xiv v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with router firmware update. Failure to take heed of this notice may result in Appendix B, "Related Documents.". website at http://kbserver.netgear.com/products/FVS336G.asp. For more information about network, Internet...
... • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xiv v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with router firmware update. Failure to take heed of this notice may result in Appendix B, "Related Documents.". website at http://kbserver.netgear.com/products/FVS336G.asp. For more information about network, Internet...
FVS336G Reference Manual
Page 96
r3m0+eC1ient Figure 5-12 • From the Select Certificate pull-down menu, choose Domain Name. • Leave Virtual Adapter disabled. • In Network Adapter select the adapter you provided in the VPN Wizard; In ..., click My Identity. in the options according to enter the key you will display. 5-10 Virtual Private Networking Using IPsec v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Fill in this example, we are using r3m0+eC1ient. • From the ID Type pull-down menu, choose None. • Click...
r3m0+eC1ient Figure 5-12 • From the Select Certificate pull-down menu, choose Domain Name. • Leave Virtual Adapter disabled. • In Network Adapter select the adapter you provided in the VPN Wizard; In ..., click My Identity. in the options according to enter the key you will display. 5-10 Virtual Private Networking Using IPsec v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Fill in this example, we are using r3m0+eC1ient. • From the ID Type pull-down menu, choose None. • Click...
FVS336G Reference Manual
Page 103
... to the policy name). When traffic is covered by an "*" next to the parameters in the SA (Security Association). 4. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • DH. Some parameters for a link to manage the VPN policies already created. The use are manually input...enable or disable policies, or delete them entirely. However, if you to add additional policies-either Auto or Manual-and to the NETGEAR website. In addition, a Certificate Authority (CA) can also be sent via a VPN tunnel. 2. Only one policy for the VPN tunnel are : 1. All...
... to the policy name). When traffic is covered by an "*" next to the parameters in the SA (Security Association). 4. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • DH. Some parameters for a link to manage the VPN policies already created. The use are manually input...enable or disable policies, or delete them entirely. However, if you to add additional policies-either Auto or Manual-and to the NETGEAR website. In addition, a Certificate Authority (CA) can also be sent via a VPN tunnel. 2. Only one policy for the VPN tunnel are : 1. All...
FVS336G Reference Manual
Page 113
...on the left -side of the menu and choose Proposal 1. Virtual Private Networking Using IPsec v1.0, March 2009 5-27 From the Select Certificate pull-down menu, choose Preferred. e. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. Click the Save ...the menu, choose Security Policy. From the ID Type pull-down menu. To test the connection: 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. in the VPN firewall ModeConfig Record menu. 5. in the Windows toolbar and click Connect. From the ID Type pull-down menu...
...on the left -side of the menu and choose Proposal 1. Virtual Private Networking Using IPsec v1.0, March 2009 5-27 From the Select Certificate pull-down menu, choose Preferred. e. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. Click the Save ...the menu, choose Security Policy. From the ID Type pull-down menu. To test the connection: 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. in the VPN firewall ModeConfig Record menu. 5. in the Windows toolbar and click Connect. From the ID Type pull-down menu...
FVS336G Reference Manual
Page 139
... to be used for associated users. Select Users > Domains from the main menu. Users connecting to access the VPN firewall or the VPN-protected network. Therefore, you should create any needed if you must specify a domain. To create a...Certificates" on page 7-10 Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will connect to groups. Creating a Domain The domain determines the authentication method to be presented, which the associated users will be authenticated before being allowed to the VPN firewall...
... to be used for associated users. Select Users > Domains from the main menu. Users connecting to access the VPN firewall or the VPN-protected network. Therefore, you should create any needed if you must specify a domain. To create a...Certificates" on page 7-10 Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will connect to groups. Creating a Domain The domain determines the authentication method to be presented, which the associated users will be authenticated before being allowed to the VPN firewall...
FVS336G Reference Manual
Page 140
... Fields None Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Workgroup 7-2 Managing Users, Authentication, and Certificates v1.0, March 2009 b. Figure 7-2 3. The required fields are activated in the Domain Name field. Select the Authentication Type. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 7-1 2.
... Fields None Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Workgroup 7-2 Managing Users, Authentication, and Certificates v1.0, March 2009 b. Figure 7-2 3. The required fields are activated in the Domain Name field. Select the Authentication Type. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 7-1 2.
FVS336G Reference Manual
Page 141
ProSafe Dual WAN Gigabit Firewall with LAN Groups that are defined in the Add ...the appropriate domain (only for the group. To create a group: 1. Name. Managing Users, Authentication, and Certificates 7-3 v1.0, March 2009 Configure the new group settings in the User menu are used for setting SSL VPN ... | LAN Settings | LAN Groups tab, which this domain will be confused with SSL & IPsec VPN FVS336G Reference Manual Authentication Type Active Directory LDAP Required Authentication Information Fields Authentication Server, Active Directory Domain Authentication Server,...
ProSafe Dual WAN Gigabit Firewall with LAN Groups that are defined in the Add ...the appropriate domain (only for the group. To create a group: 1. Name. Managing Users, Authentication, and Certificates 7-3 v1.0, March 2009 Configure the new group settings in the User menu are used for setting SSL VPN ... | LAN Settings | LAN Groups tab, which this domain will be confused with SSL & IPsec VPN FVS336G Reference Manual Authentication Type Active Directory LDAP Required Authentication Information Fields Authentication Server, Active Directory Domain Authentication Server,...
FVS336G Reference Manual
Page 142
... for use in user account setup. User Name. Click Add. The Add User tab screen is associated with SSL & IPsec VPN FVS336G Reference Manual c. ProSafe Dual WAN Gigabit Firewall with that group. 7-4 Managing Users, Authentication, and Certificates v1.0, March 2009 Timeout. Click Add. Creating a New User Account To add individual user accounts: 1. Select Users > Users from a list...
... for use in user account setup. User Name. Click Add. The Add User tab screen is associated with SSL & IPsec VPN FVS336G Reference Manual c. ProSafe Dual WAN Gigabit Firewall with that group. 7-4 Managing Users, Authentication, and Certificates v1.0, March 2009 Timeout. Click Add. Creating a New User Account To add individual user accounts: 1. Select Users > Users from a list...
FVS336G Reference Manual
Page 143
...appears in from certain IP addresses or using particular browsers. Note: For security reasons, Deny Login from logging in to configure. Managing Users, Authentication, and Certificates 7-5 v1.0, March 2009 The password can restrict the ability of Users table, click Policies adjacent to the user policy you want to the VPN... logging in the List of the Web Configuration Manager. 4. The Login Policies screen displays:. To prohibit this is checked by default for admin and guest. 4. e. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual d.
...appears in from certain IP addresses or using particular browsers. Note: For security reasons, Deny Login from logging in to configure. Managing Users, Authentication, and Certificates 7-5 v1.0, March 2009 The password can restrict the ability of Users table, click Policies adjacent to the user policy you want to the VPN... logging in the List of the Web Configuration Manager. 4. The Login Policies screen displays:. To prohibit this is checked by default for admin and guest. 4. e. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual d.
FVS336G Reference Manual
Page 144
... Addresses to allow logging in based on IP address: 1. down menu and enter the IP address in the Network Address/IP address field. 6. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To restrict logging in from the IP addresses that you will specify. 3. Click Apply. 4. Repeat these steps to the Defined Addresses... from the Source Address Type pull-down menu. Click Add to move the defined address to add additional addresses or subnets. 7-6 Managing Users, Authentication, and Certificates v1.0, March 2009
... Addresses to allow logging in based on IP address: 1. down menu and enter the IP address in the Network Address/IP address field. 6. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To restrict logging in from the IP addresses that you will specify. 3. Click Apply. 4. Repeat these steps to the Defined Addresses... from the Source Address Type pull-down menu. Click Add to move the defined address to add additional addresses or subnets. 7-6 Managing Users, Authentication, and Certificates v1.0, March 2009
FVS336G Reference Manual
Page 145
The by Client Browser tab. To modify User or Admin settings: Managing Users, Authentication, and Certificates 7-7 v1.0, March 2009 Figure 7-8 2. In the Defined Browsers Status section, select> • the Deny Login from Defined Browsers to deny logging in ...the administrator and guest passwords and settings. Repeat these steps to add additional browsers, then click Apply to save your changes. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To restrict logging in from the Client Browser pulldown menu and click Add to move the defined browser to the ...
The by Client Browser tab. To modify User or Admin settings: Managing Users, Authentication, and Certificates 7-7 v1.0, March 2009 Figure 7-8 2. In the Defined Browsers Status section, select> • the Deny Login from Defined Browsers to deny logging in ...the administrator and guest passwords and settings. Repeat these steps to add additional browsers, then click Apply to save your changes. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To restrict logging in from the Client Browser pulldown menu and click Add to move the defined browser to the ...
FVS336G Reference Manual
Page 146
... (i.e., you are able to save this setting. 7-8 Managing Users, Authentication, and Certificates v1.0, March 2009 Select the Settings you require. Select Users from the main menu and Local Authentication from the submenu. The default is 5 minutes. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 1. Change the Idle Logout Time field to the number...
... (i.e., you are able to save this setting. 7-8 Managing Users, Authentication, and Certificates v1.0, March 2009 Select the Settings you require. Select Users from the main menu and Local Authentication from the submenu. The default is 5 minutes. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 1. Change the Idle Logout Time field to the number...
FVS336G Reference Manual
Page 147
ProSafe Dual WAN Gigabit Firewall with the appropriate RADIUS or WIKID server that the user is authorized to password and 5 minutes, respectively, after a factory defaults reset. Managing Users, Authentication, and Certificates 7-9 v1.0, March 2009 Figure 7-10 When a user logs in . RADIUS Server External Authentication For authentication to RADIUS or WIKID, you enter will be changed back to log in , the VPN firewall will validate with SSL & IPsec VPN FVS336G Reference Manual Note: The password and time-out value you can define the authentication type.
ProSafe Dual WAN Gigabit Firewall with the appropriate RADIUS or WIKID server that the user is authorized to password and 5 minutes, respectively, after a factory defaults reset. Managing Users, Authentication, and Certificates 7-9 v1.0, March 2009 Figure 7-10 When a user logs in . RADIUS Server External Authentication For authentication to RADIUS or WIKID, you enter will be changed back to log in , the VPN firewall will validate with SSL & IPsec VPN FVS336G Reference Manual Note: The password and time-out value you can define the authentication type.
FVS336G Reference Manual
Page 148
...Certificates The FVS336G uses Digital Certificates (also known as via an in the FVS336G when the same digital certificate is being used for secure web management. 7-10 Managing Users, Authentication, and Certificates v1.0, March 2009 The same Digital Certificates are presented with several authentication protocol choices, as Verisign or Thawte. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G... of the purposes defined by remote entities. For example, if the Digital Certificate contains the extKeyUsage extension defined to be configured on the RADIUS server and on...
...Certificates The FVS336G uses Digital Certificates (also known as via an in the FVS336G when the same digital certificate is being used for secure web management. 7-10 Managing Users, Authentication, and Certificates v1.0, March 2009 The same Digital Certificates are presented with several authentication protocol choices, as Verisign or Thawte. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G... of the purposes defined by remote entities. For example, if the Digital Certificate contains the extKeyUsage extension defined to be configured on the RADIUS server and on...
FVS336G Reference Manual
Page 149
...-signed certificate will trigger a warning from a commercial CA provides a strong assurance of certificates: • CA certificate. We recommend that you can obtain a certificate from NETGEAR. Managing Users, Authentication, and Certificates v1.0,...FVS336G Reference Manual In the FVS336G, the uploaded digital certificate is checked for validity and also the purpose of the server. The organization or person to the HTTPS certificate repository and as Verisign or Thawte, or you replace this certificate prior to the VPN certificate repository. ProSafe Dual WAN Gigabit Firewall...
...-signed certificate will trigger a warning from a commercial CA provides a strong assurance of certificates: • CA certificate. We recommend that you can obtain a certificate from NETGEAR. Managing Users, Authentication, and Certificates v1.0,...FVS336G Reference Manual In the FVS336G, the uploaded digital certificate is checked for validity and also the purpose of the server. The organization or person to the HTTPS certificate repository and as Verisign or Thawte, or you replace this certificate prior to the VPN certificate repository. ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 150
... displays the Trusted Certificates (CA Certificates). Click Upload. Viewing Active Self Certificates The Active Self Certificates table in the Trusted Certificates (CA Certificates) table. The CA Certificate will also receive the CA certificate. The name you by a CA and available for use. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To view the VPN Certificates: Select VPN > Certificates from a CA, you will...
... displays the Trusted Certificates (CA Certificates). Click Upload. Viewing Active Self Certificates The Active Self Certificates table in the Trusted Certificates (CA Certificates) table. The CA Certificate will also receive the CA certificate. The name you by a CA and available for use. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To view the VPN Certificates: Select VPN > Certificates from a CA, you will...
FVS336G Reference Manual
Page 151
...(Using the same name, or a derivation of the certificate. Refer to identify the certificate with SSL & IPsec VPN FVS336G Reference Manual • Serial Number. Enter a descriptive name that issued the certificate. • Expiry Time. Since this certificate. • Subject - The CSR is a serial number... be useful.) Figure 7-13 Managing Users, Authentication, and Certificates v1.0, March 2009 7-13 ProSafe Dual WAN Gigabit Firewall with in the Title field would be seen by the CA. It is the name which the certificate expires. This is used to the CA for guidelines on...
...(Using the same name, or a derivation of the certificate. Refer to identify the certificate with SSL & IPsec VPN FVS336G Reference Manual • Serial Number. Enter a descriptive name that issued the certificate. • Expiry Time. Since this certificate. • Subject - The CSR is a serial number... be useful.) Figure 7-13 Managing Users, Authentication, and Certificates v1.0, March 2009 7-13 ProSafe Dual WAN Gigabit Firewall with in the Title field would be seen by the CA. It is the name which the certificate expires. This is used to the CA for guidelines on...
FVS336G Reference Manual
Page 152
ProSafe Dual WAN Gigabit Firewall with the following values: - Signature Algorithm: RSA. - Figure 7-14 5. Figure 7-15 7-14 Managing Users, Authentication, and Certificates v1.0, March 2009 Hash Algorithm: MD5 or SHA2. - Otherwise, you should leave this field blank. • Domain Name - ...fields, if desired, with SSL & IPsec VPN FVS336G Reference Manual • From the pull-down menus, choose the following information: • IP Address - If you have a fixed IP address, you can enter it here. A new certificate request is created and added to view the request....
ProSafe Dual WAN Gigabit Firewall with the following values: - Signature Algorithm: RSA. - Figure 7-14 5. Figure 7-15 7-14 Managing Users, Authentication, and Certificates v1.0, March 2009 Hash Algorithm: MD5 or SHA2. - Otherwise, you should leave this field blank. • Domain Name - ...fields, if desired, with SSL & IPsec VPN FVS336G Reference Manual • From the pull-down menus, choose the following information: • IP Address - If you have a fixed IP address, you can enter it here. A new certificate request is created and added to view the request....