FVS336G Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File ... ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 xi v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File ... ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 xi v1.0, March 2009
FVS336G Reference Manual
Page 65
...4-29). Firewall Protection and Content Filtering 4-9 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Click Apply. Incorrect configuration will be listed on page 4-3. 3. Click Apply to the schedule created in the Schedule menu. Creating a LAN WAN Outbound Services...down menu. 3. Figure 4-2 2. The new rule will cause serious problems. To create a new outbound service rule in Table 4-1 on the Outbound Services table. The Add LAN WAN Outbound Service screen is for Advanced Administrators only! Change the Default ...
...4-29). Firewall Protection and Content Filtering 4-9 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Click Apply. Incorrect configuration will be listed on page 4-3. 3. Click Apply to the schedule created in the Schedule menu. Creating a LAN WAN Outbound Services...down menu. 3. Figure 4-2 2. The new rule will cause serious problems. To create a new outbound service rule in Table 4-1 on the Outbound Services table. The Add LAN WAN Outbound Service screen is for Advanced Administrators only! Change the Default ...
FVS336G Reference Manual
Page 73
...attacks. - ProSafe Dual WAN Gigabit Firewall with half-open connections. A SYN flood is a form of denial of SYN requests to an ICMP Echo (ping) packet coming from the main menu and click Attack Checks to monitor. To enable the appropriate Attack Checks for connectivity problems. - ...Flood. Select Security > Firewall from the Internet or WAN side. The various types of attack checks are : • WAN Security Checks - When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G Reference Manual Attack Checks ...
...attacks. - ProSafe Dual WAN Gigabit Firewall with half-open connections. A SYN flood is a form of denial of SYN requests to an ICMP Echo (ping) packet coming from the main menu and click Attack Checks to monitor. To enable the appropriate Attack Checks for connectivity problems. - ...Flood. Select Security > Firewall from the Internet or WAN side. The various types of attack checks are : • WAN Security Checks - When the system responds, the attacker doesn't complete the connection, thus saturating the server with SSL & IPsec VPN FVS336G Reference Manual Attack Checks ...
FVS336G Reference Manual
Page 98
NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these steps. 1. To test the client connection, ... say On: 5-12 Virtual Private Networking Using IPsec v1.0, March 2009 This information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. ProSafe Dual WAN Gigabit Firewall with a connection.
NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these steps. 1. To test the client connection, ... say On: 5-12 Virtual Private Networking Using IPsec v1.0, March 2009 This information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. ProSafe Dual WAN Gigabit Firewall with a connection.
FVS336G Reference Manual
Page 116
In Reconnect after failure count, set the interval between consecutive DPD R-U-THERE messages. When the FVS336G senses an IKE connection failure, it deletes the IPSec and IKE Security Association and forces a reestablishment of DPD... steps: 1. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. Figure 5-25 4. To solve this problem, you can configure the FVS336G to the desired VPN policy. 5-30 Virtual Private Networking Using IPsec v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System...
In Reconnect after failure count, set the interval between consecutive DPD R-U-THERE messages. When the FVS336G senses an IKE connection failure, it deletes the IPSec and IKE Security Association and forces a reestablishment of DPD... steps: 1. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. Figure 5-25 4. To solve this problem, you can configure the FVS336G to the desired VPN policy. 5-30 Virtual Private Networking Using IPsec v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System...
FVS336G Reference Manual
Page 153
... of the CA. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. Copy the contents of the Data to supply to "---END CERTIFICATE REQUEST---". 7. Submit your PC. 11. Start the Self Certificate request procedure. d. Return to a CA: a. Select the checkbox next to -date. If you have been revoked and are no problems ensue, the...
... of the CA. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. Copy the contents of the Data to supply to "---END CERTIFICATE REQUEST---". 7. Submit your PC. 11. Start the Self Certificate request procedure. d. Return to a CA: a. Select the checkbox next to -date. If you have been revoked and are no problems ensue, the...
FVS336G Reference Manual
Page 156
...outgoing traffic. Incorrect configuration will cause serious problems. Each rule lets you have been sent on the traffic being carried, the WAN side of the VPN firewall that can control specific outbound traffic (from LAN to the WAN port that is bound by schedule, otherwise...bandwidth capacity of the WAN side of the WAN ports fail. Using the dual WAN ports in case one of the VPN firewall. This protocol-bound traffic is for outbound traffic. The default rule allows all existing rules for Advanced Administrators only! ProSafe Dual WAN Gigabit Firewall with one exception,...
...outgoing traffic. Incorrect configuration will cause serious problems. Each rule lets you have been sent on the traffic being carried, the WAN side of the VPN firewall that can control specific outbound traffic (from LAN to the WAN port that is bound by schedule, otherwise...bandwidth capacity of the WAN side of the WAN ports fail. Using the dual WAN ports in case one of the VPN firewall. This protocol-bound traffic is for outbound traffic. The default rule allows all existing rules for Advanced Administrators only! ProSafe Dual WAN Gigabit Firewall with one exception,...
FVS336G Reference Manual
Page 159
...use this feature. A DoS attack does not attempt to increase WAN-side loading are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. Warning: This.... Access to the list of a particular Web component has been enabled. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for which keyword blocking has been enabled will cause serious problems. Router and Network Management 8-5 v1.0, March 2009
...use this feature. A DoS attack does not attempt to increase WAN-side loading are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. Warning: This.... Access to the list of a particular Web component has been enabled. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual You can bypass keyword blocking for which keyword blocking has been enabled will cause serious problems. Router and Network Management 8-5 v1.0, March 2009
FVS336G Reference Manual
Page 191
...chapter provides troubleshooting tips and information for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 • "Using the Diagnostics Utilities" on page 10-8 Basic Functions After you diagnose and solve the problem. After each problem description, instructions are provided to help you turn... on page 10-7 • "Problems with SSL & IPsec VPN. This chapter contains the following sequence of these conditions does not occur, refer to the VPN firewall, the following sections: • "Basic Functions" on page 10-1 ...
...chapter provides troubleshooting tips and information for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 • "Using the Diagnostics Utilities" on page 10-8 Basic Functions After you diagnose and solve the problem. After each problem description, instructions are provided to help you turn... on page 10-7 • "Problems with SSL & IPsec VPN. This chapter contains the following sequence of these conditions does not occur, refer to the VPN firewall, the following sections: • "Basic Functions" on page 10-1 ...
FVS336G Reference Manual
Page 192
...Ethernet crossover cable. 10-2 v1.0, March 2009 Troubleshooting This will set the VPN firewall's IP address to a functioning power outlet. • Check that was supplied with SSL & IPsec VPN FVS336G Reference Manual Power LED Not On If the Power and other LEDs are secure... NETGEAR for about 10 seconds and then turn off when your VPN firewall and that power is explained in "Restoring the Default Configuration and Password" on to the connected hub or workstation. • Be sure you have a hardware problem and should contact technical support. ProSafe Dual WAN Gigabit Firewall ...
...Ethernet crossover cable. 10-2 v1.0, March 2009 Troubleshooting This will set the VPN firewall's IP address to a functioning power outlet. • Check that was supplied with SSL & IPsec VPN FVS336G Reference Manual Power LED Not On If the Power and other LEDs are secure... NETGEAR for about 10 seconds and then turn off when your VPN firewall and that power is explained in "Restoring the Default Configuration and Password" on to the connected hub or workstation. • Be sure you have a hardware problem and should contact technical support. ProSafe Dual WAN Gigabit Firewall ...
FVS336G Reference Manual
Page 194
.... Check that it has reacquired sync with SSL & IPsec VPN FVS336G Reference Manual • When entering configuration settings, be caching the old configuration. Troubleshooting the ISP Connection If your VPN firewall is still unable to obtain an IP address from the ISP....ProSafe Dual WAN Gigabit Firewall with the ISP, reapply power to your VPN firewall. Access the Main Menu of login. • If your ISP requires a login, you have been assigned a static IP address, your VPN firewall must request an IP address from the ISP, the problem may be one of your ISP account as www.netgear...
.... Check that it has reacquired sync with SSL & IPsec VPN FVS336G Reference Manual • When entering configuration settings, be caching the old configuration. Troubleshooting the ISP Connection If your VPN firewall is still unable to obtain an IP address from the ISP....ProSafe Dual WAN Gigabit Firewall with the ISP, reapply power to your VPN firewall. Access the Main Menu of login. • If your ISP requires a login, you have been assigned a static IP address, your VPN firewall must request an IP address from the ISP, the problem may be one of your ISP account as www.netgear...
FVS336G Reference Manual
Page 196
... run menu, type: PING -n 10 where is the IP address of a remote device such as your PC or workstation. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see this information will...that the corresponding Link LEDs are correct and that the LAN path works correctly, test the path from the network address of the following problems: • Wrong physical connections - If the path is off, follow the instructions in the previous section are on for your network interface...
... run menu, type: PING -n 10 where is the IP address of a remote device such as your PC or workstation. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will see this information will...that the corresponding Link LEDs are correct and that the LAN path works correctly, test the path from the network address of the following problems: • Wrong physical connections - If the path is off, follow the instructions in the previous section are on for your network interface...
FVS336G Reference Manual
Page 197
...and Password This section explains how to restore the factory default configuration settings, changing the VPN firewall's administration password to password and the IP address to blink (about 10 seconds). 2. Problems with Date and Time The Administration | Time Zone menu displays the current date and time... the reset button and wait for cases when the administration password or IP address is January 1, 2000. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP could be rejecting the Ethernet MAC addresses of all but some ISPs additionally ...
...and Password This section explains how to restore the factory default configuration settings, changing the VPN firewall's administration password to password and the IP address to blink (about 10 seconds). 2. Problems with Date and Time The Administration | Time Zone menu displays the current date and time... the reset button and wait for cases when the administration password or IP address is January 1, 2000. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP could be rejecting the Ethernet MAC addresses of all but some ISPs additionally ...
FVS336G Reference Manual
Page 199
...new screen; Note: Rebooting will be reached through a VPN tunnel, check Ping through the VPN firewall (for example, www.netgear.com) to have become unstable or is received), it usually means that interface. Troubleshooting v1.0, March... However, some network devices can request a DNS lookup to perform a remote reboot (restart). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 10-1. Diagnostics Item Ping or trace an IP address Perform a DNS lookup ...be used by Technical Support to diagnose routing problems. Used to find the IP address.
...new screen; Note: Rebooting will be reached through a VPN tunnel, check Ping through the VPN firewall (for example, www.netgear.com) to have become unstable or is received), it usually means that interface. Troubleshooting v1.0, March... However, some network devices can request a DNS lookup to perform a remote reboot (restart). ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 10-1. Diagnostics Item Ping or trace an IP address Perform a DNS lookup ...be used by Technical Support to diagnose routing problems. Used to find the IP address.
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements...
FVS336G Reference Manual
Page 71
... will cause serious problems. To create a new outbound service rule in Figure 4-1. 2. Click the LAN WAN Rules tab, shown in the LAN WAN Rules tab: Firewall Protection and Content Filtering 4-9 v1.2, June 2008 Incorrect configuration will block or allow the selected application from the drop-down menu. 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To...
... will cause serious problems. To create a new outbound service rule in Figure 4-1. 2. Click the LAN WAN Rules tab, shown in the LAN WAN Rules tab: Firewall Protection and Content Filtering 4-9 v1.2, June 2008 Incorrect configuration will block or allow the selected application from the drop-down menu. 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To...
FVS336G Reference Manual
Page 81
...problems. - The various types of attack checks are : • WAN Security Checks - Enable Stealth Mode-In stealth mode, the VPN firewall will not respond to port scans from easily discovering the VPN firewall...FVS336G Reference Manual . No legitimate connections can then be enabled as a diagnostic tool for the Attack Checks you leave this option disabled to monitor. Respond To Ping On Internet Ports-By default, the VPN firewall... LAN Security Checks Firewall Protection and Content Filtering v1.2, June 2008 4-19 Figure 4-9 3. ProSafe Dual WAN Gigabit Firewall with half-open ...
...problems. - The various types of attack checks are : • WAN Security Checks - Enable Stealth Mode-In stealth mode, the VPN firewall will not respond to port scans from easily discovering the VPN firewall...FVS336G Reference Manual . No legitimate connections can then be enabled as a diagnostic tool for the Attack Checks you leave this option disabled to monitor. Respond To Ping On Internet Ports-By default, the VPN firewall... LAN Security Checks Firewall Protection and Content Filtering v1.2, June 2008 4-19 Figure 4-9 3. ProSafe Dual WAN Gigabit Firewall with half-open ...
FVS336G Reference Manual
Page 127
...work for several basic network services such as shown in Figure 5-17. The default is idle. To solve this problem, you can configure the FVS336G to the desired VPN policy. Click the VPN Policies tab, then click the edit button next to bridge NetBIOS ...IPSec and IKE Security Association and forces a reestablishment of the menu. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. The default is 10 seconds. 6. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel,...
...work for several basic network services such as shown in Figure 5-17. The default is idle. To solve this problem, you can configure the FVS336G to the desired VPN policy. Click the VPN Policies tab, then click the edit button next to bridge NetBIOS ...IPSec and IKE Security Association and forces a reestablishment of the menu. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. The default is 10 seconds. 6. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel,...
FVS336G Reference Manual
Page 161
... v1.2, June 2008 7-13 Store the certificate file from "----BEGIN CERTIFICATE REQUEST---" to a CA: a. Start the Self Certificate request procedure. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Figure 7-13 6. If no problems ensue, the certificate will be issued. 8. In the Self Certificate Requests table, click View under the Action column to the...
... v1.2, June 2008 7-13 Store the certificate file from "----BEGIN CERTIFICATE REQUEST---" to a CA: a. Start the Self Certificate request procedure. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Figure 7-13 6. If no problems ensue, the certificate will be issued. 8. In the Self Certificate Requests table, click View under the Action column to the...
FVS336G Reference Manual
Page 166
...WAN side of the WAN ports fail. Outbound Services lists all outgoing traffic. ProSafe Dual WAN Gigabit Firewall with one active WAN port at 1.5 Mbps) As a result and depending on the failed WAN port gets diverted to the WAN...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1.5 Mbps each ) or 1000 Mbps (rollover mode, one of the VPN firewall. ...Warning: This feature is for the connections covered by the rule: • BLOCK always • BLOCK by protocol to WAN). At 1.5 Mbps, the WAN ports will cause serious problems...
...WAN side of the WAN ports fail. Outbound Services lists all outgoing traffic. ProSafe Dual WAN Gigabit Firewall with one active WAN port at 1.5 Mbps) As a result and depending on the failed WAN port gets diverted to the WAN...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1.5 Mbps each ) or 1000 Mbps (rollover mode, one of the VPN firewall. ...Warning: This feature is for the connections covered by the rule: • BLOCK always • BLOCK by protocol to WAN). At 1.5 Mbps, the WAN ports will cause serious problems...