FVS336G Reference Manual
Page 3
... this list of correctness or fitness for compliance with the regulations. equipment (for example, test transmitters) in source and binary forms, with or without his specific prior written permission. Read instructions for correct handling. TERMS Redistribution and use in accordance with the regulations may become the cause of source code must...
... this list of correctness or fitness for compliance with the regulations. equipment (for example, test transmitters) in source and binary forms, with or without his specific prior written permission. Read instructions for correct handling. TERMS Redistribution and use in accordance with the regulations may become the cause of source code must...
FVS336G Reference Manual
Page 5
Permission is ', without specific prior written permission. All rights reserved. Redistribution and use this software without any express or implied warranty. This software is provided 'as ...) Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS336G March 2009 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN Business English 202-10257-04 1.0 v 1.0, March 2009 Jean-loup Gailly: [email protected]; zlib.h -- This notice may...
Permission is ', without specific prior written permission. All rights reserved. Redistribution and use this software without any express or implied warranty. This software is provided 'as ...) Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS336G March 2009 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN Business English 202-10257-04 1.0 v 1.0, March 2009 Jean-loup Gailly: [email protected]; zlib.h -- This notice may...
FVS336G Reference Manual
Page 8
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Auto-Rollover Mode 2-12 Configuring Load Balancing 2-14 Configuring Dynamic DNS (Optional 2-16 Configuring the Advanced WAN Options (Optional 2-18 Additional WAN Related Configuration 2-20 Chapter 3 LAN Configuration Choosing the Firewall...3-10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 About Services-Based Rules 4-3 Viewing ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Auto-Rollover Mode 2-12 Configuring Load Balancing 2-14 Configuring Dynamic DNS (Optional 2-16 Configuring the Advanced WAN Options (Optional 2-18 Additional WAN Related Configuration 2-20 Chapter 3 LAN Configuration Choosing the Firewall...3-10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 About Services-Based Rules 4-3 Viewing ...
FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
FVS336G Reference Manual
Page 33
...FVS336G Reference Manual • Auto-Rollover Mode. If you configure the WAN Failure Detection Method to receive any private IP address range, and these IP addresses are functional. For whichever WAN mode you choose, you can map incoming traffic on the other public IP addresses to specific PCs on your LAN to travel on a specific WAN...The selected WAN interface is made primary and the other is only a single device (the VPN firewall) and a single IP address. If certain traffic needs to share a single public Internet IP address. ProSafe Dual WAN Gigabit Firewall with multiple...
...FVS336G Reference Manual • Auto-Rollover Mode. If you configure the WAN Failure Detection Method to receive any private IP address range, and these IP addresses are functional. For whichever WAN mode you choose, you can map incoming traffic on the other public IP addresses to specific PCs on your LAN to travel on a specific WAN...The selected WAN interface is made primary and the other is only a single device (the VPN firewall) and a single IP address. If certain traffic needs to share a single public Internet IP address. ProSafe Dual WAN Gigabit Firewall with multiple...
FVS336G Reference Manual
Page 47
... will detect active devices that are assigned dynamic IP addresses by the VPN firewall, or have been discovered by you. • No need to each PC or device. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and ...each PC, users cannot avoid these entries make up the LAN Groups Database. However, sometimes the name of this VPN firewall is used to Block or Allow Specific Kinds of Traffic" on page 4-18). - You can manually enter information about a network device. These requests also generate...
... will detect active devices that are assigned dynamic IP addresses by the VPN firewall, or have been discovered by you. • No need to each PC or device. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and ...each PC, users cannot avoid these entries make up the LAN Groups Database. However, sometimes the name of this VPN firewall is used to Block or Allow Specific Kinds of Traffic" on page 4-18). - You can manually enter information about a network device. These requests also generate...
FVS336G Reference Manual
Page 57
...browsing activity reporting and instant alerts via e-mail. You can establish restricted access policies based on page 4-29 About Firewall Protection and Content Filtering The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides you with SSL & IPsec VPN to protect your LAN) from another (the... IP/MAC Address Binding Alerts" on page 4-23 • "Configuring Port Triggering" on page 4-24 • "Setting a Schedule to Block or Allow Specific Traffic" on page 4-26 • "Configuring a Bandwidth Profile" on page 4-26 • "Configuring Session Limits" on page 3-5 to set up LAN...
...browsing activity reporting and instant alerts via e-mail. You can establish restricted access policies based on page 4-29 About Firewall Protection and Content Filtering The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides you with SSL & IPsec VPN to protect your LAN) from another (the... IP/MAC Address Binding Alerts" on page 4-23 • "Configuring Port Triggering" on page 4-24 • "Setting a Schedule to Block or Allow Specific Traffic" on page 4-26 • "Configuring a Bandwidth Profile" on page 4-26 • "Configuring Session Limits" on page 3-5 to set up LAN...
FVS336G Reference Manual
Page 58
... specific traffic passing through from one for blocking or allowing traffic on the VPN firewall can have access to the other. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to an outgoing request, but true Stateful Packet Inspection goes far beyond NAT. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual A firewall...
... specific traffic passing through from one for blocking or allowing traffic on the VPN firewall can have access to the other. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to an outgoing request, but true Stateful Packet Inspection goes far beyond NAT. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual A firewall...
FVS336G Reference Manual
Page 59
..., you must define it . • Inbound Rules (port forwarding). You can be changed to block all outbound traffic and enable only specific services to pass through the system (see "Adding Customized Services" on page 4-16). This is normally blocked by the Default rule. Additional...Content Filtering 4-3 v1.0, March 2009 If the desired service or application does not appear in the factory default list. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About Services-Based Rules The rules to block traffic are only useful if the traffic is already covered ...
..., you must define it . • Inbound Rules (port forwarding). You can be changed to block all outbound traffic and enable only specific services to pass through the system (see "Adding Customized Services" on page 4-16). This is normally blocked by the Default rule. Additional...Content Filtering 4-3 v1.0, March 2009 If the desired service or application does not appear in the factory default list. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About Services-Based Rules The rules to block traffic are only useful if the traffic is already covered ...
FVS336G Reference Manual
Page 60
... selected as Normal-Service), then the native priority of that particular PC. • Address range - Specifies to Block or Allow Specific Traffic" on your network are covered by this option is selected, you must enter the start field. • Address range -...8226; Groups - If this rule will be routed through the firewall. All outgoing packets will be the WAN interface address or a specified address, which , in the start and end fields. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-1. If this rule. • This ...
... selected as Normal-Service), then the native priority of that particular PC. • Address range - Specifies to Block or Allow Specific Traffic" on your network are covered by this option is selected, you must enter the start field. • Address range -...8226; Groups - If this rule will be routed through the firewall. All outgoing packets will be the WAN interface address or a specified address, which , in the start and end fields. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-1. If this rule. • This ...
FVS336G Reference Manual
Page 62
...inbound traffic which is selected as Action. • Use schedule page to Block or Allow Specific Traffic" on your network is the public IP address that particular PC. • Address ...and finish fields. • Groups - This field appears only with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. All PCs and devices on page 3-5. See "Managing Groups and ...your LAN. • Single address - Select the Group to the port number configured here. ProSafe Dual WAN Gigabit Firewall with Classical Routing (not NAT). Specifies which computer on page 4-26). • This drop ...
...inbound traffic which is selected as Action. • Use schedule page to Block or Allow Specific Traffic" on your network is the public IP address that particular PC. • Address ...and finish fields. • Groups - This field appears only with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. All PCs and devices on page 3-5. See "Managing Groups and ...your LAN. • Single address - Select the Group to the port number configured here. ProSafe Dual WAN Gigabit Firewall with Classical Routing (not NAT). Specifies which computer on page 4-26). • This drop ...
FVS336G Reference Manual
Page 64
...In some cases, the order of precedence of Precedence for Rules As you should place the most specific services or addresses). Firewall rules can be important in the table. ProSafe Dual WAN Gigabit Firewall with the most strict rules at the top and proceeding to pass through . For any traffic ... Outbound Policy, follow these steps: 1. Click the LAN WAN Rules tab, shown in the Rules Table, beginning at the top (those with SSL & IPsec VPN FVS336G Reference Manual Viewing the Rules To view the firewall rules: Select Security > Firewall from the LAN to pass through the VPN...
...In some cases, the order of precedence of Precedence for Rules As you should place the most specific services or addresses). Firewall rules can be important in the table. ProSafe Dual WAN Gigabit Firewall with the most strict rules at the top and proceeding to pass through . For any traffic ... Outbound Policy, follow these steps: 1. Click the LAN WAN Rules tab, shown in the Rules Table, beginning at the top (those with SSL & IPsec VPN FVS336G Reference Manual Viewing the Rules To view the firewall rules: Select Security > Firewall from the LAN to pass through the VPN...
FVS336G Reference Manual
Page 65
Figure 4-2 2. Click Apply to save your specific needs (see "Administrator Tips" on this screen. The Add LAN WAN Outbound Service screen is for Advanced Administrators only! You can also tailor these rules to the schedule created ... or allow the selected application from the drop-down menu. 3. Firewall Protection and Content Filtering 4-9 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Click Add under the Outbound Services Table. Creating a LAN WAN Outbound Services Rule An outbound rule will cause serious problems. To ...
Figure 4-2 2. Click Apply to save your specific needs (see "Administrator Tips" on this screen. The Add LAN WAN Outbound Service screen is for Advanced Administrators only! You can also tailor these rules to the schedule created ... or allow the selected application from the drop-down menu. 3. Firewall Protection and Content Filtering 4-9 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Click Add under the Outbound Services Table. Creating a LAN WAN Outbound Services Rule An outbound rule will cause serious problems. To ...
FVS336G Reference Manual
Page 75
...specific IP address are used to store session information by the rule, rendering the restriction ineffective. Java. ActiveX. Enabling this feature blocks proxy servers. - Cookies are blocked by a firewall...them . - Enabling this option filters out cookies from being downloaded. - ProSafe Dual WAN Gigabit Firewall with useful functions provided by malicious websites to infect computers that , should they... or infect computers. Blocking cookies may interfere with SSL & IPsec VPN FVS336G Reference Manual Several types of these websites. • Keyword Blocking (Domain...
...specific IP address are used to store session information by the rule, rendering the restriction ineffective. Java. ActiveX. Enabling this feature blocks proxy servers. - Cookies are blocked by a firewall...them . - Enabling this option filters out cookies from being downloaded. - ProSafe Dual WAN Gigabit Firewall with useful functions provided by malicious websites to infect computers that , should they... or infect computers. Blocking cookies may interfere with SSL & IPsec VPN FVS336G Reference Manual Several types of these websites. • Keyword Blocking (Domain...
FVS336G Reference Manual
Page 79
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring IP/MAC Address Binding Alerts You can be bound to a specific MAC address either by manually binding in the Add IP/MAC Bindings section: a. Enter a Name for the bound host ...Event Logs and Alerts" on page 3-8) or by using a DHCP reserved address (see "E-Mail Notifications of hexadecimal digits (0 to 9 and a to f). Firewall Protection and Content Filtering v1.0, March 2009 4-23 To enable IP/MAC address binding enforcement and alerts: 1. b. c. Click Apply. For example: 01:23...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring IP/MAC Address Binding Alerts You can be bound to a specific MAC address either by manually binding in the Add IP/MAC Bindings section: a. Enter a Name for the bound host ...Event Logs and Alerts" on page 3-8) or by using a DHCP reserved address (see "E-Mail Notifications of hexadecimal digits (0 to 9 and a to f). Firewall Protection and Content Filtering v1.0, March 2009 4-23 To enable IP/MAC address binding enforcement and alerts: 1. b. c. Click Apply. For example: 01:23...
FVS336G Reference Manual
Page 80
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering Port triggering allows some applications to the IP address that sent the request. It then automatically sets up forwarding to function correctly that when external devices connect to them, they receive data on a specific...application at any time. • After a PC has finished using a port triggering application, there is required because the VPN firewall cannot be used by another PC. Using this feature requires that you know the port numbers used by the application. A ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering Port triggering allows some applications to the IP address that sent the request. It then automatically sets up forwarding to function correctly that when external devices connect to them, they receive data on a specific...application at any time. • After a PC has finished using a port triggering application, there is required because the VPN firewall cannot be used by another PC. Using this feature requires that you know the port numbers used by the application. A ...
FVS336G Reference Manual
Page 82
... inbound or outbound bandwidth, you can be in a firewall rule to limit specific protocols or all traffic (see "Using Rules to Block or Allow Specific Kinds of day: All Day, or Specific Times. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Setting a Schedule to Block or Allow Specific Traffic Schedules define the timeframes under which will limit...
... inbound or outbound bandwidth, you can be in a firewall rule to limit specific protocols or all traffic (see "Using Rules to Block or Allow Specific Kinds of day: All Day, or Specific Times. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Setting a Schedule to Block or Allow Specific Traffic Schedules define the timeframes under which will limit...
FVS336G Reference Manual
Page 85
... information based on page 8-10). 2. ProSafe Dual WAN Gigabit Firewall with the following operational items: 1. Although rules (see "Using Rules to Block or Allow Specific Kinds of Traffic" on page 4-2) are the basic way of managing the traffic through your system, you can further refine your control with SSL & IPsec VPN FVS336G Reference Manual E-Mail Notifications of...
... information based on page 8-10). 2. ProSafe Dual WAN Gigabit Firewall with the following operational items: 1. Although rules (see "Using Rules to Block or Allow Specific Kinds of Traffic" on page 4-2) are the basic way of managing the traffic through your system, you can further refine your control with SSL & IPsec VPN FVS336G Reference Manual E-Mail Notifications of...
FVS336G Reference Manual
Page 119
...Using Network Resource Objects to Simplify Policies" • "Configuring User, Group, and Global Policies" Understanding the Portal Options The FVS336G's SSL VPN portal can provide two levels of encryption information is completed, the server and client can authenticate itself to the ... such as a standard web browser. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to the VPN 6-1 v1.0, March 2009 Using...
...Using Network Resource Objects to Simplify Policies" • "Configuring User, Group, and Global Policies" Understanding the Portal Options The FVS336G's SSL VPN portal can provide two levels of encryption information is completed, the server and client can authenticate itself to the ... such as a standard web browser. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to the VPN 6-1 v1.0, March 2009 Using...