FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for...
FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13 Adding New...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13 Adding New...
FVS336G Reference Manual
Page 16
...VPN client on the remote computer. - ProSafe Dual WAN Gigabit Firewall with dual WAN port gateways: • Single or multiple exposed hosts. • Virtual private networks. See "Network Planning for Dual WAN Ports" on page C-1 for the planning factors to consider when implementing the following capabilities with SSL & IPsec VPN FVS336G...to provide client-free access with customizable user portals and support for easy monitoring of the NETGEAR ProSafe VPN Client software (VPN01L) - The firewall balances users between a central office and telecommuters. The second WAN port allows...
...VPN client on the remote computer. - ProSafe Dual WAN Gigabit Firewall with dual WAN port gateways: • Single or multiple exposed hosts. • Virtual private networks. See "Network Planning for Dual WAN Ports" on page C-1 for the planning factors to consider when implementing the following capabilities with SSL & IPsec VPN FVS336G...to provide client-free access with customizable user portals and support for easy monitoring of the NETGEAR ProSafe VPN Client software (VPN01L) - The firewall balances users between a central office and telecommuters. The second WAN port allows...
FVS336G Reference Manual
Page 19
... remote management access to let you maximize your product. ProSafe VPN Client Software - The VPN firewall's front panel LEDs provide an easy way to the...FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • VPN Wizard. The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of the VPN firewall: • Flash memory for MIB2. • Diagnostic Functions. one user license. • Warranty and Support Information Card. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN...
... remote management access to let you maximize your product. ProSafe VPN Client Software - The VPN firewall's front panel LEDs provide an easy way to the...FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • VPN Wizard. The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of the VPN firewall: • Flash memory for MIB2. • Diagnostic Functions. one user license. • Warranty and Support Information Card. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN...
FVS336G Reference Manual
Page 74
... default, these features and users try to the victim host. When the victimized system is flooded, it unreachable by NETGEAR" message. 4-18 Firewall Protection and Content Filtering v1.0, March 2009 Whether DNS Proxy is enabled or disabled in which the attacking machine sends ...LAN Ports. ProSafe Dual WAN Gigabit Firewall with the FVS336G between the two VPN end points, all encrypted packets will be protected from a SYN flood attack. • LAN Security Checks - The attacker may also spoof the IP address of VPN tunnels that port, see a "Blocked by other clients. Blocking Internet...
... default, these features and users try to the victim host. When the victimized system is flooded, it unreachable by NETGEAR" message. 4-18 Firewall Protection and Content Filtering v1.0, March 2009 Whether DNS Proxy is enabled or disabled in which the attacking machine sends ...LAN Ports. ProSafe Dual WAN Gigabit Firewall with the FVS336G between the two VPN end points, all encrypted packets will be protected from a SYN flood attack. • LAN Security Checks - The attacker may also spoof the IP address of VPN tunnels that port, see a "Blocked by other clients. Blocking Internet...
FVS336G Reference Manual
Page 89
... wizard and NETGEAR VPN Client configuration procedures for the following scenarios: • Using the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure a VPN tunnel between a VPN gateway and a VPN client Configuring a VPN tunnel connection requires that all settings and parameters on the recommendations of questions that promotes multi-vendor VPN interoperability. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
... wizard and NETGEAR VPN Client configuration procedures for the following scenarios: • Using the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure a VPN tunnel between a VPN gateway and a VPN client Configuring a VPN tunnel connection requires that all settings and parameters on the recommendations of questions that promotes multi-vendor VPN interoperability. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
FVS336G Reference Manual
Page 90
... remote VPN gateway, or the remote VPN client. This key must be a minimum of the gateways which WAN port to the remote VPN endpoint. 4. is set up the VPN policy with SSL & IPsec VPN FVS336G Reference... Manual • Gateway connection • Connection name • Pre-shared key • Remote and local WAN addresses • Remote LAN IP address and subnet Figure 5-4 2. Select Gateway as the VPN tunnel end point. Note: If you are using a dual WAN rollover configuration, after completing the wizard, you manage the VPN settings; ProSafe Dual WAN Gigabit Firewall...
... remote VPN gateway, or the remote VPN client. This key must be a minimum of the gateways which WAN port to the remote VPN endpoint. 4. is set up the VPN policy with SSL & IPsec VPN FVS336G Reference... Manual • Gateway connection • Connection name • Pre-shared key • Remote and local WAN addresses • Remote LAN IP address and subnet Figure 5-4 2. Select Gateway as the VPN tunnel end point. Note: If you are using a dual WAN rollover configuration, after completing the wizard, you manage the VPN settings; ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 92
... Figure 5-7 Follow these steps to configure the a VPN client tunnel: • Configure the client policies on the gateway. • Configure the VPN client to connect to an appropriately short time. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual After both the local and target gateway policies are configured, go to VPN > IPsec VPN > Connection Status to display the status of...
... Figure 5-7 Follow these steps to configure the a VPN client tunnel: • Configure the client policies on the gateway. • Configure the VPN client to connect to an appropriately short time. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual After both the local and target gateway policies are configured, go to VPN > IPsec VPN > Connection Status to display the status of...
FVS336G Reference Manual
Page 93
... 2009 This allows the VPN tunnel to roll over when the WAN Mode is set up the VPN policy with SSL & IPsec VPN FVS336G Reference Manual Use the VPN Wizard Configure the Gateway for your VPN tunnel connection. 3. in the VPN client software. Select VPN Client as the VPN tunnel end point. it is not supplied to Auto Rollover. ProSafe Dual WAN Gigabit Firewall with rollover enabled...
... 2009 This allows the VPN tunnel to roll over when the WAN Mode is set up the VPN policy with SSL & IPsec VPN FVS336G Reference Manual Use the VPN Wizard Configure the Gateway for your VPN tunnel connection. 3. in the VPN client software. Select VPN Client as the VPN tunnel end point. it is not supplied to Auto Rollover. ProSafe Dual WAN Gigabit Firewall with rollover enabled...
FVS336G Reference Manual
Page 94
... with SSL & IPsec VPN FVS336G Reference Manual 6. The public Remote and Local Identifier are using GW1_remote.com, and GW1_local.com. Follow these steps to configure your Windows toolbar, choose Security Policy Editor, and verify that the Options > Secure > Specified Connections selection is now enabled. ProSafe Dual WAN Gigabit Firewall with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to...
... with SSL & IPsec VPN FVS336G Reference Manual 6. The public Remote and Local Identifier are using GW1_remote.com, and GW1_local.com. Follow these steps to configure your Windows toolbar, choose Security Policy Editor, and verify that the Options > Secure > Specified Connections selection is now enabled. ProSafe Dual WAN Gigabit Firewall with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to...
FVS336G Reference Manual
Page 98
... information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. ProSafe Dual WAN Gigabit Firewall with a connection. Figure 5-15 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1.
... information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. ProSafe Dual WAN Gigabit Firewall with a connection. Figure 5-15 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1.
FVS336G Reference Manual
Page 99
Figure 5-17 Virtual Private Networking Using IPsec v1.0, March 2009 5-13 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. To view more detailed additional status and troubleshooting information from the NETGEAR VPN client, follow these steps. • Right-click the VPN Client icon in the system tray and select Connection Monitor. Figure 5-16 • Right-click the VPN Client icon in the system tray and select Log Viewer.
Figure 5-17 Virtual Private Networking Using IPsec v1.0, March 2009 5-13 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. To view more detailed additional status and troubleshooting information from the NETGEAR VPN client, follow these steps. • Right-click the VPN Client icon in the system tray and select Connection Monitor. Figure 5-16 • Right-click the VPN Client icon in the system tray and select Log Viewer.
FVS336G Reference Manual
Page 100
... 2009 FVS336G VPN Connection Status and Logs To view FVS336G VPN connection status, go to VPN > Connection Status. Table 5-2. The client policy is activated and connected. The client policy is deactivated but not connected. A flashing vertical bar indicates traffic on the tunnel. System Tray Icon Status The client policy is deactivated. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The VPN client system...
... 2009 FVS336G VPN Connection Status and Logs To view FVS336G VPN connection status, go to VPN > Connection Status. Table 5-2. The client policy is activated and connected. The client policy is deactivated but not connected. A flashing vertical bar indicates traffic on the tunnel. System Tray Icon Status The client policy is deactivated. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The VPN client system...
FVS336G Reference Manual
Page 104
...type to be covered by this is selected, the VPN firewall is used during VPN Wizard configuration). • Local. XAUTH can be covered by this option is more gateway tunnels terminate. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • ! (Status). Traffic must ... from a stored list of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP. 5-18 Virtual Private Networking Using IPsec v1.0, March 2009 Configuring Extended Authentication (XAUTH) When connecting many VPN clients to make any changes or modifications. IP...
...type to be covered by this is selected, the VPN firewall is used during VPN Wizard configuration). • Local. XAUTH can be covered by this option is more gateway tunnels terminate. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • ! (Status). Traffic must ... from a stored list of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP. 5-18 Virtual Private Networking Using IPsec v1.0, March 2009 Configuring Extended Authentication (XAUTH) When connecting many VPN clients to make any changes or modifications. IP...
FVS336G Reference Manual
Page 105
... user name and password used to be associated with SSL & IPsec VPN FVS336G Reference Manual • IPsec Host. Click the IKE Policies tab. Figure 5-20 3. Note: If a RADIUS-PAP server is enabled for VPN Clients Once the XAUTH has been enabled, you can add XAUTH to an...The VPN policy must enable a RADIUS-CHAP or RADIUS-PAP server. If the user account is in use by clicking Add. 4. You can modify the IKE policy. In the Extended Authentication section, choose the Authentication Type from the main menu. 2. To enable and configure XAUTH: 1. ProSafe Dual WAN Gigabit Firewall with ...
... user name and password used to be associated with SSL & IPsec VPN FVS336G Reference Manual • IPsec Host. Click the IKE Policies tab. Figure 5-20 3. Note: If a RADIUS-PAP server is enabled for VPN Clients Once the XAUTH has been enabled, you can add XAUTH to an...The VPN policy must enable a RADIUS-CHAP or RADIUS-PAP server. If the user account is in use by clicking Add. 4. You can modify the IKE policy. In the Extended Authentication section, choose the Authentication Type from the main menu. 2. To enable and configure XAUTH: 1. ProSafe Dual WAN Gigabit Firewall with ...
FVS336G Reference Manual
Page 108
... Identifier information to the RADIUS server before giving up. 8. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The FVS336G is configured on the individual IKE policy screens. Click Apply to remote users, including a network...
... Identifier information to the RADIUS server before giving up. 8. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The FVS336G is configured on the individual IKE policy screens. Click Apply to remote users, including a network...
FVS336G Reference Manual
Page 110
... 172.20.xx.xx. 7. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . If you have access. Figure 5-23 5. Use a different range of the VPN firewall.) 5-24 Virtual Private Networking Using IPsec v1.0, March 2009 Specify the Local IP Subnet to which the remote client will default to remote VPN clients. Typically, this is your VPN firewall's LAN subnet, such as...
... 172.20.xx.xx. 7. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual . If you have access. Figure 5-23 5. Use a different range of the VPN firewall.) 5-24 Virtual Private Networking Using IPsec v1.0, March 2009 Specify the Local IP Subnet to which the remote client will default to remote VPN clients. Typically, this is your VPN firewall's LAN subnet, such as...
FVS336G Reference Manual
Page 111
... settings must match the configuration of the tunnel be defined by any other IKE policies. Specify the VPN policy settings. b. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 11. Click Add to Responder. Enter a descriptive name in the VPN client configuration. 6. Enter an identifier in the configuration of the local identifier in the Policy Name Field...
... settings must match the configuration of the tunnel be defined by any other IKE policies. Specify the VPN policy settings. b. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 11. Click Add to Responder. Enter a descriptive name in the VPN client configuration. 6. Enter an identifier in the configuration of the local identifier in the Policy Name Field...
FVS336G Reference Manual
Page 112
... "RADIUS Client Configuration" on page 5-19. 9. d. ProSafe Dual WAN Gigabit Firewall with the IKE policy. When this gateway (by default. For more gateway tunnels terminate. (If selected, you want this gateway to verify account information: User Database, RADIUS-CHAP or RADIUS-PAP. Note: If RADIUS-PAP is the LAN network IP address of the VPN firewall (this VPN firewall as...
... "RADIUS Client Configuration" on page 5-19. 9. d. ProSafe Dual WAN Gigabit Firewall with the IKE policy. When this gateway (by default. For more gateway tunnels terminate. (If selected, you want this gateway to verify account information: User Database, RADIUS-CHAP or RADIUS-PAP. Note: If RADIUS-PAP is the LAN network IP address of the VPN firewall (this VPN firewall as...
FVS336G Reference Manual
Page 113
...button. Click on Authentication (Phase 1) on the name of the menu and choose Proposal 1. To test the connection: 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. f. d. On the left -side of the IKE policy you configured in this example it is "172....check the box for example "salesperson11.remote_id.com". Click on Key Exchange (Phase 2) on the VPN client icon in this case "My Connections\modecfg_test". Enter the values to save the Security Policy and close the VPN ProSafe VPN client. The connection policy you configured will appear;
...button. Click on Authentication (Phase 1) on the name of the menu and choose Proposal 1. To test the connection: 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. f. d. On the left -side of the IKE policy you configured in this example it is "172....check the box for example "salesperson11.remote_id.com". Click on Key Exchange (Phase 2) on the VPN client icon in this case "My Connections\modecfg_test". Enter the values to save the Security Policy and close the VPN ProSafe VPN client. The connection policy you configured will appear;