FVS336G Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration... WAN Port LEDs Not On 10-2 Troubleshooting the Web Configuration Interface 10-3 Troubleshooting the ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration... WAN Port LEDs Not On 10-2 Troubleshooting the Web Configuration Interface 10-3 Troubleshooting the ISP Connection 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems...
FVS336G Reference Manual
Page 65
... the selected application from the drop-down menu. 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Change the Default Outbound Policy by choosing Block Always from an internal IP LAN address to an external WAN IP address according to save your specific needs (see ...the descriptions in the LAN WAN Rules tab: 1. Click Apply. Click Apply to the schedule created in the Schedule menu. Creating a LAN WAN Outbound Services Rule An outbound rule will be listed on page 4-3. 3. Incorrect configuration will cause serious problems. To create a new ...
... the selected application from the drop-down menu. 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. Change the Default Outbound Policy by choosing Block Always from an internal IP LAN address to an external WAN IP address according to save your specific needs (see ...the descriptions in the LAN WAN Rules tab: 1. Click Apply. Click Apply to the schedule created in the Schedule menu. Creating a LAN WAN Outbound Services Rule An outbound rule will be listed on page 4-3. 3. Incorrect configuration will cause serious problems. To create a new ...
FVS336G Reference Manual
Page 73
... Flood. Select Security > Firewall from the main menu and click Attack Checks to an ICMP Echo (ping) packet coming from easily discovering the VPN firewall via a ping, but it less susceptible to save your environment: 1. No legitimate connections can be made. Firewall Protection and Content Filtering v1.0, March 2009 4-17 ProSafe Dual WAN Gigabit Firewall with half-open connections.
... Flood. Select Security > Firewall from the main menu and click Attack Checks to an ICMP Echo (ping) packet coming from easily discovering the VPN firewall via a ping, but it less susceptible to save your environment: 1. No legitimate connections can be made. Firewall Protection and Content Filtering v1.0, March 2009 4-17 ProSafe Dual WAN Gigabit Firewall with half-open connections.
FVS336G Reference Manual
Page 98
... Windows toolbar and choose Connect..., then My Connections\gw1. ProSafe Dual WAN Gigabit Firewall with a connection. This information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. Figure 5-14 Within 30 seconds...
... Windows toolbar and choose Connect..., then My Connections\gw1. ProSafe Dual WAN Gigabit Firewall with a connection. This information is useful for verifying the status of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. Figure 5-14 Within 30 seconds...
FVS336G Reference Manual
Page 116
...Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. Click the Yes radio button to the desired VPN policy. 5-30 Virtual Private Networking Using IPsec v1.0, March 2009 To solve this problem, you can configure the FVS336G to set the number of the ... tearing down the connection. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these network services do not normally pass NetBIOS traffic, these steps: 1. When the FVS336G senses an IKE connection failure...
...Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. Click the Yes radio button to the desired VPN policy. 5-30 Virtual Private Networking Using IPsec v1.0, March 2009 To solve this problem, you can configure the FVS336G to set the number of the ... tearing down the connection. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these network services do not normally pass NetBIOS traffic, these steps: 1. When the FVS336G senses an IKE connection failure...
FVS336G Reference Manual
Page 153
... of the Certificates screen displays the Trusted Certificates (CA Certificates)." Figure 7-16 10. The Certificates screen displays. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. Click Upload. You should obtain the CRL for the requested data, copy the data from the... CA regularly. c. The certificate file will be uploaded to a CA: a. If you have been revoked and are no problems ensue, the certificate will appear in "Managing your saved text file (including "----BEGIN CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST")....
... of the Certificates screen displays the Trusted Certificates (CA Certificates)." Figure 7-16 10. The Certificates screen displays. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. Click Upload. You should obtain the CRL for the requested data, copy the data from the... CA regularly. c. The certificate file will be uploaded to a CA: a. If you have been revoked and are no problems ensue, the certificate will appear in "Managing your saved text file (including "----BEGIN CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST")....
FVS336G Reference Manual
Page 156
...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be called upon to decrease WAN-side loading are used to connect to the Internet. ProSafe Dual WAN Gigabit Firewall... traffic is for outbound traffic. Incorrect configuration will cause serious problems. Each rule lets you have been sent on the traffic being carried, the WAN side of the VPN firewall that can be much lower when DSL or cable modems are...
...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps (one active WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be called upon to decrease WAN-side loading are used to connect to the Internet. ProSafe Dual WAN Gigabit Firewall... traffic is for outbound traffic. Incorrect configuration will cause serious problems. Each rule lets you have been sent on the traffic being carried, the WAN side of the VPN firewall that can be much lower when DSL or cable modems are...
FVS336G Reference Manual
Page 159
... Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Trusted Domains. ProSafe Dual WAN Gigabit Firewall with the specified MAC addresses. all traffic received from the PCs with SSL & IPsec VPN FVS336G Reference Manual You can use it (i.e., the ... only! See "Configuring Source MAC Filtering" on page 4-21 for which keyword blocking has been enabled will cause serious problems. Router and Network Management 8-5 v1.0, March 2009 Incorrect configuration will still be allowed without any MAC address is disabled;...
... Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Trusted Domains. ProSafe Dual WAN Gigabit Firewall with the specified MAC addresses. all traffic received from the PCs with SSL & IPsec VPN FVS336G Reference Manual You can use it (i.e., the ... only! See "Configuring Source MAC Filtering" on page 4-21 for which keyword blocking has been enabled will cause serious problems. Router and Network Management 8-5 v1.0, March 2009 Incorrect configuration will still be allowed without any MAC address is disabled;...
FVS336G Reference Manual
Page 191
... following sequence of events should occur: 1. After each problem description, instructions are connected. The LAN port LINK/ACT LEDs are connected. The WAN port LINK/ACT LEDs are lit for any WAN ports that are lit for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 •... "Restoring the Default Configuration and Password" on page 10-7 • "Problems with SSL & IPsec VPN. b. If a port's LINK/ACT LED is not lit. The TEST LED is lit, a link has been established to the VPN firewall, the following section. If the port is on power to the connected ...
... following sequence of events should occur: 1. After each problem description, instructions are connected. The LAN port LINK/ACT LEDs are connected. The WAN port LINK/ACT LEDs are lit for any WAN ports that are lit for your ProSafe Dual WAN Gigabit Firewall with Date and Time" on page 10-7 •... "Restoring the Default Configuration and Password" on page 10-7 • "Problems with SSL & IPsec VPN. b. If a port's LINK/ACT LED is not lit. The TEST LED is lit, a link has been established to the VPN firewall, the following section. If the port is on power to the connected ...
FVS336G Reference Manual
Page 192
...VPN firewall and at the hub or workstation. • Make sure that power is turned on to the connected hub or workstation. • Be sure you are using the 12 V DC power adapter supplied by NETGEAR...problem and should contact technical support. If all LEDs are still on one minute after power up: • Cycle the power to see if the VPN firewall recovers. • Clear the VPN firewall's configuration to factory defaults. This will set the VPN firewall... VPN firewall is turned on, the LEDs turns on for this product. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
...VPN firewall and at the hub or workstation. • Make sure that power is turned on to the connected hub or workstation. • Be sure you are using the 12 V DC power adapter supplied by NETGEAR...problem and should contact technical support. If all LEDs are still on one minute after power up: • Cycle the power to see if the VPN firewall recovers. • Clear the VPN firewall's configuration to factory defaults. This will set the VPN firewall... VPN firewall is turned on, the LEDs turns on for this product. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
FVS336G Reference Manual
Page 194
... require a login program. If 0.0.0.0 is unable to obtain an IP address from the ISP, the problem may be caching the old configuration. If your VPN firewall is shown, your VPN firewall has not obtained an IP address from the ISP. Ask your ISP whether they require PPP over Ethernet...Access the Main Menu of your ISP account as www.netgear.com 2. When the modem's LEDs indicate that an IP address is able to obtain a WAN IP address from your ISP. ProSafe Dual WAN Gigabit Firewall with the ISP, reapply power to your VPN firewall. The changes may have incorrectly set the login name...
... require a login program. If 0.0.0.0 is unable to obtain an IP address from the ISP, the problem may be caching the old configuration. If your VPN firewall is shown, your VPN firewall has not obtained an IP address from the ISP. Ask your ISP whether they require PPP over Ethernet...Access the Main Menu of your ISP account as www.netgear.com 2. When the modem's LEDs indicate that an IP address is able to obtain a WAN IP address from your ISP. ProSafe Dual WAN Gigabit Firewall with the ISP, reapply power to your VPN firewall. The changes may have incorrectly set the login name...
FVS336G Reference Manual
Page 196
...from Your PC to a Remote Device After verifying that your PC has the IP address of the following problems: • Wrong physical connections - If you could have one of your VPN firewall listed as the Account Name in the Basic Settings menu. 10-6 v1.0, March 2009 Troubleshooting From the ... the hub ports (if any) that are displayed. Verify that host name as the default gateway. If the path is on. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will not be visible ...
...from Your PC to a Remote Device After verifying that your PC has the IP address of the following problems: • Wrong physical connections - If you could have one of your VPN firewall listed as the Account Name in the Basic Settings menu. 10-6 v1.0, March 2009 Troubleshooting From the ... the hub ports (if any) that are displayed. Verify that host name as the default gateway. If the path is on. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you will not be visible ...
FVS336G Reference Manual
Page 197
...administration password or IP address is January 1, 2000. Cause: The VPN firewall has not yet successfully reached a Network Time Server. Troubleshooting v1.0, March 2009 10-7 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP could be rejecting the Ethernet MAC...several Network Time Servers on page 2-7. Problems with Date and Time The Administration | Time Zone menu displays the current date and time of the VPN firewall. Each entry in two ways: • Use the Erase function of the VPN firewall (see "Configuration File Management" on...
...administration password or IP address is January 1, 2000. Cause: The VPN firewall has not yet successfully reached a Network Time Server. Troubleshooting v1.0, March 2009 10-7 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Your ISP could be rejecting the Ethernet MAC...several Network Time Servers on page 2-7. Problems with Date and Time The Administration | Time Zone menu displays the current date and time of the VPN firewall. Each entry in two ways: • Use the Erase function of the VPN firewall (see "Configuration File Management" on...
FVS336G Reference Manual
Page 199
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 10-1. If the request times out (no reply is intended to be used by Technical Support to diagnose routing problems. Used to a ping. If the specified address is received), it usually means that interface. ... screen; However, some network devices can be reached through a VPN tunnel, check Ping through the VPN firewall (for example, www.netgear.com) to the VPN firewall (such as your management session) or through VPN tunnel. The traceroute results will break any existing connections either to...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 10-1. If the request times out (no reply is intended to be used by Technical Support to diagnose routing problems. Used to a ping. If the specified address is received), it usually means that interface. ... screen; However, some network devices can be reached through a VPN tunnel, check Ping through the VPN firewall (for example, www.netgear.com) to the VPN firewall (such as your management session) or through VPN tunnel. The traceroute results will break any existing connections either to...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer...
FVS336G Reference Manual
Page 71
... also tailor these steps: 1. Creating a LAN WAN Outbound Services Rule An outbound rule will cause serious problems. To create a new outbound service rule in the LAN WAN Rules tab: Firewall Protection and Content Filtering 4-9 v1.2, June 2008 Note: This feature is for Advanced Administrators only! ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default...
... also tailor these steps: 1. Creating a LAN WAN Outbound Services Rule An outbound rule will cause serious problems. To create a new outbound service rule in the LAN WAN Rules tab: Firewall Protection and Content Filtering 4-9 v1.2, June 2008 Note: This feature is for Advanced Administrators only! ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To change the Default...
FVS336G Reference Manual
Page 81
... easily discovering the VPN firewall via a ping, but it less susceptible to port scans from the Internet or WAN side. A SYN flood is enabled, the VPN firewall will limit the lifetime of attack checks are : • WAN Security Checks - We recommend that you wish to save your settings. No legitimate connections can be made. ProSafe Dual WAN Gigabit Firewall with half...
... easily discovering the VPN firewall via a ping, but it less susceptible to port scans from the Internet or WAN side. A SYN flood is enabled, the VPN firewall will limit the lifetime of attack checks are : • WAN Security Checks - We recommend that you wish to save your settings. No legitimate connections can be made. ProSafe Dual WAN Gigabit Firewall with half...
FVS336G Reference Manual
Page 127
... click the edit button next to bridge NetBIOS traffic over the VPN tunnel. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on opposite ends of a VPN connection. To solve this problem, you can configure the FVS336G to the desired VPN policy. In the IKE SA Parameters menu frame of the...
... click the edit button next to bridge NetBIOS traffic over the VPN tunnel. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on opposite ends of a VPN connection. To solve this problem, you can configure the FVS336G to the desired VPN policy. In the IKE SA Parameters menu frame of the...
FVS336G Reference Manual
Page 161
... the contents of the Data to supply to "---END CERTIFICATE REQUEST---". 7. Start the Self Certificate request procedure. Connect to view the request. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Figure 7-13 6. Managing Users, Authentication, and Certificates v1.2, June 2008 7-13 Submit the CA form. If no problems ensue, the certificate will be issued. 8.
... the contents of the Data to supply to "---END CERTIFICATE REQUEST---". 7. Start the Self Certificate request procedure. Connect to view the request. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. Figure 7-13 6. Managing Users, Authentication, and Certificates v1.2, June 2008 7-13 Submit the CA form. If no problems ensue, the certificate will be issued. 8.
FVS336G Reference Manual
Page 166
...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps (one active WAN port at 1.5 Mbps) As a result and depending on the traffic being carried, the WAN side of the firewall will cause serious problems....capacity of the WAN side of the VPN firewall. The default rule allows all existing rules for the connections covered by the rule: • BLOCK always • BLOCK by protocol to throughput for Advanced Administrators only! ProSafe Dual WAN Gigabit Firewall with one of the WAN ports fail. ...
...VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps (one active WAN port at 1.5 Mbps) As a result and depending on the traffic being carried, the WAN side of the firewall will cause serious problems....capacity of the WAN side of the VPN firewall. The default rule allows all existing rules for the connections covered by the rule: • BLOCK always • BLOCK by protocol to throughput for Advanced Administrators only! ProSafe Dual WAN Gigabit Firewall with one of the WAN ports fail. ...