FVS336G Reference Manual
Page 3
... from this software without modification, are permitted subject to the following conditions: 1. TERMS Redistribution and use in source and binary forms, with or without his specific prior written permission. This software is provided 'as is in the second category (information equipment to be used in a residential area or an adjacent area...
... from this software without modification, are permitted subject to the following conditions: 1. TERMS Redistribution and use in source and binary forms, with or without his specific prior written permission. This software is provided 'as is in the second category (information equipment to be used in a residential area or an adjacent area...
FVS336G Reference Manual
Page 5
...Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS336G March 2009 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN Business English 202-10257-04 1.0 v 1.0, March 2009 The name of this software for any ...A PARTICULAR PURPOSE. Altered source versions must be plainly marked as such, and must not be appreciated but is ', without specific prior written permission. This software is provided 'as being the original software. 3. you must not claim that you use ...
...Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVS336G March 2009 VPN Firewall ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN Business English 202-10257-04 1.0 v 1.0, March 2009 The name of this software for any ...A PARTICULAR PURPOSE. Altered source versions must be plainly marked as such, and must not be appreciated but is ', without specific prior written permission. This software is provided 'as being the original software. 3. you must not claim that you use ...
FVS336G Reference Manual
Page 8
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Auto-Rollover Mode 2-12 Configuring Load Balancing 2-14 Configuring Dynamic DNS (Optional 2-16 Configuring the Advanced WAN Options (Optional 2-18 Additional WAN Related Configuration 2-20 Chapter 3 LAN Configuration Choosing the Firewall...3-10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 About Services-Based Rules 4-3 Viewing ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Auto-Rollover Mode 2-12 Configuring Load Balancing 2-14 Configuring Dynamic DNS (Optional 2-16 Configuring the Advanced WAN Options (Optional 2-18 Additional WAN Related Configuration 2-20 Chapter 3 LAN Configuration Choosing the Firewall...3-10 Configuring Routing Information Protocol (RIP 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 About Services-Based Rules 4-3 Viewing ...
FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin C-1 Cabling and Computer Hardware Requirements C-3 Computer Network Configuration Requirements C-3 Internet ...Authentication Why do I need Two-Factor Authentication D-1 What are the benefits of Two-Factor Authentication D-1 What is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
FVS336G Reference Manual
Page 33
... primary link is disabled. For whichever WAN mode you choose, you configure the WAN Failure Detection Method to specific PCs on your ISP has provided you with SSL & IPsec VPN FVS336G Reference Manual • Auto-Rollover Mode. The selected WAN interface is made primary and the other...FVS336G to the original primary link once the original primary link is configured using an inbound firewall rule. If certain traffic needs to be bypassed for this mode. PCs on your LAN to -one address as the primary link for certain traffic or applications. ProSafe Dual WAN Gigabit Firewall ...
... primary link is disabled. For whichever WAN mode you choose, you configure the WAN Failure Detection Method to specific PCs on your ISP has provided you with SSL & IPsec VPN FVS336G Reference Manual • Auto-Rollover Mode. The selected WAN interface is made primary and the other...FVS336G to the original primary link once the original primary link is configured using an inbound firewall rule. If certain traffic needs to be bypassed for this mode. PCs on your LAN to -one address as the primary link for certain traffic or applications. ProSafe Dual WAN Gigabit Firewall ...
FVS336G Reference Manual
Page 47
... PC, users cannot avoid these restrictions by changing their IP address. The LAN Groups Database uses the MAC address to Block or Allow Specific Kinds of Traffic" on PCs. Because the address allocated by the DHCP server will accept and respond to identify each PC or device....be maintained until the PC or device is used to DHCP client requests from the database, either IP address or MAC addresses. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table in the LAN Groups menu contains a ...
... PC, users cannot avoid these restrictions by changing their IP address. The LAN Groups Database uses the MAC address to Block or Allow Specific Kinds of Traffic" on PCs. Because the address allocated by the DHCP server will accept and respond to identify each PC or device....be maintained until the PC or device is used to DHCP client requests from the database, either IP address or MAC addresses. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table in the LAN Groups menu contains a ...
FVS336G Reference Manual
Page 57
... your LAN) from another (the untrusted network, such as chat or games. Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to Block or Allow Specific Traffic" on page 4-26 • "Configuring a Bandwidth Profile" on page 4-26 • "Configuring...
... your LAN) from another (the untrusted network, such as chat or games. Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to Block or Allow Specific Traffic" on page 4-26 • "Configuring a Bandwidth Profile" on page 4-26 • "Configuring...
FVS336G Reference Manual
Page 58
... only specific outside resources local users can have access to. User-defined firewall rules for controlling the types of traffic that it considers whether the incoming packet is in that can flow between the two networks. Block all access from the LAN side. • Outbound. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual A firewall incorporates...
... only specific outside resources local users can have access to. User-defined firewall rules for controlling the types of traffic that it considers whether the incoming packet is in that can flow between the two networks. Block all access from the LAN side. • Outbound. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual A firewall incorporates...
FVS336G Reference Manual
Page 59
... otherwise blocked traffic. • Customized Services. Firewall Protection and Content Filtering 4-3 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About Services-Based Rules The rules to... pass through the system (see "Setting Quality of Service (QoS) Priorities" on page 4-16). Outbound Rules (Service Blocking) The FVS336G allows you create will be changed to block all outbound traffic and enable only specific...
... otherwise blocked traffic. • Customized Services. Firewall Protection and Content Filtering 4-3 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual About Services-Based Rules The rules to... pass through the system (see "Setting Quality of Service (QoS) Priorities" on page 4-16). Outbound Rules (Service Blocking) The FVS336G allows you create will be changed to block all outbound traffic and enable only specific...
FVS336G Reference Manual
Page 60
... is that particular PC. • Address range - Use the LAN Groups screen (under Network Configuration) to assign PCs to the same firewall rule, they will be applied to Block or Allow Specific Traffic" on your rules. • Never - By default, the priority shown is selected, you must enter the start and end.... • Use schedule page to configure the time schedules (see "Setting a Schedule to the policy. Specifies whether the source IP address of a bandwidth limiting profile. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-1.
... is that particular PC. • Address range - Use the LAN Groups screen (under Network Configuration) to assign PCs to the same firewall rule, they will be applied to Block or Allow Specific Traffic" on your rules. • Never - By default, the priority shown is selected, you must enter the start and end.... • Use schedule page to configure the time schedules (see "Setting a Schedule to the policy. Specifies whether the source IP address of a bandwidth limiting profile. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-1.
FVS336G Reference Manual
Page 62
Inbound traffic to Block or Allow Specific Traffic" on page 4-26). • This drop down menu gets activated only... is hosting this service rule. (You can either be used by this rule. ProSafe Dual WAN Gigabit Firewall with Classical Routing (not NAT). Inbound Rules Item Description Service Action (Filter) Schedule Send to LAN Server ... the WAN1 or WAN2 ports or another public IP address. This field appears only with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. Specifies which is selected as Action. • Use schedule page to a different service port...
Inbound traffic to Block or Allow Specific Traffic" on page 4-26). • This drop down menu gets activated only... is hosting this service rule. (You can either be used by this rule. ProSafe Dual WAN Gigabit Firewall with Classical Routing (not NAT). Inbound Rules Item Description Service Action (Filter) Schedule Send to LAN Server ... the WAN1 or WAN2 ports or another public IP address. This field appears only with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. Specifies which is selected as Action. • Use schedule page to a different service port...
FVS336G Reference Manual
Page 64
... IPsec VPN FVS336G Reference Manual Viewing the Rules To view the firewall rules: Select Security > Firewall from the LAN to a new position in the table. For any traffic attempting to pass through the firewall, the packet information is to allow you should place the most specific services or ... Precedence for Rules As you to enable only specific services to the tables in the Rules menu as the last item in the list, as shown in Figure 4-1. 4-8 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with the most strict rules at the top...
... IPsec VPN FVS336G Reference Manual Viewing the Rules To view the firewall rules: Select Security > Firewall from the LAN to a new position in the table. For any traffic attempting to pass through the firewall, the packet information is to allow you should place the most specific services or ... Precedence for Rules As you to enable only specific services to the tables in the Rules menu as the last item in the list, as shown in Figure 4-1. 4-8 Firewall Protection and Content Filtering v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with the most strict rules at the top...
FVS336G Reference Manual
Page 65
... by choosing Block Always from an internal IP LAN address to an external WAN IP address according to save your specific needs (see "Administrator Tips" on page 4-29). Creating a LAN WAN Outbound Services Rule An outbound rule will block or allow the selected application...cause serious problems. To create a new outbound service rule in the LAN WAN Rules tab: 1. Figure 4-2 2. Click Apply to the schedule created in Table 4-1 on this screen. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. You can also tailor these rules to your changes and reset...
... by choosing Block Always from an internal IP LAN address to an external WAN IP address according to save your specific needs (see "Administrator Tips" on page 4-29). Creating a LAN WAN Outbound Services Rule An outbound rule will block or allow the selected application...cause serious problems. To create a new outbound service rule in the LAN WAN Rules tab: 1. Figure 4-2 2. Click Apply to the schedule created in Table 4-1 on this screen. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. You can also tailor these rules to your changes and reset...
FVS336G Reference Manual
Page 75
... infect computers. Firewall Protection and Content Filtering v1.0, March 2009 4-19 Certain commonly used web components can apply the keywords to a specific IP address are...computer running Internet Explorer. Blocks java applets from being downloaded from being downloaded. - ProSafe Dual WAN Gigabit Firewall with useful functions provided by these components are available: • Web Components blocking....Java, ActiveX, and Cookies. Blocking cookies may interfere with SSL & IPsec VPN FVS336G Reference Manual Several types of these websites. • Keyword Blocking (Domain Name...
... infect computers. Firewall Protection and Content Filtering v1.0, March 2009 4-19 Certain commonly used web components can apply the keywords to a specific IP address are...computer running Internet Explorer. Blocks java applets from being downloaded from being downloaded. - ProSafe Dual WAN Gigabit Firewall with useful functions provided by these components are available: • Web Components blocking....Java, ActiveX, and Cookies. Blocking cookies may interfere with SSL & IPsec VPN FVS336G Reference Manual Several types of these websites. • Keyword Blocking (Domain Name...
FVS336G Reference Manual
Page 79
... by using a DHCP reserved address (see "Configuring DHCP Address Reservation" on page 4-29). 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring IP/MAC Address Binding Alerts You can be bound to a specific MAC address either by manually binding in the Add IP/MAC Bindings section: a. Figure 4-12 2....IP/MAC Violations frame, check the Yes radio button to display the Source MAC Filter tab page. An IP address can configure the FVS336G to drop packets and generate an alert when a device appears to f). For example: 01:23:45:ab:cd:ef. To ...
... by using a DHCP reserved address (see "Configuring DHCP Address Reservation" on page 4-29). 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring IP/MAC Address Binding Alerts You can be bound to a specific MAC address either by manually binding in the Add IP/MAC Bindings section: a. Figure 4-12 2....IP/MAC Violations frame, check the Yes radio button to display the Source MAC Filter tab page. An IP address can configure the FVS336G to drop packets and generate an alert when a device appears to f). For example: 01:23:45:ab:cd:ef. To ...
FVS336G Reference Manual
Page 80
...remote system receives the PC's request and responds using the different port numbers that application only on a specific port or range of ports. The VPN firewall matches the response to the previous request, and forwards the response to the IP address that sent the ...one PC can be used by another PC. Without Port Triggering, this entry in the Port Triggering table. 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering Port triggering allows some applications to function correctly that would otherwise be partially blocked by ...
...remote system receives the PC's request and responds using the different port numbers that application only on a specific port or range of ports. The VPN firewall matches the response to the previous request, and forwards the response to the IP address that sent the ...one PC can be used by another PC. Without Port Triggering, this entry in the Port Triggering table. 2. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering Port triggering allows some applications to function correctly that would otherwise be partially blocked by ...
FVS336G Reference Manual
Page 82
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Setting a Schedule to a schedule for Schedule 2 and Schedule 3. Repeat these steps to set a minimum and maximum bandwidth for an individual or group. Figure 4-14 Three schedules, Schedule 1, Schedule 2 and Schedule3 can be in a firewall rule to limit specific... protocols or all traffic (see "Using Rules to schedule the time of day: All Day, or Specific Times. To invoke rules based on page 4-2). Check the radio...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Setting a Schedule to a schedule for Schedule 2 and Schedule 3. Repeat these steps to set a minimum and maximum bandwidth for an individual or group. Figure 4-14 Three schedules, Schedule 1, Schedule 2 and Schedule3 can be in a firewall rule to limit specific... protocols or all traffic (see "Using Rules to schedule the time of day: All Day, or Specific Times. To invoke rules based on page 4-2). Check the radio...
FVS336G Reference Manual
Page 85
... segments of your control with SSL & IPsec VPN FVS336G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be generated when someone on your network tries...Specific Traffic" on page 4-26) • Block sites (see "Blocking Internet Sites (Content Filtering)" on page 4-18) • Source MAC filtering (see "Configuring Source MAC Filtering" on page 4-21) • Port triggering (see "Enabling Remote Management Access" on page 8-10). 2. denied incoming and outgoing service requests; hacker probes and login attempts; ProSafe Dual WAN Gigabit Firewall...
... segments of your control with SSL & IPsec VPN FVS336G Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be generated when someone on your network tries...Specific Traffic" on page 4-26) • Block sites (see "Blocking Internet Sites (Content Filtering)" on page 4-18) • Source MAC filtering (see "Configuring Source MAC Filtering" on page 4-21) • Port triggering (see "Enabling Remote Management Access" on page 8-10). 2. denied incoming and outgoing service requests; hacker probes and login attempts; ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 119
... Applications for a customizable, secure, user portal experience from virtually any available platform. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used...
... Applications for a customizable, secure, user portal experience from virtually any available platform. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used...