FVS336G Reference Manual
Page 7
... History ...xiv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 Advanced VPN Support for Both IPsec and SSL 1-2 A Powerful, True Firewall with Content Filtering 1-3 Autosensing Ethernet Connections with Auto...FVS336G to the Internet Understanding the Connection Steps 2-1 Logging into the VPN Firewall Router 2-2 Navigating the Menus ...2-3 Configuring the Internet Connections 2-4 Automatically Detecting and Connecting 2-5 Manually Configuring the Internet Connection 2-7 Configuring the WAN Mode (Required for Dual WAN...
... History ...xiv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 Advanced VPN Support for Both IPsec and SSL 1-2 A Powerful, True Firewall with Content Filtering 1-3 Autosensing Ethernet Connections with Auto...FVS336G to the Internet Understanding the Connection Steps 2-1 Logging into the VPN Firewall Router 2-2 Navigating the Menus ...2-3 Configuring the Internet Connections 2-4 Automatically Detecting and Connecting 2-5 Manually Configuring the Internet Connection 2-7 Configuring the WAN Mode (Required for Dual WAN...
FVS336G Reference Manual
Page 8
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Auto-Rollover Mode 2-12 Configuring Load Balancing 2-14 Configuring Dynamic DNS (Optional 2-16 Configuring the Advanced WAN Options (Optional 2-18 Additional WAN Related Configuration 2-20 Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Managing Groups and Hosts (LAN Groups 3-5 Viewing the LAN Groups Database...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Auto-Rollover Mode 2-12 Configuring Load Balancing 2-14 Configuring Dynamic DNS (Optional 2-16 Configuring the Advanced WAN Options (Optional 2-18 Additional WAN Related Configuration 2-20 Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Managing Groups and Hosts (LAN Groups 3-5 Viewing the LAN Groups Database...
FVS336G Reference Manual
Page 12
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will... The Roll-over Case for Firewalls With Dual WAN Ports C-7 The Load Balancing Case for Firewalls With Dual WAN Ports C-7 Inbound Traffic ...C-8 Inbound Traffic to Single WAN Port (Reference Case C-8 Inbound Traffic to Dual WAN Port Systems C-8 Virtual Private ...Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will... The Roll-over Case for Firewalls With Dual WAN Ports C-7 The Load Balancing Case for Firewalls With Dual WAN Ports C-7 Inbound Traffic ...C-8 Inbound Traffic to Single WAN Port (Reference Case C-8 Inbound Traffic to Dual WAN Port Systems C-8 Virtual Private ...Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Index xii v1.0, March 2009
FVS336G Reference Manual
Page 15
...• "Qualified Web Browsers" on page 1-8 Key Features The VPN firewall provides the following key features: • Dual 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing or failover protection of your Internet connection, providing increased system reliability or ...ProSafe Dual WAN Gigabit Firewall with multi-NAT support. 1-1 v1.0, March 2009 As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to maintain a backup connection in case of failure of Gigabit Ethernet LAN and WAN ports ensures extremely high data transfer speeds The FVS336G...
...• "Qualified Web Browsers" on page 1-8 Key Features The VPN firewall provides the following key features: • Dual 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing or failover protection of your Internet connection, providing increased system reliability or ...ProSafe Dual WAN Gigabit Firewall with multi-NAT support. 1-1 v1.0, March 2009 As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to maintain a backup connection in case of failure of Gigabit Ethernet LAN and WAN ports ensures extremely high data transfer speeds The FVS336G...
FVS336G Reference Manual
Page 16
...- See "Network Planning for a wide variety of user repositories. 1-2 Introduction v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with the single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) - Remote access by telecommuters requires the installation of VPN client software... IPsec VPN with broad protocol support for Increased Reliability or Outbound Load Balancing The FVS336G has two broadband WAN ports. Dual WAN Ports for secure connection to provide client-free access with dual WAN port gateways: • Single or multiple exposed hosts. •...
...- See "Network Planning for a wide variety of user repositories. 1-2 Introduction v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with the single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) - Remote access by telecommuters requires the installation of VPN client software... IPsec VPN with broad protocol support for Increased Reliability or Outbound Load Balancing The FVS336G has two broadband WAN ports. Dual WAN Ports for secure connection to provide client-free access with dual WAN port gateways: • Single or multiple exposed hosts. •...
FVS336G Reference Manual
Page 23
... ISP(s). See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on page 2-4 • "Configuring the WAN Mode (Required for dual WAN operation). You can also change your network. See "Configuring the WAN Mode (Required for complete steps. Select either dedicated (single WAN) mode, auto-rollover mode, or load balancing mode. Connect the firewall physically to the instructions in...
... ISP(s). See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on page 2-4 • "Configuring the WAN Mode (Required for dual WAN operation). You can also change your network. See "Configuring the WAN Mode (Required for complete steps. Select either dedicated (single WAN) mode, auto-rollover mode, or load balancing mode. Connect the firewall physically to the instructions in...
FVS336G Reference Manual
Page 32
... attempt to connect to the NETGEAR Web site. When you in the fields. 11. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured on a mutually exclusive basis for either auto-rollover (for increased system reliability) or load balancing (for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. The VPN firewall will be disabled. 2-10...
... attempt to connect to the NETGEAR Web site. When you in the fields. 11. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN can be configured on a mutually exclusive basis for either auto-rollover (for increased system reliability) or load balancing (for Dual WAN) The dual WAN ports of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 9. The VPN firewall will be disabled. 2-10...
FVS336G Reference Manual
Page 33
ProSafe Dual WAN Gigabit Firewall with multiple public IP addresses, you can use a redundant ISP link for backup purposes, select the WAN port that are not visible from the Internet. • The VPN firewall uses NAT to select the correct PC (on your LAN to the Internet v1.0, March 2009 2-11 The VPN firewall... the FVS336G to share a single public Internet IP address. For whichever WAN mode you choose, you configure the WAN Failure Detection Method to support Auto-Rollover. • Load Balancing Mode. This one inbound mapping is configured using an inbound firewall rule....
ProSafe Dual WAN Gigabit Firewall with multiple public IP addresses, you can use a redundant ISP link for backup purposes, select the WAN port that are not visible from the Internet. • The VPN firewall uses NAT to select the correct PC (on your LAN to the Internet v1.0, March 2009 2-11 The VPN firewall... the FVS336G to share a single public Internet IP address. For whichever WAN mode you choose, you configure the WAN Failure Detection Method to support Auto-Rollover. • Load Balancing Mode. This one inbound mapping is configured using an inbound firewall rule....
FVS336G Reference Manual
Page 36
...: • Segregation of Event Logs and Alerts" on the original primary WAN interface by reapplying the Auto-Rollover settings in the WAN Mode menu. When the VPN firewall detects that are not of source IP address for load balancing with SSL & IPsec VPN FVS336G Reference Manual 6. ProSafe Dual WAN Gigabit Firewall with protocol binding: 1. The rollover link is configured. Alternatively, you...
...: • Segregation of Event Logs and Alerts" on the original primary WAN interface by reapplying the Auto-Rollover settings in the WAN Mode menu. When the VPN firewall detects that are not of source IP address for load balancing with SSL & IPsec VPN FVS336G Reference Manual 6. ProSafe Dual WAN Gigabit Firewall with protocol binding: 1. The rollover link is configured. Alternatively, you...
FVS336G Reference Manual
Page 38
...Connecting the FVS336G to DynDNS, TZO and Iego are provided for your convenience on the Dynamic DNS Configuration screen.) The VPN firewall firmware includes software that notifies dynamic DNS servers of whether you have a fixed or dynamic IP address. • For load balancing mode, you... virtual private networks regardless of changes in the firewall, whenever your ISP-assigned IP address changes, your firewall will be , and the address can register a domain name and have a dynamic IP address. ProSafe Dual WAN Gigabit Firewall with varying public IP addresses to set protocol bindings...
...Connecting the FVS336G to DynDNS, TZO and Iego are provided for your convenience on the Dynamic DNS Configuration screen.) The VPN firewall firmware includes software that notifies dynamic DNS servers of whether you have a fixed or dynamic IP address. • For load balancing mode, you... virtual private networks regardless of changes in the firewall, whenever your ISP-assigned IP address changes, your firewall will be , and the address can register a domain name and have a dynamic IP address. ProSafe Dual WAN Gigabit Firewall with varying public IP addresses to set protocol bindings...
FVS336G Reference Manual
Page 39
... and click the Dynamic DNS Configuration tab. Connecting the FVS336G to the Internet v1.0, March 2009 2-17 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To configure Dynamic DNS: 1. Figure 2-13 The Current WAN Mode section reports the currently configured WAN mode. (For example, Single Port WAN1, Load Balancing or Auto Rollover.) Only those options that match...
... and click the Dynamic DNS Configuration tab. Connecting the FVS336G to the Internet v1.0, March 2009 2-17 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To configure Dynamic DNS: 1. Figure 2-13 The Current WAN Mode section reports the currently configured WAN mode. (For example, Single Port WAN1, Load Balancing or Auto Rollover.) Only those options that match...
FVS336G Reference Manual
Page 87
... enable either Auto-Rollover mode for increased system reliability or Load Balancing mode for VPN in load balancing or rollover mode; The use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with VPN" on page 5-30 Considerations for Dual WAN Port Systems If both of the WAN ports of fully qualified domain names in VPN policies...
... enable either Auto-Rollover mode for increased system reliability or Load Balancing mode for VPN in load balancing or rollover mode; The use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with VPN" on page 5-30 Considerations for Dual WAN Port Systems If both of the WAN ports of fully qualified domain names in VPN policies...
FVS336G Reference Manual
Page 88
... for both WAN ports Figure 5-1 WAN Load Balancing: FQDN Optional for VPN Firewall Rest of Firewall Functions Firewall WAN Port Functions Load Balancing Control Figure 5-2 WAN 1 Port WAN 2 Port Internet FQDN required for dynamic IP addresses FQDN optional for static IP addresses Table 5-1 summarizes the WAN addressing requirements (FQDN or IP address) for VPNs in either dual WAN mode. Table 5-1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
... for both WAN ports Figure 5-1 WAN Load Balancing: FQDN Optional for VPN Firewall Rest of Firewall Functions Firewall WAN Port Functions Load Balancing Control Figure 5-2 WAN 1 Port WAN 2 Port Internet FQDN required for dynamic IP addresses FQDN optional for static IP addresses Table 5-1 summarizes the WAN addressing requirements (FQDN or IP address) for VPNs in either dual WAN mode. Table 5-1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
FVS336G Reference Manual
Page 156
...the rule: • BLOCK always • BLOCK by protocol to the WAN port that failed. In such an event and with SSL & IPsec VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps ...outbound traffic. ProSafe Dual WAN Gigabit Firewall with one active WAN port at 1.5 Mbps) As a result and depending on the failed WAN port gets diverted to the WAN port that is not diverted. At 1.5 Mbps, the WAN ports will support the following traffic rates: • Load balancing mode: 3 Mbps (two WAN ports at 1.5...
...the rule: • BLOCK always • BLOCK by protocol to the WAN port that failed. In such an event and with SSL & IPsec VPN FVS336G Reference Manual • WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each ) • Rollover mode: 1.5 Mbps ...outbound traffic. ProSafe Dual WAN Gigabit Firewall with one active WAN port at 1.5 Mbps) As a result and depending on the failed WAN port gets diverted to the WAN port that is not diverted. At 1.5 Mbps, the WAN ports will support the following traffic rates: • Load balancing mode: 3 Mbps (two WAN ports at 1.5...
FVS336G Reference Manual
Page 207
...should consider the following items before you may need a fully qualified domain name either for convenience or to Do Before You Begin The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is a powerful and versatile solution for your network a. b. For rollover mode, you will need a... for more information. See the topics in rollover mode for increased system reliability or load balancing mode for convenience or to consider when planning a network using a firewall that has dual WAN ports. If you intend to implement features such as exposed hosts and virtual private networks...
...should consider the following items before you may need a fully qualified domain name either for convenience or to Do Before You Begin The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is a powerful and versatile solution for your network a. b. For rollover mode, you will need a... for more information. See the topics in rollover mode for increased system reliability or load balancing mode for convenience or to consider when planning a network using a firewall that has dual WAN ports. If you intend to implement features such as exposed hosts and virtual private networks...
FVS336G Reference Manual
Page 208
...in Figure C-1, with SSL & IPsec VPN FVS336G Reference Manual - Contact a Dynamic DNS Service and register fully qualified domain names for one or both WAN ports routed through separate physical facilities. • Each WAN port must be provisioned as cable or DSL... each WAN port or are strongly advised to change the default management password to the VPN firewall through the same ISP. b. For load balancing mode, decide which protocols should be enabled locally after each month, consider enabling a traffic meter to the list. 3. ProSafe Dual WAN Gigabit Firewall with two...
...in Figure C-1, with SSL & IPsec VPN FVS336G Reference Manual - Contact a Dynamic DNS Service and register fully qualified domain names for one or both WAN ports routed through separate physical facilities. • Each WAN port must be provisioned as cable or DSL... each WAN port or are strongly advised to change the default management password to the VPN firewall through the same ISP. b. For load balancing mode, decide which protocols should be enabled locally after each month, consider enabling a traffic meter to the list. 3. ProSafe Dual WAN Gigabit Firewall with two...
FVS336G Reference Manual
Page 213
... Planning for the dual WAN port case is different from the single gateway WAN port case when specifying the IP address. The Load Balancing Case for Firewalls With Dual WAN Ports Load balancing for Dual WAN Ports C-7 v1.0, March 2009 Figure C-2 Features such as multiple exposed hosts are optional when the IP address is static. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The...
... Planning for the dual WAN port case is different from the single gateway WAN port case when specifying the IP address. The Load Balancing Case for Firewalls With Dual WAN Ports Load balancing for Dual WAN Ports C-7 v1.0, March 2009 Figure C-2 Features such as multiple exposed hosts are optional when the IP address is static. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The...
FVS336G Reference Manual
Page 214
...domain name if the IP address is supported and enabled. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one or more... Dynamic Allowed (FQDN optional) FQDN required Dual WAN Port Cases Rollover FQDN required FQDN required Load Balancing Allowed (FQDN optional) FQDN required Inbound Traffic to Single WAN Port (Reference Case) The Internet IP address of the firewall's dual WAN port depends on the configuration being implemented:...
...domain name if the IP address is supported and enabled. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one or more... Dynamic Allowed (FQDN optional) FQDN required Dual WAN Port Cases Rollover FQDN required FQDN required Load Balancing Allowed (FQDN optional) FQDN required Inbound Traffic to Single WAN Port (Reference Case) The Internet IP address of the firewall's dual WAN port depends on the configuration being implemented:...
FVS336G Reference Manual
Page 215
.... Figure C-6 Network Planning for Improved Reliability In the dual WAN port case with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic: Dual WAN Ports for Dual WAN Ports C-9 v1.0, March 2009 A fully-qualified domain name must be used that toggles between the IP addresses of WAN port traffic. ProSafe Dual WAN Gigabit Firewall with rollover, the WAN's IP address will always change at rollover.
.... Figure C-6 Network Planning for Improved Reliability In the dual WAN port case with SSL & IPsec VPN FVS336G Reference Manual Inbound Traffic: Dual WAN Ports for Dual WAN Ports C-9 v1.0, March 2009 A fully-qualified domain name must be used that toggles between the IP addresses of WAN port traffic. ProSafe Dual WAN Gigabit Firewall with rollover, the WAN's IP address will always change at rollover.
FVS336G Reference Manual
Page 216
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used in dual WAN port systems Configuration and WAN IP address Single WAN Port (reference case) Dual WAN Port Cases Rollovera Load Balancing VPN Road ...or the IP address itself when the IP address is different from the single gateway WAN port case when specifying the IP address of the firewall's dual WAN port depends on the configuration being implemented: Table C-2. All tunnels must be re-...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used in dual WAN port systems Configuration and WAN IP address Single WAN Port (reference case) Dual WAN Port Cases Rollovera Load Balancing VPN Road ...or the IP address itself when the IP address is different from the single gateway WAN port case when specifying the IP address of the firewall's dual WAN port depends on the configuration being implemented: Table C-2. All tunnels must be re-...