FVS336G Reference Manual
Page 7
... IP Address, Login Name, and Password Location 1-8 Qualified Web Browsers 1-8 Chapter 2 Connecting the FVS336G to the Internet Understanding the Connection Steps 2-1 Logging into the VPN Firewall Router 2-2 Navigating the Menus ...2-3 Configuring the Internet Connections 2-4 Automatically Detecting and Connecting 2-5 Manually Configuring the Internet Connection 2-7 Configuring the WAN Mode (Required for Dual WAN 2-10 Network Address Translation 2-11...
... IP Address, Login Name, and Password Location 1-8 Qualified Web Browsers 1-8 Chapter 2 Connecting the FVS336G to the Internet Understanding the Connection Steps 2-1 Logging into the VPN Firewall Router 2-2 Navigating the Menus ...2-3 Configuring the Internet Connections 2-4 Automatically Detecting and Connecting 2-5 Manually Configuring the Internet Connection 2-7 Configuring the WAN Mode (Required for Dual WAN 2-10 Network Address Translation 2-11...
FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New ...Adding Authentication Domains, Groups, and Users 7-1 Creating a Domain 7-1 Creating a Group ...7-3 Creating a New User Account 7-4 Setting User Login Policies 7-5 Changing Passwords and Settings 7-7 RADIUS Server External Authentication 7-9 Managing Certificates 7-10 Viewing and Loading CA Certificates 7-11 Viewing Active Self Certificates 7-12 Obtaining a Self Certificate from...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New ...Adding Authentication Domains, Groups, and Users 7-1 Creating a Domain 7-1 Creating a Group ...7-3 Creating a New User Account 7-4 Setting User Login Policies 7-5 Changing Passwords and Settings 7-7 RADIUS Server External Authentication 7-9 Managing Certificates 7-10 Viewing and Loading CA Certificates 7-11 Viewing Active Self Certificates 7-12 Obtaining a Self Certificate from...
FVS336G Reference Manual
Page 11
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File Management 8-15 Upgrading... 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 xi v1.0, March 2009
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Changing Passwords and Administrator Settings 8-8 Enabling Remote Management Access 8-10 Using the Command Line Interface 8-12 Using an SNMP Manager 8-13 Configuration File Management 8-15 Upgrading... 10-4 Troubleshooting a TCP/IP Network Using a Ping Utility 10-5 Testing the LAN Path to Your VPN Firewall 10-5 Testing the Path from Your PC to a Remote Device 10-6 Restoring the Default Configuration and Password 10-7 Problems with Date and Time 10-7 Using the Diagnostics Utilities 10-8 xi v1.0, March 2009
FVS336G Reference Manual
Page 15
Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your local area network (LAN) to the Internet through one or two external broadband access devices such as cable modems or DSL modems. Dual wide area network (WAN) ports allow you to ...Password Location" on page 1-8 • "Qualified Web Browsers" on page 1-8 Key Features The VPN firewall provides the following key features: • Dual 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing or failover protection of your primary Internet connection. As a complete security solution, the FVS336G...
Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your local area network (LAN) to the Internet through one or two external broadband access devices such as cable modems or DSL modems. Dual wide area network (WAN) ports allow you to ...Password Location" on page 1-8 • "Qualified Web Browsers" on page 1-8 Key Features The VPN firewall provides the following key features: • Dual 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing or failover protection of your primary Internet connection. As a complete security solution, the FVS336G...
FVS336G Reference Manual
Page 21
... 10 Mbps. Rear Panel Features The rear panel of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. Introduction 1-7 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN includes Gigabit Ethernet LAN and WAN connections, a cable lock receptacle, power and reset switches, ... flashes to reset the VPN firewall to right, the rear panel contains the following elements: 1. The WAN port has detected a link with RJ-45 connectors. 4. All configuration settings will be lost and the default password will be restored. 2. The...
... 10 Mbps. Rear Panel Features The rear panel of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 1-1. Introduction 1-7 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN includes Gigabit Ethernet LAN and WAN connections, a cable lock receptacle, power and reset switches, ... flashes to reset the VPN firewall to right, the rear panel contains the following elements: 1. The WAN port has detected a link with RJ-45 connectors. 4. All configuration settings will be lost and the default password will be restored. 2. The...
FVS336G Reference Manual
Page 22
... SSL & IPsec VPN FVS336G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS336G's enclosure if you need a reminder of applications. Although these web browsers are qualified for the SSL VPN portal, not the Web Management Interface. 1-8 Introduction v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with JavaScript, cookies...
... SSL & IPsec VPN FVS336G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS336G's enclosure if you need a reminder of applications. Although these web browsers are qualified for the SSL VPN portal, not the Web Management Interface. 1-8 Introduction v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with JavaScript, cookies...
FVS336G Reference Manual
Page 23
...password and enable remote management at this time if desired. You can also select any necessary protocol bindings. Connect the firewall physically to your network according to the instructions in this phase, you will connect to your VPN firewall..."Configuring the Internet Connections" on page 2-2. 3. See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at this time. See "Configuring the WAN Mode (Required for dual WAN operation). This chapter contains the following sections: • "Understanding the Connection...
...password and enable remote management at this time if desired. You can also select any necessary protocol bindings. Connect the firewall physically to your network according to the instructions in this phase, you will connect to your VPN firewall..."Configuring the Internet Connections" on page 2-2. 3. See the Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN is on the NETGEAR website at this time. See "Configuring the WAN Mode (Required for dual WAN operation). This chapter contains the following sections: • "Understanding the Connection...
FVS336G Reference Manual
Page 24
... admin 4. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. See "Configuring Dynamic DNS (Optional)" on page 1-8. 2. Optionally, you can change the factory default MTU size and port speed. Logging into the VPN Firewall Router To connect to the VPN firewall follow these ... in "Qualified Web Browsers" on page 2-16. 6. In the Password field, type password Note that both entries are advanced features and changing them is detailed separately in to the VPN firewall, your fully qualified domain names during this chapter. Configure your computer needs...
... admin 4. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 5. See "Configuring Dynamic DNS (Optional)" on page 1-8. 2. Optionally, you can change the factory default MTU size and port speed. Logging into the VPN Firewall Router To connect to the VPN firewall follow these ... in "Qualified Web Browsers" on page 2-16. 6. In the Password field, type password Note that both entries are advanced features and changing them is detailed separately in to the VPN firewall, your fully qualified domain names during this chapter. Configure your computer needs...
FVS336G Reference Manual
Page 28
... VPN FVS336G Reference Manual a. Login (Username, Password); Login (Username, Password), Local IP address, and PPTP Server IP address; If Auto Detect does not find a connection, you will be prompted to (1) check the physical connection between your VPN firewall and ...Name, Domain Name (sometimes required). Figure 2-5 2-6 Connecting the FVS336G to (2) check your VPN firewall's MAC address (For more information, see "Configuring the WAN Mode (Required for the information. ProSafe Dual WAN Gigabit Firewall with their required settings are detailed in the following table. Static...
... VPN FVS336G Reference Manual a. Login (Username, Password); Login (Username, Password), Local IP address, and PPTP Server IP address; If Auto Detect does not find a connection, you will be prompted to (1) check the physical connection between your VPN firewall and ...Name, Domain Name (sometimes required). Figure 2-5 2-6 Connecting the FVS336G to (2) check your VPN firewall's MAC address (For more information, see "Configuring the WAN Mode (Required for the information. ProSafe Dual WAN Gigabit Firewall with their required settings are detailed in the following table. Static...
FVS336G Reference Manual
Page 29
... the WAN Mode (Required for Dual WAN)" on page 2-10. Note: If the configuration process was successful, you can attempt a manual configuration as described in Table 2-1. Connecting the FVS336G to use the dual WAN capabilities of these options: Figure 2-6 • If your WAN ISP ....0, March 2009 ProSafe Dual WAN Gigabit Firewall with the configuration process for WAN port 2. 4. Select Network Configuration > WAN Settings > WAN1 ISP Settings and enter the following this is the default). • If a login is not required, click No and ignore the Login and Password fields. If ...
... the WAN Mode (Required for Dual WAN)" on page 2-10. Note: If the configuration process was successful, you can attempt a manual configuration as described in Table 2-1. Connecting the FVS336G to use the dual WAN capabilities of these options: Figure 2-6 • If your WAN ISP ....0, March 2009 ProSafe Dual WAN Gigabit Firewall with the configuration process for WAN port 2. 4. Select Network Configuration > WAN Settings > WAN1 ISP Settings and enter the following this is the default). • If a login is not required, click No and ignore the Login and Password fields. If ...
FVS336G Reference Manual
Page 30
... and in the timeout field enter the number of minutes to wait before disconnecting. 2-8 Connecting the FVS336G to keep the connection always on. If you clicked Yes, enter the ISP-provided Login and Password information. 4. b. In most cases, you use from the three listed options. (By default, ...PPPoE). To logout after the connection is PPPoE or PPTP, your ISP has assigned one. Configure the following fields: • Account Name. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Select Keep Connected, to the Internet v1.0, March 2009
... and in the timeout field enter the number of minutes to wait before disconnecting. 2-8 Connecting the FVS336G to keep the connection always on. If you clicked Yes, enter the ISP-provided Login and Password information. 4. b. In most cases, you use from the three listed options. (By default, ...PPPoE). To logout after the connection is PPPoE or PPTP, your ISP has assigned one. Configure the following fields: • Account Name. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. Select Keep Connected, to the Internet v1.0, March 2009
FVS336G Reference Manual
Page 40
For example, the wildcard feature will display. 2-18 Connecting the FVS336G to save your account from the main menu. Click Apply to the Internet v1.0, March 2009 The WAN! For each WAN port, click the Yes radio button for Change DNS to http://www.... the active fields: a. Enter the account information for example, user name, password, key, or domain). Configuring the Advanced WAN Options (Optional) To configure the Advanced WAN options: 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. If it appears, you have chosen (for the service you...
For example, the wildcard feature will display. 2-18 Connecting the FVS336G to save your account from the main menu. Click Apply to the Internet v1.0, March 2009 The WAN! For each WAN port, click the Yes radio button for Change DNS to http://www.... the active fields: a. Enter the account information for example, user name, password, key, or domain). Configuring the Advanced WAN Options (Optional) To configure the Advanced WAN options: 1. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3. If it appears, you have chosen (for the service you...
FVS336G Reference Manual
Page 42
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The format for each WAN, if desired. If you can set up the traffic meter for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either uppercase or lowercase letters A-F). Click Apply to manage the firewall...(see "Changing Passwords and Administrator Settings" on page 9-1. 2-20 Connecting the FVS336G to the Internet v1.0, March 2009 If you enable remote management, we strongly recommend that you want the ability to save your entry will be overwritten. 4. Additional WAN Related Configuration ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The format for each WAN, if desired. If you can set up the traffic meter for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either uppercase or lowercase letters A-F). Click Apply to manage the firewall...(see "Changing Passwords and Administrator Settings" on page 9-1. 2-20 Connecting the FVS336G to the Internet v1.0, March 2009 If you enable remote management, we strongly recommend that you want the ability to save your entry will be overwritten. 4. Additional WAN Related Configuration ...
FVS336G Reference Manual
Page 63
... account if it discovers any server processes (such as a Web or FTP server) from your VPN firewall. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. Firewall Protection and Content Filtering 4-7 v1.0, March 2009 See "Configuring a Bandwidth Profile" on page 4-26.... that allowing inbound services opens holes in your location. We also recommend enabling the server's application security and configuring user password or privilege levels, if provided. Select the desired action: • Always - Inbound Rules (continued) Item Log Bandwidth...
... account if it discovers any server processes (such as a Web or FTP server) from your VPN firewall. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Table 4-2. Firewall Protection and Content Filtering 4-7 v1.0, March 2009 See "Configuring a Bandwidth Profile" on page 4-26.... that allowing inbound services opens holes in your location. We also recommend enabling the server's application security and configuring user password or privilege levels, if provided. Select the desired action: • Always - Inbound Rules (continued) Item Log Bandwidth...
FVS336G Reference Manual
Page 105
...PAP server is in use by the remote gateway, enter a User Name and Password to add XAUTH while the IKE policy is enabled for authentication, XAUTH will ... Add. 4. The IKE Policies screen is chosen, the remote gateway must be associated with SSL & IPsec VPN FVS336G Reference Manual • IPsec Host. Figure 5-20 3. In the Extended Authentication section, choose the Authentication Type from...the User Database to verify user account information. ProSafe Dual WAN Gigabit Firewall with this IKE policy. Configuring XAUTH for authenticating this option is displayed.
...PAP server is in use by the remote gateway, enter a User Name and Password to add XAUTH while the IKE policy is enabled for authentication, XAUTH will ... Add. 4. The IKE Policies screen is chosen, the remote gateway must be associated with SSL & IPsec VPN FVS336G Reference Manual • IPsec Host. Figure 5-20 3. In the Extended Authentication section, choose the Authentication Type from...the User Database to verify user account information. ProSafe Dual WAN Gigabit Firewall with this IKE policy. Configuring XAUTH for authenticating this option is displayed.
FVS336G Reference Manual
Page 106
...RADIUS Client Configuration RADIUS (Remote Authentication Dial In User Service, RFC 2865) is chosen, you want some encrypted response using his username/password information. At that point, the remote user must be authenticated either by a local User Database account or by the remote gateway)....validate a user at the request of Users table, as a VPN concentrator where one or more gateway tunnels terminate. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Edge Device to use a RADIUS server, you may want to be added through the User ...
...RADIUS Client Configuration RADIUS (Remote Authentication Dial In User Service, RFC 2865) is chosen, you want some encrypted response using his username/password information. At that point, the remote user must be authenticated either by a local User Database account or by the remote gateway)....validate a user at the request of Users table, as a VPN concentrator where one or more gateway tunnels terminate. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Edge Device to use a RADIUS server, you may want to be added through the User ...
FVS336G Reference Manual
Page 112
...Enter a Username and Password to be used internally). The new policy will be associated with SSL & IPsec VPN FVS336G Reference Manual 7. ... will appear in the Windows toolbar. XAUTH is disabled by the remote gateway. ProSafe Dual WAN Gigabit Firewall with the IKE policy. Note: If RADIUS-PAP is the LAN network IP ...firewall will also be used to see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. If the user account is chosen, you will need to specify the user name and password...
...Enter a Username and Password to be used internally). The new policy will be associated with SSL & IPsec VPN FVS336G Reference Manual 7. ... will appear in the Windows toolbar. XAUTH is disabled by the remote gateway. ProSafe Dual WAN Gigabit Firewall with the IKE policy. Note: If RADIUS-PAP is the LAN network IP ...firewall will also be used to see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. If the user account is chosen, you will need to specify the user name and password...
FVS336G Reference Manual
Page 125
...addresses and TCP applications (port numbers) that don't support ActiveX. 4. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will reroute this traffic to the VPN firewall. Virtual Private Networking Using SSL Connections 6-7 v1.0, March 2009 Your choices...check the checkboxes for the portal pages you must create name and password accounts for Port Forwarding Port Forwarding provides access to the user requires three items: a User Name, a Password, and a Domain selection. Configuring Applications for your settings. In ...
...addresses and TCP applications (port numbers) that don't support ActiveX. 4. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will reroute this traffic to the VPN firewall. Virtual Private Networking Using SSL Connections 6-7 v1.0, March 2009 Your choices...check the checkboxes for the portal pages you must create name and password accounts for Port Forwarding Port Forwarding provides access to the user requires three items: a User Name, a Password, and a Domain selection. Configuring Applications for your settings. In ...
FVS336G Reference Manual
Page 139
... to groups. Note: IPsec VPN users will connect to the VPN firewall. Users connecting to the VPN firewall must be presented. The login window presented to the user requires three items: a User Name, a Password, and a Domain selection. The Domain determines the authentication method to be... Users" on page 7-1 • "Managing Certificates" on page 7-10 Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will always belong to the default domain (geardomain) and are only needed domains first, then groups, then user ...
... to groups. Note: IPsec VPN users will connect to the VPN firewall. Users connecting to the VPN firewall must be presented. The login window presented to the user requires three items: a User Name, a Password, and a Domain selection. The Domain determines the authentication method to be... Users" on page 7-1 • "Managing Certificates" on page 7-10 Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will always belong to the default domain (geardomain) and are only needed domains first, then groups, then user ...
FVS336G Reference Manual
Page 143
... 7-6 2. Password/Confirm Password. The new user appears in only from certain IP addresses or using particular browsers. In this user from WAN Interface is the period at which an idle user will be automatically logged out of Users. Click Apply to the VPN firewall, select the Disable Login checkbox. 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
... 7-6 2. Password/Confirm Password. The new user appears in only from certain IP addresses or using particular browsers. In this user from WAN Interface is the period at which an idle user will be automatically logged out of Users. Click Apply to the VPN firewall, select the Disable Login checkbox. 3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...