FVS336G Reference Manual
Page 9
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for Client...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Port Triggering 4-24 Setting a Schedule to Block or Allow Specific Traffic 4-26 Configuring a Bandwidth Profile 4-26 Configuring Session Limits 4-28 E-Mail Notifications of Event Logs and Alerts 4-29 Administrator Tips ...4-29 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems 5-1 Using the VPN Wizard for Client...
FVS336G Reference Manual
Page 10
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users 6-7 Configuring Applications for Port Forwarding 6-7 Adding Servers ...6-8 Adding A New Host Name 6-9 Configuring the SSL VPN Client 6-10 Configuring the Client IP Address Range 6-11 Adding Routes for VPN Tunnel Clients 6-12 Replacing and Deleting Client Routes 6-12 Using Network Resource Objects to Simplify Policies 6-13...
FVS336G Reference Manual
Page 15
...FVS336G incorporates a powerful and flexible firewall to maintain a backup connection in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources. • Advanced IPsec and SSL VPN support. • Advanced stateful packet inspection (SPI) firewall... with multi-NAT support. 1-1 v1.0, March 2009 The use of your primary Internet connection. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your local...
...FVS336G incorporates a powerful and flexible firewall to maintain a backup connection in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources. • Advanced IPsec and SSL VPN support. • Advanced stateful packet inspection (SPI) firewall... with multi-NAT support. 1-1 v1.0, March 2009 The use of your primary Internet connection. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN connects your local...
FVS336G Reference Manual
Page 16
...NETGEAR ProSafe VPN Client software (VPN01L) - The firewall balances users between a central office and telecommuters. Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for maximum bandwidth efficiency. Advanced VPN Support for Both IPsec and SSL The VPN firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN...Supports 25 concurrent IPsec VPN tunnels. • SSL VPN provides remote access for Dual WAN Ports" on the remote computer. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual •...
...NETGEAR ProSafe VPN Client software (VPN01L) - The firewall balances users between a central office and telecommuters. Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for maximum bandwidth efficiency. Advanced VPN Support for Both IPsec and SSL The VPN firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN...Supports 25 concurrent IPsec VPN tunnels. • SSL VPN provides remote access for Dual WAN Ports" on the remote computer. - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual •...
FVS336G Reference Manual
Page 17
... by screening for Web services, Web addresses, and keywords within Web addresses. Supports 10 concurrent SSL VPN sessions. ProSafe Dual WAN Gigabit Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS336G is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. Browser based, platform-independent, remote access through a number of full-duplex or...
... by screening for Web services, Web addresses, and keywords within Web addresses. Supports 10 concurrent SSL VPN sessions. ProSafe Dual WAN Gigabit Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS336G is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. Browser based, platform-independent, remote access through a number of full-duplex or...
FVS336G Reference Manual
Page 22
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS336G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN, an administrator must use Internet Explorer...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the FVS336G's enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN, an administrator must use Internet Explorer...
FVS336G Reference Manual
Page 119
... SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to the VPN 6-1 v1.0, March 2009 With support for Port Forwarding" • "Configuring the SSL VPN Client" • "Using Network Resource Objects to Simplify Policies" • "Configuring User, Group, and Global Policies" Understanding the Portal Options The FVS336G's SSL VPN...
... SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to the VPN 6-1 v1.0, March 2009 With support for Port Forwarding" • "Configuring the SSL VPN Client" • "Using Network Resource Objects to Simplify Policies" • "Configuring User, Group, and Global Policies" Understanding the Portal Options The FVS336G's SSL VPN...
FVS336G Reference Manual
Page 120
...to the Port Forwarding connection rather than VPN Tunnel. However, Port Forwarding differs from VPN Tunnel in to the SSL VPN firewall, they see a portal page that you can present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. Planning for authentication of these basic ...the portal layout that you choose to make available. 2. ProSafe Dual WAN Gigabit Firewall with one or more authentication domains for SSL VPN To set up a full tunnel to -point) connection between the client and the VPN firewall, and a virtual network interface is created after you have ...
...to the Port Forwarding connection rather than VPN Tunnel. However, Port Forwarding differs from VPN Tunnel in to the SSL VPN firewall, they see a portal page that you can present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. Planning for authentication of these basic ...the portal layout that you choose to make available. 2. ProSafe Dual WAN Gigabit Firewall with one or more authentication domains for SSL VPN To set up a full tunnel to -point) connection between the client and the VPN firewall, and a virtual network interface is created after you have ...
FVS336G Reference Manual
Page 121
ProSafe Dual WAN Gigabit Firewall with these users. For VPN tunnel service, configure the virtual network adapter. The page is created after you to access a few resources, the page you have created. 6. You can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you define the SSL VPN policies that can more SSL VPN... user accounts. Creating the Portal Layout The SSL VPN Portal Layouts menu allows...
ProSafe Dual WAN Gigabit Firewall with these users. For VPN tunnel service, configure the virtual network adapter. The page is created after you to access a few resources, the page you have created. 6. You can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you define the SSL VPN policies that can more SSL VPN... user accounts. Creating the Portal Layout The SSL VPN Portal Layouts menu allows...
FVS336G Reference Manual
Page 122
... configuration includes the menu layout, theme, portal pages to the right of a Domain. Select VPN > SSL VPN from available portal layouts in the Action column of the List of Layouts, to display, and web cache control options. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Portal Layouts are applied by selecting from the main menu, and then...
... configuration includes the menu layout, theme, portal pages to the right of a Domain. Select VPN > SSL VPN from available portal layouts in the Action column of the List of Layouts, to display, and web cache control options. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Portal Layouts are applied by selecting from the main menu, and then...
FVS336G Reference Manual
Page 123
...be part of the path of the menu, configure the following entries: a. Select the Display banner message Virtual Private Networking Using SSL Connections 6-5 v1.0, March 2009 Also enter the banner message text in the Portal Layout Name field. If you created a portal ... portal, enter the banner title text in the Banner Title field. For example, if your SSL VPN portal is hosted at https://vpn.company.com/portal/sales. In the Portal Layout and Theme Name section of the SSL VPN portal URL. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3.
...be part of the path of the menu, configure the following entries: a. Select the Display banner message Virtual Private Networking Using SSL Connections 6-5 v1.0, March 2009 Also enter the banner message text in the Portal Layout Name field. If you created a portal ... portal, enter the banner title text in the Banner Title field. For example, if your SSL VPN portal is hosted at https://vpn.company.com/portal/sales. In the Portal Layout and Theme Name section of the SSL VPN portal URL. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3.
FVS336G Reference Manual
Page 124
... directives help prevent clients browsers from caching SSL VPN portal pages and other web content. d. e. Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox to apply HTTP meta tag cache control directives to this Portal Layout. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual on login page checkbox to ...browser cache. The banner message text is displayed in the grey header bar. Check the "ActiveX web cache cleaner checkbox to the SSL VPN portal. 6-6 Virtual Private Networking Using SSL Connections v1.0, March 2009
... directives help prevent clients browsers from caching SSL VPN portal pages and other web content. d. e. Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox to apply HTTP meta tag cache control directives to this Portal Layout. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual on login page checkbox to ...browser cache. The banner message text is displayed in the grey header bar. Check the "ActiveX web cache cleaner checkbox to the SSL VPN portal. 6-6 Virtual Private Networking Using SSL Connections v1.0, March 2009
FVS336G Reference Manual
Page 125
...Domain selection. Configuring Domains, Groups, and Users Remote users connecting to access. When you create a group, you wish users to the SSL VPN firewall must specify a group. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the user's PC...you must create name and password accounts for Port Forwarding Port Forwarding provides access to access the network. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will be intercepted by web browsers that don't support ActiveX. 4. ...
...Domain selection. Configuring Domains, Groups, and Users Remote users connecting to access. When you create a group, you wish users to the SSL VPN firewall must specify a group. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the user's PC...you must create name and password accounts for Port Forwarding Port Forwarding provides access to access the network. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will be intercepted by web browsers that don't support ActiveX. 4. ...
FVS336G Reference Manual
Page 126
...(web) Port Number 20 21 22a 23a 25 80 6-8 Virtual Private Networking Using SSL Connections v1.0, March 2009 The table below lists many commonly used TCP applications and port numbers. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host ... the Add New Application for Port Forwarding section, enter the IP address of the application to remote users. Table 6-1. Select VPN > SSL VPN from the main menu, and then select the Port Forwarding tab. To add servers, follow these steps: 1.
...(web) Port Number 20 21 22a 23a 25 80 6-8 Virtual Private Networking Using SSL Connections v1.0, March 2009 The table below lists many commonly used TCP applications and port numbers. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host ... the Add New Application for Port Forwarding section, enter the IP address of the application to remote users. Table 6-1. Select VPN > SSL VPN from the main menu, and then select the Port Forwarding tab. To add servers, follow these steps: 1.
FVS336G Reference Manual
Page 128
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Remote users can assign IP addresses from the corporate subnet to the remote VPN tunnel clients. For example, if 192.168.1.1 through 192.168.1.100 are : • So that the virtual (PPP) interface address of 10.0.0.45, then you ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Remote users can assign IP addresses from the corporate subnet to the remote VPN tunnel clients. For example, if 192.168.1.1 through 192.168.1.100 are : • So that the virtual (PPP) interface address of 10.0.0.45, then you ...
FVS336G Reference Manual
Page 129
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the Client IP Address Range Determine the address range to be assigned to the VPN tunnel clients. 5. Figure 6-5 2. The "Operation Successful" message appears at the top of the IP address range. 7....the first IP address of the IP address range. 6. Virtual Private Networking Using SSL Connections v1.0, March 2009 6-11 Select VPN > SSL VPN from the main menu, and then select the SSL VPN Client tab. The SSL VPN Client screen will display.. Select Enable Full Tunnel Support unless you want split ...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the Client IP Address Range Determine the address range to be assigned to the VPN tunnel clients. 5. Figure 6-5 2. The "Operation Successful" message appears at the top of the IP address range. 7....the first IP address of the IP address range. 6. Virtual Private Networking Using SSL Connections v1.0, March 2009 6-11 Select VPN > SSL VPN from the main menu, and then select the SSL VPN Client tab. The SSL VPN Client screen will display.. Select Enable Full Tunnel Support unless you want split ...
FVS336G Reference Manual
Page 130
... client address range to be changed, follow these steps: 1. Access the SSL VPN Client tab shown in the Configured Client Routes table. Replacing and Deleting Client Routes If the specifications of a local area network or subnet. ProSafe Dual WAN Gigabit Firewall with the correct specifications. 2. Make a new entry with SSL & IPsec VPN FVS336G Reference Manual VPN tunnel clients are currently connected.
... client address range to be changed, follow these steps: 1. Access the SSL VPN Client tab shown in the Configured Client Routes table. Replacing and Deleting Client Routes If the specifications of a local area network or subnet. ProSafe Dual WAN Gigabit Firewall with the correct specifications. 2. Make a new entry with SSL & IPsec VPN FVS336G Reference Manual VPN tunnel clients are currently connected.
FVS336G Reference Manual
Page 131
...field. You will display. If your server or network configuration changes, by using individual IP addresses or IP networks rather than predefined network resources. Select VPN > SSL VPN from the main men, and then select the Resources tab. By defining resource objects, you can delete it. The Resources screen will not need ... resources. Using Network Resource Objects to Simplify Policies Network resources are groups of the user and group policies. If an existing route is optional; ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3.
...field. You will display. If your server or network configuration changes, by using individual IP addresses or IP networks rather than predefined network resources. Select VPN > SSL VPN from the main men, and then select the Resources tab. By defining resource objects, you can delete it. The Resources screen will not need ... resources. Using Network Resource Objects to Simplify Policies Network resources are groups of the user and group policies. If an existing route is optional; ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 3.
FVS336G Reference Manual
Page 133
... global policy configuration: • Policy 1: A Deny rule has been configured to block all IP addresses and to different SSL VPN services. If two or more specific than the IP address range defined in Policy 1. Network resources are treated the same as... is defined as individual IP addresses. User Policies take precedence. Hostnames are prioritized just like other address ranges. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring User, Group, and Global Policies An administrator can define and apply user, group and global ...
... global policy configuration: • Policy 1: A Deny rule has been configured to block all IP addresses and to different SSL VPN services. If two or more specific than the IP address range defined in Policy 1. Network resources are treated the same as... is defined as individual IP addresses. User Policies take precedence. Hostnames are prioritized just like other address ranges. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring User, Group, and Global Policies An administrator can define and apply user, group and global ...
FVS336G Reference Manual
Page 134
... policies, and choose the relevant group's name from the pulldown menu. • Click User to access ftp.company.com using its IP address 10.0.1.3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An FTP server at ftp.company.com, the user would not be granted access by Policy 3. Make your selected Query option...
... policies, and choose the relevant group's name from the pulldown menu. • Click User to access ftp.company.com using its IP address 10.0.1.3. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An FTP server at ftp.company.com, the user would not be granted access by Policy 3. Make your selected Query option...