FVS336G Reference Manual
Page 7
... xiii Revision History ...xiv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 Advanced VPN Support for Both IPsec and SSL 1-2 A Powerful, True Firewall with Content Filtering 1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Front Panel Features ...1-6 Rear Panel Features...
... xiii Revision History ...xiv Chapter 1 Introduction Key Features ...1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing 1-2 Advanced VPN Support for Both IPsec and SSL 1-2 A Powerful, True Firewall with Content Filtering 1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Front Panel Features ...1-6 Rear Panel Features...
FVS336G Reference Manual
Page 14
... Relay support • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xiv v1.0, March 2009 Note: Product updates are available on the NETGEAR, Inc. For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in personal injury or death. ProSafe Dual WAN Gigabit Firewall...
... Relay support • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xiv v1.0, March 2009 Note: Product updates are available on the NETGEAR, Inc. For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in personal injury or death. ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 15
... a plug-and-play device that can be installed and configured within minutes. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with multi-NAT support. 1-1 v1.0, March 2009 As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to safeguard your local area network (LAN) to the Internet through one or two external broadband access devices such as...
... a plug-and-play device that can be installed and configured within minutes. Chapter 1 Introduction The ProSafe Dual WAN Gigabit Firewall with multi-NAT support. 1-1 v1.0, March 2009 As a complete security solution, the FVS336G incorporates a powerful and flexible firewall to safeguard your local area network (LAN) to the Internet through one or two external broadband access devices such as...
FVS336G Reference Manual
Page 16
... The VPN firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN delivers full network access between a central office and branch offices, or between the two lines for maximum bandwidth efficiency. Remote access by telecommuters requires the installation of the NETGEAR ProSafe VPN Client software (VPN01L) - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
... The VPN firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN delivers full network access between a central office and branch offices, or between the two lines for maximum bandwidth efficiency. Remote access by telecommuters requires the installation of the NETGEAR ProSafe VPN Client software (VPN01L) - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference...
FVS336G Reference Manual
Page 17
...Supports 10 concurrent SSL VPN sessions. You can configure the firewall to log and report attempts to access objectionable Internet sites. • Permits scheduling of firewall policies by screening for Web services, Web addresses, and keywords within Web addresses. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS336G is a true firewall...a 1000 Mbps Gigabit Ethernet network. ProSafe Dual WAN Gigabit Firewall with Auto Uplink With its internal 4-port 10/100/1000 Mbps switch and dual 10/100/1000 WAN ports, the FVS336G can connect to ...
...Supports 10 concurrent SSL VPN sessions. You can configure the firewall to log and report attempts to access objectionable Internet sites. • Permits scheduling of firewall policies by screening for Web services, Web addresses, and keywords within Web addresses. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS336G is a true firewall...a 1000 Mbps Gigabit Ethernet network. ProSafe Dual WAN Gigabit Firewall with Auto Uplink With its internal 4-port 10/100/1000 Mbps switch and dual 10/100/1000 WAN ports, the FVS336G can connect to ...
FVS336G Reference Manual
Page 18
... "Internet Configuration Requirements" on your Internet service provider (ISP). Easy Installation and Management You can install, configure, and operate the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). A user-friendly Setup Wizard is provided and...
... "Internet Configuration Requirements" on your Internet service provider (ISP). Easy Installation and Management You can install, configure, and operate the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). A user-friendly Setup Wizard is provided and...
FVS336G Reference Manual
Page 19
...Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference ...Private Network Consortium (VPNC) to monitor its status and activity. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • Resource CD, including: - The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the...
...Maintenance and Support NETGEAR offers the following items: • ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • One AC power cable. • Rubber feet. • One Category 5 (Cat5) Ethernet cable. • Installation Guide, FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference ...Private Network Consortium (VPNC) to monitor its status and activity. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. • Resource CD, including: - The VPN firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the...
FVS336G Reference Manual
Page 22
ProSafe Dual WAN Gigabit Firewall with JavaScript, cookies, and SSL enabled. Note that supports JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN, an administrator must use with the VPN firewall's Web...
ProSafe Dual WAN Gigabit Firewall with JavaScript, cookies, and SSL enabled. Note that supports JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN, an administrator must use with the VPN firewall's Web...
FVS336G Reference Manual
Page 27
The WAN Settings tabs appear, with SSL & IPsec VPN FVS336G Reference Manual Automatically Detecting and Connecting To automatically configure the WAN ports for a range of the menu. Select Network Configuration > WAN Settings from the menu. Click Auto Detect at the bottom of connection methods and suggest one that your ISP appears to support. Auto Detect will probe the WAN port for connection to the Internet 2-5 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with the WAN1 ISP Settings tab in view. 2. Figure 2-4 Connecting the FVS336G to the Internet: Figure 2-3 1.
The WAN Settings tabs appear, with SSL & IPsec VPN FVS336G Reference Manual Automatically Detecting and Connecting To automatically configure the WAN ports for a range of the menu. Select Network Configuration > WAN Settings from the menu. Click Auto Detect at the bottom of connection methods and suggest one that your ISP appears to support. Auto Detect will probe the WAN port for connection to the Internet 2-5 v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with the WAN1 ISP Settings tab in view. 2. Figure 2-4 Connecting the FVS336G to the Internet: Figure 2-3 1.
FVS336G Reference Manual
Page 33
...your LAN can map incoming traffic on the other public IP addresses to specific PCs on your LAN. ProSafe Dual WAN Gigabit Firewall with multiple public IP addresses, you can use NAT. (the default setting). • If your PCs, and you configure the...WAN interface, configure protocol binding rules for backup purposes, select the WAN port that are not visible from the Internet. • The VPN firewall uses NAT to support Auto-Rollover. • Load Balancing Mode. Network Address Translation Network Address Translation (NAT) allows all traffic is disabled. Connecting the FVS336G...
...your LAN can map incoming traffic on the other public IP addresses to specific PCs on your LAN. ProSafe Dual WAN Gigabit Firewall with multiple public IP addresses, you can use NAT. (the default setting). • If your PCs, and you configure the...WAN interface, configure protocol binding rules for backup purposes, select the WAN port that are not visible from the Internet. • The VPN firewall uses NAT to support Auto-Rollover. • Load Balancing Mode. Network Address Translation Network Address Translation (NAT) allows all traffic is disabled. Connecting the FVS336G...
FVS336G Reference Manual
Page 34
...ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Classical Routing In classical routing mode, the VPN firewall performs routing, but without NAT. Then select the WAN port that the backup WAN port has already been configured. When the VPN firewall is displayed 2-12 Connecting the FVS336G... Mode, it uses the selected WAN Failure Detection Method to support Auto-Rollover. To configure the dual WAN ports for routing private IP addresses within a campus environment. The WAN Mode tab is configured in one of the WAN ports, you can use a redundant...
...ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Classical Routing In classical routing mode, the VPN firewall performs routing, but without NAT. Then select the WAN port that the backup WAN port has already been configured. When the VPN firewall is displayed 2-12 Connecting the FVS336G... Mode, it uses the selected WAN Failure Detection Method to support Auto-Rollover. To configure the dual WAN ports for routing private IP addresses within a campus environment. The WAN Mode tab is configured in one of the WAN ports, you can use a redundant...
FVS336G Reference Manual
Page 41
...Bytes for your broadband modem supports full duplex. c. Edit the default information you may need to manually select the port speed. Port Speed. AutoSense is also referred to the right of the tabs. Connecting the FVS336G to change. ProSafe Dual WAN Gigabit Firewall with the WAN2 Advanced ...Options tab). b. For some ISPs, you want to the Internet v1.0, March 2009 2-19 Each computer or router on your VPN firewall can automatically determine the connection speed...
...Bytes for your broadband modem supports full duplex. c. Edit the default information you may need to manually select the port speed. Port Speed. AutoSense is also referred to the right of the tabs. Connecting the FVS336G to change. ProSafe Dual WAN Gigabit Firewall with the WAN2 Advanced ...Options tab). b. For some ISPs, you want to the Internet v1.0, March 2009 2-19 Each computer or router on your VPN firewall can automatically determine the connection speed...
FVS336G Reference Manual
Page 44
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An IP Address from the range you have defined. • Subnet Mask. • Gateway IP Address (the firewall's LAN IP address). • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you entered a WINS server address in the... DHCP Relay options allow you have no configured DHCP Relay Agent, your clients would only be sent over routers that do not support forwarding of these types of lease). The DHCP Relay Agent is enabled, the router will receive the DNS IP addresses of the...
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • An IP Address from the range you have defined. • Subnet Mask. • Gateway IP Address (the firewall's LAN IP address). • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you entered a WINS server address in the... DHCP Relay options allow you have no configured DHCP Relay Agent, your clients would only be sent over routers that do not support forwarding of these types of lease). The DHCP Relay Agent is enabled, the router will receive the DNS IP addresses of the...
FVS336G Reference Manual
Page 48
Click the LAN Groups tab. The name of the PC's network interface. • Group. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • A computer is identified by clicking Edit. 3-6 LAN Configuration v1.0, March 2009 Viewing the LAN Groups Database To view the LAN ...The MAC address of the PC or device. Hence, changing a computer's IP address does not affect any restrictions applied to that do not support the NetBIOS protocol, this will be appended by the DHCP server, then the Name will be assigned to update this IP address will need to...
Click the LAN Groups tab. The name of the PC's network interface. • Group. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • A computer is identified by clicking Edit. 3-6 LAN Configuration v1.0, March 2009 Viewing the LAN Groups Database To view the LAN ...The MAC address of the PC or device. Hence, changing a computer's IP address does not affect any restrictions applied to that do not support the NetBIOS protocol, this will be appended by the DHCP server, then the Name will be assigned to update this IP address will need to...
FVS336G Reference Manual
Page 55
... routers. • In Only. Both RIP-2B and RIP-2M send the routing data in RIP-2 format: - Authentication for RIP2B/2M required? Supports subnet information. RIP-2M. LAN Configuration v1.0, March 2009 3-13 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Both. A classful routing that does not include subnet information. The VPN...
... routers. • In Only. Both RIP-2B and RIP-2M send the routing data in RIP-2 format: - Authentication for RIP2B/2M required? Supports subnet information. RIP-2M. LAN Configuration v1.0, March 2009 3-13 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Both. A classful routing that does not include subnet information. The VPN...
FVS336G Reference Manual
Page 69
... PC on one WAN interface. ProSafe Dual WAN Gigabit Firewall with the Web server on the LAN (at 192.168.1.2). Port number for services that you to associate this example: • VPN firewall FVS336G - WAN1 primary public IP address: 10.1.0.1 - We also instruct the VPN firewall to translate the incoming HTTP port number (port 80) to support multiple public IP...
... PC on one WAN interface. ProSafe Dual WAN Gigabit Firewall with the Web server on the LAN (at 192.168.1.2). Port number for services that you to associate this example: • VPN firewall FVS336G - WAN1 primary public IP address: 10.1.0.1 - We also instruct the VPN firewall to translate the incoming HTTP port number (port 80) to support multiple public IP...
FVS336G Reference Manual
Page 114
... replies. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. If you require your VPN tunnel to remain connected, you can use the Keepalive and Dead Peer Detection features to prevent the tunnel from dropping and to MyConnections/modecfg_test is idle; To configure the keepalive on the VPN firewall LAN. for any support from the... establishment time. Keepalive, though less reliable than Dead Peer Detection, does not require any reason. Click on the other end of the tunnel must also support Dead Peer Detection.
... replies. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 2. If you require your VPN tunnel to remain connected, you can use the Keepalive and Dead Peer Detection features to prevent the tunnel from dropping and to MyConnections/modecfg_test is idle; To configure the keepalive on the VPN firewall LAN. for any support from the... establishment time. Keepalive, though less reliable than Dead Peer Detection, does not require any reason. Click on the other end of the tunnel must also support Dead Peer Detection.
FVS336G Reference Manual
Page 119
... of a traditional IPsec VPN client. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to the VPN 6-1 v1.0, March 2009 With support for a customizable, secure, user portal experience from virtually any available platform. Using...
... of a traditional IPsec VPN client. Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide remote access for mobile users to the VPN 6-1 v1.0, March 2009 With support for a customizable, secure, user portal experience from virtually any available platform. Using...
FVS336G Reference Manual
Page 120
...present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. When remote users log in to the SSL VPN firewall, they see a portal page that you must ...your SSL VPN users. 6-2 Virtual Private Networking Using SSL Connections v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with one . Upon successful connection, an ActiveX-based SSL VPN client is downloaded to...SSL service levels, depending on the user's PC. For example, Port Forwarding: - Only supports TCP connections, not UDP or other IP protocols. - The administrator defines individual applications and resources...
...present the remote user with SSL & IPsec VPN FVS336G Reference Manual firewall. When remote users log in to the SSL VPN firewall, they see a portal page that you must ...your SSL VPN users. 6-2 Virtual Private Networking Using SSL Connections v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with one . Upon successful connection, an ActiveX-based SSL VPN client is downloaded to...SSL service levels, depending on the user's PC. For example, Port Forwarding: - Only supports TCP connections, not UDP or other IP protocols. - The administrator defines individual applications and resources...
FVS336G Reference Manual
Page 121
..., as well as if it provides an ideal way to communicate remote access instructions, support information, technical contact info, or VPN-related news updates to create a custom page ... users, you can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you to remote users. Creating the Portal Layout The SSL VPN... local IP addresses to define a pool of IP addresses, IP address ranges, and services. ProSafe Dual WAN Gigabit Firewall with these users. Policies determine access to additional policies. 7. Configure the policies. Because you...
..., as well as if it provides an ideal way to communicate remote access instructions, support information, technical contact info, or VPN-related news updates to create a custom page ... users, you can also associate fully qualified domain names with SSL & IPsec VPN FVS336G Reference Manual When you to remote users. Creating the Portal Layout The SSL VPN... local IP addresses to define a pool of IP addresses, IP address ranges, and services. ProSafe Dual WAN Gigabit Firewall with these users. Policies determine access to additional policies. 7. Configure the policies. Because you...