FVS336G Reference Manual
Page 2
... correct the interference by NETGEAR, Inc. Trademarks NETGEAR and the NETGEAR logo are registered trademarks of their respective holders. If this document without notice. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Dual WAN Gigabit Firewall with SSL & IPsec... with the instructions, may occur due to the use or application of some ii 1.0, March 2009 Microsoft, Windows, and Windows NT are registered trademarks and ProSafe is connected. • Consult the dealer or an experienced radio/TV technician for a Class B digital device...
... correct the interference by NETGEAR, Inc. Trademarks NETGEAR and the NETGEAR logo are registered trademarks of their respective holders. If this document without notice. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Dual WAN Gigabit Firewall with SSL & IPsec... with the instructions, may occur due to the use or application of some ii 1.0, March 2009 Microsoft, Windows, and Windows NT are registered trademarks and ProSafe is connected. • Consult the dealer or an experienced radio/TV technician for a Class B digital device...
FVS336G Reference Manual
Page 18
...Ethernet (PPPoE). Browser-based configuration allows you only for the information required for traffic prioritization. This technique, known as Windows, Macintosh, or Linux. When DHCP is built into the browser-based Web Management Interface. • Auto Detection of...Protocol (DHCP). Easy Installation and Management You can install, configure, and operate the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (...
...Ethernet (PPPoE). Browser-based configuration allows you only for the information required for traffic prioritization. This technique, known as Windows, Macintosh, or Linux. When DHCP is built into the browser-based Web Management Interface. • Auto Detection of...Protocol (DHCP). Easy Installation and Management You can install, configure, and operate the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (...
FVS336G Reference Manual
Page 26
...orange bar near the top of the submenu bar. • Submenu. Clicking an option arrow brings up your VPN firewall for secure Internet connections, you configure WAN ports 1 and 2. Immediately below the main menu is the selected subcategory (in the submenu). In this guide, we... options: • Automatic detection and configuration of the network connection. • Manual configuration of the menu active window, are one or more blue dots with SSL & IPsec VPN FVS336G Reference Manual • Main menu. ProSafe Dual WAN Gigabit Firewall with an arrow in the center.
...orange bar near the top of the submenu bar. • Submenu. Clicking an option arrow brings up your VPN firewall for secure Internet connections, you configure WAN ports 1 and 2. Immediately below the main menu is the selected subcategory (in the submenu). In this guide, we... options: • Automatic detection and configuration of the network connection. • Manual configuration of the menu active window, are one or more blue dots with SSL & IPsec VPN FVS336G Reference Manual • Main menu. ProSafe Dual WAN Gigabit Firewall with an arrow in the center.
FVS336G Reference Manual
Page 28
...popup window appears, displaying the connection status of the screen. Figure 2-5 2-6 Connecting the FVS336G to (2) check your VPN firewall's MAC address (For more information, see "Configuring the WAN Mode (Required for the information. All methods with SSL & IPsec VPN FVS336G ...Dual WAN)" on page 2-10 and "Troubleshooting the ISP Connection" on page 10-4). 3. If Auto Detect is required. If Auto Detect senses a connection method that requires input from you, it will prompt you will display the results:. Account Name (sometimes required). ProSafe Dual WAN Gigabit Firewall...
...popup window appears, displaying the connection status of the screen. Figure 2-5 2-6 Connecting the FVS336G to (2) check your VPN firewall's MAC address (For more information, see "Configuring the WAN Mode (Required for the information. All methods with SSL & IPsec VPN FVS336G ...Dual WAN)" on page 2-10 and "Troubleshooting the ISP Connection" on page 10-4). 3. If Auto Detect is required. If Auto Detect senses a connection method that requires input from you, it will prompt you will display the results:. Account Name (sometimes required). ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 29
... If you will need to manually establish an Internet connection. If one of the VPN firewall, continue with SSL & IPsec VPN FVS336G Reference Manual The WAN Status window should show a valid IP address and gateway. Repeat the previous steps to the Internet ... WAN ISP configuration was successful, you can attempt a manual configuration as described in order to obtain configuration parameters from your ISP in the following section, or see "Troubleshooting the ISP Connection" on page 2-10. ProSafe Dual WAN Gigabit Firewall with the configuration process for Dual WAN)"...
... If you will need to manually establish an Internet connection. If one of the VPN firewall, continue with SSL & IPsec VPN FVS336G Reference Manual The WAN Status window should show a valid IP address and gateway. Repeat the previous steps to the Internet ... WAN ISP configuration was successful, you can attempt a manual configuration as described in order to obtain configuration parameters from your ISP in the following section, or see "Troubleshooting the ISP Connection" on page 2-10. ProSafe Dual WAN Gigabit Firewall with the configuration process for Dual WAN)"...
FVS336G Reference Manual
Page 46
...IP address pool. To change these default traffic rules, refer to provide LDAP server information. • Enable DNS Proxy. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Starting IP Address. If no address is enabled (the default), the DHCP server will be assigned an...address. a. When DNS proxy is specified, the VPN firewall will provide this address as the LAN IP address of a local Windows NetBios Server if one is discarded. Lease Time. b. If this box is specified, the VPN firewall will provide this address and the Ending IP Address....
...IP address pool. To change these default traffic rules, refer to provide LDAP server information. • Enable DNS Proxy. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Starting IP Address. If no address is enabled (the default), the DHCP server will be assigned an...address. a. When DNS proxy is specified, the VPN firewall will provide this address as the LAN IP address of a local Windows NetBios Server if one is discarded. Lease Time. b. If this box is specified, the VPN firewall will provide this address and the Ending IP Address....
FVS336G Reference Manual
Page 75
... Java, ActiveX, and Cookies. For example, if connections to the domains or keywords on a Windows computer running Internet Explorer. ActiveX. Blocking cookies may interfere with SSL & IPsec VPN FVS336G Reference Manual Several types of Trusted Domains. Blocking does not occur for the PCs that cookies be ... from being downloaded. - You can apply the keywords to compromise or infect computers. Enabling this feature blocks proxy servers. - ProSafe Dual WAN Gigabit Firewall with useful functions provided by these components are can be allowed without any blocking.
... Java, ActiveX, and Cookies. For example, if connections to the domains or keywords on a Windows computer running Internet Explorer. ActiveX. Blocking cookies may interfere with SSL & IPsec VPN FVS336G Reference Manual Several types of Trusted Domains. Blocking does not occur for the PCs that cookies be ... from being downloaded. - You can apply the keywords to compromise or infect computers. Enabling this feature blocks proxy servers. - ProSafe Dual WAN Gigabit Firewall with useful functions provided by these components are can be allowed without any blocking.
FVS336G Reference Manual
Page 94
... settings: the VPN Policies page shows the policy is enabled. ProSafe Dual WAN Gigabit Firewall with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to the FVS336G. The public Remote and Local Identifier are using GW1_remote.com, and GW1_local.com. Click Apply to save your Windows toolbar, choose Security Policy Editor, and verify that the...
... settings: the VPN Policies page shows the policy is enabled. ProSafe Dual WAN Gigabit Firewall with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to the FVS336G. The public Remote and Local Identifier are using GW1_remote.com, and GW1_local.com. Click Apply to save your Windows toolbar, choose Security Policy Editor, and verify that the...
FVS336G Reference Manual
Page 95
... 5-9 v1.0, March 2009 Figure 5-11 Fill in the other options according to open a New Connection. Enter the FQDN address which the FVS336G VPN Wizard provided; in this example, we are using gw1. in this example, we are using 21.208.216.81. in this example...Policy Editor window, click the New Document icon (the first on the left) to the instructions below. • Under Connection Security, verify that the Secure radio button is selected. • From the ID Type pull-down menus, choose Domain Name. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual...
... 5-9 v1.0, March 2009 Figure 5-11 Fill in the other options according to open a New Connection. Enter the FQDN address which the FVS336G VPN Wizard provided; in this example, we are using gw1. in this example, we are using 21.208.216.81. in this example...Policy Editor window, click the New Document icon (the first on the left) to the instructions below. • Under Connection Security, verify that the Secure radio button is selected. • From the ID Type pull-down menus, choose Domain Name. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual...
FVS336G Reference Manual
Page 97
Verify the Security Policy settings; Figure 5-13 • On the left, click Security Policy to save the policy. In the upper left of the window, click the disk icon to view the settings: no changes are needed. • On the left , expand Key Exchange (Phase 2) and click Proposal 1. Virtual Private Networking Using IPsec v1.0, March 2009 5-11 No changes are needed . 5. no changes are needed . • On the left , expand Authentication (Phase 1) and click Proposal 1: no changes are needed. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 4.
Verify the Security Policy settings; Figure 5-13 • On the left, click Security Policy to save the policy. In the upper left of the window, click the disk icon to view the settings: no changes are needed. • On the left , expand Key Exchange (Phase 2) and click Proposal 1. Virtual Private Networking Using IPsec v1.0, March 2009 5-11 No changes are needed . 5. no changes are needed . • On the left , expand Authentication (Phase 1) and click Proposal 1: no changes are needed. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 4.
FVS336G Reference Manual
Page 98
... of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. Figure 5-14 Within 30 ...seconds you should say On: 5-12 Virtual Private Networking Using IPsec v1.0, March 2009 Figure 5-15 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1. ProSafe Dual WAN Gigabit Firewall...
... of a connection and troubleshooting problems with SSL & IPsec VPN FVS336G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS336G provide VPN connection and status information. Figure 5-14 Within 30 ...seconds you should say On: 5-12 Virtual Private Networking Using IPsec v1.0, March 2009 Figure 5-15 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1. ProSafe Dual WAN Gigabit Firewall...
FVS336G Reference Manual
Page 112
... icon in the IKE Policies Table. ProSafe Dual WAN Gigabit Firewall with the IKE policy. Note: If RADIUS-PAP is the LAN network IP address of the Policy Editor window, click the New Policy editor icon.... or more information on XAUTH, see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. If the user account is chosen,... user name and password to be used to be associated with SSL & IPsec VPN FVS336G Reference Manual 7. Check the Connect using radio button and choose Secure Gateway Tunnel from ...
... icon in the IKE Policies Table. ProSafe Dual WAN Gigabit Firewall with the IKE policy. Note: If RADIUS-PAP is the LAN network IP address of the Policy Editor window, click the New Policy editor icon.... or more information on XAUTH, see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. If the user account is chosen,... user name and password to be used to be associated with SSL & IPsec VPN FVS336G Reference Manual 7. Check the Connect using radio button and choose Secure Gateway Tunnel from ...
FVS336G Reference Manual
Page 113
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. b. d. Check the Enable Perfect Forward Secrecy (PFS) box, and choose the Diffie-Hellman Group 2 from the Name pull-down menu. 3. in the FVS336G IKE menu. From the left -side of the menu, click My Identity and enter the following information: a. a. Click on Authentication (Phase 1) on ... values to Options/ Global Policy Settings, and check the box for example "salesperson11.remote_id.com". Click the Save icon to match those in the Windows toolbar and click Connect.
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual e. b. d. Check the Enable Perfect Forward Secrecy (PFS) box, and choose the Diffie-Hellman Group 2 from the Name pull-down menu. 3. in the FVS336G IKE menu. From the left -side of the menu, click My Identity and enter the following information: a. a. Click on Authentication (Phase 1) on ... values to Options/ Global Policy Settings, and check the box for example "salesperson11.remote_id.com". Click the Save icon to match those in the Windows toolbar and click Connect.
FVS336G Reference Manual
Page 116
...R-U-THERE messages. Select VPN > Policies from the main menu. 2. Figure 5-25 4. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. Enter the Detection Period to bridge NetBIOS traffic over the VPN tunnel. Click the Yes radio button to the desired ...you can configure the FVS336G to set the number of the Edit IKE Policy menu, locate the Dead Peer Detection configuration settings, as naming and neighborhood device discovery. Click Apply at the bottom of the connection. 7. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network...
...R-U-THERE messages. Select VPN > Policies from the main menu. 2. Figure 5-25 4. Configuring NetBIOS Bridging with SSL & IPsec VPN FVS336G Reference Manual 3. Enter the Detection Period to bridge NetBIOS traffic over the VPN tunnel. Click the Yes radio button to the desired ...you can configure the FVS336G to set the number of the Edit IKE Policy menu, locate the Dead Peer Detection configuration settings, as naming and neighborhood device discovery. Click Apply at the bottom of the connection. 7. ProSafe Dual WAN Gigabit Firewall with VPN Windows networks use the Network...
FVS336G Reference Manual
Page 123
...://vpn.company.com/portal/sales. Only alphanumeric characters, hyphen (-), and underscore (_) are accessed at the top of the menu, configure the following entries: a. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3. Also enter the banner message text in the Portal Layout Name field. This name will appear at a different URL than... Display banner message Virtual Private Networking Using SSL Connections 6-5 v1.0, March 2009 In the Portal Layout and Theme Name section of the user's web browser window.
...://vpn.company.com/portal/sales. Only alphanumeric characters, hyphen (-), and underscore (_) are accessed at the top of the menu, configure the following entries: a. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Figure 6-2 3. Also enter the banner message text in the Portal Layout Name field. This name will appear at a different URL than... Display banner message Virtual Private Networking Using SSL Connections 6-5 v1.0, March 2009 In the Portal Layout and Theme Name section of the user's web browser window.
FVS336G Reference Manual
Page 125
...to the VPN firewall. The login window presented to access the network. Groups are : • VPN Tunnel. Therefore, you wish users to confirm your SSL VPN users. Configuring Domains, Groups, and Users Remote users connecting to the SSL VPN firewall must be ...Networking Using SSL Connections 6-7 v1.0, March 2009 The "Operation Successful" message appears at the top of Layouts table. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will be intercepted by web browsers that don't support ActiveX. 4. The ActiveX web ...
...to the VPN firewall. The login window presented to access the network. Groups are : • VPN Tunnel. Therefore, you wish users to confirm your SSL VPN users. Configuring Domains, Groups, and Users Remote users connecting to the SSL VPN firewall must be ...Networking Using SSL Connections 6-7 v1.0, March 2009 The "Operation Successful" message appears at the top of Layouts table. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The web cache cleaner will be intercepted by web browsers that don't support ActiveX. 4. The ActiveX web ...
FVS336G Reference Manual
Page 139
...case of IPsec VPN users, when you create a user account, you must be authenticated before being allowed to access the VPN firewall or the VPN-protected network. The Domains screen displays. 7-1 v1.0, March 2009 Except in your IPsec VPN configuration. Users connecting to ...groups. When you create a group, you have access. Creating a Domain The domain determines the authentication method to be presented. The login window presented to the VPN firewall. Therefore, you should create any needed if you must specify a domain. Select Users > Domains from the main menu. Chapter 7 ...
...case of IPsec VPN users, when you create a user account, you must be authenticated before being allowed to access the VPN firewall or the VPN-protected network. The Domains screen displays. 7-1 v1.0, March 2009 Except in your IPsec VPN configuration. Users connecting to ...groups. When you create a group, you have access. Creating a Domain The domain determines the authentication method to be presented. The login window presented to the VPN firewall. Therefore, you should create any needed if you must specify a domain. Select Users > Domains from the main menu. Chapter 7 ...
FVS336G Reference Manual
Page 148
...certificate cannot be used for secure web management. 7-10 Managing Users, Authentication, and Certificates v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual When specifying RADIUS domain authentication, you are extended for secure web access connections over HTTPS. The ... can be used for more on the authenticating client devices. The extKeyUsage would govern the certificate acceptance criteria in -house Windows server, or by an external organization such as X509 Certificates) during the Internet Key Exchange (IKE) authentication phase to...
...certificate cannot be used for secure web management. 7-10 Managing Users, Authentication, and Certificates v1.0, March 2009 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual When specifying RADIUS domain authentication, you are extended for secure web access connections over HTTPS. The ... can be used for more on the authenticating client devices. The extKeyUsage would govern the certificate acceptance criteria in -house Windows server, or by an external organization such as X509 Certificates) during the Internet Key Exchange (IKE) authentication phase to...
FVS336G Reference Manual
Page 166
...you remotely connect to accept the certificate. If you may get a warning message regarding the SSL certificate. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The VPN firewall's remote login URL is displayed. Using the Command Line Interface Note: The command line interface is not supported... at this time. Note: To maintain security, the FVS336G will also be disabled. Tip: If you are using Telnet from the LAN or, if enabled in the Remote Management menu, from the Windows Run menu option. Check the NETGEAR Web site for the latest status.
...you remotely connect to accept the certificate. If you may get a warning message regarding the SSL certificate. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual The VPN firewall's remote login URL is displayed. Using the Command Line Interface Note: The command line interface is not supported... at this time. Note: To maintain security, the FVS336G will also be disabled. Tip: If you are using Telnet from the LAN or, if enabled in the Remote Management menu, from the Windows Run menu option. Check the NETGEAR Web site for the latest status.
FVS336G Reference Manual
Page 177
...fields and choose AM or PM and the day of traffic for the WAN2 port. An E-mail report will be displayed in a popup window. Only E-mail traffic will be blocked. • Block all traffic. If you have not enabled the Traffic Meter, these statistics are not... Send e-mail report before restarting the counter. In the When limit is at least 1MB. 7. All access to work . 5. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Note: Both incoming and outgoing traffic are included in the limit • Increase this month limit by type. Select the...
...fields and choose AM or PM and the day of traffic for the WAN2 port. An E-mail report will be displayed in a popup window. Only E-mail traffic will be blocked. • Block all traffic. If you have not enabled the Traffic Meter, these statistics are not... Send e-mail report before restarting the counter. In the When limit is at least 1MB. 7. All access to work . 5. ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Note: Both incoming and outgoing traffic are included in the limit • Increase this month limit by type. Select the...