FVS338 Reference Manual
Page 3
... in the documentation and/or other materials provided with the regulations. Voluntary Control Council for Interference (VCCI) Statement This equipment is ' with or without his specific prior written permission. Read instructions for compliance with the distribution. 3. iii v1.0, March 2009 Redistributions of source code must reproduce the above copyright notice, this...
... in the documentation and/or other materials provided with the regulations. Voluntary Control Council for Interference (VCCI) Statement This equipment is ' with or without his specific prior written permission. Read instructions for compliance with the distribution. 3. iii v1.0, March 2009 Redistributions of source code must reproduce the above copyright notice, this...
FVS338 Reference Manual
Page 5
....org; The name of the 'zlib' general purpose compression library version 1.1.4, March 11th, 2002. interface of the University may not be appreciated but is ', without specific prior written permission. The origin of this software without any source distribution. This notice may not be retained in source and binary forms are permitted...
....org; The name of the 'zlib' general purpose compression library version 1.1.4, March 11th, 2002. interface of the University may not be appreciated but is ', without specific prior written permission. The origin of this software without any source distribution. This notice may not be retained in source and binary forms are permitted...
FVS338 Reference Manual
Page 8
... Traffic Meter 2-11 Configuring the WAN Mode 2-13 Configuring Dynamic DNS (If Needed 2-14 Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi-Home LAN IPs 3-5 Managing Groups and Hosts 3-6 Creating the ...Reservation 3-10 Configuring Static Routes 3-10 Static Route Example 3-11 RIP Configuration 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Security 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Service (QoS) Priorities 4-19 viii...
... Traffic Meter 2-11 Configuring the WAN Mode 2-13 Configuring Dynamic DNS (If Needed 2-14 Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi-Home LAN IPs 3-5 Managing Groups and Hosts 3-6 Creating the ...Reservation 3-10 Configuring Static Routes 3-10 Static Route Example 3-11 RIP Configuration 3-12 Chapter 4 Firewall Protection and Content Filtering About Firewall Security 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Order of Service (QoS) Priorities 4-19 viii...
FVS338 Reference Manual
Page 9
... a Secure Connection 5-7 Testing the Connections and Viewing Status Information 5-11 NETGEAR VPN Client Status and Log Information 5-11 FVS338 VPN Connection Status and Logs 5-13 IKE Policies ...5-14 IKE Policy Operation 5-14 IKE Policy Table ...5-15 VPN Policies ...5-16 VPN Policy Operation 5-16 VPN Policy Table ...5-16 VPN Tunnel Connection Status 5-17 Extended Authentication (XAUTH) Configuration 5-18 Configuring...
... a Secure Connection 5-7 Testing the Connections and Viewing Status Information 5-11 NETGEAR VPN Client Status and Log Information 5-11 FVS338 VPN Connection Status and Logs 5-13 IKE Policies ...5-14 IKE Policy Operation 5-14 IKE Policy Table ...5-15 VPN Policies ...5-16 VPN Policy Operation 5-16 VPN Policy Table ...5-16 VPN Tunnel Connection Status 5-17 Extended Authentication (XAUTH) Configuration 5-18 Configuring...
FVS338 Reference Manual
Page 11
... a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications Appendix B System Logs and Error Messages System Log Messages B-1 System Startup ...B-1 Reboot ...B-2 NTP ...B-2 Login/Logout ...B-3 Firewall Restart ...B-3 IPSec Restart ...B-4 WAN Status ...B-4 Auto Rollover ...B-4 PPP Logs ...B-5 Web Filtering and Content Filtering Logs B-7 Traffic Metering...
... a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications Appendix B System Logs and Error Messages System Log Messages B-1 System Startup ...B-1 Reboot ...B-2 NTP ...B-2 Login/Logout ...B-3 Firewall Restart ...B-3 IPSec Restart ...B-4 WAN Status ...B-4 Auto Rollover ...B-4 PPP Logs ...B-5 Web Filtering and Content Filtering Logs B-7 Traffic Metering...
FVS338 Reference Manual
Page 17
...) and Routing Information Protocol (RIP). • IP Address Sharing by your network. FVS338 ProSafe VPN Firewall 50 Reference Manual Security The VPN firewall is equipped with Auto Uplink With its internal 8-port 10/100 switch, the FVS338 can connect to either type of cable to make the right connection. NAT opens ... number of full-duplex or half-duplex operation. Instead of discarding this section. • PCs Hidden by the firewall unless the traffic is a response to specific PCs based on the LAN. • Port Forwarding with NAT. This feature also eliminates the need to the ...
...) and Routing Information Protocol (RIP). • IP Address Sharing by your network. FVS338 ProSafe VPN Firewall 50 Reference Manual Security The VPN firewall is equipped with Auto Uplink With its internal 8-port 10/100 switch, the FVS338 can connect to either type of cable to make the right connection. NAT opens ... number of full-duplex or half-duplex operation. Instead of discarding this section. • PCs Hidden by the firewall unless the traffic is a response to specific PCs based on the LAN. • Port Forwarding with NAT. This feature also eliminates the need to the ...
FVS338 Reference Manual
Page 29
FVS338 ProSafe VPN Firewall 50 Reference Manual c. Alternative Telephone: An alternative number which the serial...IP Address radio box and enter the IP address in your modem's user manual. Enter any modem specific parameters to tune the router for ___ min. Available speeds range from a computer on the LAN. Check the Connect automatically disconnect...Check the Connect and disconnect manually radio box to wait for manual intervention.: a. The default setting of the router and the modem connect. Robotics 56K FAX EXT PnP selection should work , select User Defined Modem and type ...
FVS338 ProSafe VPN Firewall 50 Reference Manual c. Alternative Telephone: An alternative number which the serial...IP Address radio box and enter the IP address in your modem's user manual. Enter any modem specific parameters to tune the router for ___ min. Available speeds range from a computer on the LAN. Check the Connect automatically disconnect...Check the Connect and disconnect manually radio box to wait for manual intervention.: a. The default setting of the router and the modem connect. Robotics 56K FAX EXT PnP selection should work , select User Defined Modem and type ...
FVS338 Reference Manual
Page 31
...Select the Custom radio button and enter the MTU value, in bytes. 3. FVS338 ProSafe VPN Firewall 50 Reference Manual • Port Speed. If you cannot establish an Internet connection ...ISP Settings screen. 2. Click Apply to the Internet 2-7 v1.0, March 2009 In most cases, your router can also change the standard MTU (Maximum Transmit Unit) value for Your Dialup Modem: Step 1.Select Network...the Internet (WAN) port. THe standard value is rarely required, and should not be done unless specifically required by the ISP, To Change the MTU Value for dialup modems from the submenu and the ...
...Select the Custom radio button and enter the MTU value, in bytes. 3. FVS338 ProSafe VPN Firewall 50 Reference Manual • Port Speed. If you cannot establish an Internet connection ...ISP Settings screen. 2. Click Apply to the Internet 2-7 v1.0, March 2009 In most cases, your router can also change the standard MTU (Maximum Transmit Unit) value for Your Dialup Modem: Step 1.Select Network...the Internet (WAN) port. THe standard value is rarely required, and should not be done unless specifically required by the ISP, To Change the MTU Value for dialup modems from the submenu and the ...
FVS338 Reference Manual
Page 36
... are included in the time fields and select AM or PM and the day of Internet traffic passing through the Router's Broadband or Dialup port. Choose the desired time and day of traffic for each interface. • No Limit... traffic only Enable Monthly Limit Use this radio button to and from the pull-down menus. If this is specific to the Internet v1.0, March 2009 Check the checkbox and enter the desired increase. (The checkbox will be ... counter restarts. If you may also select the Send E-mail alert option. FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2.
... are included in the time fields and select AM or PM and the day of Internet traffic passing through the Router's Broadband or Dialup port. Choose the desired time and day of traffic for each interface. • No Limit... traffic only Enable Monthly Limit Use this radio button to and from the pull-down menus. If this is specific to the Internet v1.0, March 2009 Check the checkbox and enter the desired increase. (The checkbox will be ... counter restarts. If you may also select the Send E-mail alert option. FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2.
FVS338 Reference Manual
Page 55
Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to Block or Allow Specific Traffic" on page 4-20 • "Setting Block Sites (Content Filtering)" on page 4-20 • "Enabling Source MAC..."Specifying Quality of router that protects one network (the "trusted" network, such as your network from another (the untrusted network, such as Block Sites and Keyword Blocking. Firewall Protection and Content Filtering 4-1 v1.0, March 2009 Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with ...
Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to Block or Allow Specific Traffic" on page 4-20 • "Setting Block Sites (Content Filtering)" on page 4-20 • "Enabling Source MAC..."Specifying Quality of router that protects one network (the "trusted" network, such as your network from another (the untrusted network, such as Block Sites and Keyword Blocking. Firewall Protection and Content Filtering 4-1 v1.0, March 2009 Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with ...
FVS338 Reference Manual
Page 56
... you to block the use of certain Internet services by the firewall. 4-2 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Using Rules to Block or Allow Specific Kinds of Traffic Firewall rules are used to block or allow specific traffic passing through the system. Outbound rules (LAN to WAN) determine what outside resources...
... you to block the use of certain Internet services by the firewall. 4-2 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Using Rules to Block or Allow Specific Kinds of Traffic Firewall rules are used to block or allow specific traffic passing through the system. Outbound rules (LAN to WAN) determine what outside resources...
FVS338 Reference Manual
Page 57
... fields. • Groups - See "Managing Groups and Hosts" on page 4-20). All Internet IP address are affected by this rule. FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-1. These settings determine which computers on page 4-17). Select the desired options: • Any - Outbound Rules Fields Item... address and the rule will be covered by schedule, otherwise Block" is selected, you wish to be applied to Block or Allow Specific Traffic" on page 3-6. If this rule. • This drop down menu gets activated only when "BLOCK by schedule, otherwise Allow...
... fields. • Groups - See "Managing Groups and Hosts" on page 4-20). All Internet IP address are affected by this rule. FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-1. These settings determine which computers on page 4-17). Select the desired options: • Any - Outbound Rules Fields Item... address and the rule will be covered by schedule, otherwise Block" is selected, you wish to be applied to Block or Allow Specific Traffic" on page 3-6. If this rule. • This drop down menu gets activated only when "BLOCK by schedule, otherwise Allow...
FVS338 Reference Manual
Page 59
... considered by this address to the policy. Action Select Schedule LAN Server Translate to a specific port. All Internet IP address are covered by this rule. • Single address - Firewall Protection and Content Filtering 4-5 v1.0, March 2009 it can change it as Action. ...Default rule. This LAN address determines which in turn, determines the quality of a service, which computer on page 4-17). FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-2. This setting determines the priority of that will be covered by rules you want to assign the LAN...
... considered by this address to the policy. Action Select Schedule LAN Server Translate to a specific port. All Internet IP address are covered by this rule. • Single address - Firewall Protection and Content Filtering 4-5 v1.0, March 2009 it can change it as Action. ...Default rule. This LAN address determines which in turn, determines the quality of a service, which computer on page 4-17). FVS338 ProSafe VPN Firewall 50 Reference Manual Table 4-2. This setting determines the priority of that will be covered by rules you want to assign the LAN...
FVS338 Reference Manual
Page 60
Your ISP may periodically check for your network. For example, you should place the most specific services or addresses). It is subjected to the rules in the order shown in your VPN firewall. In some cases, the order of precedence of a packet. Only enable those with the ... As you define new rules, they are necessary for servers and may be important in the table. 4-6 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Note: Some residential broadband ISP accounts do not allow you to relocate a defined rule to a new ...
Your ISP may periodically check for your network. For example, you should place the most specific services or addresses). It is subjected to the rules in the order shown in your VPN firewall. In some cases, the order of precedence of a packet. Only enable those with the ... As you define new rules, they are necessary for servers and may be important in the table. 4-6 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Note: Some residential broadband ISP accounts do not allow you to relocate a defined rule to a new ...
FVS338 Reference Manual
Page 61
... Content Filtering 4-7 v1.0, March 2009 Firewall rules can be applied to block specific types of an existing rule. The Outbound Service screen will display. 2. Select Security from the main menu and Firewall Rules from the drop-down menu and click Apply. In the Action column adjacent to the... the LAN to the Internet (Outbound) or coming in from and to the Internet to pass through the router. Setting LAN WAN Rules FVS338 ProSafe VPN Firewall 50 Reference Manual The Default Outbound Policy is to allow all outbound traffic and enable only specific services to pass through .
... Content Filtering 4-7 v1.0, March 2009 Firewall rules can be applied to block specific types of an existing rule. The Outbound Service screen will display. 2. Select Security from the main menu and Firewall Rules from the drop-down menu and click Apply. In the Action column adjacent to the... the LAN to the Internet (Outbound) or coming in from and to the Internet to pass through the router. Setting LAN WAN Rules FVS338 ProSafe VPN Firewall 50 Reference Manual The Default Outbound Policy is to allow all outbound traffic and enable only specific services to pass through .
FVS338 Reference Manual
Page 62
... Click Disable to select all rules. Note: This feature is automatically enabled.) • Click Delete to your specific needs (see Table 4-1 on this screen. Click Add under the Outbound Services Table. Status icon will change...to the previous settings. 4. You can block or allow access based on the Outbound Services table. 4-8 Firewall Protection and Content Filtering v1.0, March 2009 Complete the Outbound Service screen, and save your settings and return... rule down one position in the table rank. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual • Up - The "!"
... Click Disable to select all rules. Note: This feature is automatically enabled.) • Click Delete to your specific needs (see Table 4-1 on this screen. Click Add under the Outbound Services Table. Status icon will change...to the previous settings. 4. You can block or allow access based on the Outbound Services table. 4-8 Firewall Protection and Content Filtering v1.0, March 2009 Complete the Outbound Service screen, and save your settings and return... rule down one position in the table rank. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual • Up - The "!"
FVS338 Reference Manual
Page 63
... and Content Filtering 4-9 v1.0, March 2009 By default, all WAN addresses or specific IP addresses are included in the rule. The new rule will be added to cancel your changes and reset the fields on this screen. FVS338 ProSafe VPN Firewall 50 Reference Manual . WAN Users: Whether all inbound traffic is blocked. To create a new inbound...
... and Content Filtering 4-9 v1.0, March 2009 By default, all WAN addresses or specific IP addresses are included in the rule. The new rule will be added to cancel your changes and reset the fields on this screen. FVS338 ProSafe VPN Firewall 50 Reference Manual . WAN Users: Whether all inbound traffic is blocked. To create a new inbound...
FVS338 Reference Manual
Page 64
...router will be made. Enable Stealth Mode. When the system responds, the attacker doesn't complete the connections, thus leaving the connection half-open and flooding the server with an ICMP Destination Unreachable packet. 4-10 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-4 Attack Checks This screen allows you have a specific... of service attack that port, and then (3) reply with SYN messages. If enabled, the router will (1) check for the application listening at that port, (2) verify that no application is ...
...router will be made. Enable Stealth Mode. When the system responds, the attacker doesn't complete the connections, thus leaving the connection half-open and flooding the server with an ICMP Destination Unreachable packet. 4-10 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-4 Attack Checks This screen allows you have a specific... of service attack that port, and then (3) reply with SYN messages. If enabled, the router will (1) check for the application listening at that port, (2) verify that no application is ...
FVS338 Reference Manual
Page 74
.... all requested traffic from the sub-menu. The Schedule 1 screen will see a "Blocked by NETGEAR" message. 4-20 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Setting a Schedule to Block or Allow Specific Traffic Schedules define the timeframes under which will limit access during certain times for the selected days. 4. Click Apply...
.... all requested traffic from the sub-menu. The Schedule 1 screen will see a "Blocked by NETGEAR" message. 4-20 Firewall Protection and Content Filtering v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Setting a Schedule to Block or Allow Specific Traffic Schedules define the timeframes under which will limit access during certain times for the selected days. 4. Click Apply...
FVS338 Reference Manual
Page 83
... connection. When the Add New Bandwidth Profile screen displays, enter the following connections. • If the rule has a bandwidth profile specification, then the device will create a bandwidth class in Kbps for the profile. b. An exception occurs in Kbps for the profile....minimum bandwidth value in the kernel. • If multiple connections correspond to the same firewall rule, they will display. Firewall Protection and Content Filtering v1.0, March 2009 4-29 FVS338 ProSafe VPN Firewall 50 Reference Manual Example: When a new connection is established by a device, the device ...
... connection. When the Add New Bandwidth Profile screen displays, enter the following connections. • If the rule has a bandwidth profile specification, then the device will create a bandwidth class in Kbps for the profile. b. An exception occurs in Kbps for the profile....minimum bandwidth value in the kernel. • If multiple connections correspond to the same firewall rule, they will display. Firewall Protection and Content Filtering v1.0, March 2009 4-29 FVS338 ProSafe VPN Firewall 50 Reference Manual Example: When a new connection is established by a device, the device ...