FVS338 Reference Manual
Page 7
... 1-2 Security ...1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-3 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-6 Router Hardware Components 1-6 Router Front Panel 1-6 Router Rear Panel 1-8 Factory Default Login ...1-9 Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network 2-1 Logging in to the VPN Firewall 2-1 Configuring your Internet Connection 2-2 Broadband ISP Settings 2-2 Dialup ISP...
... 1-2 Security ...1-3 Autosensing Ethernet Connections with Auto Uplink 1-3 Extensive Protocol Support 1-3 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-6 Router Hardware Components 1-6 Router Front Panel 1-6 Router Rear Panel 1-8 Factory Default Login ...1-9 Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network 2-1 Logging in to the VPN Firewall 2-1 Configuring your Internet Connection 2-2 Broadband ISP Settings 2-2 Dialup ISP...
FVS338 Reference Manual
Page 14
FVS338 ProSafe VPN Firewall 50 Reference Manual Danger: This is a safety warning. IKE Keep Alive; website at http://kbserver.netgear.com/products/FVS338.asp. Dead Peer Detection; Failure to the NETGEAR website in personal injury or death. For more information about network, Internet, firewall, and VPN technologies, see the links to take heed of this product are available on the NETGEAR, Inc...
FVS338 ProSafe VPN Firewall 50 Reference Manual Danger: This is a safety warning. IKE Keep Alive; website at http://kbserver.netgear.com/products/FVS338.asp. Dead Peer Detection; Failure to the NETGEAR website in personal injury or death. For more information about network, Internet, firewall, and VPN technologies, see the links to take heed of this product are available on the NETGEAR, Inc...
FVS338 Reference Manual
Page 15
Chapter 1 Introduction The ProSafe VPN Firewall 50 with 8 port switch connects your network from attacks and intrusions. This chapter contains the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-6 • "Router Hardware Components" on page 1-6 •... FVS338 provides support for Stateful Packet Inspection, Denial of Service (QoS) support for a local network. Introduction 1-1 v1.0, March 2009 The FVS338 is a complete security solution that can establish restricted access policies based on page 1-9 Key Features The VPN firewall provides...
Chapter 1 Introduction The ProSafe VPN Firewall 50 with 8 port switch connects your network from attacks and intrusions. This chapter contains the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-6 • "Router Hardware Components" on page 1-6 •... FVS338 provides support for Stateful Packet Inspection, Denial of Service (QoS) support for a local network. Introduction 1-1 v1.0, March 2009 The FVS338 is a complete security solution that can establish restricted access policies based on page 1-9 Key Features The VPN firewall provides...
FVS338 Reference Manual
Page 16
...specified intervals. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS338 is a true firewall, using stateful packet inspection to take full advantage of a variety of routing options on the firewall. The FVS338 will log security events such as ...and Serial WAN Ports You can install, configure, and operate the FVS338 to defend against hacker attacks. FVS338 ProSafe VPN Firewall 50 Reference Manual • Built in 8-port 10/100 Mbps switch. • Extensive Protocol Support. • Login capability. • SNMP for manageability. •...
...specified intervals. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS338 is a true firewall, using stateful packet inspection to take full advantage of a variety of routing options on the firewall. The FVS338 will log security events such as ...and Serial WAN Ports You can install, configure, and operate the FVS338 to defend against hacker attacks. FVS338 ProSafe VPN Firewall 50 Reference Manual • Built in 8-port 10/100 Mbps switch. • Extensive Protocol Support. • Login capability. • SNMP for manageability. •...
FVS338 Reference Manual
Page 17
...LAN and WAN interfaces are discarded, preventing users outside the LAN from directly accessing the PCs on your network. FVS338 ProSafe VPN Firewall 50 Reference Manual Security The VPN firewall is equipped with several networked PCs to share an Internet account using only a single IP address, which you to...from outside the LAN are autosensing and capable of cable to make the right connection. Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). • IP Address Sharing by the...
...LAN and WAN interfaces are discarded, preventing users outside the LAN from directly accessing the PCs on your network. FVS338 ProSafe VPN Firewall 50 Reference Manual Security The VPN firewall is equipped with several networked PCs to share an Internet account using only a single IP address, which you to...from outside the LAN are autosensing and capable of cable to make the right connection. Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). • IP Address Sharing by the...
FVS338 Reference Manual
Page 18
...other VPNC-compliant VPN routers and clients. • SNMP. For additional security, you can limit remote management access to a specified remote IP address or range of PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). FVS338 ProSafe VPN Firewall 50 Reference Manual ...Interface. • Smart Wizard. The VPN firewall supports the Simple Network Management Protocol (SNMP) to let you to easily configure your type of Internet connection, asking you can install, configure, and operate the ProSafe VPN Firewall 50 within minutes after connecting it to attached...
...other VPNC-compliant VPN routers and clients. • SNMP. For additional security, you can limit remote management access to a specified remote IP address or range of PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). FVS338 ProSafe VPN Firewall 50 Reference Manual ...Interface. • Smart Wizard. The VPN firewall supports the Simple Network Management Protocol (SNMP) to let you to easily configure your type of Internet connection, asking you can install, configure, and operate the ProSafe VPN Firewall 50 within minutes after connecting it to attached...
FVS338 Reference Manual
Page 19
FVS338 ProSafe VPN Firewall 50 Reference Manual Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade • Free technical support seven days a week, twenty-four hours a day Introduction 1-5 v1.0, March 2009
FVS338 ProSafe VPN Firewall 50 Reference Manual Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade • Free technical support seven days a week, twenty-four hours a day Introduction 1-5 v1.0, March 2009
FVS338 Reference Manual
Page 20
... Router Hardware Components Following is a description of the front and rear panels of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. one user license. • Warranty and Support Information Card. ProSafe VPN Client Software - Keep the carton, including the original packing materials, in case you need to return the firewall for installing the FVS338...
... Router Hardware Components Following is a description of the front and rear panels of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. one user license. • Warranty and Support Information Card. ProSafe VPN Client Software - Keep the carton, including the original packing materials, in case you need to return the firewall for installing the FVS338...
FVS338 Reference Manual
Page 27
...be prompted to check the physical connection between your firewall and the cable or DSL line or to check your Broadband connection status. Connecting the FVS338 to verify your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)" on page 2-6).... required. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Internet connection methods Connection Method PPPoE PPTP BigPond Cable DHCP (Dynamic IP) Fixed IP Data Required Login (Username, Password). Login Username, Password), Account Name, and Server IP. Table 2-1. Auto Detect will most likely support. When ...
...be prompted to check the physical connection between your firewall and the cable or DSL line or to check your Broadband connection status. Connecting the FVS338 to verify your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)" on page 2-6).... required. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Internet connection methods Connection Method PPPoE PPTP BigPond Cable DHCP (Dynamic IP) Fixed IP Data Required Login (Username, Password). Login Username, Password), Account Name, and Server IP. Table 2-1. Auto Detect will most likely support. When ...
FVS338 Reference Manual
Page 30
...from 0 to 9 (inclusive) or an alphabetical letter between A and F (inclusive). 2. Use this is the address your phone line supports touch tone dialing; Some ISPs may also change the default MTU Size and Port Speed for either 1500 Bytes or 1492 Bytes for dial strings...Set up Type: Check the Tone radio box if your ISP expects, or b. Setting the Router's MAC Address (Advanced Options) Each computer or router on the following criteria: • MTU Size. FVS338 ProSafe VPN Firewall 50 Reference Manual c. use Dial String to Use Default Address. Note: The response time of your ...
...from 0 to 9 (inclusive) or an alphabetical letter between A and F (inclusive). 2. Use this is the address your phone line supports touch tone dialing; Some ISPs may also change the default MTU Size and Port Speed for either 1500 Bytes or 1492 Bytes for dial strings...Set up Type: Check the Tone radio box if your ISP expects, or b. Setting the Router's MAC Address (Advanced Options) Each computer or router on the following criteria: • MTU Size. FVS338 ProSafe VPN Firewall 50 Reference Manual c. use Dial String to Use Default Address. Note: The response time of your ...
FVS338 Reference Manual
Page 31
... dialup modems from the submenu and the Dialup ISP Settings tab. Click Apply to save your broadband modem supports 100BaseT, select 100BaseT; In most cases, your router can also change the standard MTU (Maximum Transmit Unit) value for Your Dialup Modem: Step 1.Select Network... this is 576 bytes, but some older broadband modems. If you reduce the MTU. Click the Advanced link on your settings. FVS338 ProSafe VPN Firewall 50 Reference Manual • Port Speed. Figure 2-5 You can automatically determine the connection speed of the Internet (WAN) port. otherwise, select 10BaseT...
... dialup modems from the submenu and the Dialup ISP Settings tab. Click Apply to save your broadband modem supports 100BaseT, select 100BaseT; In most cases, your router can also change the standard MTU (Maximum Transmit Unit) value for Your Dialup Modem: Step 1.Select Network... this is 576 bytes, but some older broadband modems. If you reduce the MTU. Click the Advanced link on your settings. FVS338 ProSafe VPN Firewall 50 Reference Manual • Port Speed. Figure 2-5 You can automatically determine the connection speed of the Internet (WAN) port. otherwise, select 10BaseT...
FVS338 Reference Manual
Page 39
...you have configured Single Port, select the tab for a DNS service provider, then fill out the DDNS section for each supported DNS service provider. The WAN Mode section displays the currently configured WAN Mode: Single Port or Auto-Rollover. After you have...parameters. Connecting the FVS338 to enable. FVS338 ProSafe VPN Firewall 50 Reference Manual This router firmware includes software that notifies dynamic DNS servers of changes in to your account, and register your new IP address. The Dynamic DNS Configuration screen displays. In the example shown, supported DNS providers are ...
...you have configured Single Port, select the tab for a DNS service provider, then fill out the DDNS section for each supported DNS service provider. The WAN Mode section displays the currently configured WAN Mode: Single Port or Auto-Rollover. After you have...parameters. Connecting the FVS338 to enable. FVS338 ProSafe VPN Firewall 50 Reference Manual This router firmware includes software that notifies dynamic DNS servers of changes in to your account, and register your new IP address. The Dynamic DNS Configuration screen displays. In the example shown, supported DNS providers are ...
FVS338 Reference Manual
Page 42
... remote subnet, you have no configured DHCP Relay Agent, your clients would only be sent over routers that do not support forwarding of these types of lease). The feature is enabled, the router will act as a proxy for all DHCP clients will receive the DNS IP addresses of the...of messages. Note: If you enable the DNS Relay feature, you entered a WINS server address in the LAN. FVS338 ProSafe VPN Firewall 50 Reference Manual • WINS Server (if you will not use the FVS338 as a DHCP server but rather as a DHCP relay agent for a DHCP server somewhere else on your network. ...
... remote subnet, you have no configured DHCP Relay Agent, your clients would only be sent over routers that do not support forwarding of these types of lease). The feature is enabled, the router will act as a proxy for all DHCP clients will receive the DNS IP addresses of the...of messages. Note: If you enable the DNS Relay feature, you entered a WINS server address in the LAN. FVS338 ProSafe VPN Firewall 50 Reference Manual • WINS Server (if you will not use the FVS338 as a DHCP server but rather as a DHCP relay agent for a DHCP server somewhere else on your network. ...
FVS338 Reference Manual
Page 47
... Firewall Rules to apply to each PC or device. Because the MAC address is used to ensure it always has the same IP address. • MAC-level Control over PCs - The LAN Groups screen contains a list of advantages: • Generally, you do not support ... local network periodically, using the Firewall Rules screen (see "Services-Based Rules" on PCs. The router will be displayed in the DHCP Server. Because the address allocated by you can also select the Groups to use a Fixed IP on page 4-2). - FVS338 ProSafe VPN Firewall 50 Reference Manual • Scanning the...
... Firewall Rules to apply to each PC or device. Because the MAC address is used to ensure it always has the same IP address. • MAC-level Control over PCs - The LAN Groups screen contains a list of advantages: • Generally, you do not support ... local network periodically, using the Firewall Rules screen (see "Services-Based Rules" on PCs. The router will be displayed in the DHCP Server. Because the address allocated by you can also select the Groups to use a Fixed IP on page 4-2). - FVS338 ProSafe VPN Firewall 50 Reference Manual • Scanning the...
FVS338 Reference Manual
Page 48
...support the NetBIOS protocol, the name will be displayed as ARP and NetBIOS to DHCP requests from the router will be added to the Network Database. For each computer or device, the following fields are not DHCP clients. The Known PCs and Devices table lists the entries in the Network Database. FVS338 ProSafe VPN Firewall 50... Reference Manual Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is strongly recommended. • Scanning the Network: The router also scans the...
...support the NetBIOS protocol, the name will be displayed as ARP and NetBIOS to DHCP requests from the router will be added to the Network Database. For each computer or device, the following fields are not DHCP clients. The Known PCs and Devices table lists the entries in the Network Database. FVS338 ProSafe VPN Firewall 50... Reference Manual Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is strongly recommended. • Scanning the Network: The router also scans the...
FVS338 Reference Manual
Page 49
...is statically assigned on PC) if the IP address is assigned. Select Reserved (DHCP Client) to direct the router to the network database manually, fill in the following fields: • Name: The name of the selected ...entry. Select Fixed (Set on the computer itself. • IP Address: The IP address that do not support the NetBIOS protocol will reserve the IP address for allocation by the DHCP server. - If the IP Address Type...or click Reset to revert to the network database. FVS338 ProSafe VPN Firewall 50 Reference Manual • Name: The name of the eight available groups: 1.
...is statically assigned on PC) if the IP address is assigned. Select Reserved (DHCP Client) to direct the router to the network database manually, fill in the following fields: • Name: The name of the selected ...entry. Select Fixed (Set on the computer itself. • IP Address: The IP address that do not support the NetBIOS protocol will reserve the IP address for allocation by the DHCP server. - If the IP Address Type...or click Reset to revert to the network database. FVS338 ProSafe VPN Firewall 50 Reference Manual • Name: The name of the eight available groups: 1.
FVS338 Reference Manual
Page 54
...-2M - RIP authentication is the most commonly supported version. • RIP-2 - Note: Multicasting can select the type of authentication as NONE or MD5. However, if one router uses multicasting, then all routers on non-router machines because they do not listen to save your network must use multicasting. FVS338 ProSafe VPN Firewall 50 Reference Manual • None - Check the...
...-2M - RIP authentication is the most commonly supported version. • RIP-2 - Note: Multicasting can select the type of authentication as NONE or MD5. However, if one router uses multicasting, then all routers on non-router machines because they do not listen to save your network must use multicasting. FVS338 ProSafe VPN Firewall 50 Reference Manual • None - Check the...
FVS338 Reference Manual
Page 68
...Click Add under the Inbound Services table. Select Security from the main menu and Firewall Rules from the submenu. 2. From the Action pull-down menu, choose Other Public IP Address. 7. One of the router. The Add LAN WAN Inbound Service screen will display. 3. From the Public Destination... inbound rule, we will configure multi-NAT to support multiple public IP addresses on one public IP address for your use, you can use the additional public IP addresses to map to servers on your Web server PC. 6. FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-8 Setting Up One-to-One...
...Click Add under the Inbound Services table. Select Security from the main menu and Firewall Rules from the submenu. 2. From the Action pull-down menu, choose Other Public IP Address. 7. One of the router. The Add LAN WAN Inbound Service screen will display. 3. From the Public Destination... inbound rule, we will configure multi-NAT to support multiple public IP addresses on one public IP address for your use, you can use the additional public IP addresses to map to servers on your Web server PC. 6. FVS338 ProSafe VPN Firewall 50 Reference Manual Figure 4-8 Setting Up One-to-One...
FVS338 Reference Manual
Page 144
...VPN firewall is running, select Monitoring from the Settings Backup & Upgrade screen. Select the software version and follow the To Install steps to the NETGEAR Web site at http://www.netgear.com/support and click on using them before upgrading the router...VPN firewall router statistics. The VPN firewall will be password and the LAN IP address will act as a DHCP server on the will be erased. From the Product Selection pull-down menu, select your router settings will change to the Internet. FVS338 ProSafe VPN Firewall 50 Reference Manual You must manually restart the VPN firewall...
...VPN firewall is running, select Monitoring from the Settings Backup & Upgrade screen. Select the software version and follow the To Install steps to the NETGEAR Web site at http://www.netgear.com/support and click on using them before upgrading the router...VPN firewall router statistics. The VPN firewall will be password and the LAN IP address will act as a DHCP server on the will be erased. From the Product Selection pull-down menu, select your router settings will change to the Internet. FVS338 ProSafe VPN Firewall 50 Reference Manual You must manually restart the VPN firewall...
FVS338 Reference Manual
Page 146
... the Server 1 Name/IP Address field. Figure 6-6 Monitoring the Router You can be set to the Default Netgear NTP servers. 5. Select a NTP Server option by contacting a Default Netgear NTP Server on the Internet. • Use Custom NTP Servers:... box. 4. If you can also view status information about the firewall, WAN ports, LAN ports, and VPN tunnels. 6-18 v1.0, March 2009 Router and Network Management If supported in the Server 2 Name/IP Address field. You can also..., WAN traffic limits reached, and login failures and attacks. FVS338 ProSafe VPN Firewall 50 Reference Manual 3.
... the Server 1 Name/IP Address field. Figure 6-6 Monitoring the Router You can be set to the Default Netgear NTP servers. 5. Select a NTP Server option by contacting a Default Netgear NTP Server on the Internet. • Use Custom NTP Servers:... box. 4. If you can also view status information about the firewall, WAN ports, LAN ports, and VPN tunnels. 6-18 v1.0, March 2009 Router and Network Management If supported in the Server 2 Name/IP Address field. You can also..., WAN traffic limits reached, and login failures and attacks. FVS338 ProSafe VPN Firewall 50 Reference Manual 3.