FVS338 Reference Manual
Page 2
... receiver is verified by turning the equipment off and on, the user is no guarantee that the ProSafe VPN Firewall 50 has been suppressed in the operating instructions. Other brand and product names are registered trademarks of NETGEAR, Inc. NETGEAR does not assume any liability that to provide reasonable protection against harmful interference in a particular installation...
... receiver is verified by turning the equipment off and on, the user is no guarantee that the ProSafe VPN Firewall 50 has been suppressed in the operating instructions. Other brand and product names are registered trademarks of NETGEAR, Inc. NETGEAR does not assume any liability that to provide reasonable protection against harmful interference in a particular installation...
FVS338 Reference Manual
Page 7
... Uplink 1-3 Extensive Protocol Support 1-3 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-6 Router Hardware Components 1-6 Router Front Panel 1-6 Router Rear Panel 1-8 Factory Default Login ...1-9 Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network 2-1 Logging in to the VPN Firewall 2-1 Configuring your Internet Connection 2-2 Broadband ISP Settings 2-2 Dialup ISP Serial WAN port Settings...
... Uplink 1-3 Extensive Protocol Support 1-3 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-6 Router Hardware Components 1-6 Router Front Panel 1-6 Router Rear Panel 1-8 Factory Default Login ...1-9 Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network 2-1 Logging in to the VPN Firewall 2-1 Configuring your Internet Connection 2-2 Broadband ISP Settings 2-2 Dialup ISP Serial WAN port Settings...
FVS338 Reference Manual
Page 9
... a Secure Connection 5-7 Testing the Connections and Viewing Status Information 5-11 NETGEAR VPN Client Status and Log Information 5-11 FVS338 VPN Connection Status and Logs 5-13 IKE Policies ...5-14 IKE Policy Operation 5-14 IKE Policy Table ...5-15 VPN Policies ...5-16 VPN Policy Operation 5-16 VPN Policy Table ...5-16 VPN Tunnel Connection Status 5-17 Extended Authentication (XAUTH) Configuration 5-18 Configuring...
... a Secure Connection 5-7 Testing the Connections and Viewing Status Information 5-11 NETGEAR VPN Client Status and Log Information 5-11 FVS338 VPN Connection Status and Logs 5-13 IKE Policies ...5-14 IKE Policy Operation 5-14 IKE Policy Table ...5-15 VPN Policies ...5-16 VPN Policy Operation 5-16 VPN Policy Table ...5-16 VPN Tunnel Connection Status 5-17 Extended Authentication (XAUTH) Configuration 5-18 Configuring...
FVS338 Reference Manual
Page 10
... Certificates 5-32 Self Certificates ...5-33 Managing your Certificate Revocation List (CRL 5-36 Chapter 6 Router and Network Management Performance Management 6-1 VPN Firewall Features That Reduce Traffic 6-1 Service Blocking 6-1 Block Sites ...6-3 Source MAC Filtering 6-4 VPN Firewall Features That Increase Traffic 6-4 Port Forwarding 6-4 Port Triggering 6-6 VPN Tunnels ...6-6 Using QoS to Shift the Traffic Mix 6-6 Tools for Traffic Management 6-7 Administration...
... Certificates 5-32 Self Certificates ...5-33 Managing your Certificate Revocation List (CRL 5-36 Chapter 6 Router and Network Management Performance Management 6-1 VPN Firewall Features That Reduce Traffic 6-1 Service Blocking 6-1 Block Sites ...6-3 Source MAC Filtering 6-4 VPN Firewall Features That Increase Traffic 6-4 Port Forwarding 6-4 Port Triggering 6-6 VPN Tunnels ...6-6 Using QoS to Shift the Traffic Mix 6-6 Tools for Traffic Management 6-7 Administration...
FVS338 Reference Manual
Page 13
About This Manual The NETGEAR® ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to highlight information of importance or special interest. This manual uses the following paragraphs. • Typographical Conventions. This ... Note: This format is used to the equipment. xiii v1.0, March 2009 Warning: Ignoring this manual is used to install, configure and troubleshoot the ProSafe VPN Firewall 50. The information in this type of this manual are described in a malfunction or damage to highlight a procedure that will save time or resources. Tip...
About This Manual The NETGEAR® ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to highlight information of importance or special interest. This manual uses the following paragraphs. • Typographical Conventions. This ... Note: This format is used to the equipment. xiii v1.0, March 2009 Warning: Ignoring this manual is used to install, configure and troubleshoot the ProSafe VPN Firewall 50. The information in this type of this manual are described in a malfunction or damage to highlight a procedure that will save time or resources. Tip...
FVS338 Reference Manual
Page 14
... Detection; FVS338 ProSafe VPN Firewall 50 Reference Manual Danger: This is a safety warning. For more information about network, Internet, firewall, and VPN technologies, see the links to Appendix B Maintenance release Adds these corrections and topics for the March 2009 firmware maintenance release: • WIKID 2 factor authentication • SIP AGL support • DHCP Relay support • Update VPN configuration...
... Detection; FVS338 ProSafe VPN Firewall 50 Reference Manual Danger: This is a safety warning. For more information about network, Internet, firewall, and VPN technologies, see the links to Appendix B Maintenance release Adds these corrections and topics for the March 2009 firmware maintenance release: • WIKID 2 factor authentication • SIP AGL support • DHCP Relay support • Update VPN configuration...
FVS338 Reference Manual
Page 15
...within minutes. Chapter 1 Introduction The ProSafe VPN Firewall 50 with 8 port switch connects your network from attacks and intrusions. This chapter contains the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-6 • "Router Hardware Components" on page 1-6 •...multi-NAT support.The VPN firewall supports multiple Web content filtering options, plus browsing activity reporting and instant alerts-both, via e-mail. For example, the FVS338 provides support for a local network. Introduction 1-1 v1.0, March 2009 The FVS338 is a plug-...
...within minutes. Chapter 1 Introduction The ProSafe VPN Firewall 50 with 8 port switch connects your network from attacks and intrusions. This chapter contains the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-6 • "Router Hardware Components" on page 1-6 •...multi-NAT support.The VPN firewall supports multiple Web content filtering options, plus browsing activity reporting and instant alerts-both, via e-mail. For example, the FVS338 provides support for a local network. Introduction 1-1 v1.0, March 2009 The FVS338 is a plug-...
FVS338 Reference Manual
Page 16
... log security events such as Ping of status and activity. • Flash memory for firmware upgrade. FVS338 ProSafe VPN Firewall 50 Reference Manual • Built in 8-port 10/100 Mbps switch. • Extensive Protocol Support. • Login capability. •... or services that you specify as off-limits. • Logs security incidents. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS338 is a true firewall, using stateful packet inspection to access objectionable Internet sites. 1-2 Introduction v1.0, March 2009 You can ...
... log security events such as Ping of status and activity. • Flash memory for firmware upgrade. FVS338 ProSafe VPN Firewall 50 Reference Manual • Built in 8-port 10/100 Mbps switch. • Extensive Protocol Support. • Login capability. •... or services that you specify as off-limits. • Logs security incidents. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVS338 is a true firewall, using stateful packet inspection to access objectionable Internet sites. 1-2 Introduction v1.0, March 2009 You can ...
FVS338 Reference Manual
Page 17
... correct configuration. That port will accommodate either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The VPN firewall allows several features designed to specific PCs based on the service port number of cable to the Internet for which you to ... with Auto Uplink With its internal 8-port 10/100 switch, the FVS338 can specify forwarding of single ports or ranges of an inexpensive single-user ISP account. FVS338 ProSafe VPN Firewall 50 Reference Manual Security The VPN firewall is equipped with several networked PCs to either type of the incoming...
... correct configuration. That port will accommodate either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The VPN firewall allows several features designed to specific PCs based on the service port number of cable to the Internet for which you to ... with Auto Uplink With its internal 8-port 10/100 switch, the FVS338 can specify forwarding of single ports or ranges of an inexpensive single-user ISP account. FVS338 ProSafe VPN Firewall 50 Reference Manual Security The VPN firewall is equipped with several networked PCs to either type of the incoming...
FVS338 Reference Manual
Page 18
...no DNS addresses are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. The firewall obtains actual DNS addresses from the ISP during connection...The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to the network. The VPN firewall automatically...network. • DNS Proxy. The firewall incorporates built-in diagnostic functions such as EnterNet or WinPOET on your PC. FVS338 ProSafe VPN Firewall 50 Reference Manual • Automatic Configuration of ...
...no DNS addresses are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. The firewall obtains actual DNS addresses from the ISP during connection...The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to the network. The VPN firewall automatically...network. • DNS Proxy. The firewall incorporates built-in diagnostic functions such as EnterNet or WinPOET on your PC. FVS338 ProSafe VPN Firewall 50 Reference Manual • Automatic Configuration of ...
FVS338 Reference Manual
Page 19
FVS338 ProSafe VPN Firewall 50 Reference Manual Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade • Free technical support seven days a week, twenty-four hours a day Introduction 1-5 v1.0, March 2009
FVS338 ProSafe VPN Firewall 50 Reference Manual Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade • Free technical support seven days a week, twenty-four hours a day Introduction 1-5 v1.0, March 2009
FVS338 Reference Manual
Page 20
... Modem Internet LED LED LEDs Local LEDs 1-6 v1.0, March 2009 Introduction FVS338 ProSafe VPN Firewall 50 Reference Manual Package Contents The product package should contain the following items: • ProSafe VPN Firewall 50. • AC power adapter. • Category 5 Ethernet cable. • Resource CD, including: - Router Front Panel The ProSafe VPN Firewall 50 front panel shown below contains the port connections, status LEDs, and...
... Modem Internet LED LED LEDs Local LEDs 1-6 v1.0, March 2009 Introduction FVS338 ProSafe VPN Firewall 50 Reference Manual Package Contents The product package should contain the following items: • ProSafe VPN Firewall 50. • AC power adapter. • Category 5 Ethernet cable. • Resource CD, including: - Router Front Panel The ProSafe VPN Firewall 50 front panel shown below contains the port connections, status LEDs, and...
FVS338 Reference Manual
Page 21
... or received by the LAN port. Writing to Flash memory (during upgrading or resetting to the router. Data is being transmitted or received by the serial port. The WAN port is operating at 10 Mbps. FVS338 ProSafe VPN Firewall 50 Reference Manual The table below describes each item on the front panel and its operation. Server... LED On (Green) Off Description Power is not supplied to an ISP and received an IP Address. The serial port has successfully connected to the router. Power is supplied to defaults). The LAN port has no link.
... or received by the LAN port. Writing to Flash memory (during upgrading or resetting to the router. Data is being transmitted or received by the serial port. The WAN port is operating at 10 Mbps. FVS338 ProSafe VPN Firewall 50 Reference Manual The table below describes each item on the front panel and its operation. Server... LED On (Green) Off Description Power is not supplied to an ISP and received an IP Address. The serial port has successfully connected to the router. Power is supplied to defaults). The LAN port has no link.
FVS338 Reference Manual
Page 22
... speed negotiation, Auto MDI/MDIX. • On/Off switch • DC power in (12 VDC, 1.2A) 1-8 Introduction v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Router Rear Panel The rear panel of the ProSafe VPN Firewall 50 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 Viewed from left to right, the rear panel contains the...
... speed negotiation, Auto MDI/MDIX. • On/Off switch • DC power in (12 VDC, 1.2A) 1-8 Introduction v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual Router Rear Panel The rear panel of the ProSafe VPN Firewall 50 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 Viewed from left to right, the rear panel contains the...
FVS338 Reference Manual
Page 23
Enter admin for User Name and password for Password Introduction 1-9 v1.0, March 2009 Figure 1-4 2. Go to the FVS338 once it is connected: 1. Factory Default Login FVS338 ProSafe VPN Firewall 50 Reference Manual Check the label on the bottom of the FVS338's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-3 To log in to http://192.168.1.1.
Enter admin for User Name and password for Password Introduction 1-9 v1.0, March 2009 Figure 1-4 2. Go to the FVS338 once it is connected: 1. Factory Default Login FVS338 ProSafe VPN Firewall 50 Reference Manual Check the label on the bottom of the FVS338's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-3 To log in to http://192.168.1.1.
FVS338 Reference Manual
Page 24
FVS338 ProSafe VPN Firewall 50 Reference Manual 1-10 v1.0, March 2009 Introduction
FVS338 ProSafe VPN Firewall 50 Reference Manual 1-10 v1.0, March 2009 Introduction
FVS338 Reference Manual
Page 25
... to be configured to the IFVS338 ProSafe VPN Firewall 50 Installation Guide (a copy is also available on page 2-14 Setting up VPN tunnels are covered in Chapter 5, "Virtual Private Networking": Connecting the VPN Firewall to Your Network To physically connect your Resource CD). The FVS338 login screen will display. Chapter 2 Connecting the FVS338 to the Internet This section provides...
... to be configured to the IFVS338 ProSafe VPN Firewall 50 Installation Guide (a copy is also available on page 2-14 Setting up VPN tunnels are covered in Chapter 5, "Virtual Private Networking": Connecting the VPN Firewall to Your Network To physically connect your Resource CD). The FVS338 login screen will display. Chapter 2 Connecting the FVS338 to the Internet This section provides...
FVS338 Reference Manual
Page 26
... password you enable remote management, change your password to a more information on page 6-7). Figure 2-2 2-2 Connecting the FVS338 to your Internet Connection You can configure both Broadband ISP Settings and Dialup ISP Settings.from the submenu. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. The Broadband ISP Settings screen will display. Configuring your Internet connection. 3. Broadband ISP Settings...
... password you enable remote management, change your password to a more information on page 6-7). Figure 2-2 2-2 Connecting the FVS338 to your Internet Connection You can configure both Broadband ISP Settings and Dialup ISP Settings.from the submenu. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. The Broadband ISP Settings screen will display. Configuring your Internet connection. 3. Broadband ISP Settings...
FVS338 Reference Manual
Page 27
... Auto Detect at the top right of the screen to automatically detect the type of the screen to verify your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)" on page 2-6). Table 2-1. Click Connect if connection not already present. IP address ... and Server IP. Auto Detect will most likely support. Login (Username, Password), Local IP, and PPTP Server IP. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Internet connection methods Connection Method PPPoE PPTP BigPond Cable DHCP (Dynamic IP) Fixed IP Data Required Login (Username, Password).
... Auto Detect at the top right of the screen to automatically detect the type of the screen to verify your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)" on page 2-6). Table 2-1. Click Connect if connection not already present. IP address ... and Server IP. Auto Detect will most likely support. Login (Username, Password), Local IP, and PPTP Server IP. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Internet connection methods Connection Method PPPoE PPTP BigPond Cable DHCP (Dynamic IP) Fixed IP Data Required Login (Username, Password).
FVS338 Reference Manual
Page 28
... can continue with the configuration of the dialup ISP serial WAN interface. b. See "Programming the Traffic Meter (if Desired)" on page 2-11. FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Set up the router to the ISP server. Note: At this point in the configuration process, you in to access the Internet connection using a dialup modem. This...
... can continue with the configuration of the dialup ISP serial WAN interface. b. See "Programming the Traffic Meter (if Desired)" on page 2-11. FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Set up the router to the ISP server. Note: At this point in the configuration process, you in to access the Internet connection using a dialup modem. This...