FVS338 Reference Manual
Page 2
... ProSafe VPN Firewall 50 has been suppressed in accordance with the regulations may occur due to the use or application of their respective holders. Microsoft, Windows, and Windows NT are designed to provide reasonable protection against harmful interference in this equipment does cause harmful interference to radio or television reception, which the receiver is verified by NETGEAR...
... ProSafe VPN Firewall 50 has been suppressed in accordance with the regulations may occur due to the use or application of their respective holders. Microsoft, Windows, and Windows NT are designed to provide reasonable protection against harmful interference in this equipment does cause harmful interference to radio or television reception, which the receiver is verified by NETGEAR...
FVS338 Reference Manual
Page 18
FVS338 ProSafe VPN Firewall 50 Reference Manual • Automatic Configuration of personal computer, such as Windows, Macintosh, or Linux. PPPoE is built into the browser-based Web Management Interface. • Smart Wizard. Browser-based configuration allows you to the Web Management Interface from almost any type of Attached PCs by simulating a dial-up connection. The VPN firewall automatically senses...
FVS338 ProSafe VPN Firewall 50 Reference Manual • Automatic Configuration of personal computer, such as Windows, Macintosh, or Linux. PPPoE is built into the browser-based Web Management Interface. • Smart Wizard. Browser-based configuration allows you to the Web Management Interface from almost any type of Attached PCs by simulating a dial-up connection. The VPN firewall automatically senses...
FVS338 Reference Manual
Page 25
... physically connect your VPN firewall, refer to the IFVS338 ProSafe VPN Firewall 50 Installation Guide (a copy is also available on page 2-14 Setting up VPN tunnels are covered in to the VPN firewall: Step 1.Open a Internet Explorer, Netscape® Navigator, or Firefox browser. Logging in the address field. The FVS338 login screen will display. In the browser window, enter http://192...
... physically connect your VPN firewall, refer to the IFVS338 ProSafe VPN Firewall 50 Installation Guide (a copy is also available on page 2-14 Setting up VPN tunnels are covered in to the VPN firewall: Step 1.Open a Internet Explorer, Netscape® Navigator, or Firefox browser. Logging in the address field. The FVS338 login screen will display. In the browser window, enter http://192...
FVS338 Reference Manual
Page 36
...counter Notifications of Internet traffic passing through the Router's Broadband or Dialup port. If you may also select the Send E-mail alert option. Broadband or Dialup can be displayed in a sub-window.Traffic counters are updated in the limit. Restart... counter. all access to continue accessing the Internet. When limit is reached. Traffic by clicking the appropriate tap; FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this is selected specified restriction will be ...
...counter Notifications of Internet traffic passing through the Router's Broadband or Dialup port. If you may also select the Send E-mail alert option. Broadband or Dialup can be displayed in a sub-window.Traffic counters are updated in the limit. Restart... counter. all access to continue accessing the Internet. When limit is reached. Traffic by clicking the appropriate tap; FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this is selected specified restriction will be ...
FVS338 Reference Manual
Page 40
...service you when logging into your configuration or click Cancel to revert to the previous settings. 2-16 Connecting the FVS338 to the DDNS service provider tabs. d. Click Apply to save your DDNS account. c. If your account, return...of one of the DDNS service providers and set up your dynamic DNS provider allows the use of the window opposite to the Internet v1.0, March 2009 After setting up an account. Enter the User Name, User ... feature will cause *.yourhost.dyndns.org to be aliased to identify you selected: a. FVS338 ProSafe VPN Firewall 50 Reference Manual 3.
...service you when logging into your configuration or click Cancel to revert to the previous settings. 2-16 Connecting the FVS338 to the DDNS service provider tabs. d. Click Apply to save your DDNS account. c. If your account, return...of one of the DDNS service providers and set up your dynamic DNS provider allows the use of the window opposite to the Internet v1.0, March 2009 After setting up an account. Enter the User Name, User ... feature will cause *.yourhost.dyndns.org to be aliased to identify you selected: a. FVS338 ProSafe VPN Firewall 50 Reference Manual 3.
FVS338 Reference Manual
Page 44
...can specify the Windows NetBios Server IP if one is specified, the VPN firewall will be leased to the web management interface. 3-4 LAN Configuration v1.0, March 2009 g. For example, if you change the LAN IP address of the router (the IP Address in your network. FVS338 ProSafe VPN Firewall 50 Reference Manual b....://10.0.0.1 in LAN TCP/IP Setup section). • Primary DNS Server. (Optional) If an IP address is specified, the VPN firewall will be assigned an IP address between this address as the primary DNS server IP address. This address specifies the last of the...
...can specify the Windows NetBios Server IP if one is specified, the VPN firewall will be leased to the web management interface. 3-4 LAN Configuration v1.0, March 2009 g. For example, if you change the LAN IP address of the router (the IP Address in your network. FVS338 ProSafe VPN Firewall 50 Reference Manual b....://10.0.0.1 in LAN TCP/IP Setup section). • Primary DNS Server. (Optional) If an IP address is specified, the VPN firewall will be assigned an IP address between this address as the primary DNS server IP address. This address specifies the last of the...
FVS338 Reference Manual
Page 99
FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Figure 5-9 Virtual Private Networking 5-7 v1.0, March 2009 Figure 5-8 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to configure your settings: the VPN Policies page shows the policy is enabled. Right-click on the VPN client icon in your...
FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Figure 5-9 Virtual Private Networking 5-7 v1.0, March 2009 Figure 5-8 Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to configure your settings: the VPN Policies page shows the policy is enabled. Right-click on the VPN client icon in your...
FVS338 Reference Manual
Page 100
Give the New Connection a name; in this example, we are using gw1. Enter the FQDN address which the FVS338 VPN Wizard provided; FVS338 ProSafe VPN Firewall 50 Reference Manual 2. In the upper left of the Policy Editor window, click the New Document icon (the first on the left) to the instructions below. • Under Connection Security, verify that the...
Give the New Connection a name; in this example, we are using gw1. Enter the FQDN address which the FVS338 VPN Wizard provided; FVS338 ProSafe VPN Firewall 50 Reference Manual 2. In the upper left of the Policy Editor window, click the New Document icon (the first on the left) to the instructions below. • Under Connection Security, verify that the...
FVS338 Reference Manual
Page 102
No changes are needed. Figure 5-12 • On the left, click Security Policy to view the settings: no changes are needed. • On the left, expand Authentication (Phase 1) and click Proposal 1: no changes are needed . • On the left of the window, click the disk icon to save the policy. 5-10 v1.0, March 2009 Virtual Private Networking In the upper left , expand Key Exchange (Phase 2) and click Proposal 1. Verify the Security Policy settings; no changes are needed . 5. FVS338 ProSafe VPN Firewall 50 Reference Manual 4.
No changes are needed. Figure 5-12 • On the left, click Security Policy to view the settings: no changes are needed. • On the left, expand Authentication (Phase 1) and click Proposal 1: no changes are needed . • On the left of the window, click the disk icon to save the policy. 5-10 v1.0, March 2009 Virtual Private Networking In the upper left , expand Key Exchange (Phase 2) and click Proposal 1. Verify the Security Policy settings; no changes are needed . 5. FVS338 ProSafe VPN Firewall 50 Reference Manual 4.
FVS338 Reference Manual
Page 103
FVS338 ProSafe VPN Firewall 50 Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS338 provide VPN connection and status information. This information is useful for verifying the status of a connection and troubleshooting problems with a connection. To test the client connection, from your Windows toolbar and choose Connect..., then My Connections\gw1. NETGEAR VPN Client Status...
FVS338 ProSafe VPN Firewall 50 Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS338 provide VPN connection and status information. This information is useful for verifying the status of a connection and troubleshooting problems with a connection. To test the client connection, from your Windows toolbar and choose Connect..., then My Connections\gw1. NETGEAR VPN Client Status...
FVS338 Reference Manual
Page 120
... it is the LAN network IP address of the VPN firewall; in this example it is "local_id.com". Figure 5-24 2. Click Pre-Shared Key and enter the key you configured in the Windows toolbar. From the ID Type pull-down menu. down... VPN firewall (this name will only be used internally). f. c. FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in the FVS338 ...
... it is the LAN network IP address of the VPN firewall; in this example it is "local_id.com". Figure 5-24 2. Click Pre-Shared Key and enter the key you configured in the Windows toolbar. From the ID Type pull-down menu. down... VPN firewall (this name will only be used internally). f. c. FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in the FVS338 ...
FVS338 Reference Manual
Page 123
...router during the Internet Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to MyConnections/modecfg_test will display and the VPN client icon in -house Windows server, or by remote entities. The additional check for secure web management. Right-click on the VPN client icon in the FVS338... the message "Successfully connected to be used by the extension. If the purpose defined is verified. FVS338 ProSafe VPN Firewall 50 Reference Manual To test the connection: 1. Digital Certificates are extended for one of the certificate is ...
...router during the Internet Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to MyConnections/modecfg_test will display and the VPN client icon in -house Windows server, or by remote entities. The additional check for secure web management. Right-click on the VPN client icon in the FVS338... the message "Successfully connected to be used by the extension. If the purpose defined is verified. FVS338 ProSafe VPN Firewall 50 Reference Manual To test the connection: 1. Digital Certificates are extended for one of the certificate is ...
FVS338 Reference Manual
Page 140
... use port number 8080, enter the following in the box provided. Select Administration from the main menu and Remote Management from the Windows Run menu. For greater security, you may get a message regarding the SSL certificate. Choose a number between 1024 and 65535, ...6-12 v1.0, March 2009 Router and Network Management You will be enabled. If you use the number of your firewall into your changes take effect. Specify the Port Number that number in your FVS338 by a colon (:) and the custom port number. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Web browser...
... use port number 8080, enter the following in the box provided. Select Administration from the main menu and Remote Management from the Windows Run menu. For greater security, you may get a message regarding the SSL certificate. Choose a number between 1024 and 65535, ...6-12 v1.0, March 2009 Router and Network Management You will be enabled. If you use the number of your firewall into your changes take effect. Specify the Port Number that number in your FVS338 by a colon (:) and the custom port number. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Web browser...
FVS338 Reference Manual
Page 147
FVS338 ProSafe VPN Firewall 50 Reference Manual Enabling the Traffic Meter To monitor traffic limits on Internet Traffic via the WAN port. Each WAN port is at least 1 MB Router and Network Management v1.0, March 2009 6-19 Traffic Counter settings Internet Traffic Statistics Figure 6-7 • Traffic...The Traffic Meter screen also provides the following information: • Internet Traffic Statistics - Traffic counters are updated in a sub-window. The Broadband Traffic Meter screen will be sent. Displays statistics on each of traffic for each protocol will display. (The ...
FVS338 ProSafe VPN Firewall 50 Reference Manual Enabling the Traffic Meter To monitor traffic limits on Internet Traffic via the WAN port. Each WAN port is at least 1 MB Router and Network Management v1.0, March 2009 6-19 Traffic Counter settings Internet Traffic Statistics Figure 6-7 • Traffic...The Traffic Meter screen also provides the following information: • Internet Traffic Statistics - Traffic counters are updated in a sub-window. The Broadband Traffic Meter screen will be sent. Displays statistics on each of traffic for each protocol will display. (The ...
FVS338 Reference Manual
Page 156
..."Back" on the Windows menu bar to return to a ping. The ping results will be configured not to respond to the Diagnostics screen. www.netgear.com) to find the IP address. FVS338 ProSafe VPN Firewall 50 Reference Manual Figure ...6-16 Table 6-5. Traceroute (often called Trace Route) - If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can be displayed in a new screen; This information is unreachable. Diagnostics Fields Item Description Ping or Trace an IP address Ping - Lists all Routers...
..."Back" on the Windows menu bar to return to a ping. The ping results will be configured not to respond to the Diagnostics screen. www.netgear.com) to find the IP address. FVS338 ProSafe VPN Firewall 50 Reference Manual Figure ...6-16 Table 6-5. Traceroute (often called Trace Route) - If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can be displayed in a new screen; This information is unreachable. Diagnostics Fields Item Description Ping or Trace an IP address Ping - Lists all Routers...
FVS338 Reference Manual
Page 161
... when entering this range, check the connection from the PC to the firewall and reboot your PC. • If your firewall's IP address has been changed and you can reboot the router and use sniffer to locate the router's LAN interface address. • Make sure your browser has Java, ... configuration. This procedure is explained in the range of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server. Look at the ARP packets to capture packets sent during the reboot. FVS338 ProSafe VPN Firewall 50 Reference Manual • Make sure your PC's IP ...
... when entering this range, check the connection from the PC to the firewall and reboot your PC. • If your firewall's IP address has been changed and you can reboot the router and use sniffer to locate the router's LAN interface address. • Make sure your browser has Java, ... configuration. This procedure is explained in the range of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server. Look at the ARP packets to capture packets sent during the reboot. FVS338 ProSafe VPN Firewall 50 Reference Manual • Make sure your PC's IP ...
FVS338 Reference Manual
Page 163
...an echo request packet to "Configuring your ISP will provide the addresses of one : Pinging with 32 bytes of the firewall, as its TCP/IP gateway. From the Windows toolbar, click on OK. In the field provided, type Ping followed by using the Ping utility in this message: ...LAN path to load any DNS server addresses. To ping the firewall from the Internet: • Your PC may not have the firewall configured as in your PC's MAC address. Click on the Start button and select Run. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual - You may configure your PC to verify that ...
...an echo request packet to "Configuring your ISP will provide the addresses of one : Pinging with 32 bytes of the firewall, as its TCP/IP gateway. From the Windows toolbar, click on OK. In the field provided, type Ping followed by using the Ping utility in this message: ...LAN path to load any DNS server addresses. To ping the firewall from the Internet: • Your PC may not have the firewall configured as in your PC's MAC address. Click on the Start button and select Run. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual - You may configure your PC to verify that ...
FVS338 Reference Manual
Page 164
.... From the Windows run menu, type: PING -n 10 where is not functioning correctly, you do not receive replies: • Check that modem. If the path is off, follow the instructions in "LAN or Internet Port LEDs Not On" on the same subnet. FVS338 ProSafe VPN Firewall 50 Reference Manual If... the path is the IP address of a remote device such as your ISP's DNS server. If the LED is functioning correctly, replies as in the Basic Settings menu. • Your ISP could have one of your firewall listed as the...
.... From the Windows run menu, type: PING -n 10 where is not functioning correctly, you do not receive replies: • Check that modem. If the path is off, follow the instructions in "LAN or Internet Port LEDs Not On" on the same subnet. FVS338 ProSafe VPN Firewall 50 Reference Manual If... the path is the IP address of a remote device such as your ISP's DNS server. If the LED is functioning correctly, replies as in the Basic Settings menu. • Your ISP could have one of your firewall listed as the...
FVS338 Reference Manual
Page 183
...] [INVALID][OUT_OF_WINDOW][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Packet not in TCP window 1. Invalid packets are dropped. 2. Invalid packets are dropped. 2. This may generate a significant volume of the invalid packets: fw/rules/...Message Explanation Recommended Action 2007 Oct 1 00:44:17 [FVS338] [kernel] [INVALID][REOPEN_CLOSE_CONN][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Attempt to enable dropping and logging of log messages. FVS338 ProSafe VPN Firewall 50 Reference Manual Table B-17. Invalid packets are dropped. ...
...] [INVALID][OUT_OF_WINDOW][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Packet not in TCP window 1. Invalid packets are dropped. 2. Invalid packets are dropped. 2. This may generate a significant volume of the invalid packets: fw/rules/...Message Explanation Recommended Action 2007 Oct 1 00:44:17 [FVS338] [kernel] [INVALID][REOPEN_CLOSE_CONN][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Attempt to enable dropping and logging of log messages. FVS338 ProSafe VPN Firewall 50 Reference Manual Table B-17. Invalid packets are dropped. ...
FVS338 Reference Manual
Page 188
... identities before they can also be viewed as a two-tiered authentication approach because it typically relies on NETGEAR SSL and VPN firewall products. This new security method can be strengthen using Windows Active Directory or LDAP as a PIN and a token (hardware or software) to do Two-Factor ...these factors to gain access to 8 digits in length. We will only focus and discuss the first two factors - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Quick to the network. These factors are - Something you have the option to use WiKID...
... identities before they can also be viewed as a two-tiered authentication approach because it typically relies on NETGEAR SSL and VPN firewall products. This new security method can be strengthen using Windows Active Directory or LDAP as a PIN and a token (hardware or software) to do Two-Factor ...these factors to gain access to 8 digits in length. We will only focus and discuss the first two factors - ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Quick to the network. These factors are - Something you have the option to use WiKID...