FVS338 Reference Manual
Page 2
Microsoft, Windows, and Windows NT are registered trademarks or trademarks of Microsoft Corporation. This equipment generates, uses, and can be subject to certain restrictions. Certificate of the Manufacturer/Importer .... Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe VPN Firewall 50 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. NETGEAR does not assume any liability that interference will not occur in a particular installation. Federal...
Microsoft, Windows, and Windows NT are registered trademarks or trademarks of Microsoft Corporation. This equipment generates, uses, and can be subject to certain restrictions. Certificate of the Manufacturer/Importer .... Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe VPN Firewall 50 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. NETGEAR does not assume any liability that interference will not occur in a particular installation. Federal...
FVS338 Reference Manual
Page 18
FVS338 ProSafe VPN Firewall 50 Reference Manual • Automatic Configuration of PCs on your local network. • DNS Proxy. This feature greatly simplifies configuration of Attached PCs by simulating a dial-up connection. This feature eliminates the need to easily configure your firewall...Windows, Macintosh, or Linux. The VPN firewall automatically senses the type of Internet connection, asking you to securely login to the attached PCs. The firewall...; Visual monitoring. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations...
FVS338 ProSafe VPN Firewall 50 Reference Manual • Automatic Configuration of PCs on your local network. • DNS Proxy. This feature greatly simplifies configuration of Attached PCs by simulating a dial-up connection. This feature eliminates the need to easily configure your firewall...Windows, Macintosh, or Linux. The VPN firewall automatically senses the type of Internet connection, asking you to securely login to the attached PCs. The firewall...; Visual monitoring. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations...
FVS338 Reference Manual
Page 25
... your VPN firewall, refer to the IFVS338 ProSafe VPN Firewall 50 Installation Guide (a copy is also available on page 2-14 Setting up VPN tunnels are covered in to the VPN Firewall Note: To connect to the firewall, your Resource CD). Chapter 2 Connecting the FVS338 to the Internet This section provides instructions for connecting the VPN firewall, including these topics: • "Connecting the VPN Firewall to...
... your VPN firewall, refer to the IFVS338 ProSafe VPN Firewall 50 Installation Guide (a copy is also available on page 2-14 Setting up VPN tunnels are covered in to the VPN Firewall Note: To connect to the firewall, your Resource CD). Chapter 2 Connecting the FVS338 to the Internet This section provides instructions for connecting the VPN firewall, including these topics: • "Connecting the VPN Firewall to...
FVS338 Reference Manual
Page 36
...when saved so the increase is selected specified restriction will be displayed in a sub-window.Traffic counters are updated in order for each protocol will be blocked. • ...Time month. If this if you may also select the Send E-mail alert option. FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this is...Counter at least 1MB. 2-12 Connecting the FVS338 to work . Choose the desired time and day of Internet traffic passing through the Router's Broadband or Dialup port. When limit is...
...when saved so the increase is selected specified restriction will be displayed in a sub-window.Traffic counters are updated in order for each protocol will be blocked. • ...Time month. If this if you may also select the Send E-mail alert option. FVS338 ProSafe VPN Firewall 50 Reference Manual Table 2-2. Traffic Meter Settings Parameter Description Enable Traffic Meter Check this is...Counter at least 1MB. 2-12 Connecting the FVS338 to work . Choose the desired time and day of Internet traffic passing through the Router's Broadband or Dialup port. When limit is...
FVS338 Reference Manual
Page 40
... Dynamic DNS Configuration screen and fill in resolving your dynamic DNS provider allows the use of the window opposite to save your DDNS account. In the Host and Domain Name field, enter the entire...when logging into your configuration or click Cancel to revert to the previous settings. 2-16 Connecting the FVS338 to activate this feature. Enter the User Name, User email Address, or Account Name requested by ...2-9. 4. Click Apply to the DDNS service provider tabs. d. FVS338 ProSafe VPN Firewall 50 Reference Manual 3. A link to the same IP address as yourhost.dyndns.org 5.
... Dynamic DNS Configuration screen and fill in resolving your dynamic DNS provider allows the use of the window opposite to save your DDNS account. In the Host and Domain Name field, enter the entire...when logging into your configuration or click Cancel to revert to the previous settings. 2-16 Connecting the FVS338 to activate this feature. Enter the User Name, User email Address, or Account Name requested by ...2-9. 4. Click Apply to the DDNS service provider tabs. d. FVS338 ProSafe VPN Firewall 50 Reference Manual 3. A link to the same IP address as yourhost.dyndns.org 5.
FVS338 Reference Manual
Page 44
... in again. g. This is optional-the default is optional. For example, if you change the LAN IP address of the router (the IP Address in the IP address pool. This address specifies the last of the contiguous addresses in LAN TCP/IP Setup...LAN Configuration v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual b. This address specifies the first of the contiguous addresses in your network. This box can specify the Windows NetBios Server IP if one is specified, the VPN firewall will be disconnected. If enabled, the VPN firewall will provide a LAN IP ...
... in again. g. This is optional-the default is optional. For example, if you change the LAN IP address of the router (the IP Address in the IP address pool. This address specifies the last of the contiguous addresses in LAN TCP/IP Setup...LAN Configuration v1.0, March 2009 FVS338 ProSafe VPN Firewall 50 Reference Manual b. This address specifies the first of the contiguous addresses in your network. This box can specify the Windows NetBios Server IP if one is specified, the VPN firewall will be disconnected. If enabled, the VPN firewall will provide a LAN IP ...
FVS338 Reference Manual
Page 99
...with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to save your VPN client. 1. Follow these steps to configure your settings: the VPN Policies page shows the policy is enabled. Right-click on the VPN client icon in your Windows toolbar, ...choose Security Policy Editor, and verify that the Options > Secure > Specified Connections selection is now enabled. FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Click Apply to the FVS338....
...with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to save your VPN client. 1. Follow these steps to configure your settings: the VPN Policies page shows the policy is enabled. Right-click on the VPN client icon in your Windows toolbar, ...choose Security Policy Editor, and verify that the Options > Secure > Specified Connections selection is now enabled. FVS338 ProSafe VPN Firewall 50 Reference Manual 6. Click Apply to the FVS338....
FVS338 Reference Manual
Page 100
...Mask of the Policy Editor window, click the New Document icon (the first on the left) to the instructions below. • Under Connection Security, verify that the Secure radio button is selected. • From the ID Type pull-down menus, choose Domain Name. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Enter the... FQDN address which the FVS338 VPN Wizard provided; In the upper left of the...
...Mask of the Policy Editor window, click the New Document icon (the first on the left) to the instructions below. • Under Connection Security, verify that the Secure radio button is selected. • From the ID Type pull-down menus, choose Domain Name. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. Enter the... FQDN address which the FVS338 VPN Wizard provided; In the upper left of the...
FVS338 Reference Manual
Page 102
no changes are needed. • On the left, expand Key Exchange (Phase 2) and click Proposal 1. No changes are needed . 5. In the upper left , expand Authentication (Phase 1) and click Proposal 1: no changes are needed . Figure 5-12 • On the left, click Security Policy to view the settings: no changes are needed. • On the left of the window, click the disk icon to save the policy. 5-10 v1.0, March 2009 Virtual Private Networking FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Verify the Security Policy settings;
no changes are needed. • On the left, expand Key Exchange (Phase 2) and click Proposal 1. No changes are needed . 5. In the upper left , expand Authentication (Phase 1) and click Proposal 1: no changes are needed . Figure 5-12 • On the left, click Security Policy to view the settings: no changes are needed. • On the left of the window, click the disk icon to save the policy. 5-10 v1.0, March 2009 Virtual Private Networking FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Verify the Security Policy settings;
FVS338 Reference Manual
Page 103
...tray should receive the message "Successfully connected to My Connections\gw1". Figure 5-14 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1. NETGEAR VPN Client Status and Log Information To test a client connection and view the status and ... This information is useful for verifying the status of a connection and troubleshooting problems with a connection. FVS338 ProSafe VPN Firewall 50 Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS338 provide VPN connection and status information.
...tray should receive the message "Successfully connected to My Connections\gw1". Figure 5-14 The VPN client icon in your Windows toolbar and choose Connect..., then My Connections\gw1. NETGEAR VPN Client Status and Log Information To test a client connection and view the status and ... This information is useful for verifying the status of a connection and troubleshooting problems with a connection. FVS338 ProSafe VPN Firewall 50 Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS338 provide VPN connection and status information.
FVS338 Reference Manual
Page 120
FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. b. Enter the IP Subnet and Mask of the VPN firewall (this example it is "local_id.com". in the Windows toolbar. Right-click the VPN client icon in this is the LAN network IP address of the VPN firewall... Domain name and enter the FQDN of the Policy Editor window, click the New Policy editor icon. in the FVS338 IKE menu. 5-28 v1.0, March 2009 Virtual Private Networking...
FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. b. Enter the IP Subnet and Mask of the VPN firewall (this example it is "local_id.com". in the Windows toolbar. Right-click the VPN client icon in this is the LAN network IP address of the VPN firewall... Domain name and enter the FQDN of the Policy Editor window, click the New Policy editor icon. in the FVS338 IKE menu. 5-28 v1.0, March 2009 Virtual Private Networking...
FVS338 Reference Manual
Page 123
FVS338 ProSafe VPN Firewall 50 Reference Manual To test the connection: 1. Right-click on the VPN client icon in the toolbar will read "On". ... of the uploaded digital certificate must be used to you configured will display and the VPN client icon in the Windows toolbar and select Connect. From the client PC, ping a computer on the connection...is accepted. Click on the VPN firewall LAN. The extKeyUsage would govern the certificate acceptance criteria in this router during the Internet Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to...
FVS338 ProSafe VPN Firewall 50 Reference Manual To test the connection: 1. Right-click on the VPN client icon in the toolbar will read "On". ... of the uploaded digital certificate must be used to you configured will display and the VPN client icon in the Windows toolbar and select Connect. From the client PC, ping a computer on the connection...is accepted. Click on the VPN firewall LAN. The extKeyUsage would govern the certificate acceptance criteria in this router during the Internet Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to...
FVS338 Reference Manual
Page 140
...6-12 v1.0, March 2009 Router and Network Management If you are using a Windows computer with a browser via SSL, you use the number of your firewall into your firewall for accessing the management interface. Specify the Port Number that number in your firewall from the Internet, the Secure... redirect to a custom port by entering that will enter https:// and type the WAN IP address of any common service port. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. The default is 8080, which is 134.177.0.123 and you may get a message regarding the SSL certificate....
...6-12 v1.0, March 2009 Router and Network Management If you are using a Windows computer with a browser via SSL, you use the number of your firewall into your firewall for accessing the management interface. Specify the Port Number that number in your firewall from the Internet, the Secure... redirect to a custom port by entering that will enter https:// and type the WAN IP address of any common service port. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. The default is 8080, which is 134.177.0.123 and you may get a message regarding the SSL certificate....
FVS338 Reference Manual
Page 147
FVS338 ProSafe VPN Firewall 50 Reference Manual Enabling the Traffic Meter To monitor traffic limits on Internet Traffic via the WAN port. Displays statistics on each of traffic for each protocol will display. (The Broadband and Dialup ports are updated in a sub-window. Each WAN port is enabled. Traffic Counter settings ... available. An e-mail can be displayed in MBytes scale and the counter starts only when traffic passed is at least 1 MB Router and Network Management v1.0, March 2009 6-19 The volume of the WAN ports, select Administration from the main menu and Traffic Meter...
FVS338 ProSafe VPN Firewall 50 Reference Manual Enabling the Traffic Meter To monitor traffic limits on Internet Traffic via the WAN port. Displays statistics on each of traffic for each protocol will display. (The Broadband and Dialup ports are updated in a sub-window. Each WAN port is enabled. Traffic Counter settings ... available. An e-mail can be displayed in MBytes scale and the counter starts only when traffic passed is at least 1 MB Router and Network Management v1.0, March 2009 6-19 The volume of the WAN ports, select Administration from the main menu and Traffic Meter...
FVS338 Reference Manual
Page 156
... address-most often, by Technical Support. 6-28 v1.0, March 2009 Router and Network Management If you need the IP address of a Web, FTP, Mail or other Server on the Windows menu bar to return to find the IP address. click "Back"... on the Internet, you can be displayed in a new screen; Lists all Routers between the source (this device) and the destination IP address. www.netgear.com) to a ping. Display the Routing Table This operation will be displayed in a new screen; FVS338 ProSafe VPN Firewall 50...
... address-most often, by Technical Support. 6-28 v1.0, March 2009 Router and Network Management If you need the IP address of a Web, FTP, Mail or other Server on the Windows menu bar to return to find the IP address. click "Back"... on the Internet, you can be displayed in a new screen; Lists all Routers between the source (this device) and the destination IP address. www.netgear.com) to a ping. Display the Routing Table This operation will be displayed in a new screen; FVS338 ProSafe VPN Firewall 50...
FVS338 Reference Manual
Page 161
... lost. • Click the Refresh or Reload button in the Web browser. If the firewall does not save changes you can reboot the router and use sniffer to be caching the old configuration. FVS338 ProSafe VPN Firewall 50 Reference Manual • Make sure your PC's IP address is on page 7-7. These auto... may have made in "Restoring the Default Configuration and Password" on the same subnet as 169.254.x.x: Recent versions of Windows and MacOS will set the firewall's IP address to 192.168.0.254. If you are using the recommended addressing scheme, your PC's address should be in...
... lost. • Click the Refresh or Reload button in the Web browser. If the firewall does not save changes you can reboot the router and use sniffer to be caching the old configuration. FVS338 ProSafe VPN Firewall 50 Reference Manual • Make sure your PC's IP address is on page 7-7. These auto... may have made in "Restoring the Default Configuration and Password" on the same subnet as 169.254.x.x: Recent versions of Windows and MacOS will set the firewall's IP address to 192.168.0.254. If you are using the recommended addressing scheme, your PC's address should be in...
FVS338 Reference Manual
Page 163
... pages from your PC to verify that the LAN path to load any DNS server addresses. FVS338 ProSafe VPN Firewall 50 Reference Manual - This can ping the firewall from the Internet: • Your PC may not have the firewall configured as www addresses) to the designated device. A DNS server is set up correctly. ... by the IP address of data If the path is working , you see a message like this example: ping 192.168.1.1 3. From the Windows toolbar, click on OK. You may configure your PC manually with an echo reply. In the field provided, type Ping followed by using the ...
... pages from your PC to verify that the LAN path to load any DNS server addresses. FVS338 ProSafe VPN Firewall 50 Reference Manual - This can ping the firewall from the Internet: • Your PC may not have the firewall configured as www addresses) to the designated device. A DNS server is set up correctly. ... by the IP address of data If the path is working , you see a message like this example: ping 192.168.1.1 3. From the Windows toolbar, click on OK. You may configure your PC manually with an echo reply. In the field provided, type Ping followed by using the ...
FVS338 Reference Manual
Page 164
... enter that host name as the Account Name in your PC's Network Control Panel. • Check to your workstation and firewall. • Wrong network configuration - FVS338 ProSafe VPN Firewall 50 Reference Manual If the path is not functioning correctly, you do not receive replies: • Check that your PC has the...a single PC connected to a Remote Device After verifying that the Ethernet card driver software and TCP/IP software are on . From the Windows run menu, type: PING -n 10 where is the case, you must configure your workstation are correct and that the addresses are both ...
... enter that host name as the Account Name in your PC's Network Control Panel. • Check to your workstation and firewall. • Wrong network configuration - FVS338 ProSafe VPN Firewall 50 Reference Manual If the path is not functioning correctly, you do not receive replies: • Check that your PC has the...a single PC connected to a Remote Device After verifying that the Ethernet card driver software and TCP/IP software are on . From the Windows run menu, type: PING -n 10 where is the case, you must configure your workstation are correct and that the addresses are both ...
FVS338 Reference Manual
Page 183
Invalid packets are dropped. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual Table B-17. Use this command to enable dropping ...SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Packet not in TCP window 1. Invalid packets are dropped. 2. This may generate a significant volume of the invalid packets: fw/rules/...(continued) Message Explanation Recommended Action Message Explanation Recommended Action Message Explanation Recommended Action 2007 Oct 1 00:44:17 [FVS338] [kernel] [INVALID][REOPEN_CLOSE_CONN][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 ...
Invalid packets are dropped. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual Table B-17. Use this command to enable dropping ...SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Packet not in TCP window 1. Invalid packets are dropped. 2. This may generate a significant volume of the invalid packets: fw/rules/...(continued) Message Explanation Recommended Action Message Explanation Recommended Action Message Explanation Recommended Action 2007 Oct 1 00:44:17 [FVS338] [kernel] [INVALID][REOPEN_CLOSE_CONN][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 ...
FVS338 Reference Manual
Page 188
... been used to validate the users to your PIN Something you are - D-2 Two Factor Authentication v1.3, March 2009 ProSafe Dual WAN Gigabit Firewall with the NETGEAR SSL and VPN firewall products. • Proven regulatory compliance. something you know and what you know and something you have" You must ... can also be viewed as a PIN and a token (hardware or software) to the corporate networks and data can be strengthen using Windows Active Directory or LDAP as fingerprints or retinal. Similar to the ATM card, access to validate the users and reduce the incidence of ...
... been used to validate the users to your PIN Something you are - D-2 Two Factor Authentication v1.3, March 2009 ProSafe Dual WAN Gigabit Firewall with the NETGEAR SSL and VPN firewall products. • Proven regulatory compliance. something you know and what you know and something you have" You must ... can also be viewed as a PIN and a token (hardware or software) to the corporate networks and data can be strengthen using Windows Active Directory or LDAP as fingerprints or retinal. Similar to the ATM card, access to validate the users and reduce the incidence of ...