FVS338 Reference Manual
Page 10
... Certificate Revocation List (CRL 5-36 Chapter 6 Router and Network Management Performance Management 6-1 VPN Firewall Features That Reduce Traffic 6-1 Service Blocking 6-1 Block Sites ...6-3 Source MAC Filtering 6-4 VPN Firewall Features That Increase Traffic 6-4 Port Forwarding 6-4 Port Triggering 6-6 VPN Tunnels ...6-6 Using QoS to Shift the Traffic Mix 6-6 Tools for Traffic Management 6-7 Administration ...6-7 Changing Passwords and Settings 6-7 RADIUS Server External Authentication...
... Certificate Revocation List (CRL 5-36 Chapter 6 Router and Network Management Performance Management 6-1 VPN Firewall Features That Reduce Traffic 6-1 Service Blocking 6-1 Block Sites ...6-3 Source MAC Filtering 6-4 VPN Firewall Features That Increase Traffic 6-4 Port Forwarding 6-4 Port Triggering 6-6 VPN Tunnels ...6-6 Using QoS to Shift the Traffic Mix 6-6 Tools for Traffic Management 6-7 Administration ...6-7 Changing Passwords and Settings 6-7 RADIUS Server External Authentication...
FVS338 Reference Manual
Page 11
... Interface 7-2 Troubleshooting the ISP Connection 7-4 Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications Appendix B System Logs and Error Messages System...
... Interface 7-2 Troubleshooting the ISP Connection 7-4 Troubleshooting a TCP/IP Network Using a Ping Utility 7-5 Testing the LAN Path to Your Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications Appendix B System Logs and Error Messages System...
FVS338 Reference Manual
Page 23
Enter admin for User Name and password for Password Introduction 1-9 v1.0, March 2009 Figure 1-4 2. Factory Default Login FVS338 ProSafe VPN Firewall 50 Reference Manual Check the label on the bottom of the FVS338's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-3 To log in to http://192.168.1.1. Go to the FVS338 once it is connected: 1.
Enter admin for User Name and password for Password Introduction 1-9 v1.0, March 2009 Figure 1-4 2. Factory Default Login FVS338 ProSafe VPN Firewall 50 Reference Manual Check the label on the bottom of the FVS338's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-3 To log in to http://192.168.1.1. Go to the FVS338 once it is connected: 1.
FVS338 Reference Manual
Page 26
...will display. Figure 2-2 2-2 Connecting the FVS338 to your Internet connection. 3. Enter admin for the User Name and password for more secure one than the standard factory default (see "Changing Passwords and Settings" on page 6-7). Note:...password to a more information on page 6-10 for the Password, both in lower case letters.The firewall user name and password are not the same as any user name or password you enable remote management, change your Internet Connection You can configure both Broadband ISP Settings and Dialup ISP Settings.from the submenu. FVS338 ProSafe VPN Firewall 50...
...will display. Figure 2-2 2-2 Connecting the FVS338 to your Internet connection. 3. Enter admin for the User Name and password for more secure one than the standard factory default (see "Changing Passwords and Settings" on page 6-7). Note:...password to a more information on page 6-10 for the Password, both in lower case letters.The firewall user name and password are not the same as any user name or password you enable remote management, change your Internet Connection You can configure both Broadband ISP Settings and Dialup ISP Settings.from the submenu. FVS338 ProSafe VPN Firewall 50...
FVS338 Reference Manual
Page 27
... Username, Password), Account Name, and Server IP. Figure 2-3 If Auto Detect does not find a connection, you will most likely support. Click Auto Detect at the top right of Internet connection provided by your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)"... suggest one that your ISP will be prompted to check the physical connection between your firewall and the cable or DSL line or to the Internet 2-3 v1.0, March 2009 IP address and related data supplied by your Broadband connection status. FVS338 ProSafe VPN Firewall 50 Reference Manual 2.
... Username, Password), Account Name, and Server IP. Figure 2-3 If Auto Detect does not find a connection, you will most likely support. Click Auto Detect at the top right of Internet connection provided by your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)"... suggest one that your ISP will be prompted to check the physical connection between your firewall and the cable or DSL line or to the Internet 2-3 v1.0, March 2009 IP address and related data supplied by your Broadband connection status. FVS338 ProSafe VPN Firewall 50 Reference Manual 2.
FVS338 Reference Manual
Page 28
FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Optionally, you can continue with the configuration of your ISP. Password: The account password for ISP1 if desired. Figure 2-4 2. Set up the router to access the Internet connection using a dialup modem. The Dialup Settings screen will assist you are now connected ...be used to log in the configuration process, you in setting up the traffic meter for the dialup ISP 2-4 Connecting the FVS338 to display the Dialup settings screen. Account/User name: Enter the account name or the user name provided by your ISP ...
FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Optionally, you can continue with the configuration of your ISP. Password: The account password for ISP1 if desired. Figure 2-4 2. Set up the router to access the Internet connection using a dialup modem. The Dialup Settings screen will assist you are now connected ...be used to log in the configuration process, you in setting up the traffic meter for the dialup ISP 2-4 Connecting the FVS338 to display the Dialup settings screen. Account/User name: Enter the account name or the user name provided by your ISP ...
FVS338 Reference Manual
Page 40
... Service to the DDNS service provider tabs. FVS338 ProSafe VPN Firewall 50 Reference Manual 3. The link is near the top right of the DDNS service providers and set up your configuration or click Cancel to revert to the previous settings. 2-16 Connecting the FVS338 to activate this feature. Enter the Password, or User Key, for example: .dyndns...
... Service to the DDNS service provider tabs. FVS338 ProSafe VPN Firewall 50 Reference Manual 3. The link is near the top right of the DDNS service providers and set up your configuration or click Cancel to revert to the previous settings. 2-16 Connecting the FVS338 to activate this feature. Enter the Password, or User Key, for example: .dyndns...
FVS338 Reference Manual
Page 60
...discovers any traffic attempting to pass through the firewall, the packet information is also advisable to turn on the server application security and invoke the user password or privilege levels, if provided. FVS338 ProSafe VPN Firewall 50 Reference Manual Note: Some residential broadband ISP ...accounts do not allow you to relocate a defined rule to a new position in the table. 4-6 Firewall Protection and Content Filtering v1.0,...
...discovers any traffic attempting to pass through the firewall, the packet information is also advisable to turn on the server application security and invoke the user password or privilege levels, if provided. FVS338 ProSafe VPN Firewall 50 Reference Manual Note: Some residential broadband ISP ...accounts do not allow you to relocate a defined rule to a new position in the table. 4-6 Firewall Protection and Content Filtering v1.0,...
FVS338 Reference Manual
Page 86
... the e-mail address where the logs and alerts should be sent to the previous settings. 11. Then enter the user name and password to Identd from the SysLog Severity pull-down menu. If you want to respond to IDENT protocol, check the Respond to be [email protected]). 7. The Ident Protocol is checked by selecting the authentication type-either Login Plain or CRAM-MD5-based on your settings. FVS338 ProSafe VPN Firewall 50 Reference Manual 5. The No Authentication radio box is an Internet protocol that is unusable) • LOG_ALERT (Action must use the full e-mail...
... the e-mail address where the logs and alerts should be sent to the previous settings. 11. Then enter the user name and password to Identd from the SysLog Severity pull-down menu. If you want to respond to IDENT protocol, check the Respond to be [email protected]). 7. The Ident Protocol is checked by selecting the authentication type-either Login Plain or CRAM-MD5-based on your settings. FVS338 ProSafe VPN Firewall 50 Reference Manual 5. The No Authentication radio box is an Internet protocol that is unusable) • LOG_ALERT (Action must use the full e-mail...
FVS338 Reference Manual
Page 110
...Authentication (XAUTH) Configuration When connecting many VPN clients to a VPN gateway router, an administrator may want authentication by the remote gateway, enter a User Name and Password to be associated with this option is not present, the router will first check the local User Database.... Although the administrator could configure a unique VPN policy for the VPN gateway router to terminate or build the SA (connection), if required. Two types of the SA. Note: If a RADIUS-PAP server is used in the local network. FVS338 ProSafe VPN Firewall 50 Reference Manual • Endpoint.
...Authentication (XAUTH) Configuration When connecting many VPN clients to a VPN gateway router, an administrator may want authentication by the remote gateway, enter a User Name and Password to be associated with this option is not present, the router will first check the local User Database.... Although the administrator could configure a unique VPN policy for the VPN gateway router to terminate or build the SA (connection), if required. Two types of the SA. Note: If a RADIUS-PAP server is used in the local network. FVS338 ProSafe VPN Firewall 50 Reference Manual • Endpoint.
FVS338 Reference Manual
Page 111
...enable a RADIUS-CHAP or RADIUS-PAP server. In the adjacent Username and Password fields, type in the information user name and password associated with the IKE policy for VPN Clients Once the XAUTH has been enabled, you must establish user accounts on ...router as a VPN concentrator where one or more gateway tunnels terminate. Select • Edge Device to use by clicking Add. To enable and configure XAUTH: 1. Virtual Private Networking v1.0, March 2009 5-19 You can either disable or delete the VPN policy before you can modify the IKE Policy. FVS338 ProSafe VPN Firewall 50...
...enable a RADIUS-CHAP or RADIUS-PAP server. In the adjacent Username and Password fields, type in the information user name and password associated with the IKE policy for VPN Clients Once the XAUTH has been enabled, you must establish user accounts on ...router as a VPN concentrator where one or more gateway tunnels terminate. Select • Edge Device to use by clicking Add. To enable and configure XAUTH: 1. Virtual Private Networking v1.0, March 2009 5-19 You can either disable or delete the VPN policy before you can modify the IKE Policy. FVS338 ProSafe VPN Firewall 50...
FVS338 Reference Manual
Page 112
... the User Name field of a user which will display. 2. To add a new user: 1. Select VPN from the main menu and VPN Client from the submenu. Enter a Password for use an external RADIUS server, you may want to have some users authenticated locally. Click Apply to ... use by the XAUTH server. This is used in the Confirm Password field. 5-20 v1.0, March 2009 Virtual Private Networking The User Database screen will be added to save your settings. Enter a User Name. FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Figure 5-19 User Database Configuration The User Database...
... the User Name field of a user which will display. 2. To add a new user: 1. Select VPN from the main menu and VPN Client from the submenu. Enter a Password for use an external RADIUS server, you may want to have some users authenticated locally. Click Apply to ... use by the XAUTH server. This is used in the Confirm Password field. 5-20 v1.0, March 2009 Virtual Private Networking The User Database screen will be added to save your settings. Enter a User Name. FVS338 ProSafe VPN Firewall 50 Reference Manual 4. Figure 5-19 User Database Configuration The User Database...
FVS338 Reference Manual
Page 113
... table. During the establishment of a VPN connection, the VPN gateway can validate a user at the request of user information, and can interrupt the process with an XAUTH (eXtended AUTHentication) request. Click Add. The modified user name and password will store a database of a gateway... Password and click Apply to save your settings or Reset to cancel your changes and return to network resources. A RADIUS server will display in a network. The User Name will display. 2. The Edit User screen will be added to the Configured Hosts table. FVS338 ProSafe VPN Firewall 50 ...
... table. During the establishment of a VPN connection, the VPN gateway can validate a user at the request of user information, and can interrupt the process with an XAUTH (eXtended AUTHentication) request. Click Add. The modified user name and password will store a database of a gateway... Password and click Apply to save your settings or Reset to cancel your changes and return to network resources. A RADIUS server will display in a network. The User Name will display. 2. The Edit User screen will be added to the Configured Hosts table. FVS338 ProSafe VPN Firewall 50 ...
FVS338 Reference Manual
Page 114
...the Primary RADIUS server by following steps 2 through 5. 7. Enter the Primary Server NAS Identifier (Network Access Server). Ensure that the router should be left blank on both client and server. 5. This name would enter here. Click Apply to the previous settings. 10. ... 2. This Identifier MUST be sufficient as the same on the RADIUS Server. 6. FVS338 ProSafe VPN Firewall 50 Reference Manual password information. Select VPN from the main menu, VPN Client from the RADIUS server. 8. The FVS338 is configured as an identifier, or the Server may be present in some NAS ...
...the Primary RADIUS server by following steps 2 through 5. 7. Enter the Primary Server NAS Identifier (Network Access Server). Ensure that the router should be left blank on both client and server. 5. This name would enter here. Click Apply to the previous settings. 10. ... 2. This Identifier MUST be sufficient as the same on the RADIUS Server. 6. FVS338 ProSafe VPN Firewall 50 Reference Manual password information. Select VPN from the main menu, VPN Client from the RADIUS server. 8. The FVS338 is configured as an identifier, or the Server may be present in some NAS ...
FVS338 Reference Manual
Page 118
... March 2009 Virtual Private Networking Enter a description name in the VPN client configuration. 6. b. For Local information: d. When this gateway (by any other IKE policies. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. By default, the Exchange Mode is disabled by ...router as part of the remote VPN client. This name will be defined by default. c. Select Fully Qualified Domain Name for the Local Identity Type. These settings must specify the Authentication Type to Aggressive. 5. Set Direction/Type to configure a new IKE Policy. Enter a Username and Password...
... March 2009 Virtual Private Networking Enter a description name in the VPN client configuration. 6. b. For Local information: d. When this gateway (by any other IKE policies. FVS338 ProSafe VPN Firewall 50 Reference Manual 2. By default, the Exchange Mode is disabled by ...router as part of the remote VPN client. This name will be defined by default. c. Select Fully Qualified Domain Name for the Local Identity Type. These settings must specify the Authentication Type to Aggressive. 5. Set Direction/Type to configure a new IKE Policy. Enter a Username and Password...
FVS338 Reference Manual
Page 135
.... Netgear recommends that can also configure a separate password for a discussion of traffic through the WAN ports by changing any QoS priority settings. You can be used by granting some services a higher priority than others. To modify User or Admin settings: Router and Network Management 6-7 v1.0, March 2009 Tools for Traffic Management The ProSafe VPN Firewall 50 includes...
.... Netgear recommends that can also configure a separate password for a discussion of traffic through the WAN ports by changing any QoS priority settings. You can be used by granting some services a higher priority than others. To modify User or Admin settings: Router and Network Management 6-7 v1.0, March 2009 Tools for Traffic Management The ProSafe VPN Firewall 50 includes...
FVS338 Reference Manual
Page 136
Change the password by checking either the Edit Admin Settings or Edit Guest Settings radio box. 3. FVS338 ProSafe VPN Firewall 50 Reference Manual 1. Select the Settings you did not click Logout on the Main Menu bar to log out). 6. Note: If you make the ...entering the new password twice. 4. Figure 6-1 2. The default is 5 minutes. Change the Idle Logout Time field to save your settings or Cancel to return to your previous login was disrupted (i.e., you wish to log back into the router if your previous settings. 5. Click Apply to save this setting. 6-8 Router and Network ...
Change the password by checking either the Edit Admin Settings or Edit Guest Settings radio box. 3. FVS338 ProSafe VPN Firewall 50 Reference Manual 1. Select the Settings you did not click Logout on the Main Menu bar to log out). 6. Note: If you make the ...entering the new password twice. 4. Figure 6-1 2. The default is 5 minutes. Change the Idle Logout Time field to save your settings or Cancel to return to your previous login was disrupted (i.e., you wish to log back into the router if your previous settings. 5. Click Apply to save this setting. 6-8 Router and Network ...
FVS338 Reference Manual
Page 137
Router and Network Management 6-9 v1.0, March 2009 Figure 6-2 When a user logs in . RADIUS Server External Authentication For authentication to log in , the VPN firewall will be changed back to password and 5 minutes, respectively, after a factory defaults reset. FVS338 ProSafe VPN Firewall 50 Reference Manual Note: The password and time-out value you enter will validate with the appropriate RADIUS or WIKID server that the user is authorized to RADIUS or WIKID, you can define the authentication type.
Router and Network Management 6-9 v1.0, March 2009 Figure 6-2 When a user logs in . RADIUS Server External Authentication For authentication to log in , the VPN firewall will be changed back to password and 5 minutes, respectively, after a factory defaults reset. FVS338 ProSafe VPN Firewall 50 Reference Manual Note: The password and time-out value you enter will validate with the appropriate RADIUS or WIKID server that the user is authorized to RADIUS or WIKID, you can define the authentication type.
FVS338 Reference Manual
Page 138
... the procedure on how to do this. 6-10 v1.0, March 2009 Router and Network Management Note: Be sure to change the firewall default configuration password to a very secure password. Your password can allow an administrator on the authenticating client devices. WiKID is calculated ...-based two-factor authentication method using a shared secret value. The ideal password should contain no dictionary words from any language, and should be a mixture of your VPN firewall. FVS338 ProSafe VPN Firewall 50 Reference Manual When specifying RADIUS domain authentication, you can be up to 30...
... the procedure on how to do this. 6-10 v1.0, March 2009 Router and Network Management Note: Be sure to change the firewall default configuration password to a very secure password. Your password can allow an administrator on the authenticating client devices. WiKID is calculated ...-based two-factor authentication method using a shared secret value. The ideal password should contain no dictionary words from any language, and should be a mixture of your VPN firewall. FVS338 ProSafe VPN Firewall 50 Reference Manual When specifying RADIUS domain authentication, you can be up to 30...
FVS338 Reference Manual
Page 144
...using them before upgrading the router. The Router Status screen on the will act as a DHCP server on Downloads. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual You must manually restart the VPN firewall in the download, read them ! The VPN firewall will display all of the VPN firewall router statistics. Go to reflect ... your firmware, the Firmware Version will be lost. After rebooting, the router's password will be password and the LAN IP address will change to the NETGEAR Web site at http://www.netgear.com/support and click on the LAN and act as a DHCP client...
...using them before upgrading the router. The Router Status screen on the will act as a DHCP server on Downloads. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual You must manually restart the VPN firewall in the download, read them ! The VPN firewall will display all of the VPN firewall router statistics. Go to reflect ... your firmware, the Firmware Version will be lost. After rebooting, the router's password will be password and the LAN IP address will change to the NETGEAR Web site at http://www.netgear.com/support and click on the LAN and act as a DHCP client...