FVX538 Reference Manual
Page 1
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
FVX538 Reference Manual
Page 2
...) kann jedoch gewissen Beschränkungen unterliegen. EU Regulatory Compliance Statement ProSafe VPN Firewall 200 is no guarantee that to the notes in a particular installation. Das Bundesamt für Zulassungen in der Betriebsanleitung. All rights reserved. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSafe and ProSecure are registered trademarks of the product(s) or circuit layout...
...) kann jedoch gewissen Beschränkungen unterliegen. EU Regulatory Compliance Statement ProSafe VPN Firewall 200 is no guarantee that to the notes in a particular installation. Das Bundesamt für Zulassungen in der Betriebsanleitung. All rights reserved. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSafe and ProSecure are registered trademarks of the product(s) or circuit layout...
FVX538 Reference Manual
Page 7
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the...
... 1-4 Easy Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the...
FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS)... Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS)... Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic to Dual WAN Port Systems B-8 Inbound Traffic: Dual WAN Ports for Improved Reliability B-9 Inbound Traffic: Dual WAN Ports for Load Balancing B-9 Virtual Private Networks (VPNs B-10 VPN Road Warrior (Client-to-Gateway B-11 VPN Road Warrior: Single Gateway WAN Port...
ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic to Dual WAN Port Systems B-8 Inbound Traffic: Dual WAN Ports for Improved Reliability B-9 Inbound Traffic: Dual WAN Ports for Load Balancing B-9 Virtual Private Networks (VPNs B-10 VPN Road Warrior (Client-to-Gateway B-11 VPN Road Warrior: Single Gateway WAN Port...
FVX538 Reference Manual
Page 13
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
FVX538 Reference Manual
Page 14
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
FVX538 Reference Manual
Page 15
... and server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment. The information in this manual is used to highlight a procedure that will save time or resources. Warning: Ignoring this...
... and server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to the equipment. The information in this manual is used to highlight a procedure that will save time or resources. Warning: Ignoring this...
FVX538 Reference Manual
Page 16
... in Appendix D, "Related Documents." For more information about network, Internet, firewall, and VPN technologies, see the links to take heed of this product are available on the NETGEAR, Inc. Jan. 2007 Remove Trend Micro Jul. 2007 New features: IP... support • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xvi About This Manual v1.0, March 2009 website at http://kbserver.netgear.com/products/FVX538.asp. Dead Peer Detection; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This...
... in Appendix D, "Related Documents." For more information about network, Internet, firewall, and VPN technologies, see the links to take heed of this product are available on the NETGEAR, Inc. Jan. 2007 Remove Trend Micro Jul. 2007 New features: IP... support • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xvi About This Manual v1.0, March 2009 website at http://kbserver.netgear.com/products/FVX538.asp. Dead Peer Detection; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This...
FVX538 Reference Manual
Page 17
...VPN firewall provides the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-5 • "Router Front and Rear Panels" on page 1-6 • "The Router's IP Address, Login Name, and Password" on time-of-day, Website addresses and address keywords. The FVX538...and multi-NAT support. Network administrators can be installed and configured within minutes. Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support for traffic ...
...VPN firewall provides the following sections: • "Key Features" on page 1-1 • "Package Contents" on page 1-5 • "Router Front and Rear Panels" on page 1-6 • "The Router's IP Address, Login Name, and Password" on time-of-day, Website addresses and address keywords. The FVX538...and multi-NAT support. Network administrators can be installed and configured within minutes. Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN Client software (VPN05L) • Quality of Service (QoS) and SIP 2.0 support for traffic ...
FVX538 Reference Manual
Page 18
...to Internet locations or services that can be configured on page B-1 for the outgoing traffic. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. •... • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is a true firewall, using stateful packet inspection to : • Provide backup and rollover if one line is...
...to Internet locations or services that can be configured on page B-1 for the outgoing traffic. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. •... • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is a true firewall, using stateful packet inspection to : • Provide backup and rollover if one line is...
FVX538 Reference Manual
Page 19
... email pager whenever a significant event occurs. • Keyword Filtering. With its internal 8-port 10/100 switch, the FVX538 can configure the firewall to log and report attempts to your local computers or a service for which you have it forwarded to a switch... the PCs on the LAN, the firewall allows you at specified intervals. Security Features The VPN firewall is a response to make the right connection. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. Introduction 1-3 v1.0, March 2009 The FVX538 will then configure itself to maintain security...
... email pager whenever a significant event occurs. • Keyword Filtering. With its internal 8-port 10/100 switch, the FVX538 can configure the firewall to log and report attempts to your local computers or a service for which you have it forwarded to a switch... the PCs on the LAN, the firewall allows you at specified intervals. Security Features The VPN firewall is a response to make the right connection. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. Introduction 1-3 v1.0, March 2009 The FVX538 will then configure itself to maintain security...
FVX538 Reference Manual
Page 20
... VPNC-compliant VPN routers and clients. • SNMP. Browser-based configuration allows you only for the information required for your type of ISP account. • VPN Wizard. The VPN firewall supports the Simple Network Management Protocol (SNMP) to let you change the system variables for connecting remote hosts to the Internet over Ethernet (PPPoE). ProSafe VPN Firewall 200 FVX538 Reference...
... VPNC-compliant VPN routers and clients. • SNMP. Browser-based configuration allows you only for the information required for your type of ISP account. • VPN Wizard. The VPN firewall supports the Simple Network Management Protocol (SNMP) to let you change the system variables for connecting remote hosts to the Internet over Ethernet (PPPoE). ProSafe VPN Firewall 200 FVX538 Reference...
FVX538 Reference Manual
Page 21
... you can choose a nonstandard port number. • Visual monitoring. Maintenance and Support NETGEAR offers the following items: • ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 ProSafe VPN Firewall 200 • Resource CD, including: - Package Contents The product package should contain the...
... you can choose a nonstandard port number. • Visual monitoring. Maintenance and Support NETGEAR offers the following items: • ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 ProSafe VPN Firewall 200 • Resource CD, including: - Package Contents The product package should contain the...
FVX538 Reference Manual
Page 22
... negotiation, Auto MDI/MDIX. Power is being used because the port is supplied to the firewall. Active LED On (Green) On (Amber) Off The WAN port has a valid Internet connection. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults... On (Green) Blinking (Green) Off The WAN port has detected a link with a connected Ethernet device. Writing to Flash memory (during upgrading or resetting to the firewall. 2.
... negotiation, Auto MDI/MDIX. Power is being used because the port is supplied to the firewall. Active LED On (Green) On (Amber) Off The WAN port has a valid Internet connection. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults... On (Green) Blinking (Green) Off The WAN port has detected a link with a connected Ethernet device. Writing to Flash memory (during upgrading or resetting to the firewall. 2.
FVX538 Reference Manual
Page 23
... device. Object Descriptions (continued) Object Activity Description 4. Port 8 is operating as a normal LAN port. 5. Console DB9 male connector Port for connecting to a gigabit Ethernet device. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. LAN Ports and LEDs 8-port RJ-45 10/100 Mbps Fast Ethernet Switch Link/Act LED On (Green) Blinking (Green) Off N-way...
... device. Object Descriptions (continued) Object Activity Description 4. Port 8 is operating as a normal LAN port. 5. Console DB9 male connector Port for connecting to a gigabit Ethernet device. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. LAN Ports and LEDs 8-port RJ-45 10/100 Mbps Fast Ethernet Switch Link/Act LED On (Green) Blinking (Green) Off N-way...
FVX538 Reference Manual
Page 24
On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2. AC power in Figure 1-3). Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-3 1-8 v1.0, March 2009 Introduction
On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2. AC power in Figure 1-3). Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-3 1-8 v1.0, March 2009 Introduction