FVL328 Reference Manual
Page 17
...connections for up to 253 users with up to 100 concurrent VPN tunnels. Unlike simple Internet sharing routers that simplifies VPN setup and uses the VPNC defaults • Four groups for Denial of the NETGEAR FVL328 Prosafe High Speed VPN Firewall. Up to 7 different WAN IPs can be mapped, one-... multiple computers to the Internet through an external broadband access device (such as a cable modem or DSL modem) and supports IPSec-based secure tunnels to -One DMZ) - The FVL328 Firewall is a complete security solution that protects your network from attacks and intrusions and enables...
...connections for up to 253 users with up to 100 concurrent VPN tunnels. Unlike simple Internet sharing routers that simplifies VPN setup and uses the VPNC defaults • Four groups for Denial of the NETGEAR FVL328 Prosafe High Speed VPN Firewall. Up to 7 different WAN IPs can be mapped, one-... multiple computers to the Internet through an external broadband access device (such as a cable modem or DSL modem) and supports IPSec-based secure tunnels to -One DMZ) - The FVL328 Firewall is a complete security solution that protects your network from attacks and intrusions and enables...
FVL328 Reference Manual
Page 18
... Key Features The FVL328 features are highlighted below. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • IP-MAC access control: ensures a computer with an assigned MAC address always gets the same IP address when using Tab - Period (.) can be sent if reboot, etc. - Its VPN features include: • VPN Wizard: Simplifies VPN setup, uses VPNC defaults...
... Key Features The FVL328 features are highlighted below. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • IP-MAC access control: ensures a computer with an assigned MAC address always gets the same IP address when using Tab - Period (.) can be sent if reboot, etc. - Its VPN features include: • VPN Wizard: Simplifies VPN setup, uses VPNC defaults...
FVL328 Reference Manual
Page 20
...-up connection. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests...DSL connection by your local network. This technique, known as to a switch or hub. That port will then configure itself to run a login program such as a DNS server to attached computers using only a single IP address, which may be turned off completely for Telstra cable... in settings where you want to manage the IP address scheme of an inexpensive single-user ISP account. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 The firewall...
...-up connection. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests...DSL connection by your local network. This technique, known as to a switch or hub. That port will then configure itself to run a login program such as a DNS server to attached computers using only a single IP address, which may be turned off completely for Telstra cable... in settings where you want to manage the IP address scheme of an inexpensive single-user ISP account. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 The firewall...
FVL328 Reference Manual
Page 21
... as Ping, DNS lookup, and remote reboot. A user-friendly Setup Wizard is provided and online help documentation is not permanently assigned. For security, you can install, configure, and operate the FVL328 within minutes after connecting it to the network. You can connect ...provide an easy way to test Internet connectivity and reboot the firewall. See "Configuring Dynamic DNS" on the LAN or when you only for the information required for firmware upgrades. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • Dynamic DNS Dynamic DNS ...
... as Ping, DNS lookup, and remote reboot. A user-friendly Setup Wizard is provided and online help documentation is not permanently assigned. For security, you can install, configure, and operate the FVL328 within minutes after connecting it to the network. You can connect ...provide an easy way to test Internet connectivity and reboot the firewall. See "Configuring Dynamic DNS" on the LAN or when you only for the information required for firmware upgrades. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • Dynamic DNS Dynamic DNS ...
FVL328 Reference Manual
Page 25
... the FVL328 Prosafe High Speed VPN Firewall to your network in the correct sequence. • Log in to the firewall. • Connect to the Internet. Chapter 3 Connecting the FVL328 to the Internet This chapter describes how to set up the firewall on your Internet connection. You can perform basic configuration of your FVL328 Prosafe High Speed VPN Firewall using the Setup Wizard...
... the FVL328 Prosafe High Speed VPN Firewall to your network in the correct sequence. • Log in to the firewall. • Connect to the Internet. Chapter 3 Connecting the FVL328 to the Internet This chapter describes how to set up the firewall on your Internet connection. You can perform basic configuration of your FVL328 Prosafe High Speed VPN Firewall using the Setup Wizard...
FVL328 Reference Manual
Page 29
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 c. d. RUN THE SETUP WIZARD TO CONNECT TO THE INTERNET Figure 3-6: Setup Wizard Connecting the FVL328 to the router, you may use to log in lower case letters. After logging in to the Internet 3-5 May 2004, 202-10030-02 A ...login window opens as any user name or password you will see the Internet connection Setup Wizard on the...
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 c. d. RUN THE SETUP WIZARD TO CONNECT TO THE INTERNET Figure 3-6: Setup Wizard Connecting the FVL328 to the router, you may use to log in lower case letters. After logging in to the Internet 3-5 May 2004, 202-10030-02 A ...login window opens as any user name or password you will see the Internet connection Setup Wizard on the...
FVL328 Reference Manual
Page 30
... to the Internet May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 a. Choose NAT or Classical Routing. b. The procedures for filling in "Worksheet for each type of the main menu. The Setup Wizard reports which connection type it finds. c. Note:...as PPP over Ethernet (PPPoE), you can manually configure your ISP to connect to check the physical connection between your firewall and the cable or DSL line. NAT automatically assigns private IP addresses (192.168.0.x) to use fixed IP address assignment. If you directly manage...
... to the Internet May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 a. Choose NAT or Classical Routing. b. The procedures for filling in "Worksheet for each type of the main menu. The Setup Wizard reports which connection type it finds. c. Note:...as PPP over Ethernet (PPPoE), you can manually configure your ISP to connect to check the physical connection between your firewall and the cable or DSL line. NAT automatically assigns private IP addresses (192.168.0.x) to use fixed IP address assignment. If you directly manage...
FVL328 Reference Manual
Page 32
... address." If a Secondary DNS Server address is the Ethernet MAC address that will be used by the firewall on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. A DNS server is first opened. If you enter an address here,... Router's MAC Address is available, enter it from the ISP. Enter your ISP's Primary DNS Server. You must obtain it also. Click Apply to save your settings. 5. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Configuring for a Wizard-Detected Fixed IP (Static) Account If the Setup Wizard...
... address." If a Secondary DNS Server address is the Ethernet MAC address that will be used by the firewall on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. A DNS server is first opened. If you enter an address here,... Router's MAC Address is available, enter it from the ISP. Enter your ISP's Primary DNS Server. You must obtain it also. Click Apply to save your settings. 5. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Configuring for a Wizard-Detected Fixed IP (Static) Account If the Setup Wizard...
FVL328 Reference Manual
Page 33
...firewall, launch a browser such as www.netgear.com to Chapter 8, Troubleshooting. If the NETGEAR Web site does not appear within one minute, refer to test your ISP's gateway router...Test button to Chapter 8, Troubleshooting. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1. Enter the IP...firewall, and how to connect, log in, or disconnect. You will need the configuration parameters from the Setup Basic Settings link, click the Test button. You should begin to save the settings. 4. Click Apply to display a Web page. If the NETGEAR...
...firewall, launch a browser such as www.netgear.com to Chapter 8, Troubleshooting. If the NETGEAR Web site does not appear within one minute, refer to test your ISP's gateway router...Test button to Chapter 8, Troubleshooting. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1. Enter the IP...firewall, and how to connect, log in, or disconnect. You will need the configuration parameters from the Setup Basic Settings link, click the Test button. You should begin to save the settings. 4. Click Apply to display a Web page. If the NETGEAR...
FVL328 Reference Manual
Page 34
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to the Internet May 2004, 202-10030-02 ISP Does Not Require Login ISP Does Require Login Figure 3-7: Browser-based configuration Basic Settings menu 3-10 Connecting the FVL328 to determine your configuration as described in the previous section.
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to the Internet May 2004, 202-10030-02 ISP Does Not Require Login ISP Does Require Login Figure 3-7: Browser-based configuration Basic Settings menu 3-10 Connecting the FVL328 to determine your configuration as described in the previous section.
FVL328 Reference Manual
Page 37
... applications. If your FVL328 Prosafe High Speed VPN Firewall. You must be suitable in private networks, and should be reached through the browser, you will be found under the Advanced heading in again. • IP Subnet Mask This is the LAN IP address of the firewall. Combined with the IP...RIP. These features can make those changes. Note: If you change the LAN IP address of the firewall while connected through a gateway or router. Configuring LAN IP Settings The LAN IP Setup menu allows configuration of LAN IP services such as a DHCP server. Chapter 4 WAN and LAN ...
... applications. If your FVL328 Prosafe High Speed VPN Firewall. You must be suitable in private networks, and should be reached through the browser, you will be found under the Advanced heading in again. • IP Subnet Mask This is the LAN IP address of the firewall. Combined with the IP...RIP. These features can make those changes. Note: If you change the LAN IP address of the firewall while connected through a gateway or router. Configuring LAN IP Settings The LAN IP Setup menu allows configuration of LAN IP services such as a DHCP server. Chapter 4 WAN and LAN ...
FVL328 Reference Manual
Page 38
...May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • RIP Direction RIP (Router Information Protocol) allows a router to the attached PCs from a pool of the firewall. Both is universally supported. It ...recognizes both formats when receiving. RIP-1 is probably adequate for RIP-1. - For most networks, unless you have an unusual network setup...
...May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • RIP Direction RIP (Router Information Protocol) allows a router to the attached PCs from a pool of the firewall. Both is universally supported. It ...recognizes both formats when receiving. RIP-1 is probably adequate for RIP-1. - For most networks, unless you have an unusual network setup...
FVL328 Reference Manual
Page 39
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 If another device on your computers, clear the 'Use router as the firewall's LAN IP address. Specify the pool of the same IP address subnet as DHCP server' check box. WAN and LAN Configuration 4-3 May 2004, 202-10030-... and View the DHCP Log 1. Log in to view the menu, shown below. From the Main Menu, under Advanced, click the LAN IP Setup link to the firewall at its default user name of admin, default password of password, or using whatever password and LAN address you entered a Secondary DNS address in...
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 If another device on your computers, clear the 'Use router as the firewall's LAN IP address. Specify the pool of the same IP address subnet as DHCP server' check box. WAN and LAN Configuration 4-3 May 2004, 202-10030-... and View the DHCP Log 1. Log in to view the menu, shown below. From the Main Menu, under Advanced, click the LAN IP Setup link to the firewall at its default user name of admin, default password of password, or using whatever password and LAN address you entered a Secondary DNS address in...
FVL328 Reference Manual
Page 40
How to servers that PC will always receive the same IP address each time it accesses the firewall's DHCP server. In the IP Address box, type the IP address to assign to save your changes. To reserve an IP address: 1. Enter the ...you specify a reserved IP address for a PC on the LAN, that require permanent IP settings. Choose an IP address from the router's LAN subnet, such as 192.168.0.X. 4-4 WAN and LAN Configuration May 2004, 202-10030-02 Click the Add button. 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure 4-1: LAN IP Setup Menu 3.
How to servers that PC will always receive the same IP address each time it accesses the firewall's DHCP server. In the IP Address box, type the IP address to assign to save your changes. To reserve an IP address: 1. Enter the ...you specify a reserved IP address for a PC on the LAN, that require permanent IP settings. Choose an IP address from the router's LAN subnet, such as 192.168.0.X. 4-4 WAN and LAN Configuration May 2004, 202-10030-02 Click the Add button. 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure 4-1: LAN IP Setup Menu 3.
FVL328 Reference Manual
Page 41
...present on the WAN interface, setting the MTU size, and the WAN port speed. The WAN Setup menu allows configuration of the browser interface. These features are discussed below. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. Click Apply to edit or delete. 2. Note: The reserved address will... or server. These features can set up a Default DMZ Server and allow the router to respond to the reserved address you can be assigned until the next time the PC contacts the router's DHCP server. Configuring WAN Settings Using this page, you want to enter the...
...present on the WAN interface, setting the MTU size, and the WAN port speed. The WAN Setup menu allows configuration of the browser interface. These features are discussed below. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. Click Apply to edit or delete. 2. Note: The reserved address will... or server. These features can set up a Default DMZ Server and allow the router to respond to the reserved address you can be assigned until the next time the PC contacts the router's DHCP server. Configuring WAN Settings Using this page, you want to enter the...
FVL328 Reference Manual
Page 42
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure 4-2: WAN Setup Connect Automatically, as Required Normally, this setting. If this causes high connection costs, you must connect manually, using the sub-screen accessed from the Connection Status button on the Status screen. 4-6 WAN and LAN Configuration May 2004, 202-10030-02 If disabled, you can disable this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected.
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure 4-2: WAN Setup Connect Automatically, as Required Normally, this setting. If this causes high connection costs, you must connect manually, using the sub-screen accessed from the Connection Status button on the Status screen. 4-6 WAN and LAN Configuration May 2004, 202-10030-02 If disabled, you can disable this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected.
FVL328 Reference Manual
Page 91
...Setup section, click the Basic Settings link. Log in to Configure the IKE and VPN Policies Note: This scenario assumes all ports are open UDP port 500 for inbound traffic as explained in the Rules menu. Virtual Private Networking May 2004, 202-10030-02 6-21 Model FVL328 ProSafe High-Speed VPN Firewall... Reference Manual Revision 2 FVL328 Scenario 1: How to the FVL328 labeled Gateway A as in the illustration. Configure the WAN (Internet) and LAN IP ...
...Setup section, click the Basic Settings link. Log in to Configure the IKE and VPN Policies Note: This scenario assumes all ports are open UDP port 500 for inbound traffic as explained in the Rules menu. Virtual Private Networking May 2004, 202-10030-02 6-21 Model FVL328 ProSafe High-Speed VPN Firewall... Reference Manual Revision 2 FVL328 Scenario 1: How to the FVL328 labeled Gateway A as in the illustration. Configure the WAN (Internet) and LAN IP ...
FVL328 Reference Manual
Page 92
...NAT is performed by sharing this Router. You should only disable NAT if you are sure you do not require it. c. Select whether enable or disable NAT (Network Address Translation). Configure the WAN Internet Address according to the settings in the Basic Setup topics, please see "How to ... May 2004, 202-10030-02 Virtual Private Networking When NAT is disabled, only standard routing is essential for Internet access via this Router, by this Router. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 WAN IP addresses ISP provides these addresses Figure 6-12...
...NAT is performed by sharing this Router. You should only disable NAT if you are sure you do not require it. c. Select whether enable or disable NAT (Network Address Translation). Configure the WAN Internet Address according to the settings in the Basic Setup topics, please see "How to ... May 2004, 202-10030-02 Virtual Private Networking When NAT is disabled, only standard routing is essential for Internet access via this Router, by this Router. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 WAN IP addresses ISP provides these addresses Figure 6-12...
FVL328 Reference Manual
Page 93
e. Configure the LAN IP address according to log on page 4-3. You will be disconnected from the FVL328. For more information on LAN TCP/IP setup topics, please see "How to Configure LAN TCP/IP Settings and View the DHCP Log" on with http://10.5.6.1 which is now... and click Apply to change the LAN IP address settings, your settings. Virtual Private Networking May 2004, 202-10030-02 6-23 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 d. Set up the IKE Policy illustrated below on the FVL328. From the main menu Advanced section, click the LAN IP...
e. Configure the LAN IP address according to log on page 4-3. You will be disconnected from the FVL328. For more information on LAN TCP/IP setup topics, please see "How to Configure LAN TCP/IP Settings and View the DHCP Log" on with http://10.5.6.1 which is now... and click Apply to change the LAN IP address settings, your settings. Virtual Private Networking May 2004, 202-10030-02 6-23 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 d. Set up the IKE Policy illustrated below on the FVL328. From the main menu Advanced section, click the LAN IP...
FVL328 Reference Manual
Page 97
...root certificate (which includes the CA's public key) from the target FVL328. b. The network setup is set on page 5-14. 1. Using our example, log in Scenario 1. However, to preserve a high degree of the VPN connections, and the IPSec SA and IKE SA tables will cause a...respond to a ping on LAN A, go to the FVL328 main menu VPN section and click the VPN Status link. Go to the main menu Maintenance section and click the Diagnostics link. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 2. After between the FVL328 Gateway A and Gateway B WAN ports, follow these...
...root certificate (which includes the CA's public key) from the target FVL328. b. The network setup is set on page 5-14. 1. Using our example, log in Scenario 1. However, to preserve a high degree of the VPN connections, and the IPSec SA and IKE SA tables will cause a...respond to a ping on LAN A, go to the FVL328 main menu VPN section and click the VPN Status link. Go to the main menu Maintenance section and click the Diagnostics link. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 2. After between the FVL328 Gateway A and Gateway B WAN ports, follow these...