FVL328 Reference Manual
Page 6
... Configuring LAN IP Settings 4-1 Using the Router as a DHCP Server 4-2 How to Configure LAN TCP/IP Settings and View the DHCP Log 4-3 How to Configure Reserved IP Addresses 4-4 Configuring WAN Settings 4-5 Connect Automatically, as Required 4-6 Setting Up a Default DMZ Server 4-7 How to Assign a Default DMZ Server ...12 Using Static Routes ...4-12 Static Route Example 4-12 How to Configure Static Routes 4-13 Chapter 5 Protecting Your Network Firewall Protection and Content Filtering Overview 5-1 Using the Block Sites Menu to Screen Content 5-1 Apply Keyword Blocking to Groups 5-3 ...
... Configuring LAN IP Settings 4-1 Using the Router as a DHCP Server 4-2 How to Configure LAN TCP/IP Settings and View the DHCP Log 4-3 How to Configure Reserved IP Addresses 4-4 Configuring WAN Settings 4-5 Connect Automatically, as Required 4-6 Setting Up a Default DMZ Server 4-7 How to Assign a Default DMZ Server ...12 Using Static Routes ...4-12 Static Route Example 4-12 How to Configure Static Routes 4-13 Chapter 5 Protecting Your Network Firewall Protection and Content Filtering Overview 5-1 Using the Block Sites Menu to Screen Content 5-1 Apply Keyword Blocking to Groups 5-3 ...
FVL328 Reference Manual
Page 9
... Device 8-6 Restoring the Default Configuration and Password 8-7 How to Use the Default Reset Button 8-7 Problems with Date and Time 8-8 Appendix A Technical Specifications Appendix B Networks, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 What is a Router B-1 Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet Addressing B-4 Private IP Addresses B-7 Single IP Address Operation Using NAT B-7 MAC Addresses and Address Resolution Protocol B-8 Related Documents...
... Device 8-6 Restoring the Default Configuration and Password 8-7 How to Use the Default Reset Button 8-7 Problems with Date and Time 8-8 Appendix A Technical Specifications Appendix B Networks, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 What is a Router B-1 Routing Information Protocol B-2 IP Addresses and the Internet B-2 Netmask ...B-4 Subnet Addressing B-4 Private IP Addresses B-7 Single IP Address Operation Using NAT B-7 MAC Addresses and Address Resolution Protocol B-8 Related Documents...
FVL328 Reference Manual
Page 18
...firewall, SMB 4.0 criteria Key Features The FVL328 features are initiated if e-mail is compatible with static IP address - Logs sent when reboots are highlighted below. Its VPN features include: • VPN Wizard: Simplifies VPN setup, uses VPNC defaults. • Support for up to 100 simultaneous VPN... used to advance IP address, like using DHCP • Port Triggering • Ease of Use Improvements - Advanced e-mail settings: Authentication, change from address Support for industry standard VPN protocols. The FVL328 Prosafe High Speed VPN Firewall supports standard keying ...
...firewall, SMB 4.0 criteria Key Features The FVL328 features are initiated if e-mail is compatible with static IP address - Logs sent when reboots are highlighted below. Its VPN features include: • VPN Wizard: Simplifies VPN setup, uses VPNC defaults. • Support for up to 100 simultaneous VPN... used to advance IP address, like using DHCP • Port Triggering • Ease of Use Improvements - Advanced e-mail settings: Authentication, change from address Support for industry standard VPN protocols. The FVL328 Prosafe High Speed VPN Firewall supports standard keying ...
FVL328 Reference Manual
Page 31
... learn the domain automatically from the ISP. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1. If you finish configuring the firewall, reboot your computers so that your computer in the MAC address that the settings take effect. 5. If a Secondary DNS Server address is performed by sharing this Router. This is not successful, you know that your...
... learn the domain automatically from the ISP. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1. If you finish configuring the firewall, reboot your computers so that your computer in the MAC address that the settings take effect. 5. If a Secondary DNS Server address is performed by sharing this Router. This is not successful, you know that your...
FVL328 Reference Manual
Page 35
...default. If you want to step 3. - Domain Name Server (DNS) Address: If you know that uses PPTP, login is required. If required, enter your Account Name (may be manually administering the IP address space on the LAN side of the router. - Connecting the FVL328 to the firewall...IP address. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 How to install the FVL328 in a setting where you will reboot the router and reset all the FVL328... cable modem customer, or if you selected No, follow the instructions below . - If a Secondary DNS Server address ...
...default. If you want to step 3. - Domain Name Server (DNS) Address: If you know that uses PPTP, login is required. If required, enter your Account Name (may be manually administering the IP address space on the LAN side of the router. - Connecting the FVL328 to the firewall...IP address. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 How to install the FVL328 in a setting where you will reboot the router and reset all the FVL328... cable modem customer, or if you selected No, follow the instructions below . - If a Secondary DNS Server address ...
FVL328 Reference Manual
Page 36
... masquerade as www.netgear.com) to your computers after configuring the firewall. - The firewall will reboot the router and reset all the FVL328 configuration settings to save your current configuration settings. Click Apply to the factory default. Before disabling NAT, back up your settings. 5. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 - If a Secondary DNS Server address is available...
... masquerade as www.netgear.com) to your computers after configuring the firewall. - The firewall will reboot the router and reset all the FVL328 configuration settings to save your current configuration settings. Click Apply to the factory default. Before disabling NAT, back up your settings. 5. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 - If a Secondary DNS Server address is available...
FVL328 Reference Manual
Page 37
... those changes. Configuring LAN IP Settings The LAN IP Setup menu allows configuration of the browser interface. If your FVL328 Prosafe High Speed VPN Firewall. The LAN TCP/IP Setup parameters are part of the firewall. The firewall's default LAN IP configuration is: • LAN IP addresses-192.168.0.1 • Subnet mask-255.255.255.0 These addresses are : • IP Address This is the LAN Subnet...
... those changes. Configuring LAN IP Settings The LAN IP Setup menu allows configuration of the browser interface. If your FVL328 Prosafe High Speed VPN Firewall. The LAN TCP/IP Setup parameters are part of the firewall. The firewall's default LAN IP configuration is: • LAN IP addresses-192.168.0.1 • Subnet mask-255.255.255.0 These addresses are : • IP Address This is the LAN Subnet...
FVL328 Reference Manual
Page 38
... reduce the load on non-router machines because they do not listen to assign IP addresses for most applications, the default DHCP and TCP/IP settings of the firewall. IP addresses will ignore any RIP packets ...and will be assigned to the attached PCs from a pool of DHCP and information about how to the RIP multicast address and will incorporate the RIP information that the router sends. RIP-1 is assigned to exchange routing information with other routers. RIP-2M uses multicasting. Model FVL328 ProSafe High-Speed VPN Firewall...
... reduce the load on non-router machines because they do not listen to assign IP addresses for most applications, the default DHCP and TCP/IP settings of the firewall. IP addresses will ignore any RIP packets ...and will be assigned to the attached PCs from a pool of DHCP and information about how to the RIP multicast address and will incorporate the RIP information that the router sends. RIP-1 is assigned to exchange routing information with other routers. RIP-2M uses multicasting. Model FVL328 ProSafe High-Speed VPN Firewall...
FVL328 Reference Manual
Page 39
...the firewall's LAN IP address • Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings menu How to view the menu, shown below. Model FVL328 ProSafe High-Speed VPN Firewall ...default user name of admin, default password of IP addresses to any LAN device that requests DHCP: • An IP Address from the range you have chosen for devices with its default LAN address of http://192.168.0.1 with fixed addresses. The firewall will manually configure the network settings of all of your computers, clear the 'Use router as the firewall's LAN IP address...
...the firewall's LAN IP address • Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings menu How to view the menu, shown below. Model FVL328 ProSafe High-Speed VPN Firewall ...default user name of admin, default password of IP addresses to any LAN device that requests DHCP: • An IP Address from the range you have chosen for devices with its default LAN address of http://192.168.0.1 with fixed addresses. The firewall will manually configure the network settings of all of your computers, clear the 'Use router as the firewall's LAN IP address...
FVL328 Reference Manual
Page 43
...Default DMZ Server, the router discards any incoming service requests that are security issues with NAT. If compromised, the computer can have configured in the Ports menu. How to risk open access. The default... DMZ server feature is helpful when using the default DMZ server feature. This computer is programmed to attack your network. Click Default DMZ Server check box. 2. Type the IP address for each Internet IP address...10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Setting Up a Default DMZ Server Specifying a Default DMZ Server ...
...Default DMZ Server, the router discards any incoming service requests that are security issues with NAT. If compromised, the computer can have configured in the Ports menu. How to risk open access. The default... DMZ server feature is helpful when using the default DMZ server feature. This computer is programmed to attack your network. Click Default DMZ Server check box. 2. Type the IP address for each Internet IP address...10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Setting Up a Default DMZ Server Specifying a Default DMZ Server ...
FVL328 Reference Manual
Page 44
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. To change the MTU size: 1. This should not be used as a diagnostic tool, since it is 1500 bytes or 1492 Bytes for your router can be discovered. Again, like the DMZ server, this is rarely required, and should only be ...done unless you are larger than the configured MTU size will use the IP address you entered, not the default WAN IP address. • If you only have...
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. To change the MTU size: 1. This should not be used as a diagnostic tool, since it is 1500 bytes or 1492 Bytes for your router can be discovered. Again, like the DMZ server, this is rarely required, and should only be ...done unless you are larger than the configured MTU size will use the IP address you entered, not the default WAN IP address. • If you only have...
FVL328 Reference Manual
Page 48
... IP address such as multiple routers or multiple IP subnets located on the Internet. For example, for the dynamic DNS service you are employed. Click the radio button for TZO.com, go to your LAN is 192.168.0.100. • Your company's network is through a cable...of the browser interface, under Advanced, click Dynamic DNS. 3. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 How to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of when a static route is needed, consider the following ...
... IP address such as multiple routers or multiple IP subnets located on the Internet. For example, for the dynamic DNS service you are employed. Click the radio button for TZO.com, go to your LAN is 192.168.0.100. • Your company's network is through a cable...of the browser interface, under Advanced, click Dynamic DNS. 3. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 How to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of when a static route is needed, consider the following ...
FVL328 Reference Manual
Page 49
... firewall. 2. A default route was created to your local network for these addresses should be accessed through the ISDN router at 192.168.0.100. The static route would look like Figure 4-6. With this static route applies to all 134.177.x.x addresses. • The Gateway IP Address fields specifies that all traffic for all 192.168.0.x addresses. Model FVL328 ProSafe High-Speed VPN Firewall...
... firewall. 2. A default route was created to your local network for these addresses should be accessed through the ISDN router at 192.168.0.100. The static route would look like Figure 4-6. With this static route applies to all 134.177.x.x addresses. • The Gateway IP Address fields specifies that all traffic for all 192.168.0.x addresses. Model FVL328 ProSafe High-Speed VPN Firewall...
FVL328 Reference Manual
Page 56
... common services, but you can choose to block or allow access based on the left side of traffic to the default rules. If you select a single address, enter it in the start and finish boxes. If you select a range of the table and click Edit. ...different position in Figure 5-2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 You can define additional rules that will be logged. Specify traffic originating on the left side of the desired new position and click OK. no log entries will be restricted by source IP address. Match - By adding custom...
... common services, but you can choose to block or allow access based on the left side of traffic to the default rules. If you select a single address, enter it in the start and finish boxes. If you select a range of the table and click Edit. ...different position in Figure 5-2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 You can define additional rules that will be logged. Specify traffic originating on the left side of the desired new position and click OK. no log entries will be restricted by source IP address. Match - By adding custom...
FVL328 Reference Manual
Page 65
Select this check box if you would prefer to receive e-mail logs and alerts from the router. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 User-defined NTP Server Choose your e-mail information in the E-Mail subheading: Figure 5-10: E-mail menu • Turn ...and alerts by default. The firewall uses NETGEAR NTP servers by e-mail, you can also enter the address of an NTP Server in the Server 2 field. Getting E-Mail Notifications of Event Logs and Alerts In order to use a particular NTP server as the primary server, enter its IP address under Use ...
Select this check box if you would prefer to receive e-mail logs and alerts from the router. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 User-defined NTP Server Choose your e-mail information in the E-Mail subheading: Figure 5-10: E-mail menu • Turn ...and alerts by default. The firewall uses NETGEAR NTP servers by e-mail, you can also enter the address of an NTP Server in the Server 2 field. Getting E-Mail Notifications of Event Logs and Alerts In order to use a particular NTP server as the primary server, enter its IP address under Use ...
FVL328 Reference Manual
Page 75
Remote Identity Data This field lets you select from the drop-down list: • By its Internet (WAN) port IP address. • By its Fully Qualified Domain Name (FQDN) - The DH Group setting determines the size of your domain name. • By a...key used on the remote VPN gateway or client. over an hour (3600) is the default Authentication Algorithm If you enable Authentication Headers (AH), this menu lets you identify the target remote FVL328 by name. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 6-1. your name, E-mail address, or other ID. ...
Remote Identity Data This field lets you select from the drop-down list: • By its Internet (WAN) port IP address. • By its Fully Qualified Domain Name (FQDN) - The DH Group setting determines the size of your domain name. • By a...key used on the remote VPN gateway or client. over an hour (3600) is the default Authentication Algorithm If you enable Authentication Headers (AH), this menu lets you identify the target remote FVL328 by name. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 6-1. your name, E-mail address, or other ID. ...
FVL328 Reference Manual
Page 78
...from your network address space. If network traffic meets all criteria, then a VPN tunnel will provide security. the default, or SHA1 - These settings (AH) Configuration must match the remote VPN endpoint. more ...IP address of the outbound network traffic for the VPN header. Usually, this VPN policy will be from the remote site's corporate network address space. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 6-1. Enable Authentication Use this check box to configure the destination IP address of IP Addresses • Subnet Address...
...from your network address space. If network traffic meets all criteria, then a VPN tunnel will provide security. the default, or SHA1 - These settings (AH) Configuration must match the remote VPN endpoint. more ...IP address of the outbound network traffic for the VPN header. Usually, this VPN policy will be from the remote site's corporate network address space. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 6-1. Enable Authentication Use this check box to configure the destination IP address of IP Addresses • Subnet Address...
FVL328 Reference Manual
Page 85
... and key generation mechanism. Note: The LAN IP address ranges of these revoked certificates is not revoked. Each CA has its own certificate. The list of each VPN endpoint must first open UDP port 500 for VPN Tunnels when NAT is set up the connection ...Revocation List (CRL). Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 A CA is signed. A CA has a public key which is part of 192.168.0.x. Once the keys are using the VPN Wizard. How to Use the VPN Wizard to configure a VPN tunnel using the NETGEAR default address range of a trust chain...
... and key generation mechanism. Note: The LAN IP address ranges of these revoked certificates is not revoked. Each CA has its own certificate. The list of each VPN endpoint must first open UDP port 500 for VPN Tunnels when NAT is set up the connection ...Revocation List (CRL). Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 A CA is signed. A CA has a public key which is part of 192.168.0.x. Once the keys are using the VPN Wizard. How to Use the VPN Wizard to configure a VPN tunnel using the NETGEAR default address range of a trust chain...
FVL328 Reference Manual
Page 86
Click the VPN Wizard link in the main menu to proceed. Click Next to display this screen. Figure 6-5: VPN Wizard Start Screen 2. Figure 6-6: Connection Name and Remote IP Type 6-16 May 2004, 202-10030-02 Virtual Private Networking Log in the Connection Name, pre-shared key, and select the type of password. Fill in to the FVS318 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of target end point, and click Next to proceed. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1.
Click the VPN Wizard link in the main menu to proceed. Click Next to display this screen. Figure 6-5: VPN Wizard Start Screen 2. Figure 6-6: Connection Name and Remote IP Type 6-16 May 2004, 202-10030-02 Virtual Private Networking Log in the Connection Name, pre-shared key, and select the type of password. Fill in to the FVS318 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of target end point, and click Next to proceed. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1.
FVL328 Reference Manual
Page 91
...open UDP port 500 for inbound traffic as explained in "Example: Port Forwarding for the firewall. 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 FVL328 Scenario 1: How to the FVL328 labeled Gateway A as in the illustration. Use this by reviewing the security settings as ...IP FVL328 Gateway A Scenario 1 14.15.16.17 WAN IP 22.23.24.25 WAN IP Gateway B 172.23.9.1/24 LAN IP Figure 6-11: LAN to LAN VPN access from an FVL328 to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of the FVL328...
...open UDP port 500 for inbound traffic as explained in "Example: Port Forwarding for the firewall. 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 FVL328 Scenario 1: How to the FVL328 labeled Gateway A as in the illustration. Use this by reviewing the security settings as ...IP FVL328 Gateway A Scenario 1 14.15.16.17 WAN IP 22.23.24.25 WAN IP Gateway B 172.23.9.1/24 LAN IP Figure 6-11: LAN to LAN VPN access from an FVL328 to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of the FVL328...