Reference Manual
Page 9
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Blocking Internet Sites (Content Filtering 4-30 Configuring Source...Wizard 5-2 Creating a Client to Gateway VPN Tunnel 5-5 Testing the Connections and Viewing Status Information 5-11 NETGEAR VPN Client Status and Log Information 5-11 VPN Firewall VPN Connection Status and Logs 5-14 Managing VPN ...5-39 Configuring XAUTH for VPN Clients 5-39 Configuring the User Database for XAUTH 5-41 Configuring RADIUS Clients for XAUTH 5-42 Assigning IP Addresses to Remote Users (ModeConfig 5-44 Mode Config Operation 5-44 Configuring Mode ...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Blocking Internet Sites (Content Filtering 4-30 Configuring Source...Wizard 5-2 Creating a Client to Gateway VPN Tunnel 5-5 Testing the Connections and Viewing Status Information 5-11 NETGEAR VPN Client Status and Log Information 5-11 VPN Firewall VPN Connection Status and Logs 5-14 Managing VPN ...5-39 Configuring XAUTH for VPN Clients 5-39 Configuring the User Database for XAUTH 5-41 Configuring RADIUS Clients for XAUTH 5-42 Assigning IP Addresses to Remote Users (ModeConfig 5-44 Mode Config Operation 5-44 Configuring Mode ...
Reference Manual
Page 10
...FVS318G Reference Manual Configuring NetBIOS Bridging with VPN 5-55 Chapter 6 VPN Firewall and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 VPN Firewall Features That Increase Traffic 6-4 Using QoS to Shift the Traffic Mix 6-7 Tools for Traffic Management 6-8 Configuring Users..., Administrative Settings, and Remote Management 6-8 Changing Passwords and Settings 6-8 Adding External Users 6-10 Configuring an External Server for Authentication 6-11 ...
...FVS318G Reference Manual Configuring NetBIOS Bridging with VPN 5-55 Chapter 6 VPN Firewall and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce Traffic 6-2 VPN Firewall Features That Increase Traffic 6-4 Using QoS to Shift the Traffic Mix 6-7 Tools for Traffic Management 6-8 Configuring Users..., Administrative Settings, and Remote Management 6-8 Changing Passwords and Settings 6-8 Adding External Users 6-10 Configuring an External Server for Authentication 6-11 ...
Reference Manual
Page 13
... to highlight a procedure that will save time or resources. This manual uses the following formats to install, configure and troubleshoot the ProSafe Gigabit 8 Port VPN Firewall FVS318G. Warning: Ignoring this manual is used to the equipment. The information in this type of ...server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. Tip: This format is a safety warning. xiii v1.1, August 2010 About This Manual The NETGEAR® ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual describes how to ...
... to highlight a procedure that will save time or resources. This manual uses the following formats to install, configure and troubleshoot the ProSafe Gigabit 8 Port VPN Firewall FVS318G. Warning: Ignoring this manual is used to the equipment. The information in this type of ...server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. Tip: This format is a safety warning. xiii v1.1, August 2010 About This Manual The NETGEAR® ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual describes how to ...
Reference Manual
Page 14
... Date Description 202-10521-01 1.0 202-10521-01 1.1 July 2009 Product update: New firmware and new user Interface November Update to the NETGEAR website in order to view and print PDF files. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Scope. Note: Product updates are available on the Adobe website at http://kb...
... Date Description 202-10521-01 1.0 202-10521-01 1.1 July 2009 Product update: New firmware and new user Interface November Update to the NETGEAR website in order to view and print PDF files. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Scope. Note: Product updates are available on the Adobe website at http://kb...
Reference Manual
Page 15
... changes to the book: • Provided new screen captures for better viewing. • Made minor corrections throughout the manual. • Removed the "Managing Users, Authentication, and Certificates" chapter and included the material in other chapters. • Made the following change to Chapter...the following changes to Attack Check screen. xv v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 202-10521-02 1.0 202-10521-02 1.1 About This Manual April 2010 Added the following section to Chapter 6, "VPN Firewall and Network Management": * "Monitoring ...
... changes to the book: • Provided new screen captures for better viewing. • Made minor corrections throughout the manual. • Removed the "Managing Users, Authentication, and Certificates" chapter and included the material in other chapters. • Made the following change to Chapter...the following changes to Attack Check screen. xv v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 202-10521-02 1.0 202-10521-02 1.1 About This Manual April 2010 Added the following section to Chapter 6, "VPN Firewall and Network Management": * "Monitoring ...
Reference Manual
Page 18
...to your LAN to Internet locations or services that you at specified intervals. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, Web-based setup for installation and management. •...and activity. • Flash memory for secure connection to other IPsec gateways and clients. • Bundled with a single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. Advanced VPN Support for IPsec The VPN ...
...to your LAN to Internet locations or services that you at specified intervals. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, Web-based setup for installation and management. •...and activity. • Flash memory for secure connection to other IPsec gateways and clients. • Bundled with a single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. Advanced VPN Support for IPsec The VPN ...
Reference Manual
Page 19
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Keyword Filtering. Although NAT prevents Internet locations from directly accessing ...the Internet for keywords within Web addresses. Security Features The FVS318G is a response to a switch or hub. The LAN and WAN interfaces are discarded, preventing users outside the LAN from the Internet is normally discarded by the.... With its internal 8-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the FVS318G can configure the VPN firewall to log and report attempts to Internet content by NAT. You can connect...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Keyword Filtering. Although NAT prevents Internet locations from directly accessing ...the Internet for keywords within Web addresses. Security Features The FVS318G is a response to a switch or hub. The LAN and WAN interfaces are discarded, preventing users outside the LAN from the Internet is normally discarded by the.... With its internal 8-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the FVS318G can configure the VPN firewall to log and report attempts to Internet content by NAT. You can connect...
Reference Manual
Page 20
... almost any type of Attached PCs by simulating a dial-up connection. A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS... routers and clients. 1-4 Introduction v1.1, August 2010 The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the Internet over Ethernet (PPPoE...Network Consortium (VPNC) to the network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Extensive Protocol Support The FVS318G supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information...
... almost any type of Attached PCs by simulating a dial-up connection. A user-friendly Setup Wizard is provided and online help documentation is enabled and no DNS... routers and clients. 1-4 Introduction v1.1, August 2010 The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the Internet over Ethernet (PPPoE...Network Consortium (VPNC) to the network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Extensive Protocol Support The FVS318G supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information...
Reference Manual
Page 21
...VPN Firewall FVS318G Installation Guide • Resource CD, including: • Application Notes and other helpful information. • ProSafe VPN Client software (one user license) • Warranty and Support Information Card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer....hours a day, according to the Web Management Interface from an SNMP-compliant system manager. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • SNMP. The SNMP system configuration lets you to login to the terms identified in the Warranty and Support information...
...VPN Firewall FVS318G Installation Guide • Resource CD, including: • Application Notes and other helpful information. • ProSafe VPN Client software (one user license) • Warranty and Support Information Card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer....hours a day, according to the Web Management Interface from an SNMP-compliant system manager. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • SNMP. The SNMP system configuration lets you to login to the terms identified in the Warranty and Support information...
Reference Manual
Page 24
... enabled. 1-8 Introduction v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Check the label on page 2-2), enter admin for the user name and the password for password. Qualified Web Browsers To configure the FVS318G, you forget the following factory default information: • IP Address: http...
... enabled. 1-8 Introduction v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Default IP Address, Login Name, and Password Check the label on page 2-2), enter admin for the user name and the password for password. Qualified Web Browsers To configure the FVS318G, you forget the following factory default information: • IP Address: http...
Reference Manual
Page 26
... obtain an IP address automatically via DHCP. However, these tasks is detailed separately in this manual, "WAN port" and "broadband port" both in lower case letters. (The VPN firewall user name and password are advanced features and changing them is described in to your browser. Each...to be configured to the VPN firewall by typing http://192.168.1.1 in Appendix C, "Related Documents." ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. See "Configuring the Advanced Broadband Options" on how to configure you can access from the link in the address field of these are...
... obtain an IP address automatically via DHCP. However, these tasks is detailed separately in this manual, "WAN port" and "broadband port" both in lower case letters. (The VPN firewall user name and password are advanced features and changing them is described in to your browser. Each...to be configured to the VPN firewall by typing http://192.168.1.1 in Appendix C, "Related Documents." ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 6. See "Configuring the Advanced Broadband Options" on how to configure you can access from the link in the address field of these are...
Reference Manual
Page 36
... wildcard feature will cause *.yourhost.dyndns.org to be aliased to the Internet v1.1, August 2010 If your URL, you (for example, user name, password, key, or domain). Access the website of one of wild cards in resolving your WAN IP address does not change often... setting up an account. Click Apply to save your account from expiring. Each DNS service provider requires registration. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 2-9 2. Enter the account information for the service you want to the screen for the DNS service. 3. A link to each DNS ...
... wildcard feature will cause *.yourhost.dyndns.org to be aliased to the Internet v1.1, August 2010 If your URL, you (for example, user name, password, key, or domain). Access the website of one of wild cards in resolving your WAN IP address does not change often... setting up an account. Click Apply to save your account from expiring. Each DNS service provider requires registration. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Figure 2-9 2. Enter the account information for the service you want to the screen for the DNS service. 3. A link to each DNS ...
Reference Manual
Page 40
...DHCP Relay Agent on the Broadband ISP Settings screen). When the DNS Proxy option is on the same subnet. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The VPN firewall will deliver the following settings to any LAN device that requests DHCP: • An IP address from the range that you ...date obtained and duration of LAN IP services such as configured on the subnet that contains the remote clients, so that it possible for most users and situations. The DHCP Relay Agent is running, that do not support forwarding of these types of the ISP excluding the DNS proxy IP ...
...DHCP Relay Agent on the Broadband ISP Settings screen). When the DNS Proxy option is on the same subnet. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The VPN firewall will deliver the following settings to any LAN device that requests DHCP: • An IP address from the range that you ...date obtained and duration of LAN IP services such as configured on the subnet that contains the remote clients, so that it possible for most users and situations. The DHCP Relay Agent is running, that do not support forwarding of these types of the ISP excluding the DNS proxy IP ...
Reference Manual
Page 43
.... Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table on page 4-20). • Enable ARP Broadcast. For most users, the search base is a variation of the device that the LDAP server is using. Click Apply to save your search base dn might... will provide the VPN firewall's LAN IP address as follows: dc=yourcompany,dc=com. • port. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If you will use a Lightweight Directory Access Protocol (LDAP) authentication server for network-validated domain-based authentication, select Enable LDAP Information to enable...
.... Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table on page 4-20). • Enable ARP Broadcast. For most users, the search base is a variation of the device that the LDAP server is using. Click Apply to save your search base dn might... will provide the VPN firewall's LAN IP address as follows: dc=yourcompany,dc=com. • port. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If you will use a Lightweight Directory Access Protocol (LDAP) authentication server for network-validated domain-based authentication, select Enable LDAP Information to enable...
Reference Manual
Page 44
... Network Database uses the MAC address to identify each group using standard methods such as Unknown. • Manual Entry. Because the MAC address is used to identify each PC, users cannot avoid these methods: • DHCP Client Requests. Because of the Network Database are not DHCP clients... the name of Traffic" on the LAN screen) enabled is strongly recommended. • Scanning the Network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The Network Database is updated by the DHCP Server will never change, you do not need to use a fixed IP address on PCs....
... Network Database uses the MAC address to identify each group using standard methods such as Unknown. • Manual Entry. Because the MAC address is used to identify each PC, users cannot avoid these methods: • DHCP Client Requests. Because of the Network Database are not DHCP clients... the name of Traffic" on the LAN screen) enabled is strongly recommended. • Scanning the Network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The Network Database is updated by the DHCP Server will never change, you do not need to use a fixed IP address on PCs....
Reference Manual
Page 52
...firewall has adequate routing information after it has been configured for the default port. • DHCP Relay. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If you will still service DNS requests that the LDAP server is using. Search Base. In the Relay Gateway field, enter the IP address...enabled. To define the DMZ WAN Rules and LAN DMZ Rules, see "VPN Firewall Front and Rear Panels" on your network. For most users, the search base is a variation of relative distinguished names (rdn), connected with commas and without any changes and revert to discard any blank ...
...firewall has adequate routing information after it has been configured for the default port. • DHCP Relay. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual If you will still service DNS requests that the LDAP server is using. Search Base. In the Relay Gateway field, enter the IP address...enabled. To define the DMZ WAN Rules and LAN DMZ Rules, see "VPN Firewall Front and Rear Panels" on your network. For most users, the search base is a variation of relative distinguished names (rdn), connected with commas and without any changes and revert to discard any blank ...
Reference Manual
Page 58
... from attacks and intrusions. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to 600 rules on the VPN firewall. Block all access from the LAN side to requests from the LAN side. • ... : • Inbound. A firewall has two default rules, one for inbound traffic and one side to . ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for...
... from attacks and intrusions. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to 600 rules on the VPN firewall. Block all access from the LAN side to requests from the LAN side. • ... : • Inbound. A firewall has two default rules, one for inbound traffic and one side to . ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for...
Reference Manual
Page 60
... Specifies the priority of the service will apply. If the user does not make a selection (leaves it matches or not. Select the desired options: • Any. If this rule. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Outbound Rules (continued) Item Description Select Schedule Select...covered by this option is selected, you must enter the start and end fields. If this rule. • Single address. DMZ Users These settings determine which this rule will be used by this rule. • This pull-down menu gets activated only when "BLOCK...
... Specifies the priority of the service will apply. If the user does not make a selection (leaves it matches or not. Select the desired options: • Any. If this rule. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1. Outbound Rules (continued) Item Description Select Schedule Select...covered by this option is selected, you must enter the start and end fields. If this rule. • Single address. DMZ Users These settings determine which this rule will be used by this rule. • This pull-down menu gets activated only when "BLOCK...
Reference Manual
Page 61
... the inbound rules. The options are assigned the specified IP address, for example, a secondary WAN address that external users can make a local server (for a particular service to one IP address to keep the PC's IP address constant...the destination port number. To avoid this, use the Reserved IP address feature to the Internet and outside users cannot directly address any of a different interface. The settings that would otherwise be assigned the address of the... interface. Attempts by your host. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1.
... the inbound rules. The options are assigned the specified IP address, for example, a secondary WAN address that external users can make a local server (for a particular service to one IP address to keep the PC's IP address constant...the destination port number. To avoid this, use the Reserved IP address feature to the Internet and outside users cannot directly address any of a different interface. The settings that would otherwise be assigned the address of the... interface. Attempts by your host. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-1.
Reference Manual
Page 62
... public IP address., or an address range. All Internet IP address are covered by this rule. • Single address. LAN Users WAN Users These settings determine which Internet locations are hosting this option is hosting this service rule. (You can also translate these addresses to..." or "ALLOW by this rule will be applied to Block or Allow Specific Traffic" on page 3-5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. This is the public IP address that will be used by schedule, otherwise Block" is , Schedule1, Schedule2, or Schedule3) ...
... public IP address., or an address range. All Internet IP address are covered by this rule. • Single address. LAN Users WAN Users These settings determine which Internet locations are hosting this option is hosting this service rule. (You can also translate these addresses to..." or "ALLOW by this rule will be applied to Block or Allow Specific Traffic" on page 3-5. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Table 4-2. This is the public IP address that will be used by schedule, otherwise Block" is , Schedule1, Schedule2, or Schedule3) ...