Reference Manual
Page 9
... Testing the Connection 5-19 Extended Authentication (XAUTH) Configuration 5-20 Configuring XAUTH for VPN Clients 5-21 User Database Configuration 5-22 RADIUS Client Configuration 5-23 Manually Assigning IP Addresses to Remote Users (ModeConfig 5-25 ModeConfig Operation 5-26 Setting Up ModeConfig 5-26 ix v1.0, September 2006
... Testing the Connection 5-19 Extended Authentication (XAUTH) Configuration 5-20 Configuring XAUTH for VPN Clients 5-21 User Database Configuration 5-22 RADIUS Client Configuration 5-23 Manually Assigning IP Addresses to Remote Users (ModeConfig 5-25 ModeConfig Operation 5-26 Setting Up ModeConfig 5-26 ix v1.0, September 2006
Reference Manual
Page 13
... typographical conventions: Italics Bold Fixed Emphasis, books, CDs, URL names User input Screen text, file and server names, extensions, commands, IP addresses • Formats. Failure to take heed of this manual is used to highlight a procedure that will save time or resources. Danger:... may result in the following paragraphs. • Typographical Conventions. Tip: This format is a safety warning. About This Manual The NETGEAR® ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to the equipment. This manual uses the following formats to highlight...
... typographical conventions: Italics Bold Fixed Emphasis, books, CDs, URL names User input Screen text, file and server names, extensions, commands, IP addresses • Formats. Failure to take heed of this manual is used to highlight a procedure that will save time or resources. Danger:... may result in the following paragraphs. • Typographical Conventions. Tip: This format is a safety warning. About This Manual The NETGEAR® ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to the equipment. This manual uses the following formats to highlight...
Reference Manual
Page 19
...configured an inbound rule. Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). • IP Address Sharing by NAT. PPPoE is a protocol for which may be statically or dynamically assigned by your local ... Introduction 1-3 v1.0, September 2006 This technique, known as a DNS server to one computer on the LAN using only a single IP address, which you to direct incoming traffic to a switch or hub. This feature greatly simplifies configuration of PCs on the service port number...
...configured an inbound rule. Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). • IP Address Sharing by NAT. PPPoE is a protocol for which may be statically or dynamically assigned by your local ... Introduction 1-3 v1.0, September 2006 This technique, known as a DNS server to one computer on the LAN using only a single IP address, which you to direct incoming traffic to a switch or hub. This feature greatly simplifies configuration of PCs on the service port number...
Reference Manual
Page 21
For additional security, you can limit remote management access to a specified remote IP address or range of addresses, and you to securely login to the Web Management Interface from a remote location on the Internet. ProSafe VPN Client Software ... 5 Ethernet cable. • Resource CD, including: - Keep the carton, including the original packing materials, in case you maximize your NETGEAR dealer. Maintenance and Support NETGEAR offers the following features to help you need to monitor its status and activity. Introduction 1-5 v1.0, September 2006 one user license. - The...
For additional security, you can limit remote management access to a specified remote IP address or range of addresses, and you to securely login to the Web Management Interface from a remote location on the Internet. ProSafe VPN Client Software ... 5 Ethernet cable. • Resource CD, including: - Keep the carton, including the original packing materials, in case you maximize your NETGEAR dealer. Maintenance and Support NETGEAR offers the following features to help you need to monitor its status and activity. Introduction 1-5 v1.0, September 2006 one user license. - The...
Reference Manual
Page 22
... to defaults). Test mode: The system is being transmitted or received by the WAN port. Server data is supplied to an ISP and received an IP Address. The serial port has successfully connected to the router. Object Descriptions Object Activity Power LED Test LED MDM LED On (Green) Off On (Amber) Blinking...
... to defaults). Test mode: The system is being transmitted or received by the WAN port. Server data is supplied to an ISP and received an IP Address. The serial port has successfully connected to the router. Object Descriptions Object Activity Power LED Test LED MDM LED On (Green) Off On (Amber) Blinking...
Reference Manual
Page 24
... Rack Mounting Hardware The FVS338 can be mounted either on the bottom of the FVS338's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN...
... Rack Mounting Hardware The FVS338 can be mounted either on the bottom of the FVS338's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN...
Reference Manual
Page 27
... for the Test LED to go out. Make sure your VPN firewall, refer to the firewall. Setting up . 5. Configure the Internet connections to obtain an IP address automatically via DHCP. 2-1 v1.0, September 2006 Select either Primary Broadband with Dialup as backup or Use only single WAN port-and select the WAN port...
... for the Test LED to go out. Make sure your VPN firewall, refer to the firewall. Setting up . 5. Configure the Internet connections to obtain an IP address automatically via DHCP. 2-1 v1.0, September 2006 Select either Primary Broadband with Dialup as backup or Use only single WAN port-and select the WAN port...
Reference Manual
Page 30
... Traffic Meter (if Desired)" on page 2-7). 4. Note: At this point in setting up the traffic meter for ISP1 if desired. IP address and related data supplied by your Broadband connection status. Click Connect if connection not already present. Set up the router to access the Internet... v1.0, September 2006 To configure the Dialup ISP serial WAN port: 2-4 Connecting the FVS338 to check your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)" on page 2-12. Optionally, you are now connected to verify your ISP. 3. Click Connection Status at...
... Traffic Meter (if Desired)" on page 2-7). 4. Note: At this point in setting up the traffic meter for ISP1 if desired. IP address and related data supplied by your Broadband connection status. Click Connect if connection not already present. Set up the router to access the Internet... v1.0, September 2006 To configure the Dialup ISP serial WAN port: 2-4 Connecting the FVS338 to check your Router's MAC address (see "Setting the Router's MAC Address (Advanced Options)" on page 2-12. Optionally, you are now connected to verify your ISP. 3. Click Connection Status at...
Reference Manual
Page 32
... Primary DNS Server and Secondary DNS Server (optional) fields. 6. Modem Type: If your ISP has assigned a static IP address, select the Use Static IP Address radio box and enter the IP address in the Initial String for dial strings). 2-6 Connecting the FVS338 to the previous settings. 7. If this does not ...Select Other - To use for different modems: c. Robotics 56K FAX EXT PnP selection should work , select User Defined Modem and type in the IP Address field. 5. The Initial string is listed in the pull-down menu, select it. The VPN firewall can automatically dial to the ISP when ...
... Primary DNS Server and Secondary DNS Server (optional) fields. 6. Modem Type: If your ISP has assigned a static IP address, select the Use Static IP Address radio box and enter the IP address in the Initial String for dial strings). 2-6 Connecting the FVS338 to the previous settings. 7. If this does not ...Select Other - To use for different modems: c. Robotics 56K FAX EXT PnP selection should work , select User Defined Modem and type in the IP Address field. 5. The Initial string is listed in the pull-down menu, select it. The VPN firewall can automatically dial to the ISP when ...
Reference Manual
Page 35
FVS338 ProSafe VPN Firewall 50 Reference Manual . Unless your ISP automatically assigns your configuration automatically via DHCP, you will need the configuration parameters from your router manually. Figure 2-6 Manually Configuring Your Internet Connection If you know your Broadband ISP connection type, you begin. Ensure that you have all of the relevant connection information such as IP Addresses, account information, type of ISP connection, etc., before you can bypass the Auto Detect feature and connect your ISP Connecting the FVS338 to the Internet 2-9 v1.0, September 2006
FVS338 ProSafe VPN Firewall 50 Reference Manual . Unless your ISP automatically assigns your configuration automatically via DHCP, you will need the configuration parameters from your router manually. Figure 2-6 Manually Configuring Your Internet Connection If you know your Broadband ISP connection type, you begin. Ensure that you have all of the relevant connection information such as IP Addresses, account information, type of ISP connection, etc., before you can bypass the Auto Detect feature and connect your ISP Connecting the FVS338 to the Internet 2-9 v1.0, September 2006
Reference Manual
Page 37
... always on . Gateway IP Address: IP address of minutes to you. You may leave this field blank. - Server IP Address: IP address of your ISPs domain or your domain name if your ISPs domain name. IP Address: Static IP address assigned to wait before ...disconnecting, in the Login Server and Idle Timeout fields. b. Domain Name: Name of the PPTP server. • Other (PPPoE): If you have installed login software such as WinPoET or Enternet, then your ISP. You can find login server information at http://www.netgear...
... always on . Gateway IP Address: IP address of minutes to you. You may leave this field blank. - Server IP Address: IP address of your ISPs domain or your domain name if your ISPs domain name. IP Address: Static IP address assigned to wait before ...disconnecting, in the Login Server and Idle Timeout fields. b. Domain Name: Name of the PPTP server. • Other (PPPoE): If you have installed login software such as WinPoET or Enternet, then your ISP. You can find login server information at http://www.netgear...
Reference Manual
Page 38
...To enable the traffic meter: 1. If your settings work, then you want to the NETGEAR Web site. Incorrect settings here will display. You can also click on connection status and current IP address. The Broadband Traffic Meter screen will result in connectivity problems. 5. Select the Dialup Traffic... Traffic Meter the the Dialup port (if required). 2-12 Connecting the FVS338 to check on the Broadband Status link or the Current IP Address link to the Internet v1.0, September 2006 FVS338 ProSafe VPN Firewall 50 Reference Manual 4. to the previous settings. 3. If you fill...
...To enable the traffic meter: 1. If your settings work, then you want to the NETGEAR Web site. Incorrect settings here will display. You can also click on connection status and current IP address. The Broadband Traffic Meter screen will result in connectivity problems. 5. Select the Dialup Traffic... Traffic Meter the the Dialup port (if required). 2-12 Connecting the FVS338 to check on the Broadband Status link or the Current IP Address link to the Internet v1.0, September 2006 FVS338 ProSafe VPN Firewall 50 Reference Manual 4. to the previous settings. 3. If you fill...
Reference Manual
Page 41
... a backup. • If you are not visible from the submenu. Connecting the FVS338 to you. NAT is configured with a single IP address-the "public" address. The Router uses NAT to select the correct PC (on your router to use NAT. NAT is the default. 3. Note: The... the WAN port that connect through this Router. Select NAT if your LAN can use any incoming data and hides internal IP addresses from a private subnet (for routing private IP addresses within a campus environment. Or, you can use Classical Routing for example: 192.168.1.0). • Classical Routing. To configure...
... a backup. • If you are not visible from the submenu. Connecting the FVS338 to you. NAT is configured with a single IP address-the "public" address. The Router uses NAT to select the correct PC (on your router to use NAT. NAT is the default. 3. Note: The... the WAN port that connect through this Router. Select NAT if your LAN can use any incoming data and hides internal IP addresses from a private subnet (for routing private IP addresses within a campus environment. Or, you can use Classical Routing for example: 192.168.1.0). • Classical Routing. To configure...
Reference Manual
Page 42
... private networks regardless of a link failure if you are using Internet domain names. Once you have registered your ISP assigns a private WAN IP address such as DynDNS.org, TZO.com or Iego.net. When the primary connection is an Internet service that should run the configured detection method...failure is reliable. Enter a Test Period, in the Broadband ISP Settings screen. • Select DNS lookup using this DNS Server and enter the IP address of the DNS server to specify a DNS server for detecting WAN failure • Select Ping to this destination host is detected on the Internet...
... private networks regardless of a link failure if you are using Internet domain names. Once you have registered your ISP assigns a private WAN IP address such as DynDNS.org, TZO.com or Iego.net. When the primary connection is an Internet service that should run the configured detection method...failure is reliable. Enter a Test Period, in the Broadband ISP Settings screen. • Select DNS lookup using this DNS Server and enter the IP address of the DNS server to specify a DNS server for detecting WAN failure • Select Ping to this destination host is detected on the Internet...
Reference Manual
Page 43
...configured your account information in the firewall, whenever your ISP-assigned IP address changes, your firewall will be accessible.) Connecting the FVS338 to your account, and register your dynamic DNS service provider, log in the WAN IP address, so that the services running on this network can be ...accessed by others on the Internet. To configure a Dynamic DNS address: 1. Select Network Configuration from the main menu and Dynamic DNS from the...
...configured your account information in the firewall, whenever your ISP-assigned IP address changes, your firewall will be accessible.) Connecting the FVS338 to your account, and register your dynamic DNS service provider, log in the WAN IP address, so that the services running on this network can be ...accessed by others on the Internet. To configure a Dynamic DNS address: 1. Select Network Configuration from the main menu and Dynamic DNS from the...
Reference Manual
Page 44
...is opposite the DNS Configuration screen name. 4. The fields corresponding to the selection you may check the Use wildcards radio box to the same IP address as yourhost.dyndns.org 5. Each DNS service provider requires its own parameters. 3. For example, the wildcard feature will be aliased to activate ...this feature. Enter the User Name, User email Address, or Account Name requested by the DDNS Service to identify you want to be highlighted. Click Apply to save your configuration or click ...
...is opposite the DNS Configuration screen name. 4. The fields corresponding to the selection you may check the Use wildcards radio box to the same IP address as yourhost.dyndns.org 5. Each DNS service provider requires its own parameters. 3. For example, the wildcard feature will be aliased to activate ...this feature. Enter the User Name, User email Address, or Account Name requested by the DDNS Service to identify you want to be highlighted. Click Apply to save your configuration or click ...
Reference Manual
Page 45
... your network. The firewall will function as a DHCP Server For most applications, the default DHCP and TCP/IP settings of DHCP and information about how to assign IP addresses for most users and situations. Configuring Your LAN (Local Area Network) By default, the firewall will deliver ...can be assigned to the attached PCs from the range you have defined • Subnet Mask • Gateway IP Address (the firewall's LAN IP address) • Primary DNS Server (the firewall's LAN IP address) • WINS Server (if you to configure the LAN on the LAN. Chapter 3 LAN Configuration This ...
... your network. The firewall will function as a DHCP Server For most applications, the default DHCP and TCP/IP settings of DHCP and information about how to assign IP addresses for most users and situations. Configuring Your LAN (Local Area Network) By default, the firewall will deliver ...can be assigned to the attached PCs from the range you have defined • Subnet Mask • Gateway IP Address (the firewall's LAN IP address) • Primary DNS Server (the firewall's LAN IP address) • WINS Server (if you to configure the LAN on the LAN. Chapter 3 LAN Configuration This ...
Reference Manual
Page 46
... will automatically calculate the subnet mask based on the IP address that the LAN Port IP address and DMZ port IP address are implementing subnetting, use 255.255.255.0 as a DHCP (Dynamic Host Configuration Protocol) server, providing TCP/IP configuration for all devices, check the Disable DHCP Server...router's LAN. By default, the router will display. Enable DHCP Server is optional). 3-2 LAN Configuration v1.0, September 2006 Enter the IP Address of your LAN setup: 1. FVS338 ProSafe VPN Firewall 50 Reference Manual To modify your router (factory default: 192.168.1.1). (Always ...
... will automatically calculate the subnet mask based on the IP address that the LAN Port IP address and DMZ port IP address are implementing subnetting, use 255.255.255.0 as a DHCP (Dynamic Host Configuration Protocol) server, providing TCP/IP configuration for all devices, check the Disable DHCP Server...router's LAN. By default, the router will display. Enable DHCP Server is optional). 3-2 LAN Configuration v1.0, September 2006 Enter the IP Address of your LAN setup: 1. FVS338 ProSafe VPN Firewall 50 Reference Manual To modify your router (factory default: 192.168.1.1). (Always ...
Reference Manual
Page 47
... an IP address between the Starting IP address and this address and the Ending IP Address. Click Apply to save your network. LAN Configuration 3-3 v1.0, September 2006 This field is the default ending address. f. If enabled, the VPN firewall will provide a LAN IP Address for which IP addresses will be assigned an IP address between this IP address. You must enter http://10.0.0.1 in the IP address pool...
... an IP address between the Starting IP address and this address and the Ending IP Address. Click Apply to save your network. LAN Configuration 3-3 v1.0, September 2006 This field is the default ending address. f. If enabled, the VPN firewall will provide a LAN IP Address for which IP addresses will be assigned an IP address between this IP address. You must enter http://10.0.0.1 in the IP address pool...
Reference Manual
Page 48
...be configured in the LAN (for example, 172.16.2.0 or 10.0.0.0), then you can be added to the Available Secondary LAN IPs table. Enter the Secondary IP address and Subnet Mask and click Add. Select Network Configuration from the main menu and LAN Setup from the secondary menu. The ... display. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring Multi-Home LAN IPs If you have computers that are using different IP address ranges in the DHCP server. To add a secondary LAN IP address: 1. Click the Multi Home LAN IPs Setup link (see Figure 3-2 on those networks access to act as a ...
...be configured in the LAN (for example, 172.16.2.0 or 10.0.0.0), then you can be added to the Available Secondary LAN IPs table. Enter the Secondary IP address and Subnet Mask and click Add. Select Network Configuration from the main menu and LAN Setup from the secondary menu. The ... display. 2. FVS338 ProSafe VPN Firewall 50 Reference Manual Configuring Multi-Home LAN IPs If you have computers that are using different IP address ranges in the DHCP server. To add a secondary LAN IP address: 1. Click the Multi Home LAN IPs Setup link (see Figure 3-2 on those networks access to act as a ...