FVX538 Reference Manual
Page 15
... addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. xv v1.0, March 2009 This manual uses the following formats to highlight special messages: Note: This format is intended for readers with intermediate computer and Internet skills. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to highlight information...
... addresses, GUI screen text Command prompt, CLI text, code URL links • Formats. xv v1.0, March 2009 This manual uses the following formats to highlight special messages: Note: This format is intended for readers with intermediate computer and Internet skills. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to highlight information...
FVX538 Reference Manual
Page 213
... failed due to be disconnected. ProSafe VPN Firewall 200 FVX538 Reference Manual PPTP Idle-Timeout Logs. Message 6: secondary DNS configured in WAN status page. Message 10: PPP connection terminated after idle timeout Recommended Action To reconnect during the link was up. Nov 29 11:20:51 [FVX538] [pppd] Connection terminated. The CLI command is: monitor/firewallLogs/logger...
... failed due to be disconnected. ProSafe VPN Firewall 200 FVX538 Reference Manual PPTP Idle-Timeout Logs. Message 6: secondary DNS configured in WAN status page. Message 10: PPP connection terminated after idle timeout Recommended Action To reconnect during the link was up. Nov 29 11:20:51 [FVX538] [pppd] Connection terminated. The CLI command is: monitor/firewallLogs/logger...
FVX538 Reference Manual
Page 215
...] TRAFFIC_METER: Monthly Limit of the router, enter this command: monitor/firewallLogs/logger/loggerConfig logIcmpRedirect 1 And to Table C-1. System Logs: Multicast/Broadcast Message Jan 1 07:24:13 [FVX538] [kernel] MCAST-BCAST IN=WAN...ProSafe VPN Firewall 200 FVX538 Reference Manual Traffic Metering Logs Table C-13. System Logs: Unicast, Redirect Message Explanation Recommended Action Feb 2007 22 14:36:07 [FVX538] [kernel] [LOG_PACKET] SRC=192.168.1.49 DST=192.168.1.124 PROTO=ICMP TYPE=5 CODE=1 • This packet is ICMP Redirect message sent to the router bye another router...
...] TRAFFIC_METER: Monthly Limit of the router, enter this command: monitor/firewallLogs/logger/loggerConfig logIcmpRedirect 1 And to Table C-1. System Logs: Multicast/Broadcast Message Jan 1 07:24:13 [FVX538] [kernel] MCAST-BCAST IN=WAN...ProSafe VPN Firewall 200 FVX538 Reference Manual Traffic Metering Logs Table C-13. System Logs: Unicast, Redirect Message Explanation Recommended Action Feb 2007 22 14:36:07 [FVX538] [kernel] [LOG_PACKET] SRC=192.168.1.49 DST=192.168.1.124 PROTO=ICMP TYPE=5 CODE=1 • This packet is ICMP Redirect message sent to the router bye another router...
FVX538 Reference Manual
Page 216
...2. System Logs: Multicast/Broadcast (continued) Explanation Recommended Action • This packet (Broadcast) is destined to the device from CLI command prompt of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To allow invalid packet and disable logging: fw/rules/attackChecks/configure ... network. • For other parameters, refer to enable dropping and logging of the router, enter this command to Table C-1. Use this command: monitor/firewallLogs/logger/loggerConfig logFtp 1 And to Table C-1. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-16.
...2. System Logs: Multicast/Broadcast (continued) Explanation Recommended Action • This packet (Broadcast) is destined to the device from CLI command prompt of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To allow invalid packet and disable logging: fw/rules/attackChecks/configure ... network. • For other parameters, refer to enable dropping and logging of the router, enter this command to Table C-1. Use this command: monitor/firewallLogs/logger/loggerConfig logFtp 1 And to Table C-1. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-16.
FVX538 Reference Manual
Page 217
ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-18. Use this command to enable dropping and logging of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To allow invalid packet and disable logging: fw/rules/attackChecks/configure dropInvalid 0 2007 Oct 1 00:44:17 [FVX538] [kernel] [INVALID][BAD_CHECKSUM]DROP]... 0 2007 Oct 1 00:44:17 [FVX538] [kernel] [INVALID][ICMP_TYPE][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=ICMP TYPE=19 CODE=0 Invalid ICMP Type 1. Invalid packets are dropped. 2. Use this command to enable dropping and logging of the invalid...
ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-18. Use this command to enable dropping and logging of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To allow invalid packet and disable logging: fw/rules/attackChecks/configure dropInvalid 0 2007 Oct 1 00:44:17 [FVX538] [kernel] [INVALID][BAD_CHECKSUM]DROP]... 0 2007 Oct 1 00:44:17 [FVX538] [kernel] [INVALID][ICMP_TYPE][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=ICMP TYPE=19 CODE=0 Invalid ICMP Type 1. Invalid packets are dropped. 2. Use this command to enable dropping and logging of the invalid...
FVX538 Reference Manual
Page 218
... packets are dropped. 2. Use this command to enable dropping and logging of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To allow invalid packet and disable logging: fw/rules/attackChecks/configure dropInvalid 0 2007 Oct 1 00:44:17 [FVX538] [kernel] [INVALID][SHORT_PACKET][DROP]...192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Malformed packet 1. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-18. Use this command to re-open/close session 1. Invalid packets are dropped. 2. Use this command to enable dropping and logging of the invalid packets: fw/rules/...
... packets are dropped. 2. Use this command to enable dropping and logging of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To allow invalid packet and disable logging: fw/rules/attackChecks/configure dropInvalid 0 2007 Oct 1 00:44:17 [FVX538] [kernel] [INVALID][SHORT_PACKET][DROP]...192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Malformed packet 1. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-18. Use this command to re-open/close session 1. Invalid packets are dropped. 2. Use this command to enable dropping and logging of the invalid packets: fw/rules/...
FVX538 Reference Manual
Page 219
....20.2 PROTO=TCP SPT=23 DPT=54899 Packet not in TCP window 1. Use this command to configure the logging options for each network segment like LAN-WAN for debugging purposes. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-18. Use this command to enable dropping and logging of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To...
....20.2 PROTO=TCP SPT=23 DPT=54899 Packet not in TCP window 1. Use this command to configure the logging options for each network segment like LAN-WAN for debugging purposes. ProSafe VPN Firewall 200 FVX538 Reference Manual Table C-18. Use this command to enable dropping and logging of the invalid packets: fw/rules/attackChecks/configure dropInvalid 1 To...
FVX538 Reference Manual
Page 231
...Mode Config Record screen 5-30 Add Protocol Binding Destination Network 2-12 Service 2-12 address reservation 3-9 Advanced Options MTU Size 2-17 Port Speed 2-18 Router's MAC Address 2-18 Allowing Videoconference from Restricted Addresses example of 4-20 Attack Checks about 5-19 Cat5 cable B-3 Certificate Authority. Classical Routing definition of...4-29 reducing traffic 6-4 Block Sites screen 4-30 Block TCP Flood 4-16 block traffic with schedule 4-28 Blocking Instant Messenger example of 2-9 command line interface 6-14 configuration automatic by DHCP 1-4 Content 4-29 v1.0, March 2009 Index-1
...Mode Config Record screen 5-30 Add Protocol Binding Destination Network 2-12 Service 2-12 address reservation 3-9 Advanced Options MTU Size 2-17 Port Speed 2-18 Router's MAC Address 2-18 Allowing Videoconference from Restricted Addresses example of 4-20 Attack Checks about 5-19 Cat5 cable B-3 Certificate Authority. Classical Routing definition of...4-29 reducing traffic 6-4 Block Sites screen 4-30 Block TCP Flood 4-16 block traffic with schedule 4-28 Blocking Instant Messenger example of 2-9 command line interface 6-14 configuration automatic by DHCP 1-4 Content 4-29 v1.0, March 2009 Index-1
FVX538 Reference Manual
Page 13
...commands, IP addresses • Formats. xiii v1.0, August 2006 Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in this notice may result in personal injury or death. Tip: This format is used to the equipment. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200... describes how to take heed of this manual is a safety warning. Failure to install, configure and troubleshoot the ProSafe VPN Firewall 200. The information in the following ...
...commands, IP addresses • Formats. xiii v1.0, August 2006 Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in this notice may result in personal injury or death. Tip: This format is used to the equipment. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200... describes how to take heed of this manual is a safety warning. Failure to install, configure and troubleshoot the ProSafe VPN Firewall 200. The information in the following ...
FVX538 Reference Manual
Page 213
...screen 5-38 Add Protocol Binding Destination Network 2-13 Service 2-13 address reservation 3-9 Advanced Options MTU Size 2-19 Port Speed 2-19 Router's MAC Address 2-19 Allowing Videoconference from Restricted Addresses example of 4-17 Attack Checks about 4-14 Attack Checks screen 4-15 Authentication Algorithm...screen 4-25 Block TCP Flood 4-14 block traffic with schedule 4-24 Blocking Instant Messenger example of 2-10 command line interface 6-11 configuration automatic by DHCP 1-4 connecting the VPN firewall 2-1 Connection Status VPN Tunnels 5-13 Content 4-25 v1.0, August 2006 Index-1 See CA.
...screen 5-38 Add Protocol Binding Destination Network 2-13 Service 2-13 address reservation 3-9 Advanced Options MTU Size 2-19 Port Speed 2-19 Router's MAC Address 2-19 Allowing Videoconference from Restricted Addresses example of 4-17 Attack Checks about 4-14 Attack Checks screen 4-15 Authentication Algorithm...screen 4-25 Block TCP Flood 4-14 block traffic with schedule 4-24 Blocking Instant Messenger example of 2-10 command line interface 6-11 configuration automatic by DHCP 1-4 connecting the VPN firewall 2-1 Connection Status VPN Tunnels 5-13 Content 4-25 v1.0, August 2006 Index-1 See CA.
FVX538 Reference Manual
Page 10
... Testing the Connection 7-20 Chapter 8 Router and Network Management Performance Management 8-1 Bandwidth Capacity 8-1 VPN Firewall Features That Reduce Traffic 8-2 Service Blocking 8-2 Block Sites ...8-4 Source MAC Filtering 8-5 VPN Firewall Features That Increase Traffic 8-5 Port Forwarding 8-5 Port Triggering 8-7 DMZ Port ...8-7 VPN Tunnels ...8-8 Using QoS to Shift the Traffic Mix 8-8 Tools for the ProSafe VPN Firewall 200 FVX538 Chapter 7 Virtual Private Networking Dual WAN...
... Testing the Connection 7-20 Chapter 8 Router and Network Management Performance Management 8-1 Bandwidth Capacity 8-1 VPN Firewall Features That Reduce Traffic 8-2 Service Blocking 8-2 Block Sites ...8-4 Source MAC Filtering 8-5 VPN Firewall Features That Increase Traffic 8-5 Port Forwarding 8-5 Port Triggering 8-7 DMZ Port ...8-7 VPN Tunnels ...8-8 Using QoS to Shift the Traffic Mix 8-8 Tools for the ProSafe VPN Firewall 200 FVX538 Chapter 7 Virtual Private Networking Dual WAN...
FVX538 Reference Manual
Page 15
...commands, IP addresses This guide uses the following typographical conventions: Table 1-1. About This Manual 1-1 January 2005 Web site at http://kbserver.netgear.com/products/FVX538.asp. This guide uses the following formats to highlight special messages: Note: This format is written for the FVX538 VPN firewall... according to intermediate computer and Internet skills. Manual Scope Product Version Manual Publication Date FVX538 ProSafe VPN Firewall 200 January 2005 Note: Product updates are available on the Netgear website. Chapter 1 ...
...commands, IP addresses This guide uses the following typographical conventions: Table 1-1. About This Manual 1-1 January 2005 Web site at http://kbserver.netgear.com/products/FVX538.asp. This guide uses the following formats to highlight special messages: Note: This format is written for the FVX538 VPN firewall... according to intermediate computer and Internet skills. Manual Scope Product Version Manual Publication Date FVX538 ProSafe VPN Firewall 200 January 2005 Note: Product updates are available on the Netgear website. Chapter 1 ...
FVX538 Reference Manual
Page 147
... them), do not use http://address, the FVX538 will be used for the ProSafe VPN Firewall 200 FVX538 c. Click Apply to https://address. For greater...FVX538 with Internet Explorer 5.5 or higher, simply click Yes to its factory defaults (or use the SSL https://address, but do the following in the box provided. Check the Netgear...FVX538 by connecting a terminal to a custom port by a colon (:) and the custom port number. For example, if your browser: https://134.177.0.123:8080 The router's remote login URL is not supported at this PC. Command Line Interface Note: The command...
... them), do not use http://address, the FVX538 will be used for the ProSafe VPN Firewall 200 FVX538 c. Click Apply to https://address. For greater...FVX538 with Internet Explorer 5.5 or higher, simply click Yes to its factory defaults (or use the SSL https://address, but do the following in the box provided. Check the Netgear...FVX538 by connecting a terminal to a custom port by a colon (:) and the custom port number. For example, if your browser: https://134.177.0.123:8080 The router's remote login URL is not supported at this PC. Command Line Interface Note: The command...
FVX538 Reference Manual
Page 148
...Traffic under WAN Setup on the Main Menu bar. Traffic Limits Reached Figure 8-3 shows the Internet Traffic screen that is enabled. 8-12 January 2005 Router and Network Management The WAN1 and WAN2 ports are not preserved after a reboot or power cycle unless the user issues the CLI save... mode is configured for rollover. Reference Manual for the login and password information (or enter guest and password to access the unit. From the command line prompt, enter the following command: telnet 192.168.1.1 2. Enter admin and password when prompted for the ProSafe VPN Firewall 200 FVX538 1.
...Traffic under WAN Setup on the Main Menu bar. Traffic Limits Reached Figure 8-3 shows the Internet Traffic screen that is enabled. 8-12 January 2005 Router and Network Management The WAN1 and WAN2 ports are not preserved after a reboot or power cycle unless the user issues the CLI save... mode is configured for rollover. Reference Manual for the login and password information (or enter guest and password to access the unit. From the command line prompt, enter the following command: telnet 192.168.1.1 2. Enter admin and password when prompted for the ProSafe VPN Firewall 200 FVX538 1.
FVX538 Reference Manual
Page 211
.... Verifying TCP/IP Properties for each PC with this version of TCP/IP in Windows NT. A command window opens 3. The Run window opens. 2. Type cmd and then click OK. This completes the... on your PC's TCP/IP configuration: 1. Restart the PC. Reference Manual for connecting through a router or gateway: • The IP address is between 192.168.0.2 and 192.168.0.254 •...should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for the ProSafe VPN Firewall 200 FVX538 • The TCP/IP Properties dialog box now displays. • Click the IP...
.... Verifying TCP/IP Properties for each PC with this version of TCP/IP in Windows NT. A command window opens 3. The Run window opens. 2. Type cmd and then click OK. This completes the... on your PC's TCP/IP configuration: 1. Restart the PC. Reference Manual for connecting through a router or gateway: • The IP address is between 192.168.0.2 and 192.168.0.254 •...should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for the ProSafe VPN Firewall 200 FVX538 • The TCP/IP Properties dialog box now displays. • Click the IP...
FVX538 Reference Manual
Page 236
... and the receiver's address. Internet Protocol The method or protocol by Internic, an organization formed for this purpose. The PING command, for example, uses ICMP to be sent by a different route across the Internet until one gateway recognizes the packet as ...service provider. -6 Glossary January 2005 Any packet is an extension to a gateway computer that form a single subnetwork. Reference Manual for the ProSafe VPN Firewall 200 FVX538 BSSs that understands a small part of the Internet. IP See "Internet Protocol" IP Address A four-byte number uniquely defining each packet...
... and the receiver's address. Internet Protocol The method or protocol by Internic, an organization formed for this purpose. The PING command, for example, uses ICMP to be sent by a different route across the Internet until one gateway recognizes the packet as ...service provider. -6 Glossary January 2005 Any packet is an extension to a gateway computer that form a single subnetwork. Reference Manual for the ProSafe VPN Firewall 200 FVX538 BSSs that understands a small part of the Internet. IP See "Internet Protocol" IP Address A four-byte number uniquely defining each packet...