FVX538 Reference Manual
Page 1
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
FVX538 Reference Manual
Page 7
... Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the Traffic Meter...
... Installation and Management 1-4 Maintenance and Support 1-5 Package Contents ...1-5 Router Front and Rear Panels 1-6 Rack Mounting Hardware 1-8 The Router's IP Address, Login Name, and Password 1-9 Chapter 2 Connecting the FVX538 to the Internet Logging into the VPN Firewall 2-1 Configuring the Internet Connections to Your ISPs 2-2 Setting the Router's MAC Address 2-4 Manually Configuring Your Internet Connection 2-4 Programming the Traffic Meter...
FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS) Priorities ...Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS) Priorities ...Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That Reduce...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
... Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing B-20 Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall Restart...Unicast Logs ...C-9 ICMP Redirect Logs C-9 xii Contents v1.0, March 2009 B-18 VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability ........ ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound ...
... Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing B-20 Appendix C System Logs and Error Messages System Log Messages C-1 System Startup ...C-1 Reboot ...C-2 NTP ...C-2 Login/Logout ...C-3 Firewall Restart...Unicast Logs ...C-9 ICMP Redirect Logs C-9 xii Contents v1.0, March 2009 B-18 VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability ........ ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound ...
FVX538 Reference Manual
Page 13
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
FVX538 Reference Manual
Page 14
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
FVX538 Reference Manual
Page 15
...paragraphs. • Typographical Conventions. Tip: This format is used to the equipment. Warning: Ignoring this manual is used to install, configure and troubleshoot the ProSafe VPN Firewall 200. This manual uses the following formats to highlight special messages: Note: This format is intended for readers with intermediate ...• Formats. xv v1.0, March 2009 The information in this type of importance or special interest. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to highlight a procedure that will save time or resources.
...paragraphs. • Typographical Conventions. Tip: This format is used to the equipment. Warning: Ignoring this manual is used to install, configure and troubleshoot the ProSafe VPN Firewall 200. This manual uses the following formats to highlight special messages: Note: This format is intended for readers with intermediate ...• Formats. xv v1.0, March 2009 The information in this type of importance or special interest. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to highlight a procedure that will save time or resources.
FVX538 Reference Manual
Page 16
... authentication • SIP AGL support • DHCP Relay support • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xvi About This Manual v1.0, March 2009 website at http://kbserver.netgear.com/products/FVX538.asp. ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Revision History Part Number Version Number...
... authentication • SIP AGL support • DHCP Relay support • Update VPN configuration procedure topics • Update the Certificate management topic • Correct the firewall scheduling topic xvi About This Manual v1.0, March 2009 website at http://kbserver.netgear.com/products/FVX538.asp. ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Revision History Part Number Version Number...
FVX538 Reference Manual
Page 18
...• Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of status and activity. • Flash memory...off-limits. 1-2 Introduction v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive ...
...• Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of status and activity. • Flash memory...off-limits. 1-2 Introduction v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive ...
FVX538 Reference Manual
Page 19
...or a 100 Mbps Fast Ethernet network. Introduction 1-3 v1.0, March 2009 You can configure the firewall to log and report attempts to your network. Security Features The VPN firewall is a response to Internet content by screening for keywords within Web addresses. Requests originating from... the LAN are autosensing and capable of full-duplex or half-duplex operation. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. With its internal 8-port 10/100 switch, the FVX538 can have it forwarded to worry about crossover cables, as described in this ...
...or a 100 Mbps Fast Ethernet network. Introduction 1-3 v1.0, March 2009 You can configure the firewall to log and report attempts to your network. Security Features The VPN firewall is a response to Internet content by screening for keywords within Web addresses. Requests originating from... the LAN are autosensing and capable of full-duplex or half-duplex operation. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. With its internal 8-port 10/100 switch, the FVX538 can have it forwarded to worry about crossover cables, as described in this ...
FVX538 Reference Manual
Page 20
... Interface. • Auto Detect. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of personal computer, such as a DNS server to ensure the VPN tunnels are specified, the firewall provides its own address as Windows, Macintosh, or Linux. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet...
... Interface. • Auto Detect. The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of personal computer, such as a DNS server to ensure the VPN tunnels are specified, the firewall provides its own address as Windows, Macintosh, or Linux. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet...
FVX538 Reference Manual
Page 21
... information. - ProSafe VPN Firewall 200 FVX538 Reference Manual • Diagnostic Functions. Package Contents The product package should contain the following features to return the firewall for firmware upgrade • Free technical support seven days a week, 24 hours a day, according to the terms identified in the Warranty and Support information card provided with your NETGEAR dealer. The firewall incorporates built...
... information. - ProSafe VPN Firewall 200 FVX538 Reference Manual • Diagnostic Functions. Package Contents The product package should contain the following features to return the firewall for firmware upgrade • Free technical support seven days a week, 24 hours a day, according to the terms identified in the Warranty and Support information card provided with your NETGEAR dealer. The firewall incorporates built...
FVX538 Reference Manual
Page 22
WAN Ports and LEDs Two RJ-45 WAN ports N-way automatic speed negotiation, Auto MDI/MDIX. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes each item on other WAN port ...
WAN Ports and LEDs Two RJ-45 WAN ports N-way automatic speed negotiation, Auto MDI/MDIX. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes each item on other WAN port ...
FVX538 Reference Manual
Page 23
... 100 Mbps. Speed LED On (Green) On (Amber) Off The LAN port is operating at 1,000 Mbps. Factory Push in with a connected Ethernet device. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. LAN Ports and LEDs 8-port RJ-45 10/100 Mbps Fast Ethernet Switch Link/Act LED On (Green) Blinking (Green) Off N-way automatic speed...
... 100 Mbps. Speed LED On (Green) On (Amber) Off The LAN port is operating at 1,000 Mbps. Factory Push in with a connected Ethernet device. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. LAN Ports and LEDs 8-port RJ-45 10/100 Mbps Fast Ethernet Switch Link/Act LED On (Green) Blinking (Green) Off N-way automatic speed...
FVX538 Reference Manual
Page 24
Figure 1-3 1-8 v1.0, March 2009 Introduction AC power in Figure 1-3). On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2. Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection.
Figure 1-3 1-8 v1.0, March 2009 Introduction AC power in Figure 1-3). On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2. Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection.
FVX538 Reference Manual
Page 25
Introduction 1-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the... LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password...
Introduction 1-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the... LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password...
FVX538 Reference Manual
Page 26
ProSafe VPN Firewall 200 FVX538 Reference Manual 1-10 v1.0, March 2009 Introduction
ProSafe VPN Firewall 200 FVX538 Reference Manual 1-10 v1.0, March 2009 Introduction