FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting ...Ping Utility 7-5 Testing the LAN Path to Your Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications Appendix B Network Planning ...
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting ...Ping Utility 7-5 Testing the LAN Path to Your Firewall 7-5 Testing the Path from Your PC to a Remote Device 7-6 Restoring the Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Default Settings and Technical Specifications Appendix B Network Planning ...
FVX538 Reference Manual
Page 22
... by the WAN port. The system has booted successfully. 3. Writing to Flash memory (during upgrading or resetting to the firewall. The WAN port is initializing or the initialization has failed. Test LED On (Amber) Blinking (Amber) Off Test mode.... 100 LED On (Green) Off The WAN port is not supplied to the firewall. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes ...
... by the WAN port. The system has booted successfully. 3. Writing to Flash memory (during upgrading or resetting to the firewall. The WAN port is initializing or the initialization has failed. Test LED On (Amber) Blinking (Amber) Off Test mode.... 100 LED On (Green) Off The WAN port is not supplied to the firewall. 2. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1 Table 1-1 describes ...
FVX538 Reference Manual
Page 23
...link with a connected Ethernet device. pinouts: (2) Tx, (3) Rx, (5) and (7) Gnd. 7. Factory Push in with a sharp Factory Defaults reset push button (see Appendix A, "Default Defaults object Settings and Technical Specifications" for connecting to a gigabit Ethernet device. The LAN port has detected a link with a connected Ethernet device.... Link/Act LED On (Green) Blinking (Green) Off N-way automatic speed negotiation, auto MDI/MDIX. Default baud rate Port is operating as a dedicated hardware DMZ port. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1.
...link with a connected Ethernet device. pinouts: (2) Tx, (3) Rx, (5) and (7) Gnd. 7. Factory Push in with a sharp Factory Defaults reset push button (see Appendix A, "Default Defaults object Settings and Technical Specifications" for connecting to a gigabit Ethernet device. The LAN port has detected a link with a connected Ethernet device.... Link/Act LED On (Green) Blinking (Green) Off N-way automatic speed negotiation, auto MDI/MDIX. Default baud rate Port is operating as a dedicated hardware DMZ port. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1.
FVX538 Reference Manual
Page 25
Introduction 1-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password...
Introduction 1-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password...
FVX538 Reference Manual
Page 30
... See "Programming the Traffic Meter (if Desired)" on page 2-6. The default is set up the parameters for WAN2 ISP. If your ISP requires...traffic meter for WAN 1 ISP if desired. Set up the traffic meter for WAN2 ISP, if desired. Setting the router's MAC address is also referred to as IP Addresses, account information, type of the configuration process, you need the ... "Programming the Traffic Meter (if Desired)" on page 2-6. Otherwise, select No. 2-4 Connecting the FVX538 to a Ping from your ISP, select Yes. ProSafe VPN Firewall 200 FVX538 Reference Manual 4.
... See "Programming the Traffic Meter (if Desired)" on page 2-6. The default is set up the parameters for WAN2 ISP. If your ISP requires...traffic meter for WAN 1 ISP if desired. Set up the traffic meter for WAN2 ISP, if desired. Setting the router's MAC address is also referred to as IP Addresses, account information, type of the configuration process, you need the ... "Programming the Traffic Meter (if Desired)" on page 2-6. Otherwise, select No. 2-4 Connecting the FVX538 to a Ping from your ISP, select Yes. ProSafe VPN Firewall 200 FVX538 Reference Manual 4.
FVX538 Reference Manual
Page 35
... has also been configured and that the backup WAN port has already been configured. From the Internet, there is the default setting. • Classical Routing. NAT is only a single device (the Router) and a single IP address. This is the technology which allows all PCs on your LAN to go on a... and System Status" on page 6-25) or look at the LEDs on the front panel (see "Router Front and Rear Panels" on page 1-6). ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to be bypassed for backup purposes, ensure that you configure the WAN Failure Detection Method to receive any ...
... has also been configured and that the backup WAN port has already been configured. From the Internet, there is the default setting. • Classical Routing. NAT is only a single device (the Router) and a single IP address. This is the technology which allows all PCs on your LAN to go on a... and System Status" on page 6-25) or look at the LEDs on the front panel (see "Router Front and Rear Panels" on page 1-6). ProSafe VPN Firewall 200 FVX538 Reference Manual If you want to be bypassed for backup purposes, ensure that you configure the WAN Failure Detection Method to receive any ...
FVX538 Reference Manual
Page 36
... the Auto-Rollover Using WAN port radio box. 3. DNS query is 30 seconds. 2-10 Connecting the FVX538 to detect router status. Selection the WAN port that will not reject the Ping request or will not consider the traffic abuse...ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is configured in Auto-Rollover Mode, the router uses the WAN Failure Detection Method to check the connection of the primary link at regular intervals to the Internet v1.0, March 2009 Queries are not received, the corresponding WAN interface is considered down menu. 4. The default...
... the Auto-Rollover Using WAN port radio box. 3. DNS query is 30 seconds. 2-10 Connecting the FVX538 to detect router status. Selection the WAN port that will not reject the Ping request or will not consider the traffic abuse...ProSafe VPN Firewall 200 FVX538 Reference Manual When the router is configured in Auto-Rollover Mode, the router uses the WAN Failure Detection Method to check the connection of the primary link at regular intervals to the Internet v1.0, March 2009 Queries are not received, the corresponding WAN interface is considered down menu. 4. The default...
FVX538 Reference Manual
Page 37
...after the primary WAN interface fails is 2 minutes (a 30-second minimum test period, times a minimum of 4 tests). 7. The default time to roll over after the configured number of Event Logs and Alerts" on the original primary WAN interface by reapplying the Auto... link is 4 failures. Connecting the FVX538 to the previous settings. Click Apply to elicit a reply. The Failover default is brought up after this. When notified that the failed WAN interface has been restored, you can force traffic back on page 4-39). ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-4 6.
...after the primary WAN interface fails is 2 minutes (a 30-second minimum test period, times a minimum of 4 tests). 7. The default time to roll over after the configured number of Event Logs and Alerts" on the original primary WAN interface by reapplying the Auto... link is 4 failures. Connecting the FVX538 to the previous settings. Click Apply to elicit a reply. The Failover default is brought up after this. When notified that the failed WAN interface has been restored, you can force traffic back on page 4-39). ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 2-4 6.
FVX538 Reference Manual
Page 43
Click Advanced to the previous settings. Edit the default information you may have chosen for PPPoE connections. ProSafe VPN Firewall 200 FVX538 Reference Manual For example, the wildcard feature will display. Click Apply to be done unless you are sure it is necessary for your...Figure 2-8 3. Connecting the FVX538 to the same IP address as yourhost.dyndns.org 5. For some ISPs you want to reduce the MTU. If you haven't already, log in to the firewall at the default LAN address of http://192.168.1.1, default user name of admin, and default password of password (or whatever...
Click Advanced to the previous settings. Edit the default information you may have chosen for PPPoE connections. ProSafe VPN Firewall 200 FVX538 Reference Manual For example, the wildcard feature will display. Click Apply to be done unless you are sure it is necessary for your...Figure 2-8 3. Connecting the FVX538 to the same IP address as yourhost.dyndns.org 5. For some ISPs you want to reduce the MTU. If you haven't already, log in to the firewall at the default LAN address of http://192.168.1.1, default user name of admin, and default password of password (or whatever...
FVX538 Reference Manual
Page 44
...as the computer's MAC (Media Access Control) address. If you may have the router use the MAC address of the Internet (WAN) port. The default is the default. AutoSense is Use default address. Use the half-duplex settings unless you select Use This MAC Address and ... modem supports 100BaseT, select 100M; However, if your entry will be overwritten. 2-18 Connecting the FVX538 to manually select the port speed. otherwise, select 10M. Use this Computer's MAC address to have to the Internet v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Port Speed -
...as the computer's MAC (Media Access Control) address. If you may have the router use the MAC address of the Internet (WAN) port. The default is the default. AutoSense is Use default address. Use the half-duplex settings unless you select Use This MAC Address and ... modem supports 100BaseT, select 100M; However, if your entry will be overwritten. 2-18 Connecting the FVX538 to manually select the port speed. otherwise, select 10M. Use this Computer's MAC address to have to the Internet v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • Port Speed -
FVX538 Reference Manual
Page 45
... of the range for your ProSafe VPN Firewall 200, including the following sections: • "Choosing the Firewall DHCP Options" on page 3-1 • "Managing Groups and Hosts (LAN Groups)" on page 3-6 • "Configuring and Enabling the DMZ Port" on page 3-10 • "Static Routes" on the LAN. For most applications, the default DHCP and TCP/IP settings...
... of the range for your ProSafe VPN Firewall 200, including the following sections: • "Choosing the Firewall DHCP Options" on page 3-1 • "Managing Groups and Hosts (LAN Groups)" on page 3-6 • "Configuring and Enabling the DMZ Port" on page 3-10 • "Static Routes" on the LAN. For most applications, the default DHCP and TCP/IP settings...
FVX538 Reference Manual
Page 46
... firewall a dhcp relay agent. the box's LAN IP. All DHCP clients will receive the DNS IP addresses of lease). The default values are suitable for each connection are advanced settings most users and situations. If you to make requests to the router and the router...ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you to configure a secondary or "multi-home" LAN IP setup in the LAN. The feature is enabled, then clients can relay DHCP broadcast messages to your clients would only be sent over routers...
... firewall a dhcp relay agent. the box's LAN IP. All DHCP clients will receive the DNS IP addresses of lease). The default values are suitable for each connection are advanced settings most users and situations. If you to make requests to the router and the router...ProSafe VPN Firewall 200 FVX538 Reference Manual • Primary DNS Server (the firewall's LAN IP address). • WINS Server (if you to configure a secondary or "multi-home" LAN IP setup in the LAN. The feature is enabled, then clients can relay DHCP broadcast messages to your clients would only be sent over routers...
FVX538 Reference Manual
Page 47
ProSafe VPN Firewall 200 FVX538 Reference Manual 1. Figure 3-1 2. Your router will automatically calculate the subnet mask based on your router (factory default: 192.168.1.1). (Always make sure that you assign. If Enabled is the default. Enter the IP Address of an IP address. Enter the IP Subnet Mask. By default, the router will be the DHCP server, or if you are in...
ProSafe VPN Firewall 200 FVX538 Reference Manual 1. Figure 3-1 2. Your router will automatically calculate the subnet mask based on your router (factory default: 192.168.1.1). (Always make sure that you assign. If Enabled is the default. Enter the IP Address of an IP address. Enter the IP Subnet Mask. By default, the router will be the DHCP server, or if you are in...
FVX538 Reference Manual
Page 48
ProSafe VPN Firewall 200 FVX538 Reference Manual b. Enter the Ending IP Address. Secondary DNS Server. (Optional) If an IP address is optional. This field is specified, the VPN firewall will be leased to the web management interface. 3-4 LAN Configuration v1.0, March 2009 h. To enable the DHCP server to ...Server. (Optional) If an IP address is the default ending address. For example, if you change the LAN IP address of the router (the IP Address in the same "network" as the LAN TCP/IP address of the firewall while connected through the browser, you must then open ...
ProSafe VPN Firewall 200 FVX538 Reference Manual b. Enter the Ending IP Address. Secondary DNS Server. (Optional) If an IP address is optional. This field is specified, the VPN firewall will be leased to the web management interface. 3-4 LAN Configuration v1.0, March 2009 h. To enable the DHCP server to ...Server. (Optional) If an IP address is the default ending address. For example, if you change the LAN IP address of the router (the IP Address in the same "network" as the LAN TCP/IP address of the firewall while connected through the browser, you must then open ...
FVX538 Reference Manual
Page 50
...: Selects all known PCs and network devices, as well as hosts, that are not DHCP clients. By default, the DHCP server in the DHCP server. Because of this router. The hosts on the Groups and Hosts screen contains a list of the PC or device cannot be accurately... respective text fields. 2. Click Add. The Secondary LAN IP address will be configured in this router. These requests also generate an entry in two ways: • DHCP Client Requests. ProSafe VPN Firewall 200 FVX538 Reference Manual • Action: The Edit link allows you to make up the Network Database. ...
...: Selects all known PCs and network devices, as well as hosts, that are not DHCP clients. By default, the DHCP server in the DHCP server. Because of this router. The hosts on the Groups and Hosts screen contains a list of the PC or device cannot be accurately... respective text fields. 2. Click Add. The Secondary LAN IP address will be configured in this router. These requests also generate an entry in two ways: • DHCP Client Requests. ProSafe VPN Firewall 200 FVX538 Reference Manual • Action: The Edit link allows you to make up the Network Database. ...
FVX538 Reference Manual
Page 52
ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is strongly recommended. • Scanning the Network: The router also scans the local network periodically using protocols such as ARP and NetBIOS to detect active computers or ... protocol, the name will be displayed as Unknown. If the computer was assigned an IP address by default, to respond to DHCP requests from the router will be appended to the Network Database. The Known PCs and Devices table lists the entries in the...
ProSafe VPN Firewall 200 FVX538 Reference Manual Figure 3-3 The Network Database is created by: • Using the DHCP Server: The router's DHCP server is strongly recommended. • Scanning the Network: The router also scans the local network periodically using protocols such as ARP and NetBIOS to detect active computers or ... protocol, the name will be displayed as Unknown. If the computer was assigned an IP address by default, to respond to DHCP requests from the router will be appended to the Network Database. The Known PCs and Devices table lists the entries in the...
FVX538 Reference Manual
Page 53
By default, a computer is assigned to the network database. To add known PCs and devices... device), that this computer or device is Reserved (DHCP Client), the router will always receive the same IP address each time it accesses the firewall's DHCP server. If the IP Address Type is assigned. Click Apply ...in the associated field. 2. The Reserved IP address that require permanent IP settings. LAN Configuration 3-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • MAC Address: The MAC address of the computer's network interface. • Group: Each PC or...
By default, a computer is assigned to the network database. To add known PCs and devices... device), that this computer or device is Reserved (DHCP Client), the router will always receive the same IP address each time it accesses the firewall's DHCP server. If the IP Address Type is assigned. Click Apply ...in the associated field. 2. The Reserved IP address that require permanent IP settings. LAN Configuration 3-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual • MAC Address: The MAC address of the computer's network interface. • Group: Each PC or...
FVX538 Reference Manual
Page 54
... address outside the LAN Address pool, such as a hardware DMZ port for safely providing services to the LAN, has fewer firewall restrictions, by default. Note: A separate firewall security profile is programmed to enable or disable the hardware DMZ port (LAN port 8, see "Creating the Network Database" on... an IP Address and the Subnet mask for the DMZ port. ProSafe VPN Firewall 200 FVX538 Reference Manual To reserve an IP address, use the Groups and Hosts screen under the Network Configuration menu, LAN Groups submenu (see "Router Front and Rear Panels" on page 1-6) and configure an IP ...
... address outside the LAN Address pool, such as a hardware DMZ port for safely providing services to the LAN, has fewer firewall restrictions, by default. Note: A separate firewall security profile is programmed to enable or disable the hardware DMZ port (LAN port 8, see "Creating the Network Database" on... an IP Address and the Subnet mask for the DMZ port. ProSafe VPN Firewall 200 FVX538 Reference Manual To reserve an IP address, use the Groups and Hosts screen under the Network Configuration menu, LAN Groups submenu (see "Router Front and Rear Panels" on page 1-6) and configure an IP ...
FVX538 Reference Manual
Page 56
...the Disable option (default) checked. Configuring Static Routes To add or edit a static route: 1. Click Apply to save your network. You should configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on your firewall. Select Network Configuration...DMZ WAN Rules and LAN DMZ Rules, see "Router Front and Rear Panels" on page 4-14, respectively. Enter a route name for this static route in the Route Name field (for Internet access, and you will display. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. The DMZ LED next to ...
...the Disable option (default) checked. Configuring Static Routes To add or edit a static route: 1. Click Apply to save your network. You should configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on your firewall. Select Network Configuration...DMZ WAN Rules and LAN DMZ Rules, see "Router Front and Rear Panels" on page 4-14, respectively. Enter a route name for this static route in the Route Name field (for Internet access, and you will display. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. The DMZ LED next to ...
FVX538 Reference Manual
Page 58
... not broadcast its routing information automatically with other routers, and allows it accept any RIP packets from other routers. • In Only - ProSafe VPN Firewall 200 FVX538 Reference Manual Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is disabled by default. The RIP Configuration screen will send and receives...
... not broadcast its routing information automatically with other routers, and allows it accept any RIP packets from other routers. • In Only - ProSafe VPN Firewall 200 FVX538 Reference Manual Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is disabled by default. The RIP Configuration screen will send and receives...