FVX538 Reference Manual
Page 1
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
ProSafe VPN Firewall 200 FVX538 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10062-09 v1.0
FVX538 Reference Manual
Page 2
...228;tigt, daß das ProSafe VPN Firewall 200 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/ 1992 aufgeführten Bestimmungen entstört ist. All rights reserved. NETGEAR does not assume any liability that the ProSafe VPN Firewall 200 has been suppressed in this ...equipment does cause harmful interference to correct the interference by NETGEAR, Inc. However, there is hereby certified that may occur due...
...228;tigt, daß das ProSafe VPN Firewall 200 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/ 1992 aufgeführten Bestimmungen entstört ist. All rights reserved. NETGEAR does not assume any liability that the ProSafe VPN Firewall 200 has been suppressed in this ...equipment does cause harmful interference to correct the interference by NETGEAR, Inc. However, there is hereby certified that may occur due...
FVX538 Reference Manual
Page 8
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter 3 LAN Configuration Choosing the Firewall DHCP Options 3-1 Configuring the LAN Setup Options 3-2 Configuring Multi Home LAN IPs 3-5 Managing Groups and Hosts (LAN Groups 3-6 Creating the ...DMZ Port 3-10 Static Routes ...3-12 Configuring Static Routes 3-12 Routing Information Protocol (RIP 3-14 Static Route Example 3-16 Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering 4-1 Using Rules to Block or Allow Specific Kinds of Traffic 4-2 Services-Based Rules 4-2 Outbound Rules (Service...
FVX538 Reference Manual
Page 9
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS)... Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
ProSafe VPN Firewall 200 FVX538 Reference Manual Outbound Rules Example 4-24 LAN WAN Outbound Rule: Blocking Instant Messenger 4-25 Adding Customized Services 4-25 Setting Quality of Service (QoS)... Connection 5-8 Testing the Connections and Viewing Status Information 5-12 NETGEAR VPN Client Status and Log Information 5-12 FVX538 VPN Connection Status and Logs 5-14 VPN Tunnel Policies ...5-15 IKE Policy ...5-15 Managing IKE Policies 5-15 IKE Policy Table 5-16 VPN Policy ...5-17 Managing VPN Policies 5-17 VPN Policy Table 5-18 Certificate Authorities 5-19 Generating a Self Certificate...
FVX538 Reference Manual
Page 10
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
ProSafe VPN Firewall 200 FVX538 Reference Manual Extended Authentication (XAUTH) Configuration 5-23 Configuring XAUTH for VPN Clients 5-24 User Database Configuration 5-25 RADIUS Client Configuration 5-27 Assigning IP Addresses to Remote Users (ModeConfig 5-29 Mode Config Operation 5-29 Configuring the VPN Firewall 5-30 Configuring the ProSafe VPN Client for ModeConfig 5-33 Chapter 6 Router and Network Management Performance Management 6-1 Bandwidth Capacity 6-1 VPN Firewall Features That...
FVX538 Reference Manual
Page 11
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing Port Triggering Status 6-24 Viewing Router Configuration and System Status 6-25 Monitoring WAN Ports Status 6-26 Monitoring VPN Tunnel Connection Status 6-27 VPN Logs ...6-28 DHCP Log ...6-29 Performing Diagnostics 6-29 Chapter 7 Troubleshooting Basic Functions... Information Form B-5 Overview of the Planning Process B-6 Inbound Traffic ...B-6 Virtual Private Networks (VPNs B-6 The Roll-over Case for Firewalls With Dual WAN Ports B-7 The Load Balancing Case for Firewalls With Dual WAN Ports B-7 Contents xi v1.0, March 2009
FVX538 Reference Manual
Page 12
... Metering Logs C-9 Unicast Logs ...C-9 ICMP Redirect Logs C-9 xii Contents v1.0, March 2009 B-17 VPN Telecommuter (Client-to-Gateway Through a NAT Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic...
... Metering Logs C-9 Unicast Logs ...C-9 ICMP Redirect Logs C-9 xii Contents v1.0, March 2009 B-17 VPN Telecommuter (Client-to-Gateway Through a NAT Router B-17 VPN Telecommuter: Single Gateway WAN Port (Reference Case B-18 VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability ......... ProSafe VPN Firewall 200 FVX538 Reference Manual Inbound Traffic ...B-8 Inbound Traffic to Single WAN Port (Reference Case B-8 Inbound Traffic...
FVX538 Reference Manual
Page 13
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual Multicast/Broadcast Logs C-9 FTP Logging ...C-10 Invalid Packet Logging C-10 Routing Logs ...C-13 LAN to WAN Logs C-13 LAN to DMZ Logs C-14 DMZ to WAN Logs C-14 WAN to LAN Logs C-14 DMZ to LAN Logs C-14 WAN to DMZ Logs C-15 Appendix D Related Documents Appendix E Two Factor Authentication Why do I need Two-Factor Authentication E-1 What are the benefits of Two-Factor Authentication E-1 What is Two-Factor Authentication E-2 NETGEAR Two-Factor Authentication Solutions E-2 Index Contents xiii v1.0, March 2009
FVX538 Reference Manual
Page 14
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
ProSafe VPN Firewall 200 FVX538 Reference Manual xiv Contents v1.0, March 2009
FVX538 Reference Manual
Page 15
... of this manual is used to highlight information of importance or special interest. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to highlight special messages: Note: This format is intended for readers with intermediate computer and Internet skills. This manual uses the following formats to install, configure and troubleshoot the ProSafe VPN Firewall 200.
... of this manual is used to highlight information of importance or special interest. About This Manual The NETGEAR® ProSafe™ VPN Firewall 200 describes how to highlight special messages: Note: This format is intended for readers with intermediate computer and Internet skills. This manual uses the following formats to install, configure and troubleshoot the ProSafe VPN Firewall 200.
FVX538 Reference Manual
Page 16
... Detection; IKE Keep Alive; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Session Limits; Oray Support Oct. 2007 Document corrections Oct. 2007 Document additions to the NETGEAR website in personal injury or death. website at http://kbserver.netgear.com/products/FVX538.asp. For more information about network, Internet, firewall, and VPN technologies, see the links to...
... Detection; IKE Keep Alive; ProSafe VPN Firewall 200 FVX538 Reference Manual Danger: This is a safety warning. Session Limits; Oray Support Oct. 2007 Document corrections Oct. 2007 Document additions to the NETGEAR website in personal injury or death. website at http://kbserver.netgear.com/products/FVX538.asp. For more information about network, Internet, firewall, and VPN technologies, see the links to...
FVX538 Reference Manual
Page 17
... FVX538 provides support for Stateful Packet Inspection, Denial of -day, Website addresses and address keywords. This chapter contains the following features: • Dual 10/100 Mbps Ethernet WAN ports for load balancing or failover protection, providing increased system reliability and load balancing. Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN...
... FVX538 provides support for Stateful Packet Inspection, Denial of -day, Website addresses and address keywords. This chapter contains the following features: • Dual 10/100 Mbps Ethernet WAN ports for load balancing or failover protection, providing increased system reliability and load balancing. Chapter 1 Introduction The ProSafe VPN Firewall 200 with the 5-user license of the NETGEAR ProSafe VPN...
FVX538 Reference Manual
Page 18
... to: • Provide backup and rollover if one line is a true firewall, using stateful packet inspection to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation...: • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of either 10 Mbps or 100 Mbps. Dual...
... to: • Provide backup and rollover if one line is a true firewall, using stateful packet inspection to defend against hacker attacks. ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation...: • Single or multiple exposed hosts • Virtual private networks A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FVX538 is inoperable, ensuring you specify as Ping of either 10 Mbps or 100 Mbps. Dual...
FVX538 Reference Manual
Page 19
...; Port Forwarding with Auto Uplink With its URL keyword filtering feature, the FVX538 prevents objectionable content from the Internet is a response to a switch or hub. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. With its internal 8-port 10/100 switch, the FVX538 can connect to the Internet for keywords within Web addresses. You can...
...; Port Forwarding with Auto Uplink With its URL keyword filtering feature, the FVX538 prevents objectionable content from the Internet is a response to a switch or hub. ProSafe VPN Firewall 200 FVX538 Reference Manual • Logs security incidents. With its internal 8-port 10/100 switch, the FVX538 can connect to the Internet for keywords within Web addresses. You can...
FVX538 Reference Manual
Page 20
...and operate the ProSafe VPN Firewall 200 within minutes after connecting it to the attached PCs. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the ...VPN routers and clients. • SNMP. A user-friendly Setup Wizard is provided and online help documentation is a protocol for connecting remote hosts to share an Internet account using the Dynamic Host Configuration Protocol (DHCP). The VPN firewall...v1.0, March 2009 The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of ...
...and operate the ProSafe VPN Firewall 200 within minutes after connecting it to the attached PCs. ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the ...VPN routers and clients. • SNMP. A user-friendly Setup Wizard is provided and online help documentation is a protocol for connecting remote hosts to share an Internet account using the Dynamic Host Configuration Protocol (DHCP). The VPN firewall...v1.0, March 2009 The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of ...
FVX538 Reference Manual
Page 21
.... five user licenses. • Warranty and Support Information Card. Maintenance and Support NETGEAR offers the following items: • ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 ProSafe VPN Firewall 200 • Resource CD, including: - Package Contents The product package should contain the...
.... five user licenses. • Warranty and Support Information Card. Maintenance and Support NETGEAR offers the following items: • ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and rubber feet. • Category 5 (Cat5) Ethernet cable. • Installation Guide, FVX538 ProSafe VPN Firewall 200 • Resource CD, including: - Package Contents The product package should contain the...
FVX538 Reference Manual
Page 22
The WAN port is operating at 10 Mbps. The WAN port is supplied to the firewall. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1... the connection on the front panel and its operation. Table 1-1. Writing to Flash memory (during upgrading or resetting to the firewall. 2. Power is initializing or the initialization has failed. Data is being used because the port is down or not being...
The WAN port is operating at 10 Mbps. The WAN port is supplied to the firewall. ProSafe VPN Firewall 200 FVX538 Reference Manual Router Front and Rear Panels The ProSafe VPN Firewall 200 front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. 1 2 3 4 5 6 7 Figure 1-1... the connection on the front panel and its operation. Table 1-1. Writing to Flash memory (during upgrading or resetting to the firewall. 2. Power is initializing or the initialization has failed. Data is being used because the port is down or not being...
FVX538 Reference Manual
Page 23
... detected a link with a sharp Factory Defaults reset push button (see Appendix A, "Default Defaults object Settings and Technical Specifications" for connecting to an optional console terminal. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. pinouts: (2) Tx, (3) Rx, (5) and (7) Gnd. 7. The LAN port has detected a link with a connected Ethernet device. The LAN port has no link. Introduction...
... detected a link with a sharp Factory Defaults reset push button (see Appendix A, "Default Defaults object Settings and Technical Specifications" for connecting to an optional console terminal. ProSafe VPN Firewall 200 FVX538 Reference Manual Table 1-1. pinouts: (2) Tx, (3) Rx, (5) and (7) Gnd. 7. The LAN port has detected a link with a connected Ethernet device. The LAN port has no link. Introduction...
FVX538 Reference Manual
Page 24
AC power in Figure 1-3). ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2. Figure 1-3 1-8 v1.0, March 2009 Introduction
AC power in Figure 1-3). ProSafe VPN Firewall 200 FVX538 Reference Manual The rear panel of the ProSafe VPN Firewall 200 (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 1 2 Viewed from left to right, the rear panel contains the following elements: 1. On/Off switch Rack Mounting Hardware The FVX538 can be mounted either on a desktop (using included rubber feet) or in a 19-inch rack (using the included rack mounting hardware illustrated in 2. Figure 1-3 1-8 v1.0, March 2009 Introduction
FVX538 Reference Manual
Page 25
Introduction 1-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the... LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password...
Introduction 1-9 v1.0, March 2009 ProSafe VPN Firewall 200 FVX538 Reference Manual The Router's IP Address, Login Name, and Password Check the label on the bottom of the FVX538's enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the... LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-4 To log in to the FVX538 once it is connected, go to http://192.168.1.1. Figure 1-5 Once the login screen displays, enter admin for the User Name and the password...