Netgear FVL328 Reference Manual

Download or browse on-line these Reference Manual for NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router Firewall, Network Hardware.

NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router Manual Information:

This manual for NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router, given in the PDF format, is available for free online viewing and download without logging on. The guide contains 240 pages, and the size of the file at download is . The document type is Reference Manual.

Download Manual

More Manuals:

In case you failed to obtain relevant information in this document, please, look through related operating manuals and user instructions for NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router. Just click one of the links below to go to the selected manual:

Summary of Contents:

[Page 1] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 M-10144-01 December 2003 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual ...

[Page 2] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

ii M-10144-01 © 2003 by NETGEAR, Inc. All rights reserved. FullManual. Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation...

[Page 3] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 iii Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß dasFVL328 Prosafe High Speed VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßig...

[Page 4] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 iv ...

[Page 5] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Contents i M-10144-01 Contents Chapter 1 About This Manual Audience .........................................................................................................................1-1 Scope ....................................................

[Page 6] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 ii Contents Where Do I Get the Internet Configuration Parameters? ..................................3-2 Worksheet for Recording Your Internet Connection Information ..............................3-3 Connecting the FVL328 to Your LAN ........

[Page 7] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Contents iii M-10144-01 Using Firewall Rules to Regulate Network Traffic ..........................................................5-5 Rules Menu Options ..................................................................................................

[Page 8] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 iv Contents Viewing, Selecting, and Saving Logged Information ................................................7-6 Changing the Include in Log Settings ................................................................7-8 Enabling the Syslog ...

[Page 9] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Contents v M-10144-01 Subnet Addressing .................................................................................................. B-4 Private IP Addresses .........................................................................................

[Page 10] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 vi Contents Appendix D Firewall Log Formats Action List ...................................................................................................................... D-1 Field List .................................................

[Page 11] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Contents vii M-10144-01 Additional Reading .......................................................................................................E-11 Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 Configuration Template ...........

[Page 12] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

M-10144-01 viii Contents Appendix I NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 Configuration Template ....................................................................................................I-1 Using DDNS and Fully ...

[Page 13] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

About This Manual 1-1 M-10144-01 Chapter 1 About This Manual This chapter introduces the NETGEAR FVL328 Prosafe High Speed VPN Firewall manual. Audience This reference manual assumes that the reader has basic to intermediate computer and Internet s...

[Page 14] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 1-2 About This Manual M-10144-01 Typographical Conventions This guide uses the following typographical conventions: Special Message Formats This guide uses the following formats to highlig...

[Page 15] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual About This Manual 1-3 M-10144-01 Features of the HTML Version of this Manual The HTML version of this manual includes these features. Figure Preface 1-1: HTML version of this manual 1. L...

[Page 16] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 1-4 About This Manual M-10144-01 How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a “How To” Seq...

[Page 17] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Introduction 2-1 M-10144-01 Chapter 2 Introduction This chapter describes the features of the NETGEAR FVL328 Prosafe High Speed VPN Firewall. The FVL328 Firewall is now ICSA certified. It provides connection for multiple computers to the Internet t...

[Page 18] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 2-2 Introduction M-10144-01 Virtual Private Networking The FVL328 Firewall provides a secure encrypted connection between your local network and remote networks or clients. Its VPN featur...

[Page 19] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Introduction 2-3 M-10144-01 ICSA Small/Medium Business Category The NETGEAR FVL328 provides meets the ICSA SMB Category by providing Remote Administration over an encrypted link from a pu...

[Page 20] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 2-4 Introduction M-10144-01 • The Ability to Enable or Disable IP Address Sharing by NAT The FVL328 allows several networked computers to share an Internet account using only a single ...

[Page 21] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Introduction 2-5 M-10144-01 • Smart Wizard The firewall automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account....

[Page 22] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 2-6 Introduction M-10144-01 • Support information card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packi...

[Page 23] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Introduction 2-7 M-10144-01 The Firewall’s Rear Panel The rear panel of the FVL328 (Figure 2-2) contains the connections identified below. Figure 2-2: FVL328 Rear Panel Viewed from left...

[Page 24] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 2-8 Introduction M-10144-01 ...

[Page 25] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Connecting the FVL328 to the Internet 3-1 M-10144-01 Chapter 3 Connecting the FVL328 to the Internet This chapter describes how to set up the firewall on your Local Area Network (LAN) and connect to the Internet. You can perform basic configuration...

[Page 26] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-2 Connecting the FVL328 to the Internet M-10144-01 Internet Configuration Requirements Depending on how your ISP or IT group set up your Internet access, you will need one or more of th...

[Page 27] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-3 M-10144-01 Worksheet for Recording Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet S...

[Page 28] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-4 Connecting the FVL328 to the Internet M-10144-01 Connecting the FVL328 to Your LAN This section provides instructions for connecting the FVL328 Prosafe High Speed VPN Firewall to your...

[Page 29] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-5 M-10144-01 c. Connect the Ethernet cable (A) from your cable or DSL modem to the FVL328’s Internet port. Figure 3-2: Connect the cable or DSL ...

[Page 30] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-6 Connecting the FVL328 to the Internet M-10144-01 2. Log in to the FVL328. Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically ...

[Page 31] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-7 M-10144-01 A login window opens as shown in Figure 3-5 below: Figure 3-5: Login window d. For security reasons, the firewall has its own user nam...

[Page 32] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-8 Connecting the FVL328 to the Internet M-10144-01 a. You are now connected to the firewall. If you do not see the menu above, click the Setup Wizard link on the upper left of the main ...

[Page 33] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-9 M-10144-01 Configuring for a Wizard-Detected Login Account If the Setup Wizard determines that your Internet service account uses a login protocol...

[Page 34] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-10 Connecting the FVL328 to the Internet M-10144-01 4. Perform a DNS Lookup. A DNS (Domain Name Server) converts the Internet name (e.g. www.netgear.com) to an IP address. If you need t...

[Page 35] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-11 M-10144-01 Configuring for a Wizard-Detected Dynamic IP Account If the Setup Wizard determines that your Internet service account uses Dynamic I...

[Page 36] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-12 Connecting the FVL328 to the Internet M-10144-01 If your ISP allows access from only one specific computer’s Ethernet MAC address, select “Use this MAC address.” The firewall w...

[Page 37] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-13 M-10144-01 2. Enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also. DNS server...

[Page 38] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-14 Connecting the FVL328 to the Internet M-10144-01 Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setu...

[Page 39] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to the Internet 3-15 M-10144-01 How to Complete a Manual Configuration Manually configure the firewall in the Basic Settings menu using these steps: 1. Answer the que...

[Page 40] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 3-16 Connecting the FVL328 to the Internet M-10144-01 – If you want to disable NAT, select the Disable radio button. Before disabling NAT, back up your current configuration settings. �...

[Page 41] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

WAN and LAN Configuration 4-1 M-10144-01 Chapter 4 WAN and LAN Configuration This chapter describes how to configure the WAN and LAN settings of your FVL328 Prosafe High Speed VPN Firewall v2. Configuring LAN IP Settings The LAN IP Setup menu all...

[Page 42] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 4-2 WAN and LAN Configuration M-10144-01 — When set to None, it will not send any RIP packets and will ignore any RIP packets received. • RIP Version This controls the format and...

[Page 43] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual WAN and LAN Configuration 4-3 M-10144-01 The firewall will deliver the following parameters to any LAN device that requests DHCP: • An IP Address from the range you have defined • S...

[Page 44] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 4-4 WAN and LAN Configuration M-10144-01 3. Enter the LAN TCP/IP and DHCP parameters. 4. Click Apply to save your changes. How to Configure Reserved IP Addresses When you specify a rese...

[Page 45] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual WAN and LAN Configuration 4-5 M-10144-01 Connecting Automatically, as Required Normally, this option should be Enabled, so that an Internet connection will be made automatically, whene...

[Page 46] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 4-6 WAN and LAN Configuration M-10144-01 Responding to Ping on Internet WAN Port If you want the firewall to respond to a 'ping' from the Internet, click the ‘Respond to Pi...

[Page 47] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual WAN and LAN Configuration 4-7 M-10144-01 How to Configure Dynamic DNS 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of admin, d...

[Page 48] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 4-8 WAN and LAN Configuration M-10144-01 When you first configured your firewall, two implicit static routes were created. A default route was created with your ISP as the gateway, and...

[Page 49] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual WAN and LAN Configuration 4-9 M-10144-01 a. Click the Edit button to open the Edit Menu, shown below. Figure 4-3: Static Route Entry and Edit Menu b. Type a route name for this static ...

[Page 50] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 4-10 WAN and LAN Configuration M-10144-01 ...

[Page 51] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Protecting Your Network 5-1 M-10144-01 Chapter 5 Protecting Your Network This chapter describes how to use the basic firewall features of the FVL328 Prosafe High Speed VPN Firewall to protect your network. Protecting Access to Your FVL328 Firewall...

[Page 52] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-2 Protecting Your Network M-10144-01 Figure 5-1: Set Password menu 3. To change the password, first enter the old password, then enter the new password twice. 4. Click Apply to save you...

[Page 53] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-3 M-10144-01 Blocking Keywords, Sites, and Services The firewall provides a variety of options for blocking Internet based content and communications services. W...

[Page 54] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-4 Protecting Your Network M-10144-01 Figure 5-2: Block Sites menu 3. To enable keyword blocking, check “Turn keyword blocking on”, enter a keyword or domain in the Keyword box, c...

[Page 55] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-5 M-10144-01 6. Click Apply to save your settings. Using Firewall Rules to Regulate Network Traffic Firewall rules are used to block or allow specific traffic pas...

[Page 56] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-6 Protecting Your Network M-10144-01 Figure 5-3: Rules menu • To edit an existing rule, select its button on the left side of the table and click Edit. • To delete an existing rule,...

[Page 57] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-7 M-10144-01 • Block TCP flood — if selected, then when a TCP flood attack is detected, the port used will be closed, and no traffic will be able to use that...

[Page 58] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-8 Protecting Your Network M-10144-01 Figure 5-4: Rule example: a local public Web server The parameters are: • Service — select the application or service to be allowed or blocked....

[Page 59] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-9 M-10144-01 Inbound Rule Example: Videoconferencing from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted ...

[Page 60] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-10 Protecting Your Network M-10144-01 Using Outbound Rules (Service Blocking) The FVL328 allows you to block the use of certain Internet services by computers on your network. This is c...

[Page 61] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-11 M-10144-01 The parameters are: • Service — select the application or service to be allowed or blocked. The list already displays many common services, but...

[Page 62] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-12 Protecting Your Network M-10144-01 Understanding the Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown below. Figure 5-7...

[Page 63] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-13 M-10144-01 The service numbers for many common protocols are defined by the Internet Engineering Task Force (IETF) and published in RFC1700, “Assigned Numbe...

[Page 64] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-14 Protecting Your Network M-10144-01 3. Modify the menu shown below for defining or editing a service. Figure 5-9: Add Services menu 4. Click Apply to save your changes. Setting Times ...

[Page 65] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Protecting Your Network 5-15 M-10144-01 2. Click the Schedule link of the Security menu to display the menu shown below. Figure 5-10: Schedule Services menu 3. Select your Time Zone. Th...

[Page 66] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 5-16 Protecting Your Network M-10144-01 • Set Clock - Use this to set a particular Date/Time to the RTC. This is only useful if “Synchronize to NTP Server” is disabled. Otherwise, y...

[Page 67] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Virtual Private Networking 6-1 M-10144-01 Chapter 6 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between your...

[Page 68] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-2 Virtual Private Networking M-10144-01 • IKE Policies: Define the authentication scheme and automatically generate the encryption keys. As an alternative option, to further automate ...

[Page 69] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-3 M-10144-01 IKE Policies’ Automatic Key and Authentication Management Click the IKE Policies link from the VPN section of the main menu, and then click the ...

[Page 70] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-4 Virtual Private Networking M-10144-01 The IKE Policy Configuration fields are defined in the following table. Table 6-1. IKE Policy Configuration Fields Field Description General The...

[Page 71] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-5 M-10144-01 Remote Identity Type Use this field to identify the remote FVL328. You can choose one of the following four options from the drop-down list: • ...

[Page 72] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-6 Virtual Private Networking M-10144-01 VPN Policy Configuration for Auto Key Negotiation An already defined IKE policy is required for VPN - Auto Policy configuration. From the VPN Pol...

[Page 73] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-7 M-10144-01 The VPN Auto Policy fields are defined in the following table. Table 6-1. VPN Auto Policy Configuration Fields Field Description General These se...

[Page 74] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-8 Virtual Private Networking M-10144-01 Local IP The drop-down menu allows you to configure the source IP address of the outbound network traffic for which this VPN policy will provide ...

[Page 75] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-9 M-10144-01 VPN Policy Configuration for Manual Key Exchange With Manual Key Management, you will not use an IKE policy. You must manually type in all the re...

[Page 76] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-10 Virtual Private Networking M-10144-01 Figure 6-4: VPN - Manual Policy Menu ...

[Page 77] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-11 M-10144-01 The VPN Manual Policy fields are defined in the following table. Table 6-1. VPN Manual Policy Configuration Fields Field Description General The...

[Page 78] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-12 Virtual Private Networking M-10144-01 Authenticating Header (AH) Configuration AH specifies the authentication protocol for the VPN header. These settings must match the remote VPN...

[Page 79] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-13 M-10144-01 SPI - Outgoing Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the remote VPN endpoint has the same value in its "Incomi...

[Page 80] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-14 Virtual Private Networking M-10144-01 Using Digital Certificates for IKE Auto-Policy Authentication Digital certificates are character strings generated using encryption and authenti...

[Page 81] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-15 M-10144-01 Walk-Through of Configuration Scenarios There are a variety of configurations you might implement with the FVL328. The scenarios listed below il...

[Page 82] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-16 Virtual Private Networking M-10144-01 Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet)...

[Page 83] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-17 M-10144-01 FVL328 Scenario 1: How to Configure the IKE and VPN Policies Note: This scenario assumes all ports are open on the FVL328. You can verify this by...

[Page 84] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-18 Virtual Private Networking M-10144-01 b. Select whether enable or disable NAT (Network Address Translation). NAT allows all LAN computers to gain Internet access via this Router, by ...

[Page 85] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-19 M-10144-01 Note: After you click Apply to change the LAN IP address settings, your workstation will be disconnected from the FVL328. You will have to log o...

[Page 86] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-20 Virtual Private Networking M-10144-01 4. Set up the FVL328 VPN -Auto Policy illustrated below. a. From the main menu VPN section, click the VPN Policies link, and then click the Add ...

[Page 87] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-21 M-10144-01 5. After applying these changes, you will see a table entry like the one below. Figure 6-10: VPN Policies table Now all traffic from the range o...

[Page 88] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-22 Virtual Private Networking M-10144-01 2. To test connectivity between the FVL328 Gateway A and Gateway B WAN ports, follow these steps: a. Using our example, log in to the FVL328 on ...

[Page 89] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-23 M-10144-01 Note: The procedure for obtaining certificates differs between a CA like Verisign and a CA such as a Windows 2000 certificate server, which an o...

[Page 90] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-24 Virtual Private Networking M-10144-01 b. Click the Generate Request button to display the screen illustrated in Figure 6-12 below. . Figure 6-12: Generate Self Certificate Request me...

[Page 91] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-25 M-10144-01 d. Click the Next button to continue. The FVL328 generates a Self Certificate Request as shown below. Figure 6-13: Self Certificate Request dat...

[Page 92] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-26 Virtual Private Networking M-10144-01 Figure 6-14: Self Certificate Requests table 5. Receive the certificate back from the Trusted Root CA and save it as a text file. Note: In the c...

[Page 93] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Virtual Private Networking 6-27 M-10144-01 f. You will now see the “FVL328” entry in the Active Self Certificates table and the pending “FVL328” Self Certificate Request is gone, ...

[Page 94] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 6-28 Virtual Private Networking M-10144-01 Now, the traffic from devices within the range of the LAN subnet addresses on FVL328 Gateway A and Gateway B will be authenticated using the cer...

[Page 95] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Managing Your Network 7-1 M-10144-01 Chapter 7 Managing Your Network This chapter describes how to perform network management tasks with your FVL328 Prosafe High Speed VPN Firewall. Network Management The FVL328 provides remote management access...

[Page 96] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 7-2 Managing Your Network M-10144-01 c. To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access. 5. Specify the Po...

[Page 97] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Managing Your Network 7-3 M-10144-01 Viewing Router Status and Usage Statistics From the main menu, under Maintenance, select Router Status to view the screen in Figure 7-1 below. Figure ...

[Page 98] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 7-4 Managing Your Network M-10144-01 Click the “Show Statistics” button to display firewall usage statistics, as shown in Figure 7-2 below: Figure 7-2. Router Statistics screen DHCP I...

[Page 99] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Managing Your Network 7-5 M-10144-01 This screen shows the following statistics: Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has...

[Page 100] NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall Router

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 7-6 Managing Your Network M-10144-01 Select the check box if you want to enable NetBIOS detection. If the NetBIOS name is not available, “Unknown” is listed as the Device Name. If th...