NETGEAR PROSAFE FVG318 Datasheet page 2

®
ProSafe 802.11g Wireless VPN Firewall 8 with 8-port 10/100 Mbps Switch
How a Firewall Processes a Packet
Technical Specifications
• System Requirements
– Cable, DSL, satellite or wireless
broadband modem and internet service
– Ethernet connectivity from
broadband modem
– Network card for each connected PC
– Network software (e.g. Windows)
– Internet Explorer 5.0 or higher or
Netscape Navigator 7.2 or higher
– Compatible with IE 7.0 and
Windows Vista™
®
• Wireless
– Standards: IEEE 802.11g, 54 Mbps,
Super-G technology up to 108 Mbps
– Antenna: (1) 5dBi, detachable
• Physical Interfaces
– SLAN ports: Eight (8) 10/100Mbps
auto-sensing, Auto Uplink™ RJ-45 ports
– WAN port: 10/100 Mbps Ethernet
RJ-45 port to connect to any broadband
modem, such as DSL or cable
• Security Features
– SPI firewall: Stateful packet inspection
(SPI) to prevent notorious denial-
of-service (DoS) attacks, intrusion
detection system (IDS) including
logging, reporting and email alerts,
address, service and protocol, Web
URL keyword filtering, prevent replay
attack (reassembly attack), port/service
blocking. Advanced features include
block Java/URL/ActiveX based on
extension, FTP/SMTP/RPC
program filtering.
H ow t h e F i r e wa l l Pr oc es ses a Packet
Corporate
Entering Firewall
– VPN functionality: Eight (8) dedicated
VPN tunnels, Manual key and Internet
Key Exchange Security Association
(IKE SA) assignment with pre-shared
key and RSA/DSA signatures, key life
and IKE lifetime time settings, perfect
forward secrecy (Diffie-Hellman
groups 1 and 2 and Oakley support),
operating modes (main, aggressive,
quick), fully qualified domain name
(FQDN) support for dynamic IP
address VPN connections.
– IPsec support: IPsec-based 56-bit
(DES), 168-bit (3DES), or 256-bit
(AES) encryption algorithm, MD5 or
SHA-1 hashing algorithm, AH/AH-ESP
support, PKI features with X.509 v.3
certificate support, remote access VPN
(client-to-site), site-to-site VPN, IPsec
NAT traversal (VPN pass-through)
– Mode of operation: Many-to-one NAT
(LAN to WAN), classical routing,
unrestricted users per port
– IP address assignment: Static IP
address assignment, internal DHCP
server on LAN, DHCP client on WAN,
PPPoE client support
• Performance Features
– Throughput: Up to 12.5 Mbps
WAN-to-LAN, up to 1.2 Mbps for 3DES
• Management Features
– Administration interface: SNMP (v2c)
support, Web graphic user interface,
Secure Sockets Layer (SSL)-enabled
remote management, user name and
password protected; secure remote
management support authenticated
through IP address or IP address range
and password; configuration changes/
upgrades through web GUI.
Leaving Firewall
Packet Processed
Against SPI
Stateful Packet
Inspection
Algorithm
Randomize Port Numbers
Connection Information
Stateful Inspection
Processing Inbound and
Outbound rules
Internet
– Configuration and upgrades: Upload
and download configuration settings,
field upgradeable flash memory
• Functions
– VPN Wizard to simplify configuration
of the VPN, Smart Wizard to
automatically detect ISP Address type
(static, dynamic, PPPoE), port range
forwarding, port triggering, exposed
host (DMZ), enable/disable WAN Ping,
DNS proxy, MAC address cloning/
spoofing, Network Time Protocol NTP
support, keyword content filtering,
email alerts, DHCP server (info and
display table), PPPoE login client
support, WAN DHCP client, diagnostic
tools (ping, trace route, other), port/
service/MAC address blocking,
Auto-Uplink on switch ports
• Protocol Support
– Network: IP routing, TCP/IP , UDP ,
ICMP , PPPoE
– IP addressing: DHCP (client and server)
– Routing: RIPv1, RIPv2 (static routing,
dynamic routing)
– VPN/security: IPsec (ESP , AH), MD5,
SHA-1, DES, 3DES, IKE, PKI, AES
• User Support
– LAN: Up to 253 users
– WLAN: Up to 64 users
• Maintenance
– Save/restore configuration, restore
defaults, upgrades via web browser,
display statistics
FVG318