Page 1 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports FVS124G NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10085-01 March 2005 202-10085-01, March 2005...
Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Certificate of the Manufacturer/Importer It is hereby certified that the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992.
Page 4 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1.
Page 5 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc.
Page 6 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: FVS124G March 2005 Router FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Business...
Page 7: Table Of Contents
The Router’s Rear Panel ...2-7 The Router’s IP Address, Login Name, and Password ...2-8 Logging into the Router ...2-9 Default Factory Settings ...2-10 NETGEAR Related Products ... 2-11 Chapter 3 Network Planning Overview of the Planning Process ...3-1 Inbound Traffic ...3-1 Virtual Private Networks (VPNs) ...3-1...
Page 8 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Inbound Traffic ...3-3 Inbound Traffic to Single WAN Port (Reference Case) ...3-3 Inbound Traffic to Dual WAN Port Systems ...3-3 Inbound Traffic: Dual WAN Ports for Improved Reliability ...3-4 Inbound Traffic: Dual WAN Ports for Load Balancing ...3-4 Virtual Private Networks (VPNs) ...3-5 VPN Road Warrior (Client-to-Gateway) ...3-6...
Page 9 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Load Balancing (and Protocol Binding) Setup ...4-17 Step 5: Configure Dynamic DNS (If Needed) ...4-20 Step 6: Configure the WAN Options (If Needed) ...4-23 Chapter 5 LAN Configuration Using the LAN IP Setup Options ...5-1...
Page 10 Creating a VPN Connection: Between FVX538 and FVS124G ...7-5 Configuring the FVX538 ...7-5 Configuring the FVS124G ...7-9 Testing the Connection ... 7-11 Creating a VPN Connection: Netgear VPN Client to FVS124G ... 7-11 Configuring the FVS124G ...7-12 Configuring the VPN Client ...7-12 Testing the Connection ...7-20...
Page 11 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports WAN Port Connection Status ...8-18 Dynamic DNS Status ...8-19 Internet Traffic Information ...8-19 LAN Ports and Attached Devices ...8-20 Known PCs and Devices ...8-20 DHCP Log ...8-22 Port Triggering Status ...8-22 Firewall ...8-23...
Page 12 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Routing Information Protocol ... B-2 IP Addresses and the Internet ... B-2 Netmask ... B-4 Subnet Addressing ... B-5 Private IP Addresses ... B-7 Single IP Address Operation Using NAT ...
Page 13 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports MacOS X ... C-16 Verifying TCP/IP Properties for Macintosh Computers ... C-17 Verifying the Readiness of Your Internet Account ... C-18 Are Login Protocols Used? ... C-18 What Is Your Configuration Information? ...
Page 14 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports C ...Glossary-3 D ...Glossary-3 E ...Glossary-4 G ...Glossary-5 I ...Glossary-5 L ...Glossary-6 M ...Glossary-7 P ...Glossary-8 Q ...Glossary-9 R ...Glossary-9 S ...Glossary-9 T ...Glossary-10 U ...Glossary-10 W ...Glossary-10 202-10085-01, March 2005...
Page 15: About This Manual
Table 1-2. Manual Scope Product Version Manual Publication Date Note: Product updates are available on the NETGEAR, Inc. Web site at http://kbserver.netgear.com/products/FVS124G.asp. About This Manual About This Manual FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN...
Page 16: How To Use This Manual
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Page 17: How To Print This Manual
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual is dedicated to a major topic.
Page 18 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports About This Manual 202-10085-01, March 2005...
Page 19: Introduction
This chapter describes the features of the NETGEAR FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. Key Features of the VPN Firewall The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports with 4 port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem.
Page 20: Dual Wan Ports For Increased Reliability Or Outbound Load Balancing
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Front panel LEDs for easy monitoring of status and activity. • Flash memory for firmware upgrade. Dual WAN Ports for Increased Reliability or Outbound Load Balancing The FVS124G VPN Firewall has two broadband WAN ports, WAN1 and WAN2, each capable of operating independently at speeds of either 10 Mbps or 100 Mbps.
Page 21: Security
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • With its URL keyword filtering feature, the FVS124G prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses.
Page 22: Extensive Protocol Support
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Extensive Protocol Support The FVS124G VPN Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/ IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to Appendix B, “Network, Routing, Firewall, and •...
Page 23: Maintenance And Support
The FVS124G VPN Firewall’s front panel LEDs provide an easy way to monitor its status and activity. Maintenance and Support NETGEAR offers the following features to help you maximize your use of the FVS124G VPN Firewall: • Flash memory for firmware upgrade •...
Page 24: The Router's Front Panel
• Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. The Router’s Front Panel The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports front panel shown below contains the port connections, status LEDs, and the factory defaults reset button.
Page 25: The Router's Rear Panel
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 2-1. FVS124G front panel Object Activity PWR LED On (Green) TEST LED On (Amber) Blinking (Amber) WAN Port Link/Act LED LEDs On (Green) Blinking (Green) 100 LED On (Green)
Page 26: The Router's Ip Address, Login Name, And Password
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Factory Defaults Factory LAN Ports Defaults Button Figure 2-2: FVS124G Rear Panel Viewed from left to right, the rear panel contains the following elements: Table 2-2.
Page 27: Logging Into The Router
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports LAN IP Address User Name Password Figure 2-3: FVS124G Bottom Label Logging into the Router To log into the FVS124G once it is connected, Open a Web browser.
Page 28: Default Factory Settings
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 2-4: Login screen on the Web browser Note: Read-only access is provided by logging in as username guest and default password password. Default Factory Settings When you first receive your FVS124G, the default factory settings will be set as shown in Table 2-1 below.
Page 29: Netgear Related Products
Built-in DHCP server IP Configuration Time Zone Adjust for Daylight Saving TIme NETGEAR Related Products NETGEAR products related to the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports are as follows: • FA311 10/100 PCI Adapter •...
Page 30 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 2-12 Introduction 202-10085-01, March 2005...
Page 31: Network Planning
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This chapter describes the factors to consider when planning a network using a firewall that has dual WAN ports. Overview of the Planning Process The areas that require planning when using a firewall that has dual WAN ports include: •...
Page 32: The Rollover Case For Firewalls With Dual Wan Ports
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: Once the gateway firewall WAN port rolls over, the VPN tunnel collapses and must be re-established using the new WAN IP address. The Rollover Case for Firewalls With Dual WAN Ports Rollover (Figure 3-1) for the dual WAN port case is different from the single gateway WAN port...
Page 33: Inbound Traffic
IP address is dynamic. Router WAN IP netgear.dyndns.org IP address of WAN port: FQDN is required for dynamic IP address and is optional for fixed IP address Figure 3-3: Inbound traffic to single WAN port case Inbound Traffic to Dual WAN Port Systems The IP address range of the firewall’s WAN port must be both fixed and public so that the public...
Page 34: Inbound Traffic: Dual Wan Ports For Improved Reliability
WAN ports (i.e., WAN1 or WAN2). Dual WAN Ports (Before Rollover) WAN1 IP Router netgear.dyndns.org WAN2 port inactive WAN2 IP (N/A) IP address of active WAN port changes after a rollover (use of fully-qualified domain names always required) Figure 3-4: Inbound traffic to dual WAN ports, before and after rollover...
Page 35: Virtual Private Networks (Vpns)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN port depends on the configuration being implemented: Table 3-1.
Page 36: Vpn Road Warrior (Client-To-Gateway)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dual WAN Ports (Before Rollover) WAN1 IP Gateway netgear.dyndns.org WAN2 port inactive VPN Router WAN2 IP (N/A) IP address of active WAN port changes after a rollover (use of fully-qualified domain names always required) Figure 3-6: Dual gateway WAN ports before and after rollover •...
Page 37: Vpn Road Warrior: Dual Gateway Wan Ports For Improved Reliability
- required for Fixed IP addresses - required for Dynamic IP addresses 202-10085-01, March 2005 Client B WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) (Figure 3-9), the remote PC client Client B WAN IP 0.0.0.0 Remote PC...
Page 38: Vpn Road Warrior: Dual Gateway Wan Ports For Load Balancing
Fully-Qualified Domain Names (FQDN) - optional for Fixed IP addresses - required for Dynamic IP addresses 202-10085-01, March 2005 Client B WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) (Figure 3-11), the remote PC Client B WAN IP 0.0.0.0 Remote PC...
Page 39: Vpn Gateway-To-Gateway
If an IP address is fixed, a fully-qualified domain name is optional. Network Planning WAN IP WAN IP FQDN netgear.dyndns.org 22.23.24.25 Fully-Qualified Domain Names (FQDN) - optional for Fixed IP addresses - required for Dynamic IP addresses 202-10085-01, March 2005...
Page 40: Vpn Gateway-To-Gateway: Dual Gateway Wan Ports For Improved Reliability
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability In the case of the dual WAN ports on the gateway VPN firewall gateway WAN ports at one end can initiate the VPN tunnel with the appropriate gateway WAN port at the other end as necessary to balance the loads of the gateway WAN ports because the IP addresses of the WAN ports are known in advance.
Page 41: Vpn Gateway-To-Gateway: Dual Gateway Wan Ports For Load Balancing
Figure 3-15: Dual gateway WAN ports (load balancing case) for gateway-to-gateway VPN tunnels Network Planning WAN_A1 IP (N/A) WAN_B1 IP WAN_A1 port inactive netgearB.dyndns.org netgear.dyndns.org WAN_B2 port inactive WAN_A2 IP WAN_B2 IP (N/A) Fully-Qualified Domain Names (FQDN) - required for Fixed IP addresses - required for Dynamic IP addresses...
Page 42: Vpn Telecommuter (Client-To-Gateway Through A Nat Router)
If the IP address is fixed, a fully-qualified domain name is optional. 3-12 NAT Router B WAN IP WAN IP FQDN 0.0.0.0 NAT Router (at telecommuter's home office) 202-10085-01, March 2005 (Figure 3-16), the remote PC Client B Remote PC (running NETGEAR ProSafe VPN Client) Network Planning...
Page 43: Vpn Telecommuter: Dual Gateway Wan Ports For Improved Reliability
202-10085-01, March 2005 (Figure 3-17), the remote PC Client B NAT Router B NAT Router (at telecommuter's Remote PC home office) (running NETGEAR ProSafe VPN Client) Client B NAT Router B NAT Router (at telecommuter's Remote PC home office) (running NETGEAR...
Page 44: Vpn Telecommuter: Dual Gateway Wan Ports For Load Balancing
3-14 (Figure WAN1 IP WAN IP 0.0.0.0 WAN2 IP NAT Router (at telecommuter's home office) 202-10085-01, March 2005 3-19), the remote PC Client B NAT Router B Remote PC (running NETGEAR ProSafe VPN Client) Network Planning...
Page 45: Connecting The Fvs124G To The Internet
Connecting the FVS124G to the Internet This chapter describes how to connect the WAN ports of the FVS124G VPN Firewall to the Internet. What You Will Need to Do Before You Begin The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports is a powerful and versatile solution for your networking needs.
Page 46 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports – You can also add your own service protocols to the list (see Rules” on page 6-4 Set up your accounts Have active Internet services such as that provided by cable or DSL broadband accounts and locate the Internet Service Provider (ISP) configuration information.
Page 47: Cabling And Computer Hardware Requirements
FVS124G, your must use a Java-enabled web browser program that supports HTTP uploads such as Microsoft Internet Explorer or Netscape Navigator. NETGEAR recommends using Internet Explorer or Netscape Navigator 4.0 or above. Free browser programs are readily available for Windows, Macintosh, or UNIX/Linux.
Page 48: Internet Configuration Requirements
• You may also refer to the FVS124G Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the page below.
Page 49: Record Your Internet Connection Information
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP.
Page 50 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Connecting the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This section provides instructions for connecting the FVS124G VPN Firewall. Also, the Resource CD for ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports included with your firewall contains an animated Installation Assistant to help you through this procedure.
Page 51: Step 1: Physically Connect The Vpn Firewall To Your Network (Required)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 1: Physically Connect the VPN Firewall to Your Network (Required) Turn off your computer and Cable or DSL Modem. Disconnect the Ethernet cable from your computer which connects to your cable or DSL modem.
Page 52: Step 3: Configure The Internet Connections To Your Isps (Required)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 4-2: Login screen on the Web browser For security reasons, the firewall has its own user name and password. When prompted, enter for the firewall user name and admin letters.The firewall user name and password are not the same as any user name or password you may use to log in to your Internet connection.
Page 53 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports WAN1 screens WAN2 screens Figure 4-3: WAN1 and WAN2 Basic Settings and Setup Wizard Screens Connecting the FVS124G to the Internet 202-10085-01, March 2005...
Page 54 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Click Setup Wizard on the WAN1 ISP Settings screen to get the Setup Wizard (WAN1) screen. Click Next and follow the steps in the WAN1 Setup Wizard for inputting the configuration parameters from your ISP1 to connect to the Internet.
Page 55 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The steps to configure WAN port 2 are as follows: Repeat the above steps to set up the parameters for ISP2. Start by clicking the WAN2 ISP link directly under WAN Setup on the upper left of the main menu to get the WAN2 ISP Settings screen shown in screen to get the Setup Wizard (WAN2) screen.
Page 56: Manually Configuring Your Internet Connection
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below if you do not want to allow the Setup Wizard to determine your configuration as described in the previous sections. ISP Does Not Require Login ISP Does Require Login Figure 4-4: Browser-based configuration WAN ISP Settings menus (WAN1 ISP shown)
Page 57: Programming The Traffic Meter (If Desired)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Programming the Traffic Meter (if Desired) From the Main Menu of the browser interface, under WAN Setup, click Traffic Meter. You will get the screens shown in Figure 4-5.
Page 58 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 4-1. Traffic meter Parameter Description Enable Traffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's WAN1 or WAN2 port.WAN1 or WAN2 can be selected through the drop down menu, the entire configuration is specific to each wan interface.
Page 59: Step 4: Configure The Wan Mode (Required For Dual Wan)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 4: Configure the WAN Mode (Required for Dual WAN) The dual WAN ports of the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports can be configured on a mutually exclusive basis for either rollover for increased system reliability or load balancing for maximum bandwidth efficiency.
Page 60: Rollover Setup
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Rollover Setup Perform the following steps to configure the dual WAN ports for rollover: Click the WAN Mode link directly under Setup on the upper left of the main menu to invoke the WAN Mode Auto-Rollover screen shown in Figure 4-6: WAN Mode screen for auto-rollover Fill out the screen using the following parameter definitions:...
Page 61: Load Balancing (And Protocol Binding) Setup
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Test Period—DNS query is sent periodically after every test period. The minimum test period is 30 seconds. • Maximum Failures—The WAN interface is considered down after the configured number of DNS queries have failed to elicit a DNS reply from the configured DNS server.
Page 62 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 4-7: WAN Mode screen for load balancing and protocol binding Fill out the screen using the following parameter definitions: • Detection of WAN failure—WAN failure is detected using DNS queries to the DNS server.
Page 63 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Test Period—DNS query is sent periodically after every test period. The minimum test period is 30 seconds. • Maximum Failures—The WAN interface is considered down after the configured number of DNS queries have failed to elicit a DNS reply from the configured DNS server.
Page 64: Step 5: Configure Dynamic Dns (If Needed)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 5: Configure Dynamic DNS (If Needed) If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS).
Page 65 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dynamic DNS screen for rollover mode Dynamic DNS screens for load balancing mode Figure 4-8: Dynamic DNS screens Connecting the FVS124G to the Internet 4-21 202-10085-01, March 2005...
Page 66 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Each DNS service provider requires its own parameters DynDNS Service Screen Figure 4-9: Dynamic DNS service provider screens Access the website of one of the dynamic DNS service providers whose names appear in the ‘Select Service Provider’...
Page 67: Step 6: Configure The Wan Options (If Needed)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet.
Page 68 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Port Speed—In most cases, your router can automatically determine the connection speed of the Internet (WAN) port. If you cannot establish an Internet connection and the Internet LED blinks continuously, you may need to manually select the port speed.
Page 69: Lan Configuration
This chapter describes how to configure the advanced features of your FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. These features can be found under the Advanced heading in the Main Menu of the browser interface. •...
Page 70: Configuring Lan Tcp/Ip Setup Parameters
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 5-1: LAN IP Setup menu Note: Once you have completed the LAN IP setup, all outbound traffic is allowed and all inbound traffic is discarded. To change these traffic rules, refer to Protection and Content Configuring LAN TCP/IP Setup Parameters LAN TCP/IP Setup—The default values are suitable for most users and situations.
Page 71 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • IP Subnet Mask: The subnet mask specifies the network number portion of an IP address. Your router will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use 255.255.255.0 as the subnet mask (computed by the router).
Page 72: Using The Firewall As A Dhcp Server
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Ending IP Address - This box specifies the last of the contiguous addresses in the IP address pool. 192.168.1.254 is the default ending address. •...
Page 73: Using Address Reservation
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Primary DNS Server (if you entered a Primary DNS address in the Basic Settings menu; otherwise, the firewall’s LAN IP address) • Secondary DNS Server (if you entered a Secondary DNS address in the Basic Settings menu) •...
Page 74: Multi Home Lan Ips
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Multi Home LAN IPs Click Multi Home LAN IPs Setup on the LAN IP Setup screen (see Figure 5-1) to invoke the Secondary LAN IP Setup screens. This allows the firewall to act as a gateway to additional logical subnets on your LAN.
Page 75 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports From the Main Menu of the browser interface, under Advanced, click on Static Routes to view the Static Route menu, shown below. Figure 5-4. Static Routes Summary Table and Add screens To add or edit a Static Route: Click the Add button to open the Add/Edit Menu, shown below.
Page 76 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Type a number between 1 and 15 as the Metric value. This represents the number of firewalls between your network and the destination. Usually, a setting of 2 or 3 works, but if this is a direct connection, set it to 1.
Page 77: Firewall Protection And Content Filtering
Chapter 6 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports to protect your network. These features can be found by clicking on the Content Filtering heading in the Main Menu of the browser interface. Firewall Protection and Content Filtering Overview The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports provides you with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail.
Page 78 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the FVS124G are: • Inbound: Block all access from outside except responses to requests from the LAN side. •...
Page 79 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: This feature is for Advanced Administrators only! Incorrect configuration will cause serious problems. Outbound Services—This lists all existing rules for outbound traffic. If you have not defined any rules, only the default rule will be listed.
Page 80: Services-Based Rules
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Click the button for the desired actions: – Edit - to make any changes to the rule definition. The Inbound Service screen will be displayed (see “Inbound Rules (Port Forwarding)”...
Page 81: Inbound Rules (Port Forwarding)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Quality of service (QoS) priorities—Each service at its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change this QoS priority if desired to change the traffic mix through the system.
Page 82 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-1. Inbound Services Item Description Services Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see Action Select the desired action for packets covered by this rule:...
Page 83 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 84 This application note describes how to configure multi-NAT to support multiple public IP addresses on one WAN interface of a NETGEAR FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. By creating an inbound rule, we will configure the firewall to host an additional public IP addresses and associate this address with a web server on the LAN.
Page 85 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports – LAN IP address subnet is 192.168.1.1 255.255.255.0 • Web server PC on the firewall's LAN – LAN IP address is 192.168.1.2 – Access to Web server is (simulated) public IP address 10.1.0.52 IP Address Requirements—If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN.
Page 86 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Select Action "ALLOW always". For Send to LAN Server, enter the local IP address of your web server PC. For Public Destination IP Address, choose "Other Public IP Address." Enter one of your public Internet addresses that will be used by clients on the Internet to reach your web server.
Page 87 Create an inbound rule that allows all protocols. Place the rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.
Page 88: Outbound Rules (Service Blocking)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. Consider using the Dyamic DNS feature in the Advanced menus so that external users can always find your network.
Page 89 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: See “Source MAC Filtering” on page 6-27 traffic from selected PCs that would otherwise be allowed by the firewall. Table 6-1. Outbound Services Item Description Services...
Page 90 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-1. Outbound Services Item Description QoS Priority This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. By default, the priority shown is that of the selected service.
Page 91 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Outbound Rule Example: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu.
Page 92: Customized Services
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 6-10: Figure 6-10: Rules table with examples For any traffic attempting to pass through the firewall, the packet information is subjected to the...
Page 93 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Although the FVS124G already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall rules.
Page 94: Quality Of Service (Qos) Priorities
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Click Apply. The new service will now appear in the Services menu, and in the Service name selection box in the Rules menu. Quality of Service (QoS) Priorities This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall.
Page 95 Example 1 (priority unchanged): If the native ToS setting for a service is 3 and the Netgear QoS setting for this service is None, then the traffic for this service is placed in the queue that handles priority 3 traffic.
Page 96: Managing Groups And Hosts
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Managing Groups and Hosts The Network Database is an automatically-maintained list of all known PCs and network devices. PCs and devices become known by the following methods: •...
Page 97 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-13: Groups and Hosts screens Firewall Protection and Content Filtering 6-21 202-10085-01, March 2005...
Page 98: Using A Schedule To Block Or Allow Specific Traffic
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-3. Groups and hosts Item Description Known PCs and This table lists all current entries in the Network Database. For each PC or device, Devices the following data is displayed.
Page 99 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-14: Schedule menu To invoke rules and block keywords or Internet domains based on a schedule, select Every Day or select one or more days. If you want to limit access completely for the selected days, select All Day.
Page 100: Time Zone
VPN firewall's content and Web component filtering feature. By default, this feature is disabled; all requested traffic from any Web site is allowed. When users try to access a blocked site, they will get a message: Blocked by NETGEAR. •...
Page 101 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The Block Sites menu is shown in Figure 6-15: Figure 6-15: Block Sites menu Firewall Protection and Content Filtering 6-25 202-10085-01, March 2005...
Page 102 • In the Trusted Domains box, enter the exact matching domain name for which the keyword filtering will be bypassed. Example: Enter www.netgear.com to bypass URL keyword filtering for this domain. The domains in this list will be allowed without any filtering, web component filtering still applies.
Page 103: Source Mac Filtering
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Source MAC Filtering Source MAC Filter will drop the Internet-bound traffic received from the PCs with the specified MAC address. • By default, the source MAC address filter is disabled. All the traffic received from PCs with any MAC address is allowed by default.
Page 104: Port Triggering
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-5. Source MAC address filter Item Description Activation • Enable the source MAC filter by ticking the check box. • Press APPLY. • Now add the MAC Addresses from which the traffic should be dropped by clicking on ADD button.
Page 105 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • After a PC has finished using a Port Triggering application, there is a Time-out period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated.
Page 106: Getting E-Mail Notifications Of Event Logs And Alerts
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-6. Port Triggering Item Description Port Triggering • Enable - Indicates if the rule is enabled or disabled. Generally, there is no need to Rules disable a rule unless it interferes with some other function such as Port Forwarding.
Page 107 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-18: Logs and E-mail screens Click on View Log button to view various log messages generated by the Router. • In view log window To delete all log entries: Click Clear Log. •...
Page 108 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Items to include in the log: • Use these checkboxes to determine which events are included in the log. Selecting all events will increase the size of the log, so it is good practice to disable any events which are not really required.
Page 109: Syslog
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • In the Log Threshold Time box, set the logs Threshold time. • In the Alert Queue Length box, set the alerts queue length. Click Apply to have your changes take effect.
Page 110 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 6-19: Firewall Logs menu Table 6-7. Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any.
Page 111: Administrator Information
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 6-7. Log entry descriptions Field Description Source port and The service port number of the initiating device, and whether it originated interface from the LAN or WAN Destination The name or IP address of the destination device or website.
Page 112 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-36 Firewall Protection and Content Filtering 202-10085-01, March 2005...
Page 113: Virtual Private Networking
This chapter describes how to use the virtual private networking (VPN) features of the FVS124G VPN Firewall. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. Tip: When using dual WAN port networks, use the VPN Wizard to configure the basic parameters and them edit the VPN and IKE Policy screens for the various VPN scenarios.
Page 114: Fully Qualified Domain Names
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 7-1 shows the setup screens for the selected WAN mode. This setup is accomplished in “Step 4: Configure the WAN Mode (Required for Dual WAN)” on page Rollover Mode Setup Screen Figure 7-1: WAN Mode Setup screens Fully Qualified Domain Names...
Page 115 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports “Step 5: Configure Dynamic DNS (If Needed)” on page 4-20 the Dynamic DNS service. FVS124G Functional Block Diagram FVS124G Firewall Rest of FVS124G FVS124G WAN Port Functions Functions...
Page 116 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports FVS124G Functional Block Diagram FVS124G Firewall Rest of FVS124G FVS124G WAN Port Functions Functions Dynamic DNS screens Figure 7-3: Functional operation of FVS124G WAN ports for load balancing mode WAN 1 Port Load Balancing...
Page 117: Creating A Vpn Connection: Between Fvx538 And Fvs124G
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Creating a VPN Connection: Between FVX538 and FVS124G This section describes how to configure a VPN connection between a NETGEAR FVX538 VPN Firewall and a NETGEAR FVS124G VPN Firewall.
Page 118 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Click Next. Enter the WAN IP address of the remote FVS124G. Click WAN1 to bind this connection to the WAN1 port. Figure 7-5: WAN IP address of remote FVS124G Click Next.
Page 119 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Click Done to create the 'to_fvs' IKE and VPN policies. In the IKE Policies menu, the 'to_fvs' IKE policy will appear in the table. Figure 7-7: IKE Policies You can view the IKE parameters by selecting 'to_fvs' and clicking Edit.
Page 120 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports In the VPN Policies menu, the 'to_fvs' VPN policy will appear in the table. Figure 7-9: FVX538 VPN Policies screen Virtual Private Networking 202-10085-01, March 2005...
Page 121: Configuring The Fvs124G
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports You can view the VPN parameters by selecting 'to_fvs' and clicking Edit. It should not be necessary to make any changes. Figure 7-10: FVX538-to-FVS124G VPN screen Configuring the FVS124G Select the VPN Wizard Give the client connection a name, such as to_fvx.
Page 122 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Select 'a remote VPN gateway'. Figure 7-11: VPN Wizard start page Click Next. Enter the WAN IP address of the remote FVX538. Figure 7-12: WAN IP address of remote FVX538 Click Next.
Page 123: Testing The Connection
PCs are to be connected, an additional policy or policies must be created. Each PC will use Netgear's VPN Client. Since the PC's IP address is assumed to be unknown, the PC must always be the Initiator of the connection.
Page 124: Configuring The Fvs124G
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This procedure was developed and tested using: • Netgear FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports with version 1.0 firmware •...
Page 125 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports In the upper left of the Policy Editor window, click the New Document icon to open a New Connection. Figure 7-15: New Client Connection screen Virtual Private Networking 202-10085-01, March 2005 7-13...
Page 126 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Give the New Connection a name, such as to_FVS. Figure 7-16: New connection named In the Remote Party Identity section, select ID Type of IP Subnet. Enter the LAN IP Subnet Address and Subnet Mask of the FVS124G's LAN.
Page 127 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports For Domain Name, enter 'fvs_local.com' and enter the WAN IP Address of the FVS124G. Figure 7-17: Remote client info In the left frame, click on My Identity. Select Certificate = None.
Page 128 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Leave Virtual Adapter disabled, and select your computer's Network Adapter. Your current IP address will appear. Figure 7-18: My Identity screen Before leaving the My Identity menu, click the Pre-Shared Key button. 7-16 202-10085-01, March 2005 Virtual Private Networking...
Page 129 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Click Enter Key, type your preshared key, and click OK. This key will be shared by all users of the FVS124G policy "home". Figure 7-19: Pre-shared key In the left frame, click on Security Policy.
Page 130 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Select Phase 1 Negotiation Mode = Aggressive Mode. PFS should be disabled, and Replay Detection should be enabled. Figure 7-20: Client Security Policy screen 7-18 202-10085-01, March 2005 Virtual Private Networking...
Page 131 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports In the left frame, expand Authentication and select Proposal 1. Compare with the figure below. No changes should be necessary. Figure 7-21: Client Authorization screen Virtual Private Networking 202-10085-01, March 2005 7-19...
Page 132: Testing The Connection
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports In the left frame, expand Key Exchange and select Proposal 1. Compare with the figure below. No changes should be necessary. Figure 7-22: Client Key Exchange screen In the upper left of the window, click the disk icon to save the policy.
Page 133 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports For additional status and troubleshooting information, right-click on the VPN client icon your Windows toolbar and select "Connection Monitor" or "Log Viewer", or view the VPN log and status menu in the FVS124G.
Page 134 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 7-22 Virtual Private Networking 202-10085-01, March 2005...
Page 135: Router And Network Management
This chapter describes how to use the network management features of your FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports offers many tools for managing the network traffic to optimize its performance.
Page 136: Vpn Firewall Features That Reduce Traffic
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Firewall Features That Reduce Traffic Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows: • Service blocking •...
Page 137 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports – Address range: The rule is applied to a range of Internet IP addresses. • Services—You can specify the desired Services or applications to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see “Services”...
Page 138: Block Sites
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports “Using a Schedule to Block or Allow Specific Traffic” on page 6-22 to use this feature. Block Sites If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the VPN firewall's filtering feature.
Page 139: Port Forwarding
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the service is unavailable).
Page 140: Port Triggering
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • WAN Users—These settings determine which Internet locations are covered by the rule, based on their IP address. – Any: The rule applies to all Internet IP address. –...
Page 141: Vpn Tunnels
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports – After a PC has finished using a Port Triggering application, there is a time-out period before the application can be used by another PC. This is required because the firewall cannot be sure when the application has terminated.
Page 142: Administrator And Guest Access Authorization
Administrator access is read/write and guest access is read-only. Changing the Passwords and Login Timeout The default passwords for the firewall’s Web Configuration Manager is password. Netgear recommends that you change this password to a more secure password.
Page 143: Enabling Remote Management Access
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your FVS124G VPN Firewall. You must be logged in locally to enable remote management (see Note: Be sure to change the firewall's default configuration password to a very secure password.
Page 144: Command Line Interface
FVS124G. Command Line Interface Note: The command line interface is not supported at this time. Check the Netgear Web site for the latest status. 8-10 from the Windows Start menu Run option. For TRACERT...
Page 145: Event Alerts
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports You can access the command line interface (CLI) either by using telnet or by connecting a terminal to the console port on the front of the unit. To access the CLI from a communications terminal when the FVS124G VPN Firewall is still set to its factory defaults (or use your own settings if you have changed them), do the following: From the command line prompt, enter the following command:...
Page 146: Login Failures And Attacks
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-3: Traffic Limit Reached alert Login Failures and Attacks Figure 8-3 shows the Log screen that is invoked by clicking Logs and Email under Security on the Main Menu bar.
Page 147 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Select the types of alerts to email. Enable email alerts. Accumulate 64 messages before sending a log email. Wait 24 hours before sending sending an email. Accumulate 8 messages before sending an alert email.
Page 148: Monitoring
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Monitoring You can view status information about the firewall, WAN ports, LAN ports, and VPN tunnels and program SNMP connections. Viewing VPN Firewall Status and Time Information Firewall Status The Router Status menu provides status and usage information.
Page 149 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports FVS124G Figure 8-5: Router Status screen Router and Network Management 8-15 202-10085-01, March 2005...
Page 150: Time Information
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Router Status Item Description System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will change if you upgrade your router.
Page 151 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-6: Time information on the Schedule screen If supported for your region, you can check Automatically adjust for Daylight Savings Time. Router and Network Management Automatic adjustment enable for daylight savings time...
Page 152: Wan Ports
Table 8-1. Current date and time Item Description Use Default NTP If enabled, the system clock is updated regularly by contacting a Default Netgear Servers (Network NTP Server on the Internet. Time Protocol) Use Custom NTP If you prefer to use a particular NTP server, enable this and enter the name or IP Servers address of an NTP Server in the Server 1 Name/IP Address field.
Page 153: Dynamic Dns Status
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dynamic DNS Status Invoke the Dynamic DNS Status screen from Dynamic DNS screen by clicking Show Status to see the current DDNS Status in a sub-window. Figure 8-8: Dynamic DNS Status screen Internet Traffic Information The Internet Traffic screen provides the following information:...
Page 154: Lan Ports And Attached Devices
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-9: Internet Traffic information LAN Ports and Attached Devices Known PCs and Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network.
Page 155 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-10: Network Database screen The Network Database is an automatically-maintained list of all known PCs and network devices. PCs and devices become known by the following methods: •...
Page 156: Dhcp Log
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Note: If the firewall is rebooted, the table data is lost until the firewall rediscovers the devices. To force the firewall to look for attached devices, click the Refresh button. DHCP Log You can view the DHCP log.
Page 157: Firewall
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. Port Triggering Status data Item Description Rule The name of the Rule. LAN IP Address The IP address of the PC currently using this rule. Open Ports The Incoming ports which are associated the this rule.
Page 158 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-13: Logs and email screen 8-24 Select the types of logs to email. Enable emailing of logs. Enable system logs. Accumulate 64 messages before sending a log email.
Page 159 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Invoke the Firewall Log screen from Logs and Email screen. Figure 8-14: Firewall Log screen (invoked from Logs and Email screen) Router and Network Management 8-25 202-10085-01, March 2005...
Page 160: Vpn Tunnels
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Tunnels You can view the status of the VPN tunnels. Figure 8-15: VPN Status/Log and IPSec Connection Status screens Table 8-1. VPN Status data Item Description Policy Name...
Page 161: Snmp
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 8-1. VPN Status data Item Description State The current status of the SA.Phase 1 is Authentication phase and Phase 2 is Key Exchange phase. Action Use this button to terminate/build the SA (connection) if required.
Page 162 Back to return to the Diagnostics screen. Perform a DNS A DNS (Domain Name Server) converts the Internet name (e.g. www.netgear.com) to Lookup an IP address. If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can do a DNS lookup to find the IP address.
Page 163: Configuration File Management
This file can be saved (backed up) to a user’s PC, retrieved (restored) from the user’s PC, or cleared to factory default settings. You can also upgrade the firewall software with the latest version from Netgear. From the Main Menu of the browser interface, under the Management heading, select the Settings Backup heading to bring up the menu shown below.
Page 164: Restoring And Backing Up The Configuration
NETGEAR. Upgrade files can be downloaded from Netgear's website. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.TRX) file before sending it to the firewall. The upgrade file can be sent to the firewall using your browser.
Page 165: Erasing The Configuration (Factory Defaults Reset)
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure 8-19: Router Upgrade menu To upload new firmware: Download and unzip the new software file from NETGEAR. In the Router Upgrade menu, click the Browse button and browse to the location of the binary image (.IMG) upgrade file Click Upload.
Page 166 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • To restore the factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the front panel of the firewall (see Router’s Front Panel”...
Page 167: Troubleshooting
• Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
Page 168: Leds Never Turn Off
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports LEDs Never Turn Off When the firewall is turned on, the LEDs turns on for about 10 seconds and then turn off. If all the LEDs stay on, there is a fault within the firewall.
Page 169: Troubleshooting The Web Configuration Interface
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Troubleshooting the Web Configuration Interface If you are unable to access the firewall’s Web Configuration interface from a PC on your local network, check the following: •...
Page 170: Troubleshooting The Isp Connection
IP address from the ISP. You can determine whether the request was successful using the Web Configuration Manager. To check the WAN IP address: Launch your browser and select an external site such as www.netgear.com Access the Main Menu of the firewall’s configuration at Under the Management heading, select Router Status Check that an IP address is shown for the WAN Port If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.
Page 171: Troubleshooting A Tcp/Ip Network Using A Ping Utility
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring Your Internet Connection” on page If your firewall can obtain an IP address, but your PC is unable to load any web pages from the Internet: •...
Page 172: Testing The Path From Your Pc To A Remote Device
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports If the path is not working, you see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: •...
Page 173: Restoring The Default Configuration And Password
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports — Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem.
Page 174 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Time is off by one hour. Cause: The firewall does not automatically sense Daylight Savings Time. In the E-Mail menu, check or uncheck the box marked “Adjust for Daylight Savings Time”.
Page 175: Technical Specifications
This appendix provides technical specifications for the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter Voltage and amperage: Physical Specifications Dimensions: Weight: Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions...
Page 176 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Interface Specifications LAN: WAN: 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx 202-10085-01, March 2005 Technical Specifications...
Page 177: Network, Routing, Firewall, And Basics
Appendix B Network, Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.
Page 178: What Is A Router
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports What is a Router? A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network.
Page 179 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 195.34.12.7 The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifies the host node or station on the network.
Page 180: Netmask
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node.
Page 181: Subnet Addressing
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash (/), as “/n.”...
Page 182 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address to the network address.
Page 183: Private Ip Addresses
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table 9-2. Netmask Formats 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254 255.255.255.255 Configure all hosts on a LAN segment to use the same netmask for the following reasons: •...
Page 184: Single Ip Address Operation Using Nat
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP.
Page 185: Mac Addresses And Address Resolution Protocol
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router.
Page 186: Domain Name Server
Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. Just as...
Page 187: What Is A Firewall
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack.
Page 188: Category 5 Cable Quality
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Table B-1. UTP Ethernet cable wiring, straight-through Wire color Signal Orange/White Transmit (Tx) + Orange Transmit (Tx) - Green/White Receive (Rx) + Blue Blue/White Green Receive (Rx) - Brown/White...
Page 189: Inside Twisted Pair Cables
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemented internally as part of the circuitry in the device.
Page 190: Uplink Switches, Crossover Cables, And Mdi/Mdix Switching
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Figure B-3: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network.
Page 191 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The FVS124G VPN Firewall incorporates Auto Uplink technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g.
Page 192 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports B-16 Network, Routing, Firewall, and Basics 202-10085-01, March 2005...
Page 193: Appendix C Preparing Your Network
This appendix describes how to prepare your network to connect to the Internet through the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of...
Page 194: Configuring Windows 95, 98, And Me For Tcp/Ip Networking
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address.
Page 195 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
Page 196: Enabling Dhcp To Automatically Configure Tcp/Ip Settings
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports If you need Client for Microsoft Networks: Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect.
Page 197 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button.
Page 198: Selecting Windows' Internet Access Method
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it.
Page 199: Configuring Windows Nt4, 2000 Or Xp For Ip Networking
From the drop-down box, select your Ethernet adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: •...
Page 200: Enabling Dhcp To Automatically Configure Tcp/Ip Settings
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Enabling DHCP to Automatically Configure TCP/IP Settings You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process for each of these versions of Windows.
Page 201 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. •...
Page 202: Dhcp Configuration Of Tcp/Ip In Windows 2000
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. •...
Page 203 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. •...
Page 204 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected.
Page 205: Dhcp Configuration Of Tcp/Ip In Windows Nt4
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. •...
Page 206 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. C-14 202-10085-01, March 2005 Preparing Your Network...
Page 207: Verifying Tcp/Ip Properties For Windows Xp, 2000, And Nt4
Type ipconfig /all Your IP Configuration information will be listed, and should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: • The IP address is between 192.168.0.2 and 192.168.0.254 •...
Page 208: Configuring The Macintosh For Tcp/Ip Networking
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • The default gateway is 192.168.1.1 Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP.
Page 209: Verifying Tcp/Ip Properties For Macintosh Computers
TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...
Page 210: Verifying The Readiness Of Your Internet Account
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.
Page 211: Obtaining Isp Configuration Information For Windows Computers
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses •...
Page 212: Obtaining Isp Configuration Information For Macintosh Computers
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. Select the DNS Configuration tab.
Page 213: Restarting The Network
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Restarting the Network Once you’ve set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the FVS124G VPN Firewall.
Page 214 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports C-22 Preparing Your Network 202-10085-01, March 2005...
Page 215: Virtual Private Networking
There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But one of the most important advances has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols developed for transporting data.
Page 216: What Is Ipsec And How Does It Work
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization’s modem pool is one method of access for remote workers, but is expensive because the organization must pay the associated long distance telephone and service costs.
Page 217: Encapsulating Security Payload (Esp
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides authentication and integrity. • Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.
Page 218: Authentication Header (Ah
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication.
Page 219: Mode
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection, while transport mode is used for host-to-host IPSec tunnel protection.
Page 220: Key Management
This TechNote provides case studies on how to configure a secure IPSec VPN tunnels. This document assumes the reader has a working knowledge of NETGEAR management systems. NETGEAR is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor interoperability. The VPN Consortium has developed specific scenarios to aid system administrators in the often confusing process of connecting two different vendor implementations of the IPSec standard.
Page 221: Vpn Process Overview
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the generic processes for connecting two gateways before diving into to the specifics.
Page 222: Setting Up A Vpn Tunnel Between Gateways
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct. Table 9-1.
Page 223 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Gateway A Figure 9-8: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B.
Page 224: Vpnc Ike Security Parameters
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports IKE Phase I. The two parties negotiate the encryption and authentication algorithms to use in the IKE SAs. The two parties authenticate each other using a predetermined mechanism, such as preshared keys or digital certificates.
Page 225: Vpnc Ike Phase Ii Parameters
LAN-side of the other gateway. You can troubleshoot connections using the VPN status and log details on the Netgear gateway to determine if IKE negotiation is working. Common problems encountered in setting up VPNs include: •...
Page 226 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. •...
Page 227: Glossary
Glossary List of Glossary Terms Use the list below to find definitions for technical terms used in this manual. Numeric 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 802.1x 802.1x defines port-based, network access control used to provide authenticated network access and automated data encryption key management.
Page 228: March
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Access Control List (ACL) An ACL is a database that an Operating System uses to track each user’s access rights to system objects (such as file directories and/or files). Ad-hoc Mode An 802.11 networking framework in which devices or stations communicate directly with each other, without the use of an access point (AP).
Page 229 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Broadcast A packet sent to all devices on a network. Class of Service A term to describe treating different types of traffic with different levels of service priority. Higher priority traffic gets faster treatment during times of switch congestion A Certificate Authority is a trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs.
Page 230 .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain. Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5...
Page 231 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Ethernet A LAN specification developed jointly by Xerox, Intel and Digital Equipment Corporation. Ethernet networks transmit packets at a rate of 10 Mbps. Gateway A local device, usually a router, that connects hosts on a local network to other networks.
Page 232 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Internet Protocol The method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it among all other computers on the Internet.
Page 233 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Local Area Network A communications network serving users within a limited area, such as one floor of a building. A LAN typically connects multiple personal computers and shared network devices such as storage and printers. Although many technologies exist to implement a LAN, Ethernet is the most common for connecting personal computers and is limited to a distance of 1,500 feet.
Page 234 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports packet A block of information sent over a network. A packet typically contains a source and destination network address, some protocol and length information, a block of data, and a checksum. Point-to-Point Protocol PPP.
Page 235 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports See “Quality of Service” Quality of Service QoS is a networking term that specifies a guaranteed level of throughput. Throughput is the amount of data transferred from one device to another or processed in a specified amount of time - typically, throughputs are measured in bytes per second (Bps).
Page 236: March
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Subnet Mask Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router. TCP/IP The main internetworking protocols used in the Internet.
Page 237 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Wide Area Network A WAN is a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs). Wi-Fi A trade name for the 802.11b wireless networking standard, given by the Wireless Ethernet Compatibility Alliance (WECA, see http://www.wi-fi.net), an industry standards group promoting interoperability among...
Page 238 Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Glossary 202-10085-01, March 2005...

This manual is also suitable for:

Fvs124gna

NETGEAR ProSafe FVS124G Reference Manual

Chapter 1 About this Manual

Chapter 2 Introduction

Chapter 3 Network Planning

Chapter 4 Connecting the FVS124G to the Internet

Chapter 5 LAN Configuration

Chapter 6 Firewall Protection and Content Filtering

Chapter 7 Virtual Private Networking

Chapter 8 Router and Network Management

Chapter 9 Troubleshooting

Appendix A

Technical Specifications

Appendix B Network, Routing, Firewall, and Basics

Appendix C Preparing Your Network

Appendix D Virtual Private Networking

Glossary

Quick Links

Troubleshooting

Related Manuals for NETGEAR ProSafe FVS124G

Summary of Contents for NETGEAR ProSafe FVS124G