NETGEAR FVL328 Reference Manual
Prosafe high-speed vpn firewall
Hide thumbs
Also See for FVL328:
- Reference manual (32 pages) ,
- Configuration manual (21 pages) ,
- Faq (9 pages)
Table of Contents
Advertisement
Quick Links
Download this manual
See also:
Configuration Manual
Advertisement
Table of Contents
Troubleshooting
Related Manuals for NETGEAR FVL328
Summary of Contents for NETGEAR FVL328
-
Page 1: Reference Manual
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR M-10144-01 December 2003 M-10144-01... - Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
-
Page 3: Technical Support
Refer to the Support Information Card that shipped with your FVL328 Prosafe High Speed VPN Firewall. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required. - Page 4 M-10144-01...
-
Page 5: Table Of Contents
Features of the HTML Version of this Manual ..............1-3 How to Print this Manual ....................1-4 Chapter 2 Introduction About the FVL328 ......................2-1 Summary of New Features in the FVL328 ..............2-1 Key Features ........................2-1 Virtual Private Networking ..................2-2 A Powerful, True Firewall ..................2-2 ICSA Small/Medium Business Category ..............2-3 Content Filtering .......................2-3... - Page 6 Worksheet for Recording Your Internet Connection Information ......3-3 Connecting the FVL328 to Your LAN ................3-4 How to Connect the FVL328 to Your LAN ..............3-4 Configuring for a Wizard-Detected Login Account ...........3-9 Configuring for a Wizard-Detected Dynamic IP Account ........3-11 Configuring for a Wizard-Detected Fixed IP (Static) Account ........3-12...
- Page 7 Certificate Revocation List (CRL) ................6-14 Walk-Through of Configuration Scenarios ..............6-15 VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets ......6-15 FVL328 Scenario 1: How to Configure the IKE and VPN Policies ......6-17 How to Check VPN Connections ................6-21 FVL328 Scenario 2: Authenticating with RSA Certificates ........6-22...
- Page 8 Enabling Security Event E-mail Notification ..............7-9 Backing Up, Restoring, or Erasing Your Settings ............7-10 How to Back Up the FVL328 Configuration to a File ..........7-10 How to Restore a Configuration from a File ............7-11 How to Erase the Configuration ................7-11 Running Diagnostic Utilities and Rebooting the Router ..........7-12...
- Page 9 Subnet Addressing ....................B-4 Private IP Addresses ....................B-7 Single IP Address Operation Using NAT ..............B-7 MAC Addresses and Address Resolution Protocol ..........B-9 Related Documents ....................B-9 Domain Name Server ....................B-9 IP Configuration by DHCP ..................B-10 Internet Security and Firewalls ..................
- Page 10 Appendix D Firewall Log Formats Action List ........................D-1 Field List ........................D-1 Outbound Log ........................ D-1 Inbound Log ........................D-2 Other IP Traffic ......................D-2 Router Operation ......................D-3 Other Connections and Traffic to this Router ..............D-4 DoS Attack/Scan ......................D-4 Access Block Site ......................
- Page 11 Testing the VPN Connection ..................H-14 From the Client PC to the FVL328 ................ H-14 From the FVL328 to the Client PC ................ H-15 Monitoring the PC VPN Connection ................H-15 Viewing the FVL328 VPN Status and Log Information ..........H-17 Contents M-10144-01...
- Page 12 Appendix I NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 Configuration Template ....................I-1 Using DDNS and Fully Qualified Domain Names (FQDN) ........I-2 Step-By-Step Configuration of FVS318 or FVM318 Gateway A ........I-3 Step-By-Step Configuration of FVL328 Gateway B ............I-7 Test the VPN Connection ....................I-12...
-
Page 13: About This Manual
Chapter 1 About This Manual This chapter introduces the NETGEAR FVL328 Prosafe High Speed VPN Firewall manual. Audience This reference manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and VPN technology tutorial information is provided in the Appendices and on the NETGEAR Web site. -
Page 14: Typographical Conventions
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Typographical Conventions This guide uses the following typographical conventions: Table 1-2. Typographical conventions italics Emphasis. bold times roman User input. [Enter] Named keys in text are shown enclosed in square brackets. The notation [Enter] is used for the Enter key and the Return key. -
Page 15: Features Of The Html Version Of This Manual
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Features of the HTML Version of this Manual The HTML version of this manual includes these features. Figure Preface 1-1: HTML version of this manual 1. Left pane. Use the left pane to view the Contents, Index, Search, and Favorites tabs. -
Page 16: How To Print This Manual
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on the upper right side of the toolbar to print the currently displayed topic. -
Page 17: Introduction
Network Address Translation (NAT) for security, the FVL328 uses Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection. The 8-port FVL328 provides highly reliable Internet access for up to 253 users with up to 100 concurrent VPN tunnels. -
Page 18: Virtual Private Networking
• VPNC Certified A Powerful, True Firewall Unlike simple Internet sharing NAT routers, the FVL328 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include: • DoS protection Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing. -
Page 19: Icsa Small/Medium Business Category
Internet sites. Configurable Auto Uplink™ Ethernet Connection With its internal 8-port 10/100 switch, the FVL328 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the local LAN and the Internet WAN interfaces are 10/100 Mbps, autosensing, and capable of full-duplex or half-duplex operation. -
Page 20: Easy Installation And Management
(ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account. This feature can also be turned off completely for using the FVL328 in settings where you want to manage the IP address scheme of your organization. -
Page 21: What's In The Box
These functions allow you to test Internet connectivity and reboot the firewall. You can use these diagnostic functions directly from the FVL328 when your are connected on the LAN or when you are connected over the Internet via the remote management function. -
Page 22: The Firewall's Front Panel
• Support information card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. Note: Product updates are available on the NETGEAR, Inc. Web site at http:// www.netgear.com/support/main.asp. -
Page 23: The Firewall's Rear Panel
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Table 2-1: LED Descriptions On/Blinking The Local port is operating at 100 Mbps. LINK/ACT On/Blinking The Local port has detected a link with a LAN connection and is (Link/Activity) operating at 10 Mbps. Blinking indicates data transmission. - Page 24 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Introduction M-10144-01...
-
Page 25: Connecting The Fvl328 To The Internet
This chapter describes how to set up the firewall on your Local Area Network (LAN) and connect to the Internet. You can perform basic configuration of your FVL328 Prosafe High Speed VPN Firewall using the Setup Wizard, or manually configure your Internet connection. -
Page 26: Internet Configuration Requirements
For Macintosh computers, open the TCP/IP or Network control panel. • You may also refer to the FVL328 Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the page below according to the instructions in “Worksheet for Recording Your Internet Connection... -
Page 27: Worksheet For Recording Your Internet Connection Information
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Worksheet for Recording Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. -
Page 28: Connecting The Fvl328 To Your Lan
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connecting the FVL328 to Your LAN This section provides instructions for connecting the FVL328 Prosafe High Speed VPN Firewall to your Local Area Network (LAN). Note: The Resource CD included with your firewall contains an animated Installation Assistant to help you through this procedure. - Page 29 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Connect the Ethernet cable (A) from your cable or DSL modem to the FVL328’s Internet port. Cable or DSL modem LO CA L 1 0 / 1 0 0 M IN TER N ET 1 2 V D C O .
- Page 30 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 2. Log in to the FVL328. Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. Please refer to Appendix C, "Preparing Your Network"...
- Page 31 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual A login window opens as shown in Figure 3-5 below: Figure 3-5: Login window For security reasons, the firewall has its own user name and password. When prompted, enter admin for the firewall User Name and...
- Page 32 Choose NAT or Classical Routing. NAT automatically assigns private IP addresses (192.168.0.x) to LAN connected devices. Classical routing lets you directly manage the IP addresses the FVL328 uses. Classical routing should be selected only by experienced users. Click Next and follow the steps in the Setup Wizard for inputting the configuration parameters from your ISP to connect to the Internet.
-
Page 33: Configuring For A Wizard-Detected Login Account
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Configuring for a Wizard-Detected Login Account If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet (PPPoE), you will be directed to a menu like the PPPoE menu in... - Page 34 Perform a DNS Lookup. A DNS (Domain Name Server) converts the Internet name (e.g. www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can do a DNS lookup to find the IP address.
-
Page 35: Configuring For A Wizard-Detected Dynamic Ip Account
A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP address of one or two DNS servers to your firewall during login. If the ISP does not transfer an address, you must obtain it from the ISP and enter it manually here. -
Page 36: Configuring For A Wizard-Detected Fixed Ip (Static) Account
This feature allows your firewall to masquerade as that computer by using its MAC address. Click Apply to save your settings. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, Troubleshooting. -
Page 37: Testing Your Internet Connection
Click Apply to save the settings. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, Troubleshooting. -
Page 38: Manually Configuring Your Internet Connection
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. -
Page 39: How To Complete A Manual Configuration
Note: Disabling NAT will reboot the router and reset all the FVL328 configuration settings to the factory default. Disable NAT only if you plan to install the FVL328 in a setting where you will be manually administering the IP address space on the LAN side of the router. - Page 40 Note: Disabling NAT will reboot the router and reset all the FVL328 configuration settings to the factory default. Disable NAT only if you plan to install the FVL328 in a setting where you will be manually administering the IP address space on the LAN side of the router.
-
Page 41: Wan And Lan Configuration
Chapter 4 WAN and LAN Configuration This chapter describes how to configure the WAN and LAN settings of your FVL328 Prosafe High Speed VPN Firewall v2. Configuring LAN IP Settings The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and RIP. These features can be found under the Advanced heading in the Main Menu of the browser interface. -
Page 42: Using The Router As A Dhcp Server
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual — When set to None, it will not send any RIP packets and will ignore any RIP packets received. • RIP Version This controls the format and the broadcasting method of the RIP packets that the router sends. -
Page 43: How To Configure Lan Tcp/Ip Setup Settings
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual The firewall will deliver the following parameters to any LAN device that requests DHCP: • An IP Address from the range you have defined • Subnet Mask • Gateway IP Address is the firewall’s LAN IP address •... -
Page 44: How To Configure Reserved Ip Addresses
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Enter the LAN TCP/IP and DHCP parameters. Click Apply to save your changes. How to Configure Reserved IP Addresses When you specify a reserved IP address for a PC on the LAN, that PC will always receive the same IP address each time it accesses the firewall’s DHCP server. -
Page 45: Connecting Automatically, As Required
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Connecting Automatically, as Required Normally, this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected. However, if this causes high connection costs, you can disable this setting. -
Page 46: Responding To Ping On Internet Wan Port
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Responding to Ping on Internet WAN Port If you want the firewall to respond to a 'ping' from the Internet, click the ‘Respond to Ping on Internet WAN Port’ check box. This should only be used as a diagnostic tool, since it allows your firewall to be discovered. -
Page 47: How To Configure Dynamic Dns
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual How to Configure Dynamic DNS Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of , default password of , or using whatever password and LAN address... -
Page 48: How To Configure Static Routes
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual When you first configured your firewall, two implicit static routes were created. A default route was created with your ISP as the gateway, and a second static route was created to your local network for all 192.168.0.x addresses. - Page 49 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Click the Edit button to open the Edit Menu, shown below. Figure 4-3: Static Route Entry and Edit Menu Type a route name for this static route in the Route Name box under the table.
- Page 50 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 4-10 WAN and LAN Configuration M-10144-01...
-
Page 51: Protecting Your Network
Chapter 5 Protecting Your Network This chapter describes how to use the basic firewall features of the FVL328 Prosafe High Speed VPN Firewall to protect your network. Protecting Access to Your FVL328 Firewall For security reasons, the firewall has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect. -
Page 52: How To Change The Administrator Login Timeout
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Figure 5-1: Set Password menu To change the password, first enter the old password, then enter the new password twice. Click Apply to save your changes. Note: After changing the password, you will be required to log in again to continue the configuration. -
Page 53: Blocking Keywords, Sites, And Services
The section below explains how to configure your How to Block Keywords and Sites The FVL328 Firewall allows you to restrict access to Internet content based on functions such as Java or Cookies, Web addresses and Web address keywords. Log in to the firewall at its default LAN address of http://192.168.0.1... - Page 54 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Figure 5-2: Block Sites menu To enable keyword blocking, check “Turn keyword blocking on”, enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply. Some examples of Keyword blocking follow: •...
-
Page 55: Using Firewall Rules To Regulate Network Traffic
You can also choose to log traffic that matches or does not match the rule you have defined. To access the Rules configuration of the FVL328, click the Rules link on the main menu, then click Add for either an Outbound or Inbound Service. -
Page 56: Rules Menu Options
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Figure 5-3: Rules menu • To edit an existing rule, select its button on the left side of the table and click Edit. • To delete an existing rule, select its button on the left side of the table and click Delete. -
Page 57: Using Inbound Rules (Port Forwarding)
GRE. Note that these are packet types, not protocols. Using Inbound Rules (Port Forwarding) The FVL328 uses Network Address Translation (NAT), unless this feature is turned off. Using NAT, your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. - Page 58 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual local public Web server Figure 5-4: Rule example: a The parameters are: • Service — select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add...
-
Page 59: Inbound Rule Example: Videoconferencing From Restricted Addresses
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Inbound Rule Example: Videoconferencing from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown... -
Page 60: Using Outbound Rules (Service Blocking)
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Using Outbound Rules (Service Blocking) The FVL328 allows you to block the use of certain Internet services by computers on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local computer based on: •... - Page 61 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual The parameters are: • Service — select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add...
-
Page 62: Understanding The Order Of Precedence For Rules
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Understanding the Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown below. Figure 5-7: Rules table with examples For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules at the bottom. -
Page 63: How To Define Services
Appendix B, “Networks, Routing, and Firewall Basics. Although the FVL328 already holds a list of many service port numbers, you are not limited to these choices. Use the procedure below to create your own service definitions. How to Define Services Log in to the firewall at its default LAN address of http://192.168.0.1... -
Page 64: Setting Times And Scheduling Firewall Services
Click Apply to save your changes. Setting Times and Scheduling Firewall Services The FVL328 Firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. The FVL328 includes a battery-backed real-time clock so time will persist if power is removed. - Page 65 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Click the Schedule link of the Security menu to display the menu shown below. Figure 5-10: Schedule Services menu Select your Time Zone. This setting will be used for the blocking schedule according to your local time zone and for time-stamping log entries.
-
Page 66: How To Schedule Firewall Services
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual • Set Clock - Use this to set a particular Date/Time to the RTC. This is only useful if “Synchronize to NTP Server” is disabled. Otherwise, your setting will be lost on the next synchronization. -
Page 67: Virtual Private Networking
FVL328 VPN Firewall FVL328 VPN Firewall FVL328 Figure 6-1: Secure access through VPN routers Using Policies to Manage VPN Traffic You create policy definitions to manage VPN traffic on the FVL328. There are two kinds of policies: Virtual Private Networking M-10144-01... -
Page 68: Using Automatic Key Management
VPN parameters on other end, and vice versa. When the network traffic enters into the FVL328 from the LAN network interface, if there is no VPN policy found for a type of network traffic, then that traffic passes through without any change. -
Page 69: Ike Policies' Automatic Key And Authentication Management
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual IKE Policies’ Automatic Key and Authentication Management Click the IKE Policies link from the VPN section of the main menu, and then click the Add button of the IKE Policies screen to display the IKE Policy Configuration menu shown in Figure 6-2. - Page 70 These parameters apply to the Local FVL328 firewall. Local Identity Type Use this field to identify the local FVL328. You can choose one of the following four options from the drop-down list: • By its Internet (WAN) port IP address.
- Page 71 Field Description Remote Identity Type Use this field to identify the remote FVL328. You can choose one of the following four options from the drop-down list: • By its Internet (WAN) port IP address. • By its Fully Qualified Domain Name (FQDN) – your domain name.
-
Page 72: Vpn Policy Configuration For Auto Key Negotiation
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual VPN Policy Configuration for Auto Key Negotiation An already defined IKE policy is required for VPN - Auto Policy configuration. From the VPN Policies section of the main menu, you can navigate to the VPN - Auto Policy configuration menu. - Page 73 Remote VPN Endpoint The address used to locate the remote VPN firewall or client to which you want to connect. The remote VPN endpoint must have this FVL328’s Local Identity Data entered as its “Remote VPN Endpoint”: • By its IP Address.
- Page 74 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Table 6-1. VPN Auto Policy Configuration Fields Field Description Local IP The drop-down menu allows you to configure the source IP address of the outbound network traffic for which this VPN policy will provide security.
-
Page 75: Vpn Policy Configuration For Manual Key Exchange
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Table 6-1. VPN Auto Policy Configuration Fields Field Description Authentication If you enable AH, then use this menu to select which authentication algorithm Algorithm will be employed. The choices are: MD5 – the default, or SHA1 – more secure NetBIOS Enable Check this if you want NetBIOS traffic to be forwarded over the VPN tunnel. - Page 76 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Figure 6-4: VPN - Manual Policy Menu 6-10 Virtual Private Networking M-10144-01...
- Page 77 The WAN Internet IP address or Fully Qualified Domain Name of the remote VPN firewall or client to which you want to connect. The remote VPN endpoint must have this FVL328’s WAN Internet IP address entered as its “Remote VPN Endpoint.”...
- Page 78 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Table 6-1. VPN Manual Policy Configuration Fields Field Description Authenticating Header AH specifies the authentication protocol for the VPN header. These settings (AH) Configuration must match the remote VPN endpoint. Note: The "Incoming" settings must match the "Outgoing" settings on the remote VPN endpoint, and the "Outgoing"...
- Page 79 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Table 6-1. VPN Manual Policy Configuration Fields Field Description SPI - Outgoing Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the remote VPN endpoint has the same value in its "Incoming SPI" field.
-
Page 80: Using Digital Certificates For Ike Auto-Policy Authentication
CA’s certificate to authenticate. Each CA has its own certificate. The certificates of a CA are added to the FVL328 and can then be used to form IKE policies for the user. Once a CA certificate is added to the FVL328 and a certificate is created for a user, the corresponding IKE policy is added to the FVL328. -
Page 81: Walk-Through Of Configuration Scenarios
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Walk-Through of Configuration Scenarios There are a variety of configurations you might implement with the FVL328. The scenarios listed below illustrate typical configurations you might use in your organization. In order to help make it easier to set up an IPsec system, the following two scenarios are provided. - Page 82 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17. Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet) interface has the address 22.23.24.25.
-
Page 83: Fvl328 Scenario 1: How To Configure The Ike And Vpn Policies
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual FVL328 Scenario 1: How to Configure the IKE and VPN Policies Note: This scenario assumes all ports are open on the FVL328. You can verify this by reviewing the security settings as seen in the “Rules menu”... - Page 84 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Select whether enable or disable NAT (Network Address Translation). NAT allows all LAN computers to gain Internet access via this Router, by sharing this Router's WAN IP address. In most situations, NAT is essential for Internet access via this Router. You should only disable NAT if you are sure you do not require it.
- Page 85 Note: After you click Apply to change the LAN IP address settings, your workstation will be disconnected from the FVL328. You will have to log on with http://10.5.6.1 which is now the address you use to connect to the built-in Web-based configuration manager of the FVL328.
- Page 86 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual 4. Set up the FVL328 VPN -Auto Policy illustrated below. From the main menu VPN section, click the VPN Policies link, and then click the Add Auto Policy button. Figure 6-9: Scenario 1 VPN - Auto Policy Configure the IKE Policy according to the settings in the illustration above and click Apply to save your settings.
-
Page 87: How To Check Vpn Connections
5. After applying these changes, you will see a table entry like the one below. Figure 6-10: VPN Policies table Now all traffic from the range of LAN IP addresses specified on FVL328 A and FVL328 B will flow over a secure VPN tunnel. -
Page 88: Fvl328 Scenario 2: Authenticating With Rsa Certificates
At this point the connection is established. Note: If you want to ping the FVL328 as a test of network connectivity, be sure the FVL328 is configured to respond to a ping on the Internet WAN port by checking the check box seen in “Rules menu”... - Page 89 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Note: The procedure for obtaining certificates differs between a CA like Verisign and a CA such as a Windows 2000 certificate server, which an organization operates for providing certificates for its members. For example, an administrator of a Windows 2000 certificate server might provide it to you via e-mail.
- Page 90 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Click the Generate Request button to display the screen illustrated in Figure 6-12 below. Figure 6-12: Generate Self Certificate Request menu Fill in the fields on the Add Self Certificate screen. •...
- Page 91 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Click the Next button to continue. The FVL328 generates a Self Certificate Request as shown below. Highlight, copy and paste this data into a text file. Figure 6-13: Self Certificate Request data 4.
- Page 92 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Figure 6-14: Self Certificate Requests table 5. Receive the certificate back from the Trusted Root CA and save it as a text file. Note: In the case of a Windows 2000 internal CA, the CA administrator might simply email it to back to you.
- Page 93 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual You will now see the “FVL328” entry in the Active Self Certificates table and the pending “FVL328” Self Certificate Request is gone, as illustrated below. Figure 6-15: Self Certificates table 7. Associate the new certificate and the Trusted Root CA certificate on the FVL328.
- Page 94 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Now, the traffic from devices within the range of the LAN subnet addresses on FVL328 Gateway A and Gateway B will be authenticated using the certificates and generated keys rather than via a shared key.
-
Page 95: Managing Your Network
This chapter describes how to perform network management tasks with your FVL328 Prosafe High Speed VPN Firewall. Network Management The FVL328 provides remote management access and a variety of status and usage information which is discussed below. How to Configure Remote Management Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your FVL328 Prosafe High Speed VPN Firewall. - Page 96 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access. Specify the Port Number that will be used for accessing the management interface.
-
Page 97: Viewing Router Status And Usage Statistics
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Viewing Router Status and Usage Statistics From the main menu, under Maintenance, select Router Status to view the screen in Figure 7-1 below. Figure 7-1: Router Status screen The Router Status menu provides a limited amount of status and usage information. - Page 98 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Table 7-1. Router Status Fields Field Description DHCP If set to OFF, the firewall will not assign IP addresses to local computers on the LAN. If set to ON, the firewall is configured to assign IP addresses to local computers on the LAN.
-
Page 99: Viewing Attached Devices
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual This screen shows the following statistics: Table 7-2. Router Statistics Fields Field Description System up Time The time elapsed since the last power cycle or reset. WAN or LAN Port The statistics for the WAN (Internet) and LAN (local) ports. For each port, the screen... -
Page 100: Viewing, Selecting, And Saving Logged Information
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Select the check box if you want to enable NetBIOS detection. If the NetBIOS name is not available, “Unknown” is listed as the Device Name. If the firewall is rebooted, the table data is lost until the firewall rediscovers the devices. To force the firewall to look for attached devices, click the Refresh button. - Page 101 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Log entries are described below: Table 7-5: Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any.
-
Page 102: Changing The Include In Log Settings
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Changing the Include in Log Settings You can choose to log additional information. Those optional selections are as follows: • Known DoS attacks and Port Scans • Attempted access to blocked sites •... -
Page 103: Enabling Security Event E-Mail Notification
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-mail menu: Figure 7-7: E-mail notification menu To enable E-mail notification, configure the following fields: •... -
Page 104: Backing Up, Restoring, Or Erasing Your Settings
Backing Up, Restoring, or Erasing Your Settings The configuration settings of the FVL328 Firewall are stored in a configuration file in the firewall. This file can be backed up to your computer, restored, or reverted to factory default settings. The procedures below explain how to do these tasks. -
Page 105: How To Restore A Configuration From A File
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual From the Maintenance heading of the main menu, select the Settings Backup menu as seen below. Figure 7-8: Settings Backup menu Click Backup to save a copy of the current settings. Store the file on a computer on your network. -
Page 106: Running Diagnostic Utilities And Rebooting The Router
“How to Use the Default Reset Button” on page 8-7. Running Diagnostic Utilities and Rebooting the Router The FVL328 Firewall has a diagnostics feature. You can use the diagnostics menu to perform the following functions from the firewall: • Ping an IP Address to test connectivity to see if you can reach a remote host. -
Page 107: Upgrading The Router's Firmware
Figure 7-9: Diagnostics menu Upgrading the Router’s Firmware The software of the FVL328 Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR Web site. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.BIN or .IMG) file before uploading it to the firewall. -
Page 108: How To Upgrade The Router
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual How to Upgrade the Router Download and unzip the new software file from NETGEAR. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default user name of... -
Page 109: Troubleshooting
Chapter 8 Troubleshooting This chapter gives information about troubleshooting your FVL328 Prosafe High Speed VPN Firewall. For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to “Basic Functions”... -
Page 110: Power Led Not On
• Check that you are using the 12VDC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support. -
Page 111: Local Or Internet Port Link Leds Not On
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Local or Internet Port Link LEDs Not On If either the Local or Internet Port Link LEDs do not light when the Ethernet connection is made, check the following: • Make sure that the Ethernet cable connections are secure at the firewall and at the hub or computer. -
Page 112: Troubleshooting The Isp Connection
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual • Try quitting the browser and launching it again. • Make sure you are using the correct login information. The factory default login name is admin and the password is password. Make sure that CAPS LOCK is off when entering this information. -
Page 113: Troubleshooting A Tcp/Ip Network Using A Ping Utility
A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. If you entered a DNS address during the firewall’s configuration, reboot your computer and verify the DNS address as described in “Verifying... -
Page 114: How To Test The Lan Path To Your Firewall
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual How to Test the LAN Path to Your Firewall You can ping the firewall from your computer to verify that the LAN path to your firewall is set up correctly. To ping the firewall from a PC running Windows 95 or later: From the Windows toolbar, click the Start button and select Run. -
Page 115: Restoring The Default Configuration And Password
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual PING -n 10 <IP address> where <IP address> is the IP address of a remote device such as your ISP’s DNS server. If the path is functioning correctly, replies as in the previous section are displayed. If you do not receive replies: —... -
Page 116: Problems With Date And Time
Release the Default Reset button and wait for the firewall to reboot. Problems with Date and Time The E-mail menu in the Security section displays the current date and time of day. The FVL328 Firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. -
Page 117: Technical Specifications
Appendix A Technical Specifications This appendix provides technical specifications for the FVL328 Prosafe High Speed VPN Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz, input... - Page 118 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Meets requirements of: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B Interface Specifications Local: 10BASE-T or 100BASE-Tx, RJ-45 Internet: 10BASE-T or 100BASE-Tx, RJ-45 Certifications Firewall: ICSA Certified, Small/Medium Business (SMB) Category version 4.0...
-
Page 119: Networks, Routing, And Firewall Basics
Appendix B Networks, Routing, and Firewall Basics This appendix provides an overview of IP networks, routing, and firewalls. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet. -
Page 120: Routing Information Protocol
Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. The FVL328 Firewall supports both the older RIP-1 and the newer RIP-2 protocols. Among other improvements, RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications. - Page 121 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Class A Network Node Class B Network Node Class C Network Node Figure 8-1: Three Main Address Classes The five address classes are: • Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use an eight-bit network number and a 24-bit node number.
-
Page 122: Netmask
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. For each unique value of the network portion of the address, the base address of the range (host address of all zeros) is known as the network address and is not usually assigned to a host. - Page 123 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node numbers translating to 64,000 nodes. Most organizations do not use 64,000 nodes, so there are free bits that can be reassigned.
- Page 124 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet bits. For example, to partition your Class C network with subnet mask 255.255.255.0 into 16 subnets (4 bits), the new subnet mask becomes 255.255.255.240.
-
Page 125: Private Ip Addresses
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets. When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address. - Page 126 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual The router accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. The internal LAN IP addresses can be either private addresses or registered addresses.
-
Page 127: Mac Addresses And Address Resolution Protocol
Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. Just as... -
Page 128: Ip Configuration By Dhcp
DHCP server stores a list or pool of IP addresses, along with other information (such as gateway and DNS addresses) that it may assign to the other devices on the network. The FVL328 Firewall has the capacity to act as a DHCP server. -
Page 129: What Is A Firewall
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. -
Page 130: Ethernet Cabling
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Ethernet Cabling Although Ethernet networks originally used thick or thin coaxial cable, most installations currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and terminated with an RJ45 type connector. A normal "straight-through" UTP... -
Page 131: Cable Quality
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Cable Quality A twisted pair Ethernet network operating at 10 Mbits/second (10BASE-T) will often tolerate low quality cables, but at 100 Mbits/second (10BASE-Tx) the cable must be rated as Category 5, or "Cat 5", by the Electronic Industry Association (EIA). - Page 132 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual B-14 Networks, Routing, and Firewall Basics M-10144-01...
-
Page 133: Appendix C Preparing Your Network
Preparing Your Network This appendix describes how to prepare your network to connect to the Internet through the FVL328 Prosafe High Speed VPN Firewall and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). -
Page 134: Configuring Windows 95, 98, And Me For Tcp/Ip Networking
“Appendix B, “Networks, Routing, and Firewall Basics.” The FVL328 Firewall is shipped preconfigured as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the computers are rebooted: • PC or workstation IP addresses—192.168.0.2 through 192.168.0.254 •... - Page 135 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
-
Page 136: Enabling Dhcp To Automatically Configure Tcp/Ip Settings
The simplest way to configure this information is to allow the PC to obtain the information from the internal DHCP server of the FVL328 Firewall. To use DHCP with the recommended default addresses, follow these steps: Connect all computers to the firewall, then restart the firewall and allow it to boot. -
Page 137: Verifying Tcp/Ip Properties
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Uncheck all boxes in the LAN Internet Configuration screen and click Next. Proceed to the end of the Wizard. Verifying TCP/IP Properties After your PC is configured and has rebooted, you can check the TCP/IP configuration using the utility winipcfg.exe:... -
Page 138: Verifying Tcp/Ip Properties
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Verify that ‘Client for Microsoft Networks’ and ‘Internet Protocol (TCP/IP)’ are present. If not, select Install and add them. Select ‘Internet Protocol (TCP/IP)’, click Properties, and verify that “Obtain an IP address automatically is selected. -
Page 139: Macos X
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual The TCP/IP Control Panel opens: From the “Connect via” box, select your Macintosh’s Ethernet interface. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty. -
Page 140: Verifying Tcp/Ip Properties For Macintosh Computers
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Verifying TCP/IP Properties for Macintosh Computers After your Macintosh is configured and has rebooted, you can check the TCP/IP configuration by returning to the TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. -
Page 141: Verifying The Readiness Of Your Internet Account
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer. -
Page 142: Obtaining Isp Configuration Information For Windows Computers
As mentioned above, you may need to collect configuration information from your PC so that you can use this information when you configure the FVL328 Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information. -
Page 143: Obtaining Isp Configuration Information For Macintosh Computers
As mentioned above, you may need to collect configuration information from your Macintosh so that you can use this information when you configure the FVL328 Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information. -
Page 144: Restarting The Network
Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your FVL328 Firewall, you are ready to access and configure the firewall. -
Page 145: Appendix D Firewall Log Formats
Appendix D Firewall Log Formats Action List Drop: Packet dropped by Firewall current inbound or outbound rules. Reset: TCP session reset by Firewall. Forward: Packet forwarded by Firewall to the next hop based on matching the criteria in the rules table. Receive: Packet was permitted by the firewall rules and modified prior to being forwarded and/or replied to. -
Page 146: Inbound Log
User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software The format is: <DATE> <TIME> <PKT_TYPE> <SRC_IP> <SRC_INF> <DST_IP > <DST_INF> <ACTION><DESCRIPTION> [Fri, 2003-12-05 22:19:42] - UDP Packet - Source:172.31.12.233,138 ,WAN - Destination:172.31.12.255,138 ,LAN [Drop] - [Inbound Default rule match] [Fri, 2003-12-05 22:35:04] - TCP Packet - Source:172.31.12.156,34239 ,WAN -... -
Page 147: Router Operation
User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software The format is: <DATE><TIME><PKT_TYPE>< SRC_IP><SRC_PORT ><SRC_INF>< DST_IP><DST_PORT ><DST_PORT><ACTION><DESCRIPTION> <DATE><TIME> <PKT_TYPE> <SRC_IP> <SRC_INF> <DST_IP> <DST_INF> <ACTION> <DESCRIPTION> [Wed, 2003-07-30 17:43:28] - IPSEC Packet - Source: 64.3.3.201, 37180 WAN - Destination: 10.10.10.4,80[HTTP] LAN - [Drop] [VPN Packet]... -
Page 148: Other Connections And Traffic To This Router
User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software Other Connections and Traffic to this Router The format is: <DATE><TIME>< PKT_TYPE ><SRC_IP><DST_IP><ACTION> [Fri, 2003-12-05 22:31:27] - ICMP Packet[Echo Request] - Source: 192.168.0.10 - Destination: 192.168.0.1 - [Receive]... - Page 149 User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software The format is: <DATE><TIME><PKT_TYPE>< SRC_IP><SRC_PORT ><SRC_INF>< DST_IP><DST_PORT ><DST_PORT><ACTION><DESCRIPTION> <DATE> <TIME> <PKT_TYPE> <SRC_IP> <SRC_INF> <DST_IP> <DST_INF> <ACTION> <DESCRIPTION> [Fri, 2003-12-05 21:22:07] - TCP Packet - Source:172.31.12.156,54611 ,WAN - Destination:172.31.12.157,134 ,LAN [Drop] - [FIN Scan] [Fri, 2003-12-05 21:22:38] - TCP Packet - Source:172.31.12.156,59937 ,WAN -...
-
Page 150: Access Block Site
User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software Access Block Site If keyword blocking is enabled and a keyword is specified, attempts to access a site whose URL contains a specified keyword are logged. The format is <DATE>... -
Page 151: Policy Administration Log
User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software The format is: <DATE><TIME><EVENT ><SRC_IP> <DATE><TIME><EVENT ><SRC_IP><SRC_PORT><DST_IP><DST_PORT><ACTION> [Fri, 2003-12-05 21:07:43] - Administrator login successful - IP:192.168.0.10 [Fri, 2003-12-05 21:09:16] - Administrator logout - IP:192.168.0.10 [Fri, 2003-12-05 21:09:31] - Administrator login fail, Username error - IP:192.168.0.10... - Page 152 User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software Firewall Log Formats 202-10009-01...
-
Page 153: Virtual Private Networking
Appendix E Virtual Private Networking There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But one of the most important advances has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. -
Page 154: What Is Ipsec And How Does It Work
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization’s modem pool is one method of access for remote workers, but is expensive because the organization must pay the associated long distance telephone and service costs. -
Page 155: Encapsulating Security Payload (Esp
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides authentication and integrity. • Internet Key Exchange (IKE): Provides key management and Security Association (SA) management. Encapsulating Security Payload (ESP) ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection. -
Page 156: Authentication Header (Ah
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication. -
Page 157: Mode
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection, while transport mode is used for host-to-host IPSec tunnel protection. -
Page 158: Key Management
This document provides case studies on how to configure secure IPSec VPN tunnels. This document assumes the reader has a working knowledge of NETGEAR management systems. NETGEAR is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor interoperability. The VPN Consortium has developed specific scenarios to aid system administrators in the often confusing process of connecting two different vendor implementations of the IPSec standard. -
Page 159: Vpn Process Overview
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the generic processes for connecting two gateways before diving into to the specifics. -
Page 160: Firewalls
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct. Table 8-1. WAN (Internet/Public) and LAN (Internal/Private) Addressing... - Page 161 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Figure 8-8: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This communication is often referred to as a “tunnel.” The gateways contain this information so that it does not have to be loaded onto every computer connected to the gateways.
-
Page 162: Vpnc Ike Security Parameters
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual IKE Phase I. The two parties negotiate the encryption and authentication algorithms to use in the IKE SAs. The two parties authenticate each other using a predetermined mechanism, such as preshared keys or digital certificates. -
Page 163: Vpnc Ike Phase Ii Parameters
LAN-side of the other gateway. You can troubleshoot connections using the VPN status and log details on the NETGEAR gateway to determine if IKE negotiation is working. Common problems encountered in setting up VPNs include: •... - Page 164 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. • [RFC 1483] Multiprotocol Encapsulation over ATM Adaptation Layer 5, Juha Heinanen, Telecom Finland, July 1993.
-
Page 165: Netgear Vpn Configuration Fvs318 Or Fvm318 To Fvl328
FVS318 or FVM318 to FVL328 This appendix provides a case study on how to configure a secure IPSec VPN tunnel between a NETGEAR FVS318 or FVM318 to a FVL328v2. The configuration options and screens for the FVS318 and FVM318 are the same. -
Page 166: Step-By-Step Configuration Of Fvs318 Or Fvm318 Gateway A
Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 10.5.6.0/24 172.23.9.0/24 VPNC Example Network Interface Addressing Gateway B Gateway A 14.15.16.17 22.23.24.25 LAN IP LAN IP WAN IP WAN IP 10.5.6.1 172.23.9.1 Figure F-1: Addressing and Subnet Used for Examples Step-By-Step Configuration of FVS318 or FVM318 Gateway A Log in to the FVS318 or FVM318 labeled Gateway A as in the illustration. - Page 167 VPN leg (all 8 links are available in the example). Click the Edit button below. This will take you to the VPN Settings – Main Mode Menu. Figure F-3: Figure 3 – NETGEAR FVS318 VPN Settings (part 1) – Main Mode –...
- Page 168 Type the WAN IP address (22.23.24.25 in our example) of Gateway B in the Remote WAN IP or FQDN field. Figure F-4: Figure 4 – NETGEAR FVS318 VPN Settings (part 2) – Main Mode – From the Secure Association drop-down box, select Main Mode.
-
Page 169: Step-By-Step Configuration Of Fvl328 Gateway B
When the screen returns to the VPN Settings, make sure the Enable check box is selected. Step-By-Step Configuration of FVL328 Gateway B Log in to the NETGEAR FVL328 labeled Gateway B as in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its... - Page 170 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Figure F-6: NETGEAR FVL328 IKE Policy Configuration – Part 1 – Enter an appropriate name for the policy in the Policy Name field. This name is not supplied to the remote VPN Endpoint. It is used to help you manage the IKE policies. In our example we have used FVS318 as the Policy Name.
- Page 171 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Figure F-7: NETGEAR FVL328 IKE Policy Configuration – Part 2 – From the Encryption Algorithm drop-down box, select 3DES. – From the Authentication Algorithm drop-down box, select MD5. – From the Authentication Method radio button, select Pre-shared Key.
- Page 172 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Figure F-9: NETGEAR FVL328 VPN – Auto Policy (part 1) – Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. In our example we have used “to318” as the Policy Name. In the Policy Name field type to318.
- Page 173 Type the LAN Subnet Mask of Gateway B (255.255.255.0 in our example) in the Local IP Subnet Mask field. Figure F-10: NETGEAR FVL328 VPN – Auto Policy (part 2) – From the Traffic Selector Remote IP drop-down box, select Subnet address.
-
Page 174: Test The Vpn Connection
Click the Apply button. Test the VPN Connection From a PC behind the NETGEAR FVS318 or FVM318 gateway A attempt to ping the remote FVL328v2 gateway B LAN Interface address (example address 172.23.9.1) From a PC behind the FVL328v2 gateway B attempt to ping the remote NETGEAR FVS318 or FVM318 gateway A LAN Interface address (example address 10.5.6.1) - Page 175 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual 13:19:02 - FVS318 IPSec:sizeof(connection)=1724 sizeof(state)=10048 sizeof(SA)=732 13:19:42 - FVS318 IPsec:call ipsecdoi_initiate 13:19:42 - FVS318 IPsec:New State index:0, sno:1 13:19:42 - FVS318 IPsec:Initiating Main Mode 13:19:42 - FVS318 IPsec:main_outI1() policy=65 13:19:42 - FVS318 IKE:[toFVL328] Initializing IKE Main Mode 13:19:42 - FVS318 IKE:[toFVL328] TX >>...
- Page 176 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual F-12 NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 M-10144-01...
-
Page 177: Fvl328 To Windows 2000 Server And Ssh Sentinel Vpn Configuration
Appendix G FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration This appendix gives information on configuring FVL328 to Windows 2000 server VPN. Configuring FVL328 to Windows 2000 Server VPN 192.168.0.x---FVL328---172.16.6.97---172.16.9.10 ---Win2K---11.5.0.10 FVL328 LAN IP:192.168.0.1 WAN IP:172.16.6.97 Windows 2000 Server LAN IP: 11.5.0.10 WAN IP:172.16.9.10... - Page 178 Click Next, then type the policy name, for example, DUT To Win2K. DUT in this example refers to Device Under Test. Click Next. Clear the Activate to default response rule check box. Click Next, then click finish. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
-
Page 179: Create An Ip Filter Called To Dut
Create an IP Filter called To DUT Click Add. Type To DUT and then click Add. Type the Source IP address and the Destination IP address. Click OK, then close the window. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01... - Page 180 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Click the Filter Action tab. Select the Require Security check box and click Edit. Click Edit. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 181 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Select High [ESP], then click OK and OK to go back to the Filter Action. Click the Tunnel Setting tab, then type the DUT WAN IP address. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 182 Click the Authentication Methods tab. Click Edit. Select the Use this string...(preshared key) check box, then type 12345678. Click OK, then close the window and go back to the DUT to Win2K properties. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
-
Page 183: Create An Ip Filter Called To Win2K
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Create an IP Filter Called To Win2K Click Add. Type To Win2K and click Add. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01... - Page 184 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Type the Source IP address and the Destination IP address. Click OK, then close the window. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 185 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Click the Filter Action tab. Select the Require Security check box and click Edit. Click Edit. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 186 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Select High [ESP], then click OK. Click OK to return to the Filter Action tab. Click the Tunnel Setting tab, then type the Win2K WAN IP address. G-10 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 187 Click Authentication Methods and click Edit. Select the Use this string...(preshared key) check box, then type 12345678. Click OK, then close the window to return to the DUT to Win2K properties. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration G-11 M-10144-01...
-
Page 188: Configure The General Properties
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Configure the General Properties Click General. Click Advanced. Click Methods. G-12 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01... - Page 189 Click Edit, select Integrity Algorithm SHA1 and Encryption algorithm 3DES, DH Low. Click OK, then OK again. Close the window. Right-click DUT to Win2K Policy and then click Assign to assign the Policy. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration G-13 M-10144-01...
-
Page 190: Configure The Fvl328 Ike Policy
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Configure the FVL328 IKE policy G-14 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01... -
Page 191: Configure The Fvl328 Vpn Policy
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Configure the FVL328 VPN policy FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration G-15 M-10144-01... -
Page 192: Fvl328 To Ssh Sentinel 1.3 Remote Vpn
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual FVL328 to SSH Sentinel 1.3 Remote VPN PCa ----------FVL328------------ NAT router --------PC b with SSH 1.3 installed FVL328 LAN IP:192.168.0.1 WAN IP: 172.16.7.119/24 NAT router: support IPSec passthrough LAN IP: 192.168.10.1 WAN IP: 172.16.6.105/24 SSH Sentinel Version 1.3 Setting Procedures... - Page 193 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Select the Key Management tab. Click Add. Select Create a preshared key and click Next. Type the same preshared key as in the FVL328 and click Finish. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration G-17 M-10144-01...
- Page 194 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual You will see the FVL328 under My Keys. Click Apply. G-18 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 195 Select the Security Policy tab. Under VPN Connections, click Add. Click the IP button and type the Gateway IP Address. Select FVL328 for the Authentication key. Select the Use legacy proposal check box. Click the "..." button to bring up the Network Editor screen.
- Page 196 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Click Properties and check the VPN policy settings. Click Settings. G-20 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
- Page 197 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Configure the settings below, then click OK. Click OK, and then OK again. Click Apply. FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration G-21 M-10144-01...
- Page 198 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Right-click on the icon, click Select VPN, and choose the one you just configured. G-22 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01...
-
Page 199: Create The Fvl328 Ike Policy
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Create the FVL328 IKE Policy Create the FVL328 VPN Policy FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration G-23 M-10144-01... -
Page 200: Ping A Pc To Bring Up The Tunnel
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Ping a PC to Bring Up the Tunnel G-24 FVL328 to Windows 2000 Server and SSH Sentinel VPN Configuration M-10144-01... -
Page 201: Appendix Hnetgear Vpn Client
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to an FVL328. This case study follows the Virtual Private Network Consortium (VPNC) interoperability profile guidelines. The configuration options for the FVS328 and FWAG114 are the same. -
Page 202: Step-By-Step Configuration Of Fvl328 Or Fwag114 Gateway
VPNC Interoperability guidelines can be found at http://www.vpnc.org/InteropProfiles. Step-By-Step Configuration of FVL328 or FWAG114 Gateway Log in to the FVL328 gateway as in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its default user name of... - Page 203 – From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual WAN IP address of the FVL328 will also be used in the Connection ID Type fields of the NETGEAR ProSafe VPN Client as seen in “Security Policy Editor New Connection” on page H-8).
- Page 204 In the Pre-Shared Key field, type hr5xb84l6aa9r6. You must make sure the key is the same for both the FVL328 and the NETGEAR VPN Client. This will also be selected in the NETGEAR ProSafe VPN Client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as seen in “Connection Identity Pre-Shared Key”...
- Page 205 VPN Policies Menu page. Click Add Auto Policy. This will open a new screen titled VPN – Auto Policy. Figure H-3: NETGEAR FVL328 VPN – Auto Policy General settings – Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint.
- Page 206 H-8. – Type the starting LAN IP Address of the FVL328 in the Local IP Start IP Address field. For this example, we used 192.168.0.0 which is the default LAN IP address of the FVL328. This will also be entered in the NETGEAR ProSafe VPN Client Connection Remote Party Identity and Addressing Subnet field, as seen in “Security Policy Editor...
-
Page 207: Step-By-Step Configuration Of The Netgear Vpn Client B
To import this policy, use the Security Policy Editor File menu to select Import Policy, and select the FVL328.SPD file at D:\Software\Policies where D is the drive letter of your CD-ROM drive. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router... - Page 208 This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet using an FVL328 with a static IP address. The PC can be directly connected to the Internet through dialup, cable or DSL modem, or other means, and we will assume it has a dynamically assigned IP address.
- Page 209 In this example, select IP Subnet as the ID Type, 192.168.0.0 in the Subnet field (the Subnet address is the LAN IP Address of the FVL328 with 0 as the last number), and 255.255.255.0 in the Mask field, which is the LAN Subnet Mask of the FVL328.
- Page 210 Figure H-8: Connection Identity Pre-Shared Key Enter hr5xb84l6aa9r6 which is the same Pre-Shared Key entered in the FVL328. Click OK. Configure the Connection Identity Settings. In the Network Security Policy list, click the Security Policy subheading.
- Page 211 In the Encrypt Alg menu, select Triple DES. – In the Hash Alg, select SHA-1. – In the SA Life, select Unspecified. – In the Key Group menu, select Diffie-Hellman Group 2. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router H-11 202-10015-01...
- Page 212 Check the Encapsulation Protocol (ESP) check box. – In the Encrypt Alg menu, select Triple DES. – In the Hash Alg, select SHA-1. – In the Encapsulation menu, select Tunnel. H-12 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
- Page 213 Note: Whenever you make changes to a Security Policy, save them first, then deactivate the security policy, reload the security policy, and finally activate the security policy. This ensures that your new settings will take effect. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router H-13 202-10015-01...
-
Page 214: Testing The Vpn Connection
Note: Virus protection or firewall software can interfere with VPN communications. Be sure such software is not running on the remote PC with the NETGEAR VPN Client and that the firewall features of the FVL328 are not set in such a way as to prevent VPN communications. -
Page 215: From The Fvl328 To The Client Pc
OK. ping -t 192.168.0.1 This will cause a continuous ping to be sent to the first FVL328. After a period of up to two minutes, the ping response should change from “timed out” to “reply.” To test the connection to a computer connected to the FVL328, simply ping the IP address of that computer. - Page 216 A sample Connection Monitor screen for a different connection is shown below: Figure H-15: Connection Monitor screen In this example the following connection options apply: • The FVL328 has a public IP WAN address of 66.120.188.153 • The FVL328 has a LAN IP address of 192.168.0.1 •...
-
Page 217: Viewing The Fvl328 Vpn Status And Log Information
Information on the status of the VPN client connection can be viewed by opening the FVL328 VPN Status screen. To view this screen, click the VPN Status link on the FVL328 main menu. The FVL328 VPN Status screen for a successful connection is shown below:... - Page 218 Reference Manual for the NETGEAR ProSafe VPN Client H-18 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
-
Page 219: Netgear Vpn Configuration Fvs318 Or Fvm318 With Fqdn To Fvl328
This appendix provides a case study on how to configure a VPN tunnel between a NETGEAR FVS318 or FVM318 to a FVL328 using a Fully Qualified Domain Name (FQDN) to resolve the public address of one or both routers. The configurations screens and settings for the FVS318 and FVM318 are the same. -
Page 220: Using Ddns And Fully Qualified Domain Names (Fqdn
In this example, Gateway A is configured using an example FQDN provided by a DDNS Service provider. In this case we established the hostname netgear.dyndns.org for Gateway A using the NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328... -
Page 221: Step-By-Step Configuration Of Fvs318 Or Fvm318 Gateway A
Access the Web site of one of the dynamic DNS service providers whose names appear in the ‘Use a dynamic DNS service’ list, and register for an account. For example, for dyndns.org, click the link or go to www.dyndns.org. Figure I-2: Dynamic DNS Setup menu NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 M-10144-01... - Page 222 – Type the User Name for your dynamic DNS account. In this example we used netgear as the Host Name. This means that the complete FQDN we are using is netgear.dyndns.org and the Host Name is “netgear.”...
- Page 223 NETGEAR devices. For this example we have used toFVL328. – Enter a Local IPSec Identifier name for the NETGEAR FVS318 Gateway A. This name must be entered in the other endpoint as Remote IPSec Identifier. In this example we used netgear.dyndns.org (the FQDN) as the local identifier.
- Page 224 Type the WAN IP address (22.23.24.25 in our example) of Gateway B in the Remote WAN IP or FQDN field. Figure I-5: Figure 4 – NETGEAR FVS318 VPN Settings (part 2) – Main Mode – From the Secure Association drop-down box, select Main Mode.
-
Page 225: Step-By-Step Configuration Of Fvl328 Gateway B
When the screen returns to the VPN Settings, make sure the Enable check box is selected. Step-By-Step Configuration of FVL328 Gateway B Log in to the NETGEAR FVL328, labeled Gateway B in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its... - Page 226 From the Remote Identity drop-down box, select Fully Qualified Domain Name. – Type the FQDN (netgear.dnydns.org in our example) in the Remote Identity Data field. Figure I-8: NETGEAR FVL328 IKE Policy Configuration – Part 2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328...
- Page 227 Click the VPN Policies link under the VPN category on the left side of the Settings management GUI. This will take you to the VPN Policies Menu page. Click Add Auto Policy. This will open a new screen titled VPN – Auto Policy. NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 M-10144-01...
- Page 228 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Figure I-10: NETGEAR FVL328 VPN – Auto Policy (part 1) – Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. In our example we have used to318 as the Policy Name. In the Policy Name field type to318.
- Page 229 Model FVL328 ProSafe High-Speed VPN Firewall v2 Reference Manual Figure I-11: NETGEAR FVL328 VPN – Auto Policy (part 2) – From the Traffic Selector Remote IP drop-down box, select Subnet address. – Type the starting LAN IP Address of Gateway A (10.5.6.1 in our example) in the Remote IP Start IP Address field.
-
Page 230: Test The Vpn Connection
Connection Status Screen. If the connection is functioning properly, the State fields will show “Estab.” 3. From the FVL328, click the VPN Status link under the VPN section of the main menu. The VPN Logs and status are displayed. I-12... -
Page 231: Glossary
Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES 3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three different, unrelated keys. 802.11b IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed radio... - Page 232 Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
- Page 233 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual IP Address A four-position number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an organization formed for this purpose. Usually written in dotted-decimal notation with periods separating the bytes (for example, 134.177.244.57).
- Page 234 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual NetBIOS Network Basic Input Output System. An application programming interface for sharing services and information on l (API) ocal-area networks (LANs). Provides for communication between stations of a network where each station is given a name. These names are alphanumeric names, 16 characters in length.
- Page 235 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Request For Comment. Refers to documents published by the Internet Engineering Task Force (IETF) proposing standard protocols and procedures for the Internet. RFCs can be found at www.ietf.org. See Routing Information Protocol.
- Page 236 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Glossary M-10144-01...
-
Page 237: Index
Index daylight savings time 5-15 Default DMZ Server 4-5 Account Name 3-9, 3-11, 3-15 default reset button 8-7 Address Resolution Protocol B-9 Denial of Service (DoS) protection 2-2, 5-3 Addressing E-7 denial of service attack B-11 Austria 3-15 DHCP 2-4, 4-2, B-10 Authentication Header (AH) E-3, E-4 DHCP Client ID C-7 Auto Uplink 2-3... - Page 238 FLASH memory 7-13 IPSec SA negotiation E-9 FQDN 2-2 IPSec Security Features E-2 front panel 2-6 ISP 3-1 Fully Qualified Domain Name 2-2 LAN IP Setup Menu 4-3 gateway address C-11 LEDs description 2-6 General 6-4, 6-7, 6-11 troubleshooting 8-3 sending 7-9 host name 3-9, 3-11, 3-15 Log Viewer H-15...
- Page 239 package contents 2-5 SA E-4 password Scope of Document 1-1 restoring 8-7 Secondary DNS Server 3-10, 3-11, 3-13, 3-15, 3-16 PC, using to configure C-12 service blocking 5-10 ping 4-6 service numbers 5-13 PKIX 6-22 Setup Wizard 3-1 port filtering 5-10 SMTP 7-9 port forwarding 5-7 spoof MAC address 8-5...
- Page 240 Virtual Private Networking 2-3 VPN E-1 VPN Consortium E-6 VPN Process Overview E-7 VPNC IKE Phase I Parameters E-10 VPNC IKE Phase II Parameters E-11 Windows, configuring for IP routing C-2, C-5 winipcfg utility C-5 WinPOET C-9 World Wide Web 1-iii Index...