NETGEAR FVL328 What is network address translation NAT?, What is Stateful Packet Inspection SPI?

Page 4

FVL328 Cable/DSL ProSafe High-Speed VPN Firewall

Page 4

19.Why do need a router or firewall when I have a connection to the Internet through my PC already?

With the advent of computer hacking into homes and businesses, the increased reliance on home computers to store valuable information, and the development of applications that share content over the Internet through networked PCs, network security becomes an important issue. Simply connecting a PC to a DSL or cable modem does not provide the necessary security to prevent someone from hacking into a computer. Having a box that provides firewall or network address translation (NAT) capability provides a simple solution to this problem.

20.What is network address translation (NAT)?

NAT is used in the router to prevent hacking into the local area network (LAN). NAT substitutes the “private” IP address of devices located on the LAN side of the router with a new “public” IP address that is visible on the “Internet side” of the router. By virtue of this simple implementation, any device, up to 253, located on the LAN will be hidden, or “masqueraded” from Internet hackers trying to get to a specific PC. Only the router’s IP address is visible on the Internet. This technology provides crude protection against hackers and is used widely in broadband routers.

21.Is this the same as a firewall?

No. Though the term ”firewall” has been used generically when describing a router’s ability to masquerade the PC’s IP address, a true firewall employs a technology called Stateful Packet Inspection (SPI). Firewalls provide a greater level of security, and as a result, are generally more expensive than a NAT router.

Firewalls give the administrator the ability to set up specific IP addresses or domain names that are allowed to be accessed while refusing the rest (filtering). Firewalls can also allow remote access to the private network through the use of secure login procedures and authentication certificates (Virtual Private Networks, or VPNs). Firewalls are used to prevent Denial of Service (DoS) attacks and can use software to provide content filtering to deny access to unwanted web sites. There are also extensive reporting capabilities, known as an Intrusion Detection System. The FVL328 and its siblings, the FV318, FR314 and FR318 are true firewalls.

22.What is Stateful Packet Inspection (SPI)?

SPI is a technology used in firewalls which instead of simply hiding an IP address from the Internet, will look at each individual packet for information such as its source and destination addresses and the protocol that is being used, in order to take certain actions based upon a set of pre-established criteria. SPI can be used to prevent DoS attacks, since the contents within the packet are known.

23.Can I turn off the NAT function on the router and use it just as a firewall behind the router that I already have?

The FVL328 will have this functionality in version 1.1 of the firmware, and will provide the ability to be used as simply a firewall/VPN device. It will also provide the ability to support static routes in order to set up subnets for larger scale networks.

24.What are Denial of Service (DoS) attacks?

Packets or requests for service sent from one or multiple PCs that cause disruption of functionality in the target PC or server. One way to employ a DoS would be to relentlessly “ping” the target server (known as “Ping of Death”), which requires the target server to respond to the ping. If there were enough pings requested, the unfortunate server would not be able to respond quickly enough to the pings and at the same time perform other functions. The result is a denial of service.

25.How does SPI prevent “Ping of Death” or SYN Flood DoS attacks?

The router will look at each packet and if the router notices a specific amount of ping requests over a certain amount of time coming from the same address, the packets will be dropped. In another example, the router

Page 3 Page 5
Image 4
Page 3 Page 5
Contents What is significant about the FVL328? What is Virtual Private Networking?What is VPN end point, and what can it do? Is the FVL328 a router?What is encryption? What is DES and 3DES?What is IPSec? What is IKE?What is Encapsulating Security Payload ESP? What is a Security Association?What is PKI? What is a Certificate Authority CA?What is Stateful Packet Inspection SPI? What is network address translation NAT?What are Denial of Service DoS attacks? Does the FVL328 filter content this way? Where can I buy this product?What are the types DoS attacks? How many users does the FVL328 support?What if I need multiple-site VPNs? Mucho EV/PKHow easy is it to connect to the Internet using the FVL328? FVL328 supports Auto Uplink. What is Auto Uplink?What about backward compatibility with the FR318 and FV318? What platforms does the FVL328 support?What is PPPoE? Does the FVL328 support a DMZ?Does the FVL328 support secure remote management? Does the FVL328 support IPX or AppleTalk?Does the FVL328 support any Operating System? How do I find out more about VPN?

FVL328 specifications

The NETGEAR FVL328 is a high-performance broadband VPN firewall that caters primarily to small and medium-sized businesses. Renowned for its robust security features, the FVL328 is designed to protect sensitive data while providing seamless connectivity for remote users. By leveraging advanced technologies, this firewall ensures secure, reliable access to corporate resources.

One of the standout features of the FVL328 is its built-in virtual private network (VPN) functionality. Supporting up to 20 concurrent VPN connections, the device utilizes both IPSec and L2TP protocols, offering secure tunneling for remote workers. This capability is critical for businesses looking to maintain data integrity while allowing users to access the network from various geographical locations.

The FVL328 integrates a stateful packet inspection (SPI) firewall, which monitors both incoming and outgoing traffic to provide robust protection against unauthorized access and cyber threats. This feature is paramount in today's digital landscape where cyberattacks are increasingly sophisticated. Additionally, the device includes denial of service (DoS) attack protection, further enhancing its security repertoire.

In terms of connectivity, the FVL328 boasts multiple Ethernet ports, allowing for flexible network design and integration with existing infrastructure. The router features four 10/100 Mbps LAN ports and one WAN port, accommodating various networking needs. The automatic IP or static IP configuration options also provide businesses with the flexibility to set up their internet connections quickly.

Another significant aspect of the FVL328 is its user-friendly management interface. With an intuitive web-based GUI, network administrators can easily manage settings, monitor performance, and troubleshoot issues in real time. The device also supports remote management, enabling administrators to configure and manage the network without being physically present.

To complement its advanced technologies, the FVL328 offers various other features, including DHCP server capabilities, Network Address Translation (NAT), and a built-in DynDNS client for dynamic IP management. These characteristics help businesses optimize their network performance while simplifying IP address management.

In summary, the NETGEAR FVL328 is a versatile and secure broadband VPN firewall perfect for businesses that require reliable internet connectivity and robust security measures. Its main features, including advanced VPN support, stateful packet inspection, and an intuitive management interface, make it a valuable asset for any organization's network infrastructure.
Top Page Image Contents