Reference Manual for the ProSafe VPN Firewall FVS114
Certificate of the Manufacturer/Importer
Trademarks
Statement of Conditions
EN 55 022 Declaration of Conformance
Product and Publication Details
202-10098-01, April
Contents
Chapter Firewall Protection Content Filtering
Chapter Advanced Virtual Private Networking
Chapter Advanced Configuration
Appendix C Virtual Private Networking
Appendix D Preparing Your Network
Contents
Xii Contents
Manual Scope
Chapter About This Manual
Audience, Scope, Conventions, and Formats
Typographical Conventions
How to Use This Manual
Printing the Full Manual
How to Print this Manual
Printing a Page in the Html View
Printing a Chapter
Reference Manual for the ProSafe VPN Firewall FVS114
Chapter Introduction
Key Features of the VPN Firewall
Security
Powerful, True Firewall with Content Filtering
Extensive Protocol Support
Autosensing Ethernet Connections with Auto Uplink
Maintenance and Support
Easy Installation and Management
Package Contents
LED Descriptions
FVS114 Rear Panel
NETGEAR-Related Products
DC power input ON/OFF switch
NETGEAR-Related Products
Netgear Product Registration, Support, and Documentation
Reference Manual for the ProSafe VPN Firewall FVS114
Connecting the Firewall to the Internet
Prepare to Install Your FVS114 ProSafe VPN Firewall
First, Connect the FVS114
Modem
VPN Firewall
Restart Your Network in the Correct Sequence
Status lights
Now, Configure the FVS114 for Internet Access
Netgear Smart Wizard Configuration Assistant welcome screen
Make sure the Ethernet cables are securely plugged
Troubleshooting Tips
Make sure the network settings of the computer are correct
Be sure to restart your network in this sequence
Ways to access the firewall
Overview of How to Access the FVS114 VPN Firewall
Login URL
Login result FVS114 home
How to Bypass the Configuration Assistant
Using the Smart Setup Wizard
ISP Does Not Require Login
How to Manually Configure Your Internet Connection
Reference Manual for the ProSafe VPN Firewall FVS114
10 Basic Settings ISP list
Reference Manual for the ProSafe VPN Firewall FVS114
Firewall Protection and Content Filtering Overview
Chapter Firewall Protection Content Filtering
Block Sites menu
Block Sites
Using Rules to Block or Allow Specific Kinds of Traffic
Rules menu
Reference Manual for the ProSafe VPN Firewall FVS114
Inbound Rule Example a Local Public Web Server
Inbound Rules Port Forwarding
Rule example a local public Web server
Considerations for Inbound Rules
Outbound Rules Service Blocking
Rule example blocking Instant Messenger
Outbound Rule Example Blocking Instant Messenger
Rules table
Order of Precedence for Rules
Services menu
Services
Add Custom Service menu
Schedule
Using a Schedule to Block or Allow Specific Traffic
Time Zone
10 E-mail menu
Getting E-Mail Notifications of Event Logs and Alerts
Reference Manual for the ProSafe VPN Firewall FVS114
11 Logs menu
Viewing Logs of Web Access or Attempted Web Access
Log entry descriptions
Syslog
Log entries are described in Table
Log action buttons are described in Table
Chapter Basic Virtual Private Networking
VPN Tunnel
Single
Advanced methods see , Advanced Virtual Private Networking
VPN Tunnel
Configuration
VPN Wizard start screen
Configuring the Client-to-Gateway VPN Tunnel on the FVS114
Connection Name and Remote IP Type
Summary screen below displays
Vpnc Recommended Settings
Configuring the Netgear ProSafe VPN Client on the Remote PC
Security Policy Editor new connection
Select Secure in the Connection Security check box
11 Security Policy Editor Security Policy
12 Security Policy Editor My Identity
13 Security Policy Editor Pre-Shared Key
15 Security Policy Editor Key Exchange
16 Running a Ping test to the LAN from the PC
18 Log Viewer screen
Exporting a Security Policy
Transferring a Security Policy to Another Client
Importing a Security Policy
Select Export Security Policy from the File pulldown
Scenario1
Select the security policy to import
FVS114 VPN Firewall PCs
23 VPN Wizard start screen
Procedure to Configure a Gateway-to-Gateway VPN Tunnel
25 Remote IP
27 VPN Wizard Summary
28 VPN Recommended Settings
30 VPN Status/Log screen
Activating a VPN Tunnel
Start Using a VPN Tunnel to Activate It
Using the VPN Status Page to Activate a VPN Tunnel
VPN Tunnel Control
32 VPN Status/Log screen
Activate the VPN Tunnel by Pinging the Remote Endpoint
Type ping
Type ping -t 192.168.3.1 and then click OK
36 Pinging test results
Verifying the Status of a VPN Tunnel
38 Current VPN Tunnels SAs screen
Deactivating a VPN Tunnel
39 VPN Policies
Using the VPN Status Page to Deactivate a VPN Tunnel
41 Current VPN Tunnels SAs screen
Deleting a VPN Tunnel
Virtual Private
Using Automatic Key Management
Using Policies to Manage VPN Traffic
IKE Policy Configuration Menu
IKE Policies’ Automatic Key and Authentication Management
Field Description General
IKE Policy Configuration fields
Field Description Remote
VPN Policy Configuration for Auto Key Negotiation
VPN Auto Policy menu
VPN Auto Policy fields are defined in the following table
VPN Auto Policy Configuration Fields
Authenticating Header AH
Netbios Enable
VPN Policy Configuration for Manual Key Exchange
VPN Manual Policy menu
VPN Manual Policy fields are defined in the following table
VPN Manual Policy Configuration Fields
Value in its Authentication Algorithm Key Out field
Netbios Enable
Certificate Revocation List CRL
Walk-Through of Configuration Scenarios on the FVS114
VPN Consortium Scenario
Are IPv4
From Settings menu
FVS114 Internet IP Address menu
WAN IP addresses
LAN IP Setup menu
Scenario 1 IKE Policy
Set up the IKE Policy illustrated below on the FVS114
10 Scenario 1 VPN Auto Policy
Set up the FVS114 VPN -Auto Policy illustrated below
Testing the Gateway a FVS114 LAN and the Gateway B LAN
How to Check VPN Connections
Create a certificate request for the FVS114
Install the trusted CA certificate for the Trusted Root CA
FVS114 Scenario 2 FVS114 to FVS114 with RSA Certificates
Obtain a root certificate
11 Generate Self Certificate Request menu
12 Self Certificate Request data
Highlight, copy and paste this data into a text file
13 Self Certificate Requests table
Click the Upload Certificate button
14 Self Certificates table
Set up Certificate Revocation List CRL checking
Reference Manual for the ProSafe VPN Firewall FVS114
Viewing VPN Firewall Status Information
Chapter Maintenance
FVS114 Status fields
This screen shows the following parameters
Connection Status action buttons
Click Show WAN Status to display the WAN connection status
This screen shows the following statistics
Connection Status fields
Click Show Statistics to display firewall usage statistics
WAN Status action buttons are described in the table below
Router Statistics fields
Upgrading the Firewall Software
Viewing a List of Attached Devices
Router Upgrade menu
Configuration File Management
Backing Up the Configuration
Restoring the Configuration
Erasing the Configuration
Diagnostics
Changing the Administrator Password
Ping or Trace an IP address
Diagnostics menu
Reference Manual for the ProSafe VPN Firewall FVS114
WAN Setup
Chapter Advanced Configuration
Default DMZ Server
Respond to Ping on Internet WAN Port
How to Configure Dynamic DNS
To assign a computer or server to be a Default DMZ server
Click Default DMZ Server
Dynamic DNS
Configuring LAN TCP/IP Setup Parameters
Using the LAN IP Setup Options
Reference Manual for the ProSafe VPN Firewall FVS114
Using Address Reservation
Using the Firewall as a Dhcp server
Click Edit or Delete
Configuring Static Routes
Static Routes table
Static Route Example
Enabling Remote Management Access
Remote Management menu
Https//134.177.0.1238080
UPnP menu
UPnP
Reference Manual for the ProSafe VPN Firewall FVS114
Chapter Troubleshooting
Power LED Not On
Basic Functioning
LAN or Internet Port LEDs Not On
LEDs Never Turn Off
Troubleshooting the Web Configuration Interface
Troubleshooting the ISP Connection
Testing the LAN Path to Your Firewall
Troubleshooting a TCP/IP Network Using a Ping Utility
Ping -n 10 IP address
Testing the Path from Your PC to a Remote Device
If the path is working, you see this message
If the path is not working, you see this message
Problems with Date and Time
Restoring the Default Configuration and Password
Reference Manual for the ProSafe VPN Firewall FVS114
Appendix a Technical Specifications
Data and Routing Protocols
PPP over Ethernet PPPoE
Interface Specifications
10BASE-T or 100BASE-Tx, RJ-45
Electromagnetic Emissions
Related Publications Basic Router Concepts
Appendix B Network, Routing, and Firewall Basics
Is normally written as
What is a Router?
IP Addresses and the Internet
Routing Information Protocol
Figure B-1 Three Main Address Classes
Netmask
Combined with
Equals
Figure B-2 Example of Subnetting a Class B Address
Subnet Addressing
Table B-2. Netmask formats
Table B-1 Netmask notation translation table for one octet
Table B-2 Netmask formats
Private IP Addresses
Figure B-3 Single IP Address Operation Using NAT
Single IP Address Operation Using NAT
MAC Addresses and Address Resolution Protocol
Related Documents
Domain Name Server
Internet Security and Firewalls
IP Configuration by Dhcp
Stateful Packet Inspection
What is a Firewall?
Denial of Service Attack
Ethernet Cabling
Category 5 Cable Quality
Table B-3 UTP Ethernet cable wiring, straight-through
Figure B-4illustrates straight-through twisted pair cable
Inside Twisted Pair Cables
Uplink Switches, Crossover Cables, and MDI/MDIX Switching
Reference Manual for the ProSafe VPN Firewall FVS114
Reference Manual for the ProSafe VPN Firewall FVS114
Appendix C Virtual Private Networking
What is a VPN?
IPSec contains the following elements
What Is IPSec and How Does It Work?
IPSec Security Features
IPSec Components
Encapsulating Security Payload ESP
IKE Security Association
Authentication Header AH
Mode
Key Management
Understand the Process Before You Begin
VPN Process Overview
Addresses
It functions as a
VPN Tunnel Between Gateways
Firewalls
Table C-2 Subnet addressing
IPSec Security Association SA negotiation
IPSec Security Association IKE VPN Tunnel Negotiation Steps
Vpnc IKE Security Parameters
Vpnc IKE Phase I Parameters
Testing and Troubleshooting
Vpnc IKE Phase II Parameters
Additional Reading
Relevant RFCs listed numerically
Preparing Your Computers for TCP/IP Networking
Appendix D Preparing Your Network
Install or Verify Windows Networking Components
Configuring Windows 95, 98, and Me for TCP/IP Networking
Select TCP/IP, and then click OK
Select Microsoft
Enabling Dhcp to Automatically Configure TCP/IP Settings
Choose Settings, and then Control Panel
Restart your PC for the changes to take effect
Primary Network Logon is set to Windows logon
Selecting Windows’ Internet Access Method
Verifying TCP/IP Properties
Click OK to continue Restart the PC
Double-click the Network and Dialup Connections icon
Configuring Windows NT4, 2000 or XP for IP Networking
Dhcp Configuration of TCP/IP in Windows XP
Then, restart your PC
Locate your Network Neighborhood icon
Reference Manual for the ProSafe VPN Firewall FVS114
Dhcp Configuration of TCP/IP in Windows
Reference Manual for the ProSafe VPN Firewall FVS114
Obtain an IP address automatically is selected
Dhcp Configuration of TCP/IP in Windows NT4
Reference Manual for the ProSafe VPN Firewall FVS114
TCP/IP Properties dialog box now displays
Verifying TCP/IP Properties for Windows XP, 2000, and NT4
MacOS
Configuring the Macintosh for TCP/IP Networking
Default gateway is Type exit
MacOS 8.6 or
Verifying TCP/IP Properties for Macintosh Computers
Are Login Protocols Used?
What Is Your Configuration Information?
Verifying the Readiness of Your Internet Account
Select the Gateway tab
Select the IP Address tab
Reference Manual for the ProSafe VPN Firewall FVS114
Restarting the Network
Reference Manual for the ProSafe VPN Firewall FVS114
Numeric
List of Glossary Terms
AES
Packet sent to all devices on a network
DNS
See Internet Control Message Protocol
Internet service provider
Megabits per second
Set of rules for communication between devices on a network
Radius
See Wide Area Network
Reference Manual for the ProSafe VPN Firewall FVS114
Reference Manual for the ProSafe VPN Firewall FVS114