Reference Manual for the ProSafe VPN Firewall FVS114
Statement of Conditions
Trademarks
EN 55 022 Declaration of Conformance
Certificate of the Manufacturer/Importer
Product and Publication Details
202-10098-01, April
Contents
Chapter Firewall Protection Content Filtering
Chapter Advanced Virtual Private Networking
Chapter Advanced Configuration
Appendix C Virtual Private Networking
Appendix D Preparing Your Network
Contents
Xii Contents
Audience, Scope, Conventions, and Formats
Chapter About This Manual
Typographical Conventions
Manual Scope
How to Use This Manual
Printing a Page in the Html View
How to Print this Manual
Printing a Chapter
Printing the Full Manual
Reference Manual for the ProSafe VPN Firewall FVS114
Chapter Introduction
Key Features of the VPN Firewall
Security
Powerful, True Firewall with Content Filtering
Extensive Protocol Support
Autosensing Ethernet Connections with Auto Uplink
Maintenance and Support
Easy Installation and Management
Package Contents
LED Descriptions
FVS114 Rear Panel
NETGEAR-Related Products
DC power input ON/OFF switch
Netgear Product Registration, Support, and Documentation
NETGEAR-Related Products
Reference Manual for the ProSafe VPN Firewall FVS114
Prepare to Install Your FVS114 ProSafe VPN Firewall
Connecting the Firewall to the Internet
First, Connect the FVS114
Modem
VPN Firewall
Restart Your Network in the Correct Sequence
Status lights
Now, Configure the FVS114 for Internet Access
Netgear Smart Wizard Configuration Assistant welcome screen
Make sure the network settings of the computer are correct
Troubleshooting Tips
Be sure to restart your network in this sequence
Make sure the Ethernet cables are securely plugged
Ways to access the firewall
Overview of How to Access the FVS114 VPN Firewall
Login URL
Login result FVS114 home
How to Bypass the Configuration Assistant
Using the Smart Setup Wizard
ISP Does Not Require Login
How to Manually Configure Your Internet Connection
Reference Manual for the ProSafe VPN Firewall FVS114
10 Basic Settings ISP list
Reference Manual for the ProSafe VPN Firewall FVS114
Firewall Protection and Content Filtering Overview
Chapter Firewall Protection Content Filtering
Block Sites menu
Block Sites
Using Rules to Block or Allow Specific Kinds of Traffic
Rules menu
Reference Manual for the ProSafe VPN Firewall FVS114
Inbound Rule Example a Local Public Web Server
Inbound Rules Port Forwarding
Rule example a local public Web server
Considerations for Inbound Rules
Outbound Rules Service Blocking
Rule example blocking Instant Messenger
Outbound Rule Example Blocking Instant Messenger
Rules table
Order of Precedence for Rules
Services menu
Services
Add Custom Service menu
Schedule
Using a Schedule to Block or Allow Specific Traffic
Time Zone
10 E-mail menu
Getting E-Mail Notifications of Event Logs and Alerts
Reference Manual for the ProSafe VPN Firewall FVS114
11 Logs menu
Viewing Logs of Web Access or Attempted Web Access
Log entries are described in Table
Syslog
Log action buttons are described in Table
Log entry descriptions
Chapter Basic Virtual Private Networking
VPN Tunnel
Single
Advanced methods see , Advanced Virtual Private Networking
VPN Tunnel
Configuration
VPN Wizard start screen
Configuring the Client-to-Gateway VPN Tunnel on the FVS114
Connection Name and Remote IP Type
Summary screen below displays
Vpnc Recommended Settings
Configuring the Netgear ProSafe VPN Client on the Remote PC
Security Policy Editor new connection
Select Secure in the Connection Security check box
11 Security Policy Editor Security Policy
12 Security Policy Editor My Identity
13 Security Policy Editor Pre-Shared Key
15 Security Policy Editor Key Exchange
16 Running a Ping test to the LAN from the PC
18 Log Viewer screen
Exporting a Security Policy
Transferring a Security Policy to Another Client
Importing a Security Policy
Select Export Security Policy from the File pulldown
Scenario1
Select the security policy to import
FVS114 VPN Firewall PCs
23 VPN Wizard start screen
Procedure to Configure a Gateway-to-Gateway VPN Tunnel
25 Remote IP
27 VPN Wizard Summary
28 VPN Recommended Settings
30 VPN Status/Log screen
Using the VPN Status Page to Activate a VPN Tunnel
Start Using a VPN Tunnel to Activate It
VPN Tunnel Control
Activating a VPN Tunnel
32 VPN Status/Log screen
Activate the VPN Tunnel by Pinging the Remote Endpoint
Type ping
Type ping -t 192.168.3.1 and then click OK
36 Pinging test results
Verifying the Status of a VPN Tunnel
38 Current VPN Tunnels SAs screen
Deactivating a VPN Tunnel
39 VPN Policies
Using the VPN Status Page to Deactivate a VPN Tunnel
41 Current VPN Tunnels SAs screen
Deleting a VPN Tunnel
Virtual Private
Using Automatic Key Management
Using Policies to Manage VPN Traffic
IKE Policy Configuration Menu
IKE Policies’ Automatic Key and Authentication Management
Field Description General
IKE Policy Configuration fields
Field Description Remote
VPN Policy Configuration for Auto Key Negotiation
VPN Auto Policy menu
VPN Auto Policy fields are defined in the following table
VPN Auto Policy Configuration Fields
Authenticating Header AH
Netbios Enable
VPN Policy Configuration for Manual Key Exchange
VPN Manual Policy menu
VPN Manual Policy fields are defined in the following table
VPN Manual Policy Configuration Fields
Value in its Authentication Algorithm Key Out field
Netbios Enable
Certificate Revocation List CRL
Walk-Through of Configuration Scenarios on the FVS114
VPN Consortium Scenario
Are IPv4
From Settings menu
FVS114 Internet IP Address menu
WAN IP addresses
LAN IP Setup menu
Scenario 1 IKE Policy
Set up the IKE Policy illustrated below on the FVS114
10 Scenario 1 VPN Auto Policy
Set up the FVS114 VPN -Auto Policy illustrated below
Testing the Gateway a FVS114 LAN and the Gateway B LAN
How to Check VPN Connections
FVS114 Scenario 2 FVS114 to FVS114 with RSA Certificates
Install the trusted CA certificate for the Trusted Root CA
Obtain a root certificate
Create a certificate request for the FVS114
11 Generate Self Certificate Request menu
12 Self Certificate Request data
Highlight, copy and paste this data into a text file
13 Self Certificate Requests table
Click the Upload Certificate button
14 Self Certificates table
Set up Certificate Revocation List CRL checking
Reference Manual for the ProSafe VPN Firewall FVS114
Viewing VPN Firewall Status Information
Chapter Maintenance
FVS114 Status fields
This screen shows the following parameters
This screen shows the following statistics
Click Show WAN Status to display the WAN connection status
Connection Status fields
Connection Status action buttons
WAN Status action buttons are described in the table below
Click Show Statistics to display firewall usage statistics
Router Statistics fields
Upgrading the Firewall Software
Viewing a List of Attached Devices
Router Upgrade menu
Configuration File Management
Restoring the Configuration
Backing Up the Configuration
Erasing the Configuration
Diagnostics
Changing the Administrator Password
Ping or Trace an IP address
Diagnostics menu
Reference Manual for the ProSafe VPN Firewall FVS114
WAN Setup
Chapter Advanced Configuration
Default DMZ Server
To assign a computer or server to be a Default DMZ server
How to Configure Dynamic DNS
Click Default DMZ Server
Respond to Ping on Internet WAN Port
Dynamic DNS
Configuring LAN TCP/IP Setup Parameters
Using the LAN IP Setup Options
Reference Manual for the ProSafe VPN Firewall FVS114
Using Address Reservation
Using the Firewall as a Dhcp server
Click Edit or Delete
Configuring Static Routes
Static Routes table
Static Route Example
Enabling Remote Management Access
Remote Management menu
Https//134.177.0.1238080
UPnP menu
UPnP
Reference Manual for the ProSafe VPN Firewall FVS114
Power LED Not On
Chapter Troubleshooting
Basic Functioning
LAN or Internet Port LEDs Not On
LEDs Never Turn Off
Troubleshooting the Web Configuration Interface
Troubleshooting the ISP Connection
Testing the LAN Path to Your Firewall
Troubleshooting a TCP/IP Network Using a Ping Utility
If the path is working, you see this message
Testing the Path from Your PC to a Remote Device
If the path is not working, you see this message
Ping -n 10 IP address
Problems with Date and Time
Restoring the Default Configuration and Password
Reference Manual for the ProSafe VPN Firewall FVS114
Data and Routing Protocols
Appendix a Technical Specifications
PPP over Ethernet PPPoE
10BASE-T or 100BASE-Tx, RJ-45
Interface Specifications
Electromagnetic Emissions
Related Publications Basic Router Concepts
Appendix B Network, Routing, and Firewall Basics
IP Addresses and the Internet
What is a Router?
Routing Information Protocol
Is normally written as
Figure B-1 Three Main Address Classes
Combined with
Netmask
Equals
Figure B-2 Example of Subnetting a Class B Address
Subnet Addressing
Table B-2. Netmask formats
Table B-1 Netmask notation translation table for one octet
Table B-2 Netmask formats
Private IP Addresses
Figure B-3 Single IP Address Operation Using NAT
Single IP Address Operation Using NAT
Related Documents
MAC Addresses and Address Resolution Protocol
Domain Name Server
Internet Security and Firewalls
IP Configuration by Dhcp
Denial of Service Attack
What is a Firewall?
Ethernet Cabling
Stateful Packet Inspection
Category 5 Cable Quality
Table B-3 UTP Ethernet cable wiring, straight-through
Figure B-4illustrates straight-through twisted pair cable
Inside Twisted Pair Cables
Uplink Switches, Crossover Cables, and MDI/MDIX Switching
Reference Manual for the ProSafe VPN Firewall FVS114
Reference Manual for the ProSafe VPN Firewall FVS114
Appendix C Virtual Private Networking
What is a VPN?
IPSec Security Features
What Is IPSec and How Does It Work?
IPSec Components
IPSec contains the following elements
Encapsulating Security Payload ESP
IKE Security Association
Authentication Header AH
Mode
Key Management
Understand the Process Before You Begin
Addresses
VPN Process Overview
It functions as a
Firewalls
VPN Tunnel Between Gateways
Table C-2 Subnet addressing
IPSec Security Association SA negotiation
IPSec Security Association IKE VPN Tunnel Negotiation Steps
Vpnc IKE Security Parameters
Vpnc IKE Phase I Parameters
Vpnc IKE Phase II Parameters
Testing and Troubleshooting
Additional Reading
Relevant RFCs listed numerically
Preparing Your Computers for TCP/IP Networking
Appendix D Preparing Your Network
Install or Verify Windows Networking Components
Configuring Windows 95, 98, and Me for TCP/IP Networking
Select TCP/IP, and then click OK
Select Microsoft
Choose Settings, and then Control Panel
Enabling Dhcp to Automatically Configure TCP/IP Settings
Restart your PC for the changes to take effect
Primary Network Logon is set to Windows logon
Verifying TCP/IP Properties
Selecting Windows’ Internet Access Method
Click OK to continue Restart the PC
Double-click the Network and Dialup Connections icon
Configuring Windows NT4, 2000 or XP for IP Networking
Then, restart your PC
Dhcp Configuration of TCP/IP in Windows XP
Locate your Network Neighborhood icon
Reference Manual for the ProSafe VPN Firewall FVS114
Dhcp Configuration of TCP/IP in Windows
Reference Manual for the ProSafe VPN Firewall FVS114
Obtain an IP address automatically is selected
Dhcp Configuration of TCP/IP in Windows NT4
Reference Manual for the ProSafe VPN Firewall FVS114
TCP/IP Properties dialog box now displays
Verifying TCP/IP Properties for Windows XP, 2000, and NT4
Default gateway is Type exit
Configuring the Macintosh for TCP/IP Networking
MacOS 8.6 or
MacOS
Verifying TCP/IP Properties for Macintosh Computers
What Is Your Configuration Information?
Are Login Protocols Used?
Verifying the Readiness of Your Internet Account
Select the Gateway tab
Select the IP Address tab
Reference Manual for the ProSafe VPN Firewall FVS114
Restarting the Network
Reference Manual for the ProSafe VPN Firewall FVS114
Numeric
List of Glossary Terms
AES
Packet sent to all devices on a network
DNS
See Internet Control Message Protocol
Internet service provider
Megabits per second
Set of rules for communication between devices on a network
Radius
See Wide Area Network
Reference Manual for the ProSafe VPN Firewall FVS114
Reference Manual for the ProSafe VPN Firewall FVS114