Main
2
202-10085-01, March 2005
Trademarks
Statement of Conditions
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
EN 55 022 Declaration of Conformance
Page
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
-4
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts
-5 202-10085-01, March 2005
Product and Publication Details
Contents
Page
Page
Page
Page
Page
Page
Page
Chapter 1 About This Manual
Audience, Scope, Conventions, and Formats
How to Use This Manual
How to Print this Manual
Page
Chapter 2 Introduction
Key Features of the VPN Firewall
Dual WAN Ports for Increased Reliability or Outbound Load Balancing
A Powerful, True Firewall with Content Filtering
Security
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
Package Contents
The Routers Front Panel
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts
Introduction 2-7
The Routers Rear Panel
Table 2-1. FVS124G front panel
The Routers IP Address, Login Name, and Password
Logging into the Router
Default Factory Settings
NETGEAR Related Products
Page
Chapter 3 Network Planning
Overview of the Planning Process
Inbound Traffic
Virtual Private Networks (VPNs)
The Rollover Case for Firewalls With Dual WAN Ports
The Load Balancing Case for Firewalls With Dual WAN Ports
Inbound Traffic
Inbound Traffic to Single WAN Port (Reference Case)
Inbound Traffic to Dual WAN Port Systems
Page
Virtual Private Networks (VPNs)
VPN Road Warrior (Client-to-Gateway)
Page
Page
VPN Gateway-to-Gateway
Page
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts
Network Planning 3-11
Figure 3-14: Dual gateway WAN ports, after rollover, for gateway-to-gateway VPN tunnels
Figure 3-15: Dual gateway WAN ports (load balancing case) for gateway-to-gateway VPN tunnels
Gateway-to-Gateway Example (Dual WAN Ports, After Rollover)
VPN Telecommuter (Client-to-Gateway Through a NAT Router)
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts
Network Planning 3-13
Figure 3-18: Dual gateway WAN ports, after rollover, for VPN telecommuter
Figure 3-17: Dual gateway WAN ports, before rollover, for VPN telecommuter
Telecommuter Example (Dual WAN Ports, Before Rollover)
Page
Chapter 4 Connecting the FVS124G to the Internet
What You Will Need to Do Before You Begin
Page
Cabling and Computer Hardware Requirements
Computer Network Configuration Requirements
Internet Configuration Requirements
Where Do I Get the Internet Configuration Parameters?
Record Your Internet Connection Information
Connecting the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Step 1: Physically Connect the VPN Firewall to Your Network (Required)
Step 2: Log in to the VPN Firewall (Required)
Step 3: Configure the Internet Connections to Your ISPs (Required)
Page
Page
Page
Page
Page
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
4-14 Connecting the FVS124G to the Internet
Table 4-1. Traffic meter
Step 4: Configure the WAN Mode (Required for Dual WAN)
Page
Page
Page
Page
Step 5: Configure Dynamic DNS (If Needed)
Page
Page
Step 6: Configure the WAN Options (If Needed)
Page
Page
Configuring LAN TCP/IP Setup Parameters
Page
Using the Firewall as a DHCP server
Using Address Reservation
Multi Home LAN IPs
Configuring Static Routes
Page
Page
Chapter 6 Firewall Protection and Content Filtering
Firewall Protection and Content Filtering Overview
Using Rules to Block or Allow Specific Kinds of Traffic
Page
Page
Services-Based Rules
Page
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-6 Firewall Protection and Content Filtering
Table 6-1. Inbound Services
Page
Page
Page
Page
Page
Page
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts
Firewall Protection and Content Filtering 6-13
Note: See Source MAC Filtering on page 6-27 for yet another way to block outbound
traffic from selected PCs that would otherwise be allowed by the firewall.
Table 6-1. Outbound Services
Page
Page
Page
Page
Page
Page
Managing Groups and Hosts
Page
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-22 Firewall Protection and Content Filtering
Using a Schedule to Block or Allow Specific Traffic
Table 6-3. Groups and hosts
Page
Time Zone
Block Sites
Page
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-26 Firewall Protection and Content Filtering
Table 6-4. Block Sites
Source MAC Filtering
Port Triggering
Page
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-30 Firewall Protection and Content Filtering
Getting E-Mail Notifications of Event Logs and Alerts
Table 6-6. Port Triggering
Page
Page
Syslog
Viewing Logs of Web Access or Attempted Web Access
Page
Administrator Information
Page
Chapter 7 Virtual Private Networking
Dual WAN Port Systems
Rollover vs. Load Balancing Mode
Fully Qualified Domain Names
Page
Page
Creating a VPN Connection: Between FVX538 and FVS124G
Configuring the FVX538
Page
Page
Page
Configuring the FVS124G
Page
Testing the Connectio n
Creating a VPN Connection: Netgear VPN Client to FVS124G
Configuring the FVS124G
Configuring the VPN Client
Page
Page
Page
Page
Page
Page
Page
Testing the Connectio n
Page
Page
Chapter 8 Router and Network Management
Performance Management
Bandwidth Capacity
VPN Firewall Features That Reduce Traffic
Page
VPN Firewall Features That Increase Traffic
Page
Page
Using QoS to Shift the Traffic Mix
Tools for Traffic Management
Administrator and Guest Access Authorization
Changing the Passwords and Login Timeout
Enabling Remote Management Access
Command Line Interface
Event Alerts
WAN Port Rollover
Traffic Limits Reached
Login Failures and Attacks
Page
Monitoring
Viewing VPN Firewall Status and Time Information
Page
Page
Page
WAN Ports
Page
Page
Page
Page
Firewall
Page
Page
VPN Tunnels
You can view the status of the VPN tunnels.
SNMP
Diagnostics
Page
Configuration File Management
Restoring and Backing Up the Configuration
Upgrading the Firewall Software
Erasing the Configuration (Factory Defaults Reset)
Page
Chapter 9 Troubleshooting
Basic Functioning
Power LED Not On
LEDs Never Turn Off
LAN or Internet Port LEDs Not On
Troubleshooting the W e b Configuration Interface
Troubleshooting the ISP Connection
Troubleshooting a TCP/IP Network Using a Ping Utility
Testing the LAN Path to Your Firewall
Testing the Path from Your PC to a Remote Device
Restoring the Default Configuration and Password
Problems with Date and Time
Page
Appendix A Technical Specifications
Page
Appendix B Network, Routing, Firewall, and Basics
Related Publications
Basic Router Concepts
What is a Router?
Routing Information Protocol
IP Addresses and the Internet
Page
Netmask
Subnet Addressing
Page
Private IP Addresses
Single IP Address Operation Using NAT
MAC Addresses and Address Resolution Protocol
Related Documents
Domain Name Server
IP Configuration by DHCP
Internet Security and Firewalls
What is a Firewall?
Ethernet Cabling
Category 5 Cable Quality
Inside Twisted Pair Cables
Uplink Switches, Crossover Cables, and MDI/MDIX Switching
Page
Page
Appendix C Preparing Your Network
Preparing Your Computers for TCP/IP Networking
Configuring Windows 95, 98, and Me for TCP/IP Networking
Install or Verify Windows Networking Components
Page
Enabling DHCP to Automatically Configure TCP/IP Settings
Locate your Network Neighborhood icon.
Page
Selecting Windows Internet Access Method
Verifying TCP/IP Properties
Configuring Windows NT4, 2000 or XP for IP Networking
Install or Verify Windows Networking Components
Enabling DHCP to Automatically Configure TCP/IP Settings
DHCP Configuration of TCP/IP in Windows XP
Page
DHCP Configuration of TCP/IP in Windows 2000
Page
Page
DHCP Configuration of TCP/IP in Windows NT4
Page
Verifying TCP/IP Properties for Windows XP, 2000, and NT4
Configuring the Macintosh for TCP/IP Networking
MacOS 8.6 or 9.x
MacOS X
Verifying TCP/IP Properties for Macintosh Computers
Verifying the Readiness of Your Internet Account
Are Login Protocols Used?
What Is Your Configuration Information?
Obt aining ISP Configuration Information for W indows Computers
Obtaining ISP Configuration Information for Macintosh Computers
Restarting the Network
Page
Appendix D Virtual Private Networking
What is a VPN?
What Is IPSec and How Does It Work?
IPSec Security Features
IPSec Components
Encapsulating Security Payload (ESP)
Authentication Header (AH)
IKE Security Association
Page
Key Management
Understand the Process Before You Begin
VPN Process Overview
Network Interfaces and Addresses
Setting Up a VPN Tunnel Between Gateways
VPN Gateway A VPN Gateway B
VPN Tunnel
IPSec Security Association IKE VPN Tunnel Negotiation Steps
VPNC IKE Security Parameters
VPNC IKE Phase I Parameters
VPNC IKE Phase II Parameters
Testing and Troubleshooting
Additional Reading
Page
Glossary
List of Glossary Terms
Use the list below to find definitions for technical terms used in this manual.
Numeric
A
B
C
D
E
G
I
L
M
P
Q
R
S
T
U
W