NETGEAR FVS124G - page 139

Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts

Router and Network Management 8-5

202-10085-01, March 2005

•VPN tunnels

Port Forwarding

The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal

data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the

service is unavailable). You can also create additional firewall rules that are customized to block or

allow specific traffic.

Note: This feature is for Advanced Administrators only! Incorrect configuration will cause serious

problems.

You can control specific inbound traffic (i.e., from WAN to LAN). Inbound Services lists all

existing rules for inbound traffic. If you have not defined any rules, only the default rule will be

listed. The default rule blocks all inboun d traffic.

Each rule lets you specify the desired action for the connections covered by the rule:

•BLOCK always

• BLOCK by schedule, otherwise Allow

• ALLOW always

• ALLOW by schedule, otherwise Block

You can also enable a check on special rules:

• VPN Passthrough—Enable this to pass the VPN traffic without any filtering, specially used

when this firewall is between two VPN tunnel end points.

• Drop fragmented IP packets—Enable this to drop the fragmented IP packets.

• UDP Flooding—Enable this to limit the number of UDP sessions created from one LAN

machine.

• TCP Flooding—Enable this to protect the router from Syn flood attack.

• Enable DNS Proxy—Enable this to allow the incoming DNS queries.

• Enable Stealth Mode—Enable this to set the firewall to operate in stealth mode.

As you define your firewall rules, you can further refine their application according to the

following criteria:

• LAN users—These settings determine which computers on your network are affected by this

rule. Select the desired IP Address in this field.

Contents

Main 2 202-10085-01, March 2005 Trademarks Statement of Conditions Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice EN 55 022 Declaration of Conformance Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports -4 Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -5 202-10085-01, March 2005 Product and Publication Details Contents Page Page Page Page Page Page Page Chapter 1 About This Manual Audience, Scope, Conventions, and Formats How to Use This Manual How to Print this Manual Page Chapter 2 Introduction Key Features of the VPN Firewall Dual WAN Ports for Increased Reliability or Outbound Load Balancing A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents The Routers Front Panel Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-7 The Routers Rear Panel Table 2-1. FVS124G front panel The Routers IP Address, Login Name, and Password Logging into the Router Default Factory Settings NETGEAR Related Products Page Chapter 3 Network Planning Overview of the Planning Process Inbound Traffic Virtual Private Networks (VPNs) The Rollover Case for Firewalls With Dual WAN Ports The Load Balancing Case for Firewalls With Dual WAN Ports Inbound Traffic Inbound Traffic to Single WAN Port (Reference Case) Inbound Traffic to Dual WAN Port Systems Page Virtual Private Networks (VPNs) VPN Road Warrior (Client-to-Gateway) Page Page VPN Gateway-to-Gateway Page Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-11 Figure 3-14: Dual gateway WAN ports, after rollover, for gateway-to-gateway VPN tunnels Figure 3-15: Dual gateway WAN ports (load balancing case) for gateway-to-gateway VPN tunnels Gateway-to-Gateway Example (Dual WAN Ports, After Rollover) VPN Telecommuter (Client-to-Gateway Through a NAT Router) Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-13 Figure 3-18: Dual gateway WAN ports, after rollover, for VPN telecommuter Figure 3-17: Dual gateway WAN ports, before rollover, for VPN telecommuter Telecommuter Example (Dual WAN Ports, Before Rollover) Page Chapter 4 Connecting the FVS124G to the Internet What You Will Need to Do Before You Begin Page Cabling and Computer Hardware Requirements Computer Network Configuration Requirements Internet Configuration Requirements Where Do I Get the Internet Configuration Parameters? Record Your Internet Connection Information Connecting the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 1: Physically Connect the VPN Firewall to Your Network (Required) Step 2: Log in to the VPN Firewall (Required) Step 3: Configure the Internet Connections to Your ISPs (Required) Page Page Page Page Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 4-14 Connecting the FVS124G to the Internet Table 4-1. Traffic meter Step 4: Configure the WAN Mode (Required for Dual WAN) Page Page Page Page Step 5: Configure Dynamic DNS (If Needed) Page Page Step 6: Configure the WAN Options (If Needed) Page Page Configuring LAN TCP/IP Setup Parameters Page Using the Firewall as a DHCP server Using Address Reservation Multi Home LAN IPs Configuring Static Routes Page Page Chapter 6 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview Using Rules to Block or Allow Specific Kinds of Traffic Page Page Services-Based Rules Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-6 Firewall Protection and Content Filtering Table 6-1. Inbound Services Page Page Page Page Page Page Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6-13 Note: See Source MAC Filtering on page 6-27 for yet another way to block outbound traffic from selected PCs that would otherwise be allowed by the firewall. Table 6-1. Outbound Services Page Page Page Page Page Page Managing Groups and Hosts Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-22 Firewall Protection and Content Filtering Using a Schedule to Block or Allow Specific Traffic Table 6-3. Groups and hosts Page Time Zone Block Sites Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-26 Firewall Protection and Content Filtering Table 6-4. Block Sites Source MAC Filtering Port Triggering Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-30 Firewall Protection and Content Filtering Getting E-Mail Notifications of Event Logs and Alerts Table 6-6. Port Triggering Page Page Syslog Viewing Logs of Web Access or Attempted Web Access Page Administrator Information Page Chapter 7 Virtual Private Networking Dual WAN Port Systems Rollover vs. Load Balancing Mode Fully Qualified Domain Names Page Page Creating a VPN Connection: Between FVX538 and FVS124G Configuring the FVX538 Page Page Page Configuring the FVS124G Page Testing the Connectio n Creating a VPN Connection: Netgear VPN Client to FVS124G Configuring the FVS124G Configuring the VPN Client Page Page Page Page Page Page Page Testing the Connectio n Page Page Chapter 8 Router and Network Management Performance Management Bandwidth Capacity VPN Firewall Features That Reduce Traffic Page VPN Firewall Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Administrator and Guest Access Authorization Changing the Passwords and Login Timeout Enabling Remote Management Access Command Line Interface Event Alerts WAN Port Rollover Traffic Limits Reached Login Failures and Attacks Page Monitoring Viewing VPN Firewall Status and Time Information Page Page Page WAN Ports Page Page Page Page Firewall Page Page VPN Tunnels You can view the status of the VPN tunnels. SNMP Diagnostics Page Configuration File Management Restoring and Backing Up the Configuration Upgrading the Firewall Software Erasing the Configuration (Factory Defaults Reset) Page Chapter 9 Troubleshooting Basic Functioning Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the W e b Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Technical Specifications Page Appendix B Network, Routing, Firewall, and Basics Related Publications Basic Router Concepts What is a Router? Routing Information Protocol IP Addresses and the Internet Page Netmask Subnet Addressing Page Private IP Addresses Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related Documents Domain Name Server IP Configuration by DHCP Internet Security and Firewalls What is a Firewall? Ethernet Cabling Category 5 Cable Quality Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Page Page Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Page Enabling DHCP to Automatically Configure TCP/IP Settings Locate your Network Neighborhood icon. Page Selecting Windows Internet Access Method Verifying TCP/IP Properties Configuring Windows NT4, 2000 or XP for IP Networking Install or Verify Windows Networking Components Enabling DHCP to Automatically Configure TCP/IP Settings DHCP Configuration of TCP/IP in Windows XP Page DHCP Configuration of TCP/IP in Windows 2000 Page Page DHCP Configuration of TCP/IP in Windows NT4 Page Verifying TCP/IP Properties for Windows XP, 2000, and NT4 Configuring the Macintosh for TCP/IP Networking MacOS 8.6 or 9.x MacOS X Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used? What Is Your Configuration Information? Obt aining ISP Configuration Information for W indows Computers Obtaining ISP Configuration Information for Macintosh Computers Restarting the Network Page Appendix D Virtual Private Networking What is a VPN? What Is IPSec and How Does It Work? IPSec Security Features IPSec Components Encapsulating Security Payload (ESP) Authentication Header (AH) IKE Security Association Page Key Management Understand the Process Before You Begin VPN Process Overview Network Interfaces and Addresses Setting Up a VPN Tunnel Between Gateways VPN Gateway A VPN Gateway B VPN Tunnel IPSec Security Association IKE VPN Tunnel Negotiation Steps VPNC IKE Security Parameters VPNC IKE Phase I Parameters VPNC IKE Phase II Parameters Testing and Troubleshooting Additional Reading Page Glossary List of Glossary Terms Use the list below to find definitions for technical terms used in this manual. Numeric A B C D E G I L M P Q R S T U W