202-10085-01, March
Trademarks
Statement of Conditions
EN 55 022 Declaration of Conformance
Bestätigung des Herstellers/Importeurs
Certificate of the Manufacturer/Importer
Voluntary Control Council for Interference Vcci Statement
Additional Copyrights
202-10085-01, March
MD5
Product and Publication Details
Contents
Chapter Connecting the FVS124G to the Internet
Chapter LAN Configuration
Chapter Router and Network Management
Chapter Troubleshooting
Appendix C Preparing Your Network
Appendix D Virtual Private Networking
Glossary-5
Audience, Scope, Conventions, and Formats
Typographical Conventions
Manual Scope
How to Use This Manual
How to Print this Manual
Printing a Page in the Html View
About This Manual
Key Features of the VPN Firewall
Chapter Introduction
Powerful, True Firewall with Content Filtering
Security
Autosensing Ethernet Connections with Auto Uplink
Easy Installation and Management
Extensive Protocol Support
Package Contents
Router’s Front Panel
FVS124G Front Panel
Router’s Rear Panel
Object Activity Description
Router’s IP Address, Login Name, and Password
FVS124G Rear Panel
Logging into the Router
FVS124G Bottom Label
Default Factory Settings
Login screen on the Web browser
Factory Default Settings
Netgear Related Products
Introduction
Overview of the Planning Process
Inbound Traffic
Virtual Private Networks VPNs
Ports
Port rolls over, the VPN tunnel collapses and address
That the public and enabled
Inbound Traffic
Always change at
Virtual Private Networks VPNs
IP addressing requirements for VPNs in dual WAN port systems
Dual
VPN Road Warrior
Domain i.e., the IP
Road Warrior Example Single WAN Port
Road Warrior Example Dual WAN Ports, After Rollover
Gateway
Domain
For Improved Reliability
13, either of the gateway WAN
Gateway-to-Gateway Example Dual WAN Ports, After Rollover
VPN Telecommuter Client-to-Gateway Through a NAT Router
Gigabit LAN and Dual WAN Ports
Address to establish or re-establish a VPN Remote PC Or WAN2
Connecting the FVS124G to the Internet
What You Will Need to Do Before You Begin
Customer premises Route diversity WAN port Physical facility
Postulated WAN provisioning used in this document Internet
Computer Network Configuration Requirements
Cabling and Computer Hardware Requirements
Internet Configuration Requirements
Where Do I Get the Internet Configuration Parameters?
Record Your Internet Connection Information
Connect the firewall physically to your network required
Physically Connect the VPN Firewall to Your Network Required
Log in to the VPN Firewall Required
Configure the Internet Connections to Your ISPs Required
WAN1 and WAN2 Basic Settings and Setup Wizard Screens
WAN1 screens WAN2 screens
Internet connection methods
Connection Method Data Required
Connecting the FVS124G to the Internet
Manually Configuring Your Internet Connection
ISP Does Not Require Login
Programming the Traffic Meter if Desired
Traffic Meter screens
Traffic meter
Parameter Description
Configure the WAN Mode Required for Dual WAN
Rollover Setup
WAN Mode screen for auto-rollover
Load Balancing and Protocol Binding Setup
WAN Mode screen for load balancing and protocol binding
Connecting the FVS124G to the Internet
Configure Dynamic DNS If Needed
Dynamic DNS screens
Each DNS service provider requires its own parameters Figure
Dynamic DNS service provider screens
Configure the WAN Options If Needed
10 WAN Options Screens
Connecting the FVS124G to the Internet
Chapter LAN Configuration
Using the LAN IP Setup Options
Configuring LAN TCP/IP Setup Parameters
LAN IP Setup menu
LAN Configuration
Using the Firewall as a Dhcp server
Using Address Reservation
Groups and Hosts Entry screen
Configuring Static Routes
Multi Home LAN IPs
Static Routes Summary Table and Add screens
LAN Configuration
Firewall Protection and Content Filtering Overview
Using Rules to Block or Allow Specific Kinds of Traffic
Rules menu
Firewall Protection and Content Filtering
Services-Based Rules
Add Inbound Service Rules screen
Inbound Rules Port Forwarding
Inbound Services
Services menu see Customized Services on
Inbound Rule Example a Local Public Web Server
Inbound Rule Example One-to-One NAT Mapping
Rule example one-to-one NAT mapping
Rule example one-to-one NAT mapping on inbound services
Inbound Rule Example Exposed Host
Outbound Rules Service Blocking
Add Outbound Service Rules screen
Outbound Services
Block or Allow Specific Traffic on
QoS Priorities on
Outbound Rule Example Blocking Instant Messenger
Customized Services
10 Rules table with examples
11 Services and Add Custom Service screens
Quality of Service QoS Priorities
12 Setting and Overriding QoS priorities
Highest Default Lowest
Managing Groups and Hosts
13 Groups and Hosts screens
Using a Schedule to Block or Allow Specific Traffic
Groups and hosts
14 Schedule menu
Block Sites
Time Zone
Block Sites menu is shown in Figure
15 Block Sites menu
Block Sites
Filtering does not apply. See Managing Groups and Hosts on
Source MAC Filtering
16 Source MAC Filter screens
Port Triggering
Source MAC address filter
17 Port Triggering screens
Getting E-Mail Notifications of Event Logs and Alerts
Port Triggering
18 Logs and E-mail screens
Firewall Protection and Content Filtering
Viewing Logs of Web Access or Attempted Web Access
Syslog
19 Firewall Logs menu Log entry descriptions
Administrator Information
Log action buttons
Firewall Protection and Content Filtering
Rollover vs. Load Balancing Mode
Dual WAN Port Systems
Rollover Mode Setup Screen
Fully Qualified Domain Names
FVS124G Functional Block Diagram FVS124G Firewall Rest
Functional operation of FVS124G WAN ports for rollover mode
Load
Configuring the FVX538
Creating a VPN Connection Between FVX538 and FVS124G
Click Next
WAN IP address of remote FVS124G
IKE Policies
FVX538 VPN Policies screen
Configuring the FVS124G
10 FVX538-to-FVS124G VPN screen
11 VPN Wizard start
12 WAN IP address of remote FVX538
Testing the Connection
Creating a VPN Connection Netgear VPN Client to FVS124G
Configuring the VPN Client
14 VPN Wizard
15 New Client Connection screen
Give the New Connection a name, such as toFVS
16 New connection named
17 Remote client info
18 My Identity screen
Left frame, click on Security Policy
19 Pre-shared key
20 Client Security Policy screen
21 Client Authorization screen
22 Client Key Exchange screen
23 Client Connection Monitor screen
Virtual Private Networking
Performance Management
Bandwidth Capacity
VPN Firewall Features That Reduce Traffic
Service Blocking
Services
VPN Firewall Features That Increase Traffic
Block Sites
Source MAC Filtering
VPN tunnels
Port Forwarding
Port Triggering
Using QoS to Shift the Traffic Mix
Tools for Traffic Management
VPN Tunnels
Administrator and Guest Access Authorization
Changing the Passwords and Login Timeout
Enabling Remote Management Access
Remote Management screen
Command Line Interface
Https//134.177.0.1238080
Event Alerts
WAN Port Rollover
Traffic Limits Reached
Login Failures and Attacks
Traffic Limit Reached alert
Logs and email screen
Monitoring
Viewing VPN Firewall Status and Time Information
Firewall Status
Router Status screen
Time Information
Time information is found on the Schedules screen
Router Status
Time information on the Schedule screen
WAN Ports
WAN Port Connection Status
Dynamic DNS Status
Internet Traffic Information
LAN Ports and Attached Devices
Known PCs and Devices
10 Network Database screen
Known PCs and Devices table
Dhcp Log
Port Triggering Status
Firewall
You can view the log of the firewall activities
Port Triggering Status data
13 Logs and email screen
Invoke the Firewall Log screen from Logs and Email screen
14 Firewall Log screen invoked from Logs and Email screen
VPN Tunnels
You can view the status of the VPN tunnels
Diagnostics
16 Snmp Configuration screens
17 Diagnostics screen
Configuration File Management
Diagnostics
Options are described in the following sections
Be careful how you use these
Restoring and Backing Up the Configuration
Upgrading the Firewall Software
Erasing the Configuration Factory Defaults Reset
Be careful how you use this
Router and Network Management
Power LED Not On
Basic Functioning
LEDs Never Turn Off
LAN or Internet Port LEDs Not On
Troubleshooting the Web Configuration Interface
Troubleshooting the ISP Connection
Troubleshooting a TCP/IP Network Using a Ping Utility
Testing the LAN Path to Your Firewall
Click on OK You should see a message like this one
If the path is working, you see this message
Testing the Path from Your PC to a Remote Device
If the path is not working, you see this message
Restoring the Default Configuration and Password
Problems with Date and Time
Troubleshooting
Dimensions 15 x 7.5 x 4.75 Weight
Data and Routing Protocols
Voltage and amperage 12 VDC, 1.2A
Interface Specifications
10BASE-T or 100BASE-Tx, RJ-45
10BASE-T or 100BASE-Tx
Appendix B Network, Routing, Firewall, and Basics
Related Publications Basic Router Concepts
What is a Router?
IP Addresses and the Internet
Routing Information Protocol
Is normally written as
Three Main Address Classes
Netmask
Combined with
Equals
Subnet Addressing
Example of Subnetting a Class B Address
Netmask Notation Translation Table for One Octet
Netmask Formats
Private IP Addresses
Single IP Address Operation Using NAT
Single IP Address Operation Using NAT
MAC Addresses and Address Resolution Protocol
Related Documents
IP Configuration by Dhcp
Internet Security and Firewalls
Domain Name Server
What is a Firewall?
Denial of Service Attack
Ethernet Cabling
Stateful Packet Inspection
Table B-1 UTP Ethernet cable wiring, straight-through
Category 5 Cable Quality
Inside Twisted Pair Cables
Figure B-1illustrates straight-through twisted pair cable
Uplink Switches, Crossover Cables, and MDI/MDIX Switching
Network, Routing, Firewall, and Basics
Network, Routing, Firewall, and Basics
Appendix C Preparing Your Network
Preparing Your Computers for TCP/IP Networking
Configuring Windows 95, 98, and Me for TCP/IP Networking
Install or Verify Windows Networking Components
Preparing Your Network
Enabling Dhcp to Automatically Configure TCP/IP Settings
Locate your Network Neighborhood icon
Primary Network Logon is set to Windows logon
Selecting Windows’ Internet Access Method
Verifying TCP/IP Properties
Click OK to continue Restart the PC
Configuring Windows NT4, 2000 or XP for IP Networking
Dhcp Configuration of TCP/IP in Windows XP
Locate your Network Neighborhood icon
Preparing Your Network
Dhcp Configuration of TCP/IP in Windows
Preparing Your Network
Obtain an IP address automatically is selected
Dhcp Configuration of TCP/IP in Windows NT4
Preparing Your Network
Verifying TCP/IP Properties for Windows XP, 2000, and NT4
TCP/IP Properties dialog box now displays
Configuring the Macintosh for TCP/IP Networking
Default gateway is Type exit
MacOS 8.6 or
MacOS
Verifying TCP/IP Properties for Macintosh Computers
Are Login Protocols Used?
What Is Your Configuration Information?
Verifying the Readiness of Your Internet Account
Select the Gateway tab
Preparing Your Network
Restarting the Network
Preparing Your Network
What is a VPN?
Appendix D Virtual Private Networking
What Is IPSec and How Does It Work?
IPSec Security Features
IPSec Components
IPSec contains the following elements
Encapsulating Security Payload ESP
Authentication Header AH
IKE Security Association
Original packet and packet with IPSec ESP in Tunnel mode
Mode
Understand the Process Before You Begin
Key Management
VPN Process Overview
Interfaces and Addresses
Vpnc Example Network Interface Addressing
Setting Up a VPN Tunnel Between Gateways
Firewalls
WAN Internet/Public and LAN Internal/Private Addressing
Subnet Addressing
Exchange
IPSec Security Association IKE VPN Tunnel Negotiation Steps
Vpnc IKE Phase I Parameters
Vpnc IKE Security Parameters
Testing and Troubleshooting
Vpnc IKE Phase II Parameters
Additional Reading
Virtual Private Networking
List of Glossary Terms
Numeric
Adsl
Packet sent to all devices on a network
DSL
See Internet Control Message Protocol
Internet service provider
Megabits per second
Set of rules for communication between devices on a network
See Quality of Service
See Wide Area Network
Wins
Glossary