NETGEAR FVS124G - page 34

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

3-4 Network Planning

202-10085-01, March 2005

Inbound Traffic: Dual WAN Ports for Improved Reliability

In the dual WAN port case with rollover (Figure 3-4), the WAN’s IP address will always change at

rollover. A fully-qualified domain name must be used that toggles between the IP addresses of the

WAN ports (i.e., WAN1 or WAN2).

Figure 3-4: Inbound traffi c to dual WAN ports, before and after rollover

Inbound Traffic: Dual WAN Ports for Load Balancing

In the dual WAN port case for load balancing (Figure 3-5), the Internet address of each WAN port

is either fixed if the IP address is fixed or a fully-qualified domain name if the IP address is

dynamic.

Figure 3-5: Inbound traffic to dual WAN ports for load balancing

Note: Load balancing is implemented for outgoing traffic and not for incoming traffic.

Consider making one of the WAN port Internet addresses public and keeping the other

one private in order to maintain better control of WAN port traffic.

Router

netgear.dyndns.org

WAN1 IP

Dual WAN Ports (Before Rollover)

WAN2 IP (N/A)

WAN2 port inactive

Router

WAN1 port inactive

WAN1 IP (N/A)

Dual WAN Ports (After Rollover)

WAN2 IP

netgear.dyndns.org

IP address of active WAN port changes after a rollover (use of fully-qualified domain names always required)

XX

XX

Router

netgear1.dyndns.org

WAN1 IP

Dual WAN Ports (Load Balancing)

WAN2 IP

netgear2.dyndns.org

IP addresses of WAN ports:

use of fully-qualified domain names

required for dynamic IP addresses

and optional for fixed IP addresses

Contents

Main 2 202-10085-01, March 2005 Trademarks Statement of Conditions Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice EN 55 022 Declaration of Conformance Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports -4 Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -5 202-10085-01, March 2005 Product and Publication Details Contents Page Page Page Page Page Page Page Chapter 1 About This Manual Audience, Scope, Conventions, and Formats How to Use This Manual How to Print this Manual Page Chapter 2 Introduction Key Features of the VPN Firewall Dual WAN Ports for Increased Reliability or Outbound Load Balancing A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents The Routers Front Panel Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-7 The Routers Rear Panel Table 2-1. FVS124G front panel The Routers IP Address, Login Name, and Password Logging into the Router Default Factory Settings NETGEAR Related Products Page Chapter 3 Network Planning Overview of the Planning Process Inbound Traffic Virtual Private Networks (VPNs) The Rollover Case for Firewalls With Dual WAN Ports The Load Balancing Case for Firewalls With Dual WAN Ports Inbound Traffic Inbound Traffic to Single WAN Port (Reference Case) Inbound Traffic to Dual WAN Port Systems Page Virtual Private Networks (VPNs) VPN Road Warrior (Client-to-Gateway) Page Page VPN Gateway-to-Gateway Page Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-11 Figure 3-14: Dual gateway WAN ports, after rollover, for gateway-to-gateway VPN tunnels Figure 3-15: Dual gateway WAN ports (load balancing case) for gateway-to-gateway VPN tunnels Gateway-to-Gateway Example (Dual WAN Ports, After Rollover) VPN Telecommuter (Client-to-Gateway Through a NAT Router) Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-13 Figure 3-18: Dual gateway WAN ports, after rollover, for VPN telecommuter Figure 3-17: Dual gateway WAN ports, before rollover, for VPN telecommuter Telecommuter Example (Dual WAN Ports, Before Rollover) Page Chapter 4 Connecting the FVS124G to the Internet What You Will Need to Do Before You Begin Page Cabling and Computer Hardware Requirements Computer Network Configuration Requirements Internet Configuration Requirements Where Do I Get the Internet Configuration Parameters? Record Your Internet Connection Information Connecting the FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Step 1: Physically Connect the VPN Firewall to Your Network (Required) Step 2: Log in to the VPN Firewall (Required) Step 3: Configure the Internet Connections to Your ISPs (Required) Page Page Page Page Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 4-14 Connecting the FVS124G to the Internet Table 4-1. Traffic meter Step 4: Configure the WAN Mode (Required for Dual WAN) Page Page Page Page Step 5: Configure Dynamic DNS (If Needed) Page Page Step 6: Configure the WAN Options (If Needed) Page Page Configuring LAN TCP/IP Setup Parameters Page Using the Firewall as a DHCP server Using Address Reservation Multi Home LAN IPs Configuring Static Routes Page Page Chapter 6 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview Using Rules to Block or Allow Specific Kinds of Traffic Page Page Services-Based Rules Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-6 Firewall Protection and Content Filtering Table 6-1. Inbound Services Page Page Page Page Page Page Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6-13 Note: See Source MAC Filtering on page 6-27 for yet another way to block outbound traffic from selected PCs that would otherwise be allowed by the firewall. Table 6-1. Outbound Services Page Page Page Page Page Page Managing Groups and Hosts Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-22 Firewall Protection and Content Filtering Using a Schedule to Block or Allow Specific Traffic Table 6-3. Groups and hosts Page Time Zone Block Sites Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-26 Firewall Protection and Content Filtering Table 6-4. Block Sites Source MAC Filtering Port Triggering Page Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 6-30 Firewall Protection and Content Filtering Getting E-Mail Notifications of Event Logs and Alerts Table 6-6. Port Triggering Page Page Syslog Viewing Logs of Web Access or Attempted Web Access Page Administrator Information Page Chapter 7 Virtual Private Networking Dual WAN Port Systems Rollover vs. Load Balancing Mode Fully Qualified Domain Names Page Page Creating a VPN Connection: Between FVX538 and FVS124G Configuring the FVX538 Page Page Page Configuring the FVS124G Page Testing the Connectio n Creating a VPN Connection: Netgear VPN Client to FVS124G Configuring the FVS124G Configuring the VPN Client Page Page Page Page Page Page Page Testing the Connectio n Page Page Chapter 8 Router and Network Management Performance Management Bandwidth Capacity VPN Firewall Features That Reduce Traffic Page VPN Firewall Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Administrator and Guest Access Authorization Changing the Passwords and Login Timeout Enabling Remote Management Access Command Line Interface Event Alerts WAN Port Rollover Traffic Limits Reached Login Failures and Attacks Page Monitoring Viewing VPN Firewall Status and Time Information Page Page Page WAN Ports Page Page Page Page Firewall Page Page VPN Tunnels You can view the status of the VPN tunnels. SNMP Diagnostics Page Configuration File Management Restoring and Backing Up the Configuration Upgrading the Firewall Software Erasing the Configuration (Factory Defaults Reset) Page Chapter 9 Troubleshooting Basic Functioning Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the W e b Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Technical Specifications Page Appendix B Network, Routing, Firewall, and Basics Related Publications Basic Router Concepts What is a Router? Routing Information Protocol IP Addresses and the Internet Page Netmask Subnet Addressing Page Private IP Addresses Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related Documents Domain Name Server IP Configuration by DHCP Internet Security and Firewalls What is a Firewall? Ethernet Cabling Category 5 Cable Quality Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Page Page Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Page Enabling DHCP to Automatically Configure TCP/IP Settings Locate your Network Neighborhood icon. Page Selecting Windows Internet Access Method Verifying TCP/IP Properties Configuring Windows NT4, 2000 or XP for IP Networking Install or Verify Windows Networking Components Enabling DHCP to Automatically Configure TCP/IP Settings DHCP Configuration of TCP/IP in Windows XP Page DHCP Configuration of TCP/IP in Windows 2000 Page Page DHCP Configuration of TCP/IP in Windows NT4 Page Verifying TCP/IP Properties for Windows XP, 2000, and NT4 Configuring the Macintosh for TCP/IP Networking MacOS 8.6 or 9.x MacOS X Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used? What Is Your Configuration Information? Obt aining ISP Configuration Information for W indows Computers Obtaining ISP Configuration Information for Macintosh Computers Restarting the Network Page Appendix D Virtual Private Networking What is a VPN? What Is IPSec and How Does It Work? IPSec Security Features IPSec Components Encapsulating Security Payload (ESP) Authentication Header (AH) IKE Security Association Page Key Management Understand the Process Before You Begin VPN Process Overview Network Interfaces and Addresses Setting Up a VPN Tunnel Between Gateways VPN Gateway A VPN Gateway B VPN Tunnel IPSec Security Association IKE VPN Tunnel Negotiation Steps VPNC IKE Security Parameters VPNC IKE Phase I Parameters VPNC IKE Phase II Parameters Testing and Troubleshooting Additional Reading Page Glossary List of Glossary Terms Use the list below to find definitions for technical terms used in this manual. Numeric A B C D E G I L M P Q R S T U W