Main
Tech nica l Sup port
Trademarks
Statement of Conditions
Revision History
Page
Contents
Chapter 1 Introduction
Chapter 2 Internet and Broadband Settings
Chapter 3 LAN Configuration
Chapter 4 Wireless Configuration and Security
Chapter 5 Firewall Protection
Chapter 6 Virtual Private Networking Using IPSec and L2TP Connections
Chapter 7 Virtual Private Networking Using SSL Connections
Chapter 8 Manage Users, Authentication, and VPN Certificates
Chapter 9 Network and System Management
Chapter 10 Monitor System Access and Performance
Chapter 11 Troubleshooting
Page
What Is the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N?
Key Features and Capabilities
Wireless Features
Advanced VPN Support for Both IPSec and SSL
A Powerful, True Firewall
Security Features
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
Package Contents
Hardware Features
Front Panel
Page
Introduction
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Table 1. LED descriptions (continued)
Rear Panel
Bottom Panel with Product Label
Choose a Location for the Wireless VPN Firewall
Log In to the Wireless VPN Firewall
Page
Web Management Interface Menu Layout
Page
Requirements for Entering IP Addresses
IPv4
IPv6
Internet and WAN Configuration Tasks
Tasks to Set Up an IPv4 Internet Connection to Your ISP
Tasks to Set Up an IPv6 Internet Connection to Your ISP
Configure the IPv4 Internet Connection and WAN Settings
Configure the IPv4 WAN Mode
Network Address Translation
Classical Routing
Configure the IPv4 Routing Mode
Let the Wireless VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection
Page
Page
Manually Configure an IPv4 Internet Connection
Figure 13.
Table 3. PPTP and PPPoE settings
Table 3. PPTP and PPPoE settings (continued)
Figure 14.
Table 4. Internet IP address settings
Table 5. DNS server settings
Configure the IPv6 Internet Connection and WAN Settings
Configure the IPv6 Routing Mode
Use a DHCPv6 Server to Configure an IPv6 Internet Connection
Page
Configure a Static IPv6 Internet Connection
Page
Configure 6to4 Automatic Tunneling
Configure ISATAP Automatic Tunnelling
Page
Page
View the Tunnel Status and IPv6 Addresses
Configure Dynamic DNS
Page
Configure Advanced WAN Options and Other Tasks
Figure 27.
Table 9. Broadband Advanced Options screen settings
Table 9. Broadband Advanced Options screen settings (continued)
Additional WAN-Related Configuration Tasks
Verify the Connection
What to Do Next
Manage IPv4 Virtual LANs and DHCP Options
Port-B ased VLAN s
Assign and Manage VLAN Profiles
VLAN DHCP Options
DHCP Server
DHCP Relay
DNS Proxy
LDAP Server
Configure a VLAN Profile
Page
Table 10. Add VLAN Profile screen settings
Table 10. Add VLAN Profile screen settings (continued)
Table 10. Add VLAN Profile screen settings (continued)
Configure VLAN MAC Addresses and LAN Advanced Settings
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN
Page
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
Manage the Network Database
Add Computers or Devices to the Network Database
Edit Computers or Devices in the Network Database
Deleting Computers or Devices from the Network Database
Change Group Names in the Network Database
Set Up DHCP Address Reservation
Manage the IPv6 LAN
DHCPv6 Server Options
Stateless DHCPv6 Server
Stateless DHCPv6 Server With Prefix Delegation
Stateful DHCPv6 Server
Configure the IPv6 LAN
Table 12. LAN Setup screen settings for IPv6
IPv6 LAN Address Pools
To add an IPv6 LAN address pool:
Table 12. LAN Setup screen settings for IPv6 (continued)
Page
IPv6 LAN Prefixes for Prefix Delegation
Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the LAN
Page
Advertisement Prefixes for the LAN
Page
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic
DMZ Port for IPv4 Traffic
Figure 42.
Table 17. DMZ Setup screen settings for IPv4
Table 17. DMZ Setup screen settings for IPv4 (continued)
3. Click Apply to save your settings.
DMZ Port for IPv6 Traffic
Table 17. DMZ Setup screen settings for IPv4 (continued)
Page
Table 18. DMZ Setup screen settings for IPv6
IPv6 DMZ Address Pools
Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the DMZ
Page
Figure 45.
4. Enter the settings as explained in the following table:
Table 21. RADVD screen settings for the DMZ
Advertisement Prefixes for the DMZ
Page
Manage Static IPv4 Routing
Configure Static IPv4 Routes
Figure 48.
3. Enter the settings as explained in the following table:
4. Click Apply to save your settings. The new static route is added to the Static Routes table.
Table 23. Add Static Route screen settings for IPv4
Configure the Routing Information Protocol
Figure 49.
Table 24. RIP Configuration screen settings
Table 24. RIP Configuration screen settings (continued)
IPv4 Static Route Example
Manage Static IPv6 Routing
Page
Page
Overview of the Wireless Features
Wireless Equipment Placement and Range Guidelines
Configure the Basic Radio Settings
Table 26. Radio Settings screen settings (continued)
Operating Frequency (Channel) Guidelines
Wireless Data Security Options
Page
Wireless Security Profiles
Before You Change the SSID, WEP, and WPA Settings
Page
Configure and Enable Wireless Profiles
3. Specify the settings as explained in the following table:
Page
Table 28. Add Wireless Profiles screen settings (continued)
Page
Restrict Wireless Access by MAC Address
Page
View the Status of a Wireless Profile
Configure Wi-Fi Protected Setup
Page
Configure Advanced Radio Settings
3. Specify the settings as explained in the following table:
Table 30. Advanced Wireless screen settings
Test Basic Wireless Connectivity
About Firewall Protection
Administrator Tips
Overview of Rules to Block or Allow Specific Kinds of Traffic
Outbound Rules (Service Blocking)
Table 32. Outbound rules overview
Table 32. Outbound rules overview (continued)
Inbound Rules (Port Forwarding)
Page
Table 33. Inbound rules overview
Table 33. Inbound rules overview (continued)
Order of Precedence for Rules
Configure LAN WAN Rules
Page
Create LAN WAN Outbound Service Rules
IPv4 LAN WAN Outbound Rules
Page
IPv6 LAN WAN Outbound Rules
Create LAN WAN Inbound Service Rules
IPv4 LAN WAN Inbound Service Rules
IPv6 LAN WAN Inbound Rules
Configure DMZ WAN Rules
Page
Page
Create DMZ WAN Outbound Service Rules
IPv4 DMZ WAN Outbound Service Rules
IPv6 DMZ WAN Outbound Service Rules
Create DMZ WAN Inbound Service Rules
IPv4 DMZ WAN Inbound Service Rules
Page
IPv6 DMZ WAN Inbound Service Rules
Configure LAN DMZ Rules
Page
Create LAN DMZ Outbound Service Rules
IPv4 LAN DMZ Outbound Service Rules
IPv6 LAN DMZ Outbound Service Rules
Create LAN DMZ Inbound Service Rules
IPv4 LAN DMZ Inbound Service Rules
IPv6 LAN DMZ Inbound Service Rules
Examples of Firewall Rules
Examples of Inbound Firewall Rules
IPv4 LAN WAN Inbound Rule: Host a Local Public Web Server
Page
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Set Up One-to-One NAT Mapping
Page
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Specifying an Exposed Host
IPv6 LAN WAN Inbound Rule: Restrict RTelnet from a Single WAN User to a Single LAN User
Examples of Outbound Firewall Rules
IPv4 LAN WAN Outbound Rule: Block Instant Messenger
Page
Configure Other Firewall Features
Attack Checks
IPv4 Attack Checks
To enable IPv4 attack checks for your network environment:
Figure 86.
Table 34. Attack Checks screen settings for IPv4
Table 34. Attack Checks screen settings for IPv4 (continued)
IPv6 Attack Checks
Set Limits for IPv4 Sessions
Manage the Application Level Gateway for SIP Sessions
Services, Bandwidth Profiles, and QoS Profiles
Add Customized Services
Page
Page
Create Bandwidth Profiles
Figure 93.
Table 37. Add Bandwidth Profile screen settings
Preconfigured Quality of Service Profiles
Configure Content Filtering
Page
Page
Page
Set a Schedule to Block or Allow Specific Traffic
Enable Source MAC Filtering
Set Up IP/MAC Bindings
IPv4/MAC Bindings
Page
IPv6/MAC Bindings
Page
Configure Port Triggering
Page
Configure Universal Plug and Play
Page
Using IPSec and L2TP Connections
Use the IPSec VPN Wizard for Client and Gateway Configurations
Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard
Page
Figure 106.
2. Complete the settings as explained in the following table:
Table 41. IPSec VPN Wizard settings for an IPv4 gateway-to-gateway tunnel
Page
Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard
Page
Figure 111.
Table 42. IPSec VPN Wizard settings for an IPv6 gateway-to-gateway tunnel
Page
Create an IPv4 Client-to-Gateway VPN Tunnel with the Wizard
Use the VPN Wizard to Configure the Gateway for a Client Tunnel
2. Complete the settings as explained in the following table:
Table 43. IPSec VPN Wizard settings for a client-to-gateway tunnel
Use the NETGEAR VPN Client Wizard to Create a Secure Connection
Page
Page
Page
c. Specify the settings that are explained in the following table.
Table 45. VPN client advanced authentication settings
Manually Create a Secure Connection Using the NETGEAR VPN Client
Page
Page
Page
Page
Figure 127.
3. Specify the settings that are explained in the following table.
Table 48. VPN client IPSec configuration settings
Page
Test the Connection and View Connection and Status Information
Test the NETGEAR VPN Client Connection
Page
Page
View the Wireless VPN Firewall IPSec VPN Log
Manage IPSec VPN Policies
Manage IKE Policies
IKE Policies Screen
Manually Add or Edit an IKE Policy
Page
Table 51. Add IKE Policy screen settings
Page
Table 51. Add IKE Policy screen settings (continued)
Page
Manage VPN Policies
VPN Policies Screen
Page
Manually Add or Edit a VPN Policy
Page
Page
Table 53. Add New VPN Policy screen settings for IPv4 and IPv6
Page
Table 53. Add New VPN Policy screen settings for IPv4 and IPv6 (continued)
Configure Extended Authentication (XAUTH)
Configure XAUTH for VPN Clients
User Database Configuration
RADIUS Client and Server Configuration
Page
Assign IPv4 Addresses to Remote Users (Mode Config)
Mode Config Operation
Configure Mode Config Operation on the Wireless VPN Firewall
Page
Table 56. Add Mode Config Record screen settings
Page
Page
Table 57. Add IKE Policy screen settings for a Mode Config configuration
Table 57. Add IKE Policy screen settings for a Mode Config configuration (continued)
9. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table.
Configure the ProSafe VPN Client for Mode Config Operation
Table 57. Add IKE Policy screen settings for a Mode Config configuration (continued)
Page
Page
Page
Page
Figure 150.
3. Specify the settings that are explained in the following table.
Table 60. VPN client IPSec configuration settings (Mode Config)
Page
Test the Mode Config Connection
Modify or Delete a Mode Config Record
Configure Keep-Alives and Dead Peer Detection
Configure Keep-Alives
Configure Dead Peer Detection
Configure NetBIOS Bridging with IPSec VPN
Configure the L2TP Server
Page
View the Active L2TP Users
Using SSL Connections
SSL VPN Portal Options
Overview of the SSL Configuration Process
Create the Portal Layout
Page
Page
Table 65. Add Portal Layout screen settings
Configure Domains, Groups, and Users
Configure Applications for Port Forwarding
Add Servers and Port Numbers
Add a New Host Name
Configure the SSL VPN Client
Configure the Client IP Address Range
Figure 165. SSL VPN Client screen for IPv6
Table 67. SSL VPN Client screen settings for IPv4 and IPv6
Add Routes for VPN Tunnel Clients
Use Network Resource Objects to Simplify Policies
Add New Network Resources
Edit Network Resources to Specify Addresses
Page
Configure User, Group, and Global Policies
View Policies
Add an IPv4 or IPv6 SSL VPN Policy
Page
Table 69. Add SSL VPN Policy screen settings
Table 69. Add SSL VPN Policy screen settings (continued)
Access the New SSL Portal Login Screen
Page
Page
View the SSL VPN Connection Status
View the SSL VPN Log
Page
VPN Certificates
The Wireless VPN Firewalls Authentication Process and Options
Table 70. External authentication protocols and methods
Configure Authentication Domains, Groups, and Users
Configure Domains
Create Domains
Page
Table 71. Add Domain screen settings (continued)
Page
Edit Domains
Configure Groups
Create Groups
Edit Groups
Configure User Accounts
Page
Figure 181.
4. Click Apply to save your settings. The user is added to the List of Users table.
Table 73. Add Users screen settings
Set User Login Policies
Configure Login Policies
Configure Login Restrictions Based on IPv4 Addresses
Configure Login Restrictions Based on IPv6 Addresses
Page
Configure Login Restrictions Based on Web Browser
Change Passwords and Other User Settings
Page
Manage Digital Certificates for VPN Connections
VPN Certificates Screen
Manage VPN CA Certificates
Manage VPN Self-Signed Certificates
Generate a CSR and Obtain a Self-Signed Certificate from a CA
Page
Figure 190.
Table 77. Generate self-signed certificate request settings (continued)
View and Manage Self-Signed Certificates
Manage the VPN Certificate Revocation List
Performance Management
Bandwidth Capacity
Features That Reduce Traffic
LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service Blocking)
Content Filtering
Source MAC Filtering
Features That Increase Traffic
LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)
Port Trigg ering
DMZ Port
Exposed Hosts
VPN and L2TP Tunnels
Use QoS and Bandwidth Assignment to Shift the Traffic Mix
Set QoS Priorities
Assign Bandwidth Profiles
Monitoring Tools for Traffic Management
System Management
Change Passwords and Administrator and Guest Settings
Page
Configure Remote Management Access
Page
Page
Network and System Management
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
WARNING:
Table 78. Remote Management screen settings for IPv4 and IPv6
About Remote Access
Use a Simple Network Management Protocol Manager
Page
Page
Manage the Configuration File
Back Up Settings
Restore Settings
Revert to Factory Default Settings
Update the Firmware
Configure Date and Time Service
Page
Enable the WAN Traffic Meter
Page
Table 82. Broadband Traffic Meter screen settings
Configure Logging, Alerts, and Event Notifications
Page
Table 83. Firewall Logs & E-mail screen settings
Table 83. Firewall Logs & E-mail screen settings (continued)
How to Send Syslogs over a VPN Tunnel between Sites
Configure Gateway 1 at Site 1
Configure Gateway 2 at Site 2
Page
View Status Screens
View the System Status
Router Status Screen
The following table explains the fields of the Router Status screen:
Router Statistics Screen
To view the Router Statistics screen:
Table 84. Router Status screen information (continued)
Detailed Status Screen
Page
The following table explains the fields of the Detailed Status screen:
Table 86. Detailed Status screen information
Table 86. Detailed Status screen information (continued)
Tunnel Status Screen
Figure 207.
To view the status of the tunnels and IPv6 addresses:
Select Monitoring > Router Status > Tunnel Status. The Tunnel Status screen displays:
Table 86. Detailed Status screen information (continued)
View the VPN Connection Status and L2TP Users
View the VPN Logs
View the Port Triggering Status
View the WAN Port Status
IPv4 WAN Port Status
Figure 214.
Click Disconnect to disconnect the connection.
Table 88. Connection Status screen information for an IPv4 connection
IPv6 WAN Port Status
View the Attached Devices and the DHCP Log
View the Attached Devices
View the DHCP Log
View the Status of a Wireless Profile
Diagnostics Utilities
Page
Send a Ping Packet
Trace a Route
Look Up a DNS Address
Display the Routing Tables
Capture Packets in Real Time
Reboot the Wireless VPN Firewall Remotely
Page
Basic Functioning
Power LED Not On
Tes t LE D Ne ver Turn s Of f
LAN or WAN Port LEDs Not On
Troubleshoot the Web Management Interface
When You Enter a URL or IP Address, a Time-Out Error Occurs
Troubleshoot the ISP Connection
Page
Troubleshooting the IPv6 Connection
Page
Page
Troubleshoot a TCP/IP Network Using a Ping Utility
Test the LAN Path to Your Wireless VPN Firewall
Test the Path from Your Computer to a Remote Device
Restore the Default Configuration and Password
Address Problems with Date and Time
Access the Knowledge Base and Documentation
A
Specifications
Factory Default Settings
Page
Page
Page
Page
Page
Physical and Technical Specifications
The following table shows the physical and technical specifications for the wireless VPN firewall:
Table 92. Wireless VPN firewall physical and technical specifications
The following table shows the IPSec VPN specifications for the wireless VPN firewall:
Table 93. Wireless VPN firewall IPSec VPN specifications
Table 92. Wireless VPN firewall physical and technical specifications (continued)
The following table shows the SSL VPN specifications for the wireless VPN firewall:
The following table shows the wireless specifications for the wireless VPN firewall:
Table 94. Wireless VPN firewall SSL VPN specifications
Table 95. Wireless VPN firewall wireless specifications
Table 93. Wireless VPN firewall IPSec VPN specifications (continued)
Page
B
Why Do I Need Two-Factor Authentication?
What Are the Benefits of Two-Factor Authentication?
What Is Two-Factor Authentication?
NETGEAR Two-Factor Authentication Solutions
Page
Page
C
NETGEAR Wired Products
Page
Notification of Compliance (Wired)
Additional Copyrights
Notification of Compliance (Wired)
D
D. Notification of Compliance (Wireless)
NETGEAR Wireless Routers, Gateways, APs
Regulatory Compliance Information
Europe EU Declaration of Conformity
EDOC in Languages of the European Community
Page
FCC Requirements for Operation in the United States
FCC Information to User
FCC Guidelines for Human Exposure
FCC Declaration of Conformity
FCC Radio Frequency Interference Warnings & Instructions
Canadian Department of Communications Radio Interference Regulations
Industry Canada
IMPORTANT NOTE: Radiation Exposure Statement:
Caution:
NOTE IMPORTANTE: Dclaration d'exposition aux radiations:
Page
Index
Numerics
A
B
C
D
E
F
G
H
I
Page
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X