Main
Tech nica l Sup port
Trademarks
Statement of Conditions
Revision History
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Contents
Chapter 1 Introduction
Chapter 2 IPv4 and IPv6 Internet and Broadband Settings
Chapter 3 LAN Configuration
Chapter 4 Wireless Configuration and Security
Chapter 5 Firewall Protection
Chapter 6 Virtual Private Networking Using IPSec and L2TP Connections
Chapter 7 Virtual Private Networking Using SSL Connections
Chapter 8 Manage Users, Authentication, and VPN Certificates
Chapter 9 Network and System Management
Chapter 10 Monitor System Access and Performance
Chapter 11 Troubleshooting
Page
What Is the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N?
Key Features and Capabilities
Wireless Features
Advanced VPN Support for Both IPSec and SSL
A Powerful, True Firewall
Security Features
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
Package Contents
Hardware Features
Front Panel
Page
Introduction
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Table 1. LED descriptions (continued)
Rear Panel
Bottom Panel with Product Label
Choose a Location for the Wireless VPN Firewall
Log In to the Wireless VPN Firewall
Page
Web Management Interface Menu Layout
Page
Requirements for Entering IP Addresses
IPv4
IPv6
Settings
Internet and WAN Configuration Tasks
Tasks to Set Up an IPv4 Internet Connection to Your ISP
Tasks to Set Up an IPv6 Internet Connection to Your ISP
Configure the IPv4 Internet Connection and WAN Settings
Configure the IPv4 WAN Mode
Network Address Translation
Classical Routing
Configure the IPv4 Routing Mode
Let the Wireless VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection
Page
Page
Manually Configure an IPv4 Internet Connection
Figure 13.
Table 3. PPTP and PPPoE settings
Table 3. PPTP and PPPoE settings (continued)
Figure 14.
Table 4. Internet IP address settings
Table 5. DNS server settings
Configure Dynamic DNS
Page
Configure the IPv6 Internet Connection and WAN Settings
Configure the IPv6 Routing Mode
Use a DHCPv6 Server to Configure an IPv6 Internet Connection
Page
Configure a Static IPv6 Internet Connection
Page
Configure a PPPoE IPv6 Internet Connection
Page
Page
Configure 6to4 Automatic Tunneling
Configure ISATAP Automatic Tunneling
Page
View the Tunnel Status and IPv6 Addresses
Configure Stateless IP/ICMP Translation
Configure Advanced WAN Options and Other Tasks
Figure 29.
Table 10. Broadband Advanced Options screen settings
4. Click Apply to save your changes.
Table 10. Broadband Advanced Options screen settings (continued)
Additional WAN-Related Configuration Tasks
Verify the Connection
What to Do Next
Manage IPv4 Virtual LANs and DHCP Options
Port-B ased VLAN s
Assign and Manage VLAN Profiles
VLAN DHCP Options
DHCP Server
DHCP Relay
DNS Proxy
LDAP Server
Configure a VLAN Profile
Page
Table 11. Add VLAN Profile screen settings
Table 11. Add VLAN Profile screen settings (continued)
Table 11. Add VLAN Profile screen settings (continued)
Configure VLAN MAC Addresses and LAN Advanced Settings
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN
Page
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
Manage the Network Database
Add Computers or Devices to the Network Database
Edit Computers or Devices in the Network Database
Deleting Computers or Devices from the Network Database
Change Group Names in the Network Database
Set Up DHCP Address Reservation
Manage the IPv6 LAN
DHCPv6 Server Options
Stateless DHCPv6 Server
Stateless DHCPv6 Server With Prefix Delegation
Stateful DHCPv6 Server
Configure the IPv6 LAN
Table 13. LAN Setup screen settings for IPv6
4. Click Apply to save your changes.
IPv6 LAN Address Pools
To add an IPv6 LAN address pool:
Table 13. LAN Setup screen settings for IPv6 (continued)
Page
IPv6 LAN Prefixes for Prefix Delegation
Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the LAN
Page
Advertisement Prefixes for the LAN
Page
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic
DMZ Port for IPv4 Traffic
Figure 44.
Table 18. DMZ Setup screen settings for IPv4
Table 18. DMZ Setup screen settings for IPv4 (continued)
3. Click Apply to save your settings.
DMZ Port for IPv6 Traffic
Table 18. DMZ Setup screen settings for IPv4 (continued)
Page
Table 19. DMZ Setup screen settings for IPv6
IPv6 DMZ Address Pools
Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the DMZ
Page
Figure 47.
4. Enter the settings as explained in the following table:
Table 22. RADVD screen settings for the DMZ
Advertisement Prefixes for the DMZ
Page
Manage Static IPv4 Routing
Configure Static IPv4 Routes
2. Click the Add table button under the Static Routes table. The Add Static Route screen displays:
Figure 50.
4. Click Apply to save your settings. The new static route is added to the Static Routes table.
3. Enter the settings as explained in the following table:
Table 24. Add Static Route screen settings for IPv4
Configure the Routing Information Protocol
Figure 51.
Table 25. RIP Configuration screen settings
Table 25. RIP Configuration screen settings (continued)
IPv4 Static Route Example
Manage Static IPv6 Routing
Page
Page
Overview of the Wireless Features
Wireless Equipment Placement and Range Guidelines
Configure the Basic Radio Settings
Table 27. Radio Settings screen settings (continued)
Operating Frequency (Channel) Guidelines
Wireless Data Security Options
Wireless Security Profiles
Page
Before You Change the SSID, WEP, and WPA Settings
Configure and Enable Wireless Profiles
3. Specify the settings as explained in the following table:
Page
Table 29. Add Wireless Profiles screen settings (continued)
Page
Restrict Wireless Access by MAC Address
Page
View the Status of a Wireless Profile
Configure Wi-Fi Protected Setup
Page
Configure Advanced Radio Settings
3. Specify the settings as explained in the following table:
Table 31. Advanced Wireless screen settings
Test Basic Wireless Connectivity
About Firewall Protection
Administrator Tips
Overview of Rules to Block or Allow Specific Kinds of Traffic
Outbound Rules (Service Blocking)
Table 33. Outbound rules overview
Table 33. Outbound rules overview (continued)
Inbound Rules (Port Forwarding)
Page
Table 34. Inbound rules overview
Table 34. Inbound rules overview (continued)
Order of Precedence for Rules
Configure LAN WAN Rules
Page
Create LAN WAN Outbound Service Rules
IPv4 LAN WAN Outbound Rules
Page
IPv6 LAN WAN Outbound Rules
Create LAN WAN Inbound Service Rules
IPv4 LAN WAN Inbound Service Rules
IPv6 LAN WAN Inbound Rules
Configure DMZ WAN Rules
Page
Page
Create DMZ WAN Outbound Service Rules
IPv4 DMZ WAN Outbound Service Rules
IPv6 DMZ WAN Outbound Service Rules
Create DMZ WAN Inbound Service Rules
IPv4 DMZ WAN Inbound Service Rules
Page
IPv6 DMZ WAN Inbound Service Rules
Configure LAN DMZ Rules
Page
Create LAN DMZ Outbound Service Rules
IPv4 LAN DMZ Outbound Service Rules
IPv6 LAN DMZ Outbound Service Rules
Create LAN DMZ Inbound Service Rules
IPv4 LAN DMZ Inbound Service Rules
IPv6 LAN DMZ Inbound Service Rules
Examples of Firewall Rules
Examples of Inbound Firewall Rules
IPv4 LAN WAN Inbound Rule: Host a Local Public Web Server
Page
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Set Up One-to-One NAT Mapping
Page
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Specifying an Exposed Host
Examples of Outbound Firewall Rules
Page
Configure Other Firewall Features
Attack Checks
IPv4 Attack Checks
To enable IPv4 attack checks for your network environment:
Figure 88.
Table 35. Attack Checks screen settings for IPv4
Table 35. Attack Checks screen settings for IPv4 (continued)
IPv6 Attack Checks
Set Limits for IPv4 Sessions
Manage the Application Level Gateway for SIP Sessions
Services, Bandwidth Profiles, and QoS Profiles
Add Customized Services
Page
Page
Create Bandwidth Profiles
Figure 95.
Table 38. Add Bandwidth Profile screen settings
Preconfigured Quality of Service Profiles
Configure Content Filtering
Page
Page
Page
Set a Schedule to Block or Allow Specific Traffic
Enable Source MAC Filtering
Set Up IP/MAC Bindings
IPv4/MAC Bindings
Page
IPv6/MAC Bindings
Page
Page
Configure Port Triggering
Page
Configure Universal Plug and Play
Page
Using IPSec and L2TP Connections
Use the IPSec VPN Wizard for Client and Gateway Configurations
Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard
Page
Figure 108.
2. Complete the settings as explained in the following table:
Table 42. IPSec VPN Wizard settings for an IPv4 gateway-to-gateway tunnel
Page
Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard
Page
Figure 113.
Table 43. IPSec VPN Wizard settings for an IPv6 gateway-to-gateway tunnel
Page
Create an IPv4 Client-to-Gateway VPN Tunnel with the Wizard
Use the VPN Wizard to Configure the Gateway for a Client Tunnel
2. Complete the settings as explained in the following table:
Table 44. IPSec VPN Wizard settings for a client-to-gateway tunnel
Use the NETGEAR VPN Client Wizard to Create a Secure Connection
Page
Page
Page
c. Specify the settings that are explained in the following table.
Table 46. VPN client advanced authentication settings
Manually Create a Secure Connection Using the NETGEAR VPN Client
Page
Page
Page
Page
Figure 129.
3. Specify the settings that are explained in the following table.
Table 49. VPN client IPSec configuration settings
Page
Test the Connection and View Connection and Status Information
Test the NETGEAR VPN Client Connection
Page
Page
View the Wireless VPN Firewall IPSec VPN Log
Manage IPSec VPN Policies
Manage IKE Policies
IKE Policies Screen
Manually Add or Edit an IKE Policy
Page
Table 52. Add IKE Policy screen settings
Page
Table 52. Add IKE Policy screen settings (continued)
Page
Manage VPN Policies
VPN Policies Screen
Figure 141.
Table 53. VPN Policies screen information for IPv4 and IPv6
Manually Add or Edit a VPN Policy
Page
Page
Table 54. Add New VPN Policy screen settings for IPv4 and IPv6
Page
Table 54. Add New VPN Policy screen settings for IPv4 and IPv6 (continued)
Configure Extended Authentication (XAUTH)
Configure XAUTH for VPN Clients
User Database Configuration
RADIUS Client and Server Configuration
Page
Table 56. RADIUS Client screen settings (continued)
Assign IPv4 Addresses to Remote Users (Mode Config)
Mode Config Operation
Configure Mode Config Operation on the Wireless VPN Firewall
Figure 146.
Table 57. Add Mode Config Record screen settings
Table 57. Add Mode Config Record screen settings (continued)
Page
Page
Table 58. Add IKE Policy screen settings for a Mode Config configuration
Table 58. Add IKE Policy screen settings for a Mode Config configuration (continued)
9. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table.
Configure the ProSafe VPN Client for Mode Config Operation
Table 58. Add IKE Policy screen settings for a Mode Config configuration (continued)
Page
Page
Page
Page
Page
Page
Test the Mode Config Connection
Modify or Delete a Mode Config Record
Configure Keep-Alives and Dead Peer Detection
Configure Keep-Alives
Configure Dead Peer Detection
Configure NetBIOS Bridging with IPSec VPN
Configure the L2TP Server
Page
View the Active L2TP Users
Using SSL Connections
SSL VPN Portal Options
Overview of the SSL Configuration Process
Create the Portal Layout
Page
Page
Table 66. Add Portal Layout screen settings
Configure Domains, Groups, and Users
Configure Applications for Port Forwarding
Add Servers and Port Numbers
Add a New Host Name
Configure the SSL VPN Client
Configure the Client IP Address Range
Figure 167. SSL VPN Client screen for IPv6
Table 68. SSL VPN Client screen settings for IPv4 and IPv6
Add Routes for VPN Tunnel Clients
Use Network Resource Objects to Simplify Policies
Add New Network Resources
Edit Network Resources to Specify Addresses
Page
Configure User, Group, and Global Policies
View Policies
Add an IPv4 or IPv6 SSL VPN Policy
Page
Table 70. Add SSL VPN Policy screen settings
Table 70. Add SSL VPN Policy screen settings (continued)
Access the New SSL Portal Login Screen
Page
Page
Page
View the SSL VPN Connection Status and SSL VPN Log
Page
VPN Certificates
The Wireless VPN Firewalls Authentication Process and Options
Table 71. External authentication protocols and methods
Configure Authentication Domains, Groups, and Users
Configure Domains
Create Domains
Page
Table 72. Add Domain screen settings (continued)
Page
Edit Domains
Configure Groups
Create Groups
Page
Edit Groups
Configure User Accounts
Page
Figure 185.
4. Click Apply to save your settings. The user is added to the List of Users table.
Table 74. Add Users screen settings
Set User Login Policies
Configure Login Policies
Configure Login Restrictions Based on IPv4 Addresses
Configure Login Restrictions Based on IPv6 Addresses
Page
Configure Login Restrictions Based on Web Browser
Change Passwords and Other User Settings
Page
Manage Digital Certificates for VPN Connections
VPN Certificates Screen
Manage VPN CA Certificates
Manage VPN Self-Signed Certificates
Generate a CSR and Obtain a Self-Signed Certificate from a CA
Page
Page
View and Manage Self-Signed Certificates
Manage the VPN Certificate Revocation List
Page
Performance Management
Bandwidth Capacity
Features That Reduce Traffic
LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service Blocking)
Content Filtering
Source MAC Filtering
Features That Increase Traffic
LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)
Page
Port Triggering
DMZ Port
Exposed Hosts
VPN and L2TP Tunnels
Use QoS and Bandwidth Assignment to Shift the Traffic Mix
Set QoS Priorities
Assign Bandwidth Profiles
Monitoring Tools for Traffic Management
System Management
Change Passwords and Administrator and Guest Settings
Page
Configure Remote Management Access
Page
Figure 199. Remote Management screen for IPv6
Table 79. Remote Management screen settings for IPv4 and IPv6
About Remote Access
Use the Command-Line Interface
Use a Simple Network Management Protocol Manager
Page
Page
Page
Network and System Management
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3. Click Apply to save your changes.
To configure the SNMP system information:
Figure 203.
Table 82. SNMP SysConfiguration screen settings
Table 81. Edit User screen settings for SNMPv3 users (continued)
Manage the Configuration File
Back Up Settings
Restore Settings
Revert to Factory Default Settings
Update the Firmware
Configure Date and Time Service
Page
Enable the WAN Traffic Meter
Page
Table 84. Broadband Traffic Meter screen settings
Configure Logging, Alerts, and Event Notifications
Page
Table 85. Firewall Logs & E-mail screen settings
Table 85. Firewall Logs & E-mail screen settings (continued)
How to Send Syslogs over a VPN Tunnel between Sites
Configure Gateway 1 at Site 1
Configure Gateway 2 at Site 2
View Status Screens
View the System Status
Router Status Screen
The following table explains the fields of the Router Status screen:
Router Statist ics Screen
To view the Router Statistics screen:
Table 86. Router Status screen information (continued)
Detailed Status Screen
Page
The following table explains the fields of the Detailed Status screen:
Table 88. Detailed Status screen information
Table 88. Detailed Status screen information (continued)
Tunnel Status Screen
View the VPN Connection Status and L2TP Users
View the VPN Logs
View the Port Triggering Status
View the WAN Port Status
IPv4 WAN Port Status
Figure 220.
Click Disconnect to disconnect the connection; click Connect to establish the connection.
Table 90. Connection Status screen information for an IPv4 connection
IPv6 WAN Port Status
View the Attached Devices and the DHCP Log
View the Attached Devices
View the DHCP Log
View the Status of a Wireless Profile
Diagnostics Utilities
Page
Send a Ping Packet
Trace a Route
Look Up a DNS Address
Display the Routing Tables
Capture Packets in Real Time
Reboot the Wireless VPN Firewall Remotely
Page
Basic Functioning
Power L ED Not On
Test LED Never Turns Off
LAN or WAN Port LEDs Not On
Troubleshoot the Web Management Interface
When You Enter a URL or IP Address, a Time-Out Error Occurs
Troubleshoot the ISP Connection
Troubleshooting the IPv6 Connection
Page
Page
Troubleshoot a TCP/IP Network Using a Ping Utility
Test the LAN Path to Your Wireless VPN Firewall
Test the Path from Your Computer to a Remote Device
Restore the Default Configuration and Password
Address Problems with Date and Time
Access the Knowledge Base and Documentation
A
Specifications
Factory Default Settings
Page
Page
Page
Page
Page
Physical and Technical Specifications
The following table shows the physical and technical specifications for the wireless VPN firewall:
Table 94. Wireless VPN firewall physical and technical specifications
Table 94. Wireless VPN firewall physical and technical specifications (continued)
The following table shows the IPSec VPN specifications for the wireless VPN firewall:
The following table shows the SSL VPN specifications for the wireless VPN firewall:
Table 95. Wireless VPN firewall IPSec VPN specifications
Table 96. Wireless VPN firewall SSL VPN specifications
The following table shows the wireless specifications for the wireless VPN firewall:
Table 97. Wireless VPN firewall wireless specifications
B
Why Do I Need Two-Factor Authentication?
What Are the Benefits of Two-Factor Authentication?
What Is Two-Factor Authentication?
NETGEAR Two-Factor Authentication Solutions
Page
Page
C
NETGEAR Wired Products
Page
Notification of Compliance (Wired)
Additional Copyrights
Notification of Compliance (Wired)
D
D. Notification of Compliance (Wireless)
NETGEAR Wireless Routers, Gateways, APs
Regulatory Compliance Information
Europe EU Declaration of Conformity
EDOC in Languages of the European Community
Page
FCC Requirements for Operation in the United States
FCC Information to User
FCC Guidelines for Human Exposure
FCC Declaration of Conformity
FCC Radio Frequency Interference Warnings & Instructions
Canadian Department of Communications Radio Interference Regulations
Industry Canada
IMPORTANT NOTE: Radiation Exposure Statement:
Caution:
NOTE IMPORTANTE: Dclaration d'exposition aux radiations:
Index
Numerics
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Page
Q
R
S
Page
T
U
V
W
X