Reference Manual for the ProSafe VPN Firewall FVS318v3

Each CA has its own certificate. The certificates of a CA are added to the FVS318v3 and then can be used to form IKE policies for the user. Once a CA certificate is added to the FVS318v3 and a certificate is created for a user, the corresponding IKE policy is added to the FVS318v3. Whenever the user tries to send traffic through the FVS318v3, the certificates are used in place of pre-shared keys during initial key exchange as the authentication and key generation mechanism. Once the keys are established and the tunnel is set up the connection proceeds according to the VPN policy.

Certificate Revocation List (CRL)

Each Certification Authority (CA) maintains a list of the revoked certificates. The list of these revoked certificates is known as the Certificate Revocation List (CRL).

Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVS318v3 obtained from the corresponding CA. If the certificate is not present in the CRL it means that the certificate is not revoked. IKE can then use this certificate for authentication. If the certificate is present in the CRL it means that the certificate is revoked, and the IKE will not authenticate the client.

You must manually update the FVS318v3 CRL regularly in order for the CA-based authentication process to remain valid.

Walk-Through of Configuration Scenarios on the FVS318v3

There are a variety of configurations you might implement with the FVS318v3. The scenarios listed below illustrate typical configurations you might use in your organization.

In order to help make it easier to set up an IPsec system, the following two scenarios are provided. These scenarios were developed by the VPN Consortium (http://www.vpnc.org). The goal is to make it easier to get the systems from different vendors to interoperate. NETGEAR is providing you with both of these scenarios in the following two formats:

VPN Consortium Scenarios without any product implementation details

VPN Consortium Scenarios based on the FVS318v3 User Interface

The purpose of providing these two versions of the same scenarios is to help you determine where the two vendors use different vocabulary. Seeing the examples presented in these different ways will reveal how systems from different vendors do the same thing.

6-14

Advanced Virtual Private Networking

January 2005

Page 101 Page 103
Page 102
Image 102
NETGEAR manual Walk-Through of Configuration Scenarios on the FVS318v3, Certificate Revocation List CRL
Page 101 Page 103

FVS318v3 specifications

The NETGEAR FVS318v3 is a powerful dual WAN gigabit VPN firewall designed to provide robust security and reliable connectivity for small to medium-sized businesses. It offers an array of features and technologies that make it an outstanding choice for organizations requiring secure network access and improved bandwidth management.

One of the standout features of the FVS318v3 is its dual WAN capability. This allows users to connect two separate internet connections, which enhances redundancy and ensures continuous network availability. In the event that one WAN connection fails, the device automatically switches to the backup connection, minimizing downtime and maintaining productivity.

The firewall offers advanced security features, including a stateful packet inspection (SPI) firewall and NAT (Network Address Translation), which helps protect the network from unauthorized access and external threats. Additionally, the FVS318v3 supports IPsec and SSL VPN protocols, providing secure remote access for employees working from home or on the go. With support for up to 15 SSL VPN clients and 20 IPsec VPN tunnels, it is suitable for businesses that require flexible and secure remote connectivity.

In terms of performance, the FVS318v3 boasts a high-speed gigabit throughput, ensuring fast data transmission and minimal latency. This is particularly important for businesses that rely on cloud-based applications, video conferencing, and other bandwidth-intensive activities. Furthermore, the device is equipped with advanced QoS (Quality of Service) features that allow administrators to prioritize traffic, ensuring that critical applications receive the bandwidth they need during peak usage times.

Another noteworthy characteristic of the NETGEAR FVS318v3 is its user-friendly interface, which simplifies network management and configuration. Administrators can easily set up policies, monitor traffic, and manage connected devices through an intuitive web-based interface. It also offers support for 802.1Q VLAN tagging, allowing for network segmentation and improved security management.

In conclusion, the NETGEAR FVS318v3 is a versatile and feature-rich solution that delivers exceptional security and reliability for businesses. Its dual WAN functionality, advanced VPN capabilities, high-speed performance, and ease of use make it an excellent choice for organizations looking to safeguard their networks while ensuring seamless connectivity for employees.
Top Page Image Contents