NETGEAR FVS318v3 Order of Precedence for Rules, Default DMZ Server

Reference Manual for the ProSafe VPN Firewall FVS318v3

4-8 Firewall Protection and Content Filtering

January 2005

Order of Precedence for Rules

As you define new rules, they are added to the tables in the Rules table, as shown below:

Figure 4-6: Rules table with examples

For any traffic attempting to pass through the firewall, the packet information is subjected to the

rules in the order shown in the Ru les table, beginnin g at the top and pr oceeding to the d efault rules

at the bottom. In some cases, the order of precedence of two or more rules may be important in

determining the disposition of a packet. The Move button allows you to relocate a defined rule to a

new position in the table.

Default DMZ Server

Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a

response to one of your local computers or a service for which you have configured an inbound

rule. Instead of discarding this traffic, you can have it forwarded to one computer on your network.

This computer is called the Default DMZ Server.

Contents

Main Page January 2005 Page Contents Page Page Page Page Page Page Page Chapter 1 About This Manual Audience, Scope, Conventions, and Formats How to Use This Manual How to Print this Manual Page Chapter 2 Introduction Key Features of the VPN Firewall A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents The FVS318v3 Front Panel 2-6 Introduction The FVS318v3 Rear Panel The rear panel of the FVS318v3 VPN Firewall contains the port connections listed below. Figure 2-2: FVS318v3 rear panel Table 2-1. LED Descriptions NETGEAR-Related Products NETGEAR Product Registration, Support, and Documentation Page Chapter 3 Connecting the Firewall to the Internet Prepare to Install Your FVS318v3 ProSafe VPN Firewall First, Connect the FVS318v3 1. CONNECT THE CABLES BETWEEN THE FVS318V3, COMPUTER, AND MODEM &DEOH A B Cable 1 Internet port C D 2. RESTART YOUR NETWORK IN THE CORRECT SEQUENCE Now, Configure the FVS318v3 for Internet Access Page Troubleshooting Tips Page 3-8 Connecting the Firewall to the Internet Overview of How to Access the FVS318v3 VPN Firewall http://www.routerlogin.net/basicsetting.htm Table 3-1. Ways to access the firewall http://www.routerlogin.net http://www .r outerlogin.com How to Log On to the FVS318v3 After Configuration Settings Have Been Applied How to Bypass the Configuration Assistant Using the Smart Setup Wizard Page Page Page Chapter 4 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview Block Sites Using Rules to Block or Allow Specific Kinds of Traffic Page Inbound Rules (Port Forwarding) Page Outbound Rules (Service Blocking) Order of Precedence for Rules Default DMZ Server Respond to Ping on Internet WAN Port Services Page Page Time Zone Getting E-Mail Notifications of Event Logs and Alerts Page Viewing Logs of Web Access or Attempted Web Access Syslog Page Chapter 5 Basic Virtual Private Networking Overview of VPN Configuration Client-to-Gateway VPN Tunnels 192.168.3.1 Gateway-to-Gateway VPN Tunnels FVS318 Planning a VPN VPN Gateway A VPN Gateway B Page VPN Tunnel Configuration How to Set Up a Client-to-Gateway VPN Configuration 192.168.3.1 FVS318v3 24.0.0.1 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3 The Summary screen below displays. Page Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC Page Page Page Page Page Page Monitoring the Progress and Status of the VPN Client Connection Page Transferring a Security Policy to Another Client Page How to Set Up a Gateway-to-Gateway VPN Configuration AB Procedure to Configure a Gateway-to-Gateway VPN Tunnel 3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next. 4. Identify the IP addresses at the target endpoint that can use this tunnel, and click Next. Page Page Page VPN Tunnel Control Activating a VPN Tunnel Page Page Verifying the S tatus of a VPN Tunnel Deactivating a VPN Tunnel Page Deleting a VPN Tunnel Chapter 6 Advanced Virtual Private Networking Overview of FVS318v3 Policy-Based VPN Configuration Using Policies to Manage VPN Traffic Using Automatic Key Management Page 6-4 Advanced Virtual Private Networking The IKE Policy Configuration fields are defined in the following table. Table 6-1. IKE Policy Configuration fields Advanced Virtual Private Networking 6-5 VPN Policy Configuration for Auto Key Negotiation Table 6-1. IKE Policy Configuration fields Page Advanced Virtual Private Networking 6-7 The VPN Auto Policy field s are defined in the following table. Table 6-1. VPN Auto Policy Configuration Fields 6-8 Advanced Virtual Private Networking Table 6-1. VPN Auto Policy Configuration Fields VPN Policy Configuration for Manual Key Exchange Page Advanced Virtual Private Networking 6-11 The VPN Manual Policy fields are defined in the following table. Table 6-1. VPN Manual Policy Configuration Fields 6-12 Advanced Virtual Private Networking Table 6-1. VPN Manual Policy Configuration Fields Using Digital Certificates for IKE Auto-Policy Authentication Certificate Revocation List (CRL) Walk-Through of Configuration Scenarios on the FVS318v3 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets FVS318v3 Scenario 1: FVS318v3 to Gateway B IKE and VPN Policies Page Page Page Page How to Check VPN Connections FVS318v3 Scenario 2: FVS318v3 to FVS318v3 with RSA Certificates Page Page Page Page Page Page Page This screen shows the following parameters: Page Click Show Statistics to display firewall usage statistics. This screen shows the following statistics: Viewing a List of Attached Devices Upgrading the Firewall Software Page Configuration File Management Backing Up the Configuration Restoring the Configuration Erasing the Configuration Changing the Administrator Password Chapter 8 Advanced Configuration How to Configure Dynamic DNS Using the LAN IP Setup Options Configuring LAN TCP/IP Setup Parameters Using the Firewall as a DHCP server Using Address Reservation Configuring Static Routes Page Static Route Example Enabling Remote Management Access Page Page Page Chapter 9 Troubleshooting Basic Functioning Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the W e b Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Technical Specifications Page Appendix B Network, Routing, and Firewall Basics Related Publications Basic Router Concepts What is a Router? Routing Information Protocol IP Addresses and the Internet Page Netmask Subnet Addressing Page Private IP Addresses Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related Documents Domain Name Server IP Configuration by DHCP Internet Security and Firewalls What is a Firewall? Ethernet Cabling Category 5 Cable Quality Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Page Page Appendix C Virtual Private Networking What is a VPN? What Is IPSec and How Does It Work? IPSec Security Features IPSec Components Encapsulating Security Payload (ESP) Authentication Header (AH) IKE Security Association Page Key Management Understand the Process Before You Begin VPN Process Overview Network Interfaces and Addresses VPN Tunnel Between Gateways VPN Gateway A VPN Gateway B IPSec Security Association IKE VPN Tunnel Negotiation Steps VPNC IKE Security Parameters VPNC IKE Phase I Parameters VPNC IKE Phase II Parameters Testing and Troubleshooting Additional Reading Page Appendix D Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Page Enabling DHCP to Automatically Configure TCP/IP Settings Locate your Network Neighborhood icon. Page Selecting Windows Internet Access Method Verifying TCP/IP Properties Configuring Windows NT4, 2000 or XP for IP Networking Install or Verify Windows Networking Components Enabling DHCP to Automatically Configure TCP/IP Settings DHCP Configuration of TCP/IP in Windows XP Page DHCP Configuration of TCP/IP in Windows 2000 Page Page DHCP Configuration of TCP/IP in Windows NT4 Page Verifying TCP/IP Properties for Windows XP, 2000, and NT4 Configuring the Macintosh for TCP/IP Networking MacOS 8.6 or 9.x MacOS X Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used? What Is Your Configuration Information? Obt aining ISP Configuration Information for W indows Computers Obtaining ISP Configuration Information for Macintosh Computers Restarting the Network Page Appendix E VPN Configuration of NETGEAR FVS318v3 Case Study Overview Gathering the Network Information Configuring the Gateways Page Page Activating the VPN Tunnel The FVS318v3-to-FVS318v3 Case Page Page Page Page Page VPN Status at Gateway B (FVS318v3) The FVS318v3-to-FVS318v2 Case Page Page Page Page Page Page The FVS318v3-to-FVL328 Case Page Page Page Page Page IPSec Connection Status at Gateway B (FVL328) VPN Configuration of NETGEAR FVS318v3 E-27 The FVS318v3-to-VPN Client Case Client-to-Gateway VPN Tunnel Overview Table E-4. Policy Summary Table E-5. Differences betwe en VPN tunnel types Scenario 1 Page Page Page Page Page Page Page Page Page Connection Monitor at Gateway B (remote VPN Client) Glossary List of Glossary Terms Use the list below to find definitions for technical terms used in this manual. Numeric A B C D E G I Page L M P Q R S T U W