NETGEAR FVS338 Certificates

FVS338 ProSafe VPN Firewall 50 Reference Manual

Virtual Private Networking 5-33

v1.0, March 2008

To test the connection:

1. Right-click on the VPN client icon in the Windows toolbar and select Connect. The

connection policy you configured will appear; in this case “My Connections\modecfg_test”.

2. Click on the connection. Within 30 seconds the message “Successfully connected to

MyConnections/modecfg_test will display and the VPN client icon in the toolbar will read

“On”.

3. From the client PC, ping a computer on the VPN firewall LAN.

Certificates

Digital Certificates (also known as X509 Certificates) are used to authenticate the identity of users

and systems, and are issued by various CAs (Certification Authorities). Digital Certificates are

used by this router during the IKE (Internet Key Exchange) authentication phase as an alternative

authentication method. Trusted Certificates are issued to you by various CAs (Certification

Authorities).

Trusted Certificates (CA Certificates)

Trusted Certificates are used to verify the validity of certificates issued to an organization and

signed by the issuing CA authority. When a certificate is generated, it is signed by a publicly-

known authority called the Certificate Authority.

The Trusted Certificates table shows the Trusted Certificates issued by the various CAs

(Certification Authorities). For each Certificate, the following data is listed in the Trusted

Certificates table:

•CA Identity (Subject Name). The organization or name to whom the certificate has been

issued.

•Issuer Name. The name of the CA that issued the certificate.

•Expiry Time. The date when the certificate becomes invalid.

New certificates can be uploade d to the router when they are received.

To upload a Trusted Certificate:

1. Select VPN from the main menu and Certificates from the submenu. The Certificates screen

will display.

Contents

Main Page iii Voluntary Control Council for Interference (VCCI) Statement Additional Copyrights v1.0, March 20 08 iv v Product and Publication Details Contents Page Page Page Page Page About This Manual Conventions, Formats and Scope How to Use This Manual How to Print this Manual Revision History Page Chapter 1 Introduction Key Features Full Routing on Both the Broadband and Serial WAN Ports A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents Router Hardware Components Router Front Panel FVS338 ProSafe VPN Firewall 50 Re ference Manual 1-6 Introduction Router Rear Panel Figure 1-2 Table 1-1. Object Descriptions Rack Mounting Hardware Factory Default Login Page Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network Logging in to the VPN Firewall Configuring your Internet Connection Page Page Page Page Setting the Routers MAC Address (Advanced Options) Page Manually Configuring Your Internet Connection Page Page Programming the Traffic Meter (if Desired) Page FVS338 ProSafe VPN Firewall 50 Re ference Manual 2-14 Connecting the FVS338 to the Internet Table 2-2. Traffic Meter Settings Configuring the WAN Mode Configuring Dynamic DNS (If Needed) Page Page Chapter 3 LAN Configuration Configuring Your LAN (Local Area Network) Using the VPN Firewall as a DHCP Server Page Page Configuring Multi-Home LAN IPs Page Managing Groups and Hosts Creating the Network Database Page Page Page Setting Up Address Reservation Configuring Static Routes Static Route Example RIP Configuration Page Page Chapter 4 Firewall Protection and Content Filtering About Firewall Security Using Rules to Block or Allow Specific Kinds of Traffic Services-Based Rules FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-3 Table 4-1. Outbound Rules Fields Page FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-5 Table 4-2. Inbound Rules Fields Order of Precedence for Firewall Rules Setting LAN WAN Rules LAN WAN Outbound Services Rules LAN WAN Inbound Services Rules Attack Checks Page Session Limit Inbound Rules Examples Page Page Page Page Outbound Rules Example Blocking Instant Messenger Adding Customized Services Page Specifying Quality of Service (QoS) Priorities Setting a Schedule to Block or Allow Traffic Setting Block Sites (Content Filtering) Page Page Page IP/MAC Binding Page Setting Up Port Triggering Page Bandwidth Limiting Page E-Mail Notifications of Event Logs and Alerts Page Page Page Administrator Information Page Page Chapter 5 Virtual Private Networking Dual WAN Port Systems Setting up a VPN Connection using the VPN Wizard Creating a VPN Tunnel to a Gateway Creating a VPN Tunnel Connection to a VPN Client IKE Policies IKE Policy Operation IKE Policy Table VPN Policies VPN Policy Operation VPN Policy Table VPN Tunnel Connection Status Creating a VPN Gateway Connection: Between FVS338 and FVX538 Configuring the FVS338 Page Page Configuring the FVX538 Testing the Connectio n Creating a VPN Client Connection: VPN Client to FVS338 Configuring the FVS338 Configuring the VPN Client Page Page Page Page Testing the Connectio n Extended Authentication (XAUTH) Configuration Configuring XAUTH for VPN Clients User Database Configuration RADIUS Client Configuration Page Manually Assigning IP Addresses to Remote Users (ModeConfig) ModeConfig Operation Setting Up ModeConfig Page Page Page Configuring the ProSafe VPN Client for ModeConfig Page Page Certificates Trusted Certificates (CA Certificates) Self Certificates Page Page Managing your Certificate Revocation List (CRL) Page Chapter 6 Router and Network Management Performance Management VPN Firewall Features That Reduce Traffic Page Page VPN Firewall Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Administration Changing Passwords and Settings Page Enabling Remote Management Access Page Page Using a SNMP Manager Page Settings Backup and Firmware Upgrade Page Setting the Time Zone Monitoring the Router Enabling the Traffic Meter Setting Login Failures and Attacks Notification Page Viewing Port Triggering Status Viewing Router Configuration and System Status Monitoring WAN Ports Status Monitoring VPN Tunnel Connection Status VPN Logs DHCP Log Page Page Page Chapter 7 Troubleshooting Basic Functions Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the Web Configuration Interface Page Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Default Settings and Technical Specifications FVS338 ProSafe VPN Firewall 50 Re ference Manual Technical Specifications for the ProSafe VPN Firewall 50 are listed in the following table. A-2 Default Settings and Technical Specifications Table A-2. VPN firewall Default Technical Specifications Table A-1. FVS338 Default Settings (continued) Page Page Appendix B System Logs and Error Messages System Log Messages System Startup Reboot NTP FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-3 Login/Logout This section describes logs generated by the administrative interfaces of the device. This logging is always done. Firewall Restart Table B-4. System Logs: NTP IPSec Restart WAN Status Page FVS338 ProSafe VPN Firewall 50 Re ference Manual B-6 System Logs and Error Messages System Logs: WAN Status, Auto Rollover FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-7 PPPoE Idle-Timeout Logs. Table B-9. System Logs: WAN Status, PPE, PPPoE Idle-Timeout FVS338 ProSafe VPN Firewall 50 Re ference Manual B-8 System Logs and Error Messages PPTP Idle-Timeout Logs. Web Filtering and Content Filtering Logs Table B-10. System Logs: WAN Status, PPE, PPTP Idle-Timeout Table B-11. System Logs: WAN Status, PPE, PPP Authentication FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-9 Table B-12. System Logs: Web Filtering and Content Filtering Traffic Metering Logs Unicast Logs ICMP Redirect Logs FTP Logging Invalid Packet Logging FVS338 ProSafe VPN Firewall 50 Re ference Manual B-12 System Logs and Error Messages FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-13 FVS338 ProSafe VPN Firewall 50 Re ference Manual B-14 System Logs and Error Messages Routing Logs LAN to WAN Logs LAN to DMZ Logs WAN to LAN Logs DMZ to WAN Logs DMZ to LAN Logs WAN to DMZ Logs Appendix C Related Documents Page Index-1 Index A B C FVS338 ProSafe VPN Firewall 50 Re ference Manual D E F FVS338 ProSafe VPN Firewall 50 Reference Manual Index-3 G I K FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-4 L M N O FVS338 ProSafe VPN Firewall 50 Reference Manual P Q R FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-6 S T FVS338 ProSafe VPN Firewall 50 Reference Manual Index-7 U V W X