FVS338 ProSafe VPN Firewall 50 Reference Manual
Trademarks
Statement of Conditions
EU Regulatory Compliance Statement
Bestätigung des Herstellers/Importeurs
Voluntary Control Council for Interference Vcci Statement
Additional Copyrights
V1.0, March
MD5
Product and Publication Details
Contents
Chapter LAN Configuration
Chapter Virtual Private Networking
Chapter Router and Network Management
Chapter Troubleshooting
Appendix C Related Documents Index
About This Manual
Conventions, Formats and Scope
How to Use This Manual
How to Print this Manual
Revision History
Part Number Version Description
Xvi About This Manual
Key Features
Chapter Introduction
Powerful, True Firewall with Content Filtering
Full Routing on Both the Broadband and Serial WAN Ports
Security
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Package Contents
Router Hardware Components
Router Front Panel
Router Rear Panel
Object Descriptions
Factory Default Login
Rack Mounting Hardware
Enter http//192.168.1.1 as the URL
Connecting the VPN Firewall to Your Network
Logging in to the VPN Firewall
Configuring your Internet Connection
Internet connection methods
Connection Method Data Required
Internet connection methods
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Setting the Router’s MAC Address Advanced Options
FVS338 ProSafe VPN Firewall 50 Reference Manual
Manually Configuring Your Internet Connection
To manually configure your WAN1 ISP settings
FVS338 ProSafe VPN Firewall 50 Reference Manual
Programming the Traffic Meter if Desired
FVS338 ProSafe VPN Firewall 50 Reference Manual
Traffic Meter Settings
Parameter Description
Configuring the WAN Mode
Configuring Dynamic DNS If Needed
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Configuring Your LAN Local Area Network
Using the VPN Firewall as a Dhcp Server
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Configuring Multi-Home LAN IPs
FVS338 ProSafe VPN Firewall 50 Reference Manual
Managing Groups and Hosts
Creating the Network Database
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
IP Address Type
Configuring Static Routes
Setting Up Address Reservation
Static Route Example
255.255.255.255
RIP Configuration
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Using Rules to Block or Allow Specific Kinds of Traffic
About Firewall Security
Services-Based Rules
Outbound Rules Service Blocking
Services menu see Adding Customized Services on
Outbound Rules Fields
Service QoS Priorities on
Inbound Rules Port Forwarding
Inbound Rules Fields
Priorities on
Order of Precedence for Firewall Rules
Setting LAN WAN Rules
LAN WAN Outbound Services Rules
LAN WAN Inbound Services Rules
Attack Checks
WAN Security Checks
Pptp
Session Limit
Inbound Rules Examples
Hosting a Local Public Web Server
Allowing Videoconference from Restricted Addresses
Setting Up One-to-One NAT Mapping
FVS338 ProSafe VPN Firewall 50 Reference Manual
Specifying an Exposed Host
Adding Customized Services
Outbound Rules Example Blocking Instant Messenger
FVS338 ProSafe VPN Firewall 50 Reference Manual
Specifying Quality of Service QoS Priorities
On the LAN WAN Outbound Services screen see Figure
Setting a Schedule to Block or Allow Traffic
Setting Block Sites Content Filtering
FVS338 ProSafe VPN Firewall 50 Reference Manual
Enabling Source MAC Filtering
FVS338 ProSafe VPN Firewall 50 Reference Manual
IP/MAC Binding
FVS338 ProSafe VPN Firewall 50 Reference Manual
Setting Up Port Triggering
Outgoing Trigger Port Range fields
Bandwidth Limiting
FVS338 ProSafe VPN Firewall 50 Reference Manual
Mail Notifications of Event Logs and Alerts
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Administrator Information
Log Entry Descriptions
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Dual WAN Port Systems
IP Addressing Requirements for VPN in Dual WAN Port Systems
Setting up a VPN Connection using the VPN Wizard
Creating a VPN Tunnel to a Gateway
Creating a VPN Tunnel Connection to a VPN Client
IKE Policies
IKE Policy Operation
IKE Policy Table
VPN Policies
VPN Policy Operation
VPN Policy Table
VPN Tunnel Connection Status
Configuring the FVS338
Creating a VPN Gateway Connection Between FVS338 and FVX538
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Configuring the FVX538
Testing the Connection
Creating a VPN Client Connection VPN Client to FVS338
Configuring the FVS338
Configuring the VPN Client
FVS338 ProSafe VPN Firewall 50 Reference Manual
10.1.32.41
Fvsremote.com 10.0.0.12
Left frame, click Security Policy shown in Figure
Testing the Connection
Extended Authentication Xauth Configuration
Configuring Xauth for VPN Clients
User Database Configuration
Radius Client Configuration
Enter the Primary Radius Server IP address
Manually Assigning IP Addresses to Remote Users ModeConfig
ModeConfig Operation
Setting Up ModeConfig
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
FVS338 ProSafe VPN Firewall 50 Reference Manual
Configuring the ProSafe VPN Client for ModeConfig
Remoteid.com
FVS338 ProSafe VPN Firewall 50 Reference Manual
Certificates
Trusted Certificates CA Certificates
Self Certificates
Generate Self Certificate Request, enter the required data
FVS338 ProSafe VPN Firewall 50 Reference Manual
Save to file
Managing your Certificate Revocation List CRL
FVS338 ProSafe VPN Firewall 50 Reference Manual
VPN Firewall Features That Reduce Traffic
Performance Management
Service Blocking
Block Sites
VPN Firewall Features That Increase Traffic
Source MAC Filtering
Port Forwarding
FVS338 ProSafe VPN Firewall 50 Reference Manual
Port Triggering
VPN Tunnels
Administration
Using QoS to Shift the Traffic Mix
Changing Passwords and Settings
Tools for Traffic Management
FVS338 ProSafe VPN Firewall 50 Reference Manual
Enabling Remote Management Access
Https//194.177.0.1238080
Check the Allow Telnet Management radio box
Using a Snmp Manager
FVS338 ProSafe VPN Firewall 50 Reference Manual
Settings Backup and Firmware Upgrade
Backup and Restore Settings
Router Upgrade
Setting the Time Zone
Monitoring the Router
Enabling the Traffic Meter
Setting Login Failures and Attacks Notification
FVS338 ProSafe VPN Firewall 50 Reference Manual
Viewing Port Triggering Status
Port Triggering Status data
Viewing Router Configuration and System Status
Router Configuration Status Fields
Monitoring WAN Ports Status
Monitoring VPN Tunnel Connection Status
IPSec Connection Status Fields
VPN Logs
Dhcp Log
Performing Diagnostics
Diagnostics Fields
Reboot the Router
Power LED Not On
Basic Functions
Troubleshooting the Web Configuration Interface
LEDs Never Turn Off
LAN or Internet Port LEDs Not On
FVS338 ProSafe VPN Firewall 50 Reference Manual
Troubleshooting the ISP Connection
Troubleshooting a TCP/IP Network Using a Ping Utility
Testing the LAN Path to Your Firewall
Testing the Path from Your PC to a Remote Device
Ping -n 10 IP address
Restoring the Default Configuration and Password
Problems with Date and Time
FVS338 ProSafe VPN Firewall 50 Reference Manual
Appendix a Default Settings and Technical Specifications
Table A-1. FVS338 Default Settings
Table A-2. VPN firewall Default Technical Specifications
Feature Default Behavior
Electromagnetic Emissions
FVS338 ProSafe VPN Firewall 50 Reference Manual
System Log Messages
System Startup
Table B-1. Log Parameter Terms
Reboot
Table B-3. System Logs Reboot
Table B-2. System Logs System Startup
Login/Logout
Table B-5. System Logs Login/Logout
Firewall Restart
Table B-4. System Logs NTP
IPSec Restart
WAN Status
Load Balancing
Table B-6. System Logs Firewall Restart
Auto Rollover
Table B-8. System Logs WAN Status, Load Balancing
PPP Logs
System Logs WAN Status, Auto Rollover
PPPoE Idle-Timeout Logs
Table B-9. System Logs WAN Status, PPE, PPPoE Idle-Timeout
Web Filtering and Content Filtering Logs
Table B-10. System Logs WAN Status, PPE, Pptp Idle-Timeout
Table B-11. System Logs WAN Status, PPE, PPP Authentication
Table B-12. System Logs Web Filtering and Content Filtering
Traffic Metering Logs
Unicast Logs
Icmp Redirect Logs
FTP Logging
Invalid Packet Logging
Table B-17. System Logs FTP
Table B-18. System Logs Invalid Packets
Invalidbadchecksumdrop SRC=192.168.20.10
Invalidbadhwchecksumdrop SRC=192.168.20.10
Routing Logs
Invalidreopencloseconndrop SRC=192.168.20.10
LAN to WAN Logs
LAN to DMZ Logs
DMZ to WAN Logs
WAN to LAN Logs
DMZ to LAN Logs
WAN to DMZ Logs
Table B-23. Routing Logs DMZ to WAN
Table B-24. Routing Logs WAN to DMZ
Appendix C Related Documents
FVS338 ProSafe VPN Firewall 50 Reference Manual
Index
Index-2
Index-3
Index-4
Index-5
Index-6
Index-7
Index-8