Manuals / Brands / Computer Equipment / Network Router / NETGEAR / Computer Equipment / Network Router

NETGEAR FVS338 Full Routing on Both the Broadband and Serial WAN Ports, A Powerful, True Firewall with Content Filtering, Security

1 198

Download 198 pages, 6.63 Mb

FVS338 ProSafe VPN Firewall 50 Re ference Manual

1-2 Introduction

v1.0, March 2008

• Flash memory for firmware upgrade.

Full Routing on Both the Broadband and Serial WAN Ports

You can install, configure, and operate the FVS338 to take full advantage of a variety of routing

options on both the serial and broadband WAN ports, including:

• Internet access via either the serial or broadband port.

• Auto rollover connectivity (fail-over) through an analog modem connected to the serial port

If the broadband Internet connection fails, after waiting for an pre-specified amount of time

the FVS338 can automatically establish a backup dial-up Internet connection via the serial

port on the firewall.

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT routers, the FVS338 is a true firewall, using stateful packet

inspection to defend against hacker attacks. Its firewall features include:

• DoS protection. Automatically detects and thwarts DoS attacks such as Ping of Death, SYN

Flood, LAND Attack, and IP Spoofing.

• Blocks unwanted traffic from the Internet to your LAN.

• Blocks access from your LAN to Internet locations or services that you specify as off-limits.

• Logs security incidents. The FVS338 will log security events such as blocked incoming traffic,

port scans, attacks, and administrator logins. You can configure the firewall to email the log to

you at specified interva ls . You can also configure the firewall to send immediate alert

messages to your email address or email pager whenever a significant event occurs.

• With its URL keyword filtering feature, the FVS338 prevents objectionable content from

reaching your PCs. The firewall allows you to control access to Internet content by screening

for keywords within Web addresses. You can configure the firewall to log and report attempts

to access objectionable Internet sites.

Security

The VPN firewall is equipped with several features designed to maintain security, as described in

this section.

•PCs Hidden by NAT. NAT opens a temporary path to the Internet for requests originating

from the local network. Requests originating from outside the LAN are discarded, preventing

users outside the LAN from finding and directly accessing the PCs on the LA N.

Contents

Main Page iii Voluntary Control Council for Interference (VCCI) Statement Additional Copyrights v1.0, March 20 08 iv v Product and Publication Details Contents Page Page Page Page Page About This Manual Conventions, Formats and Scope How to Use This Manual How to Print this Manual Revision History Page Chapter 1 Introduction Key Features Full Routing on Both the Broadband and Serial WAN Ports A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents Router Hardware Components Router Front Panel FVS338 ProSafe VPN Firewall 50 Re ference Manual 1-6 Introduction Router Rear Panel Figure 1-2 Table 1-1. Object Descriptions Rack Mounting Hardware Factory Default Login Page Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network Logging in to the VPN Firewall Configuring your Internet Connection Page Page Page Page Setting the Routers MAC Address (Advanced Options) Page Manually Configuring Your Internet Connection Page Page Programming the Traffic Meter (if Desired) Page FVS338 ProSafe VPN Firewall 50 Re ference Manual 2-14 Connecting the FVS338 to the Internet Table 2-2. Traffic Meter Settings Configuring the WAN Mode Configuring Dynamic DNS (If Needed) Page Page Chapter 3 LAN Configuration Configuring Your LAN (Local Area Network) Using the VPN Firewall as a DHCP Server Page Page Configuring Multi-Home LAN IPs Page Managing Groups and Hosts Creating the Network Database Page Page Page Setting Up Address Reservation Configuring Static Routes Static Route Example RIP Configuration Page Page Chapter 4 Firewall Protection and Content Filtering About Firewall Security Using Rules to Block or Allow Specific Kinds of Traffic Services-Based Rules FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-3 Table 4-1. Outbound Rules Fields Page FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-5 Table 4-2. Inbound Rules Fields Order of Precedence for Firewall Rules Setting LAN WAN Rules LAN WAN Outbound Services Rules LAN WAN Inbound Services Rules Attack Checks Page Session Limit Inbound Rules Examples Page Page Page Page Outbound Rules Example Blocking Instant Messenger Adding Customized Services Page Specifying Quality of Service (QoS) Priorities Setting a Schedule to Block or Allow Traffic Setting Block Sites (Content Filtering) Page Page Page IP/MAC Binding Page Setting Up Port Triggering Page Bandwidth Limiting Page E-Mail Notifications of Event Logs and Alerts Page Page Page Administrator Information Page Page Chapter 5 Virtual Private Networking Dual WAN Port Systems Setting up a VPN Connection using the VPN Wizard Creating a VPN Tunnel to a Gateway Creating a VPN Tunnel Connection to a VPN Client IKE Policies IKE Policy Operation IKE Policy Table VPN Policies VPN Policy Operation VPN Policy Table VPN Tunnel Connection Status Creating a VPN Gateway Connection: Between FVS338 and FVX538 Configuring the FVS338 Page Page Configuring the FVX538 Testing the Connectio n Creating a VPN Client Connection: VPN Client to FVS338 Configuring the FVS338 Configuring the VPN Client Page Page Page Page Testing the Connectio n Extended Authentication (XAUTH) Configuration Configuring XAUTH for VPN Clients User Database Configuration RADIUS Client Configuration Page Manually Assigning IP Addresses to Remote Users (ModeConfig) ModeConfig Operation Setting Up ModeConfig Page Page Page Configuring the ProSafe VPN Client for ModeConfig Page Page Certificates Trusted Certificates (CA Certificates) Self Certificates Page Page Managing your Certificate Revocation List (CRL) Page Chapter 6 Router and Network Management Performance Management VPN Firewall Features That Reduce Traffic Page Page VPN Firewall Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Administration Changing Passwords and Settings Page Enabling Remote Management Access Page Page Using a SNMP Manager Page Settings Backup and Firmware Upgrade Page Setting the Time Zone Monitoring the Router Enabling the Traffic Meter Setting Login Failures and Attacks Notification Page Viewing Port Triggering Status Viewing Router Configuration and System Status Monitoring WAN Ports Status Monitoring VPN Tunnel Connection Status VPN Logs DHCP Log Page Page Page Chapter 7 Troubleshooting Basic Functions Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the Web Configuration Interface Page Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Default Settings and Technical Specifications FVS338 ProSafe VPN Firewall 50 Re ference Manual Technical Specifications for the ProSafe VPN Firewall 50 are listed in the following table. A-2 Default Settings and Technical Specifications Table A-2. VPN firewall Default Technical Specifications Table A-1. FVS338 Default Settings (continued) Page Page Appendix B System Logs and Error Messages System Log Messages System Startup Reboot NTP FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-3 Login/Logout This section describes logs generated by the administrative interfaces of the device. This logging is always done. Firewall Restart Table B-4. System Logs: NTP IPSec Restart WAN Status Page FVS338 ProSafe VPN Firewall 50 Re ference Manual B-6 System Logs and Error Messages System Logs: WAN Status, Auto Rollover FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-7 PPPoE Idle-Timeout Logs. Table B-9. System Logs: WAN Status, PPE, PPPoE Idle-Timeout FVS338 ProSafe VPN Firewall 50 Re ference Manual B-8 System Logs and Error Messages PPTP Idle-Timeout Logs. Web Filtering and Content Filtering Logs Table B-10. System Logs: WAN Status, PPE, PPTP Idle-Timeout Table B-11. System Logs: WAN Status, PPE, PPP Authentication FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-9 Table B-12. System Logs: Web Filtering and Content Filtering Traffic Metering Logs Unicast Logs ICMP Redirect Logs FTP Logging Invalid Packet Logging FVS338 ProSafe VPN Firewall 50 Re ference Manual B-12 System Logs and Error Messages FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-13 FVS338 ProSafe VPN Firewall 50 Re ference Manual B-14 System Logs and Error Messages Routing Logs LAN to WAN Logs LAN to DMZ Logs WAN to LAN Logs DMZ to WAN Logs DMZ to LAN Logs WAN to DMZ Logs Appendix C Related Documents Page Index-1 Index A B C FVS338 ProSafe VPN Firewall 50 Re ference Manual D E F FVS338 ProSafe VPN Firewall 50 Reference Manual Index-3 G I K FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-4 L M N O FVS338 ProSafe VPN Firewall 50 Reference Manual P Q R FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-6 S T FVS338 ProSafe VPN Firewall 50 Reference Manual Index-7 U V W X