Manuals / NETGEAR / Computer Equipment / Printer

NETGEAR FWG114P v2 manual Set up Certificate Revocation List CRL checking

Models: FWG114P v2

1 296

Download 296 pages 46.73 Kb

Page 143

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

Now, the traffic from devices within the range of the LAN subnet addresses on FWG114P v2 A and Gateway B will be authenticated using the certificates rather than via a shared key.

8.Set up Certificate Revocation List (CRL) checking.

a.Get a copy of the CRL from the CA and save it as a text file.

Note: The procedure for obtaining a CRL differs from a CA like Verisign and a CA, such as a Windows 2000 certificate server, which an organization operates for providing certificates for its members. Follow the procedures of your CA.

b.From the main menu VPN section, click on the CRL link.

c.Click Add to add a CRL.

d.Click Browse to locate the CRL file.

e.Click Upload.

Now expired or revoked certificates will not be allowed to use the VPN tunnels managed by IKE policies which use this CA.

Note: You must update the CRLs regularly in order to maintain the validity of the certificate-based VPN policies.

Virtual Private Networking

8-31

201-10301-02, May 2005

Image 143

NETGEAR FWG114P v2 manual Set up Certificate Revocation List CRL checking

Contents

201-10301-02, May EN 55 022 Declaration of Conformance TrademarksStatement of Conditions FCC CautionVoluntary Control Council for Interference Vcci Statement Bestätigung des Herstellers/ImporteursCertificate of the Manufacturer/Importer 201-10301-02, May Contents Chapter Wireless Configuration Chapter Firewall Protection Content Filtering Chapter Virtual Private Networking Chapter Advanced Configuration Appendix C Preparing Your Network Appendix D Firewall Log Formats Appendix F Virtual Private Networking Glossary Xiv Contents Manual Scope Chapter About This ManualAudience, Scope, Conventions, and Formats Typographical ConventionsHow to Use This Manual Printing the Full Manual How to Print this ManualPrinting a Page in the Html View Printing a ChapterAbout This Manual Chapter Introduction Key Features of the FWG114PFull Routing on Both the Broadband and Serial Ports 802.11g and 802.11b Wireless NetworkingFlash memory for firmware upgrade NAT off classical routing Virtual Private Networking Wireless Multimedia WMM SupportPowerful, True Firewall with Content Filtering Autosensing Ethernet Connections with Auto Uplink SecurityExtensive Protocol Support Netgear Related Products Easy Installation and ManagementPackage Contents LED Descriptions FWG114P v2 Rear PanelRouter to a broadband modem Introduction Cabling and Computer Hardware Requirements Connecting the FWG114P v2 to the InternetComputer Network Configuration Requirements What You Will Need Before You BeginWhere Do I Get the Internet Configuration Parameters? Internet Configuration RequirementsRecord Your Internet Connection Information Verify That Basic Requirements Are Met Connecting the FWG114P v2 Wireless Firewall/Print ServerLocal Port Verify the connections to the firewall It starts automaticallyLOG in to the Wireless FIREWALL/PRINT Server Login Result RUN the Setup Wizard to Connect to the Internet Be sure to restart your network in the correct sequence Basic Setup Troubleshooting TipsFWG114P v2 Setup Wizard Auto Detection Make sure the network settings of the computer are correctSetup Wizard menu for PPPoE login accounts Wizard-Detected Login Account SetupConnecting the FWG114P v2 to the Internet 10 Setup Wizard menu for Dynamic IP address Wizard-Detected Dynamic IP Account Setup11 Setup Wizard menu for Fixed IP address Wizard-Detected Fixed IP Account SetupConnect the Firewall to your Isdn or dial-up modem Configure the Serial Port of the Firewall12 Serial Internet Connection configuration menu Connect to the Internet to test your configuration Testing Your Internet Connection13 Browser-based configuration Basic Settings menu Manually Configuring Your Internet ConnectionHow to Manually Configure the Primary Internet Connection Connecting the FWG114P v2 to the Internet Observing Performance, Placement, and Range Guidelines Chapter Wireless ConfigurationFWG114P v2 wireless data security options Implementing Appropriate Wireless SecurityWireless Settings menu Understanding Wireless SettingsWireless Card Access List Wireless Network. The station name of the FWG114PWireless Access Point Security Options Feature Default Factory Settings Ssid Netgear Default Factory SettingsWEP Encryption Keys Before You Change the Ssid and WEP SettingsAuthentication WPA or WPA2 Radius SettingsHow to Set Up and Test Basic Wireless Connectivity Wireless Station Access menu How to Restrict Wireless Access by MAC AddressTo configure WEP data encryption, follow these steps How to Configure WEPWireless Settings menu WEP Click Wireless Settings in the main menu of the FWG114PHow to Configure WPA with Radius Wireless Settings menu WPA with Radius How to Configure WPA2 with Radius Wireless Settings menu WPA2 with Radius How to Configure WPA and WPA2 with Radius Wireless Settings menu WPA and WPA2 with Radius How to Configure WPA-PSK Wireless Settings menu WPA-PSK 10 Wireless Settings menu WPA2-PSK How to Configure WPA2-PSKHow to Configure WPA-PSK and WPA2-PSK 11 Wireless Settings menu WPA-PSK and WPA2-PSK Dial-in Chapter Serial Port ConfigurationModem Auto-RolloverHow to Configure a Serial Port Modem Configuring a Serial Port ModemBasic Requirements for Serial Port Modem Configuration Basic Requirements for Auto-Rollover Configuring Auto-RolloverHow to Configure Auto-Rollover Auto-Rollover configuration menu Configuring Dial-in on the Serial PortBasic Requirements for Dial-in How to Configure Dial-inBasic Requirements for LAN-to-LAN Connections Configuring LAN-to-LAN SettingsHow to Configure LAN-to-LAN Connections LAN-to-LAN configuration menu Serial Port Configuration Using the Block Sites Menu to Screen Content Chapter Firewall Protection Content FilteringFirewall Protection and Content Filtering Overview Block Sites menu These steps are discussed below Services and Rules Regulate Inbound and Outbound TrafficDefining a Service Using Inbound/Outbound Rules to Block or Allow Services Rules menu Inbound Rules Port Forwarding Examples of Using Services and Rules to Regulate TrafficExample Port Forwarding to a Local Public Web Server Rule example Videoconference from Restricted Addresses This rule is shown in FigureService example port forwarding for VPN when NAT is Off Outbound Rules Service Blocking or Port FilteringRule example Blocking Instant Messenger Other Rules ConsiderationsRules Menu Options Order of Precedence for RulesSchedule menu Using a Schedule to Block or Allow Content or TrafficGetting E-Mail Notifications of Event Logs and Alerts Setting the Time ZoneE-mail menu Firewall Protection and Content Filtering 10 Logs menu Viewing Logs of Web Access or Attempted Web AccessLog action buttons What to Include in the Event LogLog action buttons are described in Table Firewall Protection and Content Filtering For Macintosh computers LPR printing Chapter Print ServerPrinting Options FWG114P v2 supports these methods for printingPort For Windows XP and 2000, Use TCP/IP LPR PrintingClick Add a printer. Click Next to proceed Complete the Add Standard TCP/IP Printer Port Wizard Add Printer Wizard Install Printer Software Print Server For Windows 95/98/Me, Use the Netgear Printer Port Driver Set up the Netgear printer port driver Print Server Printing from the Macintosh Windows Printer Port Management Print Port Configuration menu Troubleshooting the Print Server Windows Add Printer Wizard Windows Printer Properties Print Server Print Server Chapter Virtual Private Networking Overview of FWG114P v2 Policy-Based VPN ConfigurationUsing Automatic Key Management Using Policies to Manage VPN TrafficIKE Policy Configuration Menu IKE Policies’ Automatic Key and Authentication ManagementField Description General IKE Policy Configuration FieldsField Description Remote VPN Auto Policy Menu VPN Policy Configuration for Auto Key NegotiationVPN Auto Policy fields are defined in the following table VPN Auto Policy Configuration FieldsAuthenticating Header AH Netbios Enable VPN Policy Configuration for Manual Key ExchangeVPN Manual Policy Menu VPN Manual Policy fields are defined in the following table VPN Manual Policy Configuration FieldsValue in its Authentication Algorithm Key In field Value in its Encryption Algorithm Key Out field Certificate Revocation List CRL How to Use the VPN Wizard to Configure a VPN Tunnel Walk-Through of Configuration Scenarios on the FWG114PVPN Wizard Start Screen Remote IP Summary screen below displaysVPN Wizard Summary 10 VPN Consortium Scenario Vpnc Scenario 1 Gateway to Gateway with Preshared SecretsScenario 1 FWG114P v2 to FWG114P v2 with Preshared Secrets 11 LAN to LAN VPN access from an FWG114P v2 to an FWG114P13 LAN IP configuration menu 14 Scenario 1 IKE Policy Set up the IKE Policy illustrated below on the FWG114PAddress Set up the FWG114P v2 VPN -Auto Policy illustrated belowHow to Check VPN Connections 16 VPN Consortium Scenario Vpnc Scenario 2 Gateway-to-Gateway with CertificatesCreate a certificate request for the FWG114P Install the trusted CA certificate for the Trusted Root CAScenario 2 FWG114P v2 to FWG114P v2 with Certificates Obtain a root certificateFWG114P Highlight, copy and paste this data into a text file 19 Self Certificate Requests table 20 Self Certificates table Set up Certificate Revocation List CRL checking Summary Configuration ProfileNetgear VPN Client to FWG114P 22 Addressing and Subnet Used for Examples Step-By-Step Configuration of FWG114P v2 Gateway23 Netgear FWG114P v2 IKE Policy Configuration Virtual Private Networking 24 VPN Auto Policy settings Virtual Private Networking Step-By-Step Configuration of the Netgear VPN Client Configure the Connection Network Settings Install the Netgear VPN Client Software on the PC27 My Identity Configure the Connection Identity SettingsHr5xb84l6aa9r6 Select the Enable Perfect Forward Secrecy PFS check boxClick Pre-Shared Key This example, enter this pre-shared key in this field31 Connection Security Policy Authentication Phase Configure the Connection Security PolicyCheck the Encapsulation Protocol ESP check box 32 Connection Security Policy Key Exchange PhaseSave the VPN Client Settings Configure the Global Policy SettingsChoose FWG114P Testing the VPN ConnectionFrom the Client PC to the FWG114P From the FWG114P v2 to the Client PC Monitoring the PC VPN Connection35 Connection Monitor screen Viewing the FWG114P v2 VPN Status and Log Information36 FWG114P v2 VPN Status screen Viewing Wireless Firewall/Print Server Status Information Chapter MaintenanceStatus Fields Router Status screen shows the following parametersDhcp Connection Status Fields Click WAN Status to display the WAN connection statusThis screen shows the following statistics Router Statistics Fields Click Show Statistics to display router usage statisticsConnection Status action buttons WAN Status action buttons are described in Table Viewing a List of Attached DevicesUpgrading the Router Software Configuration File ManagementSettings Backup menu Restoring and Backing Up the ConfigurationErasing the Configuration Changing the Administrator PasswordMaintenance Connect Automatically, as Required Chapter Advanced ConfigurationUsing the WAN Setup Options Respond to Ping on Internet WAN Port Setting Up a Default DMZ ServerSetting the WAN Port Speed How to Configure Dynamic DNSSetting the MTU Size 10-4 Advanced Configuration Configuring LAN TCP/IP Setup Parameters Using the LAN IP Setup Options10-6 Advanced Configuration Using Address Reservation Using the Router as a Dhcp serverConfiguring Static Routes Static Route Entry and Edit Menu Enabling Remote Management Access UPnP Menu Using Universal Plug and Play UPnPAdvanced Wireless Settings menu Advanced Wireless SettingsBeacon Interval WMM supportRTS Threshold Fragmentation Length10-14 Advanced Configuration Basic Functioning Chapter TroubleshootingPower LED Not On LAN or Internet Port LEDs Not On LEDs Never Turn OffTroubleshooting the Web Configuration Interface Troubleshooting the ISP Connection If the path is working, you see this message Troubleshooting a TCP/IP Network Using a Ping UtilityTesting the LAN Path to Your Router Click on OK You should see a message like this oneIf the path is not working, you see this message Testing the Path from Your Computer to a Remote DeviceProblems with Date and Time Restoring the Default Configuration and Password11-8 Troubleshooting Protocols Appendix a Technical SpecificationsData and Routing Protocols PPP over Ethernet PPPoEAntenna External detachable 5 dBi omnidirectional WirelessInterface Specifications 10BASE-T or 100BASE-Tx, RJ-45Related Publications Basic Router Concepts What is a Router?Appendix B Networks, Routing, and Firewall Basics Is normally written as Routing Information ProtocolIP Addresses and the Internet Three Main Address Classes Equals NetmaskSubnet Addressing Combined withExample of Subnetting a Class B Address Netmask Formats Netmask Notation Translation Table for One OctetPrivate IP Addresses Single IP Address Operation Using NATSingle IP Address Operation Using NAT Domain Name Server MAC Addresses and Address Resolution ProtocolRelated Documents Internet Security and Firewalls IP Configuration by DhcpStateful Packet Inspection What is a Firewall?Denial of Service Attack Ethernet CablingCategory 5 Cable Quality Table B-1 UTP Ethernet cable wiring, straight-throughFigure B-1illustrates straight-through twisted pair cable Inside Twisted Pair CablesUplink Switches, Crossover Cables, and MDI/MDIX Switching Networks, Routing, and Firewall Basics Networks, Routing, and Firewall Basics Preparing Your Computers for TCP/IP Networking Appendix C Preparing Your NetworkInstall or Verify Windows Networking Components Configuring Windows 95, 98, and Me for TCP/IP NetworkingPreparing Your Network Selecting Windows’ Internet Access Method Enabling Dhcp to Automatically Configure TCP/IP SettingsVerifying TCP/IP Properties Configuring Windows NT, 2000 or XP for IP NetworkingInstalling or Verifying Windows Networking Components From the Apple menu, select Control Panels, then TCP/IP Configuring the Macintosh for TCP/IP NetworkingMacOS 8.6 or MacOS Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used?What Is Your Configuration Information? Mail.xxx.yyy.com Preparing Your Network Restarting the Network Outbound Log Appendix D Firewall Log FormatsAction List Field ListFormat is Inbound LogOther IP Traffic Operations that the router initiates are logged Format is Router OperationCommon attacks and scans are logged Other Connections and Traffic to this RouterDoS Attack/Scan Datetimepkttype Srcip Dstipaction All Web Sites and News Groups Visited Access Block SiteSystem Admin Sessions Date Time Event Direction Service Description Policy Administration LOGFirewall Log Formats This chapter provides an overview of Wireless networking Appendix E Wireless Networking BasicsWireless Networking Overview Infrastructure ModeNetwork Name Extended Service Set Identification Essid Authentication and WEP Data EncryptionAd Hoc Mode Peer-to-Peer Workgroup Open System Authentication AuthenticationFigure E-1 Open system authentication Shared Key AuthenticationOverview of WEP Parameters Figure E-2 Shared key authenticationKey Size WEP Configuration Options Wireless ChannelsWPA Wireless Security How Does WPA Compare to WEP? How Does WPA Compare to Ieee 802.11i? What are the Key Features of WPA Security?Wireless Networking Basics Figure E-3 WPA Overview Login AuthenticationFigure E-4 802.1x Authentication Sequence Access point replies with an EAP-request identity messageWPA Data Encryption Key Management Temporal Key Integrity Protocol Tkip Product Support for WPA Is WPA Perfect?Michael WPA two-phase authenticationNew WPA information element Open system, then 802.1x EAP with Radius or preshared keyChanges to Wireless Client Programs Appendix F Virtual Private Networking What is a VPN?IPSec contains the following elements What is IPSec and How Does It Work?IPSec Security Features IPSec ComponentsEncapsulating Security Payload ESP IKE Security Association Authentication Header AHMode Key Management Understand the Process Before You BeginVpnc Example Network Interface Addressing VPN Process OverviewInterfaces and Addresses Subnet Addressing Setting Up a VPN Tunnel Between GatewaysWAN Internet/Public and LAN Internal/Private Addressing IPSec Security Association IKE VPN Tunnel Negotiation Steps Vpnc IKE Security Parameters Vpnc IKE Phase I ParametersAdditional Reading Testing and TroubleshootingVpnc IKE Phase II Parameters Virtual Private Networking Table G-1 Summary Configuration TemplateLog in to Figure G-2 Netgear FVS318 VPN Settings Pre-ConfigurationFigure G-3 Netgear FVS318 VPN Settings part 1 Main Mode Figure G-4 Netgear FVS318 VPN Settings part 2 Main Mode Figure G-5 Netgear FVS328 IKE Policy Configuration Part Step-By-Step Configuration of FWG114P Gateway BFigure G-6 Netgear FVS328 IKE Policy Configuration Part Figure G-8 Netgear FVS328 VPN Auto Policy part Figure G-9 Netgear FWG114P v2 VPN Auto Policy part Test the VPN Connection Netgear VPN Configuration FVS318 or FVM318 to FWG114P Table H-1 Summary Table H-1 Figure H-2 Dynamic DNS Setup menu Step-By-Step Configuration of FVS318 or FVM318 Gateway aFigure H-3 Netgear FVS318 VPN Settings Pre-Configuration Figure H-4 Netgear FVS318 VPN Settings part 1 Main Mode Figure H-5 Netgear FVS318 VPN Settings part 2 Main Mode Figure H-6 Netgear FVS328 IKE Policy Configuration Part Step-By-Step Configuration of FVS328 Gateway BFigure H-7 Netgear FVS328 IKE Policy Configuration Part Figure H-9 Netgear FVS328 VPN Auto Policy part Figure H-10 Netgear FVS328 VPN Auto Policy part Test the VPN Connection 201-10301-02, May Glossary 802.11e Standard Bandwidth Collision avoidance DNS Domain Name System Encryption Key Gateway IP Internet Protocol address PHY Plug and Play Satellite broadband TCP/IP War Driving Wi-Fi Protected Access and Ieee 802.11i Comparison Wi-Fi Protected Access in Mixed Mode Deployment