Manuals / Brands / Computer Equipment / Network Router / Univex / Computer Equipment / Network Router

Univex FVS336G manual

1 245

Download 245 pages, 5.71 Mb

June 2008

202-10257-02

v1.2

NETGEAR, Inc.

4500 Great America Parkway

Santa Clara, CA 95054 USA

ProSafe Dual WAN Gigabit

Firewall with SSL & IPsec

VPN FVS336G Reference

Manual

Contents

Main Page iii Voluntary Control Council for Interference (VCCI) Statement Additional Copyrights iv Product and Publication Details v Page Contents Page Page Page Page Page About This Manual Conventions, Formats, and Scope How to Use This Manual How to Print this Manual Revision History Page Chapter 1 Introduction Key Features Dual WAN Ports for Increased Reliability or Outbound Load Balancing Advanced VPN Support for Both IPsec and SSL A Powerful, True Firewall with Content Filtering Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents Front Panel Features Rear Panel Features Default IP Address, Login Name, and Password Location Qualified Web Browsers Page Page Chapter 2 Connecting the FVS336G to the Internet Understanding the Connection Steps Logging into the VPN Firewall Router Page Navigating the Menus Configuring the Internet Connections Automatically Detecting and Connecting Page Page Page Manually Configuring the Internet Connection Page Page Configuring the WAN Mode (Required for Dual WAN) Network Address Translation Classical Routing Configuring Auto-Rollover Mode Page Configuring Load Balancing Page Configuring Dynamic DNS (Optional) Page Configuring the Advanced WAN Options (Optional) Page Additional WAN Related Configuration Page Chapter 3 LAN Configuration Using the VPN Firewall as a DHCP server Configuring the LAN Setup Options Page Page Managing Groups and Hosts (LAN Groups) Viewing the LAN Groups Database Adding Devices to the LAN Groups Database Changing Group Names in the LAN Groups Database Configuring DHCP Address Reservation Configuring Multi Home LAN IP Addresses Configuring Static Routes Configuring Static Routes Page Configuring Routing Information Protocol (RIP) Page Page Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering Using Rules to Block or Allow Specific Kinds of Traffic About Services-Based Rules 4-4 Firewall Protection and Content Filtering Table4-1. Outbound Rules (continued) Page 4-6 Firewall Protection and Content Filtering Table4-2. Inbound Rules Viewing the Rules Order of Precedence for Rules Setting the Default Outbound Policy Creating a LAN WAN Outbound Services Rule Creating a LAN WAN Inbound Services Rule Page Inbound Rules Examples Page Page Outbound Rules Example Adding Customized Services Page Setting Quality of Service (QoS) Priorities Attack Checks Page Blocking Internet Sites (Content Filtering) Page Page Page Configuring Source MAC Filtering Page Configuring IP/MAC Address Binding Alerts Configuring Port Triggering Page Setting a Schedule to Block or Allow Specific Traffic Configuring a Bandwidth Profile Page Configuring Session Limits E-Mail Notifications of Event Logs and Alerts Administrator Tips Page Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems Page Page Configuring an IPsec VPN Connection using the VPN Wizard Creating a VPN Tunnel to a Gateway Page Page Page Creating a VPN Tunnel Connection to a VPN Client Page Page Page Page Managing VPN Tunnel Policies About IKE Managing IKE Policies About the IKE Policy Table VPN Policy Page VPN Tunnel Connection Status Creating a VPN Client Connection: VPN Client to FVS336G Configuring the FVS336G Configuring the VPN Client Page Testing the Connection Configuring Extended Authentication (XAUTH) Configuring XAUTH for VPN Clients User Database Configuration RADIUS Client Configuration Page Manually Assigning IP Addresses to Remote Users (ModeConfig) Mode Config Operation Configuring the VPN Firewall Page Page Configuring the ProSafe VPN Client for ModeConfig Page Configuring Keepalives and Dead Peer Detection Configuring Keepalive Page Configuring NetBIOS Bridging with VPN Page Chapter 6 Virtual Private Networking Using SSL Connections Understanding the Portal Options Planning for SSL VPN Creating the Portal Layout Page Page Page Configuring Domains, Groups, and Users Configuring Applications for Port Forwarding Adding Servers Adding A New Host Name Configuring the SSL VPN Client Configuring the Client IP Address Range Adding Routes for VPN Tunnel Clients Replacing and Deleting Client Routes Using Network Resource Objects to Simplify Policies Adding New Network Resources Page Configuring User, Group, and Global Policies Viewing Policies Adding a Policy Page Page Page Chapter 7 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users Creating a Domain Page Creating a Group Creating a New User Account Page Setting User Login Policies Page Managing Certificates Viewing and Loading CA Certificates Viewing Active Self Certificates Obtaining a Self Certificate from a Certificate Authority Page Page Managing your Certificate Revocation List (CRL) Page Page Chapter 8 Router and Network Management Performance Management Bandwidth Capacity Features That Reduce Traffic Page Page Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Changing Passwords and Administrator Settings Page Enabling Remote Management Access Page Using the Command Line Interface Using an SNMP Manager Page Configuration File Management Page Upgrading the Firmware Configuring Date and Time Service Page Page Chapter 9 Monitoring System Performance Enabling the Traffic Meter Page Page Activating Notification of Events and Alerts Page Viewing Firewall Logs Viewing Router Configuration and System Status The following information is displayed: Monitoring the Status of WAN Ports Monitoring Attached Devices Page Reviewing the DHCP Log Monitoring Active Users Viewing Port Triggering Status Monitoring VPN Tunnel Connection Status Reviewing the VPN Logs Page Chapter 10 Troubleshooting Basic Functions Power LED Not On LEDs Never Turn Off LAN or WAN Port LEDs Not On Troubleshooting the Web Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your VPN Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Using the Diagnostics Utilities Troubleshooting 10-9 Table10-1. Diagnostics Page Appendix A Default Settings and Technical Specifications A-2 Default Settings and Technical Specifications TableA-2. VPN firewall Technical Specifications TableA-1. VPN firewall Default Configuration Settings (continued) Page Page B-1 Appendix B Related Documents Page Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin Page Cabling and Computer Hardware Requirements Computer Network Configuration Requirements Internet Configuration Requirements Where Do I Get the Internet Configuration Parameters? Internet Connection Information Form Overview of the Planning Process Inbound Traffic Virtual Private Networks (VPNs) The Roll-over Case for Firewalls With Dual WAN Ports The Load Balancing Case for Firewalls With Dual WAN Ports Inbound Traffic Inbound Traffic to Single WAN Port (Reference Case) Inbound Traffic to Dual WAN Port Systems Page Virtual Private Networks (VPNs) VPN Road Warrior (Client-to-Gateway) Page Page VPN Gateway-to-Gateway Page Page VPN Telecommuter (Client-to-Gateway Through a NAT Router) Page Page Page Index-1 Index A B C Index-2 D Index-3 E F G H I K L Index-5 M N O Index-6 P Q R Index-7 S Index-8 T U V Index-9 W X