Manuel d'utilisation / d'entretien du produit FVS318N du fabricant NETGEAR
Aller à la page of 425
350 East Plumeria Drive San Jose, CA 95134 USA July , 2012 202-10836-04 v1.0 Pr oSaf e W ir ele ss -N 8-P ort Gi ga bit VPN F ir e w all FVS318N Refe ren c e M a nu a l.
2 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N © 201 1–2 012 NETGEAR, Inc. All rights reserved. No part of this publication may be re produced, transmitted, tran scribed, stored in a retrie val system, or translated into any langu age in any form or by any means without the written permission of NETGEAR, Inc.
3 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N (continued) • IPv6 firewall rules (see Configure LAN WAN Rules , Configure DMZ WAN Rules , Configure LAN DMZ Rules , a nd Examples of Firewal.
4 Contents Chapter 1 Introduction What Is the ProSafe Wireless- N 8- Port Gigabit VPN Firewall F V S318N? . 10 Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Wireless Features . . . . . . . . . . .
5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Stateless IP/ICMP Translation . . . . . . . . . . . . . . . . . . . . . . . . 49 Configure Advanced WAN Options and Other Tasks . . . . . . . . . . . . . . . . . 50 Additional WAN-Related Configuration Task s .
6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Advanced Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Test Basic Wireless C onnectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Chapter 5 Firewall Protection About Firewall Protection .
7 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Wireless VPN Firewall I PSec VPN Log . . . . . . . . . . . . . . . . . 221 Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Manage IKE Policies.
8 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Set User Login Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 Change Passwords and Other User Settings .
9 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Power LED Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Test LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 LAN or WAN Port LEDs Not On .
10 1 1. Intr odu cti on This chapter provides an ove rview of the features and cap abilities of the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N and explains how to log in to the device and use it s web management interface.
Introduction 11 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The wireless VPN firewall provides advanced IPSec and SSL VPN technologies with support for up to 12 IPSec VPN tunnels and 5 SSL VPN tunne ls, as well as L2TP support for easy and secure remote connections.
Introduction 12 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Hidden mode . The SSID is not broadcast, assuring tha t only clients configure d with the correct SSID can connect. • Secure an d economical operation . Adjust able power output allows more secure or economical operation.
Introduction 13 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Features The wireless VPN firewall is equipped with se veral features designed to maintain security: • Com puters hidden by NA T . NA T opens a temporary path to the Internet for request s originating from the local network.
Introduction 14 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Dynamic Host Configuration Protoco l (DHCP). This feature greatly simplifies configuration of co mputers on your local n etwork.
Introduction 15 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Maintenance and Support NETGEAR offers the fo llowing features to help you maximize your use of the wireless VPN firewall: • F lash memory for firmware upgrades. • T echnical support seven days a week, 24 hours a day .
Introduction 16 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The front panel also cont ains three groups of st atus indicator light-emitting diodes (LEDs), including Power and T est LEDs, LAN LEDs, and W AN LEDs, all of which are explained in detail in the followin g table.
Introduction 17 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Ports Left LED Off The LAN port ha s no link. On (green) The LAN port has dete cted a link with a connected Ethernet device. Blinking (green) Data is being transmi tted or re ceived by the LAN port.
Introduction 18 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Rea r P a ne l The rear panel of the wireless VPN firewall includes the antenna s, a cable lock recept acle, a console port, a Reset button, a DC power connectio n, and a power switch.
Introduction 19 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Bottom P anel with P roduct Label The product label on the bottom of the wireless VPN firewall’s en closure displays factory defaults set tings, regulatory co mpliance, and other information.
Introduction 20 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Log In to the Wireless VPN Firewall Note: T o connect the wireless VPN firewall physically to your network, connect the cables and rest art your network according to the instructions in the ProSafe Wireless-N 8-Po rt Gigabit VPN Firewall FVS318N Installation Guide .
Introduction 21 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 4. 3. In the User Name field, type admin . Use lowercase letters. 4. In the Password / Pa sscode field, type p ass word .
Introduction 22 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 5. W eb Management Interface Menu Layout The following figure shows the menu at t he top the web management in terface: Figure 6. The web management interface menu consist s of the following components: • 1st le vel: Main navigation menu links .
Introduction 23 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • 2nd level: Configuration menu links . The configuration menu lin ks in the gray bar (immediately below the main navigation menu bar) chan ge according to the main navigation menu link that you se lect.
Introduction 24 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Any of the following t able buttons might display onscreen: • Select All . Select all entries in the tab le. • Delete . Delete th e selected entry or entrie s from the table. • Enable .
25 2 2. IPv4 and IPv6 Int er net an d Br oadband Settings This chapter explains how to configure the Inte rnet and W AN settings. The chapter cont ains the following sections: • Internet and W AN Co.
IPv4 and IPv6 Internet and Br oadband Settings 26 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. (Optional) Config ure Dynamic DNS on the W AN po rt . If required, configure your fully qualified domain names: See Configure Dynamic DNS o n page 35 .
IPv4 and IPv6 Internet and Broadband Settings 27 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv4 W AN Mode By default, IPv4 is supported and functions in NA T mode but can also function in classical routing mode. IPv4 functions the same way in IPv4-only mode that it does in IPv4 / IPv6 mode.
IPv4 and IPv6 Internet and Br oadband Settings 28 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 9. 2. Select the NA T radio button or the Classical Routing radio button. W ARNING: Changing the W AN mode causes all LAN W AN and DMZ W AN inbound rules to revert to default settings.
IPv4 and IPv6 Internet and Broadband Settings 29 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10. 2. Click the Auto Det ect button at the bottom of the screen. The autodetect process probes the W AN port for a range of connection method s and suggests one that your ISP is most likely to support.
IPv4 and IPv6 Internet and Br oadband Settings 30 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • If the autodetect process does not find a connection, you are prompted either to check the .
IPv4 and IPv6 Internet and Broadband Settings 31 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Connection S tatus screen should show a valid IP addr ess and gat eway , and you are connected to the Internet.
IPv4 and IPv6 Internet and Br oadband Settings 32 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 13. 5. If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter t he settings as explained in the following table: T able 3.
IPv4 and IPv6 Internet and Broadband Settings 33 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 6. In the Interne t (IP) Address section of the screen (see the following figure), configure the IP address settings as explained in the following table.
IPv4 and IPv6 Internet and Br oadband Settings 34 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 7. In the Domain Name Server (DNS) Se rvers section of the screen (see the following figure), specify the DNS settings as explained in the following table.
IPv4 and IPv6 Internet and Broadband Settings 35 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Apply to save your changes. 9. Click Te s t to evaluate your entries. The wireless VPN firewall attempts to make a connection according to the settings that you entered.
IPv4 and IPv6 Internet and Br oadband Settings 36 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N After you have configured your account info rmation on the wireless VPN firewall, when your ISP.
IPv4 and IPv6 Internet and Broadband Settings 37 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Access the website of the DDNS service provi der , and regist er for an account (for example, for DynDNS.org, go to http://www .dyndns.com/ ). 5.
IPv4 and IPv6 Internet and Br oadband Settings 38 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Isolated IPv6 network . If yo ur network is an isolated IPv6 network that is not connected .
IPv4 and IPv6 Internet and Broadband Settings 39 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 18. 2. Select the IPv4 / IPv6 mode radio button. By default, the IPv4 only mode radio button is selected, and IPv6 is disabled. W ARNING: Changing the IP routing mode causes the wireless VPN firewal l to reboot.
IPv4 and IPv6 Internet and Br oadband Settings 40 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • St ateful address autoconfiguration . The wireless VPN firewall obt ains an interface address, configuration information such as DNS server information, and other p arameters from a DHCPv6 server .
IPv4 and IPv6 Internet and Broadband Settings 41 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. As an optional step: If you have selected the S tateless Address Auto Configuration radio button, you can select the Prefix Delegation check box: • Prefix delegation check box is sele cted .
IPv4 and IPv6 Internet and Br oadband Settings 42 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 21. 3. In the Internet Address section of the screen, from the IPv6 drop-down list, select Stat ic IPv6 . 4. In the S tatic IP Address section of the screen, enter the settings as explained in the following table.
IPv4 and IPv6 Internet and Broadband Settings 43 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. 6. T o verify the connection, click the Stat us option arrow in the upper right of the screen to display the Connection S tatus pop-up screen.
IPv4 and IPv6 Internet and Br oadband Settings 44 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 23. 3. In the Internet Address section of the screen, from the IPv6 drop-down list, select PPPoE . 4. In the PPPoE IPv6 section of the screen, enter the settings as explained in the following table.
IPv4 and IPv6 Internet and Broadband Settings 45 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. 6. T o verify the connection, click the Stat us option arro.
IPv4 and IPv6 Internet and Br oadband Settings 46 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure 6to4 Automatic T unneling If your network is an isolated IPv6 netwo rk that is not connected to an IPv6 ISP , you need to make sure that the IPv6 packet s can travel over the IPv4 Internet backbone by enabling automatic 6to4 tunneling.
IPv4 and IPv6 Internet and Broadband Settings 47 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Select the Enable Automati c T unneling check box.
IPv4 and IPv6 Internet and Br oadband Settings 48 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 25. 2. Click the Add table button under the List of Available ISA T AP T unnels table. The Add ISA T AP T unnel screen displays: Figure 26.
IPv4 and IPv6 Internet and Broadband Settings 49 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Modify the setting s as explained in the previous t able.
IPv4 and IPv6 Internet and Br oadband Settings 50 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Fo r SII T to fu nc ti on, th e routing mode needs to be I Pv 4 / IP v6 . N ET GE AR ’s i mp le me nta ti on of SIIT lets you enter a single IPv4 address on the SIIT scree n.
IPv4 and IPv6 Internet and Broadband Settings 51 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 29. 3. Enter the setting s as explained in the following table: T able 10.
IPv4 and IPv6 Internet and Br oadband Settings 52 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your changes. Spee d In most cases, the wireless VPN firewall can automatically determine the connectio n speed of the W AN port of the device (modem, dish, or router) that pr ovides the WAN connection.
IPv4 and IPv6 Internet and Broadband Settings 53 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional W AN-Related Configuration T asks If you want the ability to ma nage the wireless VPN firewall remotely , enable remote management (see Configure Remote Manage ment Access on p age 331).
54 3 3. L AN Co nfigu r at io n This chapter describes how to configure the LA N features o f your wireless VPN firewall. The chapter conta ins the following sections: • Manage IPv4 Virtual LANs and.
LAN Configuration 55 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N same segment. The resources of other dep artments can be invisible to the marketing VLAN members, accessible to all, or accessible on ly to specified individuals, depending on how the IT manager has set up the VLANs.
LAN Configuration 56 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N When you create a VLAN profile, assign L AN ports to the VLAN, and enable the VLAN, the LAN ports that are members of the VLAN can send and receive both t agged and untagged packet s.
LAN Configuration 57 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 30. For each VLAN profile, the following fields disp lay in the VLAN Profiles table: • Check box . Allows you to select the VLAN pro file in the t able. • S t atus icon .
LAN Configuration 58 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCP Server The default VLAN (VLAN 1) has the DHCP serv er option enabled by default, allowing the wireless VPN firewall to assign IP , DNS serv er , WINS server , and defa ult gateway addresses to all computers connected to th e wireless VPN firewall’ s LAN.
LAN Configuration 59 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LDAP Server A Lightweight Directory Access Protocol (LD AP) server allows a user to query and modify directory services that run over TCP/IP . For example, clients can que ry email addresses, contact information, an d other service information using an LDAP server .
LAN Configuration 60 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Add table button under the VLAN Profiles t able. The Add VLAN Profile screen displays: Figure 32.
LAN Configuration 61 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in the following table: T able 1 1. Add VLAN Pr ofile screen settings Setting Description VLAN Profile Profile Name Enter a unique name fo r the VLAN profile .
LAN Configuration 62 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable DHCP Server Select the Enable DHCP Server radio button to enab le the wireless VPN firewall to function as a Dynamic Host Configur ation Protocol (DHCP) server , provi ding TCP/IP configuration for al l computers co nnected to th e VLAN.
LAN Configuration 63 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Note: Once you have completed the LAN setup, a ll outbound traf fic is allowed and all inbound traf fic is discarded except responses to requests from the LAN side.
LAN Configuration 64 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit a VLAN profile: 1. On the LAN Setup screen for IPv4 (see Fig ure 31 on page 59 ), click the Edit button in the Action column for the VLAN profile that yo u want to modify .
LAN Configuration 65 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 33. 3. From the MAC Address for VLANs drop-down list , select Unique . (The default is Same.) 4. As an option, you can disable the broadcast of ARP p ackets for the default VLAN by clearing the Enable ARP Broadcast check box.
LAN Configuration 66 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o add a secondary LAN I Pv4 address: 1. Select Network Configuration > LAN Setup > LAN Multi-homing . I n the upper right of the screen, the IPv4 radio button is selected by default.
LAN Configuration 67 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more secondary LAN IP addre sses: 1. On the LAN Multi-homing screen for IPv4 (see the previous figure).
LAN Configuration 68 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • There is no need to use a fixed IP address on a computer . Because the IP address allocated by the DHCP server never changes, you do not need to assign a fixed IP address to a computer to ensu re that it always has the same IP address.
LAN Configuration 69 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Known PCs and Devices t able lists the ent ries in the network database. For each computer or device, the following fields display: • Check box . Allows you to select the comp uter or device in the ta ble.
LAN Configuration 70 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Add table button to add the computer or device to the Known PCs and Devices table.
LAN Configuration 71 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 36. 2. Modify the setting s as explained in Ta b l e 12 on page 69 .
LAN Configuration 72 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Edit Group Names option arrow to the right of the LAN sub menu tabs. The Network Database Group Names screen displays. (The following figure shows some examples.) Figure 37.
LAN Configuration 73 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The saved binding is also displa yed on the IP/MAC Binding screen (see Figure 99 on pag e 186 ).
LAN Configuration 74 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCPv6 server . For stateless DHCPv6, you need to configure the RADVD and advertisement prefixes (see Configure the IPv6 Router Advertiseme n t Daemon and Advertisement Prefixes for the L AN on page 80).
LAN Configuration 75 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv6 LAN T o configure the IPv6 LAN settings: 1. Select Network Configuratio n > LAN Setup . 2. In the uppe r right of the screen, select the IPv6 radio button.
LAN Configuration 76 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in the following table. The IPv6 address pools and prefixes for prefix delegation are explained in the sections following the table. T able 13.
LAN Configuration 77 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your changes. IPv6 LAN A ddress P ools If you configure a stateful DHCPv6 server for the LAN, you need to add local DHCP IPv6 address pools so the DHCPv6 server can contro l the allocation of IPv6 addresses in the LAN.
LAN Configuration 78 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 39. 2. Enter the settings as explained in the following table: 3. Click Apply to save your changes and add the new IPv6 address pool to the Li s t of I Pv 6 Address Pools table on the LAN Setup scree n for IPv6.
LAN Configuration 79 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN Pr efixes for Pr efix Delegation If you configure a stateless DHCPv6 se rver for the LAN and select the Prefix Dele.
LAN Configuration 80 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the IPv6 R outer Advertisement Daemon and Advertisement P refixes for the LAN Note: If you do not configure stateful DHCPv6 for the LAN but use stateless DHCPv6, you need to conf igure the Router Advertisement Deamon (RADVD) and advertisement prefixes.
LAN Configuration 81 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o configure the Router Advertiseme nt Daemon for the LAN: 1. Select Network Configuration > LAN Setup . 2. In the uppe r right of the screen, select the IPv6 radio button.
LAN Configuration 82 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. Advertisement Prefixes for the LAN Y ou need to configure the prefixes that are adv ertised in the LAN RAs. For a 6to4 address, you need to specify only t he site level aggregation identifier (SLA ID) and the pr efix lifetime.
LAN Configuration 83 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 42. 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f Prefixes to Advertise t able on the RADVD screen for the LAN.
LAN Configuration 84 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more advertisement prefixes: 1. On the R ADV D screen for the LAN (see Figure 41 on page 81 ), select .
LAN Configuration 85 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The A vailable Secondary LAN IPs table displays the seco ndary LAN IP addresses added to the wireless VPN firewall. 3. In the Add Secondary LAN IP Address section of the screen, enter the following sett ings: • I Pv6 Address .
LAN Configuration 86 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N firewall can be dedicated as a hardware DMZ po rt to safely provide services to the Internet without compromising security on your LAN. By default, the DMZ port and both inb ound and outbound DMZ traf fic are disabled.
LAN Configuration 87 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 44. 2. Enter the setting s as explained in the following table: T able 18. DMZ Setup screen settings for IPv4 Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s .
LAN Configuration 88 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Do you want to enable DMZ Port? (continued) Subnet Mask Enter the IP subnet mask of the DMZ port. The subnet mask specifies the network number portion of an IP address. The subnet mask for the DMZ port is 255.
LAN Configuration 89 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. DMZ P ort for IPv6 T raffic The DMZ Setup (IPv6) screen lets you set up the DMZ port for IPv6 traffic.
LAN Configuration 90 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For the DMZ, there are two DHCPv6 server options: • St ateless DHCPv6 server .
LAN Configuration 91 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the setting s as explained in the following table: T able 19. DMZ Setup screen settings for IPv6 Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s .
LAN Configuration 92 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. IPv6 DMZ A ddress P ools If you configure a sta teful DHCPv6 server for the DMZ, you need to add local DHCP IPv6 address pools so the DHCPv6 server can control the allocation of IPv6 addresses in the DMZ.
LAN Configuration 93 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f I Pv 6 Address Pools table on the DMZ Setup (IPv6) screen.
LAN Configuration 94 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Hosts and rou ters in the LAN use NDP to de termine the link-layer addresses and relate d information of neighbors in the LAN that can forwa rd packet s on their behalf.
LAN Configuration 95 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 47. 4. Enter the setting s as explained in the following table: T able 22 . RADVD screen settings for the DMZ Setting Description RADVD S tatus S pecify the RADVD status by ma king a selection from the drop-down list: • Enable .
LAN Configuration 96 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your changes. Advertisement Prefixes for the DMZ Y ou need to configure the prefixes that are adv ertised in the DMZ RAs. For a 6to4 address, you need to specify only t he site level aggregation identifier (SLA ID) and the pr efix lifetime.
LAN Configuration 97 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 48. 2. Enter the setting s as explained in the following table: 3. Click App ly to save your changes and add the new IPv6 address pool to the L is t o f Prefixes to Advertise t able on the RADVD screen for the DMZ.
LAN Configuration 98 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more advertisement prefixes: 1. On the RADVD screen for the DMZ screen (see Figu re 47 on page 95 ), s.
LAN Configuration 99 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Ad d t able button unde r the S tatic Routes table. The Add S tatic Route screen displays: Figure 50. 3. Enter the setting s as explained in the following table: 4.
LAN Configuration 100 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit an IPv4 st atic route: 1. On the S tatic Routing screen for IPv4 (see Figure 49 on page 98 ), click the Edit button in the Action column for the route that yo u want to modify .
LAN Configuration 101 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 51. 3. Enter the setting s as explained in the following table: T able 25.
LAN Configuration 102 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. RIP V ersion By default, the RIP version is set to Disab led. From the RIP V ersion drop-down list, select the version: • RIP-1 . Cl assful routing that does not include subnet information.
LAN Configuration 103 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Static R oute Example In this example, we assume the following: • T he wireless VPN firewall’ s primary Internet access is through a cable modem to an ISP . • T he wireless VPN firewall is on a local LAN with IP addre ss 192.
LAN Configuration 104 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 52. 3. Click the Add table button under the S tatic Routes t able. The Add IPv6 S tatic Routing screen displays: Figure 53. 4. Enter the settings as explained in the following table: T able 26.
LAN Configuration 105 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The n ew static route is added to the L ist of IPv6 S tatic Routes table.
106 4 4. Wir e le ss Con f ig u r at ion a nd Se cur i t y This chapter describes how to configure the wirele ss features of your ProSafe Wirele ss-N 8-Port Gigabit VPN Firewall FVS3 18N.
Wireless Configuration and Security 107 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N (NIC) through an antenna. T ypically , an individual in-building wireless acce ss point provides a maximum connectivity area of abou t a 300-foot radius. The wireless VPN firewall can support a small group of wireless users—typica lly 10 to 32 users.
Wireless Configuration and Security 108 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the Basic R adio Settings The radio settings apply to all wireless profile s on the wireless VPN firewall. The default wireless mode is 802.1 1ng.
Wireless Configuration and Security 109 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Mode S pecify the wireless mode in the 2.4-GHz band b y making a selection from the drop-down list: • g an d b . In addition to 802.1 1b- and 802.1 1g-compliant devices, 802.
Wireless Configuration and Security 11 0 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: When you have changed the country settin gs, the wireless VPN firewall will reboot when you click Apply .
Wireless Configuration and Security 111 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Data Security Options Indoors, computers can connect over 802.1 1n wireless networks at a maximum range of 300 feet. T ypically , a wireless VPN firewall insi de a building works best with d evices within a 100 foot radius.
Wireless Configuration and Security 11 2 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Cipher Block Chaining Message Authentica tion Code Protocol (CCMP) encryption. The very strong authentication along with dynamic per frame rekeying of WP A make it virtually impossible to compromise.
Wireless Configuration and Security 11 3 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Each wireless profile provides the fo llowing features: • Cap ability to turn off the wireless profile during scheduled vacations and off ice shutdowns, on evenings, or on weekends.
Wireless Configuration and Security 11 4 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Before Y ou Change the SSID , WEP , and WP A Settings For a new wireless network, print or copy the following form and fill in the settings. For a n existing wireless network, the network administrato r can provide this information.
Wireless Configuration and Security 11 5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure and Enable Wireless P rofiles T o add a wireless profile: 1. Select Netwo rk Configuration > Wireless Settings > Wireless Profiles . The Wireless Profiles screen displays.
Wireless Configuration and Security 11 6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 57. 3. S pecify the settings as explained in the following table: T able 29. Add Wireless Profiles screen se ttings Setting Description Wireless Profile Configurati on Profile Name The name for the default wireless profil e is d efault1.
Wireless Configuration and Security 11 7 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SSID The wireless network name (SSID) fo r the wire less profile. The default SSID name is FVS318N _1. Y ou can chan ge this name by enterin g up to 32 alphanumeric characte rs.
Wireless Configuration and Security 11 8 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Encryption Note: WPA, WPA2, and WPA +WPA2 only. The encryption that you can select depend s on the type of WP A security that you have selected: • WP A .
Wireless Configuration and Security 11 9 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The new profile is added to the List of Available Wireless Profiles table on the Wireless Pro files screen.
Wireless Configuration and Security 120 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit a wireless profile: 1. On the Wireless Profiles screen (see Figure 56 on page 11 5 ), click the Edit button in the Action column for the wireless profile that you want to mod ify .
Wireless Configuration and Security 121 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o allow or restrict access based on MAC addresses: 1. On the Wireless Profiles screen (see Figure 56 on page 11 5 ), click the ACL button in the ACL column for the wireless profile for which you want to set up access control.
Wireless Configuration and Security 122 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: When you configure the wireless VPN firewall from a wirele ss computer whose MAC address is not in the acces s control list and when the ACL policy st atus is set to deny access, you will lose your wireless connection when you c lick Apply .
Wireless Configuration and Security 123 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Wi-Fi P rotected Setup Push 'N' Connect using Wi-Fi Protected Setu p™ (WPS) allows you to connect computers to a secure wireless network with WP A or WP A2 wireless security .
Wireless Configuration and Security 124 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o enable WPS and initiate the WPS process on the wireless VPN firewall: 1. Select Network Configuration > Wireless Settings > W ireless Profiles .
Wireless Configuration and Security 125 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Push button configuration (PBC) method: a. Click the PBC b utton.
Wireless Configuration and Security 126 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. S pecify the settings as explained in the following table: 4.
Wireless Configuration and Security 127 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est Basic Wireless Connectivity After you have configured the wireless VPN fire wall as explained in the previous sections, test your wireless client s for wireless connecti vity before you place the wireless VPN firewall at it s permanent position.
128 5 5. F i rewa l l P ro te c t io n This chapter describes how to use the fire wall feat ures of the wireless VPN firewall to prot ect your network.
Firewall Protection 129 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N incoming p acket is in response to an outgoing req uest, but true stateful p acket inspection goes far beyond NA T .
Firewall Protection 130 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N A firewall has two default rules, one for inbound traffic a nd one for outbound. The default rules of the wireless VPN firewall are: • Inbound . Block all access from out side except responses to requests from the LAN side.
Firewall Protection 131 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble describes the fields that define th e rules for outbound traf fic and that are common to most Outbound Service screens (see Figure 65 on page 141, Figure 71 on page 148, and Figure 7 7 on page 155).
Firewall Protection 132 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W AN Users The setti ngs that determine which Internet locations are covered by the rule, based on their IP address. The optio ns are: • Any . All Internet IP addresses are covered by this rule.
Firewall Protection 133 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Inbound R ules (P ort Forwarding) If you have enabled Network Address T ranslation (NA T), your network present s one IP address only to the Internet, and outside users cannot directly access any of your local computers (LAN users).
Firewall Protection 134 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Groups screen to keep the computer ’ s IP address constant (see Set Up DHCP Address Reservation o n p age 72 ). • Local comp uters need to access the local se rver using the computers’ local LAN address.
Firewall Protection 135 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T able 34. Inbound rules overview Setting Description Inbound Rule s Service The service or application to be covered by this rule.
Firewall Protection 136 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Users These settings apply to a LAN WAN inbound rule when the WAN mode is classical routing, an d determine which computers on your network ar e af fected by this rule.
Firewall Protection 137 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Some residential broadband ISP account s do not allow you to run any server processes (such as a web or FT P server) from your location.
Firewall Protection 138 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure LAN W AN Rules • Create LAN WA N Outbound Service Rules • Create LAN WA N Inbound Service Rules The default outbound policy is to allow all traf fic to the Internet to pass thr ough.
Firewall Protection 139 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Edit . Allows you to make any changes to the definition of an existing rule.
Firewall Protection 140 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o enable, disable, or delete one or more IPv4 or IPv6 rules: 1. Select the check box to the lef t of each rule that you want to enable, disable, or delete, or click the Select All table button to select all rules.
Firewall Protection 141 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 65. 2. Enter the setting s as explained in T able 33 on p age 13 1 .
Firewall Protection 142 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN WAN Outbound R ules T o create a new IPv6 LAN W AN outbound rule: 1. In the upper right of the LAN W A N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 64 on page 139 ).
Firewall Protection 143 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create LAN W A N Inbound Service R ules The Inbound Services t able lists all e xisting rules for inbound traf fic. If you have not defined any rules, no rules are listed. By de fault, all inbound traf fic (from the Internet to the LAN) is blocked.
Firewall Protection 144 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 67. IPv6 LAN W AN Inbound R ules T o create a new IPv6 LAN W AN inbound rule: 1. In the upper right of the LAN W A N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 64 on page 139 ).
Firewall Protection 145 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 68. 3. Enter the setting s as explained in T able 34 on p age 13 5 .
Firewall Protection 146 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Inbound rules on the LAN W AN Rules screen take pre cedence over inbound rules on the DMZ W AN Rules screen.
Firewall Protection 147 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o access the DMZ W AN Rules screen for IPv6 or to change existing IPv6 rules: 1. Select Security > Firewall > DMZ W AN Rules . The Firewall submenu t abs display with the DMZ W AN Rules screen for IPv4 in view .
Firewall Protection 148 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Disable . Disables the rule or rules. T he ! st at us icon changes from a green circle to a gray circle, indicating that the selected rule or rules are disabled. • Delete .
Firewall Protection 149 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in T able 33 on p age 13 1 . In addition to selections from the Service, Action, and .
Firewall Protection 150 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Enter the settings as explained in T able 33 on page 131 . In addition to selections from the Service, Action, and Log.
Firewall Protection 151 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 73. 2. Enter the setting s as explained in T able 34 on p age 13 5 .
Firewall Protection 152 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 DMZ WAN Inbound Service R ules T o create a new IPv6 DMZ W AN inbound rule: 1. In the upper right of the DMZ WA N Rules screen, select the IPv6 radio button. The screen displays the IPv6 settings (see Figure 70 on page 147 ).
Firewall Protection 153 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure LAN DMZ R u les • Create LAN DMZ Outbound Service Rules • Create LAN DMZ Inbound Service Rules The LAN DMZ Rules screen allows you to crea te rules th at define the movement of traf fic between the LAN and the DMZ.
Firewall Protection 154 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Edit . Allows you to make any changes to the definition of a n existing rule.
Firewall Protection 155 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click one of the following table buttons: • Enable . Enab les the rule or rules. The ! st atus icon changes from a gray circle to a green circle, indicating th at the selected rule or rules are enabled.
Firewall Protection 156 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the settings as explained in T able 33 on page 131 . In addition to selections from the Service, Action, and Log.
Firewall Protection 157 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Un le ss y ou r se le ct io n fr om t he Action drop-do wn list is BLOCK always, you also need t o m ak e a s e l e c t i o n f r o m t he following drop-down list: • Select Schedule 4.
Firewall Protection 158 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Un le ss y ou r se le ct io n fr om t he Actio n drop-down list is BLOCK always, you also need to ma k e a s e l e c t i o n f r o m t he following drop-down list: • Select Sch edule 3.
Firewall Protection 159 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Examples of Firewall R ules • Examples of Inbound Firewall Rules • Examples of Outbound Firewall Rules Examples of In.
Firewall Protection 160 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN W AN Inbound R u le: Allow a Videoconfere nce from Restricted Addresses If you want to allow incoming videoconfe.
Firewall Protection 161 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN W AN or IPv4 DMZ WAN Inbound R ule: Set Up One -to- One NA T Mapping In this example, multi-NA T is configured to support multiple pub lic IP addresses on one W AN interface.
Firewall Protection 162 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 83. 4. From the Service drop-down list, select HTTP for a web server . 5. From the Action drop-down list, select ALLOW Always . 6. In the Send to LAN Server field, enter the lo cal IP address of your web server computer (192.
Firewall Protection 163 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 LAN W AN or IPv4 DMZ WAN Inboun d Rule: Specifying an Exposed Host S pecifying an exposed host allows you to set up a comp uter or server that is available to anyone on the Internet for services that you have not yet defined.
Firewall Protection 164 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 LAN WAN Inbound R ule: Restrict R T elnet from a Single WAN User to a Single LAN User If you want to restrict incomi.
Firewall Protection 165 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 86. IPv6 DMZ W AN Outbound Rule: Allow a Group of DMZ User to Access an FTP Site on the Internet If you want to al.
Firewall Protection 166 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 87. Configure Other Firewall Features • Attack Checks • Set Limits for IPv4 Sessions • Manage the Applicatio.
Firewall Protection 167 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 A ttack Checks T o enable IPv4 att ack checks for your network environment: 1. Select Se curity > Firewa ll > Att ack Checks . In the upper right of the screen, the IPv4 radio button is selected by default.
Firewall Protection 168 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N LAN Security Checks Block UDP flood Select the Block UDP flood check box (wh ich is the default setting) to prevent the wireless VPN firewall from accepting more than 20 simultaneous, active User Datagram Protocol (UDP) connection s from a single device on the LAN.
Firewall Protection 169 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. IPv6 A ttack Checks T o enable IPv6 att ack checks for your network environment: 1. Select Se curity > Firewall > Att ack Checks .
Firewall Protection 170 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Set Limits for IPv4 Sessions The session limits featu re allows y ou to specify the total nu mber of sessions that ar e allowed, per user , over an IPv4 connection across the wi reless VPN firewall.
Firewall Protection 171 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Manage the Application Level Gateway for SIP Sessions The application level gateway.
Firewall Protection 172 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Services, Bandwidth P rof iles, and QoS Profiles • Add Customized Services • Create Bandwid th Profiles • Preconfig.
Firewall Protection 173 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o define a new service, you need to determine first which port number or range of numbers is used by the application. Y ou can usually determine this informa tion by contacting th e publisher of the application, user groups, o r newsgroup s.
Firewall Protection 174 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click App ly to save your settings. The new custom service is added to the Custom Services table. T o edit a service: 1. In the Custom Services table, click the Edit table butto n to the right of the service that you want to edit.
Firewall Protection 175 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create Bandwidth P rofiles Bandwid th profiles determine the wa y in whic h data is communicated with the hosts.
Firewall Protection 176 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays: Figure 95. 3. Enter the settings as explained in the following table: T able 38.
Firewall Protection 177 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The new bandwidth profile is added to the List of Bandwidth Profiles t able.
Firewall Protection 178 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N These are the default QoS profile s that are preconfigured and that cannot be edited: • Normal-Service . Used when no special priority is gi ven to the traffic. IP p ackets are marked with a T oS value of 0.
Firewall Protection 179 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - ActiveX . Similar to Java applet s, ActiveX controls are installed on a Windows computer running Internet Explorer . A ma licious ActiveX control can be used to compromise or infect computers.
Firewall Protection 180 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 96. 2. In the Content Filtering section of the screen, select the Ye s radio button.
Firewall Protection 181 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Web Components section of the screen, select the components that you want to block (by default, none of these components are blocked, that is, none of these check boxes are selected): • Proxy .
Firewall Protection 182 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Set a Schedule to Block or Allow Specific T raffic Schedules define the time frames under which firewall rule s can be applied. Three schedules, Schedule 1, Schedule 2, and Schedule 3, can be defined, and you can select any one of these when defining firewall rules.
Firewall Protection 183 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable Source MA C Filtering The Source MAC Filter screen enables you to pe rmit or block traf fic coming from certain known computers or devices. By default, the source MAC address filte r is dis abled.
Firewall Protection 184 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the same section, from the Policy for MA C Addresses listed below drop-down list, select one of the following options: • Block and Permit the rest . T raffic coming from all addresses in the MAC Addresses table is blocked.
Firewall Protection 185 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Y ou ca n bind IP addresses to MAC addresses fo r DHCP assignment on the LAN Groups submen u.
Firewall Protection 186 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 99. 2. In the Email IP/MAC Violations section of the screen, specify if you want to enable email logs for IP/MAC binding violations. (Y ou have to do this only once.
Firewall Protection 187 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit an IP/MAC binding: 1. In the IP/MAC Bindings table, click the Edit table bu tton to the right of the IP/MAC binding that you want to edit. The Ed it IP/MAC Binding scre en displays.
Firewall Protection 188 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10 1. 3. In the Email IP/MAC Violations section of the screen, specify if you want to enable email logs for IP/MAC binding violations. (Y ou have to do this only once.
Firewall Protection 189 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o edit an IP/MAC binding: 1. In the IP/MAC Bindings table, click the Edit table bu tton to the right of the IP/MAC binding that you want to edit. The Ed it IP/MAC Binding scre en displays.
Firewall Protection 190 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure P ort T riggering Port triggering allows some applications running on a LAN network to be available to external applications that would otherwise be partia lly bloc ked by the firewall.
Firewall Protection 191 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 103. 2. In the Add Port T riggering Rule section, enter the settings as explained in the following table: 3. Click the Add t able button. The new port triggering rule is added to the Port T riggering Rules tab le .
Firewall Protection 192 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o remove one or more port triggering rules from the table: 1. Select the check box to the left of each port trig gering rule that you want to delete, or click the Select All table button to select all rules.
Firewall Protection 193 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The UPnP Portmap T able in the lower p art of the screen shows the IP addresses and other settings of UPnP devices that h ave accessed the wireless VPN firewall and that have been automatically detected by the wireless VPN firewall: • Active .
194 6 6. Vi r t u a l P r iva t e N e t work i ng Us in g IP Se c an d L2TP Co nnecti ons This chapter describes how to use the IP se cu rity (IPSec) virtual private networking (VPN) features of the wireless VPN firewall to provide se cure, encrypted communications between your local network and a remote network o r computer .
Virtual Private Networking Us ing IPSec and L2TP Connections 195 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configuring a VPN tunnel connection requ ires that you specify all se ttings on both sides of the VPN tunnel to match or mirror each other precisely , which can be a daunting task.
Virtual Private Networking Usin g IPSec and L2TP Connections 196 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 10 7. T o view the wizard default settings, click the VPN Wizard d efault values option arrow in the upper right of the screen.
Virtual Private Networking Us ing IPSec and L2TP Connections 197 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 108. 2. Complete the settings as explained in the following table: T able 42.
Virtual Private Networking Usin g IPSec and L2TP Connections 198 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: T o ensure that tunnels st ay active, af ter completing the wizard, man ual.
Virtual Private Networking Us ing IPSec and L2TP Connections 199 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 10. b. Locate the policy in the table, and click the Connec t table button.
Virtual Private Networking Usin g IPSec and L2TP Connections 200 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 12. T o view the wizard default settings, click the VPN Wizard d efault values option arrow in the upper right of the screen.
Virtual Private Networking Us ing IPSec and L2TP Connections 201 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 13. 3. Complete the settings as explained in the following table: T able 43.
Virtual Private Networking Usin g IPSec and L2TP Connections 202 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tip: T o ensure that tunnels st ay active, af ter completing the wizard, man ual.
Virtual Private Networking Us ing IPSec and L2TP Connections 203 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 15. b. Locate the policy in the table, and click the Connec t table button.
Virtual Private Networking Usin g IPSec and L2TP Connections 204 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Use the VPN Wizard to Configure the Gateway for a Client T unnel T o set up a client-to-gateway VPN tunnel using the VPN W izard: 1.
Virtual Private Networking Us ing IPSec and L2TP Connections 205 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Complete the settings as explained in the following table: 3. Click App ly to save your settings. The IPSec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen for IPv4.
Virtual Private Networking Usin g IPSec and L2TP Connections 206 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 1 18. Note: When you are using FQDNs, if th e Dynamic DNS service is slow to update its servers when your DHCP WAN addre ss changes, the VPN tunnel will fail because the FQDNs do not resolve to your new address.
Virtual Private Networking Us ing IPSec and L2TP Connections 207 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Perform these tasks from a computer th at has the NETGEAR ProSafe VPN Client inst alled. The VPN Client supports IPv4 only; an upcoming release of the VPN Clie nt will support IPv6.
Virtual Private Networking Usin g IPSec and L2TP Connections 208 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 12 0. 3. Select the A router or a VPN gateway radio b utton, and click Next . The VPN tunnel parameters wizard screen (screen 2 of 3) displays: Figure 12 1.
Virtual Private Networking Us ing IPSec and L2TP Connections 209 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Next . The Configuration Summary wizard screen (screen 3 of 3) displays : Figure 122. 6. This screen is a summary screen of the new VPN configuration.
Virtual Private Networking Usin g IPSec and L2TP Connections 210 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N c. S pecify the settings that are explained in the following ta ble. 8. Configu re the global parameters: a. Click Global Pa rameters in the lef t c olumn of the Configuration Panel screen.
Virtual Private Networking Us ing IPSec and L2TP Connections 21 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 124. b. S pecify the default lifetimes in seconds: • Authentication (IKE) , Default . Th e default lifetime valu e is 3600 seconds.
Virtual Private Networking Usin g IPSec and L2TP Connections 212 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure the Authentication Settings (Phase 1 Settings) T o create new authentication settings: 1. Right-click th e VPN client icon in your Windows system tray , and select Configuration Panel .
Virtual Private Networking Us ing IPSec and L2TP Connections 213 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: This is the name for the authentication phase tha t is used only for the VPN client, not during IKE negotiation. You can view and change this name in the tree list pane.
Virtual Private Networking Usin g IPSec and L2TP Connections 214 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to use the new settin gs immediately , and click Save to keep the settings for future use. 6. Click the Advanced t ab in the Authent ication pane.
Virtual Private Networking Us ing IPSec and L2TP Connections 215 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 8. Click Apply to use the new settings immediately , and click Save to ke ep the settings for future use.
Virtual Private Networking Usin g IPSec and L2TP Connections 216 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 12 9. 3. S pecify the settings that are explained in the following table. T able 49. VPN client IPSec configuration settings Setting Description VPN Client address Either enter 0.
Virtual Private Networking Us ing IPSec and L2TP Connections 217 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to use the new settings immediately , and click Save to ke ep the settings for future use. Configure the Global Parameters T o specify the global p arameters: 1.
Virtual Private Networking Usin g IPSec and L2TP Connections 218 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T est the Connection and View Connection and Status Information • T est the NE.
Virtual Private Networking Us ing IPSec and L2TP Connections 219 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Use the Connection Panel screen . On the ma in menu of the Configuration Pan el screen, select T ools > Connection Panel to open the Connection Panel screen.
Virtual Private Networking Usin g IPSec and L2TP Connections 220 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N NETGEAR VPN Client Status and Log Information T o view det ailed negotiation and error information on the NETGEAR VPN client: Right-click the VPN client icon in th e system tray , and select Consol e .
Virtual Private Networking Us ing IPSec and L2TP Connections 221 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Active IPSec SA(s) t able lists each active conne ction with the information th at is described in the following t able. The default poll interval is 10 se conds.
Virtual Private Networking Usin g IPSec and L2TP Connections 222 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Manage IPSec VPN P olicies • Manage IKE Policies • Manage VPN Policies After you have used the VPN Wizard to set up a VPN tunn el, a VPN policy and an IKE po licy are stored in separate p olicy tables.
Virtual Private Networking Us ing IPSec and L2TP Connections 223 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IKE P olicies Screen T o access the IKE Policies screen: Select VP N > IPSec VPN . The IPSec VPN submenu tabs display with the IKE Policies screen in view .
Virtual Private Networking Usin g IPSec and L2TP Connections 224 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more IKE polices: 1. Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all IKE policies.
Virtual Private Networking Us ing IPSec and L2TP Connections 225 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 140..
Virtual Private Networking Usin g IPSec and L2TP Connections 226 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 52.
Virtual Private Networking Us ing IPSec and L2TP Connections 227 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Local Identifier From the drop-down list, sele ct one of th e following ISAKMP identi fiers to be used by the wireless VPN fire wall , and then spec ify the identifier in the Identifier field: • Lo cal W an IP .
Virtual Private Networking Usin g IPSec and L2TP Connections 228 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication Method Select one of the foll owing radio butt ons to specify the authentica ti on method: • Pr e-shared key . A secret that is shared between the wireless VPN firewall and the remote endpoint.
Virtual Private Networking Us ing IPSec and L2TP Connections 229 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The I KE policy is added to the List of IKE Policies table. T o edit an IKE policy: 1. Select VPN > IPSec VPN .
Virtual Private Networking Usin g IPSec and L2TP Connections 230 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Modify the settings that you wish to change (see the previous table). 5. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table.
Virtual Private Networking Us ing IPSec and L2TP Connections 231 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 141. Each policy cont ains the data that are explai ned in the following t able. These fields are explained in more det ail in T able 54 on p age 235 .
Virtual Private Networking Usin g IPSec and L2TP Connections 232 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more VPN polices: 1. Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all VPN po licies.
Virtual Private Networking Us ing IPSec and L2TP Connections 233 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 142. Add New VPN Policy screen for IPv4.
Virtual Private Networking Usin g IPSec and L2TP Connections 234 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 143. Add New VPN Policy s creen for IPv6.
Virtual Private Networking Us ing IPSec and L2TP Connections 235 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table. The only differences between IPv4 and IPv6 settings are the subnet mask (IPv4) and prefix length (IPv6).
Virtual Private Networking Usin g IPSec and L2TP Connections 236 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T raffic Selection Local IP From the drop-down list, select the address or addresses th at are part of the VPN tunnel on the wireless VPN firewall: • Any .
Virtual Private Networking Us ing IPSec and L2TP Connections 237 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Key-Out The encryption key for the outbound policy . The length of the key depends on the selected encryption alg orithm: • 3DES .
Virtual Private Networking Usin g IPSec and L2TP Connections 238 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The VPN policy is added to th e List of VPN Policies table. T o edit a VPN policy: 1. Select VPN > IPSec VPN > VPN Policies .
Virtual Private Networking Us ing IPSec and L2TP Connections 239 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N authenticate users from a stored list of user account s. XAUTH provides the mechanism for requesting individual authen tication informatio n from the user .
Virtual Private Networking Usin g IPSec and L2TP Connections 240 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. In the Extended Authentication section on the screen, comple te the settings as explained in the following table: 5. Click Apply to save your settings.
Virtual Private Networking Us ing IPSec and L2TP Connections 241 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N information such as a user name and pa ssword or some encrypted response u sing his or her user name and p assword information.
Virtual Private Networking Usin g IPSec and L2TP Connections 242 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: Y ou can select the RADIUS auth entication protocol (P AP or CHAP) on the Edit IKE Policy screen or Add IKE Policy screen (see Configure XAUTH for VPN Clients on p age 239 ).
Virtual Private Networking Us ing IPSec and L2TP Connections 243 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Assign IPv4 Addresses to R emote Users (Mode Config) • Mode Config Operation .
Virtual Private Networking Usin g IPSec and L2TP Connections 244 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Mode Config Operation on the Wireless VPN Firewall T o configure Mode Config on the wireless VPN firewall, first create a Mode Config record, and then select the Mode Config reco rd for an IKE policy .
Virtual Private Networking Us ing IPSec and L2TP Connections 245 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 146. 3. Complete the settings as explained in the following table: T able 57.
Virtual Private Networking Usin g IPSec and L2TP Connections 246 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N WINS Server If there is a WINS server on the local netw ork, enter its IP address in the Primary field. Y ou can en ter the IP address of a second WINS server in the Secondary field.
Virtual Private Networking Us ing IPSec and L2TP Connections 247 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Appl y to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedu re by configuring an IKE policy .
Virtual Private Networking Usin g IPSec and L2TP Connections 248 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 14 7. 8. On the Add IKE Policy screen, complete the settings as explained in the following table.
Virtual Private Networking Us ing IPSec and L2TP Connections 249 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The IKE policy settings that are explained i n th e fo llo wi ng t abl e are specifically for a Mode Config configuratio n. T able 52 o n page 226 explains the general IKE policy settings.
Virtual Private Networking Usin g IPSec and L2TP Connections 250 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IKE SA Parameters Note: Generally, the default settings wo rk we l l for a Mode Config configuration. Encryption Algorithm T o negotiate the security association ( SA), from the drop-down list, select the 3DES algorithm.
Virtual Private Networking Us ing IPSec and L2TP Connections 251 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 9. Click Apply to save your settings.
Virtual Private Networking Usin g IPSec and L2TP Connections 252 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: Perform these t asks from a computer that has the NETGEAR ProSafe VPN Client inst alled.
Virtual Private Networking Us ing IPSec and L2TP Connections 253 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 149. 3. Change the name of the aut hentication phase (the default is Gateway): a. R i gh t- cl ic k t he authentication phase na m e .
Virtual Private Networking Usin g IPSec and L2TP Connections 254 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. S pecify the settings that are explained in the following table. 5. Click Apply to use the new settin gs immediately , and click Save to keep the settings for future use.
Virtual Private Networking Us ing IPSec and L2TP Connections 255 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 7. S pecify the settings that are explained in the following table. 8. Click App ly to use the new settings immediately , and click Save to ke ep the settings for future use.
Virtual Private Networking Usin g IPSec and L2TP Connections 256 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: This is the name for the IPSec configura tion that is used only for the VPN client, not during IPSec negotiati on. You can view and chang e this name in the tree list pane.
Virtual Private Networking Us ing IPSec and L2TP Connections 257 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to use the new settings immediately , and click Save to ke ep the settings for future use. Configure the Mode Config Global Parameters T o specify the global p arameters: 1.
Virtual Private Networking Usin g IPSec and L2TP Connections 258 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. S pecify the following default lifetime s in seconds t o m a tch t he c on fi gu ra ti on o n th e wi re le ss VPN firewall: • Authentica tion (IKE) , Default .
Virtual Private Networking Us ing IPSec and L2TP Connections 259 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. V er if y t hat th e wireless VPN firewall iss ued an IP address to the VPN client. This IP address displays in the VPN Client address fi eld on the IPSec p ane of the VPN client.
Virtual Private Networking Usin g IPSec and L2TP Connections 260 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N establishmen t time. If you require a VPN tunnel to remain connected, you can us.
Virtual Private Networking Us ing IPSec and L2TP Connections 261 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Enter the setting s as explained in the following table: 5.
Virtual Private Networking Usin g IPSec and L2TP Connections 262 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 15 8. 4. In the IKE SA Pa rameters section of the screen, locate the DPD fields, an d complete the settings as explained the following table: 5.
Virtual Private Networking Us ing IPSec and L2TP Connections 263 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o enable NetBIOS bridging on a configured VPN tunnel: 1. Select VPN > IPSec VPN > VPN Policies . The VPN Policies screen displays (see Figure 141 on p age 231 ).
Virtual Private Networking Usin g IPSec and L2TP Connections 264 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N is established, the L2TP u ser can connect to an L2TP client that is located be hind the wireless VPN firewall. Note: IPSec VPN provides stronger authentication and encryption than L2TP .
Virtual Private Networking Us ing IPSec and L2TP Connections 265 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Active L2TP Users T o view the active L2TP tunnel users, select VPN > Conne ction St atus > L2TP Active Users . The L2TP Active Users screen displays: Figure 161.
266 7 7. Vi r t u a l P r iva t e N e t work i ng Us in g SS L Con ne ction s The wireless VPN firewall provides a hardware-b ased SSL VPN solution designed specif ically to provide remote access for mobile users to thei r corporate re sources, bypassing the need for a preinstalled VPN client o n their computers.
Virtual Private Networking Using SSL Connections 267 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The SSL VPN client provides a point-to- point (PPP) connection between the client and the wireless VPN firewall, and a virtual net work inte rface is created on the user ’ s computer .
Virtual P rivate Networking Using SSL Connections 268 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Because you need to assign a group when creating an SSL VPN user account, the user account is created af ter you have created the group.
Virtual Private Networking Using SSL Connections 269 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can define individual layouts for the SSL VPN port al. The layout configuration includes the menu layout, theme, port al pages to displa y , and web cache control options.
Virtual P rivate Networking Using SSL Connections 270 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The List of Layout s table disp lays the fo llowing fields: • Layout Name . The descrip tive name of the portal. • Description . The ba nner message that is displayed at the top of the portal (see Figure 175 on p age 290 ).
Virtual Private Networking Using SSL Connections 271 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 66 . Add Port al Layout screen settings Setting Description Port al La yo ut a nd Th eme Name Portal Layout Name A descriptive name for the portal layout.
Virtual P rivate Networking Using SSL Connections 272 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The new port al layout is added to the List of Layouts table. For information about how to display the new portal layout, see Access the New SSL Portal Login Screen on p age 288 .
Virtual Private Networking Using SSL Connections 273 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N access policies. When you create a group, you need to specify a domain. Therefore, you should create any domains first, then group s, and then user accounts.
Virtual P rivate Networking Using SSL Connections 274 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Add New Application for Port Forwarding section of the screen, specify information in the following fields: • IP Address . The IP address of an intern al server or host computer that a remo te user has access to.
Virtual Private Networking Using SSL Connections 275 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o add servers and host names for c lient name resolution: 1. Select VPN > SSL VPN > Port Forwarding . The Port Forwarding screen displays (see Figure 165 on p age 273 ).
Virtual P rivate Networking Using SSL Connections 276 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - A split tunnel sends only tr affic that is destined for the local netwo rk based on the specified client routes. All oth er traffic is sent to the Internet.
Virtual Private Networking Using SSL Connections 277 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • IPv6 . Select the IPv6 radio button. The SSL VPN Client screen displays the I Pv6 settings (the following screen shows some examples). Figure 167.
Virtual P rivate Networking Using SSL Connections 278 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. VPN tunnel clients are now able to connect to the wireless VPN firewall and receive a virtual IP address in the client address range.
Virtual Private Networking Using SSL Connections 279 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. In the Add Routes for VPN T unn el Client s section of the screen, specify information in the following fields: • Des tination Network . The destination network I Pv4 or IPv6 address of a local network or subnet.
Virtual P rivate Networking Using SSL Connections 280 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 16 8. 2. In the Add New Resource section of the screen, specify informat ion in the following fields: • Resource Nam e . A descriptive name of the resource for identification and management purposes.
Virtual Private Networking Using SSL Connections 281 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. S pecify the IP version for which you want to add a portal layout: • IP v4 . In the upper right of the screen, the IPv4 radio button is already selected by default.
Virtual P rivate Networking Using SSL Connections 282 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply t o save your settings. The new configurat ion is added to the Def ined Resource Addresses table.
Virtual Private Networking Using SSL Connections 283 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For example, a policy that is configu red fo r a single IP address t akes precedence over a policy that is configured for a range of addresses.
Virtual P rivate Networking Using SSL Connections 284 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 17 0. 2. Make your selection from the following Query options: • T o view all global policies, select the Global rad io button.
Virtual Private Networking Using SSL Connections 285 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N . Figure 171. Add SSL VPN Policy screen for IPv4 • IPv6 . Select the IPv6 radio button. The Add SSL VPN Po licy screen displays the IPv6 settings: .
Virtual P rivate Networking Using SSL Connections 286 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Complete the settings as explained in the following table: T able 70. Add SSL VPN Policy screen settings Setting Description Policy For Select one of the following radio buttons to s pecify the type of SSL VPN policy: • Gl obal .
Virtual Private Networking Using SSL Connections 287 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. The policy is added to the List of SSL VPN Policies table on the Policies screen. The new policy goes into effect immediately .
Virtual P rivate Networking Using SSL Connections 288 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: If you have configured SSL VPN us er policies, ma ke sure that secure HTTP remote management is ena bled (see Configure Remote Management Access on p age 331 ).
Virtual Private Networking Using SSL Connections 289 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. S pecify the IP version for which you want to open the SSL portal login screen: • IP v4 . In the upper right of the screen, the IPv4 radio button is already selected by default.
Virtual P rivate Networking Using SSL Connections 290 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 17 5. 4. Enter a user name and password that are associated with a domain, that, in turn, is associated with the portal.
Virtual Private Networking Using SSL Connections 291 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 176. Figure 177. The User Port al screen displays a simple menu that, depending on the resour ces allocated, provides the SSL user with the following menu selections: • VPN T unnel .
Virtual P rivate Networking Using SSL Connections 292 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Change Password . Allows the user to change his or her password.
Virtual Private Networking Using SSL Connections 293 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 179..
294 8 8. M anage User s, Authenti c ation , and VPN Cer tif icates This chapter describes how to manage users, aut henticat ion, and security certificates for IPSec VPN and SSL VPN.
Manage Users, Authenticat ion, and VPN Certificates 295 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Except in the case of IPSec VPN users, when you create a user account, you need to specify a group. When you create a grou p, you need to specify a doma in.
Manage Users, Authentication, and VPN Certificates 296 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Authentication Do mains, Groups, and Users • Configure Domains • Configure G.
Manage Users, Authenticat ion, and VPN Certificates 297 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The List of Domains t able displays the domains with the following fields: • Che ck box . Allows you to select the d omain in the table. • Domain Name .
Manage Users, Authentication, and VPN Certificates 298 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Authentication T ype (continued) Note: If you select an y type of RADIUS authentication, make sure that one or more RADIUS servers are configured (see RADIUS Client and Server Configuration on page 240 ).
Manage Users, Authenticat ion, and VPN Certificates 299 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. The domain is added to the List of Domains table.
Manage Users, Authentication, and VPN Certificates 300 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Edit Domains T o edit a domain: 1. Select Users > Domains .
Manage Users, Authenticat ion, and VPN Certificates 301 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Create Groups T o create a VPN group: 1.
Manage Users, Authentication, and VPN Certificates 302 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 18 3. 3. Complete the settings as explained in the following table: 4. Click Apply to save your changes. The new group is added to the List of Groups table.
Manage Users, Authenticat ion, and VPN Certificates 303 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Edit Groups For groups th at were automatically crea ted wh en you created a domain, you can modify only the idle time-out settings but not the group name or associated domain.
Manage Users, Authentication, and VPN Certificates 304 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • IPSec VPN user . A user who can make an IPSec VPN connection only through a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see Configure Extended Authentication (XAUTH) on p age 238 ).
Manage Users, Authenticat ion, and VPN Certificates 305 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 185. 3. Enter the setting s as explained in the following table: 4. Click App ly to save your settings. The user is added to the List of Users table.
Manage Users, Authentication, and VPN Certificates 306 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more user account s: 1. In the List of Users t able, select the check box to the lef t of each user account that you want to delete, or click the Select All t able button to select all account s.
Manage Users, Authenticat ion, and VPN Certificates 307 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Make the following optional selections: • T o prohibit the user from logging in to the wireless VPN fire wall, select the Disable Login check box.
Manage Users, Authentication, and VPN Certificates 308 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. In the Defined Addresses S tatus section of the screen, select one of the following radio buttons: • Deny Login from Defined Addresses .
Manage Users, Authenticat ion, and VPN Certificates 309 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 188. 5. In the Defined Ad dresses S tatus section of the screen, select one of the followin g radio buttons: • Den y Login from Defined Addresses .
Manage Users, Authentication, and VPN Certificates 310 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 9. Repeat St e p 7 and St ep 8 for any oth er addresses that you want to add to the Defined Addresses table. T o delete one or more IPv6 addresses: 1.
Manage Users, Authenticat ion, and VPN Certificates 31 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 5. Click Apply to save your settings. 6. In the Add Defined Browser section of the screen, add a browser to the Defined Browsers table by selecting one of the following browsers from the drop-down list: • I nternet Explorer .
Manage Users, Authentication, and VPN Certificates 312 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o modify user settings, including p asswords: 1.
Manage Users, Authenticat ion, and VPN Certificates 313 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 4. Click Apply to save your settings. Manage Digital Certific ates for VPN Connections .
Manage Users, Authentication, and VPN Certificates 314 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N certificate repository . However , if the defined purpose is for IPSec VPN only , the certificate is uploaded only to the IPSec VPN certificate repository .
Manage Users, Authenticat ion, and VPN Certificates 315 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Self Certificate Request s t able . Contains the self-signed certificate request s that you generated.
Manage Users, Authentication, and VPN Certificates 316 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click the Upload table button. If the verification process on the wireless VPN firewall approves the digital certificate for validity and purpose, the digital certificate is added to the T rusted Certificates (CA Certificate s) t able .
Manage Users, Authenticat ion, and VPN Certificates 317 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Generate a CSR and Obtain a Se lf-Signed Certificate from a CA T o use a self-signed cert.
Manage Users, Authentication, and VPN Certificates 318 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Generate Self Certificate Request section of the screen, enter the settings a s explained in the following table: 3. Click the Generate t able button.
Manage Users, Authenticat ion, and VPN Certificates 319 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 194. 5. Copy the contents of the Data to supply to CA text field into a text file, including all of the data cont ained from “-----BEGIN CERTIFICA TE REQUEST -----” to “ -----END CERTIFICA TE REQUEST -- ---.
Manage Users, Authentication, and VPN Certificates 320 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more SCRs: 1. In the Self Certificate Requests table, select the check box to the lef t of each SCR that you want to delete, or click the Se lect All table button to select all SCRs.
Manage Users, Authenticat ion, and VPN Certificates 321 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 195. Certific at es, screen 3 of 3 The Certificate Revocation List s (CRL) t able li sts the active CAs and their critical release dates: • CA Identity .
322 9 9. Net w or k and S y stem Managemen t This chapter describes the tools for managing th e network traf fic to optimize its performance and the system management features of the wireless VPN firewall.
Network and System Management 323 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Features That R educe T raffic Y ou can adjust the followin g features of the wireless VPN firewall in such a w.
Network and System Management 324 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N - Single address . The rule applies to the address o f a particular computer . - Address range . The ru le applies to a rang e of addresses. - Group s . The rule app lies to a group of computers.
Network and System Management 325 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Source MAC Fi ltering If you want to reduce outgoing traf fic by preventing Internet access by certain computers on the LAN, you can use the source MAC filtering feature to drop the traff ic received from the computers with the specified MAC addresses.
Network and System Management 326 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N rules, see Configure LAN W AN Rules on page 138 and Configure DMZ WAN Rules on page 145 . When you define inbound f i rewall rule s, you c an furth er refine their application according to the following criteria: • Services .
Network and System Management 327 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N P ort T riggering Port triggering allows some applicatio ns running on a LAN network to be available to external applications that would otherwise be p artially bl ocked by the firewall.
Network and System Management 328 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Use QoS and Bandwidth Assignment to Shift the T raffic Mix By setting the QoS priority and assigning bandwid th profiles to firewall rules, you can shif t the traffic mix to aim for optimum perform ance of the wireless VPN firewall.
Network and System Management 329 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N System Management • Change Passwords and Administ rator and Guest Settings • Configure Remote Management Ac.
Network and System Management 330 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. In the Action co lumn of the List of Users table, click the Edit table button for the u ser with the name admin. The Edit Users screen displays: Figure 19 7. Y ou cannot modify th e administrator user name, user type, or group assignment.
Network and System Management 331 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Y ou can also change the administrator login policies: • Disable lo gin. Deny login access. Note: Y ou obviously do not want to deny logi n access to yourself if you are logged in as an administrator .
Network and System Management 332 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o configure the wireless VPN firewall for remote management: 1. Select Administration > Remote Management . The Remote Management screen displays the IPv4 settings (see the next figure).
Network and System Management 333 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 199. Remote Management scr een for IPv6 3. Enter the setting s as explained in the following table: T able 79.
Network and System Management 334 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: If you are remotely connected to the wireless VPN firewall and you select the No radio button to disable secure HTTP ma nagement, you and all other SSL VPN users are disconnected when you click Apply .
Network and System Management 335 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • T o maintain security , the wireless VPN firewall reject s a login that uses http:// address rather than the SSL http s:// address .
Network and System Management 336 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP lets you monitor and manage your wireless VPN firewall from an SNMP manager . It provides a remote means to monitor and control network de vices, and to manage configurations, st atistics collection, performance, and security .
Network and System Management 337 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. T o specify a new SNMP configuration, in the Create New SNMP Configuration Entry section of the screen, enter the settings as explained in the following table: 3.
Network and System Management 338 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o delete one or more SNMP configurations: 1. On the SNMP screen (see Figure 200 on p age 336 ), select the check box to the lef t of each SNMP configuration that you wa nt to del ete, or click the Select All table button to select all SNMP configurations.
Network and System Management 339 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your changes. T o configure the SNMP system information: 1. On the SNMP scre en (see Figure 200 on p age 336 ), click the SNMP System Info option arrow in the upper right of the screen.
Network and System Management 340 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your changes. Manage the Configuration File The configuration settings of the wireless VPN firewall a re stored in a configuration file on the wireless VPN firewall.
Network and System Management 341 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Back Up Settings The backup feature saves all wireless VPN fire wall settings to a file. Back up your settings periodically , and store the backup file in a safe place.
Network and System Management 342 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N W ARNING: Once you st art restoring settings, do not interrupt the process. Do not try to go online, turn off the wireless VPN fire wall, shut down the computer , or do anything else to the wire less VPN firewall until the settings have been fully restore d.
Network and System Management 343 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Update the Firmware Y ou can install a different version of the wireless VPN firewall fir mware from the Settings Backup and Firmware Upgrade screen.
Network and System Management 344 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Date and Time Service Configure date, time, and NTP server desig nations on the System Date & T ime screen. Network T ime Protocol (NTP) is a protocol that is used to synchronize comput er clock times in a network of computers.
Network and System Management 345 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: If you select the default NTP servers or if you enter a custom serve r FQDN, the wireless VPN firewall determines the IP address of the NTP server by performing a DNS lookup.
346 10 10. M on ito r S ystem Ac ces s a nd P e rfor m an ce This chapter describes the system-monitoring featur es of the wireless VPN firewall. Y ou can be alerted to importan t events such W AN traffic limit s reached, login failures, and att acks.
Monitor System Access and Performance 347 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 206. 2. Enter the setting s as explained in the following table:.
Monitor System Access and Performance 348 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T able 84. Broadband T raffic Meter scre en settings Setting Description Enable T raffic Meter Do you want to en able Traffic Metering on Broadband? Select one of the following radio buttons to configure traffic metering: • Ye s .
Monitor System Access and Performance 349 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. T o display a report of the Internet traf fic by type, click the T raffic by Protocol option arrow in the upper right of the Broadband T raffic Meter screen.
Monitor System Access and Performance 350 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 20 8..
Monitor System Access and Performance 351 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Enter the setting s as explained in the following table: T able 85. Firewall Logs & E-mail screen se ttings Setting Description Log Options Log Identifier Enter the name of the log identifier.
Monitor System Access and Performance 352 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Enable E-mail Logs Do you want logs to be emailed to you? Select the Ye s radio button to enable the wireless VPN firewall to email logs to a specified email address.
Monitor System Access and Performance 353 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click Apply to save your settings. Note: Enabling routing and other event logs might gen erate a significant volume of log messages. NETGEAR recommend s that you enable firewall logs for debugging p urposes only .
Monitor System Access and Performance 354 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following sections describe step s 2 through 4, using the topology that is described in the following tab le: Configure Gateway 1 at Site 1 T o create a gateway-to-gateway VPN tunnel to Gateway 2, using th e IPSec VPN wizard: 1.
Monitor System Access and Performance 355 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Configure Gateway 2 at Site 2 T o create a gateway-to-gateway VPN tunnel to Ga teway 1, using the IPSec VPN wiza rd: 1. Select VPN > IPSec VPN > VPN Wizard .
Monitor System Access and Performance 356 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View Status Screens • View t he System S tatus • View t he VPN Connection S tatus and L2TP Users .
Monitor System Access and Performance 357 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 209. The following ta ble explains the fields of the Route r S tatus screen: T able 86. Router S tatus s creen information Item Description System Info System Name The NETGEAR system name.
Monitor System Access and Performance 358 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Ro ute r S ta t ist ic s S cr ee n T o view the Router St atistics screen: 1. Select Mon itoring > Router St atus . The Router S tatus screen displays (see the previous figure).
Monitor System Access and Performance 359 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 210. The following ta ble explains the fields of the Router S tatistics screen. T o change the poll interval period, enter a new va lue (in seconds) in the Poll Interval field, and then click Set interval .
Monitor System Access and Performance 360 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 21 1..
Monitor System Access and Performance 361 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble explains the fields of the Det ailed S tatus screen: T able 88. Det ailed Status screen informatio n Item Description LAN Port Configuration The following fields are shown for ea ch of the LAN ports.
Monitor System Access and Performance 362 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N NA T (IPv4 only) The NA T state can be either Enabled or Disabled, depending on whether NA T is enabled (see Network Address T ranslation on page 27 ) or classical routing is enabled (see Classical Routing on p age 27 ).
Monitor System Access and Performance 363 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T unnel Status Screen The IPv6 T unnel S tatus screen displays the sta t us o f all active 6 to4 and ISA T AP tunnels and their IPv6 addresses.
Monitor System Access and Performance 364 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the VPN Connection Status and L2TP Users The Connection S tatus screens display a list of IPSec VPN connections, SSL VPN connections, and L2TP users who are currently logged in to the wireless VPN firewall.
Monitor System Access and Performance 365 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o disconnect an active user , click the Disconnect table button to the right of the user’s table entry . T o view the active L2TP tunnel users: Select VPN > Conn ection St atus > L2TP Active Users .
Monitor System Access and Performance 366 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T o display the SSL VPN log: Select Monitoring > VPN Logs > SSL VPN Logs . The SSL VPN Logs screen displays: Figure 21 7. View the P ort T riggering Status T o view the st atus of the port triggering feature: 1.
Monitor System Access and Performance 367 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 2. Click the Sta tus option arrow in the upper right of the Port T r iggering screen.
Monitor System Access and Performance 368 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 22 0. The type of connection d etermines the information that is displayed on the Conne ction S tatus screen.
Monitor System Access and Performance 369 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 W AN P ort Status T o view the IPv6 st atus of the W AN port: 1. Select Network Configuratio n > W AN Settings > Broadband ISP Settings (IPv6) .
Monitor System Access and Performance 370 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Attached Devi ces and the DHCP Log The LAN Group s screen shows the network database, which is the Known PCs and Device s table, wh ich contains all IP devices that wireless VPN firewall h as discovered on the local network.
Monitor System Access and Performance 371 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N assigned a st atic IP addre ss, you need to update this entry manua lly af te r the IP ad dress on the computer or device has changed. • M AC Addre s s .
Monitor System Access and Performance 372 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N View the Status of a Wireless P rofile T o view the st atus of a specific wireless profile: 1. Select Network Con figuration > Wireless Settings > W ireless Profiles .
Monitor System Access and Performance 373 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Diagnostics Utilities • Send a Ping Packet • T race a Route • Look Up a DNS Ad dress • Display .
Monitor System Access and Performance 374 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 22 5. • IPv6 . Select the IPv6 radio button. The Diagnostics screen displays the IPv6 settings: Figure 22 6. The various tasks that you can per form on the Diagnostics screen are explained in the following sections.
Monitor System Access and Performance 375 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Send a Ping P acket Use the ping utility to se nd a ping packet r equest in order to check the connection between the wireless VPN firewall and a specific I P address or FQDN.
Monitor System Access and Performance 376 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Display the R outing T ables Displaying the internal routing t able can as sist NETGEAR technical support in diagnosing routing problems.
Monitor System Access and Performance 377 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N R eboot the Wireless VPN Firewall Remotely Y ou can perform a remote reboot, for example, when the wireless VPN firewall seems to have become unst able or is not operating normally .
378 11 11 . T r oubles hooti ng This chapter provides trouble shooting tips an d information for the wireless VPN firewall. Af ter each problem description, instructions are provid ed to help you diagnose and solve the problem. For the common problems listed, go to t he section indicated.
T roubleshooting 379 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: The wireless VPN firewall’ s diagno stic tools are explained in Diagnostics Utilities on page 37 3 .
T roubleshooting 380 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N If all LEDs are still on more than several minutes minute after power-up, do the following: • T urn off the power , and then turn it on again to see if th e wireless VPN firewall recovers.
T roubleshooting 381 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • Make sure that you are using the SSL http s:// address login rather than the http:// address login. • Make sure that your browser has Java, JavaScript, or ActiveX enab led.
T roubleshooting 382 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N T roubleshoot the ISP Connection If your wireless VPN firewall is unable to ac cess the Internet , you should first determine whether the wireless VPN firewall is able to obt ain a W AN IP address from the ISP .
T roubleshooting 383 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N system name, or account name that was assi gned to you by your ISP . Y ou might also have to enter the assigned domain name or workgroup name in the Domain Name field, and you might have to enter additiona l information.
T roubleshooting 384 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Check the computer: • Make sure tha t the operating system suppor t s IPv6.
T roubleshooting 385 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N c. Make sure that Internet Protocol V ersion 6 (TCP/IPv6) displays, as is shown in the previous figure. • Make sure that the computer has an IPv6 add ress. If the computer has a link-lo cal address only , it cannot reach the wireless VPN firewall or the Internet.
T roubleshooting 386 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 23 0. f. Make sure that an IPv6 address shows. The previous figure does not show an IPv6 address for the computer but only a link-l ocal IPv6 address and an IPv6 default gateway address, both of which start , in this case, with FE80.
T roubleshooting 387 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N 3. Click OK . A message similar to the follo wing should display: Pinging <IP address> wit h 32 bytes of data If the p.
T roubleshooting 388 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N information. For more information, see Manually Co nfigure an IPv4 Internet Connection on page 31 . • Y our ISP could be rejecting the Ethernet MAC addresses of all but one of your computers.
T roubleshooting 389 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The reboot process t akes about 165 sec onds. (If you can see the unit: The reboot process is complete when the T est LED on the front p anel goes off.
390 A A. De fa ult Settings and T echni cal Sp ecificat ion s This appendix provides the de fault settings and th e physical and technical specifications of the wireless VPN firewall in the following .
Default Settings and T echnical S pecifications 391 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N S tateless IP/ICMP Translation (SIIT) Disabled W AN MAC addre ss Use default MAC address of t.
Default Settings and T echnical Specifications 392 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DMZ port for IPv6 Disabled DMZ IPv6 address (Port 8) 176::1 DMZ IPv6 prefix length (Port 8) 64.
Default Settings and T echnical S pecifications 393 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N UPnP Disabled Bandwidth profiles None QoS profiles Normal-Service Minimize-Cost Maximize-Reli.
Default Settings and T echnical Specifications 394 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Encryption None Authentication None T ran smission rate Best 1 Default transmit power Full 802.1 1 wireless mode 802.1 1ng (for most countries) 802.
Default Settings and T echnical S pecifications 395 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Key group DH-Group 2 (1024 bit) NetBIOS Enabled VPN IPsec Wizard: IKE policy settings for IPv4 gateway- to-client tunnels Exchange mode Aggressive ID type FQDN Local W AN ID remote.
Default Settings and T echnical Specifications 396 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Physical and T echnical Specifications The following t able shows the physical and techni cal .
Default Settings and T echnical S pecifications 397 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Power plu g (localized to the country of sale) North America 120V , 60 Hz, input United Kingd.
Default Settings and T echnical Specifications 398 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following t able shows the IPSec VPN specif ications for the wireless VPN firewall: The following t able shows the SSL VPN specifications fo r the wireless VPN firewall: T able 95.
Default Settings and T echnical S pecifications 399 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The following ta ble shows the wireless spec ifications for the wireless VPN firewall: T able 97. W ireless VPN firewall wi reless spec ifications Setting Specification 802.
400 B B. T w o - F act or A uthe nti cati on This appendix provides an overview of two-factor authentication, and an example of how to implement the WiKID solution.
T wo-Factor Authentication 401 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N What Is T wo-Factor Authentication? T wo-factor authentication is a security solution that enhance s and strengthe.
T wo-Factor Authentication 402 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 23 2. 2. A one-time passcode ( something the user has ) is generated. Figure 23 3. Note: The one-time passcode is time-syn chronized to the authentication server so that the OTP can be used only once and needs to be used before the expiration time.
T wo-Factor Authentication 403 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Figure 234..
404 C C. No tif ica tion o f Com pli ance (W ir ed) NET GEAR W ir ed Pr oducts Regulatory Compliance Information This section includes user requirement s for oper ating this p roduct in accordance with National laws for usage of radio spectrum and ope ration of radio devices.
Notification of Compliance (Wired) 405 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N FCC Radio Frequency Interference W arnings & Instructions This equipment has been tested and found to comply with the limits for a Class B digit al device, pursuant to Part 15 of the FCC Rules.
Notification of Compliance (Wired) 406 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Additional Copyrights AES Copyright (c) 2001, Dr . Bri an Gl adman, brg@gladman.
Notification of Compliance (Wired) 407 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N MD5 Copyrig ht (C) 1990, RSA Data Secu rity , Inc. All rights reserved. License to copy and use this software is granted provi ded that it is ident ified as the “RSA Data Security , In c.
408 D D. Notif i cati on of C ompli ance (W ir el ess) NET GEAR W ir eless R oute r s, Gate wa y s, AP s Regulatory Compliance Information Note: This section includes use r requirements for operating this product in a ccordance with National l aws for usage of radio spectrum and op eration of radio devices.
Notification of Compliance (Wireless) 409 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Español [S panish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposicione s aplicables o exigibles de la Directiva 1999/5/CE.
Notification of Compliance (Wireless) 410 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N This device is a 2.4 GHz wideband transmi ssion system (transceiver), intended for use in all EU member states and EFT A co untries, except in Fran ce and It a ly where restri ctive use applies.
Notification of Compliance (Wireless) 41 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N • For product available in the USA market, only channel 1~ 1 1 can be operated.
412 Inde x Numerics 10BASE-T , 100BASE-T , and 1000BASE-T speeds 52 2.4-GHz wireless mode 109 20- and 40-MHz channel spacing 109 3322.org 35 – 37 64-bit and 128-bit WEP 119 6to4 tunnels configuring globally 46 DMZ, configuring for 97 LAN, configuring for 83 802.
413 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Auto Uplink, autosensi ng Ethernet connections 13 autodetecting IPv4 Internet settings 29 autoinitiating VPN tunnels 235 autosensing port spe.
414 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N crossover cable 13 , 380 CSMA (Carrier Sens e Multiple Access) 126 CSR (certificate signing request) 317 CTS (Clear to Send) packets and self-protection 126 custom services, firewall 172 D Data Encryption S tandard.
415 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dipole antenna 18 direction, bandwidth profiles 176 DMZ (demilitarized zone) configuring 85 – 98 increasing traffic 327 port 13 , 17 DNS (D.
416 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N G g mode, wireless 10 9 gateway , ISP IPv4 address 34 IPv6 address 42 generating keys, WEP 119 global addresses, IPv6 47 global IPv6 tunnels .
417 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N ISA T AP tunnel address 48 LAN, secondary 65 – 67 MAC bindings 185 port forwarding, SSL VPN 274 require ments 24 reserved 72 secondary LAN .
418 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N key generation, WEP 119 keyword blocking 179 knowledge base 389 L L2TP (Layer 2 T unneling Protocol) server 26 3 L2TP Access Concentrator (LA.
419 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N monitoring default settin gs 396 MTU (maximum transmission unit) default 51 IPv6 DMZ packet s 96 IPv6 LAN packets 82 multicast pass-through 1.
420 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N PFS (Perfect Forward Secrecy) 238 , 246 physical specifications 396 PIN method, WPS 124 pinging checking connections 375 responding on Intern.
421 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLANs 56 – 63 wireless security 112 , 115 – 119 protection from common attacks 166 – 169 protocols compatibilities 396 RIP 13 service numbers 172 traffic volume by protocol 349 PSK. See pre-sha red key .
422 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security lock receptacle 18 Security Parameters Index (SPI) 236 security profiles, wireless creating and configuring 115 – 119 described 11.
423 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N status, viewing 356 – 363 updating firmw are 34 3 T table buttons (web management interface) 23 tabs, submenu (web management interface) 23.
424 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N V vendor class identifier (VCI) 34 version, SNMP 337 videoconferencing DMZ port 86 from restricted address (rule example) 160 violations, IP/MAC binding 186 – 188 virtual LAN.
425 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N testing 127 wireless equipment, placement and rang e 107 wireless mode 109 wireless networ k name (SSID) broadcasting 11 7 broadcasting and s.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté NETGEAR FVS318N c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du NETGEAR FVS318N - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation NETGEAR FVS318N, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le NETGEAR FVS318N va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le NETGEAR FVS318N, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du NETGEAR FVS318N.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le NETGEAR FVS318N. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei NETGEAR FVS318N ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.