NETGEAR DGFV338 User Manual
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
April 2007
202-10161-01
v1.0
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Technical Support
Please register to obtain technical support. Please retain your proof of purchase and warranty information.
To register your product, get product support or obtain product information and product documentation, go to
http://www.NETGEAR.com
out the registration card and mailing it to NETGEAR customer service.
You will find technical support information at: http://www.NETGEAR.com/
want to contact technical support by telephone, see the support information card for the correct telephone number for
your country.
© 2007 by NETGEAR, Inc. All rights reserved.
. If you do not have access to the World Wide Web, you may register your product by filling
through the customer service area. If you
Trademarks
NETGEAR and the NETGEAR logo are registered trademarks and ProSafe is a trademark of NETEAR, Inc. Microsoft,
Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are
registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice:
Radio Frequency Notice
ProSafe Wireless ADSL Modem VPN Firewall Router
Tested to Comply
with FCC Standards
FOR HOME OR OFFICE USE
FCC ID: PY305300022
This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operation.
Placement and Range Guidelines
Indoors, computers can connect over 802.11 wireless networks at a maximum range of 500 feet (152.4 m) for 802.11b
devices. However, the operating distance or range of your wireless connection can vary significantly, based on the
physical placement of the wireless access point.
For best results, identify a location for your wireless access point according to these guidelines:
ii
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
• Away from potential sources of interference, such as PCs, large metal surfaces, microwaves, and 2.4 GHz cordless
phones.
• In an elevated location such as a high shelf that is near the center of the wireless coverage area for all mobile
devices.
Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to
the wireless access point.
To meet FCC and other national safety guidelines for RF exposure, the antennas for this device must be installed to
ensure a minimum separation distance of 20cm (7.9 in.) from persons. Further, the antennas shall not be collocated with
other transmitting structures.
FCC Statement
DECLARATION OF CONFORMITY
4500 Great America Parkway
Santa Clara, CA 95054, USA
declare under our sole responsibility that the product(s)
DGFV338 (Model Designation)
ProSafe Wireless ADSL Modem VPN Firewall Router (Product Name)
complies with Part 15 of FCC Rules.
Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this
device must accept any interference received, including interference that may cause undesired operation
To assure continued compliance, any changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate this equipment. (Example - use only shielded interface cables
when connecting to computer or peripheral devices)
We Netgear,
Tel: +1 408 907 8000
FCC Requirements for Operation in the United States
Radio Frequency Interference Warnings & Instructions
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide rea sonable protection against harmful interference in a residential
installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
and correct the interference by one or more of the following measures:
• Reorient or locate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
v1.0, April 2007
iii
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Europe – EU Declaration of Conformity
Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the
European Union (1999/5/EC). This equipment meets the following conformance standards:
EN300 328, EN301 489-17, EN60950Europe – Declaration of Conformit y in Languages of the
European Community
Èesky [Czech] NETGEAR Inc. tímto prohlašuje, _e tento Radiolan je ve shodě se základními po_adavky
a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Dansk [Danish] Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder
de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch
[German]
Eesti [Estonian] Käesolevaga kinnitab NETGEAR Inc. seadme Radiolan vastavust direktiivi 1999/5/EÜ
English Hereby, NETGEAR Inc., declares that this Radiolan is in compliance with the essential
Español
[Spanish]
ЕллзнйкЮ
[Greek]
Français
[French]
Italiano [Italian] Con la presente NETGEAR Inc. dichiara che questo Radiolan è conforme ai requisiti
Latviski [Latvian] Ar šo NETGEAR Inc. deklarē, ka Radiolan atbilst Direktīvas 1999/5/EK bū
Lietuviø
[Lithuanian]
Nederlands
[Dutch]
Malti [Maltese] Hawnhekk, NETGEAR Inc., jiddikjara li dan Radiolan jikkonforma mal-htigijiet essenzjali
Magyar
[Hungarian]
Polski [Polish] Niniejszym NETGEAR Inc. oświadcza, że Radiolan jest zgodny z zasadniczymi
Hiermit erklärt NETGEAR Inc., dass sich das Gerät Radiolan in Übereinstimmung mit
den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der
Richtlinie 1999/5/EG befindet.
põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.
requirements and other relevant provisions of Directive 1999/5/EC.
Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los
requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ NETGEAR Inc. ΔΗΛΩΝΕΙ ΟΤΙ Radiolan ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ
ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ
1999/5/ΕΚ.
Par la présente NETGEAR Inc. déclare que l'appareil Radiolan est conforme aux
exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
tiskajām
prasībām un citiem ar to saistītajiem noteikumiem.
Šiuo NETGEAR Inc. deklaruoja, kad šis Radiolan atitinka esminius reikalavimus ir kitas
1999/5/EB Direktyvos nuostatas.
Hierbij verklaart NETGEAR Inc. dat het toestel Radiolan in overeenstemming is met de
essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
u ma provvedimenti ohrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Alulírott, NETGEAR Inc. nyilatkozom, hogy a Radiolan megfelel a vonatkozó alapvetõ
követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
iv
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Português
[Portuguese]
Slovensko
[Slovenian]
Slovensky
[Slovak]
Suomi [Finnish] NETGEAR Inc. vakuuttaa täten että Radiolan tyyppinen laite on direktiivin 1999/5/EY
Svenska
[Swedish]
Íslenska
[Icelandic]
Norsk
[Norwegian]
NETGEAR Inc. declara que este Radiolan está conforme com os requisitos essenciais e
outras disposições da Directiva 1999/5/CE.
NETGEAR Inc. izjavlja, da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi
relevantnimi določili direktive 1999/5/ES.
NETGEAR Inc. týmto vyhlasuje, _e Radiolan spĺňa základné po_iadavky a všetky
príslušné ustanovenia Smernice 1999/5/ES.
oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Härmed intygar NETGEAR Inc. att denna Radiolan står I överensstämmelse med de
väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv
1999/5/EG.
Hér með lýsir NETGEAR Inc. yfir því að Radiolan er í samræmi við grunnkröfur og aðrar
kröfur, sem gerðar eru í tilskipun 1999/5/EC.
NETGEAR Inc. erklærer herved at utstyret Radiolan er i samsvar med de grunnleggende
krav og øvrige relevante krav i direktiv 1999/5/EF.
Countries of Operation & Conditions of Use in the European Community
This device is intended to be operated in all countries of the European Community. Requirements for indoor vs. outdoor
operation, license requirements and allowed channels of operation apply in some countries as described below.
Note: The user must use the configuration utility provided with this product to ensure the channels of operation
are in conformance with the spectrum usage rules for European Community countries as described below.
This device requires that the user or installer properly enter the current country of operation in the Radio Settings
menu as described in the Reference Manual, before operating this device.
This device will automatically limit the allowable channels determined by the current country of operation. Incorrectly
entering the country of operation may result in illegal operation and may cause harmful interference to other system. The
user is obligated to ensure the device is operating according to the channel limitations, indoor/outdoor restrictions and
license requirements for each European Community country as described in this document.
This device employs a radar detection feature required for European Community operation in the 5GHz band. This
feature is automatically enabled when the country of operation is correctly configured for any European Community
country. The presence of nearby radar operation may result in temporary interruption of operation of this device. The
radar detection feature will automatically restart operation on a channel free of radar.
The 5GHz Turbo Mode feature is not allowed for operation in any European Community country. The current setting
for this feature is found in the 5GHz Radio Configuration Window as described in the user guide.
This device may be operated indoors or outdoors in all countries of the European Community using the 2.4GHz band:
Channels 1 – 13, except where noted below:
•In Italy the end-user must apply for a license from the national spectrum authority to operate this device outdoors.
•In France outdoor operation is only permitted using the 2.4 – 2.454 GHz band: Channels 1 – 7.
• Belgium requires notifying spectrum agency if deploying >300meter wireless links in outdoor public areas using
2.4GHz band.
v1.0, April 2007
v
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
European Spectrum Usage Rules - Effective April 11, 2006
5.15-5.25 (GHz)
Country
Channels:
36,40,44,48
ALL EC
Countries
Belgium Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor!
France
Greece Indoor Only Indoor Only Indoor Only Indoor Only
Italy
Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor
Indoor Only Indoor Only Indoor or Outdoor Indoor Ch. 1-13
Indoor Only Indoor Only Indoor
5.25-5.35
(GHz)
Channels:
52,56,60,64
5.47-5.725 (GHz)
Channels:
100,104,108,112,116,
120,124,128,132,136,140
(Outdoor w/License)
2.4-2.4835 (GHz)
Channels: 1 to 13
(Except Where Noted)
Outdoor 1-7 Only
Indoor (Outdoor w/
License)
Turbo Mode
AdHoc Mode Not Allowed Same 2.4 GHz rules as
Not Allowed in 5GHz Same 2.4 GHz rules as
above
above
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das ProSafe Wireless ADSL Modem VPN Firewall Router gemäß der im BMPTAmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben
einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die
Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the ProSafe Wireless ADSL Modem VPN Firewall Router has been suppressed in accordance
with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for
example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please
refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference.
Read instructions for correct handling.
vi
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Additional Copyrights
AES Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
All rights reserved.
TERMS
Redistribution and use in source and binary forms, with or without modification, are permitted
subject to the following conditions:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. The copyright holder's name must not be used to endorse or promote any products
derived from this software without his specific prior written permission.
This software is provided 'as is' with no express or implied warranties of correctness or fitness
for purpose.
v1.0, April 2007
vii
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions * are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the
following acknowledgment: “This product includes software developed by the OpenSSL
Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)”
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or
promote products derived from this software without prior written permission. For written
permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL"
appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This
product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
viii
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this
software or this function. License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data Security, Inc. MD5 MessageDigest Algorithm" in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of
this software or the suitability of this software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this documentation and/or
software.
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any
documentation, advertising materials, and other materials related to such distribution and use
acknowledge that the software was developed by Carnegie Mellon University. The name of
the University may not be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Zlib zlib.h -- interface of the 'zlib' general purpose compression library version 1.1.4, March 11th,
2002. Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler.
This software is provided 'as-is', without any express or implied warranty. In no event will the
authors be held liable for any damages arising from the use of this software. Permission is
granted to anyone to use this software for any purpose, including commercial applications,
and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote
the original software. If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented
as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly: jloup@gzip.org; Mark Adler: madler@alumni.caltech.edu
The data format used by the zlib library is described by RFCs (Request for Comments) 1950
to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
and rfc1952.txt (gzip format)
(zlib format), rfc1951.txt (deflate format)
v1.0, April 2007
ix
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Product and Publication Details
Model Number: DGFV338
Publication Date: April 2007
Product Family: Wireless Firewall
Product Name: ProSafe Wireless ADSL Modem VPN Firewall Router
Home or Business Product: Business
Language: English
Publication Part Number: 202-10161-01
Publication Version Number 1.0
x
v1.0, April 2007
Contents
About This Manual
Conventions, Format and Scope ....................................................................................xvii
How to Use This Manual ............................................................................................... xviii
How to Print this Manual ................................................................................................xviii
Chapter 1
Introduction
Key Features of the NETGEAR ProSafe DGFV338 .......................................................1-1
Full Routing on Both the ADSL and 10/100 WAN Port ............................................1-2
A Powerful, True Firewall with Content Filtering ......................................................1-2
Security ....................................................................................................................1-3
Virtual Private Networking (VPN) .............................................................................1-3
Autosensing Ethernet Connections with Auto Uplink ...............................................1-3
Extensive Protocol Support ......................................................................................1-4
Easy Installation and Management ..........................................................................1-4
Maintenance and Support ........................................................................................1-5
System Requirements ....................................................................................................1-5
Package Contents ..........................................................................................................1-6
Hardware Description .....................................................................................................1-6
Router Front Panel ...................................................................................................1-6
Router Rear Panel ...................................................................................................1-8
Router Login Factory Defaults ........................................................................................1-9
Placement of your NETGEAR ProSafe DGFV338 .......................................................1-10
Chapter 2
Basic Installation and Configuration
Using ADSL Microfilters (optional) ..................................................................................2-2
Logging in and Configuring your Internet Connection ....................................................2-3
Configuring Your Internet Connection using Auto Detect .........................................2-4
Manually Configuring your ADSL Connection ..........................................................2-6
Manually Configuring your Ethernet Connection ......................................................2-8
v1.0, March 2007
xi
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Selecting Advanced Options for your Ethernet or ADSL Connection ....................2-10
Configuring the WAN Mode ..........................................................................................2-14
Configuring Dynamic DNS (If Needed) ..................................................................2-17
Programming the Traffic Meter ...............................................................................2-20
Chapter 3
Wireless Configuration
Implementing Wireless Security .....................................................................................3-1
Understanding Wireless Settings ...................................................................................3-3
Wireless LANs ..........................................................................................................3-4
Access Control List ..................................................................................................3-6
Wireless Advanced Options .....................................................................................3-7
WEP and WPA/WPA2 Wireless Security Check List Form .............................................3-8
Configuring Your Wireless Settings ................................................................................3-9
Configuring WEP ....................................................................................................3-10
Configuring WPA-PSK ...........................................................................................3-12
Configuring WPA2-PSK .........................................................................................3-13
Configuring WPA-PSK and WPA2-PSK .................................................................3-14
Configuring WPA with RADIUS ..............................................................................3-15
Configuring WPA2 with RADIUS ............................................................................3-16
Configuring WPA and WPA2 with RADIUS ............................................................3-17
Restricting Wireless Access by MAC Address .......................................................3-18
Chapter 4
Security and Firewall Protection
Firewall Protection and Content Filtering Overview ........................................................4-1
Using Rules to Block or Allow Specific Kinds of Traffic ..................................................4-1
About Service Based Rules .....................................................................................4-2
Outbound Rules (Service Blocking) .........................................................................4-3
Inbound Rules (Port Forwarding) .............................................................................4-7
Order of Precedence for Rules ..............................................................................4-17
Customized Services .............................................................................................4-17
Quality of Service (QoS) Priorities .........................................................................4-19
Attack Checks ........................................................................................................4-20
Managing Groups and Hosts ........................................................................................4-21
Blocking Internet Sites ...........................................................................................4-24
Enabling Source MAC Filtering ..............................................................................4-27
xii
v1.0, March 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Setting up Port Triggering ......................................................................................4-28
Setting a Schedule to Block or Allow Specific Traffic .............................................4-31
Event Logs and Alerts ..................................................................................................4-32
Security and Administrator Management .....................................................................4-35
Chapter 5
Virtual Private Networking
Dual WAN Port Systems .................................................................................................5-1
Setting up a VPN Connection using the VPN Wizard .....................................................5-2
VPN Tunnel Policies .......................................................................................................5-5
IKE Policy .................................................................................................................5-5
VPN Policy ...............................................................................................................5-7
VPN Tunnel Connection Status ................................................................................5-8
Creating a VPN Connection: Between FVX538 and DGFV338 .....................................5-9
Configuring the ProSafe DGFV338 ..........................................................................5-9
Configuring the FVX538 .........................................................................................5-14
Testing the Connection ...........................................................................................5-15
Creating a VPN Client Connection: VPN Client to DGFV338 .......................................5-15
Configuring the DGFV338 ......................................................................................5-15
Configuring the VPN Client ....................................................................................5-17
Testing the Connection ...........................................................................................5-21
Certificate Authorities ...................................................................................................5-22
Generating a Self Certificate Request ....................................................................5-23
Uploading a Trusted Certificate ..............................................................................5-25
Managing your Certificate Revocation List (CRL) ..................................................5-25
Extended Authentication (XAUTH) Configuration .........................................................5-26
Configuring XAUTH for VPN Clients ......................................................................5-27
User Database Configuration .................................................................................5-29
RADIUS Client Configuration .................................................................................5-30
Manually Assigning IP Addresses to Remote Users (ModeConfig) .............................5-32
Mode Config Operation ..........................................................................................5-32
Configuring the ProSafe DGFV338 ........................................................................5-33
Configuring the ProSafe VPN Client for ModeConfig .............................................5-36
Chapter 6
Router and Network Management
Performance Management .............................................................................................6-1
v1.0, March 2007
xiii
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Wireless Firewall Features That Reduce Traffic ......................................................6-1
Wireless Firewall Features That Increase Traffic .....................................................6-4
Using QoS to Shift the Traffic Mix ............................................................................6-6
Tools for Traffic Management ...................................................................................6-7
Administrator and Guest Access Authorization ..............................................................6-7
Changing the Passwords and Login Time-out .........................................................6-7
Enabling Remote Management Access ...................................................................6-8
Command Line Interface ........................................................................................6-10
Event Alerts .................................................................................................................. 6-11
Traffic Limits Reached ............................................................................................ 6-11
Monitoring .....................................................................................................................6-12
Router Status .........................................................................................................6-12
WAN Ports ..............................................................................................................6-14
Internet Traffic ........................................................................................................6-15
LAN Ports and Attached Devices ...........................................................................6-17
Firewall Security .....................................................................................................6-19
VPN Tunnels ..........................................................................................................6-21
Using a SNMP Manager ........................................................................................6-22
Diagnostics .............................................................................................................6-24
Configuration File Management ...................................................................................6-26
Settings Backup and Firmware Upgrade ...............................................................6-26
Setting the Time Zone ............................................................................................6-29
Chapter 7
LAN Configuration
Using the Firewall as a DHCP server .............................................................................7-1
Configuring the LAN Setup Options .........................................................................7-2
Using Address Reservation ......................................................................................7-3
Configuring Multi Home LAN IPs .............................................................................7-4
Configuring Static Routes ...............................................................................................7-7
Adding or Editing a Static Route ..............................................................................7-7
Routing Information Protocol (RIP) ..........................................................................7-8
Static Route Example .............................................................................................7-10
Enabling Universal Plug and Play (UPnP) ....................................................................7-10
xiv
v1.0, March 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Chapter 8
Troubleshooting
Basic Functions ..............................................................................................................8-1
Power LED Not On ...................................................................................................8-1
LEDs Never Turn Off ................................................................................................8-2
LAN or Internet Port LEDs Not On ...........................................................................8-2
Troubleshooting the Web Configuration Interface ..........................................................8-2
Troubleshooting the ISP Connection ..............................................................................8-3
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................8-5
Testing the LAN Path to Your Firewall ......................................................................8-5
Testing the Path from Your PC to a Remote Device ................................................8-6
Restoring the Default Configuration and Password ........................................................8-7
Problems with Date and Time .........................................................................................8-7
Appendix A
Default Settings and Technical Specifications
Default Factory Settings ................................................................................................ A-1
Technical Specifications ................................................................................................. A-3
Appendix B
Related Documents
Index
v1.0, March 2007
xv
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
xvi
v1.0, March 2007
About This Manual
The DGFV338 ProSafe™ Wireless ADSL Modem VPN Firewall Router Reference Manual
describes how to install, configure and troubleshoot the ProSafe Wireless ADSL Modem VPN
Firewall Router. The information is this manual is intended for readers with intermediate computer
and Internet skills.
Conventions, Format and Scope
The conventions, formats, and scope of this manual are described in the following paragraphs:
• Typographical Conventions. This guide uses the following typographical conventions:
Italics Emphasis, books, CDs, URL names
Bold User input
Fixed Screen text, file and server names, extensions, commands, IP addresses
• Formats. This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Tip: This format is used to highlight a procedure that will save time or resources.
Warning: Ignoring this type of note may result in a malfunction or damage to the
equipment.
Danger: This is a safety warning. Failure to take heed of this notice may result in
personal injury or death.
v1.0, April 2007
xvii
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
• Scope. This manual is written for the W ireless ADSL Router according t o these specifications:
Product Version ProSafe Wireless ADSL Modem VPN Firewall Router
Manual Publication Date April 2007
For more information about network, Internet, firewall, and VPN technologies, see the links to the
NETGEAR website in Appendix B, “Related Documents”
Note: Product updates are available on the NETGEAR, Inc. Web site at
http://kbserver.netgear.com/products/DGFV338.asp.
How to Use This Manual
The HTML version of this manual includes the following:
• Buttons, and , for browsing forwards or backwards through the manual one page
at a time
• A button that displays the table of contents and an button. Double-click on a
link in the table of contents or index to navigate directly to where the topic is described in the
manual.
• A button to access the full NETGEAR, Inc. online knowledge base for the product
model.
• Links to PDF versions of the full manual and individual chapters.
How to Print this Manual
T o print this manual you can choose one of the following several options, according to your needs.
Your computer must have the free Adobe Acrobat Reader installed in order to view and print PDF
files. The Acrobat Reader is available on the Adobe website at http://www.adobe.com.
• Printing a Page in the HTML View. Each page in the HTML version of the manual is
dedicated to a major topic. Use the Print button on the browser toolbar to print the page
contents.
• Printing a Chapter. Use the PDF of This Chapter link at the top left of any page.
xviii
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
– Click the PDF of This Chapter link at the top right of any page in the chapter you want to
print. The PDF version of the chapter you were viewing opens in a browser window.
– Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can
save paper and printer ink by selecting this feature.
• Printing the Full Manual. Use the Complete PDF Manual link at the top left of any page.
– Click the Complete PDF Manual link at the top left of any page in the manual. The PDF
version of the complete manual opens in a browser window.
– Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can
save paper and printer ink by selecting this feature.
v1.0, April 2007
xix
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
xx
v1.0, April 2007
Chapter 1
Introduction
This chapter describes the features of the ProSafe™ Wireless ADSL Modem VPN Firewall
Router. It also includes the minimum prerequisites for installation (“System Requirements” on
page 1-5.), what’s in the box (“Package Contents” on page 1-6) and a description of the front and
back panels of the DGFV338 (“Hardware Description” on page 1-6). The location of the default
settings to log in to the router is presented in “Router Login Factory Defaults” on page 1-9 and
suggestions on placement of your router to achieve maximum wireless range are in “Placement of
your NETGEAR ProSafe DGFV338” on page 1-10.
Key Features of the NETGEAR ProSafe DGFV338
The NETGEAR ProSafe DGFV338 with eight-port switch connects your local area network
(LAN) to the Internet through an internal ADSL modem or through the Ethernet port via an
external modem. It provides wireless LAN connectivity operating at 2.4GHz (802.11b/g).
The NETGEAR ProSafe DGFV338 has a built-in Stateful Packet Inspection Firewall (SPI)
preventing Denial of Service attacks and provides Internet access for up to 253 users. The
NETGEAR ProSafe DGFV338 provides you with multiple Web content filtering options, plus
browsing activity reporting and instant alerts—both, via e-mail. Network administrators can
establish restricted access policies based on time-of-day, Website addresses and address keywords,
and share high-speed cable/DSL Internet access for a local network.
With minimum setup, you can install and use the firewall within minutes.
The NETGEAR ProSafe DGFV338 provides the following features:
• An internal ADSL modem supporting Annex A or Annex B (depending upon region).
• One 10/100 Mbps Ethernet WAN port.
• 802.11g, 802.11b, 802.11g/b, or Auto 108Mbps.
• Support for up to 50 IPSec VPN tunnels.
• Easy, web-based setup for installation and management.
• URL keyword Content Filtering and Site Blocking Security.
• Quality of Service (QoS) support for traffic prioritization.
• Built in 8-port 10/100 Mbps switch.
Introduction 1-1
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
• Extensive Protocol Support.
• SNMP for manageability.
• Front panel LEDs for easy monitoring of status and activity.
• Flash memory for firmware upgrade.
• Auto Sensing and Auto Uplink™
Full Routing on Both the ADSL and 10/100 WAN Port
You can install, configure, and operate the DGFV338 to take full advantage of a variety of routing
options on both the DSL and broadband WAN ports, including:
• Internet access via either the internal ADSL modem or through the Ethernet port connected to
an external modem.
• Auto Rollover Mode between the internal ADSL modem and the external 10/100 ethernet
WAN port. If the primary connection fails, the DGFV338 can automatically establish a backup
connection via the secondary connection.
A Powerful, True Firewall with Content Filtering
DGFV338 is a true firewall, using stateful packet inspection to defend against attacks. Its firewall
features include:
• DoS protection. Automatically detects and thwarts DoS attacks such as Ping of Death, SYN
Flood, LAND Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs security incidents. The DGFV338 will log security events such as blocked incoming
traffic, attacks, and administrator logins. Y ou can configure the firewall to email the log to you
at specified intervals. You can also configure the firewall to send immediate alert messages to
your email address or email pager whenever a significant event occurs.
• With its URL keyword filtering feature, the DGFV338 prevents objectionable content from
reaching your PCs. The firewall allows you to control access to Internet content by screening
for keywords within Web addresses. You can configure the firewall to log and report attempts
to access objectionable Internet sites.
1-2 Introduction
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security
The NETGEAR ProSafe DGFV338 is equipped with several features designed to maintain
security, as described in this section.
• PCs Hidden by NAT. NAT opens a temporary path to the Internet for requests originating
from the local network. Requests originating from outside the LAN are discarded, preventing
users outside the LAN from finding and directly accessing the PCs on the LAN.
• Port Forwarding with NAT. Although NAT prevents Internet locations from directly
accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific
PCs based on the service port number of the incoming request. You can specify forwarding of
single ports or ranges of ports.
• Exposed Host (Software DMZ). Incoming traffic from the Internet is normally discarded by
the firewall unless the traffic is a response to one of your local computers or a service for
which you have configured an inbound rule. Instead of discarding this traffic, you can have it
forwarded to one computer on your network.
Virtual Private Networking (VPN)
The NETGEAR ProSafe DGFV338 provides a secure encrypted connection between your local
area network (LAN) and remote networks or clients. It includes the following VPN features:
• Supports 50 IPSec VPN tunnels.
• Supports industry-standard VPN protocols – The DGFV338 supports standard Manual or IKE
keying methods, standard MD5 and SHA-1 authentication methods, and stand ard DES, 3 DES
and AES encryption methods.
• Supports 256-bit AES encryption for maximum security.
• The VPN Wizard configuration is based on the Virtual Private Network Consortium (VPNC)
recommended settings.
Autosensing Ethernet Connections with Auto Uplink
With its internal 8-port 10/100 switch, the DGFV338 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are
autosensing and capable of full-duplex or half-duplex operation.
Introduction 1-3
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
The firewall incorporates Auto Uplink technology. Each Ethernet port will automatically sense
whether the Ethernet cable plugged into the port should have a “normal” connection such as to a
PC or an “uplink” connection such as to a switch or hub. That port will then configure itself to the
correct configuration. This feature also eliminates the need to worry about crossover cables, as
Auto Uplink will accommodate either type of cable to make the right connection.
Extensive Protocol Support
The NETGEAR ProSafe DGFV338 supports the Transmission Control Protocol/Internet Protocol
(TCP/IP) and Routing Information Protocol
• IP Address Sharing by NAT. The DGFV338 allows several networked PCs to share an
Internet account using only a single IP address, which may be statically or dynamically
assigned by your Internet service provider (ISP). This technique, known as NAT, allows the
use of an inexpensive single-user ISP account.
• Automatic Configuration of Attached PCs by DHCP. The DGFV338 dynamically assigns
network configuration information, including IP, gateway, and domain name server (DNS)
addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol
(DHCP). This feature greatly simplifies configuration of PCs on your local network.
• DNS Proxy. When DHCP is enabled and no DNS addresses are specified, the firewall
provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS
addresses from the ISP during connection setup and forwards DNS requests from the LAN.
(RIP).
• PPP over Ethernet (PPPoE). PPPoE is a protocol for connecting remote hosts to the Internet
over a DSL connection by simulating a dial-up connection. This feature eliminates the need to
run a login program such as EnterNet or WinPOET on your PC.
• PPP over ATM (PPPoA). PPPoA is an asynchronous point-to-point protocol for connecting
to the Internet over ADSL.
Easy Installation and Management
You can install, configure, and operate the ProSafe Wireless ADSL Modem VPN Firewall Router
within minutes after connecting it to the network. The following features simplify installation and
management tasks:
• Browser-based management. Browser-based configuration allows you to easily configure
your firewall from almost any type of personal computer, such as Windows, Macintosh, or
Linux. A user-friendly Setup Wizard is provided and online help documentation is built into
the browser-based Web Management Interface.
1-4 Introduction
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
• Smart Wizard. The NETGEAR ProSafe DGFV338 automatically senses the type of Internet
connection, asking you only for the information required for your type of ISP account.
• VPN Wizard. The NETGEAR ProSafe DGFV338 includes the NETGEAR VPN Wizard to
easily configure VPN tunnels according to the recommendations of the Virtual Private
Network Consortium (VPNC) to ensure the VPN tunnels are interoperable with other VPNCcompliant VPN routers and clients.
• SNMP. The NETGEAR ProSafe DGFV338 supports the Simple Network Management
Protocol (SNMP) to let you monitor and manage resources from an SNMP-compliant system
manager. The SNMP system configuration lets you change the system variables for MIB2.
• Diagnostic functions. The firewall incorporates built-in diagnostic functions such as Ping,
Packet Capture, DNS lookup, and remote reboot.
• Remote management. The firewall allows you to securely log in to the Web Management
Interface from a remote location on the Internet. For additional security, you can limit remote
management access to a specified remote IP address or range of addresses, and you can choose
a nonstandard port number.
• Visual monitoring. The front panel LEDs of the NETGEAR ProSafe DGFV338 provide an
easy way to monitor its status and activity.
Maintenance and Support
NETGEAR offers the following features to help you maximize your use of the NETGEAR
ProSafe DGFV338:
• Flash memory for firmware upgrade
• On-line technical support and telephone support for registered products.
System Requirements
Before installing the DGFV338, make sure your system meets these requirements:
• The Category 5 UTP straight through Ethernet cable with RJ-45 connector included in the
package, or one like it
• A 100-240 V, 50-60 HZ AC power source.
• Cable, DSL, Satellite or Wireless Broadband modem (for Ethernet connection).
• Internet service.
• ADSL service (for ADSL connectivity).
Introduction 1-5
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
• A Web browser for configuration such as Mozilla Firefox, Microsoft Internet Explorer 5.0 or
above, or Netscape Navigator 7.2 or above.
• Network card for each connected PC.
• Network Software (for example, Windows).
Package Contents
The product package should contain the following items:
• ProSafe Wireless ADSL Modem VPN Firewall Router.
•AC power adapter.
• Two 2.4 GHz wireless antennas.
• ADSL Microfilter (UK only)
• Category 5 Ethernet cable.
• Telephone cable with RJ -11 connector
• Resource CD, including:
– Application Notes and other helpful information.
– ProSafe VPN Client Software; one user license.
• Warranty and Support Information Card.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the firewall for repair.
Hardware Description
This section describes the front and rear hardware functions of the wireless ADSL firewall.
Router Front Panel
The ProSafe Wireless ADSL Modem VPN Firewall Router front panel shown below contains the
power and test LEDs, Internet status LEDs, and the LAN status LEDs.
1-6 Introduction
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
1
2
3
4
Figure 1-1
The table below describes each item on the front panel and its operation.
Table 0-1. Object Descriptions
Nos. LEDs Activity Description
1 Power - 1 On (Green)
Off
2 Test - 2 On (Amber)
Blinking (Amber)
Off
3 Internet
LEDs
4 WLAN On (Green)
Link/Act LED
On (Green)
Blinking (Green)
Off
100 LED
On (Green)
Off
DSL LED
On (Green)
Blinking (Green)
Off
Blinking (Green)
Off
Power is supplied to the gateway
Power is not supplied to the gateway.
Test mode: The system is initializing or the initialization has failed.
Writing to Flash memory (during upgrading or resetting to defaults).
The system has booted successfully.
The WAN port has detected a link with a connected Ethernet device.
Data is being transmitted or received by the WAN port.
The WAN port has no link.
The WAN port is operating at 100 Mbps.
The WAN port is operating at 10 Mbps.
The DSL modem has detected a link with the Internet.
Data is being transmitted or received.
The DSL modem has no connection.
A wireless connection is detected.
Data is being transmitted or received.
No link is detected or the radio is disabled.
5
Introduction 1-7
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Table 0-1. Object Descriptions (continued)
Nos. LEDs Activity Description
5 Local
LEDs
Link/Act LED
On (Green)
Blinking (Green)
Off
100 LED
On (Green)
Off
The LAN port has detected a link with a connected Ethernet device.
Data is being transmitted or received by the LAN port.
The LAN port has no link.
The LAN port is operating at 100 Mbps.
The LAN port is operating at 10 Mbps.
Router Rear Panel
The rear panel of the ProSafe W ireles s ADSL Modem VPN Firewall Rou ter (Figure 1-2) contains
the AC power connection; LAN, Ethernet and DSL port; and the reset button.
1
Figure 1-2
2
3
4
5
1
Viewed from left to right, the rear panel contains the following elements:
1. Wireless antenna. Two 2.4 GHz antennas attach to either end of the NETGEAR ProSafe
DGFV338.
2. DC Power connection (12VDC, 1.5A). Provides power to the gateway when the power
supply is attached.
3. Local LAN ports. An 8-port RJ-45 10/100 Mbps Fast Ethernet Switch, N-way automatic
speed negotiation, auto MDI/MDIX.
4. Ethernet port. serves as the 10/100 WAN port connection to an external modem. One RJ-45
WAN port, N-way automatic speed negotiation, Auto MDI/MDIX.
5. ADSL port. Serves as the direct WAN DSL connection to the Internet from the internal ADSL
modem via a telephone cable.
1-8 Introduction
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Router Login Factory Defaults
Check the label on the bottom of the DGFV338’s enclosure if you forget the following factory
default information:
• IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN
•User name: admin
• Password: password
LAN IP Address
User Name
Password
Figure 1-3
To log in to the DGFV338 once it is connected:
1. Open a Web browser.
2. Enter http://192.168.1.1 as the URL.
http://192.168.1.1
Figure 1-4
3. Once you get the login screen (Figure 1-5), enter the following information:
• admin for User Name
• password for Password
Introduction 1-9
v1.0, April 2007
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
.
Figure 1-5
For a complete list of the factory default settings of your NETGEAR ProSafe DGFV338, see
Appendix A, “Default Settings and Technical Specifications”
Placement of your NETGEAR ProSafe DGFV338
Note: Failure to follow these guidelines can result in significant performance degradation
or inability to wirelessly connect to the wireless ADSL firewall.
The operating distance or range of your wireless connection can vary significantly bas ed on the
physical placement of NETGEAR ProSafe DGFV338. The latency, data throughput performance,
and notebook power consumption also vary depending on your configuration choices. For best
results, place your wireless ADSL firewall:
• Near the center of the area in which your PCs will operate.
• In an elevated location, such as a high shelf where the wireless-connected PCs have line-ofsight access (even if through walls). The best location is elevated, such as wall mounted or on
the top of a cubicle, and at the center of your wireless coverage area for all the mobile devices.
• Away from potential sources of interference, such as PCs, microwaves and cordless phones.
• With the antenna tight and in an upright position.
• Away from large metal surfaces.
1-10 Introduction
v1.0, April 2007
Loading...