Netgear FVG318 Reference Guide

24/7

T E C H N I C A L

S U P P O R T*

*

ProSafe Wireless

VPN Firewall 8

FVG318

Up to 8
simultaneous
security
associations
(SAs)

ProSafe VPN

Client Software

VPN01L

Wireless
Card Bus
Adapter

WAG511

Wireless
PCI
Adapter

WAG311

ProSafe
Network
Management
Software

NMS100

Broadband

Modem

Internet

10/100 NIC

FA311

10/100 NIC

FA511

M

o

b

i

l

e

W

o

r

k

f

o

r

c

e

VPN Tunnel encrypts your data

(supports up to 8 tunnels)

25-user Office Wireless VPN Router

ProSafe® 802.11Wireless VPN Firewall 8
with 8-port 10/100 Mbps Switch Data Sheet

FVG318

Five-in-one Wireless and Wired VPN Solutions

This comprehensive and affordable solution offers wired and wireless connectivity and
businessclass protection for small office and remote/branch office users. It combines five
functions in a single, compact package – stateful packet inspection (SPI) firewall, 802.11g
wireless access point, IPsec virtual private network (VPN) appliance, NAT router, and eight­port Fast Ethernet switch. Powerful and standards-based, it delivers both 10 and 100 Mbps
connections for wired devices, plus 802.11b/g devices at speeds up to 108 Mbps. This
complete solution offers high-performance features in a space-saving, easy-to-use design.

Heavy-duty Security

Easy Usability

Expandable

More than just a simple NAT router, the ProSafe FVG318 SPI firewall provides business-class
protection, blocking unwanted users from accessing the network. Wi-Fi Protected Access 2
Enterprise (WPA2) shields wireless communication with the highest available level of
industry-standard encryption and authentication. Comprehensive controls block or filter
unwanted addresses, services, protocols, and URLs, fortifying your network. Up to eight
simultaneous IPsec VPN security association connections protect links between business
locations, encrypting all traffic as it traverses the Internet – perfect for telecommuters and
remote offices. It is VPNC compliant.

The FVG318 is easy to set up and use, with intuitive Smart Wizards™ that help connect to your
ISP and establish VPN connections. SNMP support provides complete remote administration –
perfect for corporate teleworkers, remote offices, and small businesses that can take advantage
of centralized administration. Dynamic DNS capabilities facilitate remote access, cameras,
games, and other hosted services for users with dynamic IP addresses.

The FVG318 works as the foundation for a small network, or integrated into a large one.
Support for DHCP (client and server) and PPPoE facilitates widespread deployment. It is
optimized for NETGEAR’s ProSafe VPN Client Software VPN01L and VPN05L (single and 5-user
license) and ProSafe Network Management Software NMS100. Compatible with other SNMP
management applications, it also supports Windows®, Macintosh®, UNIX®, and Linux®, or any
other TCP/IP based platforms.

1-888-NETGEAR (638-4327)
Email: info@NETGEAR.com

ProSafe® 802.11Wireless VPN Firewall 8 with 8-port 10/100 Mbps Switch FVG318

Ho w t h e F i r e w al l P r oc e s s e s a P a ck e t

Internet

Corporate

Ente ring Fir ewall Leav ing Fire wall

Packe t Proces sed

Agai nst SPI

Stat eful Pack et

Insp ection
Algo rithm

Rando mize Por t Number s

Conn ection I nformat ion

Stat eful Ins pection

Proce ssing I nbound a nd

Outb ound rul es

How a Firewall Processes a Packet

Technical Specifications

System Requirements

•

Cable, DSL, satellite or wireless

–

broadband modem and internet service
Ethernet connectivity from

–

broadband modem
Network card for each connected PC

–

Network software (e.g. Windows)

–

Internet Explorer 5.0 or higher or

–

Netscape Navigator 7.2 or higher
Compatible with IE 7.0 and

–

Windows® Vista™

Wireless

•

Standards: IEEE 802.11g, 54 Mbps,

–

Super-G technology up to 108 Mbps
Antenna: (1) 5dBi, detachable)

–

Physical Interfaces

•

SLAN ports: Eight (8) 10/100Mbps

–

auto-sensing, Auto Uplink™ RJ-45 ports
WAN port: 10/100 Mbps Ethernet RJ-

–

45 port to connect to any broadband
modem, such as DSL or cable

Security Features

•

SPI firewall: Stateful packet inspection

–

(SPI) to prevent notorious denial­of-service (DoS) attacks, intrusion
detection system (IDS) including
logging, reporting and email alerts,
address, service and protocol, Web
URL keyword filtering, prevent replay
attack (reassembly attack), port/service
blocking. Advanced features include
block Java/URL/ActiveX based on
extension, FTP/SMTP/RPC
program filtering.

VPN functionality: Eight (8) dedicated

–

VPN tunnels, Manual key and Internet
Key Exchange Security Association
(IKE SA) assignment with pre-shared
key and RSA/DSA signatures, key life
and IKE lifetime time settings, perfect
forward secrecy (Diffie-Hellman
groups 1 and 2 and Oakley support),
operating modes (main, aggressive,
quick), fully qualified domain name
(FQDN) support for dynamic IP
address VPN connections.

IPsec support: IPsec-based 56-bit

–

(DES), 168-bit (3DES), or 256-bit
(AES) encryption algorithm, MD5 or
SHA-1 hashing algorithm, AH/AH-ESP
support, PKI features with X.509 v.3
certificate support, remote access VPN
(client-to-site), site-to-site VPN, IPsec
NAT traversal (VPN pass-through)

Mode of operation: Many-to-one NAT

–

(LAN to WAN), classical routing,
unrestricted users per port

IP address assignment: Static IP

–

address assignment, internal DHCP
server on LAN, DHCP client on WAN,
PPPoE client support

Performance Features

•

Throughput: Up to 12.5 Mbps

–

WAN-to-LAN, up to 1.2 Mbps for 3DES

Management Features

•

Administration interface: SNMP (v2c)

–

support, Web graphic user interface,
Secure Sockets Layer (SSL)-enabled
remote management, user name and
password protected; secure remote
management support authenticated
through IP address or IP address range
and password; configuration changes/
upgrades through web GUI.

Configuration and upgrades: Upload

–

and download configuration settings,
field upgradeable flash memory

Functions

•

VPN Wizard to simplify configuration

–

of the VPN, Smart Wizard to
automatically detect ISP Address type
(static, dynamic, PPPoE), port range
forwarding, port triggering, exposed
host (DMZ), enable/disable WAN Ping,
DNS proxy, MAC address cloning/
spoofing, Network Time Protocol NTP
support, keyword content filtering,
email alerts, DHCP server (info and
display table), PPPoE login client
support, WAN DHCP client, diagnostic
tools (ping, trace route, other), port/
service/MAC address blocking,
Auto-Uplink on switch ports

Protocol Support

•

Network: IP routing, TCP/IP, UDP,

–

ICMP, PPPoE
IP addressing: DHCP (client and server)

–

Routing: RIPv1, RIPv2 (static routing,

–

dynamic routing)
VPN/security: IPsec (ESP, AH), MD5,

–

SHA-1, DES, 3DES, IKE, PKI, AES

User Support

•

LAN: Up to 253 users

–

WLAN: Up to 64 users

–

Maintenance

•

Save/restore configuration, restore

–

defaults, upgrades via web browser,
display statistics