NETGEAR FVL328 User Guide

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

NETGEAR, Inc.

4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR

M-10144-01
December 2003

M-10144-01

© 2003 by NETGEAR, Inc. All rights reserved. FullManual.

Trademarks

NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc.
Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation.
Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this

document are copyright Intoto, Inc.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.

NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.

EN 55 022 Declaration of Conformance

This is to certify that the FVL328 Prosafe High Speed VPN Firewall is shielded against the generation of radio
interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by
the application of EN 55 022 Class B (CISPR 22).

Certificate of the Manufacturer/Importer

It is hereby certified that the FVL328 Prosafe High Speed VPN Firewall has been suppressed in accordance with the
conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example,
test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the
notes in the operating instructions.

The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.

ii

M-10144-01

Bestätigung des Herstellers/Importeurs

Es wird hiermit bestätigt, daß dasFVL328 Prosafe High Speed VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991
und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B.
Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der
Betriebsanleitung.

Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.

Voluntary Control Council for Interference (VCCI) Statement

This equipment is in the second category (information equipment to be used in a residential area or an adjacent area
thereto), and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines, aimed at preventing radio interference in such residential areas.

When used near a radio or TV receiver , it may become the cause of radio interference.
Read instructions for correct handling.

Technical Support

Refer to the Support Information Card that shipped with your FVL328 Prosafe High Speed VPN Firewall.

World Wide Web

NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL)
http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer
or Netscape are required.

M-10144-01

iii

iv

M-10144-01

Contents

Chapter 1
About This Manual

Audience ................................... ................ ................ ................. ................ ................ .....1-1

Scope .............................................................................................................................1-1

Typographical Conventions ............................................................................................1-2

Special Message Formats ..............................................................................................1-2

Features of the HTML Version of this Manual ................................................................1-3

How to Print this Manual .................................................................................................1-4

Chapter 2
Introduction

About the FVL328 ...........................................................................................................2-1

Summary of New Features in the FVL328 .....................................................................2-1

Key Features ..................................................................................................................2-1

Virtual Private Networking ........................................................................................2-2

A Powerful, True Firewall .........................................................................................2-2

ICSA Small/Medium Business Category ..................................................................2-3

Content Filtering .......................................................................................................2-3

Configurable Auto Uplink™ Ethernet Connection ....................................................2-3

Protocol Support ......................................................................................................2-3

Easy Installation and Management ..........................................................................2-4

What’s in the Box? ..........................................................................................................2-5

The Firewall’s Front Panel .......................................................................................2-6

The Firewall’s Rear Panel ........................................................................................2-7

Chapter 3
Connecting the FVL328 to the Internet

What You Will Need Before You Begin .................................. .... .....................................3-1

LAN Hardware Requirements ..................................................................................3-1

LAN Configuration Requirements ............................................................................3-1

Internet Configuration Requirements ....................................................................... 3-2

Contents i

M-10144-01

Where Do I Get the Internet Configuration Parameters? ..................................3-2

Worksheet for Recording Your Internet Connection Information ..............................3-3

Connecting the FVL328 to Your LAN ..............................................................................3-4

How to Connect the FVL328 to Y our LAN ................................................................3-4

Configuring for a Wizard-Detected Login Account ...................................................3-9

Configuring for a Wizard-Detected Dynamic IP Account .......................................3-11

Configuring for a Wizard-Detected Fixed IP (Static) Account ................................3-12

Testing Your Internet Connection ..................................................................................3-13

Manually Configuring Your Internet Connection ...........................................................3-14

How to Complete a Manual Configuration .............................................................3-15

Chapter 4
WAN and LAN Configuration

Configuring LAN IP Settings ...........................................................................................4-1

Using the Router as a DHCP Server ........................................................................4-2

How to Configure LAN TCP/IP Setup Settings ........................................................4-3

How to Configure Reserved IP Addresses ................... ... .... .....................................4-4

Configuring WAN Settings ..............................................................................................4-4

Connecting Automatically, as Required ...................................................................4-5

Setting Up a Default DMZ Server .............................. ... ... .... ... ... ... .... ... ... ... ...............4-5

How to Assign a Default DMZ Server ......................................................................4-5

Responding to Ping on Internet WAN Port ...............................................................4-6

How to Set the MTU Size .........................................................................................4-6

Configuring Dynamic DNS ..............................................................................................4-6

How to Configure Dynamic DNS ..............................................................................4-7

Using Static Routes ........................................................................................................4-7

Static Route Example ...............................................................................................4-7

How to Configure Static Routes ...............................................................................4-8

Chapter 5
Protecting Your Network

Protecting Access to Your FVL328 Firewall ....................................................................5-1

How to Change the Built-In Password .....................................................................5-1

How to Change the Administrator Login Timeout ....................................................5-2

Configuring Basic Firewall Services ...............................................................................5-2

Blocking Keywords, Sites, and Services ......... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ..5-3

How to Block Keywords and Sites ...........................................................................5-3

ii Contents

M-10144-01

Using Firewall Rules to Regulate Network Traffic ..........................................................5-5

Rules Menu Options .................................................................................................5-6

Using Inbound Rules (Port Forwarding) ...................................................................5-7

Inbound Rule Example: A Local Public Web Server ..........................................5-7

Inbound Rule Example: Videoconferencing from Restricted Addresses .................. 5-9

Considerations for Inbound Rules .....................................................................5-9

Using Outbound Rules (Service Blocking) .............................................................5-10

Outbound Rule Example: Blocking Instant Messenger ...................................5-10

Understanding the Order of Precedence for Rules ................................................5-12

Regulating Access to Network Services .......................................................................5-12

How to Define Services ..........................................................................................5-13

Setting Times and Scheduling Firewall Services ................................................ .......... 5-14

How to Set Your Time Zone ...................................................................................5-14

How to Schedule Firewall Services ........................................................................5-16

Chapter 6
Virtual Private Networking

Overview of FVL328 Policy-Based VPN Configuration ..................................................6-1

Using Policies to Manage VPN Traffic .....................................................................6-1

Using Automatic Key Management ..................................... ................................... .. 6-2

IKE Policies’ Automatic Key and Authentication Management ................................6-3

VPN Policy Configuration for Auto Key Negotiation ..................... ............................ 6-6

VPN Policy Configuration for Manual Key Exchange ...............................................6-9

Using Digital Certificates for IKE Auto-Policy Authentication .......................................6-14

Certificate Revocation List (CRL) ...........................................................................6-14

Walk-Through of Configuration Scenarios ....................................................................6-15

VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets .........................6-15

FVL328 Scenario 1: How to Configure the IKE and VPN Policies .........................6-17

How to Check VPN Connections ...........................................................................6-21

FVL328 Scenario 2: Authenticating with RSA Certificates .....................................6-22

Chapter 7
Managing Your Network

Network Management ....................................................................................................7-1

How to Configure Remote Management ..................................................................7-1

Viewing Router Status and Usage Statistics .................................... ... ... ... ... .... ... ... ..7-3

Viewing Attached Devices ........................................................................................7-5

Contents iii

M-10144-01

Viewing, Selecting, and Saving Logged Information ................................................7-6

Changing the Include in Log Settings ................................................................7-8

Enabling the Syslog Feature .............................................................................7-8

Enabling Security Event E-mail Notification ...................................................................7-9

Backing Up, Restoring, or Erasing Your Settings .........................................................7-10

How to Back Up the FVL328 Configuration to a File ..............................................7-10

How to Restore a Configuration from a File .............................. ............................. 7-11

How to Erase the Configuration .............................................................................7-11

Running Diagnostic Utilities and Rebooting the Router ................................................7-12

Upgrading the Router’s Firmware .................... ......... .......... .......... .......... ......... .......... ...7-13

How to Upgrade the Router ...................................................................................7-14

Chapter 8
Troubleshooting

Basic Functions ..............................................................................................................8-1

Power LED Not On ...................................................................................................8-2

Test LED Never Turns On or Test LED Stays On .....................................................8-2

Local or Internet Port Link LEDs Not On ..................................................................8-3

Troubleshooting the Web Configuration Interface ..........................................................8-3

Troubleshooting the ISP Connection ..............................................................................8-4

Troubleshooting a TCP/IP Network Using a Ping Utility .................................................8-5

How to Test the LAN Path to Your Firewall ..............................................................8-6

How to Test the Path from Your PC to a Remote Device .........................................8-6

Restoring the Default Configuration and Password ............... .........................................8-7

How to Use the Default Reset Button ......................................................................8-7

Problems with Date and Time .........................................................................................8-8

Appendix A
Technical Specifications

Appendix B
Networks, Routing, and Firewall Basics

Related Publications ...................................................................................................... B-1

Basic Router Concepts .................................................................................................. B-1

What is a Router? ................................................................................................... B-1

Routing Information Protocol ................................................................................... B-2

IP Addresses and the Internet ......................................... .... ... ... ... .... ... ... ... ... .... ... ... . B-2

Netmask .................................... ................................................................ ..............B-4

iv Contents

M-10144-01

Subnet Addressing .................................................................................................. B-4

Private IP Addresses ................................. ... ... ... .......................................... ........... B-7

Single IP Address Operation Using NAT ................................................................. B-7

MAC Addresses and Address Resolution Protocol ................................................. B-9

Related Documents ................................................................................................. B-9

Domain Name Server .............................................................................................. B-9

IP Configuration by DHCP ................................. .... ... ... ... .... ... ............................... B-10

Internet Security and Firewalls .................................................................................... B-10

What is a Firewall? .................................................................................................B-11

Stateful Packet Inspection ............................... ... .... ... ... ... .... ... ................................B-11

Denial of Service Attack .........................................................................................B-11

Ethernet Cabling ................................. ... ... .... .......................................... ... ... ... ............ B-12

Uplink Switches and Crossover Cables ................................................................ B-12

Cable Quality ......................................................................................................... B-13

Appendix C
Preparing Your Network

Preparing Your Computers for TCP/IP Networking .. .... ... ... ... .... ... ...... .... ... ... ... ... .... ... ... . C-1

Configuring Windows 95, 98, and Me for TCP/IP Networking ....................................... C-2

Install or V erify Windows Networking Components ................................................. C-2

Enabling DHCP to Automatically Configure TCP/IP Settings .................................C-4

Selecting Windows’ Internet Access Method ................ ......................... ........... C-4

Verifying TCP/IP Properties .................................................................................... C-5

Configuring Windows NT, 2000 or XP for IP Networking .............................. ................. C-5

Installing or Ve rifying Windows Networking Components ................ ... ... ... ... .... ... .... C-5

Verifying TCP/IP Properties .................................................................................... C-6

Configuring the Macintosh for TCP/IP Networking ........................................................ C-6

MacOS 8.6 or 9.x ......................... .......................................... ................................. C-6

MacOS X ...... ...................................... .... ... ... ... ... .... ... ... ....................................... ... . C-7

Verifying TCP/IP Properties for Macintosh Computers ........................................... C-8

Verifying the Readiness of Your Internet Account ......................................................... C-9

Are Login Protocols Used? ..................................................................................... C-9

What Is Your Configuration Information? ................................................................C-9

Obtaining ISP Configuration Information for Windows Computers .......................C-10

Obtaining ISP Configuration Information for Macintosh Computers ..................... C-11

Restarting the Network ................................................................................................C-12

Contents v

M-10144-01

Appendix D
Firewall Log Formats

Action List ...................................................................................................................... D-1

Field List ........................................................................................................................ D-1

Outbound Log ..................................... .......................................... ................................. D-1

Inbound Log ...................................................................................................................D-2

Other IP Traffic ......................................... .... ... ... ... ....................................... ... ... .... ... ... . D-2

Router Operation ........................................................................................................... D-3

Other Connections and Traffic to this Router ................................................................ D-4

DoS Attack/Scan ...........................................................................................................D-4

Access Block Site .......................................................................................................... D-6

All Web Sites and News Groups Visited ........................................................................D-6

System Admin Sessions ................................................................................................ D-6

Policy Administration LOG .............................................................................................D-7

Appendix E
Virtual Private Networking

What is a VPN? ............................................................................................................. E-1

What Is IPSec and How Does It Work? ......................................................................... E-2

IPSec Security Features ................................. ... .... ... ... ... .... ... ................................. E-2

IPSec Components ................................................................................................. E-2

Encapsulating Security Payload (ESP) ................................................................... E-3

Authentication Header (AH) ............................... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... .... E-4

IKE Security Association ........... .......................................... ... ... ... ........................... E-4

Mode ...................................... ...................... .................... ...................... ........... E-5

Key Management .................................................................................................... E-6

Understand the Process Before You Begin .. ................................................................. E-6

VPN Process Overview ......... ... ... .... ... ... ... .......................................... ........................... E-7

Network Interfaces and Addresses ......................................................................... E-7

Interface Addressing ......................................................................................... E-7

Firewalls ........................................................................................................... E-8

Setting Up a VPN Tunnel Between Gateways ........................................................ E-8

VPNC IKE Security Parameters ......... ... ... .... ... ............................................................ E-10

VPNC IKE Phase I Parameters ............................................................................. E-10

VPNC IKE Phase II Parameters .............................................................................E-11

Testing and Troubleshooting .........................................................................................E-11

vi Contents

M-10144-01

Additional Reading .......................... ... ... .......................................... ... .... ... ...................E-11

Appendix F
NETGEAR VPN Configuration
FVS318 or FVM318 to FVL328

Configuration Template ... .... ............................................................................................F-1

Step-By-Step Configuration of FVS318 or FVM318 Gateway A ............................. ........F-2

Step-By-Step Configuration of FVL328 Gateway B ........................................................F-5

Test the VPN Connection .............................................................................................F-10

Appendix G
FVL328 to Windows 2000 Server
and SSH Sentinel VPN Configuration

Configuring FVL328 to Windows 2000 Server VPN ............................................... ... ... .G-1

Windows 2000 Server configuration ...................................... .................................G-1

Create an IP Security Policy called DUT To Win2K ..........................................G-1

Create an IP Filter called To DUT .....................................................................G-3

Create an IP Filter Called To Win2K .................................................................G-7

Configure the General Properties ...................................................................G-12

Configure the FVL328 IKE policy ...................................................................G-14

Configure the FVL328 VPN policy ..................................................................G-15

FVL328 to SSH Sentinel 1.3 Remote VPN .................................................................G-16

Create the FVL328 IKE Policy ........................................................................G-23

Create the FVL328 VPN Policy ......................................................................G-23

Ping a PC to Bring Up the Tunnel ...................................................................G-24

Appendix H
NETGEAR VPN Client
to NETGEAR FVL328 or FWAG114 VPN Router

Configuration Profile ........................................... ... ... .......................................... ...........H-1

Step-By-Step Configuration of FVL328 or FWAG114 Gateway ..................................... H-2

Step-By-Step Configuration of the NETGEAR VPN Client B .........................................H-7

Testing the VPN Connection .. ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... .................................. H-14

From the Client PC to the FVL328 .................. ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... .. H-14

From the FVL328 to the Client PC ......... .......................................... ... ... ... ............H-15

Monitoring the PC VPN Connection ................... ... ... .... ... ... ... .... .................................. H-15

Viewing the FVL328 VPN Status and Log Information ................................................ H-17

Contents vii

M-10144-01

Appendix I
NETGEAR VPN Configuration
FVS318 or FVM318 with FQDN to FVL328

Configuration Template ... .... .............................................................................................I-1

Using DDNS and Fully Qualified Domain Names (FQDN) .......................................I-2

Step-By-Step Configuration of FVS318 or FVM318 Gateway A ............................. ......... I-3

Step-By-Step Configuration of FVL328 Gateway B .........................................................I-7

Test the VPN Connection ..............................................................................................I-12

Glossary
Index

viii Contents

M-10144-01

Chapter 1

About This Manual

This chapter introduces the NETGEAR FVL328 Prosafe High Speed VPN Firewall manual.

Audience

This reference manual assumes that the reader has basic to intermediate computer and Internet
skills. However, basic computer network, Internet, firewall, and VPN technology tutorial
information is provided in the Appendices and on the NETGEAR Web site.

Scope

This manual is written for the FVL328 Firewall according to these specifications.:

Table 1-1. Manual Specifications

Product Version FVL328 Prosafe High Speed VPN Firewall
Firmware Version Number Version 1.5 Release 07
Manual Part Number M-10144-01
Manual Publication Date December 2003

Note: Product updates are available on the NETGEAR Web site at

www.netgear.com/support/main.asp. Documentation updates are available on the

NETGEAR, Inc. Web site at www.netgear.com/docs.

About This Manual 1-1

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Typographical Conventions

This guide uses the following typographical conventions:

Table 1-2. Typographical conventions

italics Emphasis.
bold times roman User input.
[Enter] Named keys in text are shown enclosed in square brackets. The notation [Enter]

is used for the Enter key and the Return key.

Small Caps DOS file and directory names.

Special Message Formats

This guide uses the following formats to highlight special messages:

Note: This format is used to highlight information of importance or special interest.

1-2 About This Manual

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Features of the HTML Version of this Manual

The HTML version of this manual includes these features.

1

2
3

Figure Preface 1-1: HTML version of this manual

1. Left pane. Use the left pane to view the Contents, Index, Search, and Favorites tabs.

To view the HTML version of the manual, you must have a version 4 or later browser with
JavaScript enabled.

2. Toolbar buttons. Use the toolbar buttons across the top to navigate, print pages, and more.

–The Show in Contents button locates the current topic in the Contents tab.

– Previous/Next buttons display the previous or next topic.

–The PDF button links to a PDF version of the full manual.

–The Print button prints the current topic. Using this button when a step-by-step

procedure is displayed will send the entire procedure to your printer—you do not
have to worry about specifying the correct range of pages.

3. Right pane. Use the right pane to view the contents of the manual. Also, each page of the

manual includes a link at the top right which links to a PDF file
containing just the currently selected chapter of the manual.

About This Manual 1-3

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

How to Print this Manual

To print this manual you can choose one of the following several options, according to your needs.

• Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on the

upper right side of the toolbar to print the currently displayed topic. Using this button when a
step-by-step procedure is displayed will send the entire procedure to your printer—you do not
have to worry about specifying the correct range of pages.

• Printing a Chapter. Use the link at the top right of any page.

– Click the “PDF of This Chapter” link at the top right of any page in the chapter you want

to print. A new browser window opens showing the PDF version of the chapter you were

viewing.
– Click the print icon in the upper left of the window.
– Tip: If your printer supports printing two pages on a single sheet of paper, you can save

paper and printer ink by selecting this feature.

• Printing the Full Manual. Use the PDF button in the toolbar at the top right of the browser

window.
– Click the PDF button. A new browser window opens showing the PDF version of the

chapter you were viewing.
– Click the print icon in the upper left side of the window.
– Tip: If your printer supports printing two pages on a single sheet of paper, you can save

paper and printer ink by selecting this feature.

1-4 About This Manual

M-10144-01

Chapter 2

Introduction

This chapter describes the features of the NETGEAR FVL328 Prosafe High Speed VPN Firewall.
The FVL328 Firewall is now ICSA certified. It provides connection for multiple computers to the
Internet through an external broadband access device (such as a cable modem or DSL modem) and
supports IPSec-based secure tunnels to IPSec-compatible VPN servers.

About the FVL328

The FVL328 is a complete security solution that protects your network from attacks and intrusions
and enables secure communications using Virtual Private Networks (VPN). Unlike simple Internet
sharing routers that rely on Network Address Translation (NAT) for security, the FVL328 uses
Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection.
The 8-port FVL328 provides highly reliable Internet access for up to 253 users with up to 100
concurrent VPN tunnels.

Summary of New Features in the FVL328

The NETGEAR FVL328 VPN ProSafe Firewall contains many new features, including:

•

ICSA Certified, Small/Medium Business (SMB) Category

• VPNC Certified

• Enhanced Logging

Key Features

The FVL328 features are highlighted below.

Introduction 2-1

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Virtual Private Networking

The FVL328 Firewall provides a secure encrypted connection between your local network and
remote networks or clients. Its VPN features include:

• Support for up to 100 simultaneous VPN connections.

• Support for industry standard VPN protocols.
The FVL328 Prosafe High Speed VPN Firewall supports standard keying methods (Manual or
IKE), standard authentication methods (MD5 and SHA-1), and standard encryption methods
(DES, 3DES). It is compatible with many other VPN products.

• Support for up to 168 bit encryption (3DES) for maximum security.

• Support for VPN Main Mode, Aggressive mode, or Manual Keying.

• Support for Fully Qualified Domain Name (FQDN) configuration when the Dynamic DNS
feature is enabled with one of the supported service providers.

• VPNC Certified

A Powerful, True Firewall

Unlike simple Internet sharing NAT routers, the FVL328 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:

• DoS protection
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack and IP Spoofing.

• Blocks unwanted traffic from the Internet to your LAN.

• Blocks access from your LAN to Internet locations or services that you specify as off-limits.

• Logs security incidents
The FVL328 will log security events such as blocked incoming traffic, port scans, attacks, and
administrator logins. You can configure the firewall to e-mail the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your e-mail
address or e-mail pager whenever a significant event occurs.

• ICSA Certified, Small/Medium Business (SMB) Category version 4.0

2-2 Introduction

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

ICSA Small/Medium Business Category

The NETGEAR FVL328 provides meets the ICSA SMB Category by providing Remote
Administration over an encrypted link from a public source. Additionally, the firewall provides a
default security policy denying all inbound non-Remote Administration related traffic originating
from public network sources while allowing a set of common services outbound.

The FVL328 enforces another security policy allowing a standard set of services inbound and
outbound. Therefore, a means to configure Access Control Rules will be available on the product

Content Filtering

With its content filtering feature, the FVL328 prevents objectionable content from reaching your
computers. The firewall allows you to control access to Internet content by screening for keywords
within Web addresses. You can configure the firewall to log and report attempts to access
objectionable Internet sites.

Configurable Auto Uplink™ Ethernet Connection

With its internal 8-port 10/100 switch, the FVL328 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the local LAN and the Internet W AN
interfaces are 10/100 Mbps, autosensing, and capable of full-duplex or half-duplex operation.

TM

The firewall incorporates Auto Uplink
sense whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as
to a PC or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to
the correct configuration. This feature also eliminates the need to worry about crossover cables, as
Auto Uplink will accommodate either type of cable to make the right connection.

technology. Each local Ethernet port will automatically

Protocol Support

The FVL328 supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing
Information Protocol (RIP). Appendix B, “Networks, Routing, and Firewall Basics” provides
further information on TCP/IP. Supported protocols include:

Introduction 2-3

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

• The Ability to Enable or Disable IP Address Sharing by NAT
The FVL328 allows several networked computers to share an Internet account using only a
single IP address, which may be statically or dynamically assigned by your Internet service
provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user
ISP account. This feature can also be turned off completely for using the FVL328 in settings
where you want to manage the IP address scheme of your organization.

• Automatic Configuration of Attached computers by DHCP
The FVL328 dynamically assigns network configuration information, including IP, gateway,
and domain name server (DNS) addresses, to attached computers using Dynamic Host
Configuration Protocol (DHCP). This feature greatly simplifies configuration of computers on
your local network.

• DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the firewall provides its own
address as a DNS server to the attached computers. The firewall obtains actual DNS addresses
from the ISP during connection setup and forwards DNS requests from the LAN.

• PPP over Ethernet (PPPoE)
PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by
simulating a dial-up connection. This feature eliminates the need to run a login program such
as EnterNet or WinPOET on your computer.

• Point-to-Point Tunneling Protocol PPTP login support for European ISPs and BigPond login
for Telstra cable in Australia.

• Dynamic DNS
Dynamic DNS services allow remote users to find your network using a domain name when
your IP address is not permanently assigned. The firewall contains a client that can connect to
many popular Dynamic DNS services to register your dynamic IP address. See “Configuring

Dynamic DNS” on page 4-6.

Easy Installation and Management

You can install, configure, and operate the FVL328 within minutes after connecting it to the
network. The following features simplify installation and management tasks:

• Browser-based management
Browser-based configuration allows you to easily configure your firewall from almost any
type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup
Wizard is provided and online help documentation is built into the browser-based Web
Management Interface.

2-4 Introduction

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

• Smart Wizard
The firewall automatically senses the type of Internet connection, asking you only for the
information required for your type of ISP account.

• Remote management
The firewall allows you to login to the Web Management Interface from a remote location via
the Internet using secure SLL protocol. For security, you can limit remote management access
to a specified remote IP address or range of addresses, and you can choose a nonstandard port
number.

• Diagnostic functions
The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote
reboot. These functions allow you to test Intern et connectivity and reboot the firewall. You can
use these diagnostic functions directly from the FVL328 when your are connected on the LAN
or when you are connected over the Internet via the remote management function.

• Visual monitoring
The firewall’s front panel LEDs provide an easy way to monitor its status and activity.

• Flash EPROM for firmware upgrades

Note: Product updates are available on the NETGEAR Web site at

www.netgear.com/support/main.asp.

• Includes a battery-backed real-time clock so time will persist if power is removed

• Regional support, including ISPs like Telstra DSL and BigPond or Deutsche Telekom.

What’s in the Box?

The product package should contain the following items:

• FVL328 Prosafe High Speed VPN Firewall

•AC power adapter

• FVL328 Resource CD (SW-10018-01), including:
— This manual
— Application notes, tools, and other helpful information

• Warranty and registration card

Introduction 2-5

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

• Support information card

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the product for repair.

Note: Product updates are available on the NETGEAR, Inc. Web site at http://

www.netgear.com/support/main.asp. Documentation updates are available on the

NETGEAR, Inc. Web site at http://www.netgear.com/docs.

The Firewall’s Front Panel

The front panel of the FVL328 (Figure 2-1) contains status LEDs.

MODEL

ProSafe Hi-Speed VPN Firewall

Cable/DSL

PWR TEST

INTERNET LOCAL

100

LNK/ACT

12345678

Figure 2-1: FVL328 Front Panel

100

LNK/ACT

FVL328

You can use some of the LEDs to verify connections. Table 2-1 lists and describes each LED on
the front panel of the firewall.

These LEDs are green when lit, except for the TEST LED, which is amber.

Table 2-1: LED Descriptions

Label Activity Description

POWER On Power is supplied to the firewall.
TEST On

Off

INTERNET

100 On/Blinking The Internet port is operating at 100 Mbps.
LINK/ACT (Activity) On/Blinking The port detected a link with the Internet WAN connection and is

LOCAL

2-6 Introduction

The system is initializing.
The system is ready and running.

operating at 10 Mbps. Blinking indicates data transmission.

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Table 2-1: LED Descriptions

100 On/Blinking The Local port is operating at 100 Mbps.
LINK/ACT

(Link/Activity)

On/Blinking The Local port has detected a link with a LAN connection and is

operating at 10 Mbps. Blinking indicates data transmission.

The Firewall’s Rear Panel

The rear panel of the FVL328 (Figure 2-2) contains the connections identified below.

Figure 2-2: FVL328 Rear Panel

Viewed from left to right, the rear panel contains the following elements:

• Factory Default Reset push button

• Eight Local Ethernet RJ-45 ports for connecting the firewall to local computers

• Internet WAN Ethernet RJ-45 port for connecting the firewall to a cable or DSL modem

• AC power adapter input

•

Introduction 2-7

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

2-8 Introduction

M-10144-01

Chapter 3

Connecting the FVL328 to the Internet

This chapter describes how to set up the firewall on your Local Area Network (LAN) and connect
to the Internet. You can perform basic configurat ion of your FVL328 Prosafe High Speed VPN
Firewall using the Setup Wizard, or manually configure your Internet connection.

What You Will Need Before You Begin

You need to prepare these three things before you can connect your firewall to the Internet:

1. A computer properly connected to the firewall as explained below.

2. Active Internet service such as that provided by a DSL or Cable modem account.

3. The Internet Service Provider (ISP) configuration information for your account.

LAN Hardware Requirements

The FVL328 Firewall connects to your LAN via twisted-pair Ethernet cables.
To use the FVL328 Firewall on your network, each computer must have an installed Ethernet

Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network
at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided with your firewall.

The broadband modem must provide a standard 10 Mbps 10BASE-T or 100 Mbps 100BASE-T
Ethernet interface.

LAN Configuration Requirements

For the initial connection to the Internet and configuration of your firewall, you will need to
connect a computer to the firewall which is set to automatically get its TCP/IP configuration from
the firewall via DHCP. The computer you use must have a Web browser such as Internet Explorer
v5 or greater or Netscape Communicator v4.7 or greater.

Note: Please refer to Appendix C, "Preparing Your Network" for assistance with DHCP

configuration.

Connecting the FVL328 to the Internet 3-1

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Internet Configuration Requirements

Depending on how your ISP or IT group set up your Internet access, you will need one or more of
these configuration parameters to connect your firewall to the Internet:

• Host and Domain Names

• ISP Login Name and Password

• ISP Domain Name Server (DNS) Addresses

• Fixed or Static IP Address

Where Do I Get the Internet Configuration Parameters?

There are several ways you can gather the required Internet connection information.

• Your ISP should have provided you with all the information needed to connect to the Internet.
If you cannot locate this information, you can ask your ISP to provide it or you can try one of
the options below.

• If you have a computer already connected using the active Internet access account, you can
gather the configuration information from that computer.

• For Windows 95/98/Me, open the Network control panel, select the TCP/IP entry for the

Ethernet adapter, and click Properties.

• For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP entry

for the Ethernet adapter, and click Properties.

• For Macintosh computers, open the TCP/IP or Network control panel.

• You may also refer to the FVL328 Resource CD for the NETGEAR Router ISP Guide which
provides Internet connection information for many ISPs.

Once you locate your Internet configuration parameters, you may want to record them on the page
below according to the instructions in “Worksheet for Recording Your Internet Connection

Information” on page 3-3.

3-2 Connecting the FVL328 to the Internet

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Worksheet for Recording Your Internet Connection Information

Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP).
ISP Login Name: The login name and password are case sensitive and must be entered exactly as

given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is
not required by all ISPs. If you connect using a login name and password, then fill in the
following:

Login Name: ______________________________

Password: __________________________ __

Service Name: _____________________________
Fixed or Static IP Address: If you have a static IP address, record the following information. For

example, 169.254.141.148 could be a valid IP address.
Fixed or Static Internet IP Address: ______

.______.______.______
Subnet Mask: ______.______.______.______
Gateway IP Address: ______.______.______.______

ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following:
Primary DNS Server IP Address: ______

.______ ______.______

Secondary DNS Server IP Address: ______.______.______.______
Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or

home. If you haven’t been given host or domain names, you can use the following examples as a

guide:

• If your main e-mail account with your ISP is

aaa@yyy.com, then use aaa as your host name.

Your ISP might call this your account, user, host, computer, or system name.

• If your ISP’s mail server is

mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.

ISP Host Name: _________________________

Connecting the FVL328 to the Internet 3-3

ISP Domain Name: _______________________

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Connecting the FVL328 to Your LAN

This section provides instructions for connecting the FVL328 Prosafe High Speed VPN Firewall
to your Local Area Network (LAN).

Note: The Resource CD included with your firewall contains an animated Installation Assistant to

help you through this procedure.

How to Connect the FVL328 to Your LAN

There are three steps to connecting your firewall:

• Connect the firewall to your network.

• Log in to the firewall.

• Connect to the Internet.
Follow the steps below to connect your firewall to your network.

1. Connect the FVL328.

a. Turn off your computer and cable or DSL modem.
b. Disconnect the Ethernet cable (A) from your computer which connects to yo ur cable or

DSL modem.

A

DSL modem

Figure 3-1: Disconnect the cable or DSL modem

3-4 Connecting the FVL328 to the Internet

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Connect the Ethernet cable (A) from your cable or DSL modem to the FVL328’s Internet

c.

port.

Cable or

DSL modem

LOCA L

876543221INTERN ET

10/100M

A

12VDCO.5A

Figure 3-2: Connect the cable or DSL modem to the firewall

d.

Connect the Ethernet cable (B) which came with the firewall from a Local port on the
router to your computer.

Cable or

DSL modem

B

LOCA L

876543221INTERN ET

10/100M

12VDCO.5A

Figure 3-3: Connect the computers on your network to the firewall

Note: The FVL328 Firewall incorporates Auto UplinkTM technology. Each Ethernet port
will automatically sense whether the cable plugged into the port should have a 'normal'
connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch
or hub). That port will then configure itself to the correct configuration. This feature also
eliminates the need to worry about crossover cables, as Auto Uplink will accommodate
either type of cable to make the right connection.

e. Turn on the cable or DSL modem and wait about 30 seconds for the lights to stop blinking.

Connecting the FVL328 to the Internet 3-5

M-10144-01

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

2. Log in to the FVL328.

Note: To connect to the firewall, your computer needs to be configured to obtain an IP

address automatically via DHCP. Please refer to Appendix C, "Preparing Your Network"
for instructions on how to do this.

a. Turn on the firewall and wait for the TEST light to stop blinking.
b. Now, turn on your computer.

Note: If you usually run software to log in to your Internet connection, do not run that
software.

Now that the cable or DSL modem, firewall, and the computer are turned on, verify the
following:

• When power on the firewall was first turned on, the PWR light went on, the TEST light
turned on within a few seconds, and then went off after approximately 10 seconds.

• The firewall’s LOCAL LINK/ACT lights are lit for any computers that are connected to it.

• The firewall’s INTERNET LINK light is lit, indicating a link has been established to the
cable or DSL modem.

c. Next, use a browser like Internet Explorer or Netscape to log in to the firewall at its default

address of http://192.168.0.1.

Figure 3-4: Log in to the firewall

3-6 Connecting the FVL328 to the Internet

M-10144-01