How it Works
Netgear
Loading...
FVS318G
Quick Start Manual
2 pgs1.07 Mb0
User Manual [zh]
129 pgs2.26 Mb0
User Manual
3 pgs177.43 Kb0
Reference Manual [zh]
422 pgs9.96 Mb0
Data Sheet [zh]
5 pgs581.36 Kb0
TECHNICAL SPECIFICATIONS [de]
3 pgs86.34 Kb0
Installation Manual [zh]
2 pgs354.48 Kb0
TECHNICAL SPECIFICATIONS
3 pgs456.6 Kb0
Installation Manual [es]
2 pgs371.62 Kb0
Installation Manual [fr]
2 pgs371.82 Kb0
Installation Manual [de]
2 pgs372.54 Kb0
Installation Manual [fr]
2 pgs465.52 Kb0
Installation Manual [es]
2 pgs478.78 Kb0
Installation Manual [de]
2 pgs528.26 Kb0
Table of contents
Loading...

Netgear FVS318G Reference Manual [zh]

NETGEAR ProSAFE VPN Firewall FVS318G v2

Reference Manual
October 2014 202-11465-01
350 East Plumeria Drive San Jose, CA 95134 USA
NETGEAR ProSAFE VPN Firewall FVS318G v2
Support
Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your
https://my.netgear.com. You must register your product before you can
recommends registering your product through the NETGEAR website. For product updates and web support, visit
h
ttp://support.netgear.com.
Phone (US & Canada only): 1
Phone (Other Countries): Check the list of
888-NETGEAR.
-
phone numbers at http://support.netgear.com/general/contact/default.aspx.
product and use it to register your product at
use NETGEAR telephone support. NETGEAR
Compliance
For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
See the regulatory compliance document befo
re connecting the power supply.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved.
Revision History
Publication Part Number
202-11465-01 1.0 October 2014
Ver si on Publish Date Comments
First publication
2

Contents

Chapter 1 Introduction
What Is the NETGEAR ProSAFE VPN Firewall FVS318G v2? . . . . . . . . . . . . . . . . .9
Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Advanced VPN Support for IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
A Powerful, True Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Easy Installation and Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Bottom Panel with Product Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Choose a Location for the VPN Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Wall-Mount the VPN Firewall with the
Log In to the VPN Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Web Management Interface Menu Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Requirements for Entering IP Addresses
IPv4 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Mounting Kit
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
. .
. .
. . . . . . . . . . . . . . . . . 10
. . . . . . . . . . . . . . . . . . . . . 18
Chapter 2 IPv4 and IPv6 Internet and Broadband Settings
Internet and WAN Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
IPv4 Internet Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
IPv6 Internet Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Configure the IPv4 Internet Connection a
Configure the IPv4 WAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Let the VPN Firewall Automatically Detect and
Configure an IPv4 Internet Connecti
Manually Configure an IPv4 Internet Connection . . . . . . . . . . . . . . . . . . . . . . 31
Configure Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Configure the IPv6 Internet Connection a
Configure the IPv6 Routing Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Use a DHCPv6 Server to Configure an IPv6 Internet Connection
Configure a Static IPv6 Internet Connection . . . . .
Configure a PPPoE IPv6 Internet Connection .
Configure 6to4 Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3
d WAN Settings . . . . . . . . . . . . . . . 26
n
on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
d WAN Settings . . . . . . . . . . . . . . . 38
n
. . . . . . . . 40
. . . . . . . . . . . . . . . . . . . . . 42
. . . . . . . . . . . . . . . . . . . . . . . . 44
NETGEAR ProSAFE VPN Firewall FVS318G v2
Configure ISATAP Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
View the Tunnel Status and IPv6 Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configure Stateless IP/ICMP Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configure Advanced WAN Options and Other Tasks. . .
Additional WAN-Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Verify the Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
What to Do Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
. . . . . . . . . . . . . . . . . . . 52
Chapter 3 LAN Configuration
Manage IPv4 Virtual LANs and DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Assign and Manage VLAN Profiles . . .
VLAN DHCP Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configure a VLAN Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configure VLAN MAC Addresses and LAN Advanced Settings . . . . . . . . . . . 68
Configure IPv4 Multihome LAN IP Addresses
Manage IPv4 Groups and Hosts (IPv4 LAN Groups) . . . . . . . . . . . . . . . . . . . . . . 71
Manage the Network Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Change Group Names in the Network Database . . . . . . . . . . . . . . . . . . . . . . . 77
Set Up DHCP Address Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Manage the IPv6 LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
DHCPv6 Server Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configure the IPv6 LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configure the IPv6 Router Adverti
Advertisement Prefixes for the LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configure IPv6 Multihome LAN IP Addresses on
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic . . . . . . . . . . . . . 96
DMZ Port for IPv4 Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DMZ Port for IPv6 Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configure the IPv6 Router Adverti
Advertisement Prefixes for the DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Manage Static IPv4 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Configure Static IPv4 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Configure the Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 114
IPv4 Static Route Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Manage Static IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configure Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
the Default VLAN . . . . . . . . . 69
on
ement Daemon and
s
the Default VLAN . . . . . . . . . 93
ement Daemon and
s
Chapter 4 Firewall Protection
About Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Administrator Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Overview of Rules to Block or Allow Specific Kinds of
Outbound Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Inbound Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Configure LAN WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Create LAN WAN Outbound Service Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
4
Traffic. . . . . . . . . . . . . 127
NETGEAR ProSAFE VPN Firewall FVS318G v2
Create LAN WAN Inbound Service Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Configure DMZ WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Create DMZ WAN Outbound Service Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Create DMZ WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Configure LAN DMZ Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Create LAN DMZ Outbound Service Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Create LAN DMZ Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Examples of Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Examples of Inbound Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Examples of Outbound Firewall Rules
Configure Other Firewall Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Attack Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Set Limits for IPv4 Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Manage the Application Level Gateway for SIP Sessions. . . . . . . . . . . . . . . 175
Services, Bandwidth Profiles, and QoS Profiles . . . . . . . . . . . . . . . . . . . . . . . . . 176
Add Customized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Create Bandwidth Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Preconfigured Quality of Service Profiles
Configure Service Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Configure IP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Configure Content Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Set a Schedule to Block or Allow Specific Traffic. . . . . . . . . . . . . . . . . . . . . . . . 195
Enable Source MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Set Up IP/MAC Bindings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Configure Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Configure Universal Plug and Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
. . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Chapter 5 Virtual Private Networking Using
IPSec and L2TP Connections
Use the IPSec VPN Wizard for Client and Gateway Configurations . . . . . . . . 213
Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard
Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard
Create an IPv4 Client-to-Gateway VPN Tunnel with the Wizard
Test the Connection and View Connection and Status Information . . . . . . . . 234
Test the NETGEAR VPN Client Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
NETGEAR VPN Client Status and Log Information. . . . . . . . . . . . . . . . . . . . . 235
View the VPN Firewall IPSec VPN Connection Status
View the VPN Firewall IPSec VPN Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Manage IKE Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Manage VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Configure XAUTH for VPN Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
User Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
RADIUS Client and Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Assign IPv4 Addresses to Remote Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Mode Config Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
. . . . . . . . . . . . . . . . 236
. .
. . . . . 213
. . . . . 217
. . . . . . . . 220
5
NETGEAR ProSAFE VPN Firewall FVS318G v2
Configure Mode Config Operation on the VPN Firewall. . . . . . . . . . . . . . . . 262
Configure the ProSafe VPN Client for Mode Config Operation . . . . . . . . . 268
Test the Mode Config Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Modify or Delete a Mode Config Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Configure Keep-Alives and Dead Peer Detection . .
Configure Keep-Alives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Configure Dead Peer Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Configure NetBIOS Bridging with IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Configure the L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
View the Active L2TP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
. . . . . . . . . . . . . . . . . . . . 276
.
Chapter 6 Manage Users, Authentication, and VPN Certificates
The VPN Firewall’s Authentication Process and Options. . . . . . . . . . . . . . . . . . 286
Configure Authentication Domains, Groups, and Users
Configure Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Configure Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Configure User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Set User Login Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Change Passwords and Other User Settings . . . . . . . . . . . . . . . . . . . . . . . . . 306
Manage Digital Certificates for VPN Connections. . . . . . . . . . . . . . . . . . . . . . . 308
VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Manage VPN CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Manage VPN Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Manage the VPN Certificate Revocation List . . . . . . . . . . . . . . . . . . . . . . . . . 316
. . . . . . . . . . . . . . . . . . 287
Chapter 7 Network and System Management
Performance Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Bandwidth Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Features That Reduce Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Features That Increase Traffic . . . . . . . . . . . .
Use QoS and Bandwidth Assignment to Shift the Traffic Mix . . . . . . . . . . . 325
Monitoring Tools for Traffic Management. . . . . . .
System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Change Passwords and Administrator and Guest Settings. .
Configure Remote Management Access. .
Use the Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Use a Simple Network Management Protocol Manager. . . . . . . . . . . . . . . . 331
Manage the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Update the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Configure Date and Time Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
. . . . . . . . . . . . . . . . . . . . . . . 322
. .
. . . . . . . . . . . . . . . . . . . . 326
. . . . . . . . . . . . 326
. . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Chapter 8 Monitor System Access and Performance
Enable the WAN Traffic Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Configure Logging, Alerts, and Event Notifications.
How to Send Syslogs over a VPN Tunnel Between Sites .
View the Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
. . . . . . . . . . . . . . . . . . . . . 353
. . . . . . . . . . . . . . 357
6
NETGEAR ProSAFE VPN Firewall FVS318G v2
View the System Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
View the VPN Connection Status and L2TP Users. . . . . . . . . . . . . . . . . . . . . 370
View the VPN Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
View the Port Triggering Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
View the WAN Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
View the Attached Devices and the DHCP Log . . . . . . . . . . . . . . . . . . . . . . . 376
Diagnostics Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Send a Ping Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Trace a Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Look Up a DNS Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Display the Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Capture Packets in Real Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Reboot the VPN Firewall Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Chapter 9 Troubleshooting
Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Power LED Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Test LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
LAN or WAN Port LEDs Not On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Troubleshoot the Web Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . 388
When You Enter a URL or IP Address, a Time-Out
Troubleshoot the ISP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Troubleshooting the IPv6 Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
Troubleshoot a TCP/IP Network Using a Ping Utility. . . . . . . . . . . . . . . . . . . . . 395
Test the LAN Path to Your VPN Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Test the Path from Your Computer to a Remote Device . . . . . . . . . . . . . . . 396
Restore the Default Configuration
Address Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Access the Knowledge Base and Documentation. . . . . . . . . . . . . . . . . . . . . . . . 398
and
Password . . . . . . . . . . . . . . . . . . . . . . . 397
Error Occurs
. . . . . . . . . . . 389
Appendix A Default Settings and Technical Specifications
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Physical and Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Appendix B Two-Factor Authentication
Why Do I Need Two-Factor Authentication? . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
What Are the Benefits of Two-Factor A
What Is Two-Factor Authentication? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
NETGEAR Two-Factor Authentication Solutions . . . . . . . . . . . . . . . . . . . . . . . . 409
uthentication? . . . . . . . . . . . . . . . . 408
Index
7

1. Introduction

1
This chapter provides an overview of the features and capabilities of the NETGEAR ProSAFE VPN Firewall FVS318G v2 and explains how to log in to the device and use its web management interface. The chapter contains the following sections:
What Is the NETGEAR ProSAFE VPN Firewall FVS318G v2?
Key Features and Capabilities
Package Contents
Hardware Features
Choose a Location for the VPN Firewall
Wall-Mount the VPN Firewall with the Mounting Kit
Log In to the VPN Firewall
Web Management Interface Menu Layout
Requirements for Entering IP Addresses
For more information about the topics covered in this manual, visit the suppo
http://suppo
Firmware updates with new features and bug fixes are made available from time to time o
downloa
new firmware, or you can check for and do behavior of your product does not match what is described in this guide, you might need to update your firmware.
rt.netgear.com.
dcenter.netgear.com. Some products can regularly check the site and download
wnload new firmware manually. If the features or
rt website at
n
8
NETGEAR ProSAFE VPN Firewall FVS318G v2

What Is the NETGEAR ProSAFE VPN Firewall FVS318G v2?

The NETGEAR ProSAFE VPN Firewall FVS318G v2, hereafter referred to as the VPN firewall, connects your local area network (LAN) to the Internet through an external broadband access device such as a cable or DSL modem, satellite or wireless Internet dish, or another router.
The VPN firewall routes both IPv4 and IPv6 traffic. A powerful, flex IPv4 and IPv6 networks from denial of service (DoS) attacks, unwanted traffic, and traffic with objectionable content. IPv6 traffic is supported through 6to4 and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels.
The VPN firewall provides advanced IPSec VPN technologies with support VPN tunnels, as well as L2TP support for easy and secure remote connections. The use of Gigabit Ethernet WAN and LAN ports ensures high data transfer speeds.
ible firewall protects your
for up to 12 IPSec

Key Features and Capabilities

The VPN firewall provides the following key features and capabilities:
A single 10/100/1000 Mbps Gigabit Ethernet WAN port
Built-in eight-port
between local network resources
Both IPv4 and IPv6 support
Advanced IPSec VPN
L2TP tunnel support
Advanced sta
SNMP support with SNMPv1, SNMPv2c, and SNMPv3, and management opt
the NETGEAR ProSafe Network Management Software (NMS200) over a LAN connection.
Front panel LEDs for easy monitoring of status and activity
Flash memory for firmware upgrade
10/100/1000 Mbps Gigabit Ethernet LAN switch for fast data transfer
teful packet inspection (SPI) firewall with multi-NAT support
imized for
Internal universal switching power supply
T
his section contains the following topics:
Advanced VPN Support for IPSec
A Powerful, True Firewall
Security Features
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
Introduction
9
NETGEAR ProSAFE VPN Firewall FVS318G v2

Advanced VPN Support for IPSec

The VPN firewall supports IPSec virtual private network (VPN) connections. IPSec VPN delivers full network access between a central office and branch offices, or between a central office and telecommuters. Remote access by telecommuters requires the installation of VPN client software on the remote computer. Advantages include:
IPSec VPN with broad p
and clients
Up to 12 simult
Bundled with a 30-da
aneous IPSec VPN connections
rotocol support for secure connection to other IPSec gateways
y trial license for the ProSafe VPN Client software (VPN01L)

A Powerful, True Firewall

Unlike simple NAT routers, the VPN firewall is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. Its firewall features provide the following capabilities:
DoS protection. Automa
as Ping of Death and SYN flood.
Secure firewall. Blocks unw
Schedule polici
Logs security incidents. Lo
configure the firewall to email the log to you at specified intervals.
es. Permits scheduling of firewall policies by day and time.
tically dete
anted traffic from the Internet to your LAN.
gs security events such as logins and secure logins. You can
cts and thwarts denial of service (DoS) attacks such

Security Features

The VPN firewall is equipped with several features designed to maintain security:
Computers hidden by
originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the computers on the LAN.
Port forwarding with NA
accessing the computers on the LAN, the VPN firewall allows you to direct incoming traffic to specific computers based on the service port number of the incoming request.
DMZ port.
unless the traffic is a response to one of your local computers or a service for which you configured an inbound rule. Instead of discarding this traffic, you can use the dedicated demilitarized zone (DMZ) port to forward the traffic to one computer on your network.
Incoming traffic from the Internet is usually discarded by the VPN firewall
NAT. NAT opens a temporary path to the Internet for requests
T. Although NAT prevents Internet locations from directly

Autosensing Ethernet Connections with Auto Uplink

With its internal eight-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the VPN firewall can connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.
Introduction
10
NETGEAR ProSAFE VPN Firewall FVS318G v2
The VPN firewall incorporates Auto UplinkTM technology. Each Ethernet port automatically
senses whether the Ethernet cable plugged into the port should use a normal connection such as to a computer or an uplink connection such as to a switch or hub. That port then configures itself correctly. This feature eliminates the need for you to think about crossover cables, as Auto Uplink accommodates either type of cable to make the right connection.

Extensive Protocol Support

The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). The VPN firewall provides the following protocol support:
P address sharing by NAT. The VPN firewall
I
share an Internet account using only a single IP address, which might be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as Network Address Translation (NAT), allows the use of an inexpensive single-user ISP account.
Automatic configuration of attached computers by DHCP. T
dynamically assigns network configuration information, including IP, gateway, and Domain Name Se Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of computers on your local network.
DNS proxy. When DHCP is enabled and no DNS addresses are specified, the firewa
provides its own address as a DNS server to the attached computers. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.
PPP over Ethernet (PPPoE
Internet over a DSL connection by simulating a dial-up connection.
Quality of Service (QoS). Th
Layer 2 Tunneling Protocol (L2TP). A tunn
private networks (VPNs).
rver (DNS) addresses, to attached computers on the LAN using the
). PPPoE is a protocol for connecting remote hosts to the
e VPN firewall supports QoS.
allows many networked computers to
he VPN firewall
eling protocol that is used to support virtual

Easy Installation and Management

ll
You can install, configure, and operate the VPN firewall within minutes after connecting it to the network. The following features simplify installation and management tasks:
Browser-based manag
configure the VPN firewall from almost any type of operating system, such as Windows, Macintosh, or Linux. Online help documentation is built into the browser-based web management interface.
Auto-detection of ISP.
connection, asking you only for the information required for your type of ISP account.
IPSec VPN Wizard.
you can easily configure IPSec VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC). This ensures that the IPSec VPN tunnels are interoperable with other VPNC-compliant VPN routers and clients.
ement. Browser-based configuration allows you to easily
The VPN firewall automatically senses the type of Internet
The VPN firewall includes the NETGEAR IPSec VPN Wizard so that
Introduction
11
NETGEAR ProSAFE VPN Firewall FVS318G v2
Power supply
Ethernet cable
Mounting screws
VPN firewall
SNMP. The VPN firewall supports the Simple Network Management Protocol (SNMP) to
let you monitor and manage log resources from an SNMP-compliant system manager. The SNMP system configuration lets you change the system variables for MIB2.
Diagnostic functio
as ping, traceroute, DNS lookup, and remote reboot.
Remote managem
interface from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses.
V
isual monitoring. The VPN fire
its status and activity.
ns. The VPN firewall incorporates built-in diagnostic functions such
ent. The VPN firewall allows you to log in to the web management
wall’s front panel LEDs provide an easy way to monitor

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the VPN firewall:
Flash memory for f
Technical support seven days a week, 24 hours a day. Information
available on the NETGEAR website at
http://support.netgear.com/app/answers/detail/a_id/212.
irmware upgrades.
about support is

Package Contents

Figure 1. Package contents
Introduction
12
NETGEAR ProSAFE VPN Firewall FVS318G v2
The VPN firewall product package contains the following items:
NETGEAR ProSAFE VPN Firewall FVS318G v2
One 12V 1A power supply unit for your region
Mounting screws
Ethernet cable
NETGEAR ProSAFE VPN Firewall FVS318G v2 Inst
allation Guide
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dea

Hardware Features

The front panel ports and LEDs, rear panel ports, and bottom label of the VPN firewall are described in the following sections.
Front Panel
Rear Panel
Bottom Panel with Product Label

Front Panel

Viewed from left to right, the VPN firewall front panel contains the following ports:
LAN Ethernet ports. Eight switched N-way automatic speed negotiating, Auto
MDI/MDIX, Giga
WAN Ethernet port. On
MDI/MDIX, Gigabit Ethernet port with an RJ-45 connector.
bit Ethernet ports with RJ-45 connectors.
e independent N-way automatic speed negotiating, Auto
ler.
Introduction
13
NETGEAR ProSAFE VPN Firewall FVS318G v2
Power
Test LED
DMZ LED
Left WAN LED
Right WAN LED
Active WAN LED
LED
Left LAN LEDs
Right LAN LEDs
(green, one for each port)
(one for each port)
(green)
The front panel also contains three groups of status indicator light-emitting diodes (LEDs),
including Power and Test LEDs, LAN LEDs, and WAN LEDs, all of which are described in
detail in the following table. Some LED explanation is provided on the front panel.
Figure 2. Front panel
The following table describes the function of each LED.
Table 1. LED descriptions
LED Activity Description
Power LED On (green) Power is supplied to the VPN firewall.
Off Power is not supplied to the VPN firewall.
Test LED On (amber) during
startup
On (amber) during any other time
Blinking (amber) The VPN firewall is writing to flash memory (during upgrading or resetting to
Off The VPN firewall booted successfully.
Test mode. The VPN firewall is initializing. After approximately two minutes, when the VPN firewall completes its initialization, the Test LED turns off.
The initialization failed, or a hardware failure occurred.
defaults).
Introduction
14
NETGEAR ProSAFE VPN Firewall FVS318G v2
Table 1. LED descriptions (continued)
LED Activity Description
LAN Ports
Left LED Off The LAN port does not detect a link.
On (green) The LAN port detected a link with a connected Ethernet device.
Blinking (green) Data is being transmitted or received by the LAN port.
Right LED Off The LAN port is operating at 10 Mbps.
On (amber) The LAN port is operating at 100 Mbps.
On (green) The LAN port is operating at 1000 Mbps.
DMZ LED Off Port 8 is operating as a normal LAN port.
On (green) Port 8 is operating as a dedicated hardware DMZ port.
WAN Port
Left LED Off The WAN port does not detect a physical link, that is, no Ethernet cable is
plugged into the VPN firewall.
On (green) The WAN port is connected with a device that provides an Internet
connection.
Blinking (green) Data is being transmitted or received by the WAN port.
Right LED Off The WAN port is operating at 10 Mbps.
On (amber) The WAN port is operating at 100 Mbps.
On (green) The WAN port is operating at 1000 Mbps.
Active LED Off The firewall is not connected to the Internet.
On (green) The firewall is connected to the Internet.
Introduction
15
NETGEAR ProSAFE VPN Firewall FVS318G v2
(1) Security lock
receptacle
(2) Console port
(3) Reset button
(4) DC power
receptacle

Rear Panel

The rear panel of the VPN firewall includes the antennas, a cable lock receptacle, a console
port, a Reset button, a DC power connection, and a power switch.
Figure 3. Back panel
Viewed from left to right, the rear panel contains the following components:
1. Cable security lock receptacle.
Console port.
2.
Port for connecting to an optional console terminal. The port provides a DB9 male connector. The default baud rate is 9600 K. The pinouts are (2) Tx, (3) Rx, (5) and (7) Gnd.
3. Factory default Reset button.
Using a sharp object, press and hold this button for about eight seconds until the front panel Test LED blinks. To reset the VPN firewall to factory default settings. All configuration settings are lost, and the default password is restored.
4. DC power plug receptacle.
Power input is 12 VDC, 1A. The power plug is localized to the
country of sale.
Introduction
16
NETGEAR ProSAFE VPN Firewall FVS318G v2

Bottom Panel with Product Label

The product label on the bottom of the VPN firewall’s enclosure displays factory default settings, regulatory compliance, and other information.
Figure 4. Product label

Choose a Location for the VPN Firewall

The VPN firewall is suitable for use in an office environment where it can be freestanding (on its runner feet) or mounted on a wall. Alternatively, you can rack-mount the VPN firewall in a wiring closet or equipment room.
wa
Consider the following when deciding where to position the VPN fire
The unit is accessible, and cables can be connected easily.
Cabling is away from sources of electrical noise. These include lift shafts, microwave
vens, and air-conditioning units.
o
Water or moisture cannot enter the case of the unit.
Airflow around th
Provide a minimum of 25 mm or 1 inch clearance.
The air is as free of dust as possible.
Temperature operating limits are not likely to be exceeded. Inst
air-conditioned environment. For information about the recommended operating
e unit and through the vents in the side of the case is not restricted.
ll:
all the unit in a clean,
Introduction
17
NETGEAR ProSAFE VPN Firewall FVS318G v2
temperatures for the VPN firewall, see Appendix A, Default Settings and Technical
Specifications.

Wall-Mount the VPN Firewall with the Mounting Kit

Use the mounting kit for the VPN firewall to install the appliance on a wall. Attach the mounting brackets using the hardware that is supplied with the mounting kit.
Figure 5. Wall mounting
Before mounting the VPN firewall to a wall, verify the following:
You are using the correct screws (supplied with the installation kit).
The wall on wh
ich you plan to mount the VPN firewall is suitably located.
Introduction
18
NETGEAR ProSAFE VPN Firewall FVS318G v2

Log In to the VPN Firewall

Note: To connect the VPN firewall physically to your network, connect the
cables and restart your network according to the instructions in the NETGEAR ProSAFE VPN Firewall FVS318G v2 Installation Guide.
To configure the VPN firewall, you must use a web browser such as Microsoft Internet Explorer 7.0 or later, Mozilla Firefox 4.0 or later cookies, and SSL enabled.
To log in to the VPN firewall:
1. Open any of the qualified web browsers.
, or Apple Safari 3.0 or later with JavaScript,
2. In the address field, enter h
The NETGEAR Configuration Manager Login screen d
The VPN firewall factory default IP address is 192.168.1.1. If you cha you must use the IP address that you assigned to the VPN firewall to log in to the VPN firewall.
ttps://192.168.1.1.
isplays.
nge the IP address,
3. In the Us
Use lowercase letters.
4. In the Pas
Use lowercase letters.
ername field, enter admin.
sword / Passcode field, enter password.
Introduction
19
NETGEAR ProSAFE VPN Firewall FVS318G v2
Note: The VPN firewall user name and password are not the same as any
user name or password that you might use to log in to your Internet connection.
Leave the domain as it is (geardomain).
5. Click the L
ogin button.
The figure shows the top part of the Router Status screen. For more inf
View the System Status on pag
e 361.
ormation, see
After five minutes of inactivity, which is the default log logged out.
Introduction
20
in time-out, you are automatically
NETGEAR ProSAFE VPN Firewall FVS318G v2
1st level: Main navigation menu link (orange)
2nd level: Configuration menu link (gray)
3rd level: Submenu tab (blue)
Option arrows: Additional screen for submenu item
IP radio buttons

Web Management Interface Menu Layout

The following figure shows the menu at the top the web management interface:
Figure 6. Menu layout
The web management interface menu consists of the following components:
1st level: Main navigation menu links. The main
navigation menu in the orange bar across the top of the web management interface provides access to all the configuration functions of the VPN firewall and remains constant. When you select a main navigation menu link, the letters are displayed in white against an orange background.
2nd level: Configuration menu links. Th
e configuration menu links in the gray bar (immediately below the main navigation menu bar) change according to the main navigation menu link that you select. When you select a configuration menu link, the letters are displayed in white against a gray background.
3rd level: Submenu tabs.
Each configuration menu item includes one or more submenu tabs that are listed below the gray menu bar. When you select a submenu tab, the text is displayed in white against a blue background.
Option arrows. If
additional screens for the submenu item are available, links to the screens display on the right side in blue letters against a white background, preceded by a white arrow in a blue circle.
I
P radio buttons. The IPv
4 and IPv6 radio buttons let you select the IP version for the
feature to be configured onscreen. Four options are available:
- Both buttons are operational. Y
for IPv4 functionality or for IPv6 functionality. After you correctly
ou can configure the feature onscreen
configure the feature
for both IP versions, the feature can function with both IP versions simultaneously.
- The IPv4 button is operational but the IPv6 button is disabled. Y
can configure the feature onscreen for IPv4 functionality only.
- The IPv6 button is operational but the IPv4 button is disabled. Y
can configure the feature onscreen for IPv6 functionality only.
- Both buttons are disabled. IP f
unctionality does not apply.
ou
ou
Introduction
21
NETGEAR ProSAFE VPN Firewall FVS318G v2
The bottom of each screen provides action buttons. The nature of the screen determines which action buttons are shown. The following figure shows an example:
Figure 7. Action buttons
Any of the following action buttons might display onscreen (this list might not be complete):
Apply. Save and a
Reset. Reset the con
Test. T
Auto Detect. En
suggest values for the configuration.
Cancel. Ca
When a screen includes a table, table buttons display to let you configure the t The nature of the screen determines which table buttons are shown. The following figure shows an example:
Figure 8. Table buttons
Any of the following table buttons might display onscreen:
Select All. Select all entries in the
Delete. Delete the se
Enable. En
Disable. Disab
Add. Add an entry to th
Edit. Edit the selected en
Up. Move up the selected entry in the table.
est the configuration.
ncel the operation.
able the selected entry or entries in the table.
pply the configuration.
figuration to the previously saved configuration.
able the VPN firewall to detect the configuration automatically and
able entries.
table.
lected entry or entries from the table.
le the selected entry or entries in the table.
e table.
try.
Down. Move down the selected entry in the table.
Apply. Apply the selected
Almost all screens and sections of screens connect to an accompanying help open the help screen, click the (question mark) icon.
entry.
screen. To

Requirements for Entering IP Addresses

To connect to the VPN firewall, your computer must be configured to obtain an IP address automatically from the VPN firewall, either an IPv4 address through DHCP or an IPv6 address through DHCPv6, or both.
Introduction
22
NETGEAR ProSAFE VPN Firewall FVS318G v2

IPv4 Addresses

The fourth octet of an IP address must be between 0 and 255 (both inclusive). This requirement applies to any IP address that you enter on a screen of the web management interface.

IPv6 Addresses

IPv6 addresses are denoted by eight groups of hexadecimal quartets that are separated by colons. Any four-digit group of zeros within an IPv6 address can be reduced to a single zero or altogether omitted.
The following errors invalidate an IPv6 address:
More than eight groups of hexadecimal quartets
More than four hexadecimal characters in a quartet
More than two colons in a row
Introduction
23
2. IPv4 and IPv6 Internet and
Broadband Settings
This chapter explains how to configure the Internet and WAN settings. The chapter contains the following sections:
Internet and WAN Configuration Tasks
Configure the IPv4 Internet Connection and WAN Settings
Configure the IPv6 Internet Connection and WAN Settings
Configure Advanced WAN Options and Other Tasks
Additional WAN-Related Configuration Tasks
What to Do Next
2
24
NETGEAR ProSAFE VPN Firewall FVS318G v2

Internet and WAN Configuration Tasks

The tasks that are required to complete the Internet connection of your VPN firewall depend on whether you use an IPv4 connection or an IPv6 connection to your Internet service provider (ISP). The VPN firewall supports simultaneous IPv4 and IPv6 connections.

IPv4 Internet Connections

Setting up an IPv4 Internet connection to your ISP includes five tasks, three of which are optional.
To set up an IPv4 Internet connection:
1. Configure the IPv4 WAN mode.
Select
Mode on page 26.
2. Configure the IPv4 Internet connection to your ISP and connect t
Two configuration options are available. These tasks are described in th sections:
Let the VPN Firewall Automatically Detect and Configure an IPv4
Manually Configure an IPv4 Internet Connection on p
3. (Optional) Conf
If necessary, configure your fully qualified domain names. This task is describ
Configure Dynamic DNS on p
4. (Optional) Conf
If necessary, change the factory default MTU size, port speed, and MAC add VPN firewall. These are advanced features, and you usually do not need to change the settings. This task is described in Configure Advanced WAN Options and Other Tasks on pa
5. (Optional) Conf
This task is described in Enable the WAN Traffic Meter on p
either NAT or classical routing. This task is described in Configure the IPv4 WAN
o your ISP.
e following
Internet Connection
on page 28
age 31
igure Dynamic DNS on the WAN port.
ed in
age 35.
igure the WAN options.
ress of the
ge 52.
igure the WAN traffic meter.
age 349.

IPv6 Internet Connections

Setting up an IPv6 Internet connection to your ISP includes five tasks, three of which are optional.
To set up an IPv6 Internet connection:
1. Configure the IPv6 WAN mode.
IPv4 and IPv6 Internet and Broadband Settings
25
NETGEAR ProSAFE VPN Firewall FVS318G v2
Select the IPv4 / IPv6 mode to support both IPv4 and IPv6 traffic. For more information, see Configure the IPv6 Routing Mode on page 39.
Configure the IPv6 Internet connection
2.
Three configuration options are available. These tasks are described in the sections:
Use a DHCPv6 Server to Configure an IPv6 Internet Connection on p
Configure a Static IPv6 Internet Connection on page
Configure a PPPoE IPv6 Internet Connection on page 44
3.
(Optional) Configure the IPv6 tunnels.
Enable 6to4 following sections:
Configure 6to4 Automatic Tunneling o
Configure ISATAP Automatic Tunneling on page
4. (Optional) Configure Stateless
Enable IPv6 devices that were not assigned with IPv4-only devices. For more information, see Configure Stateless IP/ICMP
Translation on page 51
5. (Optional) Configure the WAN options.
If necessary VPN firewall. These are advanced features, and you usually do not need to change the settings. For more information, Configure Advanced WAN Options and Other Tasks on page 52.
tunnels and configure ISAT
IP/ICMP Translation (SIIT).
.
, change the factory default MTU size, port speed, and MAC a
to your ISP and connect to your ISP.
following
age 40
42
AP tunnels. These tasks are described in the
n p
age 47
48
permanent IPv4 addresses to communicate
ddress of the

Configure the IPv4 Internet Connection and WAN Settings

To set up your VPN firewall for secure IPv4 Internet connections, you must determine the IPv4 WAN mode and then configure the IPv4 Internet connection to your ISP on the WAN port.
The web management interface offers two connection configuration following sections:
Co
Let the VPN Firewall Automatically Detect and
page 28
Manually Configure an IPv4 Internet Connection on page 31
nfigure an IPv4 Internet Connection on

Configure the IPv4 WAN Mode

By default, IPv4 is supported and functions in NAT mode but can also function in classical routing mode. IPv4 functions the same way in IPv4-only mode that it does in IPv4 / IPv6
IPv4 and IPv6 Internet and Broadband Settings
26
options, described in the
NETGEAR ProSAFE VPN Firewall FVS318G v2
mode. The latter mode adds IPv6 functionality. For more information, see Configure the IPv6
Routing Mode on page
39.
Network Address Translation
Network Address Translation (NAT) allows all computers on your LAN to share a single public Internet IP address. From the Internet, only a single device (the VPN firewall) and a single IP address exist. Computers on your LAN can use any private IP address range, and these IP addresses are not visible from the Internet.
Note the following about NAT:
The VPN firewall uses NAT to select the correct computer (on your L
incoming data.
If you use only a single public Internet IP address, you must use
If your ISP provided you with mu
the primary shared address for Internet access by your computers, and you can map incoming traffic on the other public IP addresses to specific computers on your LAN. This one-to-one inbound mapping is configured using an inbound firewall rule.
ltiple public IP addresses, you can use one address as
AN) to receive any
NAT (the default setting).
Classical Routing
In classical routing mode, the VPN firewall performs routing, but without NAT. To gain Internet access, each computer on your LAN must be assigned a valid static Internet IP address.
you
If your ISP allocated a number of static IP addresses to you, and addresses to each computer, you can choose classical routing. Or you can use classical routing for routing private IP addresses within a campus environment.
You can view the status of the WAN ports on the Router Status screen (se
Status on page 361
).
assigned one of these
e View the System
Configure the IPv4 Routing Mode
To configure the IPv4 routing mode:
1. Log in to the unit:
a. In the address field of any of the qualified web browsers, enter
The NETGEAR Configuration Manager Login screen d
b. In the Username
password.
Use lowercase letters. If you changed the password, enter your personalized password. Leave the domain as it is (geardomain).
c. Click the Logi
The Router Status screen displays. After five minutes of inactivity login time-out, you are automatically logged out.
field, enter admin and in the Password / Passcode field, enter
n button.
IPv4 and IPv6 Internet and Broadband Settings
27
https://192.168.1.1.
isplays.
, which is the default
NETGEAR ProSAFE VPN Firewall FVS318G v2
WARNING:
2. Select Network Configuration > WAN Settings.
3. Select the NA
4. Click the Apply button.
Your settings are saved.
T radio button or the Classical Routing radio button.
Changing the WAN mode causes all LAN WAN and DMZ WAN inbound rules to revert to default settings.
Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection
To automatically configure the WAN port for an IPv4 connection to the Internet:
1. Log in to the unit:
a. In the address field of any of the qualified web browsers, enter
The NETGEAR Configuration Manager Login screen displays.
b. In the User
password.
name field, enter admin and in the Password / Passcode field, enter
https://192.168.1.1.
c. Click
Use lowercase letters. If you changed the password, enter your persona password. Leave the domain as it is (geardomain).
the L
ogin button.
The Router Status screen displays. After five minutes of inactivity, login time-out, you are automatically logged out.
IPv4 and IPv6 Internet and Broadband Settings
28
which is the default
lized
NETGEAR ProSAFE VPN Firewall FVS318G v2
2. Select Network Configuration > WAN Settings > Broadband ISP Settings.
In the upper right of the screen, the IPv4 radio butto
n is selected by default. The ISP
Broadband Settings screen displays the IPv4 settings.
3. Click the Au
to Detect button at the bottom of the screen.
The autodetect process probes the WAN port for a range of connection meth suggests one that your ISP is most likely to support.
The autodetect process returns one of the following results:
If the autodetect process is successful, a status bar at the top of th
the results (for example, DHCP service detected).
IPv4 and IPv6 Internet and Broadband Settings
29
ods and
e screen displays
NETGEAR ProSAFE VPN Firewall FVS318G v2
If the autodetect process senses a connection method that requires input from you, it
prompts you for the information. The following table explains the settings that you might need to enter:
Table 2. IPv4 Internet connection methods
Connection Method Manual Data Input Required
DHCP (Dynamic IP) No manual data input is required.
PPPoE The following fields are required:
Login
Password
Acco
Domain Name
PPTP The following fields are required:
Login
Password
Acco
Domain Name
My IP Address
Server IP Address
unt Name
unt Name
ixed (Static) IP The following fields are required:
F
IP Address
IP Subnet Mask
Gateway IP Address
Primary DNS Server
Secondary DNS Server
If the autodetect process does not find a connection, you are promp
check the physical connection between your VPN firewall and the cable, DSL line, or satellite or wireless Internet dish, or to check your VPN firewall’s MAC address. For more information, see Configure Advanced WAN Options and Other T page 52 and Troubleshoot the ISP Connection on page 389
4. To verify the connection, click the Broadb
and Status option arrow.
ted either to
asks on
.
IPv4 and IPv6 Internet and Broadband Settings
30
Loading...
+ 392 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use