NETGEAR FVS318N User Manual
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Reference Manual
350 East Plumeria Drive
San Jose, CA 95134
USA
July, 2012
202-10836-04
v1.0
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
© 2011–2012 NETGEAR, Inc. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. T o register your product, get the latest product updates, get support online, or
for more information about the topics covered in this manual, visit the Support website at
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): Check the li
http://support.netgear.com/app
st of phone numbers at
/answers/detail/a_id/984.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. Other brand and product names are registered trademarks or trademarks of their respective
holders. © 2012 NETGEAR, Inc. All rights reserved.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication
Part Number
202-10836-04 1.0 July, 2012 Added the following features:
202-10836-03 1.0 April, 2012 Added the PPPoE IPv6 feature (see Configure a PPPoE IPv6
202-10836-02 1.0 March, 2012 Added the following menus and features:
Version Publish Date Comments
• Stat eless IP/ICMP T ranslation (see Configure S tateless IP/ICMP
Translation)
• Option to turn bandwidth profiles on and off (see Create
Bandwidth Profiles)
• Support for SNMPv3 (see Use a Simple Network Management
Protocol Manager)
The following screens provide new information:
• LAN WAN Rules screen (see Configure LAN WAN Rules)
• Router Status screen (see Router Status Screen)
• Detailed Status screen (see Detailed Status Screen)
Internet Connection)
• New and improved general menu stru
radio buttons
• New LAN IPv6 configuration me
screen (see Manage the IPv6 LAN) and a new screen, the LAN
Multi-homing (IPv6) screen (see Configure IPv6 Multihome LAN
IP Addresses on the Default VLAN)
• IPv6 DMZ (Enable and Configure the DMZ Port for IPv4 and
IPv6 Traffic)
cture with IPv4 and IPv6
nu with the LAN Setup (IPv6)
2
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
(continued)
• IPv6 firewall rules (see Configure LAN WAN Rules, Configure
DMZ WAN Rules, Configure LAN DMZ Rules, and Examples of
Firewall Rules)
• IPv6 attack checks (see Attack Checks)
• IPv6/MAC bindings (see Set Up IP/MAC Bindings)
• Simplified wireless settings submenus for easier configuration
(see Chapter 4, Wireless Configuration an d Security)
• IPSec VPN IPv6 address support (see Chapter 6, Virtual Private
Networking Using IPSec and L2TP Connections)
• IPSec VPN autoiniti
VPN Policy)
• SSL VPN IPv6 address support (see Chapter 7, Virtual Private
Networking Using SSL Connections)
• User login restrictions based on IPv6 addresses (see Configure
Login Restrictions Based on IPv6 Addresses)
• IPv6 remote management access (see Configure Remote
Management Access)
• IPv6 address resolution for NTP servers (see Configure Date
and Time Service)
• IPv6 diagnostics (see Diagnostics Utilities)
• Extensive list of factory defaul
Default Settings and Technical Specifications)
ate support (see Manually Add or Edit a
t settings (see Appendix A,
202-10836-01 1.0 September 2011 First publication
3
Contents
Chapter 1 Introduction
What Is the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N?.10
Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Wireless Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Advanced VPN Support for Both IPSec and SSL. . . . . . . . . . . . . . . . . .12
A Powerful, True Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Easy Installation and Management . . . . . . .
Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Bottom Panel with Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Choose a Location for the Wireless VPN Firewall . . . . . . . . . . . . . . . . . . .19
Log In to the Wireless VPN Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Web Management Interface Menu Layout . . . . . . . . . . . . . . . . . . . . . . . . .22
Requirements for Entering IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . .24
. . . . . . . . . . . . . . . . . . . . .14
. . . . . . . . . . . . . . .13
Chapter 2 IPv4 and IPv6 Internet and Broadband Settings
Internet and WAN Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Tasks to Set Up an IPv4 Internet
Tasks to Set Up an IPv6 Internet
Configure the IPv4 Internet Connection and W
Configure the IPv4 WAN Mode . .
Let the Wireless VPN Firewall Au
Configure an IPv4 Internet Connection
Manually Configure an IPv4 Internet
Configure Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Configure the IPv6 Internet Connection and W
Configure the IPv6 Routing Mode . . . . . . . .
Use a DHCPv6 Server to Configure an IPv6 Internet Connection . . . . .39
Configure a Static IPv6 Internet Connection . . . . . . . . . . . . . . . . . . . . .41
Configure a PPPoE IPv6 Internet Connection
Configure 6to4 Automatic Tunneling . . . . . .
Configure ISATAP Automatic Tunneling . . . . .
View the Tunnel Status and IPv6 Addresses . .
Connection to Your ISP. . . . . . . . . . .25
Connection to Your ISP. . . . . . . . . . .26
AN Settings. . . . . . . . . . . .26
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
tomatically Detect and
. . . . . . . . . . . . . . . . . . . . . . . . .28
Connection. . . . . . . . . . . . . . . . . .31
AN Settings. . . . . . . . . . . .37
. . . . . . . . . . . . . . . . . . . . .38
. . . . . . . . . . . . . . . . . . . .43
. . . . . . . . . . . . . . . . . . . . .46
. . . . . . . . . . . . . . . . . . .47
. . . . . . . . . . . . . . . . . . .49
4
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Configure Stateless IP/ICMP Translation. . . . . . . . . . . . . . . . . . . . . . . .49
Configure Advanced WAN Options and Other Tasks. . . . . . . . . . . . . . . . .50
Additional WAN-Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .53
Verify the Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
What to Do Next. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Chapter 3 LAN Configuration
Manage IPv4 Virtual LANs and DHCP Options . . . . . . . . . . . . . . . . . . . . .54
Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Assign and Manage VLAN Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
VLAN DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Configure a VLAN Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Configure VLAN MAC Addresses and LAN Advanced Settings. . . . . . .64
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN . . . . .65
Manage IPv4 Groups and Hosts (IPv4 LAN Groups). . . . . . . . . . . . . . . . .67
Manage the Network Database . . . . . . . . . .
Change Group Names in the Network Database . . . . . . . . . . . . . . . . . .71
Set Up DHCP Address Reservation. . . . . . .
Manage the IPv6 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
DHCPv6 Server Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Configure the IPv6 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN . . . . .84
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic. . . . . . . . . .85
DMZ Port for IPv4 Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
DMZ Port for IPv6 Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Manage Static IPv4 Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Configure Static IPv4 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Configure the Routing Information Protocol . . . . . . . . . . . . . . . . . . . . .100
IPv4 Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Manage Static IPv6 Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
. . . . . . . . . . . . . . . . . . . . .68
. . . . . . . . . . . . . . . . . . . . .72
Chapter 4 Wireless Configuration and Security
Overview of the Wireless Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Wireless Equipment Placement and Range Guidelines. . . . . . . . . . . .107
Configure the Basic Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Operating Frequency (Channel) Guidelines. . .
Wireless Data Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Wireless Security Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Before You Change the SSID, WEP, and WPA Sett
Configure and Enable Wireless Profiles. . . . . . . . . . . . . . . . . . . . . . . .115
Restrict Wireless Access by MAC Address . . . . . . . . . . . . . . . . . . . . .120
View the Status of a Wireless Profile . . . . . . . . . . . . . . . . . . . . . . . . . .122
Configure Wi-Fi Protected Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
5
. . . . . . . . . . . . . . . . . .110
ings . . . . . . . . . . .114
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Configure Advanced Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Test Basic Wireless Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Chapter 5 Firewall Protection
About Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Administrator Tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Overview of Rules to Block or Allow Specific Kinds of Traffic . . . . . . . . .129
Outbound Rules (Service Blocking) . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Inbound Rules (Port Forwarding) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Configure LAN WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Create LAN WAN Outbound Service Rules . . . . . . . . . . . . . . . . . . . . .140
Create LAN WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . .143
Configure DMZ WAN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Create DMZ WAN Outbound Service Rules. . . . . . . . . . . . . . . . . . . . .148
Create DMZ WAN Inbound Service Rules . . . . . . . . . . . . . . . . . . . . . .150
Configure LAN DMZ Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Create LAN DMZ Outbound Service Rules . . . . . . . . . . . . . . . . . . . . .155
Create LAN DMZ Inbound Service Rules. . . . . . . . . . . . . . . . . . . . . . .157
Examples of Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Examples of Inbound Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . .159
Examples of Outbound Firewall Rules . . . . .
Configure Other Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Attack Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Set Limits for IPv4 Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Manage the Application Level Gateway for S
Services, Bandwidth Profiles, and Q
Add Customized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Create Bandwidth Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Preconfigured Quality of Service Profiles. . . . . . . . . . . . . . . . . . . . . . .177
Configure Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Set a Schedule to Block or Allow Specific Traffic
Enable Source MAC Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Set Up IP/MAC Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Configure Port Triggering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
Configure Universal Plug and Play. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
oS Profiles. . . . . . . . . . . . . . . . . . . .172
. . . . . . . . . . . . . . . . . . . .164
IP Sessions . . . . . . . . . . 171
. . . . . . . . . . . . . . . . . . .182
Chapter 6 Virtual Private Networking
Using IPSec and L2TP Connections
Use the IPSec VPN Wizard for Client and Gateway Configurations . . . .194
Create an IPv4 Gateway-to-Gateway VPN Tun ne l with th e Wiza rd. . .195
Create an IPv6 Gateway-to-Gateway VPN Tun ne l with th e Wiza rd. . .199
Create an IPv4 Client-to-Gateway VPN
Test the Connection and View Connection and Status Information. . . . .218
Test the NETGEAR VPN Client Connection . . . . . . . . . . . . . . . . . . . .218
NETGEAR VPN Client Status and Log Information
View the Wireless VPN Firewall IPSec VPN Connection Status . . . . .220
6
Tunnel with the Wizard . . . . .203
. . . . . . . . . . . . . . .220
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
View the Wireless VPN Firewall IPSec VPN Log . . . . . . . . . . . . . . . . .221
Manage IPSec VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Manage IKE Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Manage VPN Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . .238
Configure XAUTH for VPN Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
User Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
RADIUS Client and Server Configuration. . . . . . . . . . . . . . . . . . . . . . .240
Assign IPv4 Addresses to Remote Users (Mode Config)
Mode Config Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Configure Mode Config Operation on the Wireless VPN Firewall . . . .244
Configure the ProSafe VPN Client for Mode
Test the Mode Config Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Modify or Delete a Mode Config Record. . . .
Configure Keep-Alives and Dead Peer Detection . . . . . . . . . . . . . . . . . .259
Configure Keep-Alives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Configure Dead Peer Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261
Configure NetBIOS Bridging with IPSec VPN . . . . . . . . . . . . . . . . . . . . .262
Configure the L2TP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
View the Active L2TP Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265
Config Operation . . . . . .251
. . . . . . . . . . . . . . . . . . . .259
. . . . . . . . . . . . .243
Chapter 7 Virtual Private Networking
Using SSL Connections
SSL VPN Portal Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
Overview of the SSL Configuration Process . .
Create the Portal Layout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Configure Domains, Groups, and Users. . . . . . . . . . . . . . . . . . . . . . . . . .272
Configure Applications for Port Forwarding . . . . . . . . . . . . . . . . . . . . . . .273
Add Servers and Port Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
Add a New Host Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274
Configure the SSL VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Configure the Client IP Address Range . . . . . . . . . . . . . . . . . . . . . . . .276
Add Routes for VPN Tunnel Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Use Network Resource Objects to Simplify Policies
Add New Network Resources. . . . . . . . . . . .
Edit Network Resources to Specify Addresses
Configure User, Group, and Global Policies. . . . . . . . . . . . . . . . . . . . . . .282
View Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283
Add an IPv4 or IPv6 SSL VPN Policy. . . . . . . . . . . . . . . . . . . . . . . . . .284
Access the New SSL Portal Login Screen . . . .
View the SSL VPN Connection Status and SSL VPN Log. . . . . . . . . . . .292
. . . . . . . . . . . . . . . . . . . .267
. . . . . . . . . . . . . . . .279
. . . . . . . . . . . . . . . . . . . .279
. . . . . . . . . . . . . . . . . .280
. . . . . . . . . . . . . . . . . . . .288
Chapter 8 Manage Users, Authentication, and VPN Certificates
The Wireless VPN Firewall’s Authentication Process and Options . . . . .294
Configure Authentication Domains, Groups, and
Configure Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
Configure Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300
7
Users. . . . . . . . . . . . . .296
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Configure User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Set User Login Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Change Passwords and Other User Settings. . . . . . . . . . . . . . . . . . . . 311
Manage Digital Certificates for VPN
VPN Certificates Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314
Manage VPN CA Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Manage VPN Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . .316
Manage the VPN Certificate Revocation List . . . . . . . . . . . . . . . . . . . .320
Connections . . . . . . . . . . . . . . . . . .313
Chapter 9 Network and System Management
Performance Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Bandwidth Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Features That Reduce Traffic. . . . . . . . . .
Features That Increase Traffic
Use QoS and Bandwidth Assignment to Shift the Traffic Mix. . . . . . . . 328
Monitoring Tools for Traffic Management. . . . . . . . . . . . . . . . . . . . . . .328
System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
Change Passwords and Administrator and Guest Settings . . . . . . . . . 329
Configure Remote Management Access . . . . . . . . . . . . . . . . . . . . . . .331
Use the Command-Line Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Use a Simple Network Management Protocol Manager. . . . . . . . . . . .335
Manage the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Configure Date and Time Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
. . . . . . . . . . . . . . . . . . . . . .323
Chapter 10 Monitor System Access and Performance
Enable the WAN Traffic Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346
Configure Logging, Alerts, and Event Notifications . . . . . . . . . . . . . . . . .349
How to Send Syslogs over a VPN Tunnel between Sites . . . . . . . . . .353
View Status Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356
View the System Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356
View the VPN Connection Status and L2TP Users . . . . . . . . . . . . . . .364
View the VPN Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
View the Port Triggering Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
View the WAN Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367
View the Attached Devices and the DHCP Log . . . . . . . . . . . . . . . . . .370
View the Status of a Wireless Profile . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Diagnostics Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Send a Ping Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Trace a Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Look Up a DNS Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Display the Routing Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Capture Packets in Real Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376
Reboot the Wireless VPN Firewall Remotely. .
. . . . . . . . . . . . . . . . . . 377
Chapter 11 Troubleshooting
Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
8
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Power LED Not On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Test LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
LAN or WAN Port LEDs Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380
Troubleshoot the Web Management Interface . . . . . . . . . . . . . . . . . . . . .380
When You Enter a URL or IP Address, a Time-Out Error Occurs . . . . . .381
Troubleshoot the ISP Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Troubleshooting the IPv6 Connection . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Troubleshoot a TCP/IP Network Using a Ping Utility
Test the LAN Path to Your W
Test the Path from Your C
Restore the Default Configuration and Password . . . . . . . . . . . . . . . . . .388
Address Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . .389
Access the Knowledge Base and Documentation
ireless VPN Firewall. . . . . . . . . . . . . . . .386
omputer to a Remote Device . . . . . . . . . . .387
. . . . . . . . . . . . . . . .386
. . . . . . . . . . . . . . . . . .389
Appendix A Default Settings and Technical Specifications
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390
Physical and Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . .396
Appendix B Two-Factor Authentication
Why Do I Need Two-Factor Authentication? . . . . . . . . . . . . . . . . . . . . . .400
What Are the Benefits of Two-Factor Authentic
What Is Two-Factor Authenticat
NETGEAR Two-Factor Authentication Solutions . . . . . . . . . . . . . . . . . . .401
ion?. . . . . . . . . . . . . . . . . . . . . . . . . . .401
ation? . . . . . . . . . . . . .400
Appendix C Notification of Compliance (Wired)
Appendix D Notification of Compliance (Wireless)
Index
9
1. Introduction
This chapter provides an overview of the features and capabilities of the ProSafe Wireless-N
8-Port Gigabit VPN Firewall FVS318N and explains how to log in to the device and use its web
management interface. The chapter contains the following sections:
• What Is the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N?
• Key Features and Capabilities
• Package Contents
• Hardware Features
• Choose a Location for the Wireless VPN Firewall
• Log In to the Wireless VPN Firewall
• Web Management Interface Menu Layout
• Requirements for Entering IP Addresses
1
Note: For more information about the topics covered in this manual, visit
the FVS318N support website at http://support.netgear.com.
What Is the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N?
The ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N, hereafter referred to as the
wireless VPN firewall, connects your local area network (LAN) and wireless LAN (WLAN) to
the Internet through an external broadband access device such as a cable or DSL modem,
satellite or wireless Internet dish, or another router. A 2.4-GHz radio supports wireless
connections in 802.11n mode with support for legacy clients in 802.11b and 802.11g mode.
The wireless VPN firewall routes both IPv4 and IPv6 traffic. A powerful, flexible firewall
protects your IPv4 and IPv6 networks from denial of service (DoS) attacks, unwanted traffic,
and traffic with objectionable content. IPv6 traffic is supported through 6to4 and Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP) tunnels.
10
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
The wireless VPN firewall provides advanced IPSec and SSL VPN technologies with support
for up to 12 IPSec VPN tunnels and 5 SSL VPN tunnels, as well as L2TP support for easy
and secure remote connections. The use of Gigabit Ethernet WAN and LAN ports ensures
high data transfer speeds.
Key Features and Capabilities
• Wireless Features
• Advanced VPN Support for Both IPSec and SSL
• A Powerful, True Firewall
• Security Features
• Autosensing Ethernet Connections with Auto Uplink
• Extensive Protocol Support
• Easy Installation and Management
• Maintenance and Support
The wireless VPN firewall provides the following key features and capabilities:
• A sing
• Built-in eig
transfer between local network resources
• A wireless rad
• Bot
• Advanced IPSec VPN and SSL VPN support
• L
• Advanced st
• SNMP
the NETGEAR ProSafe Network Management Software (NMS200) over a LANJ
connection.
• F
• F
• I
le 10/100/1000 Mbps Gigabit Ethernet WAN port
ht-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data
io with up to four wireless profiles
h IPv4 and IPv6 support
2TP tunnel support
ateful packet inspection (SPI) firewall with multi-NAT support
support with SNMPv1, SNMPv2c, and SNMPv3, and management optimized for
ront panel LEDs for easy monitoring of status and activity
lash memory for firmware upgrade
nternal universal switching power supply
Wireless Features
The wireless VPN firewall supports the following features:
.4 GHz radio. 2.4-GHz band support with 802.11b/g/n wireless modes.
• 2
ireless profiles. Support for up to four wireless profiles, each with its own SSID.
• W
• Acc
ess control. The Media Access Control (MAC) address filtering feature can ensure
that only trusted wireless stations can use the wireless VPN firewall to gain access to
your LAN.
Introduction
11
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
• Hidden mode. The SSID is not broadcast, assuring that only clients configured with the
correct SSID can connect.
• Secure an
economical operation.
d economical operation. Adjustable power output allows more secure or
Advanced VPN Support for Both IPSec and SSL
The wireless VPN firewall supports IPSec and SSL virtual private network (VPN)
connections:
• IPSec VPN delivers fu
between a central office and telecommuters. Remote access by telecommuters requires
the installation of VPN client software on the remote computer.
- IPSec VPN with b
gateways and clients.
- Up to 12
- Bundled with
• SSL VPN p
without requiring a preinstalled VPN client on their computers.
- Uses the fa
e-commerce transactions, to provide client-free access with customizable user portals
and support for a wide variety of user repositories.
- Up to five simult
- Allo
popular browsers, such as Microsoft Internet Explorer, Mozilla Firefox, and Apple
Safari.
- Provides granular access to
membership.
simultaneous IPSec VPN connections.
rovides remote access for mobile users to selected corporate resources
miliar Secure Sockets Layer (SSL) protocol, commonly used for
ws browser-based, platform-independent remote access through a number of
ll network access between a central office and branch offices, or
road protocol support for secure connection to other IPSec
a 30-day trial license for the ProSafe VPN Client software (VPN01L).
aneous SSL VPN connections.
corporate resources based on user type or group
A Powerful, True Firewall
Unlike simple NAT routers, the wireless VPN firewall is a true firewall, using stateful packet
inspection (SPI) to defend against hacker attacks. Its firewall features have the following
capabilities:
• DoS protection. Automa
as Ping of Death and SYN flood.
• Secure firewall. Blocks un
• Schedul
• Logs security incident
configure the firewall to email the log to you at specified intervals.
e policies. Permits scheduling of firewall policies by day and time.
tically detects and thwarts denial of service (DoS) attacks such
wanted traffic from the Internet to your LAN.
s. Logs security event s such as logins and secure logins. You can
Introduction
12
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Security Features
The wireless VPN firewall is equipped with several features designed to maintain security:
• Com
• Port forwarding with NA
• DMZ port. Incoming tra
puters hidden by NAT. NAT opens a temporary path to the Internet for requests
originating from the local network. Requests originating from outside the LAN are
discarded, preventing users outside the LAN from finding and directly accessing the
computers on the LAN.
T. Although NAT prevents Internet locations from directly
accessing the computers on the LAN, the wireless VPN firewall allows you to direct
incoming traffic to specific computers based on the service port number of the incoming
request.
ffic from the Internet is usually discarded by the wireless VPN
firewall unless the traffic is a response to one of your local computers or a service for
which you have configured an inbound rule. Instead of discarding this traffic, you can use
the dedicated demilitarized zone (DMZ) port to forward the traf fic to one computer on your
network.
Autosensing Ethernet Connections with Auto Uplink
With its internal eight-port 10/100/1000 Mbps switch an d 10/100/1000 W AN port, the wireless
VPN firewall can connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast
Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The LAN and WAN interfaces
are autosensing and capable of full-duplex or half-duplex operation.
The wireless VPN firewall incorporates Auto Uplink
automatically senses whether the Ethernet cable plugged into the port should have a normal
connection such as to a computer or an uplink connection such as to a switch or hub. That
port then configures itself correctly. This feature eliminates the need for you to think about
crossover cables, as Auto Uplink accommodates either type of cable to make the right
connection.
TM
technology. Each Ethernet port
Extensive Protocol Support
The wireless VPN firewall supports the Transmission Control Protocol/Internet Protocol
(TCP/IP) and Routing Information Protocol (RIP). The wireless VPN firewall provides the
following protocol support:
P address sharing by NAT. The wireless VPN firewall allows many networked
• I
computers to share an Internet account using only a single IP address, which might be
statically or dynamically assigned by your Internet service provider (ISP). This technique,
known as Network Address Translation (NAT), allows the use of an inexpensive
single-user ISP account.
• Automatic configuration of att
dynamically assigns network configuration information, including IP, gateway, and
Domain
Name Server (DNS) addresses, to attached computers on the LAN using the
ached computers by DHCP. The wireless VPN firewall
Introduction
13
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies
configuration of computers on your local network.
• DNS prox
provides its own address as a DNS server to the attached computers. The firewall obtains
actual DNS addresses from the ISP during connection setup and forwards DNS requests
from the LAN.
• PPP
Internet over a DSL connection by simulating a dial-up connection.
• Qua
y. When DHCP is enabled and no DNS addresses are specified, the firewall
over Ethernet (PPPoE). PPPoE is a protocol for connecting remote hosts to the
lity of Service (QoS). The wireless VPN firewall supports QoS.
• Laye
r 2 Tunneling Protocol (L2TP). A tunneling protocol that is used to support virtual
private networks (VPNs).
Easy Installation and Management
You can install, configure, and operate the wireless VPN firewall within minutes after
connecting it to the network. The following features simplify installation and management
tasks:
• Bro
• Auto-detec
• IPSec VPN W
• SNMP. The
• Diagnosti
• Remote m
wser-based management. Browser-based configuration allows you to easily
configure the wireless VPN firewall from almost any type of operating system, such as
Windows, Macintosh, or Linux. Online help documentation is built into the browser-based
web management interface.
tion of ISP. The wireless VPN firewall automatically senses the type of
Internet connection, asking you only for the information required for your type of ISP
account.
izard. The wireless VPN firewall includes the NETGEAR IPSec VPN
Wizard so you can easily configure IPSec VPN tunnels according to the
recommendations of the Virtual Private Network Consortium (VPNC). This ensures that
the IPSec VPN tunnels are interoperable with other VPNC-compliant VPN routers and
clients.
wireless VPN firewall supports the Simple Network Management Protocol
(SNMP) to let you monitor and manage log resources from an SNMP-compliant system
manager. The SNMP system configuration lets you change the system variables for
MIB2.
c functions. The wireless VPN firewall incorporates built-in diagnostic
functions such as ping, traceroute, DNS lookup, and remote reboot.
anagement. The wireless VPN firewall allows you to log in to the web
management interface from a remote location on the Internet. For security, you can limit
remote management access to a specified remote IP address or range of addresses.
• V
isual monitoring. The wireless VPN firewall’s front p anel LEDs provide an easy way to
monitor its status and activity.
Introduction
14
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Maintenance and Support
NETGEAR offers the following features to help you maximize your use of the wireless VPN
firewall:
lash memory for firmware upgrades.
• F
echnical support seven days a week, 24 hours a day. Information about support is
• T
available on the NETGEAR website at
http://support.netgear.com/app/answers/detail/a_id/212.
Package Contents
The wireless VPN firewall product package contains the following items:
• ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
• One 1
2V 1A power supply unit for your region
• Rub
• Eth
• Pro
• Resource CD, including:
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep
t
he carton, including the original packing materials, in case you need to return the product for
repair.
ber feet
ernet cable
Safe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Installation Guide
- App
- 3
lication Notes and other helpful information
0-day trial license for the ProSafe VPN Client software (VPN01L)
Hardware Features
• Front Panel
• Rear Panel
• Bottom Panel with Product Label
The front panel ports and LEDs, rear panel ports, and bottom label of the wireless VPN
f
irewall are described in the following sections.
Front Panel
Viewed from left to right, the wireless VPN firewall front panel contains the following ports:
AN Ethernet ports. Eight switched N-way automatic speed negotiating, Auto MDI/MDIX,
• L
Gigabit Ethernet ports with RJ-45 connectors.
• W
AN Ethernet port. One independent N-way automatic speed negotiating, Auto
MDI/MDIX, Gigabit Ethernet port with an RJ-45 connector.
Introduction
15
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Power
Test LED
DMZ LED
Left WAN LED
Right WAN LED
Active WAN LED
Wireless LED
LED
Left LAN LEDs
Right LAN LEDs
(green, one for each port)
(one for each port)
(green)
The front panel also contains three groups of status indicator light-emitting diodes (LEDs),
including Power and Test LEDs, LAN LEDs, and WAN LEDs, all of which are explained in
detail in the following table. Some LED explanation is provided on the front panel.
Figure 1.
The following table describes the function of each LED.
Table 1. LED descriptions
LED Activity Description
Power LED On (green) Power is supplied to the wireless VPN firewall.
Off Power is not supplied to the wireless VPN firewall.
Test LED On (amber) during
startup.
On (amber) during
any other time
Blinking (amber) The wireless VPN firewall is writing to flash memory (during upgrading or
Off The wireless VPN firewall has booted successfully.
Test mode. The wireless VPN firewall is initializing. After approximately 2
minutes, when the wireless VPN firewall has completed its initialization, the
Test LED goes off.
The initialization has failed, or a hardware failure has occurred.
resetting to defaults).
Introduction
16
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Table 1. LED descriptions (continued)
LED Activity Description
LAN Ports
Left LED Off The LAN port has no link.
On (green) The LAN port has detected a link with a connected Ethernet device.
Blinking (green) Data is being transmitted or received by the LAN port.
Right LED Off The LAN port is operating at 10 Mbps.
On (amber) The LAN port is operating at 100 Mbps.
On (green) The LAN port is operating at 1000 Mbps.
DMZ LED Off Port 8 is operating as a normal LAN port.
On (green) Port 8 is operating as a dedicated hardware DMZ port.
WAN Port
Left LED Off The WAN port has no physical link, that is, no Ethernet cable is plugged into
the wireless VPN firewall.
On (green) The WAN port has a valid connection with a device that provides an Internet
connection.
Blinking (green) Data is being transmitted or received by the WAN port.
Right LED Off The WAN port is operating at 10 Mbps.
On (amber) The WAN port is operating at 100 Mbps.
On (green) The WAN port is operating at 1000 Mbps.
Active LED Off There is no link to the Internet.
On (green) There is a link to the Internet.
Introduction
17
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
(2) Security lock
receptacle
(3) Console port
(4) Factory default
(5) DC power
receptacle
Reset button
Antennas
(6) Power
(1) and (7)
switch
Rear Panel
The rear panel of the wireless VPN firewall includes the antennas, a cable lock receptacle, a
console port, a Reset button, a DC power connection, and a power switch.
Figure 2.
Viewed from left to right, the rear panel contains the following components:
1. Dipole anten
2. Cable security lock recept
3. Console port
connector. The default baud rate is 9600 K. The pinouts are (2) Tx, (3) Rx, (5) and (7) Gnd.
4. Fa
ctory default Reset button. Using a sharp object, press and hold t his button for about
8 seconds until the front panel Test LED flashes to reset the wireless VPN firewall to factory
ault settings. All configuration settings are lost, and the default password is restored.
def
5. DC power plug re
country of sale.
6. Power On/Of
7. Dipole anten
na.
acle.
. Port for connecting to an optional console terminal. The port has a DB9 male
ceptacle. Power input is 12VDC, 1A. The power plug is localized to the
f switch.
na.
Introduction
18
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Bottom Panel with Product Label
The product label on the bottom of the wireless VPN firewall’s enclosure displays factory
defaults settings, regulatory compliance, and other information.
Figure 3.
Choose a Location for the Wireless VPN Firewall
The wireless VPN firewall is suitable for use in an office environment where it can be
freestanding (on its runner feet) or mounted into a standard 19-inch equipment rack.
Alternatively, you can rack-mount the wireless VPN firewall in a wiring closet or equipment
room.
Consider the following when deciding where to position the wireless VPN firewall:
he unit is accessible, and cables can be connected easily.
• T
• Cab
• W
• Airflow aro
• T
• T
ling is away from sources of electrical noise. These include lift shafts, microwave
ovens, and air-conditioning units.
ater or moisture cannot enter the case of the unit.
und the unit and through the vents in the side of the case is not restricted.
Provide a minimum of 25 mm or 1 inch clearance.
he air is as free of dust as possible.
emperature operating limits are not likely to be exceeded. Install the unit in a clean,
air-conditioned environment. For information about the recommended operating
temperatures for the wireless VPN firewall, see Appendix A, Default Settings and
Technical Specifications.
Introduction
19
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Log In to the Wireless VPN Firewall
Note: To connect the wireless VPN firewall physically to your network,
connect the cables and restart your network according to the
instructions in the ProSafe Wireless-N 8-Port Gigabit VPN Firewall
FVS318N Installation Guide. A PDF of this guide is on the
NETGEAR support website at
http://support.netgear.com/app/products/model/a_id/19435.
To configure the wireless VPN firewall, you nee
Internet Explorer 7.0 or later, Mozilla Firefox 4.0 or later, or Apple Safari 3.0 or later with
JavaScript, cookies, and SSL enabled. (Google Chrome is not supported at this time.)
Although these web browsers are qualified for use with the wireless VPN firewall’s web
management interface, SSL VPN users should choose a browser that supports JavaScript,
Java, cookies, SSL, and ActiveX to take advantage of the full suite of applications. Note that
Java is required only for the SSL VPN portal, not for the web management interface.
To log in to the wireless VPN firewall:
1. S
tart any of the qualified web browsers.
2. In
the address field, enter https://192.168.1.1. The NETGEAR Configuration Manager Login
screen displays in the browser.
Note: The wireless VPN firewall factory default IP address is 192.168.1.1.
If you change the IP address, you need to use the IP address that
you assigned to the wireless VPN firewall to log in to the wireless
VPN firewall.
d to use a web browser such as Microsoft
Introduction
20
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 4.
3. In the User Name field, type admin. Use lowercase letters.
4. In the Password / Pa
sscode field, type password. Here, too, use lowercase letters.
Note: The wireless VPN firewall user name and password are not the
same as any user name or password you might use to log in to your
Internet connection.
Note: Leave the domain as it is (geardomain).
5. Click Login. The web management interface displays, showing the Router Status screen.
The following figure shows the top part of the Router Status screen. For more information,
see View the System Status on p
age 356.
Note: After 5 minutes of inactivity (the default login time-out), you are
automatically logged out.
Introduction
21
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
1st level: Main navigation menu link (orange)
2nd level: Configuration menu link (gray)
3rd level: Submenu tab (blue)
Option arrows: Additional screen for submenu item
IP radio buttons
Figure 5.
Web Management Interface Menu Layout
The following figure shows the menu at the top the web management interface:
Figure 6.
The web management interface menu consists of the following components:
• 1st le
vel: Main navigation menu links. The main navigation menu in the orange bar
across the top of the web management interface provides access to all the configuration
functions of the wireless VPN firewall, and remains constant. When you select a main
navigation menu link, the letters are displayed in white against an orange background.
Introduction
22
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
• 2nd level: Configuration menu links. The configuration menu links in the gray bar
(immediately below the main navigation menu bar) change according to the main
navigation menu link that you select. When you select a configuration menu link, the
letters are displayed in white against a gray background.
rd level: Submenu tabs. Each configuration menu item has one or more submenu tabs
• 3
that are listed below the gray menu bar. When you select a submenu tab, the text is
displayed in white against a blue background.
• Option arrows. If there
are additional screens for the submenu item, links to the screens
display on the right side in blue letters against a white background, preceded by a white
arrow in a blue circle.
• I
P radio buttons. The IPv4 and IPv6 radio buttons let you select the IP version for the
feature to be configured onscreen. There are four options:
- Both
buttons are operational. You can configure the feature onscreen
for IPv4 functionality or for IPv6 functionality
. After you have correctly configured the
feature for both IP versions, the feature can function with both IP versions
simultaneously.
- T
he IPv4 button is operational but the IPv6 button is disabled. You
can configure the feature onscreen for IPv4 functionality only.
- T
he IPv6 button is operational but the IPv4 button is disabled. You
can configure the feature onscreen for IPv6 functionality only.
- Both
buttons are disabled. IP functionality does not apply.
The bottom of each screen provides action buttons. The nature of the screen determines
which
Figure 7.
action buttons are shown. The following figure shows an example:
Any of the following action buttons might display onscreen (this list might not be complete):
• Appl
• Reset. Rese
• T
• Auto Detect. Enab
y. Save and apply the configuration.
t the configuration to the previously saved configuration.
est. Test the configuration.
le the wireless VPN firewall to detect the configuration automatically
and suggest values for the configuration.
• Can
cel. Cancel the operation.
When a screen includes a table, table buttons display to let you configure the table entries.
he nature of the screen determines which table buttons are shown. The following figure
T
shows an example:
Figure 8.
Introduction
23
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Any of the following table buttons might display onscreen:
• Select All. Select all entries in the table.
• Delete. Delete th
• Enable.
• Disable.
• Add. Add a
• Edit. Edit the selected e
• Up. Mo
• Down.
• Apply. Apply the
Almost all screens and sections of screens have an a
help screen, click the (question mark) icon.
Enable the selected entry or entries in the table.
Disable the selected entry or entries in the table.
ve the selected entry up in the table.
Move the selected entry down in the table.
e selected entry or entries from the table.
n entry to the table.
ntry.
selected entry.
ccompanying help screen. To open the
Requirements for Entering IP Addresses
To connect to the wireless VPN firewall, your computer needs to be configured to obtain an IP
address automatically from the wireless VPN firewall, either an IPv4 address through DHCP
or an IPv6 address through DHCPv6, or both.
IPv4
The fourth octet of an IP address needs to be between 0 and 255 (both inclusive). This
requirement applies to any IP address that you enter on a screen of the web management
interface.
IPv6
IPv6 addresses are denoted by eight groups of hexadecimal quartets that are separated by
colons. Any four-digit group of zeroes within an IPv6 address can be reduced to a single zero
or altogether omitted.
The following errors invalidate an IPv6 address:
• Mor
• Mor
• Mor
e than eight groups of hexadecimal quartets
e than four hexadecimal characters in a quartet
e than two colons in a row
Introduction
24
2. IPv4 and IPv6 Internet and Broadband
Settings
This chapter explains how to configure the Internet and WAN settings. The chapter contains the
following sections:
• Internet and WAN Configuration Tasks
• Configure the IPv4 Internet Connection and WAN Settings
• Configure the IPv6 Internet Connection and WAN Settings
• Configure Advanced WAN Options and Other Tasks
• What to Do Next
2
Internet and WAN Configuration Tasks
The tasks that are required to complete the Internet connection of your wireless VPN firewall
depend on whether you use an IPv4 connection or an IPv6 connection to your Internet
service provider (ISP).
Note: The wireless VPN firewall supports simultaneous IPv4 and IPv6
connections.
Tasks to Set Up an IPv4 Internet Connection to Your ISP
Complete these four tasks:
1. Con
2. Configure the IPv4 In
figure the IPv4 WAN mode. Select either NAT or classical routing: see Configure
the IPv4 WAN Mode on
following sections:
• Let the Wireless VPN Firewall Automatically Detect and Configure an IPv4 Internet
Connection o
• Manually Configure an IPv4 Internet Connection on p
You can also program the WAN traffic meter if you wish: see Enable the WAN Traffic
Meter on p
age 346.
n page 28
page 27.
ternet connection to your ISP. Connect to your ISP: See one of the
age 31
25
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3. (Optional) Configure Dynamic DNS on the WAN port. If required, configure your fully
qualified domain names: See Configure Dynamic DNS o
4. (
Optional) Configure the WAN options. If required, change the factory default MTU size,
port speed, and MAC address of the wireless VPN firewall: See Configure Advanced WAN
Options and Other Tasks on p
need to change the settings.
age 50. These are advanced features, and you usually do not
n page 35.
Tasks to Set Up an IPv6 Internet Connection to Your ISP
Complete these four tasks:
1. Configure
IPv6 traffic: See Configure the IPv6 Routing Mode on p
2. Confi
following sections:
• Use a DHCPv6 Server to Configure an IPv6 Internet Connection o
• Configure a Static IPv6 Internet Connection on p
• Configure a PPPoE IPv6 Internet Connection on p
3. Configure the IPv6
Configure 6to4 Automatic Tunneling on
Tunneling on p
4. (Op
5. (
tional) Configure Stateless IP/ICMP Translation (SIIT). Enable IPv6 d ev ice s th at do
not have permanently assigned IPv4 addresses to communicate with IPv4-only devices:
See Configure Stateless IP/ICMP Translation on p
Optional) Configure the WAN options. If required, change the factory default MTU size,
port speed, and MAC address of the wireless VPN firewall: See Configure Advanced WAN
Options and Other Tasks on p
need to change the settings.
the IPv6 WAN mode. Select the IPv4 / IPv6 mode to support both IPv4 and
age 38.
gure the IPv6 Internet connection to your ISP. Connect to your ISP: See one of the
n page 39
age 41
age 43
tunnels. Enable 6to4 tunnels and configure ISATAP tunnels: See
page 46 and Configure ISATAP Automatic
age 47.
age 49.
age 50. These are advanced features, and you usually do not
Configure the IPv4 Internet Connection and WAN Settings
• Configure the IPv4 WAN Mode
• Let the Wireless VPN Firewall Automatically Detect and Configure an IPv4 Internet
Connection
• Manually Configure an IPv4 Internet Connection
• Configure Dynamic DNS
To set up your wireless VPN firewall for secure IPv4 Internet connections, you need to
deter
mine the IPv4 WAN mode (see the next section) and then configure the IPv4 Internet
connection to your ISP on the WAN port. The web management interface offers two
connection configuration options, discussed in the following sections:
• Let the Wireless VPN Firewall Automatically Detect and Configure an IPv4 Internet
Connection on p
• Manually Configure an IPv4 Internet Connection on p
age 28
age 31
IPv4 and IPv6 Internet and Broadband Settings
26
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Configure the IPv4 WAN Mode
By default, IPv4 is supported and functions in NAT mode but can also function in classical
routing mode. IPv4 functions the same way in IPv4-only mode that it does in IPv4 / IPv6
mode. The latter mode adds IPv6 functionality (see Configure the IPv6 Routing Mode on
page 38).
Network Address Translation
Network Address Translation (NAT) allows all computers on your LAN to share a single public
Internet IP address. From the Internet, there is only a single device (the wireless VPN
firewall) and a single IP address. Computers on your LAN can use any private IP address
range, and these IP addresses are not visible from the Internet.
Note the following about NAT:
he wireless VPN firewall uses NAT to select the correct computer (on your LAN) to
• T
receive any incoming data.
• I
f you have only a single public Internet IP address, you need to use NAT (the default
setting).
• I
f your ISP has provided you with multiple public IP addresses, you can use one address
as the primary shared address for Internet access by your computers, and you can map
incoming traffic on the other public IP addresses to specific computers on your LAN. This
one-to-one inbound mapping is configured using an inbound firewall rule.
Classical Routing
In classical routing mode, the wireless VPN firewall performs routing, but without NAT. To
gain Internet access, each computer on your LAN needs to have a valid static Internet IP
address.
If your ISP has allocated a number of static IP addresses to yo u, and you have assigned one
of these addresses to each computer, you can choose classical routing. Or you can use
classical routing for routing private IP addresses within a campus environment.
To view the status of the WAN ports, you can view the Router Status screen (see View the
System Status on page 356).
Configure the IPv4 Routing Mode
To configure the IPv4 routing mode:
1. Select Network Configuratio
n > WAN Settings. The WAN Mode screen displays:
IPv4 and IPv6 Internet and Broadband Settings
27
Figure 9.
WARNING:
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
2. Select the NA T radio button or the Classical Routing radio button.
Changing the WAN mode causes all LAN WAN and DMZ WAN
inbound rules to revert to default settings.
3. Click Apply to save your settings.
Let the Wireless VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection
To automatically configure the WAN port for an IPv4 connection to the Internet:
1. Select Netwo
upper right of the screen, the IPv4 radio button is selected by default. The ISP
Broadband Settings screen displays the IPv4 settings:
rk Configuration > WAN Settings > Broadband ISP Settings. In the
IPv4 and IPv6 Internet and Broadband Settings
28
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 10.
2. Click the Auto Detect button at the bottom of the screen. The autodetect process probes
the WAN port for a range of connection methods and suggests one that your ISP is most
likely to support.
The autodetect process returns one of the following results:
f the autodetect process is successful, a status bar at the top of the screen displays
• I
the results (for example, DHCP service detected).
• I
f the autodetect process senses a connection method that requires input from you, it
prompts you for the information. The following table explains the settings that you
might have to enter:
IPv4 and IPv6 Internet and Broadband Settings
29
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Table 2. IPv4 Internet connection methods
Connection Method Manual Data Input Required
DHCP (Dynamic IP) No manual data input is required.
PPPoE The following fields are required:
• Login
• Password
• Account Name
• Domain Name
PPTP The following fields are required:
• Login
• Password
• Account Name
• Domain Name
• My IP Address
• Server IP Address
Fixed (Static) IP The following fields are required:
• IP Address
• IP Subnet Mask
• Gateway IP Address
• Primary DNS Server
• Secondary DNS Server
• If the autodetect process does not find a connection, you are prompted either to
check the physical connection between your wireless VPN firewall and the cable, DSL
line, or satellite or wireless Internet dish, or to check your wireless VPN firewa ll’s MAC
address. For more information, see Configure Advanced WAN Options and Other
Tasks o
3. T
o verify the connection, click the Broadband Status option arrow in the upper right of the
n page 50 and Troubleshoot the ISP Connection on page 382.
screen to display the Connection Status pop-up screen. (The following figure shows a static
IP address configuration.)
Figure 11.
IPv4 and IPv6 Internet and Broadband Settings
30
Loading...