NETGEAR FVS318v3 User Manual
Reference Manual for the ProSafe VPN Firewall FVS318v3
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10059-02
Version 3
January 2005
January 2005
© 2005 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR is a trademark of Netgear, Inc.
Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation.
Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and
used in accordance with the instruct ions, may cause harmf ul interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
EN 55 022 Declaration of Conformance
This is to certify that the FVS318v3 ProSafe VPN Firewall is shielded against the generation of radio interference in
accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application
of EN 55 022 Class B (CISPR 22).
ii
January 2005
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das FVS318v3 ProSafe VPN Firewall gemäß der im BMP T-AmtsblVfg 243/1991 und Vfg
46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kan n
jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the FVS318v3 ProSafe VPN Firewall has been suppressed in accordance with the conditions
set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test
transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes
in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Contr ol Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference.
Read instructions for correct handling.
January 2005
iii
Product and Publication Details
Model Number: FVS318v3
Publication Date: January 2005
Product Family: Router
Product Name: FVS318v3 ProSafe VPN Firewall
Home or Business Product: Business
Language: English
iv
January 2005
Contents
Chapter 1
About This Manual
Audience, Scope, Conventions, and Formats ................................................................1-1
How to Use This Manual ................................................................................................1-2
How to Print this Manual .................................................................................................1-3
Chapter 2
Introduction
Key Features of the VPN Firewall ..................................................................................2-1
A Powerful, True Firewall with Content Filtering ......................................................2-2
Security ....................................................................................................................2-2
Autosensing Ethernet Connections with Auto Uplink ...............................................2-3
Extensive Protocol Support ......................................................................................2-3
Easy Installation and Management ..........................................................................2-4
Maintenance and Support .................. .... ... ... ... .......................................... ... .... ... ... ..2-4
Package Contents ..........................................................................................................2-5
The FVS318v3 Front Panel ......................................................................................2-5
The FVS318v3 Rear Panel ......................................................................................2-6
NETGEAR-Related Products .........................................................................................2-7
NETGEAR Product Registration, Support, and Documentation ................................ .....2-7
Chapter 3
Connecting the Firewall to the Internet
Prepare to Install Your FVS318v3 ProSafe VPN Firewall ... ... ....... ... ... .... ... ... ... ... .... ... ... ..3-1
First, Connect the FVS318v3 .........................................................................................3-1
Now, Configure the FVS318v3 for Internet Access ........................................................3-4
Troubleshooting Tips ......................................................................................................3-6
Overview of How to Access the FVS318v3 VPN Firewall ..............................................3-8
How to Log On to the FVS318v3 After
Configuration Settings Have Been Applied ..............................................................3-9
How to Bypass the Configuration Assistant ...........................................................3-10
Contents v
January 2005
Using the Smart Setup Wizard .....................................................................................3-11
How to Manually Configure Your Internet Connection ..... .......................................... ... 3-12
Chapter 4
Firewall Protection and
Content Filtering
Firewall Protection and Content Filtering Overview ............ ... .... ... ... ... .... ... ... ... ...............4-1
Block Sites ......................................................................................................................4-2
Using Rules to Block or Allow Specific Kinds of Traffic ..................................................4-3
Inbound Rules (Port Forwarding) .............................. ............................................... 4-5
Inbound Rule Example: A Local Public Web Server ..........................................4-5
Inbound Rule Example: Allowing a Videoconference from Restricted Addresses 4-6
Considerations for Inbound Rules .....................................................................4-6
Outbound Rules (Service Blocking) .........................................................................4-7
Outbound Rule Example: Blocking Instant Messenger .....................................4-7
Order of Precedence for Rules ................................................................................4-8
Default DMZ Server .................................................................................................4-8
Respond to Ping on Internet WAN Port ...................................................................4-9
Services ................................. ................................................ .......................................4-10
Using a Schedule to Block or Allow Specific Traffic ......................................................4-12
Time Zone ..............................................................................................................4-13
Getting E-Mail Notifications of Event Logs and Alerts ..................................................4-14
Viewing Logs of Web Access or Attempted Web Access .............................................4-16
Syslog ....................................................................................................................4-17
Chapter 5
Basic Virtual Private Networking
Overview of VPN Configuration ......................................................................................5-2
Client-to-Gateway VPN Tunnels ..............................................................................5-2
Gateway-to-Gateway VPN Tunnels .........................................................................5-2
Planning a VPN ..............................................................................................................5-3
VPN Tunnel Configuration .................................. ... .......................................... ... .... ... ... ..5-5
How to Set Up a Client-to-Gateway VPN Configuration .................................................5-5
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3 ..............5-6
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ...........5-9
Monitoring the Progress and Status of the VPN Client Connection . ... ... ... ... .... ... ...5-16
Transferring a Security Policy to Another Client .......................... .... ... ... ... ... .... ... ...5-18
Exporting a Security Policy ................. ... .......................................... ... ... .... ...... 5-18
vi Contents
January 2005
Importing a Security Policy ..............................................................................5-19
How to Set Up a Gateway-to-Gateway VPN Configuration ....... ................................... 5-20
Procedure to Configure a Gateway-to-Gateway VPN Tunnel ................................5-21
VPN Tunnel Control ..................... .... ... ... ... .... ... ... ... ... .... .......................................... ......5-26
Activating a VPN Tunnel ........................................................................................5-26
Start Using a VPN Tunnel to Activate It ...........................................................5-26
Using the VPN Status Page to Activate a VPN Tunnel ....................................5-26
Activate the VPN Tunnel by Pinging the Remote Endpoint .............................5-27
Verifying the Status of a VPN Tunnel .....................................................................5-29
Deactivating a VPN Tunnel ....... ... ... ... .... ................................................................5-30
Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel 5-30
Using the VPN Status Page to Deactivate a VPN Tunnel ......... ... ... ... ... .... ... ...5-31
Deleting a VPN Tunnel ...........................................................................................5-32
Chapter 6
Advanced Virtual Private Networking
Overview of FVS318v3 Policy-Based VPN Configuration .............................................. 6-1
Using Policies to Manage VPN Traffic .....................................................................6-2
Using Automatic Key Management ..................................... ................................... .. 6-2
IKE Policies’ Automatic Key and Authentication Management ................................6-3
VPN Policy Configuration for Auto Key Negotiation ..................... ............................ 6-5
VPN Policy Configuration for Manual Key Exchange ...............................................6-9
Using Digital Certificates for IKE Auto-Policy Authentication .......................................6-13
Certificate Revocation List (CRL) ...........................................................................6-14
Walk-Through of Configuration Scenarios on the FVS318v3 .......................................6-14
VPN Consortium Scenario 1:
Gateway-to-Gateway with Preshared Secrets .......................................................6-15
FVS318v3 Scenario 1: FVS318v3 to Gateway B IKE and VPN Policies ...............6-16
How to Check VPN Connections ...........................................................................6-21
Testing the Gateway A FVS318v3 LAN and the Gateway B LAN ...................6-21
FVS318v3 Scenario 2: FVS318v3 to FVS318v3 with RSA Certificates .................6-22
Chapter 7
Maintenance
Viewing VPN Firewall Status Information .......................................................................7-1
Viewing a List of Attached Devices .................................................................................7-5
Upgrading the Firewall Software ....................................................................................7-5
Configuration File Management .....................................................................................7-7
Contents vii
January 2005
Backing Up the Configuration ..................................................................................7-7
Restoring the Configuration .....................................................................................7-7
Erasing the Configuration .........................................................................................7-8
Changing the Administrator Password ...........................................................................7-8
Chapter 8
Advanced Configuration
How to Configure Dynamic DNS ....................................................................................8-1
Using the LAN IP Setup Options ....................................................................................8-2
Configuring LAN TCP/IP Setup Parameters ............................................................8-3
Using the Firewall as a DHCP server .......................................................................8-4
Using Address Reservation ......................................................................................8-5
Configuring Static Routes ...............................................................................................8-5
Static Route Example ...............................................................................................8-7
Enabling Remote Management Access .........................................................................8-7
Chapter 9
Troubleshooting
Basic Functioning ...........................................................................................................9-1
Power LED Not On ...................................................................................................9-1
LEDs Never Turn Off ................................................................................................9-2
LAN or Internet Port LEDs Not On ......... ... ... ... ... .... ... ... .......................................... ..9-2
Troubleshooting the Web Configuration Interface ..........................................................9-3
Troubleshooting the ISP Connection ..............................................................................9-4
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................9-5
Testing the LAN Path to Your Firewall ......................................................................9-5
Testing the Path from Your PC to a Remote Device ................................................9-6
Restoring the Default Configuration and Password ............... .........................................9-7
Problems with Date and Time .........................................................................................9-7
Appendix A
Technical Specifications
Appendix B
Network, Routing, and Firewall Basics
Related Publications ...................................................................................................... B-1
Basic Router Concepts .................................................................................................. B-1
What is a Router? ................................................................................................... B-2
Routing Information Protocol ................................................................................... B-2
IP Addresses and the Internet .. ... .... ... ... ... .... ................................................................. B-2
viii Contents
January 2005
Netmask .................................... ................................................................ ..............B-4
Subnet Addressing .................................................................................................. B-5
Private IP Addresses ................................. ... ... ... .......................................... ........... B-7
Single IP Address Operation Using NAT ....................................................................... B-8
MAC Addresses and Address Resolution Protocol ................................................. B-9
Related Documents ................................................................................................. B-9
Domain Name Server .............................................................................................. B-9
IP Configuration by DHCP ............................... .......................................... ... ... ... .... ..... B-10
Internet Security and Firewalls .................................................................................... B-10
What is a Firewall? .................................................................................................B-11
Stateful Packet Inspection .................................. ... ... .... ... ... .............................B-11
Denial of Service Attack ..................................................................................B-11
Ethernet Cabling ................................. ... ... .... ... .......................................... ... ... ... .... ... ...B-11
Category 5 Cable Quality ...................................................................................... B-12
Inside Twisted Pair Cables .................................................................................... B-13
Uplink Switches, Crossover Cables, and MDI/MDIX Switching ............................ B-14
Appendix C
Virtual Private Networking
What is a VPN? ............................................................................................................. C-1
What Is IPSec and How Does It Work? ......................................................................... C-2
IPSec Security Features .............................. ... ... .... ... ... ... .... .................................... C-2
IPSec Components ...................... ... ... .... ... ... ... .......................................... ..............C-2
Encapsulating Security Payload (ESP) ...................................................................C-3
Authentication Header (AH) ............................... .... ... ... ... .... ... ... ... .... ....................... C-4
IKE Security Association ........... .......................................... ... ... ... ........................... C-4
Mode ...................................... ...................... .................... ...................... ........... C-5
Key Management ....................................................................................................C-6
Understand the Process Before You Begin ................................................................... C-6
VPN Process Overview ......... ... ... .... ... .......................................... ................................. C-7
Network Interfaces and Addresses ......................................................................... C-7
Interface Addressing ......................................................................................... C-7
Firewalls ........................................................................................................... C-8
VPN Tunnel Between Gateways .............................................................................C-8
VPNC IKE Security Parameters ......... ... ... .... ... ............................................................ C-10
VPNC IKE Phase I Parameters .............................................................................C-10
Contents ix
January 2005
VPNC IKE Phase II Parameters ............................................................................ C-11
Testing and Troubleshooting ........................................................................................ C-11
Additional Reading ...................... .... ... .......................................... ... ... .... ..................... C-11
Appendix D
Preparing Your Network
Preparing Your Computers for TCP/IP Networking ................................................ ... ... . D-1
Configuring Windows 95, 98, and Me for TCP/IP Networking ....................................... D-2
Install or V erify Windows Networking Components ................................................. D-2
Enabling DHCP to Automatically Configure TCP/IP Settings .................................D-4
Selecting Windows’ Internet Access Method .......................................................... D-6
Verifying TCP/IP Properties .................................................................................... D-6
Configuring Windows NT4, 2000 or XP for IP Networking ............................................D-7
Install or V erify Windows Networking Components ................................................. D-7
Enabling DHCP to Automatically Configure TCP/IP Settings .................................D-8
DHCP Configuration of TCP/IP in Windows XP ..................................................... D-8
DHCP Configuration of TCP/IP in Windows 2000 ................................................ D-10
DHCP Configuration of TCP/IP in Windows NT4 .................................................. D-13
Verifying TCP/IP Properties for Windows XP, 2000, and NT4 .............................. D-15
Configuring the Macintosh for TCP/IP Networking ...................................................... D-16
MacOS 8.6 or 9.x ...................... ... ... ... .... ... ... ... ... .... .......................................... .....D-16
MacOS X ...... ... .......................................... .......................................... ..................D-16
Verifying TCP/IP Properties for Macintosh Computers ... .... ... ... ... .... ... ... ... ... .... .....D-17
Verifying the Readiness of Your Internet Account ....................................................... D-18
Are Login Protocols Used? ................................................................................... D-18
What Is Your Configuration Information? .............................................................. D-18
Obtaining ISP Configuration Information for Windows Computers .......................D-19
Obtaining ISP Configuration Information for Macintosh Computers .....................D-20
Restarting the Network ................................................................................................D-21
Appendix E
VPN Configuration of NETGEAR FVS318v3
Case Study Overview .................................................................................................... E-1
Gathering the Network Information ......................................................................... E-1
Configuring the Gateways ....................................................................................... E-2
Activating the VPN Tunnel ...................................................................................... E-5
The FVS318v3-to-FVS318v3 Case ............................................................................... E-6
x Contents
January 2005
Configuring the VPN Tunnel .................................. ... ... ... .... ... ................................. E-6
Viewing and Editing the VPN Parameters ............................................................... E-9
Initiating and Checking the VPN Connections .......................................................E-11
The FVS318v3-to-FVS318v2 Case ............................................................................. E-13
Configuring the VPN Tunnel .................................. ... ... ... .... ... ............................... E-13
Viewing and Editing the VPN Parameters ........................................ ............ ......... E-16
Initiating and Checking the VPN Connections ...................................................... E-18
The FVS318v3-to-FVL328 Case ................................................................................. E-20
Configuring the VPN Tunnel .................................. ... ... ... .... ... ............................... E-20
Viewing and Editing the VPN Parameters ........................................ ............ ......... E-23
Initiating and Checking the VPN Connections ...................................................... E-25
The FVS318v3-to-VPN Client Case ............................................................................ E-27
Client-to-Gateway VPN Tunnel Overview ............................................................. E-27
Configuring the VPN Tunnel .................................. ... ... ... .... ... ............................... E-28
Initiating and Checking the VPN Connections ...................................................... E-36
Glossary
List of Glossary Terms ...................................................................................................G-1
Numeric .........................................................................................................................G-1
A ....................................................................................................................................G-1
B ....................................................................................................................................G-2
C ..................................... ........................................................................... ....................G-2
D ..................................... ........................................................................... ....................G-3
E ....................................................................................................................................G-4
G ..................................... .............................................. .................................................G-4
I .................................... ............. .......... ............. ............. ............. ............. ............ ...........G-4
L ...................................... ................. ............. ................ ................ ................ .................G-6
M ..................................... ............. ............. ............. ............. ............. ............. .................G-6
P ....................................................................................................................................G-7
Q ..................................... .............................................. .................................................G-8
R ..................................... ........................................................................... ....................G-8
S ....................................................................................................................................G-9
T ....................................................................................................................................G-9
U ..................................... ........................................................................... ....................G-9
W ...................................................................................................................................G-9
Contents xi
January 2005
xii Contents
January 2005
Chapter 1
About This Manual
This chapter describes the intended audience, scope, conventions, and formats of this manual.
Audience, Scope, Conventions, and Formats
This reference manual assumes that the reader has basic to intermediate computer and Internet
skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial
information is provided in the Appendices and on the NETGEAR Web site.
This guide uses the following typographical conventions:
Table 1-1. Typographical Conventions
italics Emphasis, books, CDs, URL names
bold User input
fixed Screen text, file and server names, extensions, commands, IP addresses
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
This manual is written for the FVS318v3 VPN Firewall according to these specifications.:
Table 1-2. Manual Scope
Product Version FVS318v3 ProSafe VPN Firewall
Manual Publication Date January 2005
Note: Product updates are available on the NETGEAR, Inc. Web site at
http://kbserver.netgear.com/products/FVS318v3.asp.
About This Manual 1-1
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
How to Use This Manual
The HTML version of this manual includes the following:
• Buttons, and , for browsing forwards or backwards through the manual one page
at a time
• A button that displays the table of contents and an button. Double-click on a
link in the table of contents or index to navigate directly to where the topic is described in the
manual.
• A button to access the full NETGEAR, Inc. online Knowledge Base for the
product model.
• Links to PDF versions of the full manual and individual chapters.
1-2 About This Manual
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
How to Print this Manual
To print this manual you can choose one of the following several options, according to your needs.
• Printing a Page in the HTML View.
Each page in the HTML version of the manual is dedicated to a major topic. Use the Print
button on the browser toolbar to print the page contents.
• Printing a Chapter.
Use the PDF of This Chapter link at the top left of any page.
– Click the “PDF of This Chapter” link at the top right of any page in the chapter you want
to print. The PDF version of the chapter you were viewing opens in a browser window.
Note: Your computer must have the free Adobe Acrobat reader installed in order to view
and print PDF files. The Acrobat reader is available on the Adobe Web site at
http://www.adobe.com.
– Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save
paper and printer ink by selecting this feature.
• Printing the Full Manual.
Use the Complete PDF Manua l link at the top left of any page.
– Click the Complete PDF Manual link at the top left of any page in the manual. The PDF
version of the complete manual opens in a browser window.
– Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save
paper and printer ink by selecting this feature.
About This Manual 1-3
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
1-4 About This Manual
January 2005
Chapter 2
Introduction
This chapter describes the features of the NETGEAR FVS318v3 ProSafe VPN Firewall.
Key Features of the VPN Firewall
The FVS318v3 ProSafe VPN Firewall with eight-port switch connects your local area network
(LAN) to the Internet through an external access device such as a cable modem or DSL modem.
The FVS318v3 is a complete security solution that protects your network from attacks and
intrusions. Unlike simple Internet sharing firewalls that rely on Network Address Translation
(NAT) for security, the FVS318v3 uses stateful packet inspection for Denial of Service attack
(DoS) protection and intrusion detection. The FVS318v3 allows Internet access for up to 253
users. The FVS318v3 VPN Firewall provides you with multiple Web content filtering options,
plus browsing activity reporting and instant alerts — both via e-mail. Parents and network
administrators can establish restricted access policies based on time-of-day, Web site addresses
and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal
computers. In addition to NAT, the built-in firewall protects you from hackers.
With minimum setup, you can install and use the firewall within minutes.
The FVS318v3 VPN Firewall provides the following features:
• Easy, Web-based setup for installation and management.
• Content filtering and site blocking security.
• Built-in eight-port 10/100 Mbps switch.
• Ethernet connection to a WAN device, such as a cable modem or DSL modem.
• Extensive protocol support.
• Login capability.
• Front panel LEDs for easy monitoring of status and activity.
• Flash memory for firmware upgrade.
Introduction 2-1
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT firewalls, the FVS318v3 is a true firewall, using stateful
packet inspection to defend against hacker attacks. Its firewall features include:
• DoS protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs security incidents.
The FVS318v3 logs security events such as blocked incoming traffic, port scans, attacks, and
administrator logins. You can configure the firewall to email the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your e-mail
address or email pager whenever a significant event occurs.
• With its content filtering feature, the FVS318v3 prevents objectionable content from reaching
your PCs. The firewall allows you to control access to Internet content by screening for
keywords within Web addresses. You can configure the firewall to log and report attempts to
access objectionable Internet sites.
Security
The FVS318v3 VPN Firewall is equipped with several features designed to maintain security, as
described in this section.
• PCs Hidden by NAT
NAT opens a temporary path to the Internet for requests originating from the local network.
Requests originating from outside the LAN are discarded, preventing users outside the LAN
from finding and directly accessing the PCs on the LAN.
• Port Forwarding with NAT
Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the
firewall allows you to direct incoming traffic to specific PCs based on the service port number
of the incoming request, or to one designated “DNS” host computer. You can specify
forwarding of single ports or ranges of ports.
2-2 Introduction
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Autosensing Ethernet Connections with Auto Uplink
With its internal eight-port 10/100 switch, the FVS318v3 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are
autosensing and capable of full-duplex or half-duplex operation.
TM
The firewall incorporates Auto Uplink
technology. Each Ethernet port automatically senses
whether the Ethernet cable plugged into the port should have a normal connection such as to a PC
or an uplink connection such as to a switch or hub. That port then configures itself to the correct
configuration. This feature also eliminates the need to worry about crossover cables, as Auto
Uplink will accommodate either type of cable to make the right connection.
Extensive Protocol Support
The FVS318v3 VPN Firewall supports the Transmission Contro l Protoco l/In ternet Proto col (TCP/
IP) and Routing Information Protocol
Appendix B, “Network, Routing, and Firewall Basics.”
• IP Address Sharing by NAT
The FVS318v3 VPN Firewall allows several networked PCs to share an Internet account using
only a single IP address, which may be statically or dynamically assigned by your Internet
service provider (ISP). This technique, known as NAT, allows the use of an inexpensive
single-user ISP account.
(RIP). For further information about TCP/IP, refer to
• Automatic Configuration of Attached PCs by DHCP
The FVS318v3 VPN Firewall dynamically assigns network configuration information,
including IP, gateway, and Domain Name Server (DNS) addresses, to attached PCs on the
LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies
configuration of PCs on your local network.
• DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the firewall provides its own
address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from
the ISP during connection setup and forwards DNS requests from the LAN.
• Point-to-Point Protocol over Ethernet (PPPoE)
PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by
simulating a dial-up connection. This feature eliminates the need to run a login program such
as Entersys or WinPOET on your PC.
Introduction 2-3
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Easy Installation and Management
You can install, configure, and operate the FVS318v3 ProSafe VPN Firewall within minutes after
connecting it to the network. The following features simplify installation and management tasks:
• Browser-based management
Browser-based configuration allows you to easily configure your firewall from almost any
type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup
Wizard is provided and online help documentation is built into the browser-based Web
Management Interface.
• Smart Wizard
The FVS318v3 VPN Firewall automatically senses the type of Internet connection, asking you
only for the information required for your type of ISP account.
• Diagnostic functions
The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote
reboot.
• Remote management
The firewall allows you to login to the Web Management Interface from a remote location on
the Internet. For security, you can limit remote management access to a specified remote IP
address or range of addresses, and you can choose a nonstandard port number.
• Visual monitoring
The FVS318v3 VPN Firewall’s front panel LEDs provide an easy way to monitor its status
and activity.
Maintenance and Support
NETGEAR offers the following features to help you maximize your use of the FVS318v3 VPN
Firewall:
• Flash memory for firmware upgrade.
• Free technical support seven days a week, 24 hours a day.
Note: The FVS318v3 firmware is not backward compatible with earlier versions of the
FVS318 firewall.
2-4 Introduction
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Package Contents
The product package should contain the following items:
• FVS318v3 ProSafe VPN Firewall.
•AC power adapter.
• Category 5 (Cat 5) Ethernet cable.
• Installation Guide.
• Resource CD (240-10114-02) for ProSafe VPN Fir ewall, including:
— This guide.
— Application Notes and other helpful information.
• Registration and Warranty Card.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the firewall for repair.
The FVS318v3 Front Panel
The front panel of the FVS318v3 VPN Firewall contains the status LEDs described below.
PWR
Figure 2-1: FVS318v3 front panel
Test
Internet
LOCAL Ports
You can use some of the LEDs to verify connections. Viewed from left to right, Table 2-1
describes the LEDs on the front panel of the firewall. These LEDs are green when lit.
Introduction 2-5
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Table 2-1. LED Descriptions
LED Label Activity Description
PWR On Power is supplied to the firewall.
TEST On
Off
INTERNET
100 (100 Mbps) On
Off
LINK/ACT
(Link/Activity)
LOCAL
100 (100 Mbps) On
LINK/ACT
(Link/Activity)
On
Blinking
Off
On
Blinking
The system is initializing.
The system is ready and running.
The Internet (WAN) port is operating at 100 Mbps.
The Internet (WAN) port is operating at 10 Mbps.
The Internet port has detected a link with an attached device.
Data is being transmitted or received by the Internet port.
The Local port is operating at 100 Mbps.
The Local port is operating at 10 Mbps.
The Local port has detected a link with an attached device.
Data is being transmitted or received by the Local port.
The FVS318v3 Rear Panel
The rear panel of the FVS318v3 VPN Firewall contains the port connections listed below.
FACTORY DEFAULTS
Reset Button
LOCAL
Ports
Figure 2-2: FVS318v3 rear panel
DC PowerINTERNET
Port
ON/OFF
Switch
Viewed from left to right, the rear panel contains the following features:
• Factory default reset push button
• Eight Ethernet LAN ports
• Internet Ethernet WAN port for connecting the firewall to a cable or DSL modem
2-6 Introduction
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
• DC power input
• ON/OFF switch
NETGEAR-Related Products
NETGEAR products related to the FVS318v3 are listed in the following table:
Table 2-2. NETGEAR-Related Products
Category Wireless Wired
Notebooks WAG511 108 Mbps Dual Band PC Card
WG511T 108 Mbps PC Card
WG511 54 Mbps PC Card
WG111 54 Mbps USB 2.0 Adapter
MA521 802.11b PC Card
MA111 802.11b USB Adapter
Desktops WAG311 108 Mbps Dual Band PCI Adapter
WG311T 108 Mbps PCI Adapter
WG311 54 Mbps PCI Adapter
WG111 54 Mbps USB 2.0 Adapter
MA111 802.11b USB Adapter
PDAs MA701 802.11b Compact Flash Card
Antennas and
Accessories
ANT24O5 5 dBi Antenna
ANT2409 Indoor/Outdoor 9 dBi Antenna
ANT24D18 Indoor/Outdoor 18 dBi Antenna
Antenna Cables–1.5, 3, 5, 10, and 30 m lengths
VPN01L and VPN05L ProSafe VPN Client Software
FA511 CardBus Adapter
FA120 USB 2.0 Adapter
FA311 PCI Adapter
FA120 USB 2.0 Adapter
NETGEAR Product Registration, Support, and Documentation
Register your product at http://www.NETGEAR.com/register. Registration is required before you
can use our telephone support service.
Product updates and Web support are always available by going to: http://kbserver.netgear.com.
Documentation is available on the Resource CD and at http://kbserver.netgear.com.
Introduction 2-7
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
When the VPN firewall router is connected to the Internet, click the Knowledge Base or the
Documentation link under the Web Support menu to view support information or the
documentation for the VPN firewall router.
2-8 Introduction
January 2005
Chapter 3
Connecting the Firewall to the Internet
This chapter describes how to set up the firewall on your LAN, connect to the Internet, perform
basic configuration of your FVS318v3 ProSafe VPN Firewall using the Setup Wizard, or how to
manually configure your Internet connection.
Follow these instructions to set up your firewall.
Prepare to Install Your FVS318v3 ProSafe VPN Firewall
• For Cable Modem Service: When you perform the VPN firewall router setup steps be sure to
use the computer you first registered with your cable ISP.
• For DSL Service: You may need information such as the DSL login name/e-mail address and
password in order to complete the VPN firewall router setup.
Before proceeding with the VPN firewall router installation, familiarize yourself with the contents
of the Resource CD (240-10114-02) for ProSafe VPN Firewall, especially this manual and the
animated tutorials for configuring networking on PCs.
First, Connect the FVS318v3
1. CONNECT THE CABLES BETWEEN THE FVS318V3, COMPUTER, AND MODEM
a. Turn off your computer.
b. Turn off the cable or DSL broadband modem.
Connecting the Firewall to the Internet 3-1
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Locate the Ethernet cable (Cable 1 in the diagram) that connects your PC to the modem.
c.
A
&DEOH
,QWHUQHW
&RPSXWHU
Figure 3-1: Disconnect the Ethernet cable from the computer
d.
Disconnect the cable at the computer end only, point A in the diagram.
e. Look at the label on the bottom of the VPN firewall router. Locate the Internet port.
Securely insert the Ethernet cable from your modem (Cable 1 in the diagram below) into
the Internet port of the VPN firewall router as shown in point B of the diagram.
0RGHP
B
Internet
port
Internet
Firewall
Figure 3-2: Connect the VPN firewall router to the modem
3-2 Connecting the Firewall to the Internet
Cable 1
January 2005
Modem
Reference Manual for the ProSafe VPN Firewall FVS318v3
Securely insert the blue cable that came with your VPN firewall router (the blue
f.
NETGEAR cable in the diagram below) into a LOCAL port on the firewall such as
LOCAL port 8 (point C in the diagram), and the other end into the Ethernet port of your
computer (point D in the diagram).
Blue NETGEAR
D
Cable
Internet
C
Computer
Local Ports
Figure 3-3: Connect the computer to the VPN firewall router
Your network cables are connected and you are ready to restart your network.
Firewall
Modem
2. RESTART YOUR NETWORK IN THE CORRECT SEQUENCE
Warning: Failure to restart your network in the correct sequence could prevent you from
connecting to the Internet.
a. First, turn on the broadband modem and wait two minutes.
b. Now, plug in the power cord to your VPN firewall router and wait one minute.
c. Last, turn on your computer.
Note: For DSL customers, if software logs you in to the Internet, do not run that software. Y ou
may need to go to the Internet Explorer T ools menu, Internet Options, Connections tab page
where you can select “Never dial a connection.”
Connecting the Firewall to the Internet 3-3
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Power Internet Local Port 8Test
Figure 3-4: Status lights
d.
Check the VPN firewall router status lights to verify the following:
• PWR: The power light should turn solid green. If it does not, see “Troubleshooting
Tips” on page 3-6.
• TEST: The test light blinks when the firewall is first turned on then goes off. If after
two minutes it is still on, see “Troubleshooting Tips” on page 3-6.
• INTERNET: The Internet LINK light should be lit. If not, make sure the Ethernet cable
is securely attached to the VPN firewall router Internet port and the modem, and the
modem is powered on.
• LOCAL: A LOCAL light should be lit. Green on the 100 line indicates your computer
is communicating at 100 Mbps; off on the 100 line indicates 10 Mbps. If a LOCAL
light is not lit, check that the Ethernet cable from the computer to the firewall is
securely attached at both ends, and that the computer is turned on.
Now, Configure the FVS318v3 for Internet Access
1. From the Ethernet connected PC you just set up, open a browser such as Internet Explorer or
Netscape® Navigator.
3-4 Connecting the Firewall to the Internet
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
With the VPN firewall router in its factory default state, your browser will automatically
display the NETGEAR Smart Wizard Configuration Assistant welcome page.
Figure 3-5: NETGEAR Smart Wizard Configuration Assistant welcome screen
Note: If you do not see this page, type http://www.routerlogin.net in the browser address bar
and press Enter. If you still cannot see this screen, see “How to Bypass the Configuration
Assistant” on page 3-10.
If you cannot connect to the VPN firewall router, verify your computer networking setup. It
should be set to obtain both IP and DNS server addresses automatically, which is usually so.
For help with this, see Appendix D, “Preparing Your Network or the animated tutorials on the
Resource CD.
2. Click OK. Follow the prompts to proceed with the Smart Wizard Configuration Assistant to
connect to the Internet.
Connecting the Firewall to the Internet 3-5
January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3
Click Done to finish. If you have trouble connecting to the Internet, see “Troubleshooting
3.
Tips” on page 3-6 to correct basic problems.
Figure 3-6: NETGEAR Smart Wizard Configuration Assistant success screen
Note: The Smart Wizard Configuration Assistant only ap pe a r s wh en the firewall is in its factory
default state. After you configure the VPN firewall router, it will not appear again. You can always
connect to the firewall to change its settings. To do so, open a browser such as Internet Explorer
and go to http://www.routerlogin.net. Then, when prompted, enter admin as the user name and
password for the password both in lower case letters.
You are now connected to the Internet!
Troubleshooting Tips
Here are some tips for correcting simple problems you may have.
Be sure to restart your network in this sequence:
1. Turn off the VPN firewall router, shut down the computer, and unplug and turn of f the modem.
2. Turn on the modem and wait two minutes
3. Turn on the VPN firewall router and wait one minute
4. Turn on the computer.
3-6 Connecting the Firewall to the Internet
January 2005
Loading...