NETGEAR PVS338 User Manual

FVS338

ProSafe™ VPN Firewall 50

8-port 10/100 Mbps Switch

50 VPN Tunnels for Encrypted Remote Access

NETGEAR’s ProSafe VPN Firewall 50 with Dial Back-up is a SNMP-Manageable, high-performance network
solution that furnishes multidimensional security. Fully equipped and broadband-capable, this Virtual Private
Network (VPN) firewall comes with connection insurance: a built-in serial port for dial-up access. This
practical feature means your business can maintain operation if your broadband Internet connection fails.
It lets you retain an analog modem for emergency backup and also provides a migration path from analog
to broadband, making the transition effortless.

High on security, this true firewall provides Denial of Service (DoS) protection and Intrusion Detection using
Stateful Packet Inspection (SPI), URL keyword filtering, logging, reporting, and real-time alerts. It supports
up to 50 IPSec VPN tunnels simultaneously using Public Key Infrastructure (PKI), reducing your operating
costs and improving the security of your network. With 8 auto-sensing, Auto Uplink™ switched LAN ports
and Network Address Translation (NAT) routing, up to 253 users can access your broadband connection at
the same time. With support for Trend Micro anti-virus policy enforcement functionality, the FVS338 ships
with a 60 day evaluation copy of Trend Micro Client/Server Suite for SMB and Client/Server/Messaging
Suite for SMB for customers without current licenses. Designed with small businesses in mind, the Trend
Micro Suites combine workstation and server virus protection (including Trojans, worms, and hackers, plus
spyware, grayware, and blended threats) into a single solution, empowering small business owners to
deploy and manage an effective antivirus strategy with limited IT investment.

Takes care of all your security needs, with support up to 50 IPSec VPN tunnels simultaneously, SPI Firewall,
Denial of Service (DoS) attack protection, multiple VPN pass-through and anti-spam/anti-virus policy enforcement
support for extra security. SYSLOG and email reporting enable thorough network monitoring. IKE authentication
provides peace of mind against unauthorized VPN network access. The ProSafe VPN Firewall 50 provides optimal
value and defense against network security threats.

Smart Wizard

™

connects to your ISP quickly; the user-friendly Web-based configuration screen and install assistant
reduce setup time. The VPN wizard automates VPN configuration and secure remote administration via Secure
Socket Layer (SSL) makes it simple to connect to multiple sites. Support for DHCP (client and server) as

well as

PPPoE allows for easy, widespread deployment. This well-built firewall has an integrated 8-port 10/100 Mbps

switch

and is compatible with Windows

®

, UNIX®, Macintosh®, and Linux®O/S. It comes with an Ethernet cable, and
Auto Uplink on the LAN ports eliminates the need for crossover cables. Support for DHCP (client and server) as
well as PPPoE allows for easy, widespread deployment.

Make a VPN connection to other VPN devices or connect through NETGEAR’s ProSafe VPN Client software,
sold separately in single and five-user licenses VPN01L – supports popular Microsoft

®

Windows platforms and is
easy to configure, cost-effective and provides broad security support. The rugged metal unit houses advanced, high­quality electronics, and NETGEAR’s tested and proven technology is backed by a 3-year warranty.

• Help is there when you need it!
NETGEAR provides 24x7
technical support* in English,
with selected local language
support during office hours.

Thoroughly Protected

Easy to Use

Flexible & Durable

™

Everybody’s connecting.

NMS100 ProSafe Network Management System

2

7

0

-

1

0

2

6

3

-

0

1

Instructions:

Software CD

This CD should automatically

Version 1.0

run when inserted into your
CD-ROM drive. If the CD
does not start automatically,
browse to the CD drive and

Telecommuter with ProSafe VPN

Client Software VPN01L

click on NMSsetup.exe

© 2004 NETGEAR, INC.
ALL RIGHTS RESERVED
© 2004 NETGEAR, Inc.

240-10041-01

All rights reserved

240-10129-01

FVS338 VPN Firewall 50 FVS338 VPN Firewall 50

Broadband
modem

™

Everybody’s connecting.

NMS100 ProSafe Network Management System

2

7

0

-

1

0

2

6

3

-

0

1

Software CD

Version 1.0

© 2004 NETGEAR, INC.
ALL RIGHTS RESERVED
© 2004 NETGEAR, Inc.

240-10041-01

All rights reserved

240-10129-01

Telecommuter with ProSafe VPN
Client Software VPN01L

Servers

100 Mbps

10 Mbps

Desktop PCs with

FA311 network card installed

Internet

Instructions:

This CD should automatically
run when inserted into your
CD-ROM drive. If the CD
does not start automatically,
browse to the CD drive and
click on NMSsetup.exe

™

Everybody’s connecting.

NMS100 ProSafe Network Management System

2

7

0

-

1

0

2

6

3

-

0

1

Instructions:

Software CD

This CD should automatically

Version 1.0

run when inserted into your
CD-ROM drive. If the CD
does not start automatically,
browse to the CD drive and
click on NMSsetup.exe

© 2004 NETGEAR, INC.
ALL RIGHTS RESERVED
© 2004 NETGEAR, Inc.

240-10041-01

All rights reserved

240-10129-01

Broadband
modem

™

Everybody’s connecting.

NMS100 ProSafe Network Management System

2

7

0

-

1

0

2

6

3

-

0

1

Software CD

Version 1.0

© 2004 NETGEAR, INC.
ALL RIGHTS RESERVED
© 2004 NETGEAR, Inc.

240-10041-01
All rights reserved

240-10129-01

Telecommuter with ProSafe VPN
Client Software VPN01L

Telecommuter with ProSafe VPN
Client Software VPN01L

VPN Tunnel
encrypts your data

Instructions:

This CD should automatically
run when inserted into your
CD-ROM drive. If the CD
does not start automatically,
browse to the CD drive and
click on NMSsetup.exe

Desktop PCs with

FA311 network card installed

Physical Interfaces

- LAN ports: Eight (8) 10/100 Mbps auto-sensing, Auto

Uplink

™

RJ-45 ports

- WAN ports:

- 10/100 Mbps Ethernet RJ-45 port to connect to any

broadband modem, such as DSL or cable

- RS-232 serial port with DB-9 connector for an external

analog modem

• Security Features:

- SPI Firewall: Stateful Packet Inspection (SPI) to

prevent notorious Denial of Service (DoS) attacks,
Intrusion Detection System (IDS) including logging,
reporting and e-mail alerts, address, service and proto­col, Web URL keyword filtering, prevent replay attack
(reassembly attack), port/service blocking. Advanced
features include block Java/URL/ActiveX based on
extension, FTP/SMTP/RPC program filtering

- VPN Functionality: Fifty (50) dedicated VPN tun-

nels, Manual key and Internet Key Exchange Security
Association (IKE SA) assignment with pre-shared key
and RSA/DSA signatures, key life and IKE lifetime
time settings, perfect forward secrecy (Diffie-Hellman
groups 1 and 2 and Oakley support), operating
modes (Main, Aggressive, Quick), fully qualified
domain name (FQDN) support for dynamic IP
address VPN connections.

- IPSec Support: IPSec-based 56-bit (DES), 168-bit

(3DES), or 256-bit (AES) encryption algorithm,
MD5 or SHA-1 hashing algorithm, AH/AH-ESP
support, PKI features with X.509 v.3 certificate sup­port, remote access VPN (client-to-site), site-to-site
VPN, IPSec NAT traversal (VPN pass-through)

- Mode of Operation: One-to-one/many-to-one

Multi-Network Address Translation (NAT), classical
routing, unrestricted users per port

- IP Address Assignment: Static IP address assign-

ment, internal DHCP server on LAN, DHCP client
on WAN, PPPoE client support

• Performance Features:

- Throughput: Up to 90 Mbps WAN-to-LAN, up

to 60 Mbps for 3DES throughput

• Management Features:

- Administration Interface: SNMP (v2c) support,

Telnet, web graphic user interface, Secure Sockets
Layer (SSL) remote management, user name and pass­word protected; secure remote management support
authenticated through IP address or IP address range
and password; configuration changes/upgrades
through web GUI.

- Configuration and Upgrades: Upload and down

load configuration settings, firmware upgradeable
flash memory

- Logging: SYSLOG, e-mail alerts

• Functions:

VPN Wizard to simplify configuration of the VPN,
Smart Wizard to automatically detect ISP Address type
(static, dynamic, PPPoE), Port Range Forwarding, Port
Triggering, Exposed Host (DMZ), Enable/Disable

WAN Ping, DNS Proxy, MAC Address cloning/spoof­ing, Network Time Protocol NTP support, Keyword
Content Filtering, email Alerts, DHCP Server (Info and
display table), PPPoE login client support, WAN DHCP
Client, Diagnostic tools (ping, trace route, other),
Port/service/MAC address blocking, Auto-Uplink on
switch ports and Quality of Service (QoS)

• Protocol support:

- Network: IP routing, TCP/IP, UDP, ICMP, PPPoE

- IP Addressing: DHCP (client and server)

- Routing: RIP v1, RIPv2 (Static Routing,

Dynamic Routing)

- VPN/Security: IPSec (ESP, AH), MD5, SHA-1, DES,

3DES, IKE, PKI, AES

• User support:

- LAN: Up to 253 users

• Maintance:

Save/Restore Configuration, Restore Defaults,
Upgrades via Web Browser, Display Statistics,
Logging, SYSLOG support.

• Hardware Specifications:

- Processor Speed: 266 MHz

- Memory: 16Mb Flash, 32 Mb DRAM-Power adapter:

12VDC, 1.2A -plug is localized to country of sale

- Dimensions: 25.4 x 17.8 x 3.96 cm (10 x 7 x 1.56 in.)

- Weight: 1.7 kg (3.7 lb.)

• Environmental Specifications

- Operating temperature: 0 to 40°C (32 to 104°F)

- Operating humidity: 90% maximum relative

humidity, noncondensing

• Warranty

- NETGEAR 3-year warranty

System Requirements

- Cable, DSL or wireless broadband modem and

Internet service

- Ethernet connectivity from broadband modem

- Network card for each connected PC

- Network software (e.g. Windows)

- Internet Explorer 5.0 or higher or Netscape Navigator 4.7

or higher

Package Contents

- FVS338 ProSafe VPN Firewall 50

- Ethernet cable

- Rack mount kit

- Installation guide

- Resource CD with single user ProSafe VPN Client

Software license and 60 trial version of Trend Micro
C/S and C/S/M SMB suite software

- Warranty/Support information card

NETGEAR Related Products

• Accessories:

- VPN01L and VPN05L ProSafe

VPN Client Software

- NMS100 ProSafe Network

Management Software

• VPN Firewalls

- FVS124G ProSafe Gigabit VPN

Firewall 25

- FVL328 ProSafe VPN Firewall 100

- FVX538 ProSafe VPN Firewall 200

• Wireless:

- WAG302 ProSafe Dual Band

Access Point

- WG302 ProSafe 802.11g

Access Point

• Switches:

- FSM7352S ProSafe 48+4 10/100 L3

Managed Stackable Switch

- FSM7328S ProSafe 24+4 10/100

L3 Managed Stackable Switch

- FSM7326P ProSafe 24+2 10/100

L3 Managed Switch w/24PoE

4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone: 1-888-NETGEAR
E-mail: info@NETGEAR.com
www.NETGEAR.com

©2005 NETGEAR, Inc. NETGEAR®,
Everybody's connecting®, the Netgear
logo, Auto Uplink, ProSafe, Smart Wizard
and RangeMax are trademarks or regis­teredtrademarks of NETGEAR, Inc. in the
United States and/or other countries.
Microsoft, Windows, and the Windows
logo are trademarks or registered
trademarks of Microsoft Corporation in
the United States and/or other countries.
Other brand and product names are
trademarks or registered trademarks of
their respective holders. Information is
subject to change without notice.
All rights reserved.

* Free basic installation support provided
for 90 days from date of purchase.
Advanced product features and
configurations are not included in free
basic installation support; optional
premium support available.

D-FVS338-01

FVS338 ProSafe

™

VPN Firewall 50

8-port 10/100 Mbps Switch