Resumen del contenido incluido en la página 1
ProSafe VPN Firewall 200
FVX538 Reference
Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
August 2006
202-10062-04
v1.0
Resumen del contenido incluido en la página 2
© 2006 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSafe is a trademark of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to
Resumen del contenido incluido en la página 3
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations. Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipme
Resumen del contenido incluido en la página 4
Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentati
Resumen del contenido incluido en la página 5
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message- Digest Algorithm" in all material mentioning or referenc
Resumen del contenido incluido en la página 6
Product and Publication Details Model Number: FVX538 Publication Date: August 2006 Product Family: VPN Firewall Product Name: ProSafe VPN Firewall 200 Home or Business Product: Business Language: English Publication Part Number: 202-10062-04 Publication Version Number 1.0 vi 1.0, August 2006
Resumen del contenido incluido en la página 7
Contents About This Manual Conventions, Formats and Scope ...................................................................................xiii How to Use This Manual ..................................................................................................xiv How to Print this Manual ..................................................................................................xiv Revision History .....................................................................................
Resumen del contenido incluido en la página 8
Programming the Traffic Meter (if Desired) ..............................................................2-7 Configuring the WAN Mode (Required for Dual WAN) .................................................2-10 Setting Up Auto-Rollover Mode ..............................................................................2-11 Setting Up Load Balancing .....................................................................................2-13 Configuring Dynamic DNS (If Needed) .......................
Resumen del contenido incluido en la página 9
Inbound Rules Examples .......................................................................................4-16 LAN WAN Inbound Rule: Hosting A Local Public Web Server ........................4-16 LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses 4-17 LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping 4-17 LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host .............4-19 Outbound Rules Example .................................................
Resumen del contenido incluido en la página 10
Configuring the VPN Client ....................................................................................5-22 Testing the Connection ...........................................................................................5-26 Certificate Authorities ...................................................................................................5-27 Generating a Self Certificate Request ....................................................................5-28 Uploading a Trusted Certif
Resumen del contenido incluido en la página 11
Router Upgrade ...............................................................................................6-15 Setting the Time Zone ............................................................................................6-16 Monitoring the Router ...................................................................................................6-17 Enabling the Traffic Meter ......................................................................................6-17 Setting Login Failures
Resumen del contenido incluido en la página 12
Internet Configuration Requirements ......................................................................C-3 Where Do I Get the Internet Configuration Parameters? ........................................ C-4 Internet Connection Information Form .................................................................... C-5 Overview of the Planning Process ................................................................................. C-6 Inbound Traffic ..............................................
Resumen del contenido incluido en la página 13
About This Manual ® The NETGEAR ProSafe™ VPN Firewall 200 describes how to install, configure and troubleshoot the ProSafe VPN Firewall 200. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in the following paragraphs. • Typographical Conventions. This manual uses the following typographical conventions: Italics Emphasis, books, CDs, URL names Bo
Resumen del contenido incluido en la página 14
ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. This manual is written for the VPN firewall according to the following specifications: Product Version ProSafe VPN Firewall 200 Manual Publication Date August 2006 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents.” Note: Updates to this product are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/FVX538.asp. H
Resumen del contenido incluido en la página 15
ProSafe VPN Firewall 200 FVX538 Reference Manual • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. • Click the print icon in the upper left of your browser window. – Printing a PDF version of the Complete Manual. Use the Complete PDF Manual link at the top left of any page. • Click the Complete PDF Manual link at the top left of any page in the manual. The PDF version
Resumen del contenido incluido en la página 16
ProSafe VPN Firewall 200 FVX538 Reference Manual xvi v1.0, August 2006
Resumen del contenido incluido en la página 17
Chapter 1 Introduction The ProSafe VPN Firewall 200 with eight 10/100 ports and one 1/100/1000 port connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. The FVX538 is a complete security solution that protects your network from attacks and intrusions. For example, the FVX538 provides support for Stateful Packet Inspection, Denial of Service (DoS) attack protection and multi-NAT support. The VPN firewall supports multiple
Resumen del contenido incluido en la página 18
ProSafe VPN Firewall 200 FVX538 Reference Manual • Login capability. • Front panel LEDs for easy monitoring of status and activity. • Flash memory for firmware upgrade. • One U Rack mountable. Dual WAN Ports for Increased Reliability or Outbound Load Balancing The FVX538 has two broadband WAN ports, WAN1 and WAN2, each capable of operating independently at speeds of either 10 Mbps or 100 Mbps. The two WAN ports let you connect a second broadband Internet line that can be configured on a mutua
Resumen del contenido incluido en la página 19
ProSafe VPN Firewall 200 FVX538 Reference Manual • Keyword Filtering. With its URL keyword filtering feature, the FVX538 prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the firewall to log and report attempts to access objectionable Internet sites. Security Features The VPN firewall is equipped with several features designed to maintain security, as described
Resumen del contenido incluido en la página 20
ProSafe VPN Firewall 200 FVX538 Reference Manual • IP Address Sharing by NAT. The VPN firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account. • Automatic Configuration of Attached PCs by DHCP. The VPN firewall dynamically assigns network configuration information, including I