Summary of the content on the page No. 1
FVS338 ProSafe VPN
Firewall 50 Reference
Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
March 2008
202-10046-06
v1.0
Summary of the content on the page No. 2
© 2007 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo and ProSafe are trademarks and/or registered trademarks of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to
Summary of the content on the page No. 3
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations. Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipme
Summary of the content on the page No. 4
Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentati
Summary of the content on the page No. 5
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message- Digest Algorithm" in all material mentioning or referenc
Summary of the content on the page No. 6
Product and Publication Details Model Number: FVS338 Publication Date: March 2008 Product Family: VPN firewall Product Name: ProSafe VPN Firewall 50 Home or Business Product: Business Language: English Publication Part Number: 202-10046-06 Publication Version Number 1.0 vi v1.0, March 2008
Summary of the content on the page No. 7
Contents About This Manual Conventions, Formats and Scope ...................................................................................xiii How to Use This Manual ..................................................................................................xiv How to Print this Manual ..................................................................................................xiv Revision History .....................................................................................
Summary of the content on the page No. 8
Configuring the WAN Mode ..........................................................................................2-15 Configuring Dynamic DNS (If Needed) .........................................................................2-16 Chapter 3 LAN Configuration Configuring Your LAN (Local Area Network) ..................................................................3-1 Using the VPN Firewall as a DHCP Server ..............................................................3-1 Configuring Multi-H
Summary of the content on the page No. 9
Setting Block Sites (Content Filtering) ..........................................................................4-22 Enabling Source MAC Filtering ....................................................................................4-24 IP/MAC Binding ............................................................................................................4-26 Setting Up Port Triggering ............................................................................................4-28 Bandwidth
Summary of the content on the page No. 10
Configuring the ProSafe VPN Client for ModeConfig .............................................5-30 Certificates ....................................................................................................................5-33 Trusted Certificates (CA Certificates) .....................................................................5-33 Self Certificates ......................................................................................................5-34 Managing your Certificate Re
Summary of the content on the page No. 11
Performing Diagnostics ..........................................................................................6-26 Chapter 7 Troubleshooting Basic Functions ..............................................................................................................7-1 Power LED Not On ...................................................................................................7-1 LEDs Never Turn Off .....................................................................................
Summary of the content on the page No. 12
Routing Logs ............................................................................................................... B-14 LAN to WAN Logs ................................................................................................. B-15 LAN to DMZ Logs .................................................................................................. B-15 DMZ to WAN Logs ................................................................................................ B-15 WAN to LAN Lo
Summary of the content on the page No. 13
About This Manual ® The NETGEAR ProSafe™ VPN Firewall 50 FVS338 Reference Manual describes how to install, configure and troubleshoot the ProSafe VPN Firewall 50. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in the following paragraphs. • Typographical Conventions. This manual uses the following typographical conventions Italics Emphasis, bo
Summary of the content on the page No. 14
FVS338 ProSafe VPN Firewall 50 Reference Manual Danger: This is a safety warning. Failure to take heed of this notice may result in personal injury or death. • Scope. This manual is written for the VPN firewall according to these specifications: Product Version ProSafe VPN Firewall 50 Manual Publication Date March 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix C, “Related Documents” . Note: Updates to this pr
Summary of the content on the page No. 15
FVS338 ProSafe VPN Firewall 50 Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com. – Printing a PDF Chapter. Use the PDF of This Chapter link at the top left of any page. • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a
Summary of the content on the page No. 16
FVS338 ProSafe VPN Firewall 50 Reference Manual xvi About This Manual v1.0, March 2008
Summary of the content on the page No. 17
Chapter 1 Introduction The ProSafe VPN Firewall 50 with 8 port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. The FVS338 is a complete security solution that protects your network from attacks and intrusions. For example, the FVX538 provides support for Stateful Packet Inspection, Denial of Service (DoS) attack protection and multi-NAT support.The VPN firewall supports multiple Web content filtering options,
Summary of the content on the page No. 18
FVS338 ProSafe VPN Firewall 50 Reference Manual • Flash memory for firmware upgrade. Full Routing on Both the Broadband and Serial WAN Ports You can install, configure, and operate the FVS338 to take full advantage of a variety of routing options on both the serial and broadband WAN ports, including: • Internet access via either the serial or broadband port. • Auto rollover connectivity (fail-over) through an analog modem connected to the serial port If the broadband Internet connection fails,
Summary of the content on the page No. 19
FVS338 ProSafe VPN Firewall 50 Reference Manual • Port Forwarding with NAT. Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request. You can specify forwarding of single ports or ranges of ports. • Exposed Host (Software DMZ). Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of
Summary of the content on the page No. 20
FVS338 ProSafe VPN Firewall 50 Reference Manual Easy Installation and Management You can install, configure, and operate the ProSafe VPN Firewall 50 within minutes after connecting it to the network. The following features simplify installation and management tasks: • Browser-based management. Browser-based configuration allows you to easily configure your firewall from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and on