Netgear FVS318Gv2 – ProSAFE VPN Firewall Series Reference Manual
Introduction
10
NETGEAR ProSAFE VPN Firewall FVS318G v2
Advanced VPN Support for IPSec
The VPN firewall supports IPSec virtual private network (VPN) connections. IPSec VPN
delivers full network access between a central office and branch offices, or between a central
office and telecommuters. Remote access by telecommuters requires the installation of VPN
client software on the remote computer. Advantages include:
delivers full network access between a central office and branch offices, or between a central
office and telecommuters. Remote access by telecommuters requires the installation of VPN
client software on the remote computer. Advantages include:
•
IPSec VPN with broad protocol support for secure connection to other IPSec gateways
and clients
and clients
•
Up to 12 simultaneous IPSec VPN connections
•
Bundled with a 30-day trial license for the ProSafe VPN Client software (VPN01L)
A Powerful, True Firewall
Unlike simple NAT routers, the VPN firewall is a true firewall, using stateful packet inspection
(SPI) to defend against hacker attacks. Its firewall features provide the following capabilities:
(SPI) to defend against hacker attacks. Its firewall features provide the following capabilities:
•
DoS protection. Automatically detects and thwarts denial of service (DoS) attacks such
as Ping of Death and SYN flood.
as Ping of Death and SYN flood.
•
Secure firewall. Blocks unwanted traffic from the Internet to your LAN.
•
Schedule policies. Permits scheduling of firewall policies by day and time.
•
Logs security incidents. Logs security events such as logins and secure logins. You can
configure the firewall to email the log to you at specified intervals.
configure the firewall to email the log to you at specified intervals.
Security Features
The VPN firewall is equipped with several features designed to maintain security:
•
Computers hidden by NAT. NAT opens a temporary path to the Internet for requests
originating from the local network. Requests originating from outside the LAN are
discarded, preventing users outside the LAN from finding and directly accessing the
computers on the LAN.
originating from the local network. Requests originating from outside the LAN are
discarded, preventing users outside the LAN from finding and directly accessing the
computers on the LAN.
•
Port forwarding with NAT. Although NAT prevents Internet locations from directly
accessing the computers on the LAN, the VPN firewall allows you to direct incoming
traffic to specific computers based on the service port number of the incoming request.
accessing the computers on the LAN, the VPN firewall allows you to direct incoming
traffic to specific computers based on the service port number of the incoming request.
•
DMZ port. Incoming traffic from the Internet is usually discarded by the VPN firewall
unless the traffic is a response to one of your local computers or a service for which you
configured an inbound rule. Instead of discarding this traffic, you can use the dedicated
demilitarized zone (DMZ) port to forward the traffic to one computer on your network.
unless the traffic is a response to one of your local computers or a service for which you
configured an inbound rule. Instead of discarding this traffic, you can use the dedicated
demilitarized zone (DMZ) port to forward the traffic to one computer on your network.
Autosensing Ethernet Connections with Auto Uplink
With its internal eight-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the VPN
firewall can connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast
Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The LAN and WAN interfaces
are autosensing and capable of full-duplex or half-duplex operation.
firewall can connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast
Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The LAN and WAN interfaces
are autosensing and capable of full-duplex or half-duplex operation.