Reference ManualTable of ContentsProSafe VPN Firewall 200 FVX538 Reference Manual1Contents7About This Manual15Conventions, Formats and Scope15Revision History16Chapter 1 Introduction17Key Features17Dual WAN Ports for Increased Reliability or Outbound Load Balancing18A Powerful, True Firewall with Content Filtering18Security Features19Autosensing Ethernet Connections with Auto Uplink19Extensive Protocol Support20Easy Installation and Management20Maintenance and Support21Package Contents21Router Front and Rear Panels22Rack Mounting Hardware24The Router’s IP Address, Login Name, and Password25Chapter 2 Connecting the FVX538 to the Internet27Logging into the VPN Firewall27Configuring the Internet Connections to Your ISPs28Setting the Router’s MAC Address30Manually Configuring Your Internet Connection30Programming the Traffic Meter (if Desired)32Configuring the WAN Mode (Required for Dual WAN)34Setting Up Auto-Rollover Mode35Setting Up Load Balancing38Configuring Dynamic DNS (If Needed)40Configuring the Advanced WAN Options (If Needed)43Chapter 3 LAN Configuration45Choosing the Firewall DHCP Options45Configuring the LAN Setup Options46Configuring Multi Home LAN IPs49Managing Groups and Hosts (LAN Groups)50Creating the Network Database51Setting Up Address Reservation53Configuring and Enabling the DMZ Port54Static Routes56Configuring Static Routes56Routing Information Protocol (RIP)58Static Route Example60Chapter 4 Firewall Protection and Content Filtering61About Firewall Protection and Content Filtering61Using Rules to Block or Allow Specific Kinds of Traffic62Services-Based Rules62Order of Precedence for Rules69Setting LAN WAN Rules69Setting DMZ WAN Rules72Setting LAN DMZ Rules74Attack Checks76Session Limit78Inbound Rules Examples80Outbound Rules Example84Adding Customized Services85Setting Quality of Service (QoS) Priorities87Setting a Schedule to Block or Allow Specific Traffic88Setting Block Sites (Content Filtering)89Enabling Source MAC Filtering91IP/MAC Binding93Port Triggering95Bandwidth Limiting97E-Mail Notifications of Event Logs and Alerts99Administrator Tips103Chapter 5 Virtual Private Networking105Considerations for Dual WAN Port Systems105Using the VPN Wizard for Client and Gateway Configurations107Creating Gateway to Gateway VPN Tunnels with the Wizard107Creating a Client to Gateway VPN Tunnel110Testing the Connections and Viewing Status Information116NETGEAR VPN Client Status and Log Information116FVX538 VPN Connection Status and Logs118VPN Tunnel Policies119IKE Policy119VPN Policy121Certificate Authorities123Generating a Self Certificate Request124Uploading a Trusted Certificate126Managing your Certificate Revocation List (CRL)126Extended Authentication (XAUTH) Configuration127Configuring XAUTH for VPN Clients128User Database Configuration129RADIUS Client Configuration131Assigning IP Addresses to Remote Users (ModeConfig)133Mode Config Operation133Configuring the VPN Firewall134Configuring the ProSafe VPN Client for ModeConfig137Chapter 6 Router and Network Management143Performance Management143Bandwidth Capacity143VPN Firewall Features That Reduce Traffic144VPN Firewall Features That Increase Traffic147Using QoS to Shift the Traffic Mix149Tools for Traffic Management150Administration150Changing Passwords and Settings150RADIUS Server External Authentication152Enabling Remote Management Access153Using a SNMP Manager156Settings Backup and Firmware Upgrade157Setting the Time Zone161Monitoring the Router162Enabling the Traffic Meter162Setting Login Failures and Attacks Notification164Viewing Port Triggering Status166Viewing Router Configuration and System Status167Monitoring WAN Ports Status168Monitoring VPN Tunnel Connection Status169VPN Logs170DHCP Log171Performing Diagnostics171Chapter 7 Troubleshooting175Basic Functions175Power LED Not On175LEDs Never Turn Off176LAN or Internet Port LEDs Not On176Troubleshooting the Web Configuration Interface176Troubleshooting the ISP Connection178Troubleshooting a TCP/IP Network Using a Ping Utility179Testing the LAN Path to Your Firewall179Testing the Path from Your PC to a Remote Device180Restoring the Default Configuration and Password181Problems with Date and Time181Appendix A Default Settings and Technical Specifications183Appendix B Network Planning for Dual WAN Ports187What You Will Need to Do Before You Begin187Cabling and Computer Hardware Requirements189Computer Network Configuration Requirements189Internet Configuration Requirements189Where Do I Get the Internet Configuration Parameters?189Internet Connection Information Form191Overview of the Planning Process192Inbound Traffic192Virtual Private Networks (VPNs)192The Roll-over Case for Firewalls With Dual WAN Ports193The Load Balancing Case for Firewalls With Dual WAN Ports193Inbound Traffic194Inbound Traffic to Single WAN Port (Reference Case)194Inbound Traffic to Dual WAN Port Systems194Virtual Private Networks (VPNs)196VPN Road Warrior (Client-to-Gateway)197VPN Gateway-to-Gateway200VPN Telecommuter (Client-to-Gateway Through a NAT Router)203Appendix C System Logs and Error Messages207System Log Messages207System Startup207Reboot208NTP208Login/Logout209Firewall Restart209IPSec Restart210WAN Status210Web Filtering and Content Filtering Logs213Traffic Metering Logs215Unicast Logs215FTP Logging216Invalid Packet Logging216Routing Logs219LAN to WAN Logs219LAN to DMZ Logs220DMZ to WAN Logs220WAN to LAN Logs220DMZ to LAN Logs220WAN to DMZ Logs221Appendix D Related Documents223Appendix E Two Factor Authentication225Why do I need Two-Factor Authentication?225What are the benefits of Two-Factor Authentication?225What is Two-Factor Authentication226NETGEAR Two-Factor Authentication Solutions226Index231Size: 3.31 MBPages: 240Language: EnglishOpen manual
