Netgear FVL328 Manuales de usuario

Tabla de contenidos

• Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

  1
  • Trademarks

    2
  • Statement of Conditions

    2
  • EN 55 022 Declaration of Conformance

    2
  • Certificate of the Manufacturer/Importer

    2
  • Bestätigung des Herstellers/Importeurs

    3
  • Voluntary Control Council for Interference (VCCI) Statement

    3
  • Technical Support

    3
  • World Wide Web

    3
• Contents

  5
• Chapter 1 About This Manual

  13
  • Audience

    13
  • Scope

    13
  • Typographical Conventions

    14
  • Special Message Formats

    14
  • How to Use this Manual

    15
  • How to Print this Manual

    16
• Chapter 2 Introduction

  17
  • About the FVL328

    17
  • Summary of New Features in the FVL328

    17
  • Key Features

    18
    • Virtual Private Networking

      18
    • A Powerful, True Firewall

      19
    • Content Filtering

      19
    • Configurable Auto Uplink™ Ethernet Connection

      19
    • Protocol Support

      20
    • Easy Installation and Management

      21
  • What’s in the Box?

    22
    • The Firewall’s Front Panel

      22
    • The Firewall’s Rear Panel

      23
• Chapter 3 Connecting the FVL328 to the Internet

  25
  • Connecting the FVL328 to Your LAN

    25
    • How to Connect the FVL328 to Your LAN

      25
    • Configuring for a Wizard-Detected Login Account

      30
    • Configuring for a Wizard-Detected Dynamic IP Account

      32
    • Configuring for a Wizard-Detected Fixed IP (Static) Account

      32
  • Testing Your Internet Connection

    33
  • Manually Configuring Your Internet Connection

    34
    • How to Complete a Manual Configuration

      35
• Chapter 4 WAN and LAN Configuration

  37
  • Configuring LAN IP Settings

    37
    • Using the Router as a DHCP Server

      38
    • How to Configure LAN TCP/IP Settings and View the DHCP Log

      39
    • How to Configure Reserved IP Addresses

      40
  • Configuring WAN Settings

    41
    • Connect Automatically, as Required

      42
    • Setting Up a Default DMZ Server

      43
    • How to Assign a Default DMZ Server

      43
    • Multi-DMZ Servers

      43
    • Responding to Ping on Internet WAN Port

      44
    • MTU Size

      44
    • Port Speed

      44
  • Port Triggering

    45
    • Port Triggering Rules

      46
    • Adding a new Rule

      46
    • Checking Operation and Status

      47
  • Configuring Dynamic DNS

    47
    • How to Configure Dynamic DNS

      48
  • Using Static Routes

    48
    • Static Route Example

      48
    • How to Configure Static Routes

      49
• Chapter 5 Protecting Your Network

  51
  • Firewall Protection and Content Filtering Overview

    51
  • Using the Block Sites Menu to Screen Content

    51
    • Apply Keyword Blocking to Groups

      53
  • Services and Rules Regulate Inbound and Outbound Traffic

    53
    • Defining a Service

      54
    • Using Inbound/Outbound Rules to Block or Allow Services

      55
  • Examples of Using Services and Rules to Regulate Traffic

    57
    • Inbound Rules (Port Forwarding)

      57
      • Example: Port Forwarding to a Local Public Web Server

        58
      • Example: Port Forwarding for Videoconferencing

        58
      • Example: Port Forwarding for VPN Tunnels when NAT is Off

        59
    • Outbound Rules (Service Blocking or Port Filtering)

      60
      • Outbound Rule Example: Blocking Instant Messaging

        60
  • Other Rules Considerations

    61
    • Order of Precedence for Rules

      61
    • Rules Menu Options

      62
  • Using a Schedule to Block or Allow Content or Traffic

    63
    • Setting the Time Zone

      64
    • Set Clock

      64
    • Enable NTP (Network Time Protocol)

      64
    • User-defined NTP Server

      65
  • Getting E-Mail Notifications of Event Logs and Alerts

    65
  • Viewing Logs of Web Access or Attempted Web Access

    67
    • What to Include in the Event Log

      69
• Chapter 6 Virtual Private Networking

  71
  • Overview of FVL328 Policy-Based VPN Configuration

    71
    • Using Policies to Manage VPN Traffic

      71
    • Using Automatic Key Management

      72
    • IKE Policies’ Automatic Key and Authentication Management

      73
    • VPN Policy Configuration for Auto Key Negotiation

      76
    • VPN Policy Configuration for Manual Key Exchange

      79
  • Using Digital Certificates for IKE Auto-Policy Authentication

    84
    • Certificate Revocation List (CRL)

      85
  • How to Use the VPN Wizard to Configure a VPN Tunnel

    85
  • Walk-Through of Configuration Scenarios

    88
    • VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets

      89
    • FVL328 Scenario 1: How to Configure the IKE and VPN Policies

      91
    • How to Check VPN Connections

      96
    • FVL328 Scenario 2: Authenticating with RSA Certificates

      97
• Chapter 7 Managing Your Network

  105
  • Protecting Access to Your FVL328 Firewall

    105
    • How to Change the Built-In Password

      105
    • How to Change the Administrator Login Timeout

      106
  • Internet Traffic

    107
    • Internet Traffic Limit

      107
    • Enable Monthly Limit

      108
    • Internet Traffic Statistics

      108
    • Traffic by Protocol

      109
  • Network Database

    109
    • Advantages of the Network Database

      110
    • Known PCs and Devices

      111
    • Operations

      111
  • Network Management

    112
    • How to Configure Remote Management

      112
    • Viewing Router Status and Usage Statistics

      113
    • Viewing Attached Devices

      116
    • Viewing, Selecting, and Saving Logged Information

      117
      • Changing the Include in Log Settings

        118
      • Enabling the Syslog Feature

        119
  • Enabling Security Event E-mail Notification

    119
  • Backing Up, Restoring, or Erasing Your Settings

    121
    • How to Back Up the FVL328 Configuration to a File

      121
    • How to Restore a Configuration from a File

      122
    • How to Erase the Configuration

      122
  • Running Diagnostic Utilities and Rebooting the Router

    123
  • Upgrading the Router’s Firmware

    124
    • How to Upgrade the Router

      124
• Chapter 8 Troubleshooting

  127
  • Basic Functions

    127
    • Power LED Not On

      128
    • Test LED Never Turns On or Test LED Stays On

      128
    • Local or Internet Port Link LEDs Not On

      129
  • Troubleshooting the Web Configuration Interface

    129
  • Troubleshooting the ISP Connection

    130
  • Troubleshooting a TCP/IP Network Using a Ping Utility

    131
    • How to Test the LAN Path to Your Firewall

      132
    • How to Test the Path from Your PC to a Remote Device

      132
  • Restoring the Default Configuration and Password

    133
    • How to Use the Default Reset Button

      133
  • Problems with Date and Time

    134
• Appendix A Technical Specifications

  135
• Appendix B Networks, Routing, and Firewall Basics

  137
  • Related Publications

    137
  • Basic Router Concepts

    137
    • What is a Router?

      137
    • Routing Information Protocol

      138
    • IP Addresses and the Internet

      138
    • Netmask

      140
    • Subnet Addressing

      140
    • Private IP Addresses

      143
    • Single IP Address Operation Using NAT

      143
    • MAC Addresses and Address Resolution Protocol

      144
    • Related Documents

      145
    • Domain Name Server

      145
    • IP Configuration by DHCP

      145
  • Internet Security and Firewalls

    146
    • What is a Firewall?

      146
    • Stateful Packet Inspection

      146
    • Denial of Service Attack

      147
  • Ethernet Cabling

    147
    • Category 5 Cable Quality

      147
    • Inside Twisted Pair Cables

      148
    • Uplink Switches, Crossover Cables, and MDI/MDIX Switching

      149
• Appendix C Preparing Your Network

  151
  • What You Will Need Before You Begin

    151
    • LAN Hardware Requirements

      151
    • LAN Configuration Requirements

      152
    • Internet Configuration Requirements

      152
      • Where Do I Get the Internet Configuration Parameters?

        152
    • Worksheet for Recording Your Internet Connection Information

      153
  • Preparing Your Computers for TCP/IP Networking

    154
  • Configuring Windows 95, 98, and Me for TCP/IP Networking

    155
    • Install or Verify Windows Networking Components

      155
    • Enabling DHCP to Automatically Configure TCP/IP Settings

      156
      • Selecting Windows’ Internet Access Method

        157
    • Verifying TCP/IP Properties

      157
  • Configuring Windows NT, 2000 or XP for IP Networking

    158
    • Installing or Verifying Windows Networking Components

      158
    • Verifying TCP/IP Properties

      158
  • Configuring the Macintosh for TCP/IP Networking

    159
    • MacOS 8.6 or 9.x

      159
    • MacOS X

      160
    • Verifying TCP/IP Properties for Macintosh Computers

      160
  • Restarting the Network

    161
• Appendix D Firewall Log Formats

  163
  • Action List

    163
  • Field List

    163
  • Outbound Log

    163
  • Inbound Log

    164
  • Other IP Traffic

    164
  • Router Operation

    165
  • Other Connections and Traffic to this Router

    166
  • DoS Attack/Scan

    166
  • Access Block Site

    168
  • All Web Sites and News Groups Visited

    168
  • System Admin Sessions

    168
  • Policy Administration LOG

    169
• Appendix E Virtual Private Networking

  171
  • What is a VPN?

    171
  • What is IPSec and How Does It Work?

    172
    • IPSec Security Features

      172
    • IPSec Components

      172
    • Encapsulating Security Payload (ESP)

      173
    • Authentication Header (AH)

      174
    • IKE Security Association

      174
      • Mode

        175
    • Key Management

      176
  • Understand the Process Before You Begin

    176
  • VPN Process Overview

    177
    • Network Interfaces and Addresses

      177
      • Interface Addressing

        177
      • Firewalls

        178
    • Setting Up a VPN Tunnel Between Gateways

      178
  • VPNC IKE Security Parameters

    180
    • VPNC IKE Phase I Parameters

      180
    • VPNC IKE Phase II Parameters

      181
  • Testing and Troubleshooting

    181
  • Additional Reading

    181
• Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328

  183
  • Configuration Template

    183
  • Step-By-Step Configuration of FVS318 or FVM318 Gateway A

    184
  • Step-By-Step Configuration of FVL328 Gateway B

    187
  • Test the VPN Connection

    192
• Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router

  195
  • Configuration Profile

    195
  • Step-By-Step Configuration of FVL328 or FWAG114 Gateway

    196
  • Step-By-Step Configuration of the FVL328 Firewall B

    201
  • Testing the VPN Connection

    208
    • From the Client PC to the FVL328

      208
    • From the FVL328 to the Client PC

      209
  • Monitoring the PC VPN Connection

    209
  • Viewing the FVL328 VPN Status and Log Information

    211
• Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328

  213
  • Configuration Template

    213
    • Using DDNS and Fully Qualified Domain Names (FQDN)

      214
  • Step-By-Step Configuration of FVS318 or FVM318 Gateway A

    215
  • Step-By-Step Configuration of FVL328 Gateway B

    219
  • Test the VPN Connection

    224
• Glossary

  225
• Index

  231