Manuali utente per Netgear FVS328

Sommario

• Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

  1
  • Trademarks

    2
  • Statement of Conditions

    2
  • EN 55 022 Declaration of Conformance

    2
  • Certificate of the Manufacturer/Importer

    2
  • Bestätigung des Herstellers/Importeurs

    3
  • Voluntary Control Council for Interference (VCCI) Statement

    3
  • Technical Support

    3
  • World Wide Web

    3
• Contents

  5
• Chapter 1 About This Manual

  13
  • Audience

    13
  • Scope

    13
  • Typographical Conventions

    14
  • Special Message Formats

    14
  • How to Use this Manual

    15
  • How to Print this Manual

    16
• Chapter 2 Introduction

  17
  • About the FVS328

    17
  • Key Features

    17
    • Full Routing on Both the Broadband and Serial Ports

      17
    • Virtual Private Networking

      18
    • A Powerful, True Firewall

      18
    • Content Filtering

      19
    • Configurable Auto Uplink™ Ethernet Connection

      19
    • Protocol Support

      19
    • Easy Installation and Management

      20
  • What’s in the Box?

    21
    • The Firewall’s Front Panel

      21
    • The Firewall’s Rear Panel

      23
• Chapter 3 Connecting the FVS328 to the Internet

  25
  • What You Will Need Before You Begin

    25
    • LAN Hardware Requirements

      25
    • LAN Configuration Requirements

      25
    • Internet Configuration Requirements

      26
      • Where Do I Get the Internet Configuration Parameters?

        26
    • Worksheet for Recording Your Internet Connection Information

      27
  • Connecting the FVS328 to Your LAN

    28
    • How to Connect the FVS328 to Your LAN

      28
    • Configuring a Wizard-Detected Login Account

      32
    • Configuring a Wizard-Detected Dynamic IP Account

      33
    • Configuring a Wizard-Detected Fixed IP (Static) Account

      34
  • How to Configure the Serial Port for an Internet Connection

    34
  • Testing Your Internet Connection

    37
  • Manually Configuring Your Internet Connection

    38
    • How to Manually Configure the Primary Internet Connection

      39
• Chapter 4 Serial Port Configuration

  41
  • Configuring a Serial Port Modem

    42
    • Basic Requirements for Serial Port Modem Configuration

      42
    • How to Configure a Serial Port Modem

      42
  • Configuring Auto-Rollover

    43
    • Basic Requirements for Auto-Rollover

      43
    • How to Configure Auto-Rollover

      43
  • Configuring Dial-in on the Serial Port

    44
    • Basic Requirements for Dial-in

      45
    • How to Configure Dial-in

      45
  • Configuring LAN-to-LAN Settings

    46
    • Basic Requirements for LAN-to-LAN Connections

      46
    • How to Configure LAN-to-LAN Connections

      46
• Chapter 5 WAN and LAN Configuration

  49
  • Configuring LAN IP Settings

    49
    • Using the Router as a DHCP Server

      50
    • How to Configure LAN TCP/IP Setup Settings

      51
    • How to Configure Reserved IP Addresses

      52
  • Configuring WAN Settings

    52
    • Connecting Automatically, as Required

      53
    • Setting Up a Default DMZ Server

      53
    • How to Assign a Default DMZ Server

      53
    • Responding to Ping on Internet WAN Port

      54
    • How to Set the MTU Size

      54
  • Configuring Dynamic DNS

    54
    • How to Configure Dynamic DNS

      55
  • Using Static Routes

    55
    • Static Route Example

      55
    • How to Configure Static Routes

      56
• Chapter 6 Protecting Your Network

  59
  • Protecting Access to Your FVS328 Firewall

    59
    • How to Change the Built-In Password

      59
    • How to Change the Administrator Login Timeout

      60
  • Configuring Basic Firewall Services

    60
  • Using the Block Sites Menu to Screen Content

    61
  • Services and Rules Regulate Inbound and Outbound Traffic

    62
    • Defining a Service

      63
    • Using Inbound/Outbound Rules to Block or Allow Services

      64
  • Examples of Using Services and Rules to Regulate Traffic

    66
    • Inbound Rules (Port Forwarding)

      66
      • Example: Port Forwarding to a Local Public Web Server

        67
      • Example: Port Forwarding for Videoconferencing

        67
      • Example: Port Forwarding for VPN Tunnels when NAT is Off

        68
    • Outbound Rules (Service Blocking or Port Filtering)

      69
      • Outbound Rule Example: Blocking Instant Messaging

        70
  • Other Rules Considerations

    70
    • Order of Precedence for Rules

      70
    • Rules Menu Options

      71
  • Setting Times and Scheduling Firewall Services

    71
    • How to Set Your Time Zone

      72
    • How to Schedule Firewall Services

      73
• Chapter 7 Virtual Private Networking

  75
  • Overview of FVS328 Policy-Based VPN Configuration

    75
    • Using Policies to Manage VPN Traffic

      75
    • Using Automatic Key Management

      76
    • IKE Policies’ Automatic Key and Authentication Management

      77
    • VPN Policy Configuration for Auto Key Negotiation

      80
    • VPN Policy Configuration for Manual Key Exchange

      83
  • Using Digital Certificates for IKE Auto-Policy Authentication

    88
    • Certificate Revocation List (CRL)

      88
  • How to Use the VPN Wizard to Configure a VPN Tunnel

    89
  • Walk-Through of Configuration Scenarios

    91
    • VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets

      92
    • FVS328 Scenario 1: How to Configure the IKE and VPN Policies

      94
    • How to Check VPN Connections

      98
    • FVS328 Scenario 2: Authenticating with RSA Certificates

      99
• Chapter 8 Managing Your Network

  107
  • Network Management

    107
    • How to Configure Remote Management

      107
    • Viewing Router Status and Usage Statistics

      109
    • Viewing Attached Devices

      112
    • Viewing, Selecting, and Saving Logged Information

      113
      • Changing the Include in Log Settings

        115
      • Enabling the Syslog Feature

        115
  • Enabling Security Event E-mail Notification

    116
  • Backing Up, Restoring, or Erasing Your Settings

    117
    • How to Back Up the FVS328 Configuration to a File

      117
    • How to Restore a Configuration from a File

      118
    • How to Erase the Configuration

      119
  • Running Diagnostic Utilities and Rebooting the Router

    119
  • Upgrading the Router’s Firmware

    120
    • How to Upgrade the Router

      121
• Chapter 9 Troubleshooting

  123
  • Basic Functions

    123
    • Power LED Not On

      124
    • Test LED Never Turns On or Test LED Stays On

      124
    • Local or Internet Port Link LEDs Not On

      125
  • Troubleshooting the Web Configuration Interface

    125
  • Troubleshooting the ISP Connection

    126
  • Troubleshooting a TCP/IP Network Using a Ping Utility

    127
    • How to Test the LAN Path to Your Firewall

      128
    • How to Test the Path from Your PC to a Remote Device

      128
  • Restoring the Default Configuration and Password

    129
    • How to Use the Default Reset Button

      129
  • Problems with Date and Time

    130
• Appendix A Technical Specifications

  131
• Appendix B Firewall Log Formats

  133
  • Action List

    133
  • Field List

    133
  • Outbound Log

    133
  • Inbound Log

    134
  • Other IP Traffic

    134
  • Router Operation

    135
  • Other Connections and Traffic to this Router

    136
  • DoS Attack/Scan

    136
  • Access Block Site

    138
  • All Web Sites and News Groups Visited

    138
  • System Admin Sessions

    138
  • Policy Administration LOG

    139
• Appendix C Networks, Routing, and Firewall Basics

  141
  • Related Publications

    141
  • Basic Router Concepts

    141
    • What is a Router?

      141
    • Routing Information Protocol

      142
    • IP Addresses and the Internet

      142
    • Netmask

      144
    • Subnet Addressing

      144
    • Private IP Addresses

      147
    • Single IP Address Operation Using NAT

      147
    • MAC Addresses and Address Resolution Protocol

      149
    • Related Documents

      149
    • Domain Name Server

      149
    • IP Configuration by DHCP

      150
  • Internet Security and Firewalls

    150
    • What is a Firewall?

      151
    • Stateful Packet Inspection

      151
    • Denial of Service Attack

      151
  • Ethernet Cabling

    152
    • Uplink Switches and Crossover Cables

      152
    • Cable Quality

      153
• Appendix D Preparing Your Network

  155
  • Preparing Your Computers for TCP/IP Networking

    155
  • Configuring Windows 95, 98, and Me for TCP/IP Networking

    156
    • Install or Verify Windows Networking Components

      156
    • Enabling DHCP to Automatically Configure TCP/IP Settings

      158
      • Selecting Windows’ Internet Access Method

        158
    • Verifying TCP/IP Properties

      159
  • Configuring Windows NT, 2000 or XP for IP Networking

    159
    • Installing or Verifying Windows Networking Components

      159
    • Verifying TCP/IP Properties

      160
  • Configuring the Macintosh for TCP/IP Networking

    160
    • MacOS 8.6 or 9.x

      160
    • MacOS X

      161
    • Verifying TCP/IP Properties for Macintosh Computers

      162
  • Verifying the Readiness of Your Internet Account

    163
    • Are Login Protocols Used?

      163
    • What Is Your Configuration Information?

      163
    • Obtaining ISP Configuration Information for Windows Computers

      164
    • Obtaining ISP Configuration Information for Macintosh Computers

      165
  • Restarting the Network

    166
• Appendix E Virtual Private Networking

  167
  • What is a VPN?

    167
  • What is IPSec and How Does It Work?

    168
    • IPSec Security Features

      168
    • IPSec Components

      168
    • Encapsulating Security Payload (ESP)

      169
    • Authentication Header (AH)

      170
    • IKE Security Association

      170
      • Mode

        171
    • Key Management

      172
  • Understand the Process Before You Begin

    172
  • VPN Process Overview

    173
    • Network Interfaces and Addresses

      173
      • Interface Addressing

        173
      • Firewalls

        174
    • Setting Up a VPN Tunnel Between Gateways

      174
  • VPNC IKE Security Parameters

    176
    • VPNC IKE Phase I Parameters

      176
    • VPNC IKE Phase II Parameters

      177
  • Testing and Troubleshooting

    177
  • Additional Reading

    177
• Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVS328

  179
  • Configuration Profile

    179
  • Step-By-Step Configuration of FVS318 or FVM318 Gateway A

    180
  • Step-By-Step Configuration of FVS328 Gateway B

    183
  • Test the VPN Connection

    187
• Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328

  189
  • Configuration Profile

    189
    • Using DDNS and Fully Qualified Domain Names (FQDN)

      190
  • Step-By-Step Configuration of FVS318 or FVM318 Gateway A

    191
  • Step-By-Step Configuration of FVS328 Gateway B

    195
  • Test the VPN Connection

    199
• Appendix H NETGEAR VPN Client to NETGEAR the FVS328

  201
  • Profile: Traveling User or Telecommuter at Home

    201
  • Step-By-Step Configuration of FVS328 Gateway

    202
  • Step-By-Step Configuration of the Netgear VPN Client B

    207
  • Testing the VPN Connection

    214
    • From the Client PC to the FVS328

      214
    • From the FVS328 to the Client PC

      215
  • Monitoring the PC VPN Connection

    215
  • Viewing the FVS328 VPN Status and Log Information

    216
• Glossary

  219
• Index

  225