Netgear FVL328 사용자 설명서
FVL328 Cable/DSL ProSafe High-Speed VPN Firewall
Page 2
7. How many VPN tunnels can the FVL328 support at one time?
As a standard feature, the FVL328 has the ability to support up to 100 VPN tunnels at one time. This can be
a combination of branch office, mobile users or partner connections.
a combination of branch office, mobile users or partner connections.
8. What is encryption?
A mathematical operation that transforms data from "clear text" to "cipher text," which cannot be
interpreted. Usually the mathematical operation requires that an alphanumeric key be supplied along with
the clear text. The key and clear text are processed by the encryption operation, which leads to data
scrambling that makes it secure. Decryption is the opposite of encryption; it is the mathematical operation
that transforms cipher text to clear text.
interpreted. Usually the mathematical operation requires that an alphanumeric key be supplied along with
the clear text. The key and clear text are processed by the encryption operation, which leads to data
scrambling that makes it secure. Decryption is the opposite of encryption; it is the mathematical operation
that transforms cipher text to clear text.
9. How is the data encrypted on the FVL328 VPN?
The data is hardware-encrypted through the embedded encryption accelerator in the microprocessor.
10. What is DES and 3DES?
DES, or Digital Encryption Standard, is encryption used for data communications where both the sender and
receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to
generate and verify a message authentication code. NETGEAR DES encryption uses a 56-bit key. 3DES, or
“triple DES” on the other hand, is a variation on DES that uses a 168-bit key to provide more secure data
transmission than DES. TripleDES is considered to be virtually unbreakable by security experts. It also
requires a great deal more processing power, resulting in increased latency and decreased throughput unless
hardware acceleration is provided, as in the FVL328.
receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to
generate and verify a message authentication code. NETGEAR DES encryption uses a 56-bit key. 3DES, or
“triple DES” on the other hand, is a variation on DES that uses a 168-bit key to provide more secure data
transmission than DES. TripleDES is considered to be virtually unbreakable by security experts. It also
requires a great deal more processing power, resulting in increased latency and decreased throughput unless
hardware acceleration is provided, as in the FVL328.
11. What is IPSec?
Internet Protocol Security is a robust VPN standard that covers authentication and encryption of data traffic
over the Internet. IPSec employs three components, encapsulating security payload (ESP), authentication
header (AH), and Internet key exchange (IKE) technology. VPN technology employing IPSec will encrypt
all outgoing data and decrypt all incoming data so that a public network can be used, like the internet, as
transportation media. IPSec can support two encryption modes: transport and tunnel. Transport mode
encrypts the data portion of each packet but leaves the header unencrypted. The more secure the tunnel
mode encrypts both the header and the data. The FVL328 supports both. At the receiving end, an IPSec-
compliant device decrypts each packet. For IPSec to work, the sending and receiving devices must share a
key. IKE protocol is a key management protocol standard which is commonly used in conjunction with the
IPSec standard. Unlike PPTP, IPSec is specific only to the Internet Protocol (IP) and does not provide
security for other protocols. PPTP supports multiple protocols, but is not as secure.
over the Internet. IPSec employs three components, encapsulating security payload (ESP), authentication
header (AH), and Internet key exchange (IKE) technology. VPN technology employing IPSec will encrypt
all outgoing data and decrypt all incoming data so that a public network can be used, like the internet, as
transportation media. IPSec can support two encryption modes: transport and tunnel. Transport mode
encrypts the data portion of each packet but leaves the header unencrypted. The more secure the tunnel
mode encrypts both the header and the data. The FVL328 supports both. At the receiving end, an IPSec-
compliant device decrypts each packet. For IPSec to work, the sending and receiving devices must share a
key. IKE protocol is a key management protocol standard which is commonly used in conjunction with the
IPSec standard. Unlike PPTP, IPSec is specific only to the Internet Protocol (IP) and does not provide
security for other protocols. PPTP supports multiple protocols, but is not as secure.
12. What is IKE?
Internet Key Exchange is a negotiation and key exchange protocol specified by the Internet Engineering
Task Force (IETF). An IKE security association (SA) automatically negotiates encryption and
authentication keys. With IKE, and initial exchange authenticates the VPN session and automatically
negotiates keys that will be used to pass IP traffic.
Task Force (IETF). An IKE security association (SA) automatically negotiates encryption and
authentication keys. With IKE, and initial exchange authenticates the VPN session and automatically
negotiates keys that will be used to pass IP traffic.
13. What is Authentication Header (AH)?
AH provides authentication and integrity, which protect against data tampering, using the same algorithms
as ESP. AH also provides optional anti-replay protection, which protects against unauthorized
retransmission of packets. The authentication header is inserted into the packet between the IP header and
any subsequent packet contents. The payload is not touched. Although AH protects the packet’s origin,
destination, and contents from being tampered with, the identity of the sender and receiver is known. In
as ESP. AH also provides optional anti-replay protection, which protects against unauthorized
retransmission of packets. The authentication header is inserted into the packet between the IP header and
any subsequent packet contents. The payload is not touched. Although AH protects the packet’s origin,
destination, and contents from being tampered with, the identity of the sender and receiver is known. In