NETGEARメーカーFVS124Gの使用説明書/サービス説明書
ページ先へ移動 of 238
202-10085-01, Ma rch 2005 202-10085-01 March 2005 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95 054 USA Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual W AN.
2 202-10085-01, Ma rch 2005 © 2005 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR is a trademark of Netge ar , Inc. Microsoft, W indows, and W indow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered tradem arks or trad emarks of their respective holders.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -3 202-10085-01, March 2005 Certificate of the Manufactu rer/Importer It is hereby certified that the FVS12.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -4 202-10085-01, March 2005 Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or withou t modification, are permitted provided that the follo wing conditions * are met: 1.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -5 202-10085-01, March 2005 MD5 Copyright (C) 1990, RSA Data Se curity , Inc. All rights reserved. License to copy and u se this software is granted provided that it is identified as the "RSA Data Security , Inc.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -6 202-10085-01, March 2005 Product and Publication Det ails Model Number: FVS124G Publication Date: March 2005.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -1 202-10085-01, March 2005 Content s Chapter 1 About This Manual Audience, Scope, Conventions, and Formats . ......... ................. ................ ...
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -2 202-10085-01, March 2005 Inbound T raffic .................... ................ ................ ................ ................ ................ ...........
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -3 202-10085-01, March 2005 Load Balancing (and Protocol Binding) Setup . ................... ................... .......... 4-17 S tep 5: Configure Dynamic DNS (If Needed) .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -4 202-10085-01, March 2005 Creating a VPN Connection: Between FVX538 and FVS124G ....... ................ ............... 7-5 Configuring the FVX538 ............
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -5 202-10085-01, March 2005 W AN Port Connection S tatus ....... ................ ................. ................ ................ ... 8-18 Dynamic DNS S tatus .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -6 202-10085-01, March 2005 Routing Information Protocol .................. ... ............. ................ ............. ................ .... B-2 IP Addresses and the Internet .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts -7 202-10085-01, March 2005 MacOS X ...................... ... ... ... .... ............. ... ... ... ... .... ... ... ... .... ... ... ............. ... ... .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -8 202-10085-01, March 2005 C ............... ................ ............. ................ ................ ................ ................. ............ Glos sary -3 D .
About This Manual 1-1 202-10085-01, March 2005 Chapter 1 About This Manual This chapter describes the intended audience, sc ope, conventions, and formats of this manual. Audience, Scope, Conventions, and Format s This reference manual assumes that the reader h as basic to interme diate computer and Internet skills.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 1-2 About This Manual 202-10085-01, March 2005 How to Use This Manual The HTML version of this ma nual includes.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts About This Manual 1-3 202-10085-01, March 2005 How to Print this Manual T o print this manual you can choose one of the fo llowing several options, a ccording to your needs.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 1-4 About This Manual 202-10085-01, March 2005.
Introduction 2-1 202-10085-01, March 2005 Chapter 2 Introduction This chapter describes the features of the NETG EAR FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual W A N Ports.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 2-2 Introduction 202-10085-01, March 2005 • Front panel LEDs for easy monito ring of status and activ ity .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-3 202-10085-01, March 2005 • W ith its URL keyword filtering feature, the FVS124G prevents objectionable content from reaching your PCs.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 2-4 Introduction 202-10085-01, March 2005 Extensive Protocol Support The FVS124G VPN Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/ IP) and Routing Information Protocol (RIP).
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-5 202-10085-01, March 2005 •V P N W i z a r d The FVS124G VPN Firewall includes the NETGEA.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 2-6 Introduction 202-10085-01, March 2005 • Resour ce CD for Pr oSafe VPN Fir ewall 25 with 4 Gigabit LAN a nd Dual W AN Ports , including: – This guide. – Application Notes and ot her helpful information.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-7 202-10085-01, March 2005 The Router’ s Rear Panel The rear panel of the FVS124G ProSafe .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 2-8 Introduction 202-10085-01, March 2005 Figure 2-2: FVS124G Rear Panel V iewed from left to right, the rear p.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-9 202-10085-01, March 2005 Figure 2-3: FVS124G Bottom Label Logging into the Router T o log into the FVS124 G once it is connected, 1. Open a W eb browse r .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 2-10 Introduction 202-10085-01, March 2005 Figure 2-4: Login screen on t he Web bro wse r Note: Read-only acces s is provided by logging in as username guest and default password password .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Introduction 2-11 202-10085-01, March 2005 NETGEAR Related Product s NETGEAR products related to the FVS124.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 2-12 Introduction 202-10085-01, March 2005.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-1 202-10085-01, March 2005 Chapter 3 Network Planning This chapter describes the factors to consider when planning a ne twork using a firewall that has dual W A N ports.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-2 Network Planning 202-10085-01, March 2005 The Rollover Case for Firewa lls With Dual W AN Ports Rollover ( Figure 3-1 ) for the dual W AN port case is differ ent from the single gateway W A N port case when specifying the IP address.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-3 202-10085-01, March 2005 Inbound T raffic Incoming traf fic from the Internet is norma.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-4 Network Planning 202-10085-01, March 2005 Inbound T raffic: Dual W AN Ports for Imp roved Reliability In the dual W AN port case with rollover ( Figure 3-4 ), the W AN’ s IP address will always change at rollover .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-5 202-10085-01, March 2005 V irtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanis m must be used for determining the IP addresses of the tunnel end po ints.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-6 Network Planning 202-10085-01, March 2005 Figure 3-6: Dual gateway W AN ports befor e and af ter rollover .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-7 202-10085-01, March 2005 Figure 3-8: Single gateway W AN port case for VPN road warrior The IP address of the gateway W AN port can be either fixed or dynamic.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-8 Network Planning 202-10085-01, March 2005 After a rollover of the gateway W AN port ( Figure 3-10 ), the previously inactive gateway W AN port becomes the active port (port W AN2 in th is example) and the remote PC client must re-establish the VPN tunnel.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-9 202-10085-01, March 2005 The IP addresses of the gateway W AN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name must b e used.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-10 Network Planning 202-10085-01, March 2005 VPN Gateway-to-Gateway: Dual Gateway W AN Ports for Imp roved Re.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-11 202-10085-01, March 2005 Figure 3-14: Dual gateway W AN ports, af ter rollover , for .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-12 Network Planning 202-10085-01, March 2005 The IP addresses of the gateway W AN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name must b e used.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network Planning 3-13 202-10085-01, March 2005 VPN T elecommuter: Dual Gateway W AN Ports for Impro ved Rel.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 3-14 Network Planning 202-10085-01, March 2005 The purpose of the fully-qualified do main name is this case is to toggle the domain name of the gateway router between the IP addresses of the ac tive W AN port (i.
Connecting the FV S124G to th e Internet 4-1 202-10085-01, March 2005 Chapter 4 Connecting the FVS124G to the Internet This chapter describes how to connect the W AN ports of the FVS124G VPN Firewall to the Internet.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-2 Connecting the FVS124G to the Intern et 202-10085-01, March 2005 – Y ou can also add your own service protocols to the list (see “Services-Based Rules” on page 6-4 for information on how to do this).
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-3 202-10085-01, March 2005 Y ou make these selections during “S tep 2: Log in to the VPN Firewall (Required)” on page 4- 7 .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-4 Connecting the FVS124G to the Intern et 202-10085-01, March 2005 Internet Configuration Requirement s Depen.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-5 202-10085-01, March 2005 Record Y our Internet Co nnection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP).
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-6 Connecting the FVS124G to the Intern et 202-10085-01, March 2005 Connecting the FVS124G ProSaf e VPN Firewall 25 with 4 Gigabit LAN and Dual W AN Port s This section provides instructio ns for connecting the FVS124G VPN Firewall.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-7 202-10085-01, March 2005 S tep 1: Physically Connect the VPN Firewall to Y our Network (Required) 1. T urn off your computer and Cable or DSL Modem.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-8 Connecting the FVS124G to the Intern et 202-10085-01, March 2005 Figure 4-2: Login screen on t he Web bro wse r 2. For security reasons, the firewall has its own us er name and passw ord.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-9 202-10085-01, March 2005 Figure 4-3: W AN1 and W AN2 Basic Sett.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-10 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 b. Click Setup W izard on the W AN1 ISP Settings screen to get the Setup W izard (W AN1) screen.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-11 202-10085-01, March 2005 2. The steps to configure W AN port 2 are a s follows: a. Repeat the above steps to set up the paramete rs for ISP2.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-12 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 Manually Configuring Y our Internet Conne.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-13 202-10085-01, March 2005 Programming the T raffic Meter (if Desired) From the Main Menu of the browser interface, un der W AN Setup, click Traf fic Meter .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-14 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 T able 4-1. T raffic meter Parameter Description Enable T raffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's WAN1 or W AN2 port.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-15 202-10085-01, March 2005 S tep 4: Configure the W AN Mode (Req.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-16 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 Rollover Setup Perform the following steps to config ure the dual W AN ports for rollover: 1.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-17 202-10085-01, March 2005 • T est Period—DNS query is sent periodically after every test period. The minimum test period is 30 seconds.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-18 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 Figure 4-7: W AN Mode screen for load bal.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-19 202-10085-01, March 2005 • T est Period—DNS query is sent periodically after every test period. The minimum test period is 30 seconds.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-20 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 S tep 5: Configure Dynamic DNS (If Needed.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-21 202-10085-01, March 2005 Figure 4-8: Dynamic DNS screens Dynam.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-22 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 Each DNS service provider requires its own paramete rs ( Figure 4-9 ). Figure 4-9: Dynamic DNS service pro vider sc reens 3.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Connecting the FVS124G to the In ternet 4-23 202-10085-01, March 2005 S tep 6: Configure the W AN Options (If Needed) Perform the following steps to configure the W AN options: 1.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 4-24 Connecting the FVS124 G to the Internet 202-10085-01, March 2005 • Port Speed—In most cases , your router can automatically determin e the connection speed of the Internet (W AN) port.
LAN Configuration 5-1 202-10085-01, March 2005 Chapter 5 LAN Configuration This chapter describes how to configure the ad vanced features of your FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual W AN Po rts. These features can be found under the Advanced heading in the Main Menu of the browser interface.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 5-2 LAN Configuration 202-10085-01, March 2005 Figure 5-1: LAN IP Setup menu Configuring LAN TCP/IP Setup Parameters LAN TCP/IP Setup—The default values are suitabl e for most users and situations.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts LAN Configuration 5-3 202-10085-01, March 2005 • IP Subnet Mask: The subnet mask specifies the ne twork number portion of an IP address. Y our router will automatically calcul ate the subnet mask based on the IP address that you assign.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 5-4 LAN Configuration 202-10085-01, March 2005 • Ending IP Address - This box specifies the last of the contiguous addresses in the IP address pool. 192.168.1 .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts LAN Configuration 5-5 202-10085-01, March 2005 • Primary DNS Server (if you entered a Prim ary DNS addres.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 5-6 LAN Configuration 202-10085-01, March 2005 Multi Home LAN IP s Click Multi Home LAN IPs Setup on the LAN IP Setup screen (see Figure 5-1 ) to invoke the Secondary LAN IP Setup screens.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts LAN Configuration 5-7 202-10085-01, March 2005 From the Main Menu of the browser interface, un der Advanced, click on Static Routes to view the St atic Route menu, sho wn below .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 5-8 LAN Configuration 202-10085-01, March 2005 8. T ype a number between 1 and 15 as the M etric value. This represents the number of firewalls between your network and the destination.
Firewall Protection and Conten t Filtering 6-1 202-10085-01, March 2005 Chapter 6 Firewall Protection and Content Filtering This chapter describes how to u se the content filtering features of the FVS124 G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual W AN Ports to protect your ne twork.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-2 Firewall Protection and Content Filtering 202-10085-01, March 2005 A firewall has two default rules, one for inbound traf fic and one for outbound.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6-3 202-10085-01, March 2005 Note: This feature is for Advanced Administrators only! Incorrect configur ation will cause serious problems.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-4 Firewall Protection and Content Filtering 202-10085-01, March 2005 b. Click the button for the desired actions: – Edit - to make any changes to the rule definit ion.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6-5 202-10085-01, March 2005 • Quality of service (QoS) priorities—Each servic e at its own native priority that impacts its quality of performance and tolerance for jitter or delays.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-6 Firewall Protection and Content Filtering 202-10085-01, March 2005 T able 6-1. Inbound Services Item Desc ription Services Select the desired Servi ce or applicati on to be covered by this rule.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6-7 202-10085-01, March 2005 Remember that allowing inboun d services opens holes in your FVS124G VPN Firewall. Only enable those ports that are necessary fo r your network.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-8 Firewall Protection and Content Filtering 202-10085-01, March 2005 Inbound Rule Example: Allowing V ideocon.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6-9 202-10085-01, March 2005 – LAN IP address subnet is 192 .168.1.1 255 .255.255.0 • W eb server PC on the firewall's LAN – LAN IP address is 192.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-10 Firewall Protection and Content Filtering 202-10085-01, March 2005 5. Select Action "ALLOW always". 6. For Send to LAN Server , enter the loca l IP address of your web server PC.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -11 202-10085-01, March 2005 T o test the connection from a PC on the Internet, type http:// <IP_address> , where <IP_address> is the public IP address you have mapped to your web server .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-12 Firewall Protection and Content Filtering 202-10085-01, March 2005 Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP , the IP address may change periodically as the DHCP lease expires.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -13 202-10085-01, March 2005 Note: See “Source MAC Filtering” on page 6-27 for yet another way to block outbound traffic from selected PCs that would otherwise be allowed by the firewall.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-14 Firewall Protection and Content Filtering 202-10085-01, March 2005 QoS Priority This setting determines the priori ty of a service, which in turn, determines the quality of that service for the traffic passing thro ugh the firewall.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -15 202-10085-01, March 2005 Outbound Rule Example: Blocking In.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-16 Firewall Protection and Content Filtering 202-10085-01, March 2005 Order of Precedence for Rules As you de.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -17 202-10085-01, March 2005 Although the FVS124G already holds a list of many service port numbers, you ar e not limited to these choices.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-18 Firewall Protection and Content Filtering 202-10085-01, March 2005 5. Click Apply . The new service will now appear in the Services menu, and in the Servic e name selection box in the Rules menu.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -19 202-10085-01, March 2005 The QoS priority definition for a .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-20 Firewall Protection and Content Filtering 202-10085-01, March 2005 Managing Group s and Hosts The Network Database is an auto matically-maintai ned list of all known PCs and network devices.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -21 202-10085-01, March 2005 Figure 6-13: Group s and Hosts scr.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-22 Firewall Protection and Content Filtering 202-10085-01, March 2005 Using a Schedule to Block or Allow S pe.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -23 202-10085-01, March 2005 Figure 6-14: Schedule menu T o inv oke rules and block keywords or Intern et domains based on a schedule, select Eve ry Day or select one or more days.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-24 Firewall Protection and Content Filtering 202-10085-01, March 2005 T ime Zone The FVS124G VPN Firewall uses the Network T ime Protocol (NTP) to obta in the current time and date from one of severa l Network T im e Server s on the Internet.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -25 202-10085-01, March 2005 The Block Sites menu is shown in F.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-26 Firewall Protection and Content Filtering 202-10085-01, March 2005 Keyword application examples: • If the keyword "XXX" is specified, the URL <h ttp://www .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -27 202-10085-01, March 2005 Source MAC Filtering Source MAC Filter will drop the Internet-bound tr af fic received from the PCs with the specified MAC address.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-28 Firewall Protection and Content Filtering 202-10085-01, March 2005 Port T riggering Port triggering allows some app lications to function correctly th at wou ld otherwise be partially blocked by the firewall.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -29 202-10085-01, March 2005 • After a PC has finished using a Port T riggering application, there is a T ime-out period before the application can be used by anothe r PC.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-30 Firewall Protection and Content Filtering 202-10085-01, March 2005 Getting E-Mail Notifications of Event L.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -31 202-10085-01, March 2005 Figure 6-18: Logs and E-mail screens Click on V iew Log button to view variou s log messages generated by the Router .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-32 Firewall Protection and Content Filtering 202-10085-01, March 2005 Items to include in the log: • Use these checkboxes to determine which events are included in the log.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -33 202-10085-01, March 2005 • In the Log Threshold T ime box, set the logs Threshold time. • In the Alert Queue Length box, set the alerts queue length.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-34 Firewall Protection and Content Filtering 202-10085-01, March 2005 Figure 6-19: Firewall Logs menu T able 6-7. Log entry descripti ons Field Description Date and T ime The date and time the log entry was recorded.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Firewall Protection and Content Filtering 6 -35 202-10085-01, March 2005 Administrator Information Consider the following operational items: 1.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 6-36 Firewall Protection and Content Filtering 202-10085-01, March 2005.
Virtual Private Networking 7-1 202-10085-01, March 2005 Chapter 7 V irtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVS124G VPN Firewall. VPN tunnels provide secure, en crypted communications between your local network and a remote network or computer .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-2 Virtual Private Networking 202-10085-01, March 2005 Figure 7-1 shows the setup screens for the selec te d W AN mode. This setup is accomplished in “Step 4: Configure the W AN Mode (Required for Dual W AN)” on page 4-15 .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking 7-3 202-10085-01, March 2005 See “Step 5: Configure Dynamic DNS (If Needed)” on page 4-20 for ho w to select and configure the Dynamic DN S se rv ice.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-4 Virtual Private Networking 202-10085-01, March 2005 Figure 7-3: Functional opera tion of FVS124G W AN port .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking 7-5 202-10085-01, March 2005 Creating a VPN Connection: Between FVX538 and FVS124G This section describes how to configure a VPN connection between a NETGEAR FVX538 VPN Firewall and a NETGEAR FVS124G VPN Firewall.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-6 Virtual Private Networking 202-10085-01, March 2005 5. Click Next. 6. Enter the W AN IP address of the remote FVS124G . 7. Click W AN1 to bind this connection to the W AN1 port.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking 7-7 202-10085-01, March 2005 11 . Click Done to crea te the 'to_fvs' IKE and VPN policies. In the IKE Policies menu, the 'to_fvs' IKE policy will appear in the table.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-8 Virtual Private Networking 202-10085-01, March 2005 13. In the VPN Policies menu, the 'to_fvs' VPN policy will appear in the table.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking 7-9 202-10085-01, March 2005 14. Y ou can view the VPN parameters by selecting 't o_fvs' and clicking Edit. It should not be necessary to make any changes.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-10 Virtual Private Ne tworking 202-10085-01, March 2005 4. Select 'a remo te VPN gate way'. Figure 7-1 1: VPN Wizard sta rt p age 5. Click Next. 6. Enter the W AN IP address of the remote FVX538.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Ne tworking 7-11 202-10085-01, March 2005 8. Enter the LAN IP address and subn et mask of the re mote FVX538. Figure 7-13: LAN IP address and subnet mask of remote FVX538 9.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-12 Virtual Private Ne tworking 202-10085-01, March 2005 This procedure was dev eloped and tested using : • Netgear FVS124G ProSafe VPN Firewall 25 w ith 4 Gigabit LAN and Dual W A N Ports with version 1.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Ne tworking 7-13 202-10085-01, March 2005 2. In the upper left of the Polic y Editor window , clic k the New Document icon to open a New Connection.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-14 Virtual Private Ne tworking 202-10085-01, March 2005 3. Give the New Connection a name, such as to_FVS . Figure 7-16: New connection name d 4. In the Remote Party Identity section, select ID T ype of IP Subnet.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Ne tworking 7-15 202-10085-01, March 2005 8. For Domain Name, enter 'fvs_local.com' and enter the W AN IP Address of the FVS124G. Figure 7-17: Remote client info 9.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-16 Virtual Private Ne tworking 202-10085-01, March 2005 12. Leave V irtua l Adapter disabled, and select your computer's Network Adapter . Y our current IP address will appear .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Ne tworking 7-17 202-10085-01, March 2005 14. Click Enter Key , type your preshared key , and click OK. This key will be shared by all users of the FVS124G policy "home".
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-18 Virtual Private Ne tworking 202-10085-01, March 2005 16. Select Phase 1 Negotiation Mode = Aggressive Mode. PFS should be disabled, and Rep l ay Detection should be enabled.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Ne tworking 7-19 202-10085-01, March 2005 17. In the left frame, expand Authen tication and select Proposal 1. Compare with the figure below .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-20 Virtual Private Ne tworking 202-10085-01, March 2005 18. In the left frame, expand Key Exchange and select Proposal 1. Compare with the figure below . No changes should be neces sary .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Ne tworking 7-21 202-10085-01, March 2005 21.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 7-22 Virtual Private Ne tworking 202-10085-01, March 2005.
Router and Network Mana gement 8-1 202-10085-01, March 2005 Chapter 8 Router and Network Management This chapter describes how to u se the network management features of your FVS1 24G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual W AN Ports.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-2 Router and Network Man a ge m en t 202-10085-01, March 2005 VPN Firewall Features That Reduce T raffic Feat.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Mana gement 8-3 202-10085-01, March 2005 – Address range: The rule is applied to a range of Internet IP addresses. • Services—Y ou can specify the desired Services or applications to be covered by this rule.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-4 Router and Network Man a ge m en t 202-10085-01, March 2005 See “Using a Schedule to Block or Allo w Specific T raf fic” on page 6-22 for the procedure on how to use this feature.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Mana gement 8-5 202-10085-01, March 2005 •V P N t u n n e l s Port Forwarding The firewall always blocks DoS (Den ial of Service) attacks.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-6 Router and Network Man a ge m en t 202-10085-01, March 2005 • W AN Users—These settings determ ine which Internet locations ar e covered by th e rule, based on their IP address.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Mana gement 8-7 202-10085-01, March 2005 – After a PC has finished using a Port T rigge ring application, there is a time-out period before the application can be used by anot her PC.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-8 Router and Network Man a ge m en t 202-10085-01, March 2005 Administrator and Guest Access Authorization Y ou can change the administrator and guest pass words, administrator lo gin timeout, and enable remote management.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Mana gement 8-9 202-10085-01, March 2005 Enabling Remote Management Access Using the Remote Manage ment page, you can allow an administrator on the In ternet to configure, upgrade, and ch eck the status of your FVS12 4G VPN Firewall.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-10 Router and Networ k Management 202-10085-01, March 2005 a. T o allow access from any IP address on the Interne t, select Everyone. b. T o allow access from a range of IP addresses on the Internet, select IP address range.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-11 202-10085-01, March 2005 Y ou can access the command line interface (CLI) either by using telnet or by connecting a terminal to the console port on the front of the unit.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-12 Router and Networ k Management 202-10085-01, March 2005 Figure 8-3: T raffic Limit Reached alert Login Failures and Att acks Figure 8-3 shows the Log screen that is invoked by clicking Logs and Email under Security on the Main Menu bar .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-13 202-10085-01, March 2005 Figure 8-4: Logs and email sc reen Select the types of a lerts to email. Enable email alerts. Accumulate 64 messages be for e sending a log email.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-14 Router and Networ k Management 202-10085-01, March 2005 Monitoring Y ou can view status information about the firewa ll, W AN ports, LAN port s, and VPN tunnels and program SNMP conn ections.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-15 202-10085-01, March 2005 Figure 8-5: Router S t atus screen FVS124G.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-16 Router and Networ k Management 202-10085-01, March 2005 Note: The Router Status page displays current settings and statistics for your router . As this information is read-onl y , any changes must be made on othe r pages.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-17 202-10085-01, March 2005 Figure 8-6: T ime information on the Schedule screen If supported for your region, y ou can check Automatically adjust for Daylig ht Savings T ime.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-18 Router and Networ k Management 202-10085-01, March 2005 WA N P o r t s Y ou can monitor the status of the W AN c onnectio ns, Dynamic DNS services, and Internet traf fic information.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-19 202-10085-01, March 2005 Dynamic DNS St atus Invoke the Dynamic DNS Status screen from Dynami c DNS screen by c licking Show Status to see the current DDNS Status in a sub-window .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-20 Router and Networ k Management 202-10085-01, March 2005 Figure 8-9: Intern et T raffic inf ormation LAN Po.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-21 202-10085-01, March 2005 Figure 8-10: Network Dat abase screen The Network Database is an auto matically-maintai ned list of all known PCs and network devices.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-22 Router and Networ k Management 202-10085-01, March 2005 Note: If the firewall is rebooted, the table data is lo st until the firewall redi scovers the devices.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-23 202-10085-01, March 2005 Firewall Y ou can view the log of the firewall activities. Figure 8-3 shows the Log screen that is invoked by clicking Logs and Email under Security on the Main Menu bar .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-24 Router and Networ k Management 202-10085-01, March 2005 Figure 8-13: Logs and email screen Select the types of logs to email. Enable emailing of logs. Enable system logs.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-25 202-10085-01, March 2005 Invoke the Firewall Log screen from Logs and Email screen.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-26 Router and Networ k Management 202-10085-01, March 2005 VPN T unnels Y ou can view the status of the VPN tunnels. Figure 8-15: VPN St atus/Log and IPSec Connection S t atus screens T able 8-1.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-27 202-10085-01, March 2005 SNMP SNMP lets you monitor and manage log resour ces from an SNMP-compliant system manager . SNMP system configuration lets you ch ange the s ystem variabl es for MIB2.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-28 Router and Networ k Management 202-10085-01, March 2005 Figure 8-17: Diagnostics sc reen T able 8-1. Diagnostics Item Desc ription Ping or T race an IP address Ping—Use this to send a ping packet request to the specified IP address.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-29 202-10085-01, March 2005 Configuration File Management The configuration settings of th e FVS124G VP N Firewall are stor ed within the firewall in a configuration file.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-30 Router and Networ k Management 202-10085-01, March 2005 Restoring and Backing Up the Configuration IMPOR T.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Router and Network Ma nagement 8-31 202-10085-01, March 2005 Figure 8-19: Router Upgrade me nu T o upload new firmware: 1. Download and unzip the new so ftware file from NETGEAR.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 8-32 Router and Networ k Management 202-10085-01, March 2005 • T o restore the factory default configuration .
Troubleshooting 9-1 202-10085-01, March 2005 Chapter 9 T roubleshooting This chapter gives information about troubleshooting your FVS124G ProSafe VPN Firewal l 25 with 4 Gigabit LAN and Dual W AN Ports. Afte r each problem description, instructions are provided to help y ou diag nose and solve the problem.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 9-2 Troubleshooting 202-10085-01, March 2005 LEDs Never T urn Off When the firewall is turned on, the LEDs turns on for about 10 sec onds and then turn off. If all the LEDs stay on, there is a fault within the firewall.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Troubleshooting 9-3 202-10085-01, March 2005 T roubleshooting the Web Configuration Interface If you are un.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 9-4 Troubleshooting 202-10085-01, March 2005 T roubleshooting the ISP Connection If your firewall is unable to a ccess the Internet, you should first determine whether the firewall is able to obtain a W AN IP address from the ISP .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Troubleshooting 9-5 202-10085-01, March 2005 OR Configure your firewall to sp oof your PC’ s MAC address. This ca n be done in the Basic Settings menu. Refer to “Manually Configuring Y our Internet Connection” on pag e 4-1 2 .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 9-6 Troubleshooting 202-10085-01, March 2005 If the path is not working, you see this message: Request timed ou.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Troubleshooting 9-7 202-10085-01, March 2005 — Y our ISP coul d be rejecting the Ethe rnet MAC addresses of all but one of your PCs.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports 9-8 Troubleshooting 202-10085-01, March 2005 • T ime is off by one hour . Cau se: The firewa ll does not automatically sense Daylight Savings T ime. In the E-Mail menu, check or unch eck the box marked “Adjust fo r Daylight Savings T ime”.
Technical Specifications A-1 202-10085-01, March 2005 Appendix A T echnical Specifications This appendix provides technical specifications for the FVS124G Pr oSafe VPN Firewall 25 with 4 Gigabit LAN and Dual W A N Ports.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports A-2 Technical Specifications 202-10085-01, March 2005 Interface S p ecifications LAN: 10BASE-T or 100BASE-Tx, R.
Network, Routing, Firewall, and Basics B-1 202-10085-01, March 2005 Appendix B Network, Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and n etworking. Related Publications As you read this document, you may be dire cted to various RF C documents for further information.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-2 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 What is a Router? A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables main tained by the router .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Firewall, and Basics B-3 202-10085-01, March 2005 195.34.12.7 The latter version is easier to remember and easier to enter into your computer .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-4 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a netw ork. Class C addre sses use 24 bits for the network address and eight bits for the node.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Firewall, and Basics B-5 202-10085-01, March 2005 As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-6 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Firewall, and Basics B-7 202-10085-01, March 2005 Configure all hosts on a LAN segment to.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-8 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 Single IP Address Operation Using NA T In the past, if multiple PCs on a LAN needed to access the Internet simultaneously , you had to obtain a range of IP addresses from the ISP .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Firewall, and Basics B-9 202-10085-01, March 2005 This scheme offers t he additional benefit of firewall -like protection because the internal LAN addresses are not available to the Internet thro ugh the translated connection.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-10 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 Domain Name Server Many of the resources on the In ternet can be addressed by si mple descriptive names such as www .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Fi rewall, and Basics B-11 202-10085-01, March 2005 What is a Firewall? A firewall is a device that protects one netw ork from another , while allowing communication between the two.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-12 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 . Category 5 Cable Quality Category 5 distributed cable that me ets ANSI/EIA/ TIA-568-A building wiring stan da rds can be a maximum of 328 feet (ft.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Fi rewall, and Basics B-13 202-10085-01, March 2005 Inside T wisted Pair Cables For two devices to communicate, th e transmitter of each device must be connected to the receiver of the other device.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-14 Network, Routing, Firewall, and Basics 202-10085-01, March 2005 Figure B-3: Category 5 UTP Cable with Male RJ -4 5 Plug at Each End Note : Flat “silver satin” tele phone cable may have the same RJ-45 plug .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Network, Routing, Fi rewall, and Basics B-15 202-10085-01, March 2005 The FVS124G VPN Firewall in corpo rates Aut o Uplink TM technology (also called MDI/MDIX).
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports B-16 Network, Routing, Firewall, and Basics 202-10085-01, March 2005.
Preparing Your Netwo rk C-1 202-10085-01, March 2005 Appendix C Prep aring Y our Network This appendix describes how to prepare your ne twork to connect to the Internet through the FVS124G ProSafe VPN.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-2 Preparing Yo ur Network 202-10085-01, March 2005 In your IP network, each PC and the firewall must be assigned a unique IP addresses.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-3 202-10085-01, March 2005 Y ou must have an Ethernet adapter , the TCP/IP protocol, and Client for Micros oft Networks. If you need to install a ne w adapter , follow these steps: a.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-4 Preparing Yo ur Network 202-10085-01, March 2005 If you need Client for Micro soft Networks: a. Click the Add button. b. Select Client, and then click Ad d. c.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-5 202-10085-01, March 2005 V erify the following settings as shown: • Client fo.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-6 Preparing Yo ur Network 202-10085-01, March 2005 Selecting Windows’ In ternet Access Method 1. On the W indows taskbar , click the Start button, point to Settings, and th en click Control Panel.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-7 202-10085-01, March 2005 2. Ty p e winipcfg , and then click OK. The IP Configuration window opens, which lists (a mong other things), your IP address, subnet mask, and default gateway .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-8 Preparing Yo ur Network 202-10085-01, March 2005 Enabling DHCP to Automatically Configure TCP/IP Settings Y ou will find there are many similarities in th e procedures for dif f erent Windows systems when using DHCP to configure TCP/IP .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-9 202-10085-01, March 2005 • Now you should be at the Local Area Network Connection S tatus window . This box displays the conn ection status, duration, speed, and activity statistics.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-10 Preparing Your Network 202-10085-01, March 2005 DHCP Configuration of TC P/IP in Windows 2000 Once again, after you have installed the network card, TCP/IP for W indows 2000 is con figured.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-11 202-10085-01, March 2005 • Click on the My Network Places icon on the W indows desktop. This will bring up a window called Network and Dial-up Connectio ns.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-12 Preparing Your Network 202-10085-01, March 2005 • W ith Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Propert ies dialogue box.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-13 202-10085-01, March 2005 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP env ironment for W indows NT 4.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-14 Preparing Your Network 202-10085-01, March 2005 • Highlight the TCP/IP Pr otocol in the Network Protocols box, and click on the Properties button.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-15 202-10085-01, March 2005 V erifying TCP/IP Properties fo r Windows XP , 2000, and NT4 T o check your PC’ s TCP/IP configuration: 1.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-16 Preparing Your Network 202-10085-01, March 2005 • The default gateway i s 192.168.1.1 4. Ty p e exit Configuring the Macintos h for TCP/IP Networking Beginning with Macintosh Operating System 7 , TCP/ IP is already installed on the Macint osh.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-17 202-10085-01, March 2005 2. If not already selected, select Built- in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-18 Preparing Your Network 202-10085-01, March 2005 V erifying the Readiness of Y our Internet Account For bro.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-19 202-10085-01, March 2005 • An IP address and subnet mask • A gateway IP ad.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-20 Preparing Your Network 202-10085-01, March 2005 If an IP address appears under Installed Gatewa ys, write down the address. This is the ISP’ s gateway address.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Preparing Your Netwo rk C-21 202-10085-01, March 2005 Rest arting the Network Once you’ve set up yo ur computers to work with the fi rewall, you must reset the network for the devices to be able to communicate correctly .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports C-22 Preparing Your Network 202-10085-01, March 2005.
Virtual Private Networking D-1 202-10085-01, March 2005 Appendix D V irtual Private Networking There have been many improvem ents in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports D-2 Virtual Private Networking 202-10085-01, March 2005 • Remote Access: Remote access enables telecommuters and mobile workers to access e-ma il and business applications.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking D-3 202-10085-01, March 2005 • Encapsulating Security Payload (ESP) : Provides confidentiality , authentication, and integrity . • Authentication Header (AH) : Provides authentication and integrity .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports D-4 Virtual Private Networking 202-10085-01, March 2005 The ESP header is inserted into the packet betw een the IP header and any subsequent packet contents. However , because ESP encrypts the data, the payload is changed.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking D-5 202-10085-01, March 2005 Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports D-6 Virtual Private Networking 202-10085-01, March 2005 Key Management IPSec uses the Internet Key Exchange (IKE) protoc ol to facilitate and automate the SA setup and the exchange of keys between parties transferring data.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking D-7 202-10085-01, March 2005 VPN Process Overview Even though IPSec is standards-based, e ach vendo r has its own set of terms and procedures for implementing the standard.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports D-8 Virtual Private Networking 202-10085-01, March 2005 It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking D-9 202-10085-01, March 2005 Figure 9-8: VPN T unnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports D-10 Virtual Private Networking 202-10085-01, March 2005 2. IKE Phase I. a. The two parties negotiate the en cryption and au thentication algorithms to use in the IKE SAs.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Virtual Private Networking D-11 202-10085-01, March 2005 VPNC IKE Phase II Parameters The IKE Phase 2 param.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports D-12 Virtual Private Networking 202-10085-01, March 2005 • [RFC 791] Internet Pr otocol DARP A Internet Pr ogram Pr otocol Specifi cation , Information Sciences Institute, US C, September 1981.
Glossary -1 202-10085-01, March 2005 Glossary List of Glossary T erms Use the list below to find definitions for technical terms used in this manual. Numeric 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -2 Glossary 202-10085-01, March 2005 A Access Control Lis t (ACL) An ACL is a database that an Operating System uses to track each user ’ s access rights to system objects (such as file directories and/or files).
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Glossary -3 202-10085-01, March 2005 Broadcast A packet sent to all devices on a network. C Class of Service A term to describe treating different types of traffic with dif fer en t levels of service priority .
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -4 Glossary 202-10085-01, March 2005 based on IP addresses. Every time you use a domain na me, therefore, a DNS servi ce must translate the name into the corresponding IP address.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Glossary -5 202-10085-01, March 2005 Ethernet A LAN specification develo ped jointly by Xerox, Inte l and Digital Equipment Corporatio n. Ethernet networks transmit packets at a rate of 10 Mbps.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -6 Glossary 202-10085-01, March 2005 Internet Protocol The method or protocol by which data is sent from one computer to another on the Internet.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Glossary -7 202-10085-01, March 2005 Local Area Network A communicat ions networ k serving us ers within a limited area, such as one floor of a building.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -8 Glossary 202-10085-01, March 2005 P p acket A block of information sent over a network. A packet ty pically contains a source and destination netwo rk address, some protocol and length in for mation, a block of data, and a checksum.
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Glossary -9 202-10085-01, March 2005 Q QoS See “Quality of Service” Quality of Ser vice QoS is a networking term that specifies a guaranteed level of through put.
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -10 Glossary 202-10085-01, March 2005 Subnet Mask Combined with the IP address, the IP Subnet Mask allows a device to k now which other addresses are local to it, and which must be reached through a gateway or router .
Reference Manual for th e Pr oSafe VPN F irewall 25 with 4 Gigabi t LAN a nd Dual WAN Por ts Glossary -11 202-10085-01, March 2005 Wide Area Network A W AN is a computer network that spans a relatively large ge ographical area. T ypically , a W AN consists of two or more local-area networks (L ANs).
Reference Manual for the ProSafe VPN Fire wall 25 with 4 Giga bit LAN and Dual WAN Ports -12 Glossary 202-10085-01, March 2005.
デバイスNETGEAR FVS124Gの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
NETGEAR FVS124Gをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはNETGEAR FVS124Gの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。NETGEAR FVS124Gの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。NETGEAR FVS124Gで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
NETGEAR FVS124Gを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はNETGEAR FVS124Gの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、NETGEAR FVS124Gに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちNETGEAR FVS124Gデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。