Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Configure the IPv4 LAN Settings 140 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Select the radio button next to the group name that you want to change. Note:You can change only one group name at a time. 9. Type a new name in the field. The maximum number of characters is 15. Do not use a double quote (), single quote (), or space in the name. 10. Click the Apply button. Your settings are saved. Manage the DMZ Port for IPv4 Traffic The following sections provide information about managing the DMZ port for IPv4 traffic: •IPv4 DMZ •Enable and Configure the DMZ Port for IPv4 Traffic IPv4 DMZ The demilitarized zone (DMZ) is a network that, by default, has fewer firewall restrictions than the LAN. The DMZ can be used to host servers (such as a web server, FTP server, or email server) and provide public access to them. The rightmost LAN port on the VPN firewall can be dedicated as a hardware DMZ port to safely provide services to the Internet without compromising security on your LAN. By default, the DMZ port and both inbound and outbound DMZ traffic are disabled. Enabling the DMZ port and allowing traffic to and from the DMZ increases the traffic through the WAN ports. Using a DMZ port is also helpful with online games and videoconferencing applications that are incompatible with NAT. The VPN firewall is programmed to recognize some of these
Configure the IPv4 LAN Settings 141 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 applications and to work correctly with them, but other applications might not function well. In some cases, local computers can run the application correctly if those computers are used on the DMZ port. Note the following about the DMZ port: •The VPN firewall has a separate firewall security profile for the DMZ port. This security profile is also physically independent of the standard firewall security component that is used for the LAN. •When you enable the DMZ port for IPv4 traffic, IPv6 traffic, or both, the DMZ LED next to LAN port 4 (see Front Panel on page 18) lights green to indicate that the DMZ port is enabled. For information about how to define the DMZ WAN rules and LAN DMZ rules, see Add DMZ WAN Rules on page 233 and Add LAN DMZ Rules on page 242, respectively. Enable and Configure the DMZ Port for IPv4 Traffic You can enable the hardware DMZ port (LAN port 4) and configure an IPv4 address and subnet mask for the DMZ port. To enable and configure the DMZ port for IPv4 traffic: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays the IPv4 settings.
Configure the IPv4 LAN Settings 142 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. Enter the settings as described in the following table. SettingDescription DMZ Port Setup Select the Ye s radio button to configure the DMZ port settings. Complete the following fields: • IP Address. Enter the IP address of the DMZ port. Make sure that the DMZ port IP address and LAN port IP address are in different subnets (for example, an address outside the LAN DHCP address pool, such as 192.168.1.101 when the LAN DHCP pool is 192.168.1.2–192.168.1.100). The default IP address for the DMZ port 176.16.2.1. • Subnet Mask. Enter the IP subnet mask of the DMZ port. The subnet mask specifies the network number portion of an IP address. The subnet mask for the DMZ port is 255.255.255.0. Note:By default, the DMZ port is disabled. After you configure the DMZ port, you can select the No radio button to disable the DMZ port without losing the DMZ configuration.
Configure the IPv4 LAN Settings 143 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 DHCP for DMZ Connected Computers Select one of the following radio buttons: • Disable DHCP Server. If another device in the DMZ functions as the Dynamic Host Configuration Protocol (DHCP) server for the DMZ, or if you intend to manually configure the network settings of all computers in the DMZ, select the Disable DHCP Server radio button to disable the DHCP server. This is the default setting. • Enable DHCP Server. To enable the VPN firewall to function as the DHCP server for the DMZ, select the Enable DHCP Server radio button. Complete the Start IP Address, End IP Address, and Lease Time fields. The Domain Name, Primary DNS Server, Secondary DNS Server, and WINS Server fields are optional, as is the Enable LDAP information check box and associated fields. • DHCP Relay. To use a DHCP server somewhere else in your network as the DHCP server for the DMZ, select the DHCP Relay radio button. In the Relay Gateway field, enter the IP address of the DHCP server. Domain Name This setting is optional. Enter the domain name of the VPN firewall. Start IP Address Enter the start IP address. This address specifies the first of the contiguous addresses in the IP address pool. Any new DHCP client joining the DMZ is assigned an IP address between this address and the end IP address. The default IP address 176.16.2.100. End IP Address Enter the end IP address. This address specifies the last of the contiguous addresses in the IP address pool. Any new DHCP client joining the DMZ is assigned an IP address between the start IP address and this IP address. The default IP address 176.16.2.254. Note:The start and end DHCP IP addresses must be in the same network as the LAN TCP/IP address of the VPN firewall (that is, the IP address in the DMZ Port Setup section as described earlier in this table). Primary DNS Server This setting is optional. If an IP address is specified, the VPN firewall provides this address as the primary DNS server IP address. If no address is specified, the VPN firewall provides its own DMZ IP address as the primary DNS server IP address. Secondary DNS Server This setting is optional. If an IP address is specified, the VPN firewall provides this address as the secondary DNS server IP address. WINS Server This setting is optional. Enter a WINS server IP address to specify the Windows NetBIOS server, if one is present in your network. Lease Time Enter a lease time. This specifies the duration for which IP addresses are leased to clients. SettingDescription
Configure the IPv4 LAN Settings 144 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Click the Apply button. Your settings are saved. Manage Static IPv4 Routing The following sections provide information about managing static IPv4 routing: •Static IPv4 Routes •Add a Static IPv4 Route •Change a Static IPv4 Route •Remove One or More Static IPv4 Routes •Configure the Routing Information Protocol •IPv4 Static Route Example Static IPv4 Routes Static routes provide routing information to your VPN firewall. Under normal circumstances, the VPN firewall has adequate routing information after it is configured for Internet access, Enable LDAP informationTo enable the DHCP server in the DMZ to provide Lightweight Directory Access Protocol (LDAP) server information, select the Enable LDAP information check box. Enter the following settings: • LDAP Server. The IP address or name of the LDAP server. • Search Base. The search objects that specify the location in the directory tree from which the LDAP search begins. You can specify multiple search objects, separated by commas. The search objects include the following: - CN (for common name) - OU (for organizational unit) - O (for organization) - C (for country) - DC (for domain) For example, to search the netgear.net domain for all last names of Johnson, enter the following objects: cn=Johnson,dc=Netgear,dc=net • Port. The port number for the LDAP server. The default setting is 0 (zero). Advanced Settings Enable DNS Proxy This setting is optional. To enable the VPN firewall to provide a DMZ IP address for DNS address name resolution, select the Enable DNS Proxy check box. This check box is selected by default. Note:If you clear the Enable DNS Proxy check box for the DMZ, all computers in the DMZ receive the DNS IP addresses of the ISP but without the DNS proxy IP address. SettingDescription
Configure the IPv4 LAN Settings 145 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 and you do not need to configure additional static routes. Configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets on your network. The VPN firewall automatically sets up routes between VLANs and secondary IPv4 addresses that you have configured (see Manage IPv4 Multihome LAN IP Addresses on the Default VLAN on page 128). Therefore, you do not need to manually add an IPv4 static route between a VLAN and a secondary IPv4 address. Add a Static IPv4 Route The following procedure describes how to add an IPv4 static route to the VPN firewall. To add an IPv4 static route to the VPN firewall: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Routing. The Static Routing screen displays the IPv4 settings. The following figure shows one example. 7. Click the Add button. The Add Static Route screen displays.
Configure the IPv4 LAN Settings 146 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Enter the settings as described in the following table. 9. Click the Apply button. Your settings are saved. The new static route is added to the Static Routes table. SettingDescription Route Name The route name for the static route (for purposes of identification and management). Active To make the static route effective, select the Active check box. Note:You can add a route to the table and make the route inactive if you do not need it. This allows you to use routes as needed without deleting and re-adding the entries. An inactive route is not advertised if RIP is enabled. Private If you want to limit access to the LAN only, select the Private check box. Doing so prevents the static route from being advertised in RIP. Destination IP Address The destination IP address of the host or network to which the route leads. Subnet Mask The IP subnet mask of the host or network to which the route leads. If the destination is a single host, enter 255.255.255.255. Interface From the menu, select the physical or virtual network interface (the WAN1 or WAN2 interface, a VLAN, or the DMZ interface) through which the route is accessible. Gateway IP Address The gateway IP address through which the destination host or network can be reached. Metric The priority of the route. Select a value between 2 and 15. If multiple routes to the same destination exist, the route with the lowest metric is used.
Configure the IPv4 LAN Settings 147 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Change a Static IPv4 Route The following procedure describes how to change an existing IPv4 static route. To change an IPv4 static route: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Routing. The Static Routing screen displays the IPv4 settings. 7. In the Static Routes table, click the Edit button for the route that you want to change. The Edit Static Route screen displays. 8. Change the settings. For information about the settings, see Add a Static IPv4 Route on page 145. 9. Click the Apply button. Your settings are saved. The modified route displays in the Static Routes table on the Static Routes screen. Remove One or More Static IPv4 Routes The following procedure describes how to remove one or more existing IPv4 static routes that you no longer need. To remove one or more static IPv4 routes: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process.
Configure the IPv4 LAN Settings 148 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Routing. The Static Routing screen displays the IPv4 settings. 7. In the Static Routes table, select the check box to the left of each route that you want to remove or click the Select All button to select all routes. 8. Click the Delete button. The selected routes are removed from the Static Routes table. Configure the Routing Information Protocol Routing Information Protocol (RIP), RFC 2453, is an Interior Gateway Protocol (IGP) that is commonly used in internal IPv4 networks (LANs). RIP enables a router to exchange its routing information automatically with other routers, to dynamically adjust its routing tables, and to adapt to changes in the network. RIP is disabled by default. RIP does not apply to IPv6. To enable and configure RIP: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Configure the IPv4 LAN Settings 149 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Routing. The Static Routing screen displays the IPv4 settings. The following figure shows one example. 7. Click the RIP Configuration option arrow in the upper right. The RIP Configuration screen displays. The following figure shows some examples.