Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Configure the IPv6 LAN Settings 190 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. The following figure shows an example. 8. Click the RADVD option arrow in the upper right. The RADVD screen for the DMZ displays. The following figure shows some examples.
Configure the IPv6 LAN Settings 191 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Enter the settings as described in the following table. SettingDescription RADVD Status From the RADVD Status menu, select Enable. The RADVD is enabled and the RADVD fields are available. The default selection is Disable. The RADVD is disabled and the RADVD fields are masked out. Advertise Mode Select the advertisement mode: • Unsolicited Multicast. The VPN firewall advertises unsolicited multicast packets at a rate that is specified by the advertisement interval. • Unicast only. The VPN firewall responds to unicast packet requests only. No unsolicited packets are advertised. Select this option for nonbroadcast multiple access (NBMA) links such as ISATAP. Advertise Interval Enter the advertisement interval of unsolicited multicast packets in seconds. The minimum value is 10 seconds; the maximum value is 1800 seconds. RA Flags Select what type of information the DHCPv6 server provides in the DMZ: • Managed. The DHCPv6 server is used for autoconfiguration of the IP address. • Other. The DHCPv6 server is not used for autoconfiguration of the IP address but other configuration information such as DNS information is available through the DHCPv6 server. Note:Irrespective of the RA flag settings, the RADVD provides information about the prefix, prefix length, and gateway addresses and is also used for autoconfiguration of the IP address.
Configure the IPv6 LAN Settings 192 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 10. Click the Apply button. Your settings are saved. Add an Advertisement Prefix for the DMZ You must configure the prefixes that are advertised in the DMZ router advertisements (RAs). For a 6to4 address, you must specify only the site level aggregation identifier (SLA ID) and the prefix lifetime. For a global, local, or ISATAP address, you must specify the prefix, prefix length, and prefix lifetime. To add an advertisement prefix for the DMZ: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays the IPv4 settings. Router Preference Select the VPN firewall’s preference in relation to other hosts and routers in the DMZ: • Low. The VPN firewall is treated as a nonpreferred router in the DMZ. • Medium. The VPN firewall is treated as a neutral router in the DMZ. • High. The VPN firewall is treated as a preferred router in the DMZ. MTU The maximum transmission unit (MTU) size for a packet in one transmission over a link. The default setting is 1500. Router Lifetime The router lifetime specifies how long the default route that was created as a result of the router advertisement must remain valid. Enter the router lifetime in seconds. This is the period that the advertised prefixes are valid for route determination. The default period is 3600 seconds (one hour). The minimum value is 30 seconds; the maximum value is 9000 seconds. SettingDescription
Configure the IPv6 LAN Settings 193 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. The following figure shows an example. 8. Click the RADVD option arrow in the upper right. The RADVD screen for the DMZ displays. The following figure shows some examples.
Configure the IPv6 LAN Settings 194 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Under the List of Prefixes to Advertise table, click the Add button. The Add Advertisement Prefix screen displays.
Configure the IPv6 LAN Settings 195 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 10. Enter the settings as described in the following table. 11. Click the Apply button. Your settings are saved. The new IPv6 address pool is added to the List of Prefixes to Advertise table on the RADVD screen for the DMZ. Change an Advertisement Prefix for the DMZ The following procedure describes how to change an existing advertisement prefix for the DMZ. To change an advertisement prefix for the DMZ: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. SettingDescription IPv6 Prefix Type Select the IPv6 prefix type: • 6to4. The prefix is for a 6to4 address. You must select a WAN interface from the 6to4Interface menu and complete the SLA ID field and Prefix Lifetime field. The other fields are masked out. • Global/Local/ISATAP. The prefix is for a global, local, or ISATAP address. This must be a global prefix or a site-local prefix; it cannot be a link-local prefix. You must complete the IPv6 Prefix field, IPv6 Prefix Length field, and Prefix Lifetime field. The 6to4Interface menu and SLA ID field are masked out. 6to4Interface Select a WAN interface from the menu. SLA ID Enter the site level aggregation identifier (SLA ID) for the 6to4 address prefix that must be included in the advertisement. IPv6 Prefix Enter the IPv6 prefix for the VPN firewall’s DMZ that must be included in the advertisement. IPv6 Prefix Length Enter the IPv6 prefix length (typically 64) that must be included in the advertisement. Prefix Lifetime The prefix lifetime specifies how long the IP address that was created as a result of the router advertisement must remain valid. Enter the prefix lifetime in seconds that must be included in the advertisement. The minimum period is 0 seconds; the maximum period is 65536 seconds.
Configure the IPv6 LAN Settings 196 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. 8. Click the RADVD option arrow in the upper right. The RADVD screen for the DMZ displays. 9. In the List of Prefixes to Advertise table, click the Edit button for the advertisement prefix that you want to change. The Edit Advertisement Prefix screen displays. 10. Change the settings. For information about the settings, see Add an Advertisement Prefix for the DMZ on page 192. 11. Click the Apply button. Your settings are saved. The modified advertisement prefix displays in the List of Prefixes to Advertise table on the RADVD screen for the DMZ. Remove One or More Advertisement Prefixes for the DMZ The following procedure describes how to remove one or more advertisement prefixes that you no longer need for the DMZ. To remove one or more advertisement prefixes for the DMZ: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Configure the IPv6 LAN Settings 197 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. 8. Click the RADVD option arrow in the upper right. The RADVD screen for the DMZ displays. 9. In the List of Prefixes to Advertise table, select the check box to the left of each advertisement prefix that you want to remove or click the Select All button to select all advertisement prefixes. 10. Click the Delete button. The selected IPv6 address pools are removed from the List of Prefixes to Advertise table. Manage a Stateful DHCPv6 Server and IPv6 Address Pools for the DMZ The following sections provide information about managing a stateful DHCPv6 server and IPv6 address pools for the DMZ: •Stateful DHCPv6 Server and IPv6 Address Pool for the DMZ •Configure a Stateful DHCPv6 Server for the DMZ •Add an IPv6 DMZ Address Pool •Change an IPv6 DMZ Address Pool •Stateful DHCPv6 Server and IPv6 Address Pool for the DMZ Stateful DHCPv6 Server and IPv6 Address Pool for the DMZ For a stateful DHCPv6 server for the DMZ, the IPv6 clients in the DMZ obtain an interface IP address, configuration information such as DNS server information, and other parameters from the DHCPv6 server. The IP address is a dynamic address. For stateful DHCPv6, you also must configure IPv6 address pools for the DMZ (see Add an IPv6 DMZ Address Pool on page 200) so that the DHCPv6 server can assign IPv6 addresses from these pools. For more information about stateful DHCPv6 servers, see DHCPv6 LAN Server Concepts and Configuration Roadmap on page 153.
Configure the IPv6 LAN Settings 198 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Configure a Stateful DHCPv6 Server for the DMZ The following procedure describes how to configure a stateful DHCPv6 server and corresponding IPv6 settings for the DMZ. To configure a stateful DHCPv6 server and corresponding IPv6 settings for the DMZ: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The DMZ Setup screen displays the IPv6 settings. The following figure shows an example.
Configure the IPv6 LAN Settings 199 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Enter the settings as described in the following table. SettingDescription DMZ Port Setup Select the Ye s radio button to configure the DMZ port settings. Complete the following fields: • IPv6 Address. Enter the IP address of the DMZ port. Make sure that the DMZ port IP address, LAN port IP address, and WAN port IP address are in different subnets. The default IP address for the DMZ port is fdff::1. • Prefix Length. Enter the IPv6 prefix length, for example, 10 or 64. The default prefix length for the DMZ port is 64. Note:By default, the DMZ port is disabled. After you configure the DMZ port, you can select the No radio button to disable the DMZ port without losing the DMZ configuration. DHCPv6 for DMZ Connected Computers DHCP Status Enable the DHCPv6 server by selecting Enable DHCPv6 Server from the DHCP Status menu. The default menu selection is Disable DHCPv6 Server. DHCP Mode From the DHCP Mode menu, select Stateful. The IPv6 clients obtain an interface IP address, configuration information such as DNS server information, and other parameters from the DHCPv6 server. The IP address is a dynamic address. For stateful DHCPv6, you must add one or more IPv6 address pools (see Add an IPv6 DMZ Address Pool on page 200).