Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Get an Overview of the Features and Hardware and Log In 21 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •Factory Defaults reset button. To reset the VPN firewall to factory default settings, use a sharp object to press and hold this button for about eight seconds until the front panel Test LED blinks. All configuration settings are lost and the default password is restored. •AC power receptacle. (12V, 1.5A). Bottom Panel with Product Label The product label on the bottom of the VPN firewall’s enclosure displays factory default settings, regulatory compliance, and other information. Figure 3. Product label on the bottom panel Choose a Location for the VPN Firewall The VPN firewall is suitable for use in an office environment where it can be freestanding (on its runner feet) or mounted into a standard 19-inch equipment rack. Alternatively, you can rack-mount the VPN firewall in a wiring closet or equipment room. Consider the following when deciding where to position the VPN firewall: •The unit is accessible, and cables can be connected easily. •Cabling is away from sources of electrical noise. These include lift shafts, microwave ovens, and air-conditioning units. •Water or moisture cannot enter the case of the unit. •Airflow around the unit and through the vents in the side of the case is not restricted. Provide a minimum of 25 mm or 1-inch clearance. •The air is as free of dust as possible. •Temperature operating limits are not likely to be exceeded. Install the unit in a clean, air-conditioned environment. For information about the recommended operating temperatures for the VPN firewall, see Appendix D, Default Settings and Technical Specifications. 272-11992-03 https://192.168.1.1 user name: admin password: passwordDEFAULT ACCESS Dual WAN Gigabit SSL VPN Firewall FVS336G v3 MAC (local) MAC (internet-2)MAC (internet-1) KCC-NGR-FVS336Gv3 (A) SERIAL Made in China This device complies with part 15 of the FCC Rules and Canada ICES-003. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. CAN ICES-3 (A)/NMB-3(A) Input Rating: DC 12V 1.5A
Get an Overview of the Features and Hardware and Log In 22 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Rack-Mount the VPN Firewall with the Mounting Kit Use the mounting kit for the VPN firewall to install the appliance in a rack. Attach the mounting brackets using the hardware that is supplied with the mounting kit. Figure 4. Rack-mounting Before mounting the VPN firewall in a rack, verify the following: •You have the correct screws (supplied with the installation kit). •The rack onto which you plan to mount the VPN firewall is suitably located. Login Requirements Before you can log in to VPN firewall, install the VPN firewall in your network by connecting the cables and restarting your network according to the instructions in the ProSAFE Dual WAN Gigabit SSL VPN Firewall FVS336Gv2 Installation Guide. You can download a PDF of this guide from downloadcenter.netgear.com. Browser Requirements To connect to and configure the VPN firewall, you must use the latest version of a web browser such as Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, or Apple Safari with JavaScript, cookies, and SSL enabled. Although these web browsers are qualified for use with the VPN firewall’s web management interface, SSL VPN users must choose a browser that supports JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of applications. Java is required only for the SSL VPN portal, not for the web management interface.
Get an Overview of the Features and Hardware and Log In 23 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Web Management Interface Overview The following figure shows the menu at the top the web management interface: Figure 5. Screen menus, option arrows, and buttons The web management interface menu consists of the following levels and components: •First level: Main navigation menu links. The main navigation menu in the orange bar across the top of the web management interface provides access to all the configuration functions of the VPN firewall and remains constant. When you select a main navigation menu link, the letters are displayed in white against an orange background. •Second level: Configuration menu links. The configuration menu links in the gray bar (immediately below the main navigation menu bar) change according to the main navigation menu link that you select. When you select a configuration menu link, the letters are displayed in white against a gray background. •Third level: Submenu tabs. Each configuration menu item has one or more submenu tabs that are listed below the gray menu bar. When you select a submenu tab, the text is displayed in white against a blue background. •Option arrows. On the right side of a screen, a white arrow in a blue circle precedes a link in blue letters against a white background. This link provides access to additional screens for a submenu item. •IP radio buttons. The IPv4 and IPv6 radio buttons let you select the IP version for the feature to be configured onscreen. Four situations can occur: -Both radio buttons are operational. You can configure the feature onscreen for IPv4 functionality or for IPv6 functionality. After you have correctly configured the feature for both IP versions, the feature can function with both IP versions simultaneously. -The IPv4 radio button is operational but the IPv6 radio button is disabled. You can configure the feature onscreen for IPv4 functionality only. -The IPv6 radio button is operational but the IPv4 radio button is disabled. You can configure the feature onscreen for IPv6 functionality only. First Level: Main navigation menu link (orange) Third level: Submenu tab (blue) Second level: Configuration menu link (gray)IP radio buttons Option arrows: Additional screen for submenu item
Get an Overview of the Features and Hardware and Log In 24 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 -Both radio buttons are disabled. IP functionality does not apply. The bottom of each screen provides action buttons. The nature of a screen determines which action buttons are shown. Most screens and sections of screens provide an accompanying help screen. To open the help screen, click the icon. All screens that you can access from the SSL VPN menu of the web management interface display a user portal link in the upper right, above the menu bars ( ). When you click the User Portal link, the SSL VPN default portal opens. This user portal is not the same as a custom SSL portal login screen that you can build with the SSL VPN Wizard (see Build an SSL Portal Using the SSL VPN Wizard on page 427) or manually (see Manually Set Up or Change an SSL Portal on page 446). Requirements for Entering IP Addresses To connect to the VPN firewall, your computer must be configured to obtain an IP address automatically from the VPN firewall, either an IPv4 address through DHCP or an IPv6 address through DHCPv6, or both. IPv4 Requirements The fourth octet of an IP address must be between 0 and 255 (both inclusive). This requirement applies to any IP address that you enter on a screen of the web management interface. IPv6 Requirements IPv6 addresses are denoted by eight groups of hexadecimal quartets that are separated by colons. Any four-digit group of zeros within an IPv6 address can be reduced to a single zero or altogether omitted. The following errors invalidate an IPv6 address: •More than eight groups of hexadecimal quartets •More than four hexadecimal characters in a quartet •More than two colons in a row For information about restricted IPv6 address, visit the following Internet Assigned Numbers Authority (IANA) web page: http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml. Log In to the VPN Firewall as an Administrator For you to be able to configure the VPN firewall, you must log in initially as an administrator (admin).
Get an Overview of the Features and Hardware and Log In 25 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To log in to the VPN firewall: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. If you connect remotely to the VPN firewall with a browser through an SSL connection for the first time, you might get a message about the SSL certificate. 3. If you get a message about the SSL certificate, follow the directions of your browser to accept the SSL certificate. 4. In the Username field, type admin. Use lowercase letters. 5. In the Password / Passcode field, type password. Use lowercase letters. Note:In the Domain menu, leave the domain at geardomain. 6. Click the Login button. The web management interface displays, showing the Router Status screen. The following figure shows the top part of the Router Status screen. For more information, see View the System Status on page 582.
Get an Overview of the Features and Hardware and Log In 26 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Note:After five minutes of inactivity (the default login time-out), you are automatically logged out. You are now ready to configure the VPN firewall for your specific network environment. However, NETGEAR recommends that you first change the password for the default administrator account to a secure password. Change the Password for the Default Administrator Account The most secure password does not contain dictionary words from any language and is a mixture of letters (both uppercase and lowercase), numbers, and selected special characters. The password can be up to 32 characters in length. However, the password cannot contain a space nor any of the following special characters: ` ~ ! # $ & * ( ) - + | ; : < > To modify the password for the default administrator account from default settings to secure settings: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type admin. 4. In the Password / Passcode field, type password. 5. Click the Login button. The Router Status screen displays.
Get an Overview of the Features and Hardware and Log In 27 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 6. Select Users > Users. The Users screen displays. 7. In the List of Users table, click the Edit button for the admin default user. The Edit Users screen displays. 8. Select the Check to Edit Password check box. 9. Configure a new password: •In the Enter Your Password field, type admin. •In the New Password field, type a new and secure password. •In the Confirm New Password field, repeat the new password. 10. Click the Apply button. Your settings are saved.
28 2 2. Configure the IPv4 Internet and WAN Settings This chapter explains how to configure the IPv4 Internet and WAN settings. The chapter contains the following sections: •Roadmap to Setting Up IPv4 Internet Connections to Your ISPs •Configure the IPv4 Internet Connection and WAN Settings •Configure Load Balancing or Auto-Rollover for IPv4 Interfaces •Manage Secondary IPv4 WAN Addresses •Manage Dynamic DNS Connections •Managing Advanced WAN Options •Manage WAN QoS and WAN QoS Profiles •Additional WAN-Related Configuration Tasks •What to Do Next
Configure the IPv4 Internet and WAN Settings 29 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Roadmap to Setting Up IPv4 Internet Connections to Your ISPs Typically, the VPN firewall is installed as a network gateway to function as a combined LAN switch and firewall to protect the network from incoming threats and provide secure connections. To complement the firewall protection, NETGEAR recommends that you use a gateway security appliance such as a NETGEAR ProSECURE® STM appliance. The tasks that are required to complete the Internet connection of your VPN firewall depend on whether you use an IPv4 connection, an IPv6 connection, or both to your Internet service provider (ISP). For information about setting up an IPv6 connection, see Chapter 3, Configure the IPv6 Internet and WAN Settings. Note:The VPN firewall supports simultaneous IPv4 and IPv6 connections. Setting up IPv4 Internet connections to your ISP or ISPs includes seven tasks, five of which are optional. Complete these tasks: 1. Configure the IPv4 routing mode. Select either NAT or classical routing. This task is described in Manage the IPv4 WAN Routing Mode on page 30. 2. Configure the IPv4 Internet connections to your ISPs. Connect to one or more ISPs by configuring up to two WAN interfaces. You have four configuration options. These tasks are described in the following sections: •Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection on page 32 •Manually Configure a Static IPv4 Internet Connection on page 36 •Manually Configure a PPPoE IPv4 Internet Connection on page 39 •Manually Configure a PPTP IPv4 Internet Connection on page 44 3. (Optional) Configure either load balancing or auto-rollover. By default, the WAN interfaces are configured for primary (single) WAN mode. You can select load balancing or auto-rollover and a failure detection method. If you configure load balancing, you can also configure protocol binding. This task is described in Configure Load Balancing or Auto-Rollover for IPv4 Interfaces on page 48. 4. (Optional) Configure secondary WAN addresses on the WAN interfaces. Configure aliases for each WAN interface. This task is described in Manage Secondary IPv4 WAN Addresses on page 59. 5. (Optional) Configure Dynamic DNS on the WAN interfaces. If necessary, configure your fully qualified domain names.
Configure the IPv4 Internet and WAN Settings 30 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 This task is described in Manage Dynamic DNS Connections on page 63. 6. (Optional) Configure advanced WAN options. If necessary, change the factory default MTU size, port speed and duplex settings, advertised MAC address of the VPN firewall, and WAN connection type and corresponding upload and download connection speeds. These are advanced features, and you usually do not need to change the settings. These tasks are described in Managing Advanced WAN Options on page 66. 7. (Optional) Configure the WAN traffic meters. This task is described in Configure and Enable the WAN IPv4 Traffic Meter on page 558. Configure the IPv4 Internet Connection and WAN Settings To set up your VPN firewall for secure IPv4 Internet connections, you must determine the IPv4 WAN mode (see Manage the IPv4 WAN Routing Mode) and then configure the IPv4 Internet connection to your ISP on the WAN ports. The following sections provide information about configuring the IPv4 Internet connection and WAN settings: •Manage the IPv4 WAN Routing Mode •Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection •Manually Configure a Static IPv4 Internet Connection •Manually Configure a PPPoE IPv4 Internet Connection •Manually Configure a PPTP IPv4 Internet Connection Manage the IPv4 WAN Routing Mode By default, IPv4 is supported and functions in NAT mode but can also function in classical routing mode. IPv4 functions the same way in IPv4-only mode that it does in IPv4/IPv6 mode. The latter mode adds IPv6 functionality (see Manage the IPv6 Routing Mode on page 88). The following sections provide information about managing the IPv4 routing mode: •Network Address Translation Overview •Classical Routing •Change the IPv4 WAN Routing Mode Network Address Translation Overview Network Address Translation (NAT) allows all computers on your LAN to share a single public Internet IP address. From the Internet, only a single device (the VPN firewall) and a single IP address exist. Computers on your LAN can use any private IP address range, and these IP addresses are not visible from the Internet.