Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Protect Your Network 310 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. To compose the list of blocked keywords and domain names, add, change, or remove keywords and domain names: •Add. To add a keyword or domain name, do the following: a. In the Add Blocked Keyword section, in the Blocked Keyword field, enter a keyword or domain name. b. Click the Add button. The keyword or domain name is added to the Blocked Keyword table. •Change. To change a keyword or domain name, do the following: a. In the Blocked Keyword table, select the keyword or domain name that you want to change. b. Click the associated Edit button. The Edit Blocked Keyword screen displays. c. Change the keyword or domain name. d. Click the Apply button. The changed keyword or domain name displays in the Blocked Keyword table. •Remove. To remove one or more keywords or domain names, do the following: a. In the Blocked Keyword table, select one or more keywords or domain names that you want to remove or click the Select All button to select all keywords and domain names. b. Click the Delete button. The selected keywords and domain names are removed from the Blocked Keyword table. Manage Domain Names That You Trust You cannot manage trusted domains if content filtering is not enabled. Make sure that content filtering is enabled (see Enable Content Filtering and Select Web Components on page 307). To manage domains that you trust: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password.
Protect Your Network 311 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Content Filtering. The Blocked Sites screen displays. 7. To compose the list of trusted domain names, add, change, or remove domains: •Add. To add a trusted domain, do the following: a. In the Add Trusted Domain section, in the Trusted Domains field, enter a domain name. b. Click the Add button. The domain is added to the Trusted Domains table. •Change. To change a trusted domain, do the following: a. In the Trusted Domains table, select the domain that you want to change. b. Click the associated Edit button. The Edit Trusted Domains screen displays. c. Change the domain. d. Click the Apply button. The changed domain displays in the Trusted Domains table. •Remove. To remove one or more trusted domains, do the following: a. In the Trusted Domains table, select one or more domains that you want to remove or click the Select All button to select all keywords. b. Click the Delete button. The selected domains are removed from the Trusted Domains table. Manage Keyword Blocking for LAN Groups You cannot manage keyword blocking for LAN groups if content filtering is not enabled. Make sure that content filtering is enabled (see Enable Content Filtering and Select Web Components on page 307). To manage keyword blocking for LAN groups: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1.
Protect Your Network 312 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Content Filtering. The Blocked Sites screen displays. 7. In the Apply Keyword Blocking to section, select the check boxes for the groups to which you want to apply keyword blocking or click the Select All button to select all groups. Note:If you changed the LAN group names (see Change Group Names in the Network Database on page 139), the new names are displayed on the Block Sites screen. 8. Activate or deactivate keyword blocking for the selected groups: •Activate. Click the Enable button. Keyword blocking is activated for the selected groups. •Decativate. Click the Disable button. Keyword blocking is deactivated for the selected groups. Enable Source MAC Filtering You can permit or block traffic from certain known computers or devices. By default, the source MAC address filter is disabled. All the traffic received from computers with any MAC address is allowed. When you enable the source MAC address filter, depending on the selected policy, traffic is either permitted or blocked if it comes from any computers or devices whose MAC addresses are listed in MAC Addresses table. Note:For additional ways of restricting outbound traffic, see Outbound Rules — Service Blocking on page 212.
Protect Your Network 313 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To enable MAC filtering and manage MAC addresses to be permitted or blocked: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter. The Address Filter submenu tabs display, with the Source MAC Filter screen in view. The following figure shows one address in the MAC Addresses table as an example. 7. Select the Ye s radio button. 8. From the Policy for MAC Addresses listed below menu, select an option: •Block and Permit the rest. Traffic coming from all addresses in the MAC Addresses table is blocked. Traffic from all other MAC addresses is permitted.
Protect Your Network 314 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •Permit and Block the rest. Traffic coming from all addresses in the MAC Addresses table is permitted. Traffic from all other MAC addresses is blocked. 9. Click the Apply button. Your settings are saved. The MAC Address field in the Add Source MAC Address section becomes available. 10. Build your list of source MAC addresses to be permitted or blocked: •To add a MAC address to the MAC Addresses table, do the following: a. In the MAC Address field, enter the MAC address. Enter the MAC address in the format xx:xx:xx:xx:xx:xx, in which x is a numeric (0 to 9) or a letter between a and f (inclusive), for example, aa:11:bb:22:cc:33. WARNING: If you select Permit and Block the rest from the menu, add the MAC address of the computer from which you are accessing the web management interface as the first MAC address in the MAC Addresses table; otherwise, you are locked out of the web management interface. b. Click the Add button. The MAC address is added to the MAC Addresses table. •To remove a MAC address form the MAC Addresses table, do the following: a. Select the check box to the left of each MAC address that you want to remove or click the Select All button to remove all MAC addresses. b. Click the Delete button. The selected MAC addresses are removed from the MAC Addresses table. Manage IP/MAC Bindings The following sections provide information about managing IP/MAC bindings: •IP/MAC Binding Overview •Manage IP/MAC Bindings for IPv4 Traffic •Manage IP/MAC Bindings for IPv6 Traffic IP/MAC Binding Overview IP/MAC binding allows you to bind an IPv4 or IPv6 address to a MAC address and the other way around. Some computers or devices are configured with static addresses. To prevent users from changing their static IP addresses, enable the IP/MAC binding feature. If the VPN firewall
Protect Your Network 315 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 detects packets with an IP address that matches the IP address in the IP/MAC Bindings table but does not match the related MAC address in the IP/MAC Bindings table (or the other way around), the packets are dropped. If you enable the logging option for the IP/MAC binding feature, the VPN firewall logs these packets before they are dropped. The VPN firewall displays the total number of dropped packets that violate either the IP-to-MAC binding or the MAC-to-IP binding. Note:You can also bind IP addresses to MAC addresses for DHCP assignment on the LAN Groups submenu. See Manage the Network Database on page 133. As an example, assume that three computers on the LAN are set up as follows, and that their IPv4 and MAC addresses are added to the IP/MAC Bindings table: •Host 1. MAC address (00:01:02:03:04:05) and IP address (192.168.10.10) •Host 2. MAC address (00:01:02:03:04:06) and IP address (192.168.10.11) •Host 3. MAC address (00:01:02:03:04:07) and IP address (192.168.10.12) Three possible scenarios can occur in relation to the addresses in the IP/MAC Bindings table: •Host 1 has not changed its IP and MAC addresses. A packet coming from Host 1 has IP and MAC addresses that match those in the IP/MAC Bindings table. •Host 2 has changed its MAC address to 00:01:02:03:04:09. The packet has an IP address that matches the IP address in the IP/MAC Bindings table but a MAC address that does not match the MAC address in the IP/MAC Bindings table. •Host 3 has changed its IP address to 192.168.10.15. The packet has a MAC address that matches the MAC address in the IP/MAC Bindings table but an IP address that does not match the IP address in the IP/MAC Bindings table. In this example, the VPN firewall blocks the traffic coming from Host 2 and Host 3 but allows the traffic coming from Host 1 to any external network. The total count of dropped packets is displayed. Manage IP/MAC Bindings for IPv4 Traffic The following sections provide information about managing IP/MAC bindings for IPv4 traffic: •View and Set Up an IPv4/MAC Binding •Change an IPv4/MAC Binding •Remove One or More IPv4/MAC Bindings •Change the IP/MAC Binding Polling Interval for IPv4 Traffic and View the Number of Dropped Packets
Protect Your Network 316 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 View and Set Up an IPv4/MAC Binding The following procedure describes how to view existing IPv4/MAC bindings and set up a binding between a MAC address and an IPv4 address. To view existing bindings and set up a binding between a MAC address and an IPv4 address: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. The following figure shows a binding in the IP/MAC Bindings table as an example.
Protect Your Network 317 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. In the Email IP/MAC Violations section, specify if you want to enable email logs for IP/MAC binding violations by selecting one of the following radio buttons: •Ye s. The VPN firewall does email IP/MAC binding violations. As an option, click the Firewall Logs & E-mail page link to ensure that emailing of logs is enabled (see Enable and Schedule Emailing of Logs on page 569). •No. The VPN firewall does not email IP/MAC binding violations. Note:You must specify only once whether you want IP/MAC binding violations for IPv4 traffic to be logged and emailed. Your selection applies to all IPv4 IP/MAC bindings. 8. Click the Apply button. Your settings are saved. 9. In the IP/MAC Bindings sections, enter the settings as described in the following table. 10. Click the Add button. Your settings are saved. The new IP/MAC rule is added to the IP/MAC Bindings table. Change an IPv4/MAC Binding The following procedure describes how to change an existing binding between a MAC address and an IPv4 address. To change a binding between a MAC address and an IPv4 address: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. SettingDescription Name A descriptive name of the binding for identification and management purposes. MAC Address The MAC address of the computer or device that is bound to the IP address. IP Address The IPv4 address of the computer or device that is bound to the MAC address. Log Dropped PacketsTo log the dropped packets, select Enable from the menu. The default setting is Disable.
Protect Your Network 318 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. 7. In the IP/MAC Bindings table, click the Edit button for the IP/MAC binding that you want to change. The Edit IP/MAC Binding screen displays. 8. Change the settings. You can change the MAC address, IPv4 address, and logging status. For more information about the settings, see View and Set Up an IPv4/MAC Binding on page 316. 9. Click the Apply button. Your settings are saved. The modified IP/MAC binding displays in the IP/MAC Bindings table on the IP/MAC Binding screen. Remove One or More IPv4/MAC Bindings The following procedure describes how to remove one or more bindings between MAC addresses and IPv4 addresses that you no longer need. To remove one or more bindings between MAC addresses and IPv4 addresses: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain.
Protect Your Network 319 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. 7. In the IP/MAC Bindings table, select the check box to the left of each IP/MAC binding that you want to remove or click the Select All button to select all bindings. 8. Click the Delete button. The selected bindings are removed from the IP/MAC Bindings table. Change the IP/MAC Binding Polling Interval for IPv4 Traffic and View the Number of Dropped Packets The following procedure describes how to change the polling interval for the process that checks and enforces IP/MAC bindings for IPv4 traffic and view the number of dropped packets as a result of invalidated IP/MAC bindings. Change the IP/MAC binding polling interval for IPv4 traffic and view the number of dropped packets: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. 7. Click the Set Poll Interval option arrow in the upper right. The IP MAC Binding Poll Interval pop-up screen displays.