Home > Netgear > Router > Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

Download as PDF Print this page Share this page

Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

View all the pages

Add page 461 to Favourites

image text

Enable zoom

Set Up Virtual Private Networking with SSL Connections
459 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
7. In the List of Configured Applications for Port Forwarding table, to the right of the host
name that you want to remove, click the corresponding Delete button.
The IP address and port number are removed from the List of Configured Applications for
Port Forwarding table.
Configure the SSL VPN Client
The following sections provide information about configuring SSL VPN clients:
•SSL VPN Clients Overview
•Configure the Client IPv4 Address Range
•Add an IPv4 Route for VPN Tunnel Clients
•Configure the Client IPv6 Address Range
•Add an IPv6 Route for VPN Tunnel Clients
•Remove an IPv4 or IPv6 Client Route
SSL VPN Clients Overview
Note:The SSL VPN client does not apply if you configure port forwarding
capability for an SSL portal. The SSL VPN client applies only for VPN
tunnel capability.
The SSL VPN client on the VPN firewall assigns IP addresses to remote VPN tunnel clients.
Because the VPN tunnel connection is a point-to-point connection, you can assign IP
addresses from the local subnet to the remote VPN tunnel clients.
The following are some additional considerations for the SSL VPN client:
•To prevent the virtual (PPP) interface address of a VPN tunnel client from conflicting with
addresses on the local network, configure an IP address range that does not directly
overlap with addresses on your local network. For example, if 192.168.1.1 through
192.168.1.100 are assigned to devices on the local network, start the client address
range at 192.168.1.101, or choose an entirely different subnet altogether.
•The VPN tunnel client cannot contact a server on the local network if the VPN tunnel
client’s Ethernet interface shares the same IP address as the server or the VPN firewall.
(For example, if your computer has a network interface IP address of 10.0.0.45, you
cannot contact a server on the remote network that also has the IP address 10.0.0.45.)
•Select whether you want to enable full-tunnel or split-tunnel support based on your
bandwidth:
-A full tunnel sends all of the client’s traffic across the VPN tunnel.
-A split tunnel sends only traffic that is destined for the local network based on the
specified client routes. All other traffic is sent to the Internet. A split tunnel allows you
to manage bandwidth by reserving the VPN tunnel for local traffic only.

Add page 462 to Favourites

image text

Enable zoom

							Set Up Virtual Private Networking with SSL Connections 
460 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
•If you enable split-tunnel support and you assign an entirely different subnet to the VPN 
tunnel clients from the subnet that is used by the local network, you must add a client 
route to ensure that a VPN tunnel client connects to the local network over the VPN 
tunnel.
Configure the Client IPv4 Address Range
The following procedure describes how to define the client IPv4 address range.
To define the client IPv4 address range:
1. On your computer, launch an Internet browser.
2. In the address field of your browser, enter the IP address that was assigned to the VPN 
firewall during the installation process.
The VPN firewall factory default IP address is 192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.
3. In the Username field, type your user name and in the Password / Passcode field, type 
your password.
For the default administrative account, the default user name is admin and the default 
password is password.
4. If you changed the default domain or were assigned a domain, from the Domain menu, 
select the domain.
If you did not change the domain or were not assigned a domain, leave the menu 
selection at geardomain.
5. Click the Login button.
The Router Status screen displays.
6. Select VPN > SSL VPN > SSL VPN Client. 
The SSL VPN Client screen displays the IPv4 settings. The following figure shows an 
example.

Add page 463 to Favourites

image text

Enable zoom

Set Up Virtual Private Networking with SSL Connections
461 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
7. In the Client IP Address Range section, enter the settings as described in the following table.
8. Click the Apply button.
SettingDescription
Enable Full Tunnel Support Select this check box to enable full-tunnel support. Full tunnel support
provides clients access to the entire LAN network.
If you leave this check box cleared (which is the default setting), full-tunnel
support is disabled but split-tunnel support is enabled. You must add one or
more IPv4 client routes to provide clients access to specific networks (see
Add an IPv4 Route for VPN Tunnel Clients on page
462).
Note:When full-tunnel support is enabled, client routes are not operable.
DNS Suffix A DNS suffix to be appended to incomplete DNS search strings. This setting
is optional.
Primary DNS Server The IP address of the primary DNS server that is assigned to the VPN tunnel
clients. This setting is optional.
Note:If you do not assign a DNS server, the DNS settings remain unchanged
in the SSL VPN client after a VPN tunnel is established.
Secondary DNS Server The IP address of the secondary DNS server that is assigned to the VPN
tunnel clients. This setting is optional.
Client Address Range Begin The first IP address of the IPv4 address range that you want to assign to the
VPN tunnel clients. By default, the first IPv4 address is 192.168.251.1.
Client Address Range End The last IP address of the IPv4 address range that you want to assign to the
VPN tunnel clients. By default, the last IPv4 address is 192.168.251.254.

Add page 464 to Favourites

image text

Enable zoom

Set Up Virtual Private Networking with SSL Connections
462 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Your settings are saved. VPN tunnel clients are now able to connect to the VPN firewall
and receive a virtual IPv4 address in the client address range.
Add an IPv4 Route for VPN Tunnel Clients
If the assigned client IPv4 address range is in a different subnet from the local network, or if
the local network has multiple subnets, or if you select split-tunnel operation, you must define
client routes.
To add an IPv4 route for SSL VPN tunnel clients:
1. On your computer, launch an Internet browser.
2. In the address field of your browser, enter the IP address that was assigned to the VPN
firewall during the installation process.
The VPN firewall factory default IP address is 192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.
3. In the Username field, type your user name and in the Password / Passcode field, type
your password.
For the default administrative account, the default user name is admin and the default
password is password.
4. If you changed the default domain or were assigned a domain, from the Domain menu,
select the domain.
If you did not change the domain or were not assigned a domain, leave the menu
selection at geardomain.
5. Click the Login button.
The Router Status screen displays.
6. Select VPN > SSL VPN > SSL VPN Client.
The SSL VPN Client screen displays the IPv4 settings. The following figure shows an
example.

Add page 465 to Favourites

image text

Enable zoom

							Set Up Virtual Private Networking with SSL Connections 
463  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
7. In the Add Routes for VPN Tunnel Clients section, complete the following fields:
•Destination Network. The IPv4 address of the local destination network or subnet 
that provides access to one or more port forwarding applications and services.
•Subnet Mask. The subnet mask for the local destination or subnet.
8. Click the Add button.
The new client route is added to the Configured Client Routes table.
Note:If VPN tunnel clients are already connected, you can disconnect the 
clients (see 
View the VPN Firewall SSL VPN Connection Status and 
Disconnect Active Users on page 444) to allow them to receive new 
addresses and routes when they reconnect.
Configure the Client IPv6 Address Range
If you enabled IPv6 (see Manage the IPv6 Routing Mode on page 88), you can define the 
IPv6 address range to be assigned to VPN tunnel clients.
To define the client IPv6 address range:
1. On your computer, launch an Internet browser.
2. In the address field of your browser, enter the IP address that was assigned to the VPN 
firewall during the installation process.
The VPN firewall factory default IP address is 192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.

Add page 466 to Favourites

image text

Enable zoom

							Set Up Virtual Private Networking with SSL Connections 
464 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
3. In the Username field, type your user name and in the Password / Passcode field, type 
your password.
For the default administrative account, the default user name is admin and the default 
password is password.
4. If you changed the default domain or were assigned a domain, from the Domain menu, 
select the domain.
If you did not change the domain or were not assigned a domain, leave the menu 
selection at geardomain.
5. Click the Login button.
The Router Status screen displays.
6. Select VPN > SSL VPN > SSL VPN Client. 
The SSL VPN Client screen displays the IPv4 settings.
7. In the upper right, select the IPv6 radio button.
The SSL VPN Client screen displays the IPv6 settings. The following figure shows an 
example.

Add page 467 to Favourites

image text

Enable zoom

Set Up Virtual Private Networking with SSL Connections
465 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
8. In the Client IP Address Range section, enter the settings as described in the following table.
9. Click the Apply button.
Your settings are saved. VPN tunnel clients are now able to connect to the VPN firewall
and receive a virtual IPv6 address in the client address range.
Add an IPv6 Route for VPN Tunnel Clients
If the assigned client IPv6 address range is different from the local network address range, or
if the local network uses multiple address ranges, or if you select split-tunnel operation, you
must define IPv6 client routes.
To add an IPv6 route for SSL VPN tunnel clients:
1. On your computer, launch an Internet browser.
2. In the address field of your browser, enter the IP address that was assigned to the VPN
firewall during the installation process.
The VPN firewall factory default IP address is 192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.
3. In the Username field, type your user name and in the Password / Passcode field, type
your password.
For the default administrative account, the default user name is admin and the default
password is password.
4. If you changed the default domain or were assigned a domain, from the Domain menu,
select the domain.
If you did not change the domain or were not assigned a domain, leave the menu
selection at geardomain.
5. Click the Login button.
The Router Status screen displays.
6. Select VPN > SSL VPN > SSL VPN Client.
The SSL VPN Client screen displays the IPv4 settings.
SettingDescription
Enable Full Tunnel Support Select this check box to enable full-tunnel support. If you leave this check box
cleared (which is the default setting), full-tunnel support is disabled but
split-tunnel support is enabled and you must add an IPv6 client route (see
Add an IPv6 Route for VPN Tunnel Clients on page
465).
Note:When full-tunnel support is enabled, client routes are not operable.
Client IPv6 Address Range
BeginThe first IP address of the IPv6 address range that you want to assign to the
VPN tunnel clients. By default, the first IPv6 address is 4000::1.
Client IPv6 Address Range
EndThe last IP address of the IPv6 address range that you want to assign to the
VPN tunnel clients. By default, the last IPv6 address is 4000::200.

Add page 468 to Favourites

image text

Enable zoom

							Set Up Virtual Private Networking with SSL Connections 
466 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
7. In the upper right, select the IPv6 radio button.
The SSL VPN Client screen displays the IPv6 settings. The following figure shows 
examples.
8. In the Add Routes for VPN Tunnel Clients section, complete the following fields:
•Destination Network. The IPv6 address of the local destination network that 
provides access to one or more port forwarding applications and services.
•Prefix Length. The prefix length for the local destination network.
9. Click the Add button.
The new client route is added to the Configured Client Routes table.
Note:If VPN tunnel clients are already connected, you can disconnect the 
clients (see 
View the VPN Firewall SSL VPN Connection Status and 
Disconnect Active Users on page 444) to allow them to receive new 
addresses and routes when they reconnect.
Remove an IPv4 or IPv6 Client Route
The following procedure describes how to remove a client route that you no longer need.
To remove an IPv4 or IPv6 client route:
1. On your computer, launch an Internet browser.

Add page 469 to Favourites

image text

Enable zoom

Set Up Virtual Private Networking with SSL Connections
467 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
2. In the address field of your browser, enter the IP address that was assigned to the VPN
firewall during the installation process.
The VPN firewall factory default IP address is 192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.
3. In the Username field, type your user name and in the Password / Passcode field, type
your password.
For the default administrative account, the default user name is admin and the default
password is password.
4. If you changed the default domain or were assigned a domain, from the Domain menu,
select the domain.
If you did not change the domain or were not assigned a domain, leave the menu
selection at geardomain.
5. Click the Login button.
The Router Status screen displays.
6. Select VPN > SSL VPN > SSL VPN Client.
The SSL VPN Client screen displays the IPv4 settings.
7. To remove an IPv6 client route instead of an IPv4 client route, in the upper right, select the
IPv6 radio button.
The SSL VPN Client screen displays the IPv6 settings.
8. In the Configured Client Routes table, to the right of the route that you want to remove, click
the corresponding Delete button.
The route is removed from the Configured Client Routes table.
Manage Network Resource Objects to Simplify Policies
The following sections provide information about managing network resource objects for SSL
port forwarding:
•Network Objects Overview
•Add an SSL Network Resource
•Define or Change an IPv4 or IPv6 Network Resource and Resource Address
•Remove One or More SSL Network Resources
•Remove an IPv4 or IPv6 SSL Resource Address Configuration
Network Objects Overview
Network resources are groups of IP addresses, IP address ranges, and applications and
services. By defining resource objects, you can more quickly create and configure network
policies. You do not need to redefine the same set of IP addresses or address ranges when
you configure the same access policies for multiple users.

Add page 470 to Favourites

image text

Enable zoom

Set Up Virtual Private Networking with SSL Connections
468 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Defining network resources is optional; smaller organizations can choose to create access
policies using individual IP addresses or IP networks rather than predefined network
resources. But for most organizations, NETGEAR recommends that you use network
resources. If your server or network configuration changes, you can perform an update
quickly by using network resources instead of individually updating all of the user and group
policies.
Add an SSL Network Resource
The resource name and service are independent of the IP version. However, the resource
definition (see
Define or Change an IPv4 or IPv6 Network Resource and Resource Address
on page 469) depends on the IP version because you can assign either an IPv4 or an IPv6
address or network.
To add an IPv4 or IPv6 SSL network resource:
1. On your computer, launch an Internet browser.
2. In the address field of your browser, enter the IP address that was assigned to the VPN
firewall during the installation process.
The VPN firewall factory default IP address is 192.168.1.1.
The NETGEAR Configuration Manager Login screen displays.
3. In the Username field, type your user name and in the Password / Passcode field, type
your password.
For the default administrative account, the default user name is admin and the default
password is password.
4. If you changed the default domain or were assigned a domain, from the Domain menu,
select the domain.
If you did not change the domain or were not assigned a domain, leave the menu
selection at geardomain.
5. Click the Login button.
The Router Status screen displays.
6. Select VPN > SSL VPN > Resources.
The Resources screen displays. The following figure shows some resources in the List of
Resources table as an example.

All Netgear manuals Comments (0)

Related Manuals for Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

Netgear Ac1450 802 11ac Dual Band Gigabit Smart Wifi Router User Manual
128 pages | Netgear Router
Netgear C3000 N300 Wifi Cable Modem Router User Manual
103 pages | Netgear Router
Netgear C3700 N600 Wifi Cable Modem Router User Manual
101 pages | Netgear Router
Netgear C6220 Docsis 3 0 High Speed Wifi Cable Modem Router User Manual
103 pages | Netgear Router
Netgear C6250 Ac1600 Wifi Cable Modem Router User Manual
198 pages | Netgear Router
Netgear C6300 Ac1750 Wifi Cable Modem Router User Manual
102 pages | Netgear Router
Netgear C6900 High Speed Cable Modem Router User Manual
91 pages | Netgear Router
Netgear C7000 Nighthawk Ac1900 Wifi Cable Modem Router User Manual
110 pages | Netgear Router
Netgear C7100v High Speed Cable Modem Router User Manual
124 pages | Netgear Router
Netgear Centria Wndr4700 Wndr4720 Media Storage Router User Manual
140 pages | Netgear Router