Home > Netgear > Router > Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    Page
    of 691
    							Monitor System Access and Performance 
    569  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
    8. Click the Apply button.
    Your settings are saved.
    Enable and Schedule Emailing of Logs
    Although you can view the logs onscreen, the VPN firewall provides the convenience of 
    emailing the logs to a specific email address.
    To enable and schedule emailing of logs:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter the IP address that was assigned to the VPN 
    firewall during the installation process.
    The VPN firewall factory default IP address is 192.168.1.1.
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    System Logs Option
    Select which system events are logged:
    • Change of Time by NTP. Logs a message when the system time changes after a request from an 
    NTP server. 
    • Login Attempts. Logs a message when a login is attempted. Both successful and failed login attempts 
    are logged.
    • Secure Login Attempts. Logs a message when a secure login is attempted. Both successful and 
    failed secure login attempts are logged.
    • Reboots. Logs a message when the VPN firewall is rebooted through the web management interface. 
    (No message is logged when you press the Factory Defaults reset button.)
    • All Unicast Traffic. Logs all incoming unicast packets.
    • All Broadcast/Multicast Traffic. Logs all incoming broadcast and multicast packets.
    • WAN Status. Logs WAN link status–related events.
    • Resolved DNS Names. Logs all resolved DNS names.
    • VPN. Logs all VPN negotiation messages.
    • DHCP Server. Logs all DHCP server messages.
    Other Event Logs
    Source MAC Filter Select this check box to log packets from MAC addresses that match the source 
    MAC address filter settings.
    Session Limit Select this check box to log packets that are dropped because the session limit is 
    exceeded.
    Bandwidth Limit Select this check box to log packets that are dropped because the bandwidth limit 
    is exceeded.
    SettingDescription 
    						
    							Monitor System Access and Performance 
    570 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
    For the default administrative account, the default user name is admin and the default 
    password is password.
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain.
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    The Router Status screen displays.
    6. Select Monitoring > Firewall Logs & E-mail.
    The Firewall Logs & E-mail screen displays. The following figure shows the middle 
    section only.
    7. Enter the settings as described in the following table.
    SettingDescription
    Enable E-mail Logs
    In the Do you want logs to be emailed to you? section, select the Ye s radio button to enable the VPN 
    firewall to email logs to a specified email address. Complete the fields on the right.
    By default, the No radio button is selected to prevent the logs from being emailed.
    E-Mail Server Address The IP address or Internet name of your ISP’s outgoing email SMTP server. 
    Note:If you leave this field blank, the VPN firewall cannot send email logs and 
    alerts. 
    Return E-Mail Address The email address of the sender for email identification purposes. For example, 
    enter [email protected]. 
    						
    							Monitor System Access and Performance 
    571  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
    8. Click the Apply button.
    Your settings are saved.
    Enable the Syslogs
    If you have a syslog server, you can enable the syslog of the VPN firewall. For information 
    about sending syslogs from one site to another over a gateway-to-gateway VPN tunnel, see 
    Send Syslogs over a VPN Tunnel Between Sites on page 576.
    To enable the syslogs:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter the IP address that was assigned to the VPN 
    firewall during the installation process.
    The VPN firewall factory default IP address is 192.168.1.1.
    Send to E-Mail 
    AddressThe email address to which the logs are sent. Typically, this is the email address of 
    the administrator.
    Custom SMTP Port The port number of the SMTP server for the outgoing email.
    Select the SMTP server authentication for the outgoing email:
    • No Authentication. The SMTP server does not require authentication.
    • Login Plain. The SMTP server requires authentication with regular login. Specify the user name and 
    password to be used for authentication.
    • CRAM-MD5. The SMTP server requires authentication with CRAM-MD5 login. Specify the user name 
    and password to be used for authentication.
    Username The user name for SMTP server authentication.
    Password The password for SMTP server authentication.
    Respond to Identd 
    from SMTP ServerTo respond to Ident protocol messages, select the Respond to Identd from 
    SMTP Server check box. The Ident protocol is a relatively weak scheme to verify 
    the sender of an email. (A common daemon program for providing the Ident 
    service is Identd.)
    Send e-mail logs by Schedule
    Unit Enter a schedule for sending the logs. From the Unit menu, select one of the 
    following:
    • Hourly. The VPN firewall sends logs every hour.
    • Daily. The VPN firewall sends logs daily. Specify the time and meridiem.
    • Weekly. The VPN firewall sends logs weekly. Specify the day, time, and 
    meridiem.
    By default, the menu selection is Never and the VPN firewall does not send logs.
    Day From the Day menu, select the day on which the VPN firewall sends logs.
    Time From the Time menu, select the hour on which the VPN firewall sends logs and 
    select either the a.m. or p.m. radio button.
    SettingDescription 
    						
    							Monitor System Access and Performance 
    572 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    For the default administrative account, the default user name is admin and the default 
    password is password.
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain.
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    The Router Status screen displays.
    6. Select Monitoring > Firewall Logs & E-mail.
    The Firewall Logs & E-mail screen displays. The following figure shows the bottom 
    section only.
    7. Enter the settings as described in the following table.
    SettingDescription
    Enable SysLogs
    Do you want to enable syslog?
    To enable the VPN firewall to send logs to a specified syslog server, select the Ye s radio button. Complete 
    the fields on the right. 
    To prevent the logs from being sent, select the No radio button, which is the default setting. 
    						
    							Monitor System Access and Performance 
    573  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
    8. Click the Apply button.
    Your settings are saved.
    View the Routing Logs, System Logs, and Other Event Logs
    You can view the routing logs, system logs, and other event logs onscreen. You can 
    manually send the logs to an email address and clear the logs.
    To view the routing logs, system logs, and other event logs and send the logs to an 
    email address or clear the logs:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter the IP address that was assigned to the VPN 
    firewall during the installation process.
    The VPN firewall factory default IP address is 192.168.1.1.
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    For the default administrative account, the default user name is admin and the default 
    password is password.
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain.
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    The Router Status screen displays.
    SysLog Server The IP address or FQDN of the syslog server.
    SysLog Severity All the logs with a severity that is equal to and above the severity that you 
    specify are logged on the specified syslog server. For example, if you select 
    LOG_CRITICAL as the severity, the logs with the severities LOG_CRITICAL, 
    LOG_ALERT, and LOG_EMERG are logged. 
    Select a syslog severity from the menu:
    • LOG DEBUG. Debug-level messages.
    • LOG INFO. Informational messages.
    • LOG NOTICE. Normal but significant conditions.
    • LOG WARNING. Warning conditions.
    • LOG ERROR. Error conditions.
    • LOG CRITICAL. Critical conditions.
    • LOG ALERT. An  action  must  be  taken  immediately.
    • LOG EMERG. The VPN firewall is unusable.
    SettingDescription 
    						
    							Monitor System Access and Performance 
    574 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
    6. Select Monitoring > Firewall Logs & E-mail.
    The Firewall Logs & E-mail screen displays.
    7. Click the View Log option arrow in the upper right.
    The View Log screen displays the logs.
    8. To send the logs to the email address that is specified on the Firewall Logs & E-mail 
    screen, click the Send Log button.
    9. To clear the logs, click the Clear Log button.
    10. To refresh the information onscreen, click the Refresh Log button.
    View the DNS Logs
    The VPN firewall logs a message when a DNS address is resolved for a LAN host. You can 
    view the DNS logs onscreen. 
    To view the DNS logs or clear the DNS logs:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter the IP address that was assigned to the VPN 
    firewall during the installation process.
    The VPN firewall factory default IP address is 192.168.1.1.
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    For the default administrative account, the default user name is admin and the default 
    password is password.
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain. 
    						
    							Monitor System Access and Performance 
    575  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    The Router Status screen displays.
    6. Select Monitoring > Firewall Logs & E-mail. 
    The Firewall Logs & E-mail screen displays.
    7. Click the DNS Logs option arrow in the upper right.
    The DNS Logs screen displays.
    8. To clear the logs, click the Clear Log button.
    9. To refresh the information onscreen, click the Refresh Log button.
    View the NTP Logs
    The VPN firewall logs a message when an NTP event occurs. You can view the NTP logs 
    onscreen. 
    To view the NTP logs or clear the NTP logs:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter the IP address that was assigned to the VPN 
    firewall during the installation process.
    The VPN firewall factory default IP address is 192.168.1.1.
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    For the default administrative account, the default user name is admin and the default 
    password is password. 
    						
    							Monitor System Access and Performance 
    576 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain.
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    The Router Status screen displays.
    6. Select Monitoring > Firewall Logs & E-mail. 
    The Firewall Logs & E-mail screen displays.
    7. Click the NTP Logs option arrow in the upper right.
    The NTP Logs screen displays.
    8. To clear the logs, click the Clear Log button.
    9. To refresh the information onscreen, click the Refresh Log button.
    Send Syslogs over a VPN Tunnel Between Sites
    This section describes how to send syslogs from one site to another over a 
    gateway-to-gateway VPN tunnel.
    The high-level steps that describe the actions that you must take to send syslogs from one 
    site to another over a gateway-to-gateway VPN tunnel, that is, a VPN tunnel between two 
    VPN firewalls:
    1. At Site 1, set up a syslog server that is connected to Gateway 1.
    2. At Site 1, set up a VPN tunnel between Gateway 1 and Gateway 2 at Site 2 (see Configure 
    the VPN Tunnel on Gateway 1 at Site 1 on page 577).
    3. At Site 1, change the remote IP address in the VPN policy on Gateway 1 to the WAN IP 
    address of Gateway 2 at Site 2 (see 
    Change the Remote IP Address in the VPN Policy on 
    Gateway 1 at Site 1 on page 578). 
    						
    							Monitor System Access and Performance 
    577  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
    4. At Site 2, set up a VPN tunnel between Gateway 2 and Gateway 1 at Site 1 (see Configure 
    the VPN Tunnel on Gateway 2 at Site 2 on page 579)
    5. At Site 2, change the local IP address in the VPN policy on Gateway 2 to the WAN IP 
    address of Gateway 2 (see 
    Change the Remote IP Address in the VPN Policy on Gateway 
    2 at Site 2 on page 580).
    6. At Site 2, specify that Gateway 2 must send the syslogs to the syslog server at Site 1 (see 
    On the Gateway at Site 2, Specify the Syslog Server on Site 1 on page 581).
    The sections listed describe Steps 2 through 6, using the topology that is described in the 
    following table.
    After you have completed the steps, the VPN tunnel is established automatically and the 
    syslogs are sent to the syslog server at Site 1. For information about verifying the VPN 
    connection, see 
    View the VPN Connection Status, L2TP Users, and PPTP Users on 
    page 592.
    Configure the VPN Tunnel on Gateway 1 at Site 1
    The following procedure describes how to set up a VPN tunnel at Site 1 between Gateway 1 at 
    Site 1 and Gateway 2 at Site 2.
    To create a gateway-to-gateway VPN tunnel on Gateway 1 at Site 1 to Gateway 2 at 
    Site   2, using the IPSec VPN wizard:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter 10.0.0.1 if you log in from the WAN or enter 
    192.168.10.0 if you log in from the LAN.
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    For the default administrative account, the default user name is admin and the default 
    password is password.
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain.
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    Type of AddressGateway 1 at Site 1Gateway 2 at Site 2
    WAN IP address 10.0.0.1 10.0.0.2
    LAN IP address 192.168.10.0 192.168.20.0
    LAN subnet mask 255.255.255.0 255.255.255.0
    LAN IP address syslog server 192.168.10.2 Not applicable 
    						
    							Monitor System Access and Performance 
    578 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
    The Router Status screen displays.
    6. Select VPN > IPSec VPN > VPN Wizard. 
    The VPN Wizard screen displays.
    7. Configure a gateway-to-gateway VPN tunnel using the following information:
    •Connection name. Any name of your choice
    •Pre-shared key. Any key of your choice
    •Remote WAN IP address. 10.0.0.2
    •Local WAN IP address. 10.0.0.1
    •Remote LAN IP address. 192.168.20.0
    •Remote LAN subnet mask. 255.255.255.0
    8. Click the Apply button.
    Your settings are saved.
    Change the Remote IP Address in the VPN Policy on Gateway 1 at Site 1
    The following procedure describes how to change the remote IP address in the VPN policy on 
    Gateway 1 at Site 1 to the WAN IP address of Gateway 2 at Site 2.
    To change the remote IP address in the VPN policy on Gateway 1 at Site 1:
    1. On your computer, launch an Internet browser.
    2. In the address field of your browser, enter 10.0.0.1 if you log in from the WAN or enter 
    192.168.10.0 if you log in from the LAN.
    The NETGEAR Configuration Manager Login screen displays.
    3. In the Username field, type your user name and in the Password / Passcode field, type 
    your password.
    For the default administrative account, the default user name is admin and the default 
    password is password.
    4. If you changed the default domain or were assigned a domain, from the Domain menu, 
    select the domain.
    If you did not change the domain or were not assigned a domain, leave the menu 
    selection at geardomain.
    5. Click the Login button.
    The Router Status screen displays.
    Select VPN > IPSec VPN > VPN Policies.
    The VPN Policy screen displays.
    6. Next to the policy name for the Gateway 1–to–Gateway 2 autopolicy, click the Edit button.
    The Edit VPN Policy screen displays. 
    						
    All Netgear manuals Comments (0)

    Related Manuals for Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual