Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Configure the IPv4 Internet and WAN Settings 51 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. In the Load Balancing Settings section, configure the following settings: a.Select the Load Balancing Mode radio button. b. From the corresponding menu on the right, select a load balancing method: •Weighted LB. With weighted load balancing, balance weights are calculated based on WAN link speed and available WAN bandwidth. This is the default setting and most efficient load balancing algorithm. •Round-robin. With round-robin load balancing, new traffic connections are sent over a WAN link in a serial method irrespective of bandwidth or link speed. For example, if the WAN1 and WAN2 interfaces are active in round-robin load balancing mode, an HTTP request could first be sent over the WAN1 interface and then a new FTP session could start on the WAN2 interface. This load balancing method ensures that a single WAN interface does not carry a disproportionate distribution of sessions. 8. Click the Apply button. Your settings are saved. Configure Protocol Binding Rules for IPv4 Interfaces Protocol bindings are optional in a load balancing configuration. The following procedure describes how to configure a protocol binding rule. To configure a protocol binding rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1.
Configure the IPv4 Internet and WAN Settings 52 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Protocol Binding. The Protocol Bindings screen displays. The following figure shows two examples in the Protocol Bindings table. The Protocol Bindings table displays the following fields: •Check box. Allows you to select the protocol binding rule in the table. •Status icon. Indicates the status of the protocol binding rule: -Green circle. The protocol binding rule is enabled. -Gray circle. The protocol binding rule is disabled. •Service. The service or protocol for which the protocol binding rule is set up. •Local Gateway. The WAN interface to which the service or protocol is bound. •Source Network. The computers or groups on your network that are covered by the protocol binding rule. •Destination Network. The Internet locations (based on their IP address) or groups that are covered by the protocol binding rule. •Action. The Edit button, which provides access to the Edit Protocol Binding screen for the corresponding service. 7. Click the Add button below the Protocol Binding table. The Add Protocol Binding screen displays.
Configure the IPv4 Internet and WAN Settings 53 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Configure the protocol binding settings as described in the following table. 9. Click the Apply button. SettingDescription Service From the menu, select a service or application to be covered by this rule. If the service or application does not appear in the list, you must define it (see Manage Customized Services on page 280). Local Gateway From the menu, select a WAN interface. Source Network The source network settings determine which computers on your network are covered by this rule. Select an option from the Source Network menu: • Any. All devices on your LAN. • Single Address. In the Start IP field, enter the IP address to which the rule is applied. • Address Range. In the Start IP field and End IP field, enter the IP addresses for the range to which the rule is applied. • GROUP1-GROUP8 or a group name. The rule is applied to the selected group. The group can be a LAN group or an IP LAN group. For information about LAN groups, see Manage IPv4 LAN Groups and Hosts on page 132. The Destination Network menu displays only IP LAN group names that you added. If you did not add any IP LAN groups, the menu does not display IP LAN groups. For information about IP groups, see Manage IP Address Groups on page 288. Destination NetworkThe destination network settings determine which Internet locations (based on their IP addresses) are covered by the rule. Select an option from the Destination Network menu: • Any. All Internet IP addresses. • Single Address. In the Start IP field, enter the IP address to which the rule is applied. • Address Range. In the Start IP field and End IP field, enter the IP addresses for the range to which the rule is applied. • Group name. The rule is applied to the selected IP WAN group. The Destination Network menu displays only IP WAN group names that you added. If you did not add any IP WAN groups, the menu does not display IP WAN groups. For information about IP groups, see Manage IP Address Groups on page 288.
Configure the IPv4 Internet and WAN Settings 54 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Your settings are saved. The protocol binding rule is added to the Protocol Binding table. The rule is automatically enabled, which is indicated by a green circle in the ! status icon column. Change a Protocol Binding Rule The following procedure describes how to change an existing protocol binding rule. To change a protocol binding rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Protocol Binding. The Protocol Bindings screen displays. 7. In the Protocol Bindings table, click the Edit button for the binding that you want to change. The Edit Protocol Bindings screen displays. 8. Change the settings. For more information about the settings, see Configure Protocol Binding Rules for IPv4 Interfaces on page 51. 9. Click the Apply button. Your settings are saved. The modified protocol binding displays in the Protocol Bindings table on the Protocol Bindings screen. Manage Existing Protocol Binding Rules The following procedure describes how to enable or disable existing protocol binding rules or remove protocol binding rules that you no longer need.
Configure the IPv4 Internet and WAN Settings 55 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To enable, disable, or remove one or more protocol binding rules: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > Protocol Binding. The Protocol Bindings screen displays. 7. In the Protocol Bindings table, select the check box to the left of each protocol binding that you want to enable, disable, or remove or click the Select All button to select all bindings. 8. Click one of the following buttons: •Enable. Enables the selected protocol bindings. The ! status icons change from gray circles to green circles, indicating that the selected bindings are enabled. (By default, when you add a binding to the table, the binding is automatically enabled.) •Disable. Disables the selected protocol bindings. The ! status icons change from green circles to gray circles, indicating that the selected bindings are disabled. •Delete. Removes the selected protocol bindings. The selected bindings are removed from the Protocol Bindings table.
Configure the IPv4 Internet and WAN Settings 56 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Configure the Auto-Rollover Mode and Failure Detection Method for IPv4 Interfaces Instead of using two WAN interfaces simultaneously in a load balancing configuration, you can use one WAN interface as the primary link and the other WAN interface as the backup link for increased reliability. The following sections provide information about configuring auto-rollover mode and the failure detection method for IPv4 interfaces: •Auto-Rollover Mode and Failure Detection •Configure Auto-Rollover Mode for IPv4 WAN Interfaces •Configure the Failure Detection Method for IPv4 WAN Interfaces Auto-Rollover Mode and Failure Detection To use a redundant ISP link for backup purposes, ensure that the backup WAN interface is configured. Then select the WAN interface that must function as the primary link for this mode and configure the WAN failure detection method to support auto-rollover. When the VPN firewall is configured in auto-rollover mode, it uses the selected WAN failure detection method to detect the status of the primary link connection at regular intervals. For IPv4 interfaces, the VPN firewall detects link failure in one of the following ways: •By sending DNS queries to a DNS server •By sending a ping request to an IP address From the primary WAN interface, DNS queries or ping requests are sent to the specified IP address. If replies are not received, after a specified number of retries, the primary WAN interface is considered down and a rollover to the backup WAN interface occurs. When the primary WAN interface comes back up, another rollover occurs from the backup WAN interface back to the primary WAN interface. The WAN failure detection method that you select applies only to the primary WAN interface, that is, it monitors the primary link only. Configure Auto-Rollover Mode for IPv4 WAN Interfaces The following procedure describes how to configure auto-rollover mode for IPv4 WAN interfaces. To configure auto-rollover mode for IPv4 WAN interfaces: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Configure the IPv4 Internet and WAN Settings 57 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > WAN Settings > WAN Mode. The WAN Mode screen displays. 7. In the Load Balancing Settings section, configure the following settings: a.Select the Primary WAN Mode radio button. b. From the corresponding menu on the right, select a WAN interface to function as the primary WAN interface. The other WAN interface becomes disabled. c. Select the Auto Rollover check box. d. From the corresponding menu on the right, select a WAN interface to function as the backup WAN interface. Note:Ensure that the backup WAN interface is configured before enabling auto-rollover mode. 8. Click the Apply button.
Configure the IPv4 Internet and WAN Settings 58 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Your settings are saved. Configure the Failure Detection Method for IPv4 WAN Interfaces The following procedure describes how to configure the failure detection method for IPv4 WAN interfaces that function in auto-rollover mode. To configure the failure detection method for IPv4 WAN interfaces: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > WAN Settings > WAN Setup. The WAN Setup screen displays the IPv4 settings. 7. In the WAN IPv4 Settings table, click the Edit button for the WAN interface that you selected as the primary WAN interface. The WAN IPv4 ISP Settings screen displays. 8. Click the Advanced option arrow in the upper right. The WAN Advanced Options screen displays for the WAN interface that you selected. 9. Locate the Failure Detection Method section. 10. Enter the settings as described in the following table.
Configure the IPv4 Internet and WAN Settings 59 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Note:The default time to roll over after the primary WAN interface fails is two minutes. The minimum test period is 30 seconds, and the minimum number of tests is 2. 11. Click the Apply button. Your settings are saved. Note:You can configure the VPN firewall to generate a WAN status log and email this log to a specified address (see Manage Logging, Alerts, and Event Notifications on page 567). Manage Secondary IPv4 WAN Addresses The following sections provide information about managing secondary IPv4 WAN addresses: •Secondary IPv4 WAN Addresses •Add a Secondary WAN Address to a WAN IPv4 Interface SettingDescription Failure Detection MethodSelect a failure detection method: • WAN DNS. DNS queries are sent to the WAN DNS server that you configured for the WAN interface (see Configure the IPv4 Internet Connection and WAN Settings on page 30). • Custom DNS. DNS queries are sent to a DNS server that you must specify in the DNS Server field. • Ping. Pings are sent to a public IP address that you must specify in the IP Address field. Note:DNS queries or pings are sent through the WAN interface that is being monitored. The retry interval and number of failover attempts determine how quickly the VPN firewall switches from the primary link to the backup link if the primary link fails, or when the primary link comes back up, switches back from the backup link to the primary link. DNS Server The IP address of the DNS server. IP Address The IP address of the interface that must receive the ping request. The interface must not reject the ping request and must not consider ping traffic to be abusive. Retry Interval is The retry interval in seconds. The DNS query or ping is sent after every retry interval. The default retry interval is 30 seconds. Failover after The number of failover attempts. The primary WAN interface is considered down after the specified number of queries has failed to elicit a reply. The backup interface is brought up after this situation occurs. The failover default is 4 failures.
Configure the IPv4 Internet and WAN Settings 60 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •Remove One or More Secondary WAN Addresses Secondary IPv4 WAN Addresses You can set up a single WAN Ethernet port to be accessed through multiple IPv4 addresses by adding aliases to the port. An alias is a secondary WAN address. One advantage is, for example, that you can assign different virtual IP addresses to a web server and an FTP server, even though both servers use the same physical IP address. You can add several secondary IP addresses to a single WAN port. After you configure secondary WAN addresses, you can assign these addresses as follows when you configure firewall rules: •As a WAN destination IP address for a LAN WAN inbound firewall rule (see Add LAN WAN Inbound Service Rules on page 228). •As a WAN destination IP address for a DMZ WAN inbound firewall rule (see Add DMZ WAN Inbound Service Rules on page 237). •As a NAT IP address for a LAN WAN outbound firewall (see Add LAN WAN Outbound Service Rules on page 223). •As a NAT IP address for a DMZ WAN outbound firewall (see Add DMZ WAN Outbound Service Rules on page 233). For more information about firewall rules, see Overview of Rules to Block or Allow Specific Kinds of Traffic on page 210. Make sure that any secondary WAN addresses are different from the primary WAN, LAN, and DMZ IP addresses that are already configured on the VPN firewall. However, primary and secondary WAN addresses can be in the same subnet. The following is an example of correctly configured IP addresses: •Primary WAN1 IP address. 10.0.0.1 with subnet 255.0.0.0 •Secondary WAN1 IP address. 30.0.0.1 with subnet 255.0.0.0 •Primary WAN2 IP address. 20.0.0.1 with subnet 255.0.0.0 •Secondary WAN2 IP address. 40.0.0.1 with subnet 255.0.0.0 •DMZ IP address. 192.168.10.1 with subnet 255.255.255.0 •Primary LAN IP address. 192.168.1.1 with subnet 255.255.255.0 •Secondary LAN IP address. 192.168.20.1 with subnet 255.255.255.0 Add a Secondary WAN Address to a WAN IPv4 Interface The following procedure describes how to add a secondary WAN address to a WAN IPv4 interface. To add a secondary WAN address to a WAN IPv4 interface: 1. On your computer, launch an Internet browser.