Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Diagnostics and Troubleshooting 609 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To display the routing table: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > Diagnostics. The Diagnostics screen displays the IPv4 settings. 7. To display the IPv6 routing table instead of the IPv4 routing table, in the upper right, select the IPv6 radio button. The Diagnostics screen displays the IPv6 settings. 8. In the Router Options section, click the Display button. The Route Display pop-up screen displays the routing table. Capture Packets in Real Time Capturing packets can assist NETGEAR technical support in diagnosing packet transfer problems. You can also use a traffic analyzer to do your own problem diagnoses. To capture and download packets in real time: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Diagnostics and Troubleshooting 610 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > Diagnostics. The Diagnostics screen displays the IPv4 settings. 7. To capture IPv6 packets instead of the IPv4 packets, in the upper right, select the IPv6 radio button. The Diagnostics screen displays the IPv6 settings. 8. In Router Options section, click the Packet Trace button. The Capture Packets pop-up screen displays. 9. From the Select Network menu, select the physical or virtual interface for which you want to capture packets. 10. Click the Start button. After a few seconds, the packet-tracing process starts, which is indicated by a message onscreen. 11. To stop the packet-tracing process, click the Stop button. After a few seconds, the packet-tracing process stops, which is indicated by a message onscreen. 12. Click the Download button. 13. Select a location to save the captured packets. The file downloads to the location that you specify. The default file name is pkt.cap. 14. When the download is complete, browse to the download location you specified and verify that the file was downloaded successfully.
Diagnostics and Troubleshooting 611 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Reboot the VPN Firewall Remotely You can perform a remote reboot, for example, when the VPN firewall seems to have become unstable or is not operating normally. For information about scheduling the VPN firewall to reboot, see Schedule the VPN Firewall to Reboot on page 611. Rebooting breaks any existing connections either to the VPN firewall (such as your management session) or through the VPN firewall (for example, LAN users accessing the Internet). However, connections to the Internet are automatically reestablished when possible. To reboot the VPN firewall immediately: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > Diagnostics. The Diagnostics screen displays the IPv4 settings. 7. In Router Options section, click the Reboot button. The VPN firewall reboots. The Diagnostics screen might remain visible during the reboot process or a status message with a counter might show the number of seconds left until the reboot process is complete. The reboot process takes about 160 seconds. Schedule the VPN Firewall to Reboot You can schedule the VPN firewall to reboot at a time when a service disruption is minimal. For information about rebooting the VPN firewall immediately, see Reboot the VPN Firewall Remotely on page 611.
Diagnostics and Troubleshooting 612 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To schedule the VPN firewall to reboot: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > Diagnostics. The Diagnostics screen displays the IPv4 settings. 7. In the Schedule Reboot section, select the Schedule Reboot check box. The Reboot Time fields become accessible. 8. In the Reboot Time fields, enter the hour in 24-hour format (1–23) and the minute (1–59) to specify the time that the VPN firewall must reboot. 9. Click the Apply button. The VPN firewall is scheduled to reboot. Troubleshoot Basic Functioning This section provides information about troubleshooting basic functioning of the VPN firewall. After you turn on power to the VPN firewall, verify that the following sequence of events occurs: 1. When power is first applied, verify that the Power LED lights. 2. After approximately two minutes, verify the following: a.The Test LED no longer lights (it turns off after approximately two minutes). b. The left LAN port LEDs light for any local ports that are connected. c. The left WAN port LEDs light for any WAN ports that are connected.
Diagnostics and Troubleshooting 613 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 If a port’s left LED lights, a link is established to the connected device. The port’s right LED indicates the connection speed: •If the port is connected to a 1000 Mbps device, the right LED lights green. •If the port is connected to a 100 Mbps device, the right LED lights amber. •If the port is connected to a 10 Mbps device, the right LED is off. If any of these conditions do not occur, see the information in the following table. Troubleshoot the Web Management Interface If you cannot access the VPN firewall’s web management interface from a computer on your local network, check the following: •Check the Ethernet connection between the computer and the VPN firewall. For more information, see Troubleshoot Basic Functioning on page 612. •If your computer’s IP address is shown as 169.254.x.x: Windows and Mac operating systems generate and assign an IP address if the computer Table 10. Troubleshooting basic functions ProblemSolution Power LED does not light. If the Power and other LEDs are off when your VPN firewall is turned on, make sure that the power cord is correctly connected to your VPN firewall and that the power supply adapter is correctly connected to a functioning power outlet. If the error persists, you have a hardware problem. Contact NETGEAR technical support. Test LED does not turn off. When the VPN firewall is powered on, the Test LED turns on for approximately two minutes and then turns off when the VPN firewall has completed its initialization. If the Test LED remains on, there is a fault within the VPN firewall. If the Test LED is still on more than three minutes after power-up, do the following: • Turn off the power, and turn it on again to see if the VPN firewall recovers. • Reset the VPN firewall’s configuration to factory default settings. For more information, see Revert to Factory Default Settings on page 551. If the error persists, you might have a hardware problem. Contact NETGEAR technical support. LAN or WAN port LEDs do not light.If either the LAN LEDs or WAN LEDs do not light when the Ethernet connection is made, check the following: • Make sure that the Ethernet cable connections are secure at the VPN firewall and at the hub, router, or workstation. • Make sure that power is turned on to the connected hub, router, or workstation. • Be sure that you are using the correct cables. When connecting the VPN firewall’s WAN ports to one or two devices that provide the Internet connections, use the cables that are supplied with the devices. These cables could be standard straight-through Ethernet cables or Ethernet crossover cables.
Diagnostics and Troubleshooting 614 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 cannot reach a DHCP server. These autogenerated addresses are in the range of 169.254.x.x. If your IP address is in this range, check the connection from the computer to the VPN firewall and reboot your computer. •If your VPN firewall’s IP address has changed and you do not know the current IP address, use an IP address scanner application on your network to discover the IP address. These applications are available on the Internet free of charge. Tip:You can also reboot the VPN firewall and use a sniffer to capture packets sent during the reboot. Look at the ARP packets to locate the VPN firewall’s LAN interface address. •Make sure that you are using the SSL https://address login rather than the http://address login. •Make sure that your browser has Java, JavaScript, or ActiveX enabled. If you are using Internet Explorer, click the Refresh button to be sure that the Java applet is loaded. •Try quitting the browser and launching it again. •Clear the browser’s cache. •Make sure that you are using the correct login information. The factory default login name is admin, and the password is password. Make sure that Caps Lock is off when entering this information. Note:For you to be able to configure the VPN firewall, your computer’s IP address does not need to be on the same subnet as the VPN firewall. If the VPN firewall does not save changes that you made in the web management interface, do the following: •When entering configuration settings, be sure to click the Apply button before moving to another menu or tab, or your changes are lost. •Click the Refresh or Reload button in the web browser. The changes might have occurred but the web browser might be caching the old configuration. When You Enter a URL or IP Address, a Time-Out Error Occurs A number of things could be causing a time-out error. Try the following troubleshooting steps: •Check whether other computers on the LAN work correctly. If they do, ensure that your computer’s TCP/IP settings are correct. If you use a fixed (static) IP address, check the subnet mask, default gateway, DNS, and IP addresses (see Manually Configure a Static IPv4 Internet Connection on page 36).
Diagnostics and Troubleshooting 615 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •If the computer is configured correctly but still not working, ensure that the VPN firewall is connected and turned on. Connect to the web management interface and check the VPN firewall’s settings. If you cannot connect to the VPN firewall, see Troubleshoot the Web Management Interface on page 613. •If the VPN firewall is configured correctly, check your Internet connection (for example, your modem or router) to make sure that it is working correctly. Troubleshoot the ISP Connection If your VPN firewall is unable to access the Internet, first determine whether the VPN firewall is able to obtain a WAN IP address from the ISP. Unless you were assigned a static IP address, your VPN firewall requests an IP address from the ISP. You can determine whether the request was successful using the web management interface. The following sections provide information about troubleshooting the ISP connection: •Check the WAN IP Address •Force Your Modem or Router to Recognize the VPN Firewall •Other ISP Troubleshooting Suggestions Check the WAN IP Address If your VPN firewall is unable to access the Internet, check if the VPN firewall has a WAN IPv4 or IPv6 address. To check the WAN IP address: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > WAN Settings > WAN Setup.
Diagnostics and Troubleshooting 616 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The WAN Setup screen for IPv4 displays. 7. To check the WAN IPv6 address instead of the WAN IPv4 address, in the upper right, select the IPv6 radio button. The WAN Setup screen for IPv6 displays. 8. Click the Status button that corresponds to the WAN interface for which you want to check the IP address. The Connection Status pop-up screen displays. 9. Check that an IP address is shown for the WAN port. If an IP address with zeros only is shown, or if no IP address is shown, the VPN firewall has not obtained an IP address from your ISP, or for IPv6, has not obtained or generated an IP address. Force Your Modem or Router to Recognize the VPN Firewall If the VPN firewall is unable to obtain an IP address from the ISP, you might need to force your modem or router to recognize your new VPN firewall. To force your modem or router to recognize the VPN firewall: 1. Turn off the power to the modem or router. 2. Turn off the power to your VPN firewall. 3. Wait five minutes and turn on the power to the modem or router. 4. When the LEDs of the modem or router indicate that synchronization with the ISP has occurred, turn on the power to the VPN firewall. Other ISP Troubleshooting Suggestions If your VPN firewall is still unable to obtain an IP address from the ISP, the problem might be one of the following: •Your ISP might require a login program for IPv4 connections: -Ask your ISP whether they require PPP over Ethernet (PPPoE) or some other type of login. -If your ISP does require a login, make sure that you use the correct login name and password. •For IPv4 PPPoE or PPTP connections, your ISP might check for your computer’s host name. For information about entering the host name, system name, or account name and the domain name or workgroup name that was assigned to you by your ISP, see Manually Configure a PPPoE IPv4 Internet Connection on page 39 or Manually Configure a PPTP IPv4 Internet Connection on page 44.
Diagnostics and Troubleshooting 617 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •If your ISP allows only one Ethernet MAC address to connect to the Internet and checks for your computer’s MAC address, do one of the following: -Inform your ISP that you have a new network device and ask them to use the VPN firewall’s MAC address. -Configure your VPN firewall to spoof your computer’s MAC address. For more information, see Managing Advanced WAN Options on page 66. If your VPN firewall can obtain an IP address, but an attached computer is unable to load any web pages from the Internet, it might be for one of the following reasons: •Your computer might not recognize any DNS server addresses. A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically, your ISP provides the addresses of one or two DNS servers for your use. You can configure your computer manually with DNS addresses, as described in your operating system documentation. •Your computer might not have the VPN firewall configured as its TCP/IP gateway. Troubleshoot the IPv6 Connection If you have difficulty connecting over an IPv6 connection, the VPN firewall might be configured incorrectly or the computer from which you are trying to connect to the VPN firewall might be configured incorrectly. Check the VPN firewall: •By default, the VPN firewall is set to IPv4-only mode. Make sure that the VPN firewall is set to IPv4/IPv6 mode (see Manage the IPv6 Routing Mode on page 88). •Make sure that the ISP settings are correct (see Manually Configure a Static IPv6 Internet Connection on page 94). The VPN firewall cannot receive a valid IPv6 address if the Internet connection is not correctly configured. •Make sure that the VPN firewall can provide IPv6 addresses to the computers on the LAN (see Manage the IPv6 LAN on page 153). Make sure that the LAN settings and, if applicable for your type of configuration, the RADVD settings are correct. Check the computer: •Make sure that the operating system supports IPv6. Normally, the following operating systems support IPv6: -Windows 8, all 32- and 64-bit versions -Windows 7, all 32- and 64-bit versions -Windows Vista, all 32- and 64-bit versions -Windows XP Professional SP3, all 32- and 64-bit versions -Windows Server 2008, all versions -Windows Server 2008 R2, all versions -Windows Server 2003, all versions
Diagnostics and Troubleshooting 618 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 -Windows Server 2003 R2, all versions -Linux and other UNIX-based systems with a correctly configured kernel -MAC OS X •Make sure that IPv6 is enabled on the computer. On a computer that runs a Windows-based operating system, do the following (note that the steps might differ on the various Windows operating systems): a.Open the Network Connections screen or the Network and Sharing Center screen. For example, on the Windows taskbar, click Start, select Control Panel, and select Network Connections. b. Click or double-click Local Area Connection for the connection to the VPN firewall. The Local Area Connection Properties screen displays. c. Make sure that Internet Protocol Version 6 (TCP/IPv6) displays, as is shown in the previous figure. •Make sure that the computer has an IPv6 address. If the computer has a link-local address only, it cannot reach the VPN firewall or the Internet. On a computer that runs a Windows-based operating system, do the following (note that the steps might differ on the various Windows operating systems): a.Open the Network Connections screen or the Network and Sharing Center screen. For example, on the Windows taskbar, click Start, select Control Panel, and select Network Connections. b. Click or double-click Local Area Connection for the connection to the VPN firewall.