Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Default Settings and Technical Specifications 669 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Firewall and security settings Inbound LAN WAN rules (communications coming in from the Internet)All traffic is blocked, except for traffic in response to requests from the LAN. Outbound LAN WAN rules (communications from the LAN to the Internet)All traffic is allowed. Inbound and outbound DMZ WAN rules None Inbound and outbound LAN DMZ rules None Respond to ping on WAN (Internet) ports Disabled Stealth mode Enabled TCP flood Enabled UDP flood Enabled Respond to ping on LAN ports Disabled IPv4 VPN pass-through for IPSec in NAT mode Enabled IPv4 VPN pass-through for PPTP in NAT mode Enabled IPv4 VPN pass-through for L2TP in NAT mode Enabled IPv6 VPN pass-through for IPSec Enabled Multicast pass-through for IGMP Disabled Session limits Disabled TCP time-out 1200 seconds UDP time-out 180 seconds ICMP time-out Eight seconds SIP ALG Disabled Source MAC filtering Disabled IP/MAC bindings Disabled Port triggering rules None UPnP Disabled Bandwidth profiles None QoS profiles (for IPv4 firewall rules) None Table 51. VPN firewall factory default configuration settings (continued) FeatureDefault Behavior
Default Settings and Technical Specifications 670 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 QoS priorities (for IPv6 firewall rules) Normal-Service Minimize-Cost Maximize-Reliability Maximize-Throughput Minimize-Delay Content filtering Disabled Proxy server blocking Disabled Java applets blocking Disabled ActiveX controls blocking Disabled Cookies blocking Disabled Blocked keywords None Trusted domains All VPN IPsec Wizard: IKE policy settings for IPv4 and IPv6 gateway-to-gateway tunnels Exchange mode Main ID type Local WAN IP address Local WAN ID Local WAN IP address Remote WAN ID Not applicable Encryption algorithm 3DES Authentication algorithm SHA-1 Authentication method Pre-shared Key Key group DH-Group 2 (1024 bit) Lifetime Eight hours VPN IPsec Wizard: VPN policy settings for IPv4 and IPv6 gateway-to-gateway tunnels Encryption algorithm 3DES Authentication algorithm SHA-1 Lifetime One hour Key group DH-Group 2 (1024 bit) NetBIOS Enabled Table 51. VPN firewall factory default configuration settings (continued) FeatureDefault Behavior
Default Settings and Technical Specifications 671 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 VPN IPsec Wizard: IKE policy settings for IPv4 gateway-to-client tunnels Exchange mode Aggressive ID type FQDN Local WAN ID remote.com Remote WAN ID local.com Encryption algorithm 3DES Authentication algorithm SHA-1 Authentication method Pre-shared Key Key group DH-Group 2 (1024 bit) Lifetime Eight hours VPN IPsec Wizard: VPN policy settings for IPv4 gateway-to-client tunnels Encryption algorithm 3DES Authentication algorithm SHA-1 Lifetime One hour Key group DH-Group 2 (1024 bit) NetBIOS Disabled RADIUS settings Primary RADIUS server Disabled and none configured Secondary RADIUS server Disabled and none configured RADIUS time-out period 30 seconds RADIUS maximum retry count Four SSL VPN settings SSL VPN IPv4 client address range 192.168.251.1–192.168.251.254 SSL VPN IPv6 client address range 4000::1–4000::200 User, group, and domain settings Default domain geardomain Default group geardomain Default users, default passwordsadmin, password guest, password Table 51. VPN firewall factory default configuration settings (continued) FeatureDefault Behavior
Default Settings and Technical Specifications 672 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Physical and Technical Specifications The following table shows the physical and technical specifications for the VPN firewall: Administrative and monitoring settings Secure HTTP management Enabled Telnet management Disabled Traffic meter Disabled SNMP Disabled Time zone GMT Time zone adjusted for daylight saving time Disabled Routing logs Disabled System logs Disabled Other event logs Disabled Email logs Disabled Syslogs Disabled IPSec VPN logs Enabled SSL VPN logs Enabled Table 52. VPN firewall physical and technical specifications FeatureSpecification Network protocol and standards compatibility Data and routing protocols TCP/IP, RIP-1, RIP-2, PPP over Ethernet (PPPoE), DHCP, DHCPv6 Power adaptor Universal input 100–240V, AC/50–60 Hz, 1.2 Amp maximum Dimensions and weight Dimensions (W x H x D) 33 x 4.3 x 20.9 cm (13 x 1.7 x 8.2 in.) Weight 2.1 kg (4.8 lb) Table 51. VPN firewall factory default configuration settings (continued) FeatureDefault Behavior
Default Settings and Technical Specifications 673 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The following table shows the IPSec VPN specifications for the VPN firewall: Environmental specifications Operating temperatures 0º to 45ºC 32º to 113ºF Storage temperatures –20º to 70ºC –4º to 158ºF Operating humidity 90% maximum relative humidity, noncondensing Storage humidity 95% maximum relative humidity, noncondensing Electromagnetic emissions Meets requirements of FCC Class A CE WEEE RoHS Interface specifications 4 LAN, one of which is a configurable DMZ interfaceAutoSense 10/100/1000BASE-T, RJ-45 2 WAN AutoSense 10/100/1000BASE-T, RJ-45 1 administrative console port RS-232 Table 53. VPN firewall IPSec VPN specifications SettingSpecification Network management Web-based configuration and status monitoring Number of concurrent users supported 25 IPSec authentication algorithm SHA-1, MD5 IPSec encryption algorithm DES, 3DES, AES-128, AES-192, AES-256 IPSec key exchange IKE, manual key, pre-shared key, X.509 certificate IPSec authentication types Local user database, RADIUS PAP, RADIUS CHAP IPSec certificates supported CA certificates, self-signed certificate Table 52. VPN firewall physical and technical specifications (continued) FeatureSpecification
Default Settings and Technical Specifications 674 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The following table shows the SSL VPN specifications for the VPN firewall: Table 54. VPN firewall SSL VPN specifications SettingSpecification Network management Web-based configuration and status monitoring Number of concurrent users supported 10 SSL versions SSLv3, TLS1.0 SSL encryption algorithm DES, 3DES, ARC4, AES-128, AES-192, AES-256 SSL message integrity MD5, SHA-1, MAC-MD5/SHA-1, HMAC-MD5/SHA-1 SSL authentication types Local user database, RADIUS-PAP, RADIUS-CHAP, RADIUS-MSCHAP, RADIUS-MSCHAPv2, WiKID-PAP, WiKID-CHAP, MIAS-PAP, MIAS-CHAP, NT domain, Active Directory, LDAP SSL certificates supported CA certificates, self-signed certificate
675 Index Numerics 10BASE-T, 100BASE-T, and 1000BASE-T speeds 69 3322.org 63–65 6to4 tunnels configuring globally 100 DMZ, configuring for 195 LAN, configuring for 178 A AAA (authentication, authorization, and accounting) 392 AC input 21 access, remote management 534 account name, PPTP and PPPoE 45 action buttons (web management interface) 24 active users, IPSec VPN, SSL VPN, PPTP, and L2TP 592 ActiveX blocking 306 web cache cleaner, SSL VPN 431, 451 AD (Active Directory) configuration 491 described 488 SSL VPN Wizard 433 address autoconfiguration, IPv6 90 address pools, Mode Config operation 397 address reservation 133 Address Resolution Protocol (ARP) broadcasting, configuring 127 requests 132 addresses (IPv4 and IPv6) See IPv4 addresses See IPv6 addresses administrative default settings 672 administrator default name and password 25 receiving logs by email 570–571 settings (admin) 511 user account 501 advertisement prefixes, IPv6 DMZ, configuring for 192 LAN, configuring for 175 advertisement, UPnP information 331 AES (Advanced Encryption Standard) IKE policy settings 372 Mode Config settings 397 SNMPv3 user settings 545 VPN policy settings 385–386 alternate network, multicast pass-through 277 application level gateway (ALG) 278 ARP (Address Resolution Protocol) broadcasting, configuring 127 requests 132 arrows, option (web management interface) 23 attached devices monitoring with SNMP 538 viewing 599 attack checks 266–269 authentication for IPSec VPN pre-shared key 338, 342, 347, 372 RSA signature 372 for L2TP 423 for PPTP 419 See also AD (Active Directory) LDAP (Lightweight Directory Access Protocol) MIAS (Microsoft Internet Authentication Ser- vice) RADIUS authentication WiKID authentication algorithm and password, SNMPv3 users 544 authentication domain 488, 501 authentication, authorization, and accounting (AAA) 392 authentication, for SSL VPN 433, 491 authoritative mode, NTP servers 556 Auto Uplink, autosensing Ethernet connections 16 autodetecting IPv4 Internet settings 35 autoinitiating VPN tunnels 383 auto-rollover mode bandwidth capacity 527 DDNS 63 IPv4
676 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 configuring 56–58 described 49 IPv6 configuring 109 described 109 VPN IPSec 333, 339, 343, 348 autosensing port speed 69 B backing up configuration file 547 bandwidth allocation, WAN traffic 74–77 bandwidth capacity 527 bandwidth limits, logging dropped packets 569 bandwidth profiles creating 299–303 shifting traffic mix 533 baud rate 20 blocking cookies 306 instant messaging (rule example) 262 Java 306 sessions 274 sites to reduce traffic 529 TCP flood 267 traffic, reaching limit LAN 563 WAN 560 UDP flood 268 broadband. See WAN. browsers user login policies 509 web management interface 22 buttons (web management interface) 24 C CA (certification authority) 379, 513–523 cache control, SSL VPN 431, 451 capturing packets 609 Category 5 cable 626 certificate revocation list (CRL) 514, 522 certificate signing request (CSR) 517 certificates commercial CAs 513 CRL 514, 522 CSR 517 overview 512 self-signed 513–516 signature key length 518 trusted 514–515 certification authority (CA) 379, 513–523 CHAP (Challenge Handshake Authentication Protocol) 419, 423, 487–491 See also MIAS (Microsoft Internet Authentication Service) RADIUS authentication WiKID classical routing (IPv4), configuring 31 CLI (command-line interface) 20, 537 client identifier 35 command-line interface (CLI) 20, 537 community strings, SNMP 540 compatibility, protocols and standards 672 concatenating IPv6 addresses 103 configuration file, managing 546–551 configuration manager (web management interface) login 22 menu 23 configuration settings, defaults 667–672 congestion priority, WAN QoS profile 77 connection reset, PPPoE broadband connection 38, 42, 47 connection type and state (WAN), viewing 589 connection, speed (WAN), configuring 73 connectivity, testing 84, 113 console port 20 content filtering, configuring 307 cookies, blocking 306 counter LAN traffic 561, 563 WAN traffic 560 CRL (certificate revocation list) 514, 522 crossover cable 16, 613 CSR (certificate signing request) 517 custom services, firewall 280 D Data Encryption Standard. See DES. database, local user 433 database, local users 491 date and daylight saving time settings 555 troubleshooting settings 622 DDNS (Dynamic DNS), configuring 63–66 Dead Peer Detection (DPD) 373, 401, 412 defaults See also Appendix A, Default Settings and Technical Specifications baud rate 20 client address ranges, SSL BPN 461
677 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 configuration settings 667–672 DMZ port IPv4 address and subnet mask 142 IPv6 address and prefix length 187, 199 settings 140, 184 domain, users 489 DPD settings 415 factory 21, 551 failure detection settings IPv4 59 IPv6 112 firewall rules 210 group, users 494 idle time-out periods groups 496 L2TP server 423 PPTP server 419 users 502 IPSec VPN Wizard 335 IPv4 gateway 38 IPv4 routing mode 30 IPv6 gateway 95 IPv6 routing mode 88 LAN group 135 LAN IPv6 address 157, 161, 167 LAN IPv6 prefix length 157, 161, 167 load balancing method 51 login time-out 26 MAC address setting 71 MAC address sharing 126 MTU 67 NTP servers 556 password 25 port number LDAP server 123, 144 port speed 69 portal address, SSL VPN 448 PVID 116 QoS priorities for IPv6 firewall rules 298 remote management 536 router lifetime DMZ RADVD 192 LAN RADVD 175 secure HTTP access 536 server preference, IPv6 DMZ DHCP 187, 200 LAN DHCP 158, 162, 168 session time-out periods 275 SIP support for ALG 278 SNMPv3 users 543 Telnet access 537 UPnP settings 331 user accounts 499 user name 25 VLAN 116, 135 VPN firewall IPv4 address and subnet mask 122 VPN Wizard settings 335 WAN QoS priority queue 74 delegating, IPv6 prefixes LAN DHCPv6 server 154, 163 WAN DHCPv6 client 90, 92 demilitarized zone. See DMZ. denial of service (DoS) attack check settings 267 default protection 15, 216 DES (Data Encryption Standard) and 3DES IKE SA settings 372, 385–386, 397 SNMPv3 user settings 545 DH (Diffie-Hellman) groups 368, 373, 386, 397, 400 DHCP (Dynamic Host Configuration Protocol) automatic configuration of devices 16 DNS servers, IPv4 addresses 123, 143 domain name 123, 143 LDAP server 123, 144 lease time 123, 143 log, monitoring 601 relay, VLANs 119, 122, 143 server 143 server, VLANs 118, 122 WINS server 123, 143 DHCP log messages, explanation of 660 DHCPv6, stateless and stateful DMZ, configuring 187, 199 LAN, configuring 157, 162, 167 WAN, configuring 92, 160 diagnostics tools 604 Differentiated Services Code Point (DSCP) 74, 296 Diffie-Hellman (DH) groups 368, 373, 386, 397, 400 DiffServ (Differentiated Services) LAN QoS 296 WAN QoS 74 digital certificates. See certificates. dimensions 672 direction, bandwidth profiles 301 DMZ (demilitarized zone) configuring 140, 184–197 increasing traffic 532 port 16 DNS (Domain Name Server) automatic configuration of computers 16 dynamic 63–66 looking up an address 608 Mode Config address allocation 397 proxy 16, 144
678 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 proxy, VLANs 119, 123 queries, auto-rollover 56 server IP addresses SSL VPN settings 436 server IPv4 addresses broadband settings 42, 47 DMZ settings 143 LAN/VLAN settings 123 SSL VPN settings 461 server IPv6 addresses broadband settings 95, 99 DMZ settings 188, 200 LAN settings 158, 162, 168 SSL VPN settings 461 DNS logs, viewing 574, 575 documentation, online 622 domain name blocking 307 Domain Name Server. See DNS. domain name, PPTP and PPPoE connections 45 domains for authentication 488, 501 DoS (denial of service) attack check settings 267 default protection 15, 216 downloading firmware 550 SSL certificate 25 DPD (Dead Peer Detection) 373, 401, 412 DSCP (Differentiated Services Code Point) 74, 296 dual WAN ports auto-rollover and load balancing 629–633 FQDNs 63, 333–334, 632 network, planning 624 overview 14 duplex, half and full 69 Dynamic DNS (DDNS), configuring 63–66 Dynamic Host Configuration Protocol. See DHCP. dynamically assigned IPv4 addresses 42, 46 DynDNS.org 63–65 E e-commerce 426 edge devices, configuring 389–391 electromagnetic emissions 673 emailing IP/MAC binding violations 317, 321 logs 570–571 traffic meter reports and alerts 560 environmental specifications 673 error messages syslog 573 understanding 642 event logs 569 examples of firewall rules 252–265 exchange mode, IKE policies 368, 371, 400 exposed hosts 63 increasing traffic 532 extended authentication (XAUTH) configuring 388–391 IKE policies 373, 401 F factory default settings list of 667–672 reverting to 551 Factory Defaults Reset button 21 failover attempts, DNS lookup or ping IPv4 59 IPv6 112 failure detection method IPv4, configuring 56–59 IPv6, configuring 111–113 fe80 and fec0 IPv6 addresses 153 firewall attack checks 266–269 bandwidth profiles 299–303 custom services 280 default settings 669 inbound rules. See inbound rules. outbound rules. See outbound rules. overview 15 QoS LAN profiles 293–298 rules See also inbound rules. See also outbound rules. numbers and types supported 211 order of precedence 212 scheduling 292 VPN pass-through 269–272 firmware, downloading and upgrading 550–551 flags, router advertisements DMZ, configuring for 191 LAN, configuring for 174 FQDNs (fully qualified domain names) auto-rollover mode and load balancing mode 63 DDNS requirements 63 dual WAN ports, planning 333–334 IPSec VPN, configuring endpoints 339, 343, 347, 372 multiple WAN ports 625, 632 SSL VPN, configuring port forwarding 447