«NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10521-02 v1.1 August 2010 © 2009–2010 by NETGEAR, Inc. All rights reserved. Technical ...»
ProSafe Gigabit 8 Port
VPN Firewall FVS318G
350 East Plumeria Drive
San Jose, CA 95134
© 2009–2010 by NETGEAR, Inc. All rights reserved.
Please refer to the support information card that shipped with your product. By registering your product at
http://www.netgear.com/register, we can provide you with faster expert technical support and timely notices of product
and software upgrades.
NETGEAR, INC. Support Information Phone: 1-888-NETGEAR, for US & Canada only. For other countries, see your Support information card.
Email: email@example.com North American NETGEAR website: http://www.netgear.com Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSafe is a trademark of NETGEAR, Inc.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
EU Regulatory Compliance Statement The ProSafe Gigabit 8 Port VPN Firewall FVS318G is compliant with the following EU Council Directives: 89/336/ EEC and LVD 73/23/EEC. Compliance is verified by testing to the following standards: EN55022 Class B, EN55024 and EN60950-1.
Visit the NETGEAR EU Declarations of Conformity website at:
http://kb.netgear.com/app/answers/detail/a_id/11621/sno/0 ii v1.1, August 2010 Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Gigabit 8 Port VPN Firewall FVS318G gemäß der im BMPT-AmtsblVfg 243/ 1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B.
Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe Gigabit 8 Port VPN Firewall FVS318G has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver, it may become the cause of radio interference.
Read instructions for correct handling.
iii v1.1, August 2010 Open SSL Copyright (c) 1998–2000 The OpenSSL Project.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).”
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, contact firstname.lastname@example.org.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).”
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS,” AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.This product includes cryptographic software written by Eric Young (email@example.com). This product includes software written by Tim Hudson (firstname.lastname@example.org).
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
License to copy and use this software is granted provided that it is identified as the “RSA Data Security, Inc. MD5 Message-Digest Algorithm” in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as “derived from the RSA Data Security, Inc. MD5 MessageDigest Algorithm” in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided “as is” without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this documentation and/or software.
iv v1.1, August 2010 PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.Zlib zlib.h. Interface of the zlib general purpose compression library version 1.1.4, March 11th,
2002. Copyright (C) 1995–2002 Jean-loup Gailly and Mark Adler.
This software is provided “as is,” without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications,
and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly: email@example.com; Mark Adler: firstname.lastname@example.org.
The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format), and rfc1952.txt (gzip format).
Product and Publication Details
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual About This Manual Conventions, Formats and Scope
How to Print This Manual
Chapter 1 Introduction Key Features
Advanced VPN Support for IPsec
A Powerful, True Firewall with Content Filtering
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
VPN Firewall Front and Rear Panels
Default IP Address, Login Name, and Password
Qualified Web Browsers
Chapter 2 Connecting the VPN Firewall to the Internet Understanding the Connection Steps
Logging into the VPN Firewall
Navigating the Menus
Configuring the Internet Connection to Your ISP
Manually Configuring Your Internet Connection
Configuring the WAN Mode
Configuring Dynamic DNS
Configuring the Advanced Broadband Options
Additional WAN Related Configuration
vii v1.1, August 2010 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Chapter 3 LAN Configuration Choosing the VPN Firewall DHCP Options
Configuring the LAN Setup Options
Managing Groups and Hosts (LAN Groups)
Creating the Network Database
Viewing the Network Database
Adding Devices to the Network Database
Changing Group Names in the LAN Groups Database
Setting Up DHCP Address Reservation
Configuring Multi Home LAN IP Addresses
Configuring and Enabling the DMZ Port
Configuring Static Routes
Static Route Example
Configuring Routing Information Protocol (RIP)
Chapter 4 Firewall Protection and Content Filtering About Firewall Protection and Content Filtering
Using Rules to Block or Allow Specific Kinds of Traffic
Viewing Rules and Order of Precedence for Rules
Configuring LAN WAN Rules
Configuring DMZ WAN Rules
Configuring LAN DMZ Rules
Inbound Rules Examples
Outbound Rules Example
Configuring Other Firewall Features
Setting Session Limits
Managing the Application Level Gateway for SIP Sessions
Creating Services, QoS Profiles, and Bandwidth Profiles
Adding Customized Services
Specifying Quality of Service (QoS) Priorities
Creating Bandwidth Profiles
Setting a Schedule to Block or Allow Specific Traffic
Blocking Internet Sites (Content Filtering)
Configuring Source MAC Filtering
Configuring IP/MAC Address Binding
Configuring Port Triggering
Configuring UPnP (Universal Plug and Play)
Email Notifications of Event Logs and Alerts
Chapter 5 Virtual Private Networking Using the VPN Wizard for Client and Gateway Configurations
Creating Gateway to Gateway VPN Tunnels with the Wizard
Creating a Client to Gateway VPN Tunnel
Testing the Connections and Viewing Status Information
NETGEAR VPN Client Status and Log Information
VPN Firewall VPN Connection Status and Logs
Managing VPN Policies
Configuring IKE Policies
Configuring VPN Policies
Understanding the Certificates Screen
Viewing and Loading CA Certificates
Understanding and Viewing Active Self Certificates
Obtaining a Self Certificate from a Certificate Authority
Managing your Certificate Revocation List (CRL)
Configuring Extended Authentication (XAUTH)
Configuring XAUTH for VPN Clients