Upload
bertha-harris
View
228
Download
0
Embed Size (px)
Citation preview
NETGEAR CONFIDENTIAL
FVS318v3Cable/DSL ProSafe VPN Firewall with 8-port switch
NETGEAR CONFIDENTIAL
Gift Box
NETGEAR CONFIDENTIAL
Features
• 8 simultaneous VPN tunnels.
• 8 10/100 LAN ports.
• 10 base-T WAN port.
• Up to 168 bit 3DES encryption.
• With v2.4 firmware– Configuration Assistant– VPN Wizard
NETGEAR CONFIDENTIAL
V1, V2, V3?
• Serial number prefix– V1 – FVS9– V2 – FVS1– V3 – FVS8
• There are no external difference between model.
• It is not possible to order one particular version.
• No upgrade between hardware version is available.
• Firmware of FVS318v3 is not compatible to FVS318v1 and v2.
• Firmware of FVS318 v1 and v2 is not compatible to FVS318v3.
NETGEAR CONFIDENTIAL
FVS318v3
• The FVS318v3 uses a much improved, more powerful CPU.
• Faster routing and VPN throughput.
• VPN authentication using X.509 certificates.
• Remote Management using HTTPS.
• Firewall rules for inbound and outbound traffic
NETGEAR CONFIDENTIAL
When will the v3 be available?
• The FVS318 will start being shipped in late Dec 2004. However, it may take up to late Feb 2005 for it to reach customer since we still have inventory of the v1/v2.
• There are several known issues with the FVS318v3 when it is released initially. A bug fix release will be available before the product reach customer. Make sure customer upgrade to the new firmware.
NETGEAR CONFIDENTIAL
Connecting the FVS318
NETGEAR CONFIDENTIAL
LED
• Power: The power light should turn solid green.
• Test: The test light blinks when the router is first turned on then goes off.
• Internet: The internet port light should be lit. If not, make sure the Ethernet cable is securely attached to the firewall Internet port and the modem, and the modem is power on.
• LAN: A LAN light should be lit. Green indicates our computer is communicating at 100 Mbps, amber indicates 10 Mbps. If a LAN light not lit, check that the Ethernet cable from the computer to the router is securely attached at both ends, and that the computer is turned on.
NETGEAR CONFIDENTIAL
GUI
NETGEAR CONFIDENTIAL
Configuration Assistant
• Automatically bring up wizard when user start browser.
• Guide user to configure internet connection.
• Automatically detect PPPoE, static IP or dynamic IP from ISP.
• No longer need to use http://192.168.0.1 to access the administrator interface.
• Support and documentation links on GUI menu.
• Click Cancel during configuration assistant will bring up the Basic Settings page. (New in v3)
NETGEAR CONFIDENTIAL
Configuration Assistant - Start
NETGEAR CONFIDENTIAL
Configuration Assistant - Quit
NETGEAR CONFIDENTIAL
Configuration Assistant - Testing
NETGEAR CONFIDENTIAL
Configuration Assistant - Detected
NETGEAR CONFIDENTIAL
Configuration Assistant – Dynamic IP (DNS)
NETGEAR CONFIDENTIAL
Configuration Assistant - Update
NETGEAR CONFIDENTIAL
Configuration Assistant - Success
NETGEAR CONFIDENTIAL
Configuration Assistant – Done
NETGEAR CONFIDENTIAL
Configuration Assistant – No connection
NETGEAR CONFIDENTIAL
Configuration Assistant - PPPoE
NETGEAR CONFIDENTIAL
Configuration Assistant - PPPoE
NETGEAR CONFIDENTIAL
Configuration Assistant - PPPoE
NETGEAR CONFIDENTIAL
Configuration Assistant - PPPoE
NETGEAR CONFIDENTIAL
FAQ – Configuration Assistant
• If user choose to quit Configuration Assistant, the Basic Settings page will come up.
• If default home page is blank, configuration assistant won’t come up when start browser.
• The configuration assistant will only come up if the router is in factory default state.
• If configuration assistant won’t come up, it can be access from:– http://www.routerlogin.com– http://www.routerlogin.net– http://192.168.0.1
NETGEAR CONFIDENTIAL
VPN – Box to Box
EthernetEthernet
INTERNET
ProSafe VPN router ProSafe VPN Router
192.168.0.0/255.255.255.0
66.126.237.201
192.168.4.0/255.255.255.0
66.126.237.204
Network A Network B
Network A Network BLocal Identifier WAN IP WAN IPRemote Identifer WAN IP WAN IPLocal subnet 192.168.0.0/24 192.168.4.0/24Remote subnet 192.168.4.0/24 192.168.0.0/24Remote VPN Endpoint 66.126.237.204 66.126.237.201Shared Key 12345678 12345678Encryption Algorithm 3DES 3DESAuthentication Algorithm SHA-1 SHA-1
Scenario: Box to Box
NETGEAR CONFIDENTIAL
VPN Wizard – Box to Box 1
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 2
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 3
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 4
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 5
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 6
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 7
NETGEAR CONFIDENTIAL
VPN Wizard – box to box 8
NETGEAR CONFIDENTIAL
VPN – Client to Box
Ethernet
INTERNET
ProSafe VPN router
192.168.1.0/255.255.255.0
66.126.237.203
Remote UserVPN Client
Network A Remote ClientLocal Identifier WAN IP remoteClientRemote Identifer remoteClient WAN IPLocal subnet 192.168.1.0/24 192.168.100.1Remote subnet 192.168.100.1 192.168.1.0/24Remote VPN Endpoint 66.126.237.203 0.0.0.0Shared Key 12345678 12345678Encryption Algorithm 3DES 3DESAuthentication Algorithm MD5 MD5
Scenario: Client to Box
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 1
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 2
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 3
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 4
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 2B
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 3B
NETGEAR CONFIDENTIAL
VPN Wizard – Client to Box 4B
NETGEAR CONFIDENTIAL
Basic Setting - Broadband
NETGEAR CONFIDENTIAL
Basic Setting – Broadband with Login
NETGEAR CONFIDENTIAL
Security - Log
NETGEAR CONFIDENTIAL
Security - Block Site
NETGEAR CONFIDENTIAL
Security – Block Site
NETGEAR CONFIDENTIAL
Security – Block Site
NETGEAR CONFIDENTIAL
Security - Rules
NETGEAR CONFIDENTIAL
Security – Add rule
NETGEAR CONFIDENTIAL
Security – Add Services
NETGEAR CONFIDENTIAL
Security - Schedule
NETGEAR CONFIDENTIAL
Security - Email
NETGEAR CONFIDENTIAL
VPN – IKE Policy
NETGEAR CONFIDENTIAL
VPN – VPN Policy
NETGEAR CONFIDENTIAL
VPN - CAs
NETGEAR CONFIDENTIAL
VPN - Certificates
NETGEAR CONFIDENTIAL
VPN - CRL
NETGEAR CONFIDENTIAL
VPN – VPN Status
NETGEAR CONFIDENTIAL
Maintenance - Router Status
NETGEAR CONFIDENTIAL
Router Status – WAN status and Statistics
NETGEAR CONFIDENTIAL
Maintenance - Attached Devices
NETGEAR CONFIDENTIAL
Maintenance - Settings Backup
NETGEAR CONFIDENTIAL
Maintenance - Set Password
NETGEAR CONFIDENTIAL
Maintenance - Diagnostics
NETGEAR CONFIDENTIAL
Maintenance - Router Upgrade
NETGEAR CONFIDENTIAL
Advanced - Dynamic DNS
NETGEAR CONFIDENTIAL
Advanced - LAN IP Setup
NETGEAR CONFIDENTIAL
Advanced - Remote Management
NETGEAR CONFIDENTIAL
Advanced - Static Routes
NETGEAR CONFIDENTIAL
Web Support -
NETGEAR CONFIDENTIAL
Troubleshooting
NETGEAR CONFIDENTIAL
Known Issues
• When manage the router through remote management, the interface is slow.
• Cannot add VPN client policy when one is active.
• LAN PC cannot ping WAN IP address.
• When WAN IP 192.168.0.1, can’t route.
NETGEAR CONFIDENTIAL
VPN Troubleshooting
Can the other VPN end point reach you?– What is the remote VPN endpoint?
• FQDN: resolve to remote WAN IP?• IP Address: Is IP address reachable?• 0.0.0.0: VPN uses aggressive mode?
• Do the VPN parameters matches on both endpoints?– What are the remote/local IKE identities?
• Do they match the remote endpoint’s local/remote IKE identities?
– What are the local/remote VPN networks?• Do they match remote endpoint’s remote/local VPN networks?
– What is the pre-shared key?• Does it match the remote endpoint’s pre-shared key?
– What are the encryption/authentication algorithms?• Do they match the remote endpoint’s algorithms?
– What is the IKE mode (main/aggressive)?• Does it match the remote endpoint’s IKE mode?
NETGEAR CONFIDENTIAL
VPN Troubleshooting FlowVPN not working
Dynamic IP onlocal WAN?
Dynanmic IPon remote
WAN?
Check dynamicDNS setting, make
sure FQDNresolve to local
WAN IP
Use FQDN
Setup dynamicDNS
VPN mode mustmatches in bothremote and local
VPN policies
Preshared keymust matches inboth remote and
local VPN policies
Encryptionalgorithm mustmatches in bothlocal and remote
VPN policies
Authenticationalgorthm must
matches in bothremote and local
VPN policies
Y
N
Y
Y
N Y Y
N
Y
N
Use dynamicDNS?
Use FQDN aslocal VPNidentity?
Use dynamicDNS?
Use FQDN asremote VPN
identity?
FQDN resolveto WAN IP?
Preshared keymatches?
FQDN resolveto WAN IP?
Authenticationalgorithimmtaches?
Check dynamicDNS setting, make
sure FQDNresolve to remotel
WAN IP
Setup dynamicDNS
Use FQDN
Encryptionalgorithmmatches?
VPN modematches
N
N
Y
N
Y Y
N
N
N
N
Y
N
Refer to Premiumsupport
Y
NETGEAR CONFIDENTIAL
CTS
NETGEAR CONFIDENTIAL
CTS Codes: Problems
• Hardware
• Missing Part
• Power Supply
• Software
NETGEAR CONFIDENTIAL
CTS Codes – Causes - Hardware
• Can not print (Print server)Can not print (Print server)
• Dead on arrivalDead on arrival
• Device keep rebooting itselfDevice keep rebooting itself
• LED – intermittent flashingLED – intermittent flashing
• LED – no lights/no powerLED – no lights/no power
• Missing AccessoriesMissing Accessories
• Missing DocumentationMissing Documentation
• Missing Power SupplyMissing Power Supply
• No Connection to Modem (no light)No Connection to Modem (no light)
• Non-Netgear ProductNon-Netgear Product
• Published feature not workingPublished feature not working
• Unit Dead-No PowerUnit Dead-No Power
• Wireless Signal – no signalWireless Signal – no signal
• Wireless Signal - weakWireless Signal - weak
NETGEAR CONFIDENTIAL
CTS Code – Causes – Missing Parts
• Accessory
• Power supply
NETGEAR CONFIDENTIAL
CTS Codes – Causes - Software
• Advanced Feature Request
• Application – AOL Optimized 9.0 does not work
• Application – Can not play online game
• Application – Can not set up application server
• Application – Can not use messaging services
• Cannot build VPN tunnel (box-box)
• Cannot build VPN tunnel (passthrough)
• Cannot connect to internel
• Cannot connect to ISP with PPTP connection
• Cannot display secure web pages
• Cannot get to AP/Router
• Cannot send/receive emails.
• Cannot use VPN Client (client-box)
• Crash/Lock Up
• Device not detected
• Dial on-demand not working
• Documentation incorrect• Failed Outbound FTP Upload• Firmware – failure after update• Firmware request• ISP parameter incorrect• Modem direct connect does not work• Router hangs connection• Setting lost on device reboot• Slow internet Connection• Wireless icon – not in SysTray• Wireless icon red
NETGEAR CONFIDENTIAL
CTS Codes - Resolutions
• Adjusted Antenna
• Admin – Configured ISP – PPPoA
• Admin – Configured ISP – PPPoE
• Admin – Configured ISP – static detected
• Admin – Provided password
• Admin – Ran Smart Wizard
• Admin – Set Port Forwarding
• Attached to Existing Issue
• Changed MTU setting
• Checked/Replaced LAN cable
• Checked/Replaced power cable
• Checked/Replaced WAN cable
• Configured for LAN
• Configured for Other hardware
• Connect hub between PC and router
• Customer not willing to troubleshoot
• Device tested OK – ISP Problem
• Disable SPI
• Disabled/Removed Software Firewall
• Disconnected/Reconnected
• Driver – Updated/installed Drivers
• Firmware – Sent firmware/software
• Firmware install – latest version
• Firmware install – previous version
• Incompatible
• Connect hub between PC and router• Customer not willing to troubleshoot• Device tested OK – ISP Problem• Disable SPI• Disabled/Removed Software Firewall• Disconnected/Reconnected• Driver – Updated/installed Drivers• Firmware – Sent firmware/software• Firmware install – latest version• Firmware install – previous version• Incompatible• Non Netgear Issue – ie ISP Problem• Non-Netgear issue – customer error• Physical installation of device• Power cycle Modem/AP/Router/PC• Proxy server added• Reconfigured device settings – Incorrect• settings• Refer – Premium Support – accepted/referral• Refer – Premium Support – DECLINED• Refer – to KB• Refer – UNSUPPORTED – to 3rd party vendor• Release/renewed DHCP IP• Reset to factory default
• RMA – DENIED – as outside warranty• conditions• RMA – DENIED – due to Power Outage• RMA – Failure after firmware upgrade• RMA – logged completed unit• RMA – logged power supply• Service Contract• Utility – Configured Printer Server Admin• Utility – Configured wireless utility• Utility – installed wireless utility• VPN – configured OTHER client (client-box)• VPN – configured Safenet Remote (client-box)• VPN – configured setup (box-box)• VPN – configured setup (pass through)• VPN – configured Win2K (box-box)
NETGEAR CONFIDENTIAL
Practice Questions
NETGEAR CONFIDENTIAL
Question 1:
Network A Network BLocal IdentifierRemote IdentiferLocal subnetRemote subnetRemote VPN EndpointShared KeyEncryption AlgorithmAuthentication Algorithm
EthernetEthernet
ProSafe VPN router ProSafe VPN Router
192.168.1.0/255.255.255.0
129.30.6.121
10.1.2.0/255.255.255.0
205.158.9.23DESSHA-1
Key: 12345678Network A
Network B
1. Fill out VPN parameters according to the network data
NETGEAR CONFIDENTIAL
Questions and Answers