Embed Size (px)
NETGEAR CONFIDENTIAL
FVS338
ProSafe VPN Firewall 50
NETGEAR CONFIDENTIAL
Main Features
• RS232 Serial Port with DB-9 connector– Analog Modem support for auto failover capability.
• SNMP support (optimized for NMS100) – SNMPv2.
• QoS traffic prioritization.
• Fast - 90+ Mbps WAN-LAN and up to 60+ Mbps 3DES throughput.
• SPI Firewall and multi-NAT.
• Support 50 VPN tunnels.
• Includes VPN client software with 1-user license.
• Future upgradability to SSL VPN, IDS, Anti-virus, anti-spam and anti-spyware security measures.
NETGEAR CONFIDENTIAL
ProSafe Firewalls ComparisonFeature FVS318 v3 FVS338 FVL328 FVX538
VPN Tunnels 8 50 100 200WAN-to-LAN throughput 12. 5 Mbps 90+ Mbps 54 Mbps 90+ Mbps
3DES Throughput 1.2 Mbps 60+ Mbps 15 Mbps 90+ MbpsLAN Ports (8)10/100 LAN (8)10/100 LAN (8) 10/100 LAN (8) 10/100 LAN, (1) Gigabit LANWAN Ports (1)10/100Mbps WAN (1)10/100Mbps WAN (1)10/100Mbps WAN (2)10/100Mbps WANSerial port no yes, for analog backup no yes, console port for local mgmtEncryption DES, 3DES, AES DES, 3DES, AES DES, 3DES DES, 3DES, AES
Encryption Method Hardware for 3DES Hardware Hardware HardwareQoS no yes no yes
SNMP no yes no yesSIP aware no future upgrade no future upgradeSSL VPN no no no future upgrade
Digital Certificate Support yes yes yes yesNAT On/Off no yes yes yesMultNAT no yes yes yes
Other VPN01L included VPN05L includedCLI no yes no yes
Rack mountable no no no yesICSA Firewall yes in testing yes in testing
VPNC certifiable yes yes yes yesUS List Price $157 $278 $418 $557
Average Catalog $109 $199 $249 $399
NETGEAR CONFIDENTIAL
Front Panel
NETGEAR CONFIDENTIAL
LEDs
NETGEAR CONFIDENTIAL
Rear Panel
NETGEAR CONFIDENTIAL
Bottom Label
NETGEAR CONFIDENTIAL
GUI
NETGEAR CONFIDENTIAL
http://192.168.1.1
• Username: admin
• Password: password
NETGEAR CONFIDENTIAL
WAN Setup – Broadband ISP Settings
NETGEAR CONFIDENTIAL
Setup Wizard
NETGEAR CONFIDENTIAL
WAN Status
NETGEAR CONFIDENTIAL
WAN Setup – Dialup ISP Settings
NETGEAR CONFIDENTIAL
WAN Setup – Dialup ISP Settings
Modem properties can only be specified when modem type is user defined.
NETGEAR CONFIDENTIAL
WAN Setup – DIAL UP Status
NETGEAR CONFIDENTIAL
WAN Setup - Mode
NETGEAR CONFIDENTIAL
WAN Setup – Options (Broadband)
28Kbps to 100Mbps
NETGEAR CONFIDENTIAL
WAN Setup – Options (Dialup)
NETGEAR CONFIDENTIAL
WAN Setup – Dynamic DNS
NETGEAR CONFIDENTIAL
WAN Setup – Traffic Meter
NETGEAR CONFIDENTIAL
WAN Setup – Traffic Meter
Statistic by Protocol
NETGEAR CONFIDENTIAL
Security – Groups and Hosts
NETGEAR CONFIDENTIAL
Security – Groups and Hosts
Add
NETGEAR CONFIDENTIAL
Security – Groups and Hosts
Edit Group Names
NETGEAR CONFIDENTIAL
Security – Source MAC Filter
NETGEAR CONFIDENTIAL
Security – Block Sites
NETGEAR CONFIDENTIAL
Security – Rules
NETGEAR CONFIDENTIAL
Security – Rules – Outbound Services
NETGEAR CONFIDENTIAL
Security – Rules – Inbound Services
NETGEAR CONFIDENTIAL
Security - Services
NETGEAR CONFIDENTIAL
Security - Schedule
NETGEAR CONFIDENTIAL
Security – Logs and Emails
NETGEAR CONFIDENTIAL
Security – View Log
NETGEAR CONFIDENTIAL
Security – Logs and Emails
When E-mail Logs and Syslog are enabled
NETGEAR CONFIDENTIAL
VPN – VPN Wizard Box-to-box
NETGEAR CONFIDENTIAL
VPN – VPN Wizard Box-to-box
Result:
NETGEAR CONFIDENTIAL
VPN – VPN Wizard Client-to-box
NETGEAR CONFIDENTIAL
VPN – VPN Wizard Client-to-box
NETGEAR CONFIDENTIAL
VPN – VPN Status
NETGEAR CONFIDENTIAL
VPN – IKE Policies
Update current WAN address
NETGEAR CONFIDENTIAL
VPN – IKE Policies - Add
NETGEAR CONFIDENTIAL
VPN – VPN Policies
NETGEAR CONFIDENTIAL
VPN – VPN Policies – Add Auto Policy
NETGEAR CONFIDENTIAL
VPN – VPN Policies – Add Manual Policy
NETGEAR CONFIDENTIAL
VPN - CAs
NETGEAR CONFIDENTIAL
VPN - Certificates
NETGEAR CONFIDENTIAL
VPN - CRL
NETGEAR CONFIDENTIAL
Maintenance – Router Status
NETGEAR CONFIDENTIAL
Maintenance – Router Status
Show Statistics
NETGEAR CONFIDENTIAL
Maintenance – Set Password
NETGEAR CONFIDENTIAL
Maintenance – Remote management
NETGEAR CONFIDENTIAL
Maintenance - SNMP
NETGEAR CONFIDENTIAL
Maintenance - Diagnostics
NETGEAR CONFIDENTIAL
Maintenance – Backup Settings
NETGEAR CONFIDENTIAL
Maintenance – Router Upgrade
NETGEAR CONFIDENTIAL
Advanced – LAN Setup
NETGEAR CONFIDENTIAL
Advanced – LAN Setups
Multi-Home LAN IP Setups
NETGEAR CONFIDENTIAL
Advanced – DMZ Setups
NETGEAR CONFIDENTIAL
Port Triggering
Once configured, operation is as follows:
1. A PC makes an outgoing connection using a port number defined in the Port Triggering table.
2. This Router records this connection, opens the INCOMING port or ports associated with this entry in the Port Triggering table, and associates them with the PC.
3. The remote system receives the PCs request, and responds using a different port number.
4. This Router matches the response to the previous request, and forwards the response to the PC. (Without Port Triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the Port Forwarding rules.)
NETGEAR CONFIDENTIAL
Port Triggering
Note
• Only 1 PC can use a "Port Triggering" application at any time.
• After a PC has finished using a "Port Triggering" application, there is a "Time-out" period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated.
• Normally for games and chat.
NETGEAR CONFIDENTIAL
Advanced – Port Triggering
NETGEAR CONFIDENTIAL
Advanced – Static Routes
NETGEAR CONFIDENTIAL
Knowledge Base / Documentation
NETGEAR CONFIDENTIAL
Troubleshooting
NETGEAR CONFIDENTIAL
FAQ#1
• How does the FVS338 support QoS?
• The FVS338 prioritizes the routing of a packet through the router according to the TOS bit in the packet’s layer3 header. For a particular service, you can override the packet’s specified priority by selecting a different priority in the Services menu, Inbound rules or Outbound Rules. Changing the priority setting will affect the priority given to the packet by the router, but will not actually alter the TOS bits in the packet.
NETGEAR CONFIDENTIAL
FAQ#2
• My ISP has provided me with a range of public IP addresses. How can I assign them to servers behind the FVS338?
• When you configure the ISP Settings of your router, assign one IP address as the WAN address to be used by your PCs as the main NAT address for general traffic. In the DMZ Setup menu, you can assign the additional public IP addresses to individual PCs on either your LAN or DMZ (if you have activated port 8 as your DMZ port). To allow inbound traffic to reach one of these PCs, you must create an Inbound Rule for the desired service and set the rule’s Destination Address to the public IP address assigned to that PC.
NETGEAR CONFIDENTIAL
FAQ#3
• Is the VPN policy created by the VPN Wizard compatible to other Netgear VPN routers?
• The VPN Wizard will create a compatible configuration with our other products when using fixed IP addresses. When using FQDN, some modifications will be necessary after running the wizard. Please refer to our VPN application notes for detailed information.
NETGEAR CONFIDENTIAL
Known Issues
• Error messages for upgrading with the wrong image are not working. If user gets a message “Document contains no data”, this means that the image upgrade did not take place. Click on “Router Upgrade” menu to recover and try again.
• Show statistics in Router Status is causing HTTP hang after couple of auto refreshes.
• No NETBIO support over VPN tunnel until March. Recommend to use WINS server or LMHOSTS file.
