NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.

NETGEAR CONFIDENTIAL

FVS338

ProSafe VPN Firewall 50


Main Features

• RS232 Serial Port with DB-9 connector– Analog Modem support for auto failover capability.

• SNMP support (optimized for NMS100) – SNMPv2.

• QoS traffic prioritization.

• Fast - 90+ Mbps WAN-LAN and up to 60+ Mbps 3DES throughput.

• SPI Firewall and multi-NAT.

• Support 50 VPN tunnels.

• Includes VPN client software with 1-user license.

• Future upgradability to SSL VPN, IDS, Anti-virus, anti-spam and anti-spyware security measures.


ProSafe Firewalls ComparisonFeature FVS318 v3 FVS338 FVL328 FVX538

VPN Tunnels 8 50 100 200WAN-to-LAN throughput 12. 5 Mbps 90+ Mbps 54 Mbps 90+ Mbps

3DES Throughput 1.2 Mbps 60+ Mbps 15 Mbps 90+ MbpsLAN Ports (8)10/100 LAN (8)10/100 LAN (8) 10/100 LAN (8) 10/100 LAN, (1) Gigabit LANWAN Ports (1)10/100Mbps WAN (1)10/100Mbps WAN (1)10/100Mbps WAN (2)10/100Mbps WANSerial port no yes, for analog backup no yes, console port for local mgmtEncryption DES, 3DES, AES DES, 3DES, AES DES, 3DES DES, 3DES, AES

Encryption Method Hardware for 3DES Hardware Hardware HardwareQoS no yes no yes

SNMP no yes no yesSIP aware no future upgrade no future upgradeSSL VPN no no no future upgrade

Digital Certificate Support yes yes yes yesNAT On/Off no yes yes yesMultNAT no yes yes yes

Other VPN01L included VPN05L includedCLI no yes no yes

Rack mountable no no no yesICSA Firewall yes in testing yes in testing

VPNC certifiable yes yes yes yesUS List Price $157 $278 $418 $557

Average Catalog $109 $199 $249 $399


Front Panel


LEDs


Rear Panel


Bottom Label


GUI


http://192.168.1.1

• Username: admin

• Password: password


WAN Setup – Broadband ISP Settings


Setup Wizard


WAN Status


WAN Setup – Dialup ISP Settings


WAN Setup – Dialup ISP Settings

Modem properties can only be specified when modem type is user defined.


WAN Setup – DIAL UP Status


WAN Setup - Mode


WAN Setup – Options (Broadband)

28Kbps to 100Mbps


WAN Setup – Options (Dialup)


WAN Setup – Dynamic DNS


WAN Setup – Traffic Meter


WAN Setup – Traffic Meter

Statistic by Protocol


Security – Groups and Hosts



Add



Edit Group Names


Security – Source MAC Filter


Security – Block Sites


Security – Rules


Security – Rules – Outbound Services


Security – Rules – Inbound Services


Security - Services


Security - Schedule


Security – Logs and Emails


Security – View Log


Security – Logs and Emails

When E-mail Logs and Syslog are enabled


VPN – VPN Wizard Box-to-box


VPN – VPN Wizard Box-to-box

Result:


VPN – VPN Wizard Client-to-box


VPN – VPN Status


VPN – IKE Policies

Update current WAN address


VPN – IKE Policies - Add


VPN – VPN Policies


VPN – VPN Policies – Add Auto Policy


VPN – VPN Policies – Add Manual Policy


VPN - CAs


VPN - Certificates


VPN - CRL


Maintenance – Router Status


Maintenance – Router Status

Show Statistics


Maintenance – Set Password


Maintenance – Remote management


Maintenance - SNMP


Maintenance - Diagnostics


Maintenance – Backup Settings


Maintenance – Router Upgrade


Advanced – LAN Setup


Advanced – LAN Setups

Multi-Home LAN IP Setups


Advanced – DMZ Setups


Port Triggering

Once configured, operation is as follows:

1. A PC makes an outgoing connection using a port number defined in the Port Triggering table.

2. This Router records this connection, opens the INCOMING port or ports associated with this entry in the Port Triggering table, and associates them with the PC.

3. The remote system receives the PCs request, and responds using a different port number.

4. This Router matches the response to the previous request, and forwards the response to the PC. (Without Port Triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the Port Forwarding rules.)


Port Triggering

Note

• Only 1 PC can use a "Port Triggering" application at any time.

• After a PC has finished using a "Port Triggering" application, there is a "Time-out" period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated.

• Normally for games and chat.


Advanced – Port Triggering


Advanced – Static Routes


Knowledge Base / Documentation


Troubleshooting


FAQ#1

• How does the FVS338 support QoS?

• The FVS338 prioritizes the routing of a packet through the router according to the TOS bit in the packet’s layer3 header. For a particular service, you can override the packet’s specified priority by selecting a different priority in the Services menu, Inbound rules or Outbound Rules. Changing the priority setting will affect the priority given to the packet by the router, but will not actually alter the TOS bits in the packet.


FAQ#2

• My ISP has provided me with a range of public IP addresses. How can I assign them to servers behind the FVS338?

• When you configure the ISP Settings of your router, assign one IP address as the WAN address to be used by your PCs as the main NAT address for general traffic. In the DMZ Setup menu, you can assign the additional public IP addresses to individual PCs on either your LAN or DMZ (if you have activated port 8 as your DMZ port). To allow inbound traffic to reach one of these PCs, you must create an Inbound Rule for the desired service and set the rule’s Destination Address to the public IP address assigned to that PC.


FAQ#3

• Is the VPN policy created by the VPN Wizard compatible to other Netgear VPN routers?

• The VPN Wizard will create a compatible configuration with our other products when using fixed IP addresses. When using FQDN, some modifications will be necessary after running the wizard. Please refer to our VPN application notes for detailed information.


Known Issues

• Error messages for upgrading with the wrong image are not working. If user gets a message “Document contains no data”, this means that the image upgrade did not take place. Click on “Router Upgrade” menu to recover and try again.

• Show statistics in Router Status is causing HTTP hang after couple of auto refreshes.

• No NETBIO support over VPN tunnel until March. Recommend to use WINS server or LMHOSTS file.

NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.

Documents

Transcript of NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.