Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Customize Firewall Protection 220 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Change the Default Outbound Policy for LAN WAN Traffic The default outbound policy allows all traffic to the Internet to pass through. You can then apply firewall rules to block specific types of traffic from going out from the LAN to the Internet (outbound). This feature is also referred to as service blocking. You can change the default policy of Allow Always to Block Always to block all outbound traffic, which then allows you to enable only specific services to pass through the VPN firewall. The following sections provide information about changing the default outbound policy for LAN WAN traffic: •Change the Default LAN WAN Outbound Policy for IPv4 Traffic •Change the Default LAN WAN Outbound Policy for IPv6 Traffic Change the Default LAN WAN Outbound Policy for IPv4 Traffic The following procedure describes how to change the default outbound policy for IPv4 traffic from the LAN to the WAN. To change the default outbound policy for LAN WAN IPv4 traffic: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. Log The setting that determines whether packets covered by this rule are logged. The options are as follows: • Always. Always log traffic that matches this rule. This is useful when you are debugging your rules. • Never. Never log traffic that matches this rule. All rules Bandwidth Profile Bandwidth limiting determines how the data is sent to and from your host. The purpose of bandwidth limiting is to provide a solution for limiting the outgoing and incoming traffic, thus preventing the LAN users from consuming all the bandwidth of the Internet link. For more information, see Manage Bandwidth Profiles for IPv4 Traffic on page 299. For inbound traffic, you can configure bandwidth limiting only on the LAN interface for a LAN WAN rule. Note:When you enable a bandwidth profile, the performance of the VPN firewall might be affected slightly. Note:Bandwidth limiting does not apply to the DMZ interface.IPv4 LAN WAN rules Table 6. Inbound rules overview (continued) SettingDescriptionInbound Rules
Customize Firewall Protection 221 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. The following figure shows examples. 7. From the Default Outbound Policy menu, select Block Always. By default, Allow Always is selected. 8. Click the Apply button. Your settings are saved.
Customize Firewall Protection 222 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Change the Default LAN WAN Outbound Policy for IPv6 Traffic The following procedure describes how to change the default outbound policy for IPv6 traffic from the LAN to the WAN. To change the default outbound policy for LAN WAN IPv6 traffic: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The LAN WAN Rules screen displays the IPv6 settings. The following figure shows examples.
Customize Firewall Protection 223 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. From the Default Outbound Policy menu, select Block Always. By default, Allow Always is selected. 9. Click the Apply button. Your settings are saved. Add LAN WAN Rules The following sections provide information about managing LAN WAN rules: •Add LAN WAN Outbound Service Rules •Add LAN WAN Inbound Service Rules Add LAN WAN Outbound Service Rules You can define rules that specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. An outbound rule can block or allow traffic between an internal IP LAN address and any external WAN IP address according to a schedule. WARNING: Make sure that you understand the consequences of a LAN WAN outbound rule before you apply the rule. Incorrect configuration might cause serious connection problems. The following sections provide information about adding LAN WAN outbound service rules: •Add an IPv4 LAN WAN Outbound Rule
Customize Firewall Protection 224 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •Add an IPv6 LAN WAN Outbound Rule Add an IPv4 LAN WAN Outbound Rule The following procedure describes how to add an IPv4 LAN WAN outbound rule. To add an IPv4 LAN WAN outbound rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. The following figure shows examples.
Customize Firewall Protection 225 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. Under the Outbound Services table, click the Add button. The Add LAN WAN Outbound Service screen for IPv4 displays. 8. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Outbound Rules on page 212.
Customize Firewall Protection 226 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The following table lists the menus that apply to an IPv4 LAN WAN outbound rule. 9. Click the Apply button. Your settings are saved. The new rule is added to the Outbound Services table on the LAN WAN Rules screen. Add an IPv6 LAN WAN Outbound Rule The following procedure describes how to add an IPv6 LAN WAN outbound rule. To add an IPv6 LAN WAN outbound rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. Menus that apply to all IPv4 LAN WAN outbound rulesMenus that apply only when your selection from the Action menu is not BLOCK always Service Select Schedule Note:This menu is available only when the selection from the Action menu includes by schedule. Action QoS Profile LAN Users Bandwidth Profile WAN Users NAT IP Note:This menu is available only when the WAN mode is NAT. Log
Customize Firewall Protection 227 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The LAN WAN Rules screen displays the IPv6 settings. 8. Under the Outbound Services table, click the Add button. The Add LAN WAN Outbound Service screen for IPv6 displays. 9. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Outbound Rules on page 212.
Customize Firewall Protection 228 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The following table lists the menus that apply to an IPv6 LAN WAN outbound rule. 10. Click the Apply button. Your settings are saved. The new rule is added to the Outbound Services table on the LAN WAN Rules screen. Add LAN WAN Inbound Service Rules By default, all inbound traffic (from the Internet to the LAN) is blocked. Allowing inbound services opens potential security holes in your firewall. Enable only those ports that are necessary for your network. WARNING: Make sure that you understand the consequences of a LAN WAN inbound rule before you apply the rule. Incorrect configuration might cause serious connection problems. If you are configuring the VPN firewall from a remote connection, you might be locked out. WARNING: Make sure that you first configure the IPv4 WAN routing mode (see Manage the IPv4 WAN Routing Mode on page 30) before you configure custom firewall rules. If you change the IPv4 WAN routing mode, all LAN WAN inbound rules revert to default settings. The following sections provide information about adding LAN WAN inbound service rules: •Add an IPv4 LAN WAN Inbound Rule •Add an IPv6 LAN WAN Inbound Rule Menus that apply to all IPv6 LAN WAN outbound rulesMenus that apply only when your selection from the Action menu is not BLOCK always Service Select Schedule Note:This menu is available only when the selection from the Action menu includes by schedule. Action QoS Priority LAN Users WAN Users Log
Customize Firewall Protection 229 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Add an IPv4 LAN WAN Inbound Rule The following procedure describes how you can add an IPv4 LAN WAN inbound rule. To add an IPv4 LAN WAN inbound rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. The following figure shows some examples.