Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Customize Firewall Protection 250 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Make your selections from the menus and enter the settings. For more information about the menus and settings, see Settings for Inbound Rules on page 217. The following table lists the menus that apply to an IPv6 LAN DMZ inbound rule. 10. Click the Apply button. Your settings are saved. The new rule is added to the Inbound Services table on the LAN DMZ Rules screen. Manage Existing Firewall Rules After you add an outbound or inbound firewall rule for IPv4 or IPv6 traffic, you can perform the following actions with the rule: •Change the rule •Increase or lower the priority of the rule •Disable the rule •Enable the rule Menus that apply to all IPv6 LAN DMZ inbound rulesMenus that apply only when your selection from the Action menu is not BLOCK always Service Select Schedule Note:This menu is available only when the selection from the Action menu includes by schedule. Action LAN Users DMZ Users Log
Customize Firewall Protection 251 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •Remove the rule To manage an existing rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. The IPv4 outbound service rules display in the upper table. The IPv4 inbound service rules display in the lower table. 7. To manage a rule other than a LAN WAN rule, click one of the following tabs: •DMZ WAN Rules. Click the tab for a DMZ WAN rule. The DMZ WAN Rules screen displays the IPv4 rules. •DMZ LAN Rules. Click the tab for a DMZ LAN rule. The DMZ LAN Rules screen displays the IPv4 rules. The IPv4 outbound service rules display in the upper table. The IPv4 inbound service rules display in the lower table. 8. To manage an IPv6 rule instead of an IPv4 rule, in the upper right, select the IPv6 radio button. The screen displays the IPv6 settings. The IPv6 outbound service rules display in the upper table. The IPv6 inbound service rules display in the lower table.
Customize Firewall Protection 252 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Take one of the actions that are described in the following table. Examples of Firewall Rules The following sections provide examples of firewall rules: ActionSteps Change a rule1.In the leftmost column of the table, select the check box for the rule. 2.On the same row in the table, click the Edit button. The screen that lets you change the settings displays. 3.Change the settings. For information about the settings, see one of the following sections: - Settings for Outbound Rules on page 212 - Settings for Inbound Rules on page 217 - Add LAN WAN Rules on page 223 - Add DMZ WAN Rules on page 233 - Add LAN DMZ Rules on page 242. 4.Click the Apply button. Your settings are saved. The updated rule displays in the corresponding table in the Inbound Services or Outbound Services section. Change the order of precedence for a rule 1.In the leftmost column of the table, select the check box for the rule. 2.In the field next to the Move button, enter the new numerical position for the rule. 3.Click the Move button. The rule moves to the new position in the table and your settings are saved. Disable one or more rules 1.In the leftmost column of the table, select one or more check boxes, or to select all rules, click the Select All button. 2.Click the Disable button. The selected rules are disabled and your settings are saved. The green circle to the left of each rule turns gray. Enable one or more rules 1.In the leftmost column of the table, select one or more check boxes, or to select all rules, click the Select All button. 2.Click the Enable button. The selected rules are enabled and your settings are saved. The gray circle to the left of each rule turns green. Note:By default, when a rule is added to a table, the rule is automatically enabled. Remove one or more rules 1.In the leftmost column of the table, select one or more check boxes, or to select all rules, click the Select All button. 2.Click the Delete button. The selected rules are removed from the table and your settings are saved.
Customize Firewall Protection 253 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •Examples of Inbound Firewall Rules •Examples of Outbound Firewall Rules Examples of Inbound Firewall Rules The following sections provide examples of IPv4 and IPv6 LAN WAN inbound rules: •IPv4 LAN WAN Inbound Rule: Host a Local Public Web Server •IPv4 LAN WAN Inbound Rule: Allow a Videoconference from Restricted Addresses •IPv4 LAN WAN Inbound Rule: Set Up One-to-One NAT Mapping •IPv6 LAN WAN Inbound Rule: Restrict RTelnet from a Single WAN User to a Single LAN User IPv4 LAN WAN Inbound Rule: Host a Local Public Web Server If you host a public web server on your local network, you can define a rule to allow inbound web (HTTP) requests from any outside IP address to the IP address of your web server at any time of the day. To set up a firewall rule to host a local public web server on your network: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. 7. Under the Inbound Services table, click the Add button. The Add LAN WAN Inbound Service screen for IPv4 displays.
Customize Firewall Protection 254 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Enter the settings as described in the following table. 9. Click the Apply button. Your settings are saved. The new rule is added to the Inbound Services table on the LAN WAN Rules screen. SettingDescription Service From the menu, select HTTP. Action From the menu, select ALLOW always. Send to LAN Server From the menu, select Single address. In the Start field, enter the LAN IP address of the server that must function as a public web server. WAN Destination IP AddressThe setting that determines the destination IP address applicable to incoming traffic. This is the public IP address that maps to the internal public web server on the LAN. From the menu, select the WAN interface that you want to use. WAN Users From the menu, select Any. QoS Profile You can leave the selection from the menu at None. Log You can leave the selection from the menu at Never. Bandwidth Profile You can leave the selection from the menu at NONE.
Customize Firewall Protection 255 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 IPv4 LAN WAN Inbound Rule: Allow a Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example, CU-SeeMe connections are allowed only from a specified range of external IP addresses and according to a schedule. To set up a firewall rule to host a local public web server on your network: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. 7. Under the Inbound Services table, click the Add button. The Add LAN WAN Inbound Service screen for IPv4 displays.
Customize Firewall Protection 256 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Enter the settings as described in the following table. SettingDescription Service From the menu, select CU-SEEME:UDP. Action From the menu, select ALLOW by schedule, otherwise block. (If you do not want to use a schedule, select ALLOW always.) Select Schedule From the menu, select a schedule. For information about how to configure schedules, see Define a Schedule on page 292. Send to LAN Server From the menu, select Single address. In the Start field, enter the LAN IP address of the server that receives the video traffic. WAN Destination IP AddressThe setting that determines the destination IP address applicable to incoming traffic. This is the public IP address that maps to the internal server on the LAN that receives the video traffic. From the menu, select the WAN interface that you want to use. WAN Users From the menu, select Address Range. In the Start and Finish fields, specify the WAN address range from which the VPN firewall accepts video traffic. QoS Profile You can leave the selection from the menu at None.
Customize Firewall Protection 257 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Click the Apply button. Your settings are saved. The new rule is added to the Inbound Services table on the LAN WAN Rules screen. IPv4 LAN WAN Inbound Rule: Set Up One-to-One NAT Mapping In this example, you configure multi-NAT to support multiple public IP addresses on one WAN interface. An inbound rule configures the VPN firewall to host an additional public IP address and associate this address with a web server on the LAN. (Instead of on the LAN, you could also configure this web server in the DMZ.) The example uses the following addressing scheme: •NETGEAR VPN firewall: -WAN IP address. 10.1.0.118 -LAN IP address subnet. 192.168.1.1 with subnet 255.255.255.0 •Web server computer on the VPN firewall’s LAN: -LAN IP address. 192.168.1.2 -Access to the web server is through the public IP address. 10.168.50.1 Tip:If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ. One of these public IP addresses is used as the primary IP address of the router that provides Internet access to your LAN computers through NAT. The other addresses are available to map to your servers. To configure the VPN firewall for additional IP addresses: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. Log You can leave the selection from the menu at Never. Bandwidth Profile You can leave the selection from the menu at NONE. SettingDescription
Customize Firewall Protection 258 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Network Configuration > WAN Settings > WAN Setup. The WAN Setup screen displays the IPv4 settings. 7. In the WAN IPv4 Settings table, click the Edit button for the WAN interface for which you want to add a secondary WAN address. The WAN IPv4 ISP Settings screen displays. 8. Click the Secondary Addresses option arrow in the upper right. The WAN Secondary Addresses screen displays for the WAN interface that you selected. 9. In the Add WAN Secondary Addresses section, enter the following settings: •IP Address. Enter the secondary address that you want to assign to the WAN port. •Subnet Mask. Enter the subnet mask for the secondary IP address. 10. Click the Add button. The secondary IP address is added to the List of Secondary WAN addresses table. 11. Select Security > Firewall. The Firewall submenu tabs display with the LAN WAN Rules screen in view, displaying the IPv4 settings. 12. Under the Inbound Services table, click the Add button. The Add LAN WAN Inbound Service screen for IPv4 displays.
Customize Firewall Protection 259 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 13. Enter the settings as described in the following table. 14. Click the Apply button. Your settings are saved. The new rule is added to the Inbound Services table on the LAN WAN Rules screen. 15. To test the connection from a computer on the Internet, type http://. is the public IP address that you mapped to your web server. The home page of your web server displays. SettingDescription Service From the menu, select HTTP. Action From the menu, select ALLOW always. Send to LAN Server From the menu, select Single address. In the Start field, enter the LAN IP address of the web server. WAN Destination IP AddressFrom the menu, select the secondary WAN IP address that you added in Step 9 and Step 10. WAN Users From the menu, select Any. QoS Profile You can leave the selection from the menu at None. Log You can leave the selection from the menu at Never. Bandwidth Profile You can leave the selection from the menu at NONE.