Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Protect Your Network 320 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The pop-up screen displays the dropped IPv4 packets. 8. Click the Stop button. 9. Wait for the confirmation that the operation succeeded. 10. In the Poll Interval field, enter new poll interval in seconds. 11. Click the Set Interval button. 12. Close the pop-up screen. Manage IP/MAC Bindings for IPv6 Traffic The following sections provide information about managing IP/MAC bindings for IPv6 traffic: •View and Set Up IPv6/MAC Bindings •Change an IPv6/MAC Binding •Remove One or More IPv6/MAC Bindings •Change the IP/MAC Binding Polling Interval for IPv6 Traffic and View the Number of Dropped Packets View and Set Up IPv6/MAC Bindings The following procedure describes how to view existing IPv6/MAC bindings and set up a binding between a MAC address and an IPv6 address. To view existing bindings and set up a binding between a MAC address and an IPv6 address: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password.
Protect Your Network 321 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The IP/MAC Binding screen displays the IPv6 settings. The following figure shows a binding in the IP/MAC Binding table as an example. 8. In the Email IP/MAC Violations section, specify if you want to enable email logs for IP/MAC binding violations by selecting one of the following radio buttons: •Ye s. The VPN firewall does email IP/MAC binding violations. As an option, click the Firewall Logs & E-mail page link to ensure that emailing of logs is enabled (see Enable and Schedule Emailing of Logs on page 569). •No. The VPN firewall does not email IP/MAC binding violations.
Protect Your Network 322 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Note:You must specify only once whether you want IP/MAC binding violations for IPv6 traffic to be logged and emailed. Your selection applies to all IPv6 IP/MAC bindings. 9. Click the Apply button. Your settings are saved. 10. In the IP/MAC Bindings section, enter the settings as described in the following table. 11. Click the Add button. The new IP/MAC rule is added to the IP/MAC Bindings table. Change an IPv6/MAC Binding The following procedure describes how to change an existing binding between a MAC address and an IPv6 address. To change a binding between a MAC address and an IPv6 address: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. SettingDescription Name A descriptive name of the binding for identification and management purposes. MAC Address The MAC address of the computer or device that is bound to the IP address. IP Address The IPv6 address of the computer or device that is bound to the MAC address. Log Dropped PacketsTo log the dropped packets, select Enable from the menu. The default setting is Disable.
Protect Your Network 323 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The IP/MAC Binding screen displays the IPv6 settings. 8. In the IP/MAC Bindings table, click the Edit button for the IP/MAC binding that you want to change. The Edit IP/MAC Binding screen displays. 9. Change the settings. You can change the MAC address, IPv6 address, and logging status. For more information about the settings, see View and Set Up IPv6/MAC Bindings on page 320. 10. Click the Apply button. Your settings are saved. The modified IP/MAC binding displays in the IP/MAC Bindings table on the IP/MAC Binding screen. Remove One or More IPv6/MAC Bindings The following procedure describes how to remove one or more bindings between MAC addresses and IPv6 addresses that you no longer need. To remove a binding between a MAC address and an IPv6 address: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings.
Protect Your Network 324 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. In the upper right, select the IPv6 radio button. The IP/MAC Binding screen displays the IPv6 settings. 8. In the IP/MAC Bindings table, select the check box to the left of each IP/MAC binding that you want to remove or click the Select All button to select all bindings. 9. Click the Delete button. The selected bindings are removed from the IP/MAC Bindings table. Change the IP/MAC Binding Polling Interval for IPv6 Traffic and View the Number of Dropped Packets The following procedure describes how to change the polling interval for the process that checks and enforces IP/MAC bindings for IPv6 traffic and view the number of dropped packets as a result of invalidated IP/MAC bindings. To change the IP/MAC binding polling interval for IPv6 traffic and view the number of dropped packets: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Address Filter > IP/MAC Binding. The IP/MAC Binding screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The IP/MAC Binding screen displays the IPv6 settings. 8. Click the Set Poll Interval option arrow in the upper right. The IP MAC Binding Poll Interval (IPv6) pop-up screen displays.
Protect Your Network 325 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The pop-up screen displays the dropped IPv6 packets. 9. Click the Stop button. 10. Wait for the confirmation that the operation succeeded. 11. In the Poll Interval field, enter new poll interval in seconds. 12. Click the Set Interval button. 13. Close the pop-up screen. Manage Port Triggering The following sections provide information about managing port triggering: •Port Triggering Overview •Add a Port Triggering Rule •Change a Port Triggering Rule •Remove One or More Port Triggering Rules •Display the Status of Active Port Triggering Rules Port Triggering Overview Port triggering allows some applications running on a LAN network to be available to external applications that would otherwise be partially blocked by the firewall. Using the port triggering feature requires that you know the port numbers that the application uses. Note:Port triggering is supported for IPv4 devices only. Once configured, port triggering operates as follows: 1. A computer makes an outgoing connection using a port number that you defined for port triggering. 2. The VPN firewall records this connection, opens the additional incoming port or ports that are associated with the port triggering rule, and associates them with the computer.
Protect Your Network 326 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 3. The remote system receives the computer’s request and responds using the incoming port or ports that are associated with the port triggering rule on the VPN firewall. 4. The VPN firewall matches the response to the previous request and forwards the response to the computer. Without port triggering, the response from the external application would be treated as a new connection request rather than a response to a request from the LAN network. As such, it would be handled in accordance with the inbound port forwarding rules, and most likely would be blocked. Note these restrictions about port triggering: •Only one computer can use a port triggering application at any time. •After a computer has finished using a port triggering application, there is a short time-out period before the application can be used by another computer. This time-out period is required so that the VPN firewall can determine that the application has terminated. Note:For additional ways of allowing inbound traffic, see Inbound Rules — Port Forwarding on page 215. Add a Port Triggering Rule The following procedure describes how to add a port triggering rule. To add a port triggering rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Port Triggering.
Protect Your Network 327 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The Port Triggering screen displays. The following figure shows a rule in the Port Triggering Rules table as an example. 7. In the Add Port Triggering Rule section, enter the settings as described in the following table. 8. Click the Add button. Your settings are saved and the new port triggering rule is added to the Port Triggering Rules table. SettingDescription Name A descriptive name of the rule for identification and management purposes. Enable From the menu, select Ye s to enable the rule. You can define a rule but keep it disabled it by selecting No from the menu. Protocol From the menu, select the protocol to which the rule applies: • TCP. The rule applies to an application that uses the Transmission Control Protocol (TCP). • UDP. The rule applies to an application that uses the User Datagram Protocol (UDP). Outgoing Ports Specify the outgoing ports: • Start Port. The start port (1025–65535) of the range for triggering. • End Port. The end port (1025–65535) of the range for triggering. Incoming Ports Specify the incoming ports: • Start Port. The start port (1025–65535) of the range for triggering. • End Port. The end port (1025–65535) of the range for triggering.
Protect Your Network 328 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Change a Port Triggering Rule The following procedure describes how to change an existing port triggering rule. To change a port triggering rule: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Port Triggering. The Port Triggering screen displays. 7. In the Port Triggering Rules table, click the Edit button for the port triggering rule that you want to change. The Edit Port Triggering Rule screen displays. 8. Change the settings. For information about the settings, see Add a Port Triggering Rule on page 326. 9. Click the Apply button. Your settings are saved. The modified port triggering rule displays in the Port Triggering Rules table on the Port Triggering screen. Remove One or More Port Triggering Rules The following procedure describes how to remove one or more port triggering rules that you no longer need. To remove one or more port triggering rules: 1. On your computer, launch an Internet browser.
Protect Your Network 329 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Port Triggering. The Port Triggering screen displays. 7. In the Port Triggering Rules table, select the check box to the left of each port triggering rule that you want to remove or click the Select All button to select all rules. 8. Click the Delete button. The selected rules are removed from the Port Triggering Rules table. Display the Status of Active Port Triggering Rules The following procedure describes how to display the status of active port triggering rules, including the rule number, LAN IP address, open ports, and the time that the ports remain open. To display the status of active port triggering rules: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.