Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Monitor System Access and Performance 579 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. In the General section, clear the Enable NetBIOS check box. 8. In the Traffic Selector section, make the following changes: •From the Remote IP menu, select Single. •In the Start IP field, type 10.0.0.2. This IP address is the WAN IP address of Gateway 2. 9. Click the Apply button. Your settings are saved. Configure the VPN Tunnel on Gateway 2 at Site 2 The following procedure describes how you can set up a VPN tunnel at Site 2 between Gateway 2 at Site 2 and Gateway 1 at Site 1. To create a gateway-to-gateway VPN tunnel on Gateway 2 at Site 2 to Gateway 1 at Site 1, using the IPSec VPN wizard: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter 10.0.0.2 if you log in from the WAN or enter 192.168.20.0 if you log in from the LAN. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select VPN > IPSec VPN > VPN Wizard. The VPN Wizard screen displays. 7. Configure a gateway-to-gateway VPN tunnel using the following information: •Connection name. Any name of your choice •Pre-shared key. The same key as you configured on Gateway 1 •Remote WAN IP address. 10.0.0.1 •Local WAN IP address. 10.0.0.2 •Remote LAN IP address. 192.168.10.0 •Remote LAN subnet mask. 255.255.255.0
Monitor System Access and Performance 580 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Click the Apply button. Your settings are saved. Change the Remote IP Address in the VPN Policy on Gateway 2 at Site 2 The following procedure describes how to change the local IP address in the VPN policy on Gateway 2 at Site 2 to the WAN IP address of the same Gateway 2. To change the local IP address in the VPN policy on Gateway 2 at Site 2: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter 10.0.0.2 if you log in from the WAN or enter 192.168.20.0 if you log in from the LAN. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select VPN > IPSec VPN > VPN Policies. The VPN Policy screen displays. 7. Next to the policy name for the Gateway 2–to–Gateway 1 autopolicy, click the Edit button. The Edit VPN Policy screen displays. 8. In the General section, clear the Enable NetBIOS check box. 9. In the Traffic Selector section, make the following changes: •From the Local IP menu, select Single. •In the Start IP fields, type 10.0.0.2. This IP address is the WAN IP address of Gateway 2. 10. Click the Apply button. Your settings are saved.
Monitor System Access and Performance 581 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 On the Gateway at Site 2, Specify the Syslog Server on Site 1 The following procedure describes how to specify that Gateway 2 at Site 2 must send the syslogs to the syslog server that is connected to Gateway 1 at Site 1. To specify that Gateway 2 at Site 2 must send the syslogs to the syslog server that is connected to Gateway 1 on Site 1: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter 10.0.0.2 if you log in from the WAN or enter 192.168.20.0 if you log in from the LAN. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > Firewall Logs & E-mail. The Firewall Logs & E-mail screen displays. 7. In the Enable SysLogs section, select the Ye s radio button. 8. In the SysLog Server field, enter 192.168.10.2. This IP address is the LAN IP address of the syslog server at Site 1. 9. From the SysLog Severity menu, select a severity level. For more information severity levels, see Enable the Syslogs on page 571. 10. Click the Apply button. Your settings are saved. View the Status and Statistics of the VPN Firewall and Its Traffic The following sections provide information about the status and statistics of the VPN firewall and its traffic: •View the System Status
Monitor System Access and Performance 582 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 •View the VPN Connection Status, L2TP Users, and PPTP Users •View the VPN Logs •View the Port Triggering Status •View the WAN Port Status and Terminate or Establish the Internet Connection •Display Internet Traffic by Type of Traffic •View the Attached Devices •View the DHCP Log View the System Status You can view real-time information about the following important components of the VPN firewall: •Firmware version •Both IPv4 and IPv6 WAN and LAN port information •Interface statistics •VLAN status, including port memberships •IPv6 tunnels The following sections provide information about viewing the system status: •Display an Overview of the VPN Firewall Addresses and Firmware Version •View the Traffic Statistics for the Interfaces and Change the Polling Interval •View Detailed Status Information About the VPN Firewall •View the VLAN Status •View the IPv6 Tunnel Status Display an Overview of the VPN Firewall Addresses and Firmware Version The following procedure describes how to display an overview of the LAN and WAN IPv4 and IPv6 addresses and firmware version. To view the addresses and firmware version: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter 10.0.0.2 if you log in from the WAN or enter 192.168.20.0 if you log in from the LAN. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password.
Monitor System Access and Performance 583 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. The following table explains the fields of the Router Status screen. ItemDescription System Info System Name The NETGEAR system name. Firmware Version The installed firmware version. LAN (VLAN) IPv4 Information For each of the four LAN ports, the screen shows the IPv4 LAN address and subnet mask. For more detailed information, see View Detailed Status Information About the VPN Firewall on page 586.
Monitor System Access and Performance 584 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 View the Traffic Statistics for the Interfaces and Change the Polling Interval The following procedure describes how to view the traffic statistics for the interfaces of the VPN firewall and change the polling interval. To view the traffic statistics for the interfaces and change the polling interval: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter 10.0.0.2 if you log in from the WAN or enter 192.168.20.0 if you log in from the LAN. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. LAN IPv6 Information MAC Address The MAC address of the VPN firewall. IPv6 Address The IPv6 LAN address that is assigned to the VPN firewall. For information about configuring the IPv6 address, see Configure the IPv6 Internet Connection and WAN Settings on page 87. DHCP Server The status of the IPv4 DHCP server (Enabled or Disabled). For information about configuring the IPv4 DHCP server, see Manage VLAN Profiles on page 119. DHCP Relay The status of the IPv4 DHCP relay (Enabled or Disabled). For information about configuring the IPv4 DHCP relay, see Manage VLAN Profiles on page 119. DHCPv6 Server The status of the DHCPv6 server for the LAN (Enabled or Disabled). For information about configuring the DHCPv6 server, see Manage the IPv6 LAN on page 153. DMZ IPv6 Information IPv6 Address The IPv6 DMZ address that is assigned to the VPN firewall. For information about configuring the IPv6 address, see Manage the DMZ Port for IPv4 Traffic on page 140. DHCPv6 Server The status of the DHCPv6 server for the DMZ (Enabled or Disabled). For information about configuring the DHCPv6 server, see Manage the DMZ Port for IPv4 Traffic on page 140. WAN Information WAN 1For each WAN interface, the screen shows the IPv4 address, subnet mask, IPv6 address, and status of the port (UP or DOWN). For more detailed information, see View Detailed Status Information About the VPN Firewall on page 586. WAN 2 ItemDescription
Monitor System Access and Performance 585 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Click the Show Statistics option arrow in the upper right. The Router Statistics screen displays. The following table explains the fields of the Router Statistics screen. 7. To change the polling interval period: a.Click the Stop button. ItemDescription System up Time. The period since the last time that the VPN firewall was started up. Router Statistics The following statistics are displayed for each of the two WAN interfaces, for all LAN interfaces combined, and for the DMZ interface: Tx Pkts The number of packets transmitted on the port in bytes. Rx Pxts The number of packets received on the port in bytes. Collisions The number of signal collisions that have occurred on the port. A collision occurs when the port attempts to send data at the same time as a port on the other router or computer that is connected to this port. Tx B/s The number of bytes transmitted per second on the port. Rx B/s The number of bytes received per second on the port. Up Time The period that the port is active since it was restarted.
Monitor System Access and Performance 586 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Wait for the counter to stop. b. In the Poll Interval field, enter a new value in seconds. c. Click the Set interval button. View Detailed Status Information About the VPN Firewall The following procedure describes how to view detailed status information about the IP addresses and MAC addresses on the VPN firewall, as well as other information. To view detailed status information about the VPN firewall: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter 10.0.0.2 if you log in from the WAN or enter 192.168.20.0 if you log in from the LAN. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Monitoring > Router Status > Detailed Status. The Detailed Status screen displays.
Monitor System Access and Performance 587 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The following table explains the fields of the Detailed Status screen. ItemDescription LAN Port Configuration The following fields are shown for each of the LAN ports. VLAN Profile The name of the VLAN profile that you assigned to the LAN port (see Assign VLAN Profiles on page 116). If the VLAN is not enabled on this port, the default profile (with VLAN ID 1) is assigned automatically.
Monitor System Access and Performance 588 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 VLAN ID The VLAN ID that you assigned to the LAN port (see Manage VLAN Profiles on page 119). If the default VLAN profile is used, the VLAN ID is 1, which means that all tagged and untagged traffic can pass on the LAN port. MAC Address The MAC address for this port. Note the following about the LAN MAC address: • All LAN ports that are part of the default VLAN share the same default MAC address (00:00:00:00:00:01) unless you specified that each VLAN must be assigned a unique MAC address (see Configure Unique VLAN MAC Addresses on page 126). • LAN ports with an IPv4 address that differs from the default VLAN can still share the same MAC address as the default VLAN. • LAN port 4 can be assigned as the DMZ port, in which case its default MAC address is 00:00:00:00:00:06. For information about configuring the DMZ port, see Manage the DMZ Port for IPv4 Traffic on page 140. IP Address The IPv4 address for the LAN port. If the port is part of the default VLAN, the IP address is the default LAN IP address (192.168.1.1). For information about configuring VLAN profiles, see Manage VLAN Profiles on page 119. Subnet Mask The subnet mask for the LAN port. If the port is part of the default VLAN, the subnet mask is the default LAN IP subnet mask (255.255.255.0). For information about configuring VLAN profiles, see Manage VLAN Profiles on page 119. DHCP Status The status of the IPv4 DHCP server for the VLAN (Enabled or Disabled). For information about enabling DHCP for VLANs, see Manage VLAN Profiles on page 119. LAN IPv6 Configuration For information about configuring the IPv6 LAN, see DHCPv6 LAN Server Concepts and Configuration Roadmap on page 153 and Configure a Stateless DHCPv6 Server Without Prefix Delegation for the LAN on page 155. IPv6 Address The IPv6 address and prefix length for the LAN. DHCP Status The status of the DHCPv6 server for the LAN (Enabled or Disabled). Primary DNS ServerThe IPv6 address of the primary DNS server for the LAN. Secondary DNS ServerThe IP address of the secondary DNS server for the LAN. DMZ IPv6 Configuration For information about configuring the IPv6 DMZ, see Manage a Stateless DHCPv6 Server with Prefix Delegation for the DMZ on page 185. IPv6 Address The IPv6 address and prefix length for the DMZ. DHCP Status The status of the DHCPv6 server for the DMZ (Enabled or Disabled). Primary DNS ServerThe IPv6 address of the primary DNS server for the DMZ. Secondary DNS ServerThe IP address of the secondary DNS server for the DMZ. ItemDescription