DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA April 2007 202-10161-01 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Technical Support Please register to obtain technical support. Please retain your proof of purchase and warranty information. To register your product, get product support or obtain product information and product documentation, go to http://www.NETGEAR.com. If you do not have access to the World Wide Web, you may register your product by filling out the registration card and mailing it to NETGEAR customer service.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Away from potential sources of interference, such as PCs, large metal surfaces, microwaves, and 2.4 GHz cordless phones. • In an elevated location such as a high shelf that is near the center of the wireless coverage area for all mobile devices. Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the wireless access point.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Europe – EU Declaration of Conformity Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards: EN300 328, EN301 489-17, EN60950Europe – Declaration of Conformity in Languages of the European Community Èesky [Czech] NETGEAR Inc.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Português [Portuguese] NETGEAR Inc. declara que este Radiolan está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. Slovensko [Slovenian] NETGEAR Inc. izjavlja, da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES. Slovensky [Slovak] NETGEAR Inc.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual European Spectrum Usage Rules - Effective April 11, 2006 Country 5.15-5.25 (GHz) Channels: 36,40,44,48 5.25-5.35 (GHz) Channels: 52,56,60,64 5.47-5.725 (GHz) Channels: 100,104,108,112,116, 120,124,128,132,136,140 2.4-2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Additional Copyrights AES Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. All rights reserved. TERMS Redistribution and use in source and binary forms, with or without modification, are permitted subject to the following conditions: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Product and Publication Details Model Number: DGFV338 Publication Date: April 2007 Product Family: Wireless Firewall Product Name: ProSafe Wireless ADSL Modem VPN Firewall Router Home or Business Product: Business Language: English Publication Part Number: 202-10161-01 Publication Version Number 1.0 x v1.
Contents About This Manual Conventions, Format and Scope ....................................................................................xvii How to Use This Manual ............................................................................................... xviii How to Print this Manual ................................................................................................ xviii Chapter 1 Introduction Key Features of the NETGEAR ProSafe DGFV338 .............................................
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Selecting Advanced Options for your Ethernet or ADSL Connection ....................2-10 Configuring the WAN Mode ..........................................................................................2-14 Configuring Dynamic DNS (If Needed) ..................................................................2-17 Programming the Traffic Meter ...............................................................................
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Setting up Port Triggering ......................................................................................4-28 Setting a Schedule to Block or Allow Specific Traffic .............................................4-31 Event Logs and Alerts ..................................................................................................4-32 Security and Administrator Management ......................................................
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Wireless Firewall Features That Reduce Traffic ......................................................6-1 Wireless Firewall Features That Increase Traffic .....................................................6-4 Using QoS to Shift the Traffic Mix ............................................................................6-6 Tools for Traffic Management ...................................................................................
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Chapter 8 Troubleshooting Basic Functions ..............................................................................................................8-1 Power LED Not On ...................................................................................................8-1 LEDs Never Turn Off ................................................................................................8-2 LAN or Internet Port LEDs Not On ..........
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual xvi v1.
About This Manual The DGFV338 ProSafe™ Wireless ADSL Modem VPN Firewall Router Reference Manual describes how to install, configure and troubleshoot the ProSafe Wireless ADSL Modem VPN Firewall Router. The information is this manual is intended for readers with intermediate computer and Internet skills. Conventions, Format and Scope The conventions, formats, and scope of this manual are described in the following paragraphs: • • Typographical Conventions.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Scope. This manual is written for the Wireless ADSL Router according to these specifications: Product Version ProSafe Wireless ADSL Modem VPN Firewall Router Manual Publication Date April 2007 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents” Note: Product updates are available on the NETGEAR, Inc. Web site at http://kbserver.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual – Click the PDF of This Chapter link at the top right of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. – Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature. • Printing the Full Manual.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual xx v1.
Chapter 1 Introduction This chapter describes the features of the ProSafe™ Wireless ADSL Modem VPN Firewall Router. It also includes the minimum prerequisites for installation (“System Requirements” on page 1-5.), what’s in the box (“Package Contents” on page 1-6) and a description of the front and back panels of the DGFV338 (“Hardware Description” on page 1-6).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • • • • • Extensive Protocol Support. SNMP for manageability. Front panel LEDs for easy monitoring of status and activity. Flash memory for firmware upgrade.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Security The NETGEAR ProSafe DGFV338 is equipped with several features designed to maintain security, as described in this section. • PCs Hidden by NAT. NAT opens a temporary path to the Internet for requests originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN. • Port Forwarding with NAT.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual The firewall incorporates Auto Uplink technology. Each Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a “normal” connection such as to a PC or an “uplink” connection such as to a switch or hub. That port will then configure itself to the correct configuration.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Smart Wizard. The NETGEAR ProSafe DGFV338 automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account. • VPN Wizard.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • • • A Web browser for configuration such as Mozilla Firefox, Microsoft Internet Explorer 5.0 or above, or Netscape Navigator 7.2 or above. Network card for each connected PC. Network Software (for example, Windows). Package Contents The product package should contain the following items: • ProSafe Wireless ADSL Modem VPN Firewall Router. • AC power adapter. • Two 2.4 GHz wireless antennas.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 1 2 4 3 5 Figure 1-1 The table below describes each item on the front panel and its operation. Table 0-1. Object Descriptions Nos. LEDs Activity Description 1 Power - 1 On (Green) Off Power is supplied to the gateway Power is not supplied to the gateway. 2 Test - 2 On (Amber) Blinking (Amber) Off Test mode: The system is initializing or the initialization has failed.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table 0-1. Object Descriptions (continued) Nos. LEDs Local LEDs 5 Activity Description Link/Act LED On (Green) Blinking (Green) Off The LAN port has detected a link with a connected Ethernet device. Data is being transmitted or received by the LAN port. The LAN port has no link. 100 LED On (Green) Off The LAN port is operating at 100 Mbps. The LAN port is operating at 10 Mbps.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Router Login Factory Defaults Check the label on the bottom of the DGFV338’s enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN • User name: admin • Password: password LAN IP Address User Name Password Figure 1-3 To log in to the DGFV338 once it is connected: 1. Open a Web browser. 2. Enter http://192.168.1.1 as the URL. http://192.168.1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Figure 1-5 For a complete list of the factory default settings of your NETGEAR ProSafe DGFV338, see Appendix A, “Default Settings and Technical Specifications” Placement of your NETGEAR ProSafe DGFV338 Note: Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the wireless ADSL firewall.
Chapter 2 Basic Installation and Configuration This section provides instructions for connecting the DGFV338. Typically, it takes approximately seven steps to complete connecting all facets of your gateway: 1. Connect the gateway physically to your network. If connecting through a modem, power off and disconnect the modem before starting. Connect the cables after turning off your modem, if you are connecting through your Ethernet port.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 7. Set up your VPN connections using Auto Detect. If you do not know your ISP connection, Auto Detect will attempt to automatically detect your connection type by probing for different connection methods. If you know your ISP type, you can set up your connections manually. (Ensure that you have the ISP information relevant to your connection type before you begin.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Warning: Do not connect the wireless firewall to the ADSL line through a microfilter unless the microfilter is a combination ADSL microfilter/ splitter specifically designed for this purpose. Doing so will block your connection to the Internet. If you have any doubts about this, connect the wireless firewall directly to your phone line.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 3. Click Login. The ProSafe Wireless ADSL Modem VPN Firewall Router user interface will display. Note: You might want to enable remote management at this time so that you can log in remotely in the future to manage the gateway. See “Enabling Remote Management Access” on page 6-8 for more information. Remote management enable is cleared with a factory default reset.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual When Auto Detect successfully detects an active Internet service, it reports which connection type it discovered. The options are described in the Table 2-1., “Internet Service Connections”. Figure 2-4 Basic Installation and Configuration 2-5 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 2-5 Table 2-1. Internet Service Connections Connection Method Data Required PPPoE Login (Username, Password). PPPoA Login (Username, Password). DHCP (Dynamic IP) No data is required. Static (Fixed) IP Internet IP address, Subnet Mask and Gateway IP Address supplied by your ISP; and the Router’s DNS Address (also supplied by your ISP).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual ISP. If your ISP requires a Static IP address, then you must provide the fixed addresses for Static IP. The types of data you will need are highlighted in Table 2-1 by connection method, and explained in more detail below. To configure your ADSL ISP connection: 1. Enter your ISP Login information. Select the Does Your Internet Connection require a Login? option based on the type of account your have with your ISP.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • IP Address: Static IP address assigned to you. This will identify the router to your ISP. • IP Subnet Mask: This is usually provided by the ISP or your network administrator. • Gateway IP Address: IP address of your ISP’s gateway. This is usually provided by the ISP or your network administrator. 3. Select your Domain Name Servers (DNS). Domain name servers (DNS) convert Internet names such as www.google.com, www.netgear.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual – Login. This is often the name that you use in your e-mail address (for example, if your main mail account is jdoe@aol.com, enter jdoe). Note: Some ISPs (for example, Earthlink) require that you use your full e-mail address when you log in. – • Password. Enter the password you use to log in to your ISP.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual – BigPond Cable: If your ISP is Telstra BigPond Cable, select this option and fill in the Log In Server and Idle Timeout fields. The Log In Server is the IP address of the BigPond Log In Server local to your area. You can find log in server information at this URL: http:// www.netgear.com.sg/support/bigpond.asp 2. Enter your Internet (IP) Address.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • MTU Size. The normal MTU value for most networks is 1500 Bytes, or 1492 for PPPoE connections. For some ISPs, you may need to reduce the MTU size. However, this is rarely required and should not be attempted unless you are sure it is necessary for your ISP connection. • Port Speed (Ethernet only). Usually, your router can automatically determine the connection speed of the 10/100 port.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual b. VPI (Virtual Path Identifier) value: This is provided by your ISP to identify the ATM network (in conjunction with the VCI value). c. VCI (Virtual Channel Identifier) value: This is provided by your ISP (in conjunction with the VPI value) to identify the ATM network. 3. Click Apply to save your settings. To configure your Advanced ADSL ISP Settings: 1. Click the Advanced link at the tops of the ADSL ISP Settings screen.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual The format for the MAC address is XX:XX:XX:XX:XX:XX where X is a number from 0 to 9 (inclusive) or an alphabetical letter between A and F (inclusive). 4. Click Apply to save the settings. Click Reset to revert to the previous settings. To configure you Ethernet ISP Advanced options: 1. Select the Advanced link at the top of the Ethernet ISP Settings screen. The4 Ethernet Advanced Options screen will display. Figure 2-8 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 5. Click Apply to save your settings. Note: You can also set up the traffic meter for the Ethernet ISP, if desired, at this time. See “Programming the Traffic Meter” on page 2-20. Configuring the WAN Mode The WAN ports of the ProSafe Wireless ADSL Modem VPN Firewall Router can be configured for NAT or Classical Routing. You must select one of them—NAT being the most common: • NAT.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Use Dedicated WAN port. – Dedicated ADSL. If you have configured only the ADSL ISP, then select this interface. In this mode the ADSL interface will always be active and all traffic will be sent over this link; the other link will always be down. No link failure detection will occur. – Dedicated Ethernet. If this is your only ISP configuration, then select Dedicated Ethernet.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 2-9 3. Select your WAN port configuration: • Select the Auto-Rollover radio button and designate the rollover port from the pull-down menu. Auto-Rollover is available only if you have connected and configured both an ADSL ISP and an Ethernet ISP connection. • Select the Use Dedicated WAN port radio button and select the dedicated port from the pull-down menu if you have configured and are connected to only one port. 4.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual The default time to roll over after the primary WAN interface fails is 2 minutes (e.g., a 30second minimum test period, times a minimum of four tests). Configuring Dynamic DNS (If Needed) Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To configure Dynamic DNS: 1. Select Network Configuration from the main menu and Dynamic DNS from the submenu. The Dynamic DNS Configuration screen will display with the default None selected. Figure 2-10 Each DNS service provider requires its own parameters (Figure 2-11). 2-18 Basic Installation and Configuration v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual DynDNS Service Screen Figure 2-11 2. Access the Web site of the Dynamic DNS service provider you have chosen and register for an account (for example, for dyndns.org, go to http://www.dyndns.org). 3. Complete entering the Dynamic DNS screen for the service you have chosen: a. Select the Use a dynamic DNS service check box of the name of your dynamic DNS Service Provider. b.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Programming the Traffic Meter The traffic meter is useful when an ISP charges by traffic volume over a given period of time or if you want to look at traffic types over a period of time. The fields are described in Table 2-2 and are the same for both ADSL and Ethernet but are specific to each WAN interface and must be set individually. Figure 2-12 displays the traffic meter screen for the ADSL connection.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table 2-2. Traffic Meter Parameters Parameter Description Enable Traffic Meter Check this if you wish to record the volume of Internet traffic passing through the Router's WAN1 or WAN2 port.WAN1 or WAN2 can be selected through the drop down menu, the entire configuration is specific to each wan interface. • No Limit - If this is selected specified restriction will not be applied when traffic limit is reached.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To Program the Traffic Meter (if desired): 1. Select Monitoring from the main menu and Traffic Meter from the submenu. The default ADSL screen shown in Figure 2-12 will display. 2. Fill in the fields from the descriptions in Table 2-2. 3. Click Apply to save your settings. 4. Click Traffic by Protocol to view the traffic details for each interface.
Chapter 3 Wireless Configuration This chapter describes how to configure the wireless features of your ProSafe DGFV338. In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your DGFV338 in order to maximize the network speed (see Chapter 2, “Basic Installation and Configuration”). For further information on wireless networking, refer to Appendix B, “Related Documents for a link to resource material on the NETGEAR website.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of your wireless equipment. The wireless firewall provides highly effective security features which are covered in detail in this chapter. :LUHOHVV 'DWD 6HFXULW\ 2SWLRQV 5DGLXV 8S WR )HHW DGFV338 Á?aM?a +Á.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Understanding Wireless Settings Before configuring your wireless settings, you may want to review the Wireless Settings choices to determine what type of security is required for your wireless LAN network and to gather any security information that may be required.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Wireless LANs Configuring the Wireless settings for your LAN consists of the following categories: • Wireless Network. Wireless Network Name (SSID). The SSID is also known as the wireless network name. Enter a value of up to 32 alphanumeric characters. In a setting where there is more than one wireless network, different wireless network names provide a means for separating the traffic. Any device you want to participate in the 802.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Wireless Security Type. A number of security options are available to use on your Wireless Network: – None. No data encryption is used. – WEP. Enables WEP (Wired Equivalent Privacy) data encryption (64-, or 128-, or 152-bit) and requires at least one shared key and a WEP passphrase. When selecting WEP, you can also select: • Open System. No data encryption is used. • Shared Key.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Note: Not all wireless adapters support WPA and WPA2. Client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA and WPA2. However, the wireless adapter hardware and driver must also support WPA and WPA2. Consult the product document for your wireless adapter and WPA and WPA2 client software for instructions on configuring WPA and WPA2 settings.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Wireless Advanced Options Warning: The ProSafe DGFV338 is already configured with the optimum settings. Do not alter these settings unless directed by NETGEAR support. Incorrect settings may disable the wireless firewall unexpectedly. Advanced Wireless Router Settings The Wireless Advanced Options settings are intended for administrator use—and should be used with caution and only as directed by NETGEAR.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual – If you Enable eXtended Range (XR) Feature, significantly longer range connections than basic 802.11 are maintained through dense barriers (walls, floors, etc.). Faint connections will maintain connectivity due to improved error correction and lowered noise vulnerability. WEP and WPA/WPA2 Wireless Security Check List Form For a new wireless network, print or copy this form and fill in the configuration parameters.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Port: ___________________________________ Shared Key: ___________________________________ Configuring Your Wireless Settings First configure your wireless network connection, then configure your Wireless Access Point settings. Lastly, configure your Wireless Security Type that matches your network configuration. To configure your wireless network and enable your wireless access point: 1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 1. Select the Wireless Security Type option you wish to use for your Wireless Network. The options are described in “Wireless LANs” on page 3-4. • None: No data encryption is used. • WEP. This enables WEP and requires at least one shared key (see “Configuring WEP” on page 3-10). • WPA-PSK. Uses standard WPA-PSK encryption (see “Configuring WPA-PSK” on page 3-12). • WPA2-PSK.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Select which encryption strength you want to use from the Encryption drop-down menu (64 bits, 128 bits, or 152 bits). Note: 64-bit and 128-bit are the standard encryption strength options. 152-bit key length is a proprietary mode that will only work with other wireless devices that support this mode.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Note: If you use a wireless computer to configure WEP settings, you will be disconnected when you click Apply. Reconfigure your wireless adapter to match the new settings or access the wireless firewall from a wired computer to make any further changes. Configuring WPA-PSK Not all wireless adapters support WPA. Furthermore, client software is required on the client.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 3-5 Configuring WPA2-PSK Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Make sure your client card supports WPA2. Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings. To configure WPA2-PSK: 1. From the Wireless Security Type section, select the WPA2 radio button.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 3-6 Configuring WPA-PSK and WPA2-PSK Not all wireless adapters support WPA and WPA2. Client software is required on the client: • Windows XP and Windows 2000 with Service Pack 3 or above do include the client software that supports WPA. The wireless adapter hardware and driver must also support WPA. • Service Pack 3 does not include the client software that supports WPA2. Make sure your client card supports WPA2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 3-7 4. Click Apply to save your settings. Configuring WPA with RADIUS Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 or above do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 3-8 4. Click Apply to save your settings. Configuring WPA2 with RADIUS Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Make sure your client card supports WPA2. Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings. To configure WPA2 with RADIUS: 1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 3-9 Configuring WPA and WPA2 with RADIUS Not all wireless adapters support WPA and WPA2. Client software is required on the client: • Windows XP and Windows 2000 with Service Pack 3, or above, do include the client software that supports WPA. The wireless adapter hardware and driver must also support WPA. • Service Pack 3 does not include the client software that supports WPA2. Make sure your client card supports WPA2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual b. Enter the RADIUS port number for connecting to the RADIUS Server. c. Enter the Shared Key. The value must match the value used on the RADIUS Server. 4. Click Apply to save your settings.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Note: If configuring the DGFV338 from a wireless computer whose MAC address is not in the Trusted Wireless Stations list, if you enable Turn Access Control, you will lose your wireless connection when you click Apply. You must then access the wireless firewall from a wired computer or from a wireless computer which is on the Trusted Wireless Stations list to make any further changes. To restrict access based on MAC addresses: 1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 6. Select the Available Wireless Stations tab to populate the Available Wireless Stations list with the MAC addresses of wireless stations found within range of this wireless gateway. 7. Click the Add to Trusted List icon adjacent to the MAC address for each wireless device you want to add to the Trusted Wireless Stations list. Once added, the wireless device can establish a connection with this wireless gateway.
Chapter 4 Security and Firewall Protection This chapter describes how to use the Security features of the ProSafe Wireless ADSL Modem VPN Firewall Router to protect your network. These features can be found by selecting Security from the main menu of the browser interface. Firewall Protection and Content Filtering Overview The ProSafe Wireless ADSL Modem VPN Firewall Router provides Web Content filtering—by Domain name (Web sites) and by Keyword Blocking.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual About Service Based Rules The rules to block traffic are based on the traffic’s category of service. • Inbound rules (allow port forwarding). Inbound traffic is normally blocked by the firewall unless the traffic is in response to a request from the LAN side. The firewall can be configured to allow this otherwise blocked traffic. • Outbound rules (service blocking).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 4-1 You may define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. You can also tailor these rules to your specific needs (see “Security and Administrator Management” on page 4-35).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • • • • Filter: Defines an action to be taken on the enabled rule. It can be: – Block Always: Block selected service at all times. – Enable Always: Allow selected service to pass through at all times. – Block by schedule, otherwise allow: Works in conjunction with a schedule defined on the Schedule screen.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • – Maximize-Reliability: Used when data needs to travel to the destination over a reliable link and with little or no retransmission. The IP packets for services with this priority are marked with a ToS value of 2. – Maximize-Throughput: Used when the volume of data transferred during an interval is important even if the latency over the link is high.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To add a new Outbound Service: 1. Click the Add icon under the Outbound Services table. The Add LAN-WAN Outbound Service screen will display. Figure 4-2 2. Fill out the Outbound Service fields for this policy (based on the field explanations above). 3. Click Apply to create your policy. The new service policy will display in the Outbound Services table.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 4-3 Outbound Rule Example: Blocking Instant Messenger Outbound rules let you prevent users from using applications such as Instant Messenger. If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server. If you enable Translate to a Port Number, the traffic will be forwarded to a specific port based on the destination port number. This is also known as port forwarding.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual – Address Range: A range of IP addresses on the LAN will be affected by the rule. – Group: Computers that are part of the Group defined in the Network Database will be affected by the rule (groups are defined under the Network Configuration menu, LAN Groups page on the Edit Group Names tab). WAN Users: Specifies whether all Internet addresses or specific IP addresses are included in the rule.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual For example, if an inbound rule for a schedule is selected as Block Always, then for every packet that tries to make an outbound connection for that service, a message with the packet’s source and destination addresses, along with other information will be recorded in the log. Enabling logging may generate a significant volume of log messages and is recommended for debugging purposes only.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 2. Complete the Inbound Service screen and click Apply. The new rule will be listed in the Inbound Services table. Figure 4-6 To make changes to an existing inbound service rule: 1. Select the radio button next to an row in the table. 2. Click the button for the desired actions: • Edit – to make any changes to the rule definition.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Inbound Rule Example: A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 4-8 Inbound Rule Example: One-to-One NAT Mapping This application note describes how to configure multi-NAT to support multiple public IP addresses on one WAN interface of a NETGEAR ProSafe Wireless ADSL Modem VPN Firewall Router. By creating an inbound rule, we will configure the firewall to host an additional public IP addresses and associate this address with a Web server on the LAN.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 3. From the Device pull-down menu, (see Figure 4-9), select the HTTP service for a Web server. Figure 4-9 4. From the Action pull-down menu, select ALLOW always. 5. For Send to LAN Server, enter the local IP address of your Web server PC. 6.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Your rule will now appear in the Inbound Services table of the Rules menu (see Figure 4-10). This rule is different from a normal inbound port forwarding rule in that the Destination box contains an IP Address other than your normal WAN IP Address. Figure 4-10 To test the connection from a PC on the Internet, enter http://, where is the public IP address you have mapped to your Web server.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 1. Select Any protocol and ALLOW Always (or Allow by Schedule) 2. Place rule below all other inbound rules by clicking the down icon Figure 4-11 Considerations for Inbound Rules The DHCP setup and how the PCs access the server’s LAN address impact the Inbound Rules. • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 4-12: Figure 4-12 For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the LAN WAN Rules Table, beginning at the top and proceeding to the default rules at the bottom.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Although the DGFV338 already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall rules.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Quality of Service (QoS) Priorities This setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. The user can change this priority for Outbound Services only.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Minimize-Delay: Used when the time required for the packet to reach the destination must be fast (low link latency). The IP packets for this service priority are marked with a TOS value of 8. Attack Checks This screen allows you to specify if the router should be protected against common attacks from the LAN and WAN networks. The various types of attack checks are defined below.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To enable Attack Checks: 1. Select Security from the main menu and Firewall Rules from the submenu. Then click the Attack Checks tab. 2. Check the radio box for the types of security measures you want to enable. (See the explanation above the various WAN and LAN Security Checks.) 3. Click Apply to activate the selected security checks.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • No need to reserve an IP address for a PC in the DHCP Server. All IP address assignments made by the DHCP Server will be maintained until the PC or device is removed from the database, either by expiry (inactive for a long time) or by you. • No need to use a Fixed IP on PCs. Because the address allocated by the DHCP Server will never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP address.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 4-16 Security and Firewall Protection 4-23 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table 4.1 Groups and Hosts Item Description Known PCs and Devices This table lists all current entries in the Network Database. For each PC or device, the following data is displayed. • Radio button – Use this to select a PC for editing or deletion. • Name – The name of the PC or device. Sometimes, this cannot be determined, and is listed as Unknown. In this case, you can edit the entry to add a meaningful name.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers. – Java – Blocks java applets from being downloaded from pages that contain them. Java applets are small programs embedded in web pages that enable dynamic functionality of the page.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual The following screen (Figure 4-17) illustrates the use of Keyword Blocking and adding Trusted Domains. Figure 4-17 4-26 Security and Firewall Protection v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To block keywords or Internet domains: 1. Check the Yes radio box in the Turn keyword blocking on? section and click Apply. (The default is No.) 2. Select the Web Components you want to enable and click Apply. 3. Check the boxes next to the group names in the Apply Keyword Blocking to list to specify for which groups you want to implement Keyword Blocking.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual A valid MAC address is 12 fields; 0 to 9 and a to f. For example: 00:e0:4c:69:0a:11. Figure 4-18 4. Click Apply. The outbound traffic from the specified MAC addresses will be dropped Note: For additional ways of restricting outbound traffic, see “Order of Precedence for Rules” on page 4-17.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual was made. When the application ceases to transmit data over the port, the router waits for a timeout interval and then closes the port or range of ports, making them available to other computers on the private network. Once configured, the operation is as follows: • A PC makes an outgoing connection using a port number defined in the Outgoing Port Triggering table.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 3. Figure 4-19 Table 4.2 Port triggering Item Description Port Triggering Rules • Enable - Indicates if the rule is enabled or disabled. Generally, there is no need to disable a rule unless it interferes with some other function such as Port Forwarding. • Name - The name for this rule. • Outgoing Ports - The port or port range for outgoing traffic. An outgoing connection using one of these ports will trigger this rule.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table 4.2 Port triggering Item Description Modifying or Deleting • Select the desired rule by clicking the radio button beside the rule. an existing Rule: • Click Edit or Delete as desired. Checking Operation and Status To see which rules are currently being used, click the Status button. The following data will be displayed: • Rule - the name of the Rule. • LAN IP Address - The IP address of the PC currently using this rule.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 4-20 Event Logs and Alerts Your router will log security-related events such as denied incoming service requests, hacker probes, and administrator logins, according to your settings on this screen in the Routing Logs section.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 4-21 To view the Logs and E-mail screen: 1. Select Monitoring from the main menu and Firewall Logs and E-mail from the submenu. The Firewall Logs and E-mail screen will display. The Log Options section will display the Log Identifier field. A mandatory field to identify the log messages. This ID is appended to log messages. 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 3. From the System Logs section, check the radio boxes of the System Log events you want to track and record: • Change of Time by NTP: Logs a message when the system time changes after a request from a Network Time server. • Login Attempts: Logs a message when a login is attempted from the LAN network. Both, successful and failed login attempts will be logged.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 6. SysLog Facility: Select the appropriate syslog facility (Local0 to Local7). 7. Click Apply to save your settings. Security and Administrator Management Consider the following operational items: 1. As an option, you can enable Remote Management if you need to manage distant sites from a central location (see “Enabling Remote Management Access” on page 6-8). 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 4-36 Security and Firewall Protection v1.
Chapter 5 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the ProSafe DGFV338. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. Tip: When using dual WAN port networks, use the VPN Wizard to configure the basic parameters and them edit the VPN and IKE Policy screens for the various VPN scenarios.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Setting up a VPN Connection using the VPN Wizard Setting up a VPN tunnel connection requires that all settings and parameters on both sides of the VPN tunnel match or mirror each other precisely, which can be a daunting task. The VPN Wizard can assist in guiding you through the setup procedure by asking you a series of questions that will determine the IPSec keys and VPN policies it sets up.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 7. Enter the Remote LAN IP Address and Subnet Mask of the remote gateway. The information entered here must match the Local LAN IP and Subnet Mask of the remote gateway; otherwise the secure tunnel will fail to connect.The IP address range used on the remote LAN must be different from the IP address range used on the local LAN. 8.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 5-2 You can also view the status of your IKE Policies by clicking the IKE Policies tab. The IKE Policies screen will display. Then view or edit the parameters of the “Offsite” policy by clicking Edit in the Action column adjacent to the policy. The Edit IKE Policy screen will display. 5-4 Virtual Private Networking v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 5-3 VPN Tunnel Policies When you use the VPN Wizard to set up a VPN tunnel, both a VPN Policy and an IKE Policy are established and populated in both Policy Tables. The name you selected as the VPN Tunnel connection name during Wizard setup identifies both the VPN Policy and IKE Policy. You can edit existing policies, or add new VPN and IKE policies directly in the Policy Tables.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Managing IKE Policies IKE Policies are activated when: 1. The VPN Policy Selector determines that some traffic matches an existing VPN Policy. If the VPN policy is of type “Auto”, then the Auto Policy Parameters defined in the VPN Policy are accessed which specify which IKE Policy to use. 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Encr. Encryption Algorithm used for the IKE SA. The default setting using the VPN Wizard is 3DES. (This setting must match the Remote VPN.) • Auth. Authentication Algorithm used for the IKE SA. The default setting using the VPN Wizard is SHA1. (This setting must match the Remote VPN.) • DH. Diffie-Hellman Group. The Diffie-Hellman algorithm is used when exchanging keys. The DH Group sets the number of bits.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 4. The remote VPN Endpoint must have a matching SA, or it will refuse the connection. VPN Policy Table Only one Client Policy may configured at a time (noted by an “*” next to the policy name). The Policy Table contains the following fields: • ! (Status). Indicates whether the policy is enabled (green circle) or disabled (grey circle).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Tx (Packets). The number of packets transmitted over this SA. • State. The current state of the SA. Phase 1 is “Authentication phase” and Phase 2 is “Key Exchange phase”. • Action. Allows you to terminate or build the SA (connection), if required.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 7. Enter the WAN IP address of the remote FVX538 and then enter the WAN IP address of the local DGFV338. (Both local and remote ends must define the address as either an IP address or a FQDN. A combination of IP address and FQDN is not permissible.). Figure 5-4 8. Enter the LAN IP address and subnet mask of the remote FVX538. 9. Click Apply to create the “to_fvx” IKE and VPN policies.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 5-5 To view the VPN Policy parameters: 1. Click Edit in the Action column adjacent to the “to_fvx” policy. The Edit VPN Policy screen will display. (It should not be necessary to make any changes. 2. View the IKE Policy statistics associated with this policy by clicking View Selected. Virtual Private Networking 5-11 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Figure 5-6 To view the IKE Policy Configuration parameters: 1. Select the IKE Policies tab. The IKE Policies table will display. 5-12 Virtual Private Networking v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 2. Select “to_FVX” and click Edit. It should not be necessary to make any changes) Figure 5-7 Note: When XAUTH is enabled as an Edge Device, incoming VPN connections are authenticated against the DGFV338 User Database first; then, if configured, a RADIUS server is checked. If IPSec Host is enabled, users are authenticated by the remote host. Virtual Private Networking 5-13 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Configuring the FVX538 To configure the FVX538 VPN Wizard: 1. Select VPN from the main menu and VPN Wizard from the submenu. The VPN Wizard screen will display. 2. Check the Gateway radio box for the type of VPN tunnel connection. 3. Give the new connection a name, such as to_dgfv.. 10.1.1.150 Figure 5-8 4. Enter a value for the pre-shared key. 5. Enter the WAN IP address of the remote DGFV338. 6.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Testing the Connection To test the VPN gateway tunnel: 1. From a PC on either LAN firewall, try to ping a PC on the LAN of the other firewall. Establishing the VPN connection may take several seconds. 2. For additional status and troubleshooting information, view VPN Logs and VPN Connections Status screens in the FVX538 or DGFV338.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Figure 5-9 6. Enter he remote WAN’s IP Address or Internet Name and then enter the local WAN’s IP Address or Internet Name. In this example, we are using their FQDNs. (Both the local and remote addresses must be of the same type—either both must be FQDN or both must be an IP address.) 7. Click Apply to create the “home” VPN Client. The VPN Policies screen will display showing the VPN Client policy as enabled. 8.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Configuring the VPN Client From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy to connect to the DGFV338. To configure your VPN client: 1. Right-click on the VPN client icon Editor. in your Windows toolbar and select Security Policy 2. In the upper left of the Policy Editor window, click the New Document icon to open a New Connection.Give the New Connection a name, such as to_dgfv.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . to_dgfv dvfg_local.com Figure 5-11 7. In the left frame, click My Identity. 8. From the Select Certificate pull-down menu, select None. 9. From the ID Type pull-down menu, select Domain Name. The value entered under Domain Name is “.dvfg_remote.com”. In this example, we have entered dvfg_remote.com. Up to 50 users can be served by one policy. 10. Leave Virtual Adapter disabled, and select your computer’s Network Adapter.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . to_dgfv dgfv_remote.com Figure 5-12 5. Before leaving the My Identity menu, click Pre-Shared Key. 6. Click Enter Key and then enter your preshared key, and click OK. This key will be shared by all users of the DGFV338 policy “home”. to_dgf Figure 5-13 7. In the left frame, select Security Policy. Virtual Private Networking 5-19 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 8. For the Phase 1 Negotiation Mode, check the Aggressive Mode radio box. 9. PFS should be enabled, and Enable Replay Detection should be enabled. Figure 5-14 10. In the left frame, expand Authentication (Phase 1) and select Proposal 1. The Proposal 1 fields should mirror those in the following figure. No changes should be necessary. to_dgfv Figure 5-15 5-20 Virtual Private Networking v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 11. In the left frame, expand Key Exchange (Phase 2) and select Proposal 1. The fields in this proposal should also mirror those in the following figure. No changes should be necessary. 12. In the upper left of the window, click the disk icon to save the policy. to_dgfv Figure 5-16 Testing the Connection 1. From your PC, right-click on the VPN client icon Connect..., then My Connections\to_dgfv.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 2. For additional status and troubleshooting information, right-click on the VPN client icon Logs and Connection Status screens in the DGFV338. Figure 5-17 Certificate Authorities Digital Self Certificates are used to authenticate the identity of users and systems, and are issued by various CAs (Certification Authorities).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual The Active Self Certificates table shows the Certificates issued to you by the various CAs (Certification Authorities), and available for use. For each Certificate, the following data is listed: • Name. The name you used to identify this Certificate. • Subject Name. This is the name which other organizations will see as the Holder (owner) of this Certificate. This should be your registered business name or official company name.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Figure 5-18 • Domain Name – If you have a Domain name, you can enter it here. Otherwise, you should leave this field blank. • E-mail Address – Enter your e-mail address in this field. 4. Click Generate. A new certificate request is created and added to the Self Certificate requests table. 5. Click View under the Action column to view the request. 5-24 Virtual Private Networking v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 6. Copy the contents of the Data to supply to CA text box into a file, including all of the data contained in “----BEGIN CERTIFICATE REQUEST---” and “---END CERTIFICATE REQUEST---”Click Done. You will return to the Certificate screen and your Request details will be displayed in the Self Certificates Requests table showing a Status of “Waiting for Certificate upload” To submit your Certificate request to a CA: 1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • CA Identify – The official name of the CA which issued this CRL. • Last Update – The date when this CRL was released. • Next Update – The date when the next CRL will be released. To upload a Certificate Identify to the CRL: 1. From the main menu under VPN, select Certificates. The Certificates screen will display showing the CRL (Certificate Revocation List) table at the bottom of the screen. 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • IPSec Host. If you want authentication by the remote gateway, enter a User Name and Password to be associated with this IKE policy. If this option is chosen, the remote gateway must specify the user name and password used for authenticating this gateway. Note: If a RADIUS-PAP server is enabled for authentication, XAUTH will first check the local User Database for the user credentials.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual – • RADIUS–CHAP or RADIUS–PAP (depending on the authentication mode accepted by the RADIUS server) to add a RADIUS server. If RADIUS–PAP is selected, the router will first check in the User Database to see if the user credentials are available. If the user account is not present, the router will then connect to the RADIUS server (see “RADIUS Client Configuration” on page 5-30).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual User Database Configuration The User Database screen is used to configure and administer users when Extended Authentication is enabled as an Edge Device. Whether or not you use an external RADIUS server, you may want some users to be authenticated locally. These users must be added to the User Database Configured Users table. To add a new user: 1. Select VPN from the main menu and VPN Client from the submenu.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To edit the user name or password: 1. Click Edit opposite the user’s name. The Edit User screen will display. 2. Make the required changes to the User Name or Password and click Apply to save your settings or Reset to cancel your changes and return to the previous settings. The modified user name and password will display in the Configured Users table.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Figure 5-22 3. Enter the Primary RADIUS Server IP address. 4. Enter a Secret Phrase. Transactions between the client and the RADIUS server are authenticated using a shared secret phrase, so the same Secret Phrase must be configured on both client and server. 5. Enter the Primary Server NAS Identifier (Network Access Server). This Identifier MUST be present in a RADIUS request.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 9. Click Reset to cancel any changes and revert to the previous settings. 10. Click Apply to save the settings. Note: Selection of the Authentication Protocol, usually PAP or CHAP, is configured on the individual IKE policy screens.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Configuring the ProSafe DGFV338 Two menus must be configured—the Mode Config menu and the IKE Policies menu. To configure the Mode Config menu: 1. From the main menu, select VPN, and then select Mode Config from the submenu. The Mode Config screen will display. 2. Click Add. The Add Mode Config Record screen will display. 3. Enter a descriptive Record Name such as “Sales”. 4.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 5-23 To configure an IKE Policy: 1. From the main menu, select VPN. The IKE Policies screen will display showing the current policies in the List of IKE Policies Table. 2. Click Add to configure a new IKE Policy. The Add IKE Policy screen will display. 3. Enable Mode Config by checking the Yes radio box and selecting the Mode Config record you just created from the pull-down menu.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 4. In the General section: a. Enter a description name in the Policy Name Field such as “salesperson”. This name will be used as part of the remote identifier in the VPN client configuration. b. Set Direction/Type to Responder. c. The Exchange Mode will automatically be set to Aggressive. 5. For Local information: d. Select Fully Qualified Domain Name for the Local Identity Type. e.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 10. Click Apply. The new policy will appear in the IKE Policies Table (a sample policy is shown below) Figure 5-24 Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in the Windows toolbar.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual b. From the ID Type pull-down menu, select IP Subnet. c. Enter the IP Subnet and Mask of the ProSafe DGFV338 (this is the LAN network IP address of the gateway). d. Check the Connect using radio button and select Secure Gateway Tunnel from the pulldown menu. e. From the ID Type pull-down menu, select Domain name and enter the FQDN of the ProSafe DGFV338; in this example it is “local_id.com”. f.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual d. Under Virtual Adapter pull-down menu, select Preferred. The Internal Network IP Address should be 0.0.0.0. Note: If no box is displayed for Internal Network IP Address, go to Options/ Global Policy Settings, and check the box for “Allow to Specify Internal Network Address.” e. Select your Internet Interface adapter from the Name pull-down menu. Figure 5-26 3. On the left-side of the menu, select Security Policy. a.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 5-27 5. Click on Key Exchange (Phase 2) on the left-side of the menu and select Proposal 1. Enter the values to match your configuration of the ProSafe DGFV338 ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours (28800 seconds)). Figure 5-28 6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client. Virtual Private Networking 5-39 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To test the connection: 1. Right-click on the VPN client icon in the Windows toolbar and select Connect. The connection policy you configured will appear; in this case “My Connections\modecfg_test”. 2. Click on the connection. Within 30 seconds the message “Successfully connected to MyConnections/modecfg_test will display and the VPN client icon in the toolbar will read “On”. 3.
Chapter 6 Router and Network Management This chapter describes how to use the network management features of your ProSafe Wireless ADSL Modem VPN Firewall Router. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The ProSafe Wireless ADSL Modem VPN Firewall Router offers many tools for managing the network traffic to optimize its performance.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Service Blocking Note: This feature is for Advanced Administrators only! Incorrect configuration will cause serious problems. You can control specific outbound traffic (i.e., from LAN to WAN and from DMZ to WAN). Outbound Services lists all existing rules for outbound traffic. If you have not defined any rules, only the default rule will be listed. The default rule allows all outgoing traffic.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual See “Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-1 for the procedure on how to use this feature. Services. The Rules menu contains a list of predefined Services for creating firewall rules. If a service does not appear in the predefined Services list, you can define the service. The new service will then appear in the Rules menu's Services list.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual You can bypass keyword blocking for trusted domains by adding the exact matching domain to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for which keyword blocking has been enabled will still be allowed without any blocking. • Web component blocking – You can block the following Web component types: Proxy, Java, ActiveX, and Cookies.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Each rule lets you specify the desired action for the connections covered by the rule: • BLOCK always • BLOCK by schedule, otherwise Allow • ALLOW always • ALLOW by schedule, otherwise Block You can also enable a check on special rules: • VPN Passthrough – Enable this to pass the VPN traffic without any filtering, specially used when this firewall is between two VPN tunnel end points.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual See “Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-1 for the procedure on how to use this feature. Port Triggering Port triggering allows some applications to function correctly that would otherwise be partially blocked by the firewall. Using this feature requires that you know the port numbers used by the Application.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • You can change the priority to a higher or lower value than its default setting to give the service higher or lower priority than it otherwise would have. The QoS priority settings conform to the IEEE 802.1D-1998 (formerly 802.1p) standard for class of service tag. You will not change the WAN bandwidth used by changing any QoS priority settings.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Change administrator name and password Change guest read-only password Change administrator login time-out Figure 6-1 3. First enter the old password, and then enter the new password—twice. Click Apply. 4. Change the login idle time-out by changing the number of minutes. Click Apply.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 7.2 shows the Remote Management screen that is invoked when you select Remote Management under Management on the main menu. Figure 6-2 To configure your firewall for Remote Management: 1. Select Administration from the main menu and Remote Management from the submenu. The Remote Management screen will display. 2. Under Allow Remote Management, check the Yes radio box. 3.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 5. Click Apply to have your changes take effect. When accessing your firewall from the Internet, the Secure Sockets Layer (SSL) will be enabled. Enter https:// and type your firewall WAN IP address into your browser, followed by a colon (:) and the custom port number. For example, if your WAN IP address is 172.21.4.1 and you use port number 8080, type the following in your browser: https://172.21.4.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 2. Enter admin and password when prompted for the login and password information (or enter guest and password to log in as a read-only guest). Note: No password protection exists when using the console port to access the unit. Any configuration changes made via the CLI are not preserved after a reboot or power cycle unless the user issues the CLI save command after making the changes.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Each WAN port is programmed separately. WAN port shuts down once the traffic limit is reached. An email alert can be sent when this shutdown happens. Figure 6-3 Monitoring You can view status information about the firewall, WAN ports, LAN ports, and VPN tunnels and program SNMP connections.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 6-4 Table 6-1. Router Status Item Description System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will change if you upgrade your router. Router and Network Management 6-13 v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table 6-1. Router Status (continued) Item Description LAN Port Information These are the current settings for MAC address, IP address, DHCP role and Subnet Mask that you set in the LAN IP Setup page. DHCP can be either Server or None. WAN Port Information This indicates whether rollover mode is enabled and which LAN connection is primary and which is secondary.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To check Dynamic DNS status: 1. Select Network Configuration from the main menu and Dynamic DNS from the submenu. The Dynamic DNS Configuration screen will display. 2. Check the DNS provider radio box on the WAN port for which you have service. 3. Click the link at the top of the page for the dynamic DNS service you want to access. Click Show Status. The Status screen for the selected service will display.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 6-6 6-16 Router and Network Management v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual LAN Ports and Attached Devices Known PCs and Devices The Known PCs and Devices table contains a table of all IP devices that the firewall has discovered on the local network. This screen is accessible from the Administration main menu and the LAN Groups submenu. The Groups and Hosts screen will display showing the Known PCs and Devices table shown below:.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual The Known PCs and Devices table lists all current entries in the Network Database. For each PC or device, the following data is displayed. Table 6-2. Known PCs and Devices table Item Description Name The name of the PC or device. Sometimes, this can not be determined, and will be listed as Unknown. In this case, you can edit the entry to add a meaningful name. IP Address The current IP address.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Port Triggering Status The Port Triggering Status screen is available from the Port Triggering screen accessible under Security on the main menu. Only one PC can use a Port Triggering application at any time. When the PC has finished using the application, a time-out period occurs before another PC can use the Port triggering. You can check status using the Port Triggering Status screen.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Click to view logs Select the types of logs to email. Enable emailing of logs. Set a schedule to send email. logs. Enable Syslogs server. Figure 6-10 6-20 Router and Network Management v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To invoke the Log screen, click the View Log link on the Logs and E-mail screen. Figure 6-11 VPN Tunnels You can view the VPN Logs by selecting Monitoring on the main menu and VPN Logs on the submenu. The VPN Logs screen displays the log contents generated by all VPN policies. • Click Refresh to view entries made after this screen was invoked. • Click Clear Log to delete all entries.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Select VPN from the main menu and Connection Status from the submenu to display the status of IPSec connections. You can change the status of a connection; to either establish or drop the Security Association (SA). Clicking on the VPN Status will show the IPSec Connection status of each VPN tunnel. The field descriptions for the data in the IPSec Connection Status table are in the following Table 6-4. Figure 6-13 Table 6-4.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • IP Address: The IP address of the SNMP manager. • Port: The trap port of the configuration. • Community: The trap community string of the configuration. To create a new SNMP configuration entry: 1. Select Administration from the main menu and SNMP from the submenu. The SNMP screen will display. 2.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 6-14 The SNMP System Info link displays the wireless firewall identification information available to the SNMP Manager: System Contact, System Location, and System name. To modify the SNMP System contact information: 1. Click the SNMP System Info link. The SNMP SysConfiguration screen will display. 2. Modify any of the contact information that you want the SNMP Manager to use. 3. Click Apply to save your settings.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Select Monitoring from the main menu and Diagnostics from the submenu. The Diagnostics screen will display. Figure 6-15 .The functionality of the each diagnostic tool is described in the following Table 6-5. Table 6-5. Diagnostics Item Description Ping or Trace an IP address Ping – Use this to send a ping packet request to the specified IP address. This is often used to test a connection.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table 6-5. Diagnostics (continued) Item Description Reboot the Router Use this button to perform a remote reboot (restart). You can use this if the Router seems to have become unstable or is not operating normally. Note: Rebooting will break any existing connections either to the Router (such as this one) or through the Router (for example, LAN users accessing the Internet).
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual If your browser isn’t set up to save downloaded files automatically, locate where you want to save the file, specify file name, and click Save. If you have your browser set up to save downloaded files automatically, the file will be saved to your browser's download location on the hard disk. Warning: Once you start restoring settings or erasing the router, do NOT interrupt the process.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 6-16 Router Upgrade You can install a different version of the wireless firewall firmware from the Settings Backup and Firmware Upgrade screen. To view the current version of the firmware that your wireless firewall is running, select Monitoring from the main menu. The Router Status screen on the will display all of the wireless firewall router statistics.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To upgrade router software: 1. Select Administration from the main menu and Settings Backup and Firmware Upgrade from the submenu. The Settings Backup and Firmware Upgrade screen will display. 2. Click Browse in the Router Upgrade section. 3. Locate the downloaded file and click Upload. This will start the software upgrade to your wireless firewall router. This may take some time.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Use Custom NTP Servers: If you prefer to use a particular NTP server, enable this instead and enter the name or IP address of an NTP Server in the Server 1 Name/IP Address field. If required, you can also enter the address of another NTP server in the Server 2 Name/IP Address field. If you select this option and leave either the Server 1 or Server 2 fields empty, they will be set to the Default Netgear NTP servers. 4.
Chapter 7 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Wireless ADSL Modem VPN Firewall Router. These features can be found by selecting Network Configuration from the primary menu and LAN Setup from the submenu of the browser interface.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Configuring the LAN Setup Options The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and allows you to configure a secondary or “multi-home” LAN IP setup in the LAN. The default values are suitable for most users and situations. These are advanced settings most usually configured by a network administrator. To change the LAN IP services: 1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 4. DHCP Server. By default, the router will function as a DHCP server, providing TCP/IP configuration for all computers connected to the router's LAN. If another device on your network will be the DHCP server, or if you will manually configure all devices, select the Disable DHCP Server radio button. If the Enable DHCP Server radio button is selected, complete the following fields: a. DHCP Log.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 7-2 To reserve an IP address: 1. Select Network Configuration from the main menu and LAN Groups from the submenu. THe Groups and Hosts screen will display. 2. From the IP Address Type pull-down menu, select Reserve as the address type. 3. Fill in the remaining fields in the Add Known PCs and Devices table and click Add.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual To add a secondary LAN IP address: 1. Enter the IP Address and the Subnet Mask in the respective fields of the Add Secondary LAN IP Address section. 2. Click Add. The new Secondary LAN IP address will appear in the Available Secondary LAN IPs table. To delete any or all entries in the Available Secondary LAN IPs table: 1. Select the entries using one of the following methods: • Click Select all to select all the entries in the table.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual . Figure 7-3 Note: Additional IP addresses cannot be configured in the DHCP server. The hosts on the secondary subnets must be manually configured with IP addresses, gateway IP and DNS server IPs. 7-6 LAN Configuration v1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Configuring Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You must configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on your network.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 5. Select Private if you want to limit access to the LAN only. The private static route will not be advertised in RIP. 6. Enter the Destination IP Address to the host or network to which the route leads. 7. Enter the IP Subnet Mask for this destination. If the destination is a single host, enter 255.255.255.255. 8. Enter the Interface which is the physical network interface (WAN1, WAN2, or LAN) through which this route is accessible.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • In Only – The router accepts RIP information from other routers, but does not broadcast its routing table. Figure 7-5 3. From the RIP Version pull-down menu, select the version: • RIP-1 – A classful routing that does not include subnet information. This is the most commonly supported version. • RIP-2 – Supports subnet information.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 5. Click Reset to discard any changes and revert to the previous settings. 6. Click Save to save your settings. Static Route Example For example, you may require a static route if: • Your primary Internet access is through a cable modem to an ISP. • You have an ISDN firewall on your home network for connecting to the company where you are employed. This firewall’s address on your LAN is 192.168.1.100.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual By default, UPnP is disabled. When disabled, the router will not allow any device to automatically control the resources of the router; for example, port forwarding. When enabled, you must set the Advertisement Period and the Advertisement Time to Live according to the following criteria: • • Advertisement Period. Determines how often the router will advertise (broadcast) its UPnP information.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Figure 7-6 To turn on and set up UPnP: 1. Select Security from the main menu and UPnP from the submenu. The UPnP screen will display. 2. Enable the UPnP radio by selecting the Yes radio box. 3. Modify the default Advertisement Period and Advertisement Time to Live settings, if desired. The defaults are 30 minutes and 4 hops, respectively. 4. Click Apply to save the new settings.
Chapter 8 Troubleshooting This chapter gives information about troubleshooting your ProSafe Wireless ADSL Modem VPN Firewall Router. After each problem description, instructions are provided to help you diagnose and solve the problem. Basic Functions After you turn on power to the firewall, the following sequence of events should occur: 1. When power is first applied, verify that the PWR LED is on. 2. After approximately 60 to 90 seconds, verify that: a. The TEST LED is not lit. b.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turns on for about 10 seconds and then turn off. If all the LEDs stay on, there is a fault within the firewall. If all LEDs are still on one minute after power up: • Cycle the power to see if the firewall recovers. • Clear the firewall’s configuration to factory defaults. This will set the firewall’s IP address to 192.168.1.1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Make sure your PC’s IP address is on the same subnet as the firewall. If you are using the recommended addressing scheme, your PC’s address should be in the range of 192.168.1.2 to 192.168.1.254. Note: If your PC’s IP address is shown as 169.254.x.x: Recent versions of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server. These auto-generated addresses are in the range of 169.254.x.x.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual 2. Access the Main Menu of the firewall’s configuration at http://192.168.1.1 3. Under the Management heading, select Router Status 4. Check that an IP address is shown for the ADSL or Ethernet WAN Port (whichever port you configured.) If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring your ADSL Connection” on page 2-6 or “Manually Configuring your Ethernet Connection” on page 2-8. If your firewall can obtain an IP address, but your PC is unable to load any Web pages from the Internet: • Your PC may not recognize any DNS server addresses.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Request timed out If the path is not functioning correctly, you could have one of the following problems: • • Wrong physical connections – Make sure the LAN port LED is on. If the LED is off, follow the instructions in “LAN or Internet Port LEDs Not On” on page 8-2. – Check that the corresponding Link LEDs are on for your network interface card and for the hub ports (if any) that are connected to your workstation and firewall.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem. If this is the case, you must configure your firewall to “clone” or “spoof” the MAC address from the authorized PC.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Time is off by one hour. Cause: The firewall does not automatically sense Daylight Savings Time. In the E-Mail menu, check or uncheck the box marked “Adjust for Daylight Savings Time”. 8-8 Troubleshooting v1.
Appendix A Default Settings and Technical Specifications Default Factory Settings You can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, push and hold the reset button for approximately 10 seconds (until the TEST LED blinks rapidly). Your device will return to the factory configuration settings shown in Table A-1 below.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table A-1. Default Configuration Settings (continued) Feature Default Behavior DHCP Server Enabled DHCP Starting IP Address 192.168.1.2 DHCP Ending IP Address 192.168.1.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table A-1. Default Configuration Settings (continued) Feature Default Behavior Output Power Full Access Point Disabled Authentication Type Open System Wireless Card Access List All wireless stations allowed a. Maximum Wireless signal rate derived from IEEE Standard 802.11 specifications. Actual throughput will vary.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Table A-2. Technical Specifications Specification Description Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B Interface Specifications A-4 LAN: 10BASE-T or 100BASE-Tx, RJ-45 WAN: 10BASE-T or 100BASE-Tx or ADSL Default Settings and Technical Specifications v1.
Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP Addressing: http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Communications: http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for Network Access: http://documentation.netgear.com/reference/enu/wsdhcp/index.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual B-2 Related Documents v1.
Index Numerics B 802.11a 3-4 Back up settings 6-26 802.11b 3-4 backup and restore settings 6-26 802.11g 3-4 Beacon Interval 3-7 A Block Sites 4-24 reducing traffic 6-3 access adminstrator and guest 6-7 remote management 6-8 Access Control List 3-6 Access Control screens 3-20 block traffic with schedule 4-31 C Active Self Certificates 5-22 CA about 5-22 Add Mode Config Record screen 5-33 Certificate Authority. See CA.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual status 6-15 TKIP 3-15 Date setting 6-29 Dynamic DNS screen 2-17 date troubleshooting 8-7 E Daylight Savings Time adjusting for 6-29 Dedicated ADSL 2-15 Dedicated Ethernet 2-15 default factory settings A-1 default login 1-9, 2-3 Edge Device 5-27 XAUTH, with ModeConfig 5-35 Edit IKE Policy screen 5-4 Enable DHCP server 7-1 Encapsulating Security Payload VPN Policy 5-8 default user name 1-9, 2-3 encryption AES 3-5 TKIP+AES 3-5 De
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual H hosts, managing 4-21 I IGP 7-8 IKE Policies management of 5-6 IKE Policy about 5-5 ModeConfig, configuring with 5-34 XAUTH, adding to 5-27 Inbound Rules 4-2 inbound rules 4-7 example 4-12, 4-13, 4-15 load balancing 5-1 Login 2-7, 2-9 login default 1-9, 2-3 logs sending 4-32 M MAC Address restricting wireless access 3-18 MAC address 3-18, 8-7 spoofing 8-5 MAC addresses restricting access 3-6 Internet service connection types 2-4,
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Network Time Protocol 4-31, 8-7 port forwarding 4-7, 6-4 Network Time Protocol. See NTP. port numbers 4-17 newsgroup 4-25 Port Speed 2-11 NTP 4-31, 6-29, 8-7 port triggering 6-6 NTP Servers custom 6-30 default 6-29 PPP over Ethernet 1-4 NTP servers setting 6-29 O Open System 3-10 Open Systems 3-10 Operating Channel 3-4 Operating Mode 802.11a 3-4 802.11g 3-4 Operatng Mode 802.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual versions of 7-9 security 1-3 RIP Configuration screen 7-8 Security Check List Form 3-8 rollover 5-1 Self Certificate Request generating 5-23 router upgrade software 6-29 service blocking 4-3 router broadcast RIP, use with 7-8 service numbers 4-17 Router MAC Address 2-11 Settings Backup and Firmware Upgrade 6-26 router management 6-1 Shared Key 3-10 router rear panel 1-8 Simple Network Management Protocol. See SNMP.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual daylight savings 8-8 troubleshooting 8-7 Time Zone setting of 6-29 Time Zone screen 6-29 TKIP 3-12, 3-15 TKIP+AES 3-5 traffic increasing 6-4 reducing 6-1 traffic management 6-7 Traffic Meter field descriptions 2-21 programming 2-20 traffic meter programming 2-22 Traffic Meter screen ADSL screen 2-20 Ethernet screen 2-20 Troubleshooting 8-3 troubleshooting 8-1 ISP connection 8-3 Web configuration 8-2 Trusted Certificates 5-22 Trusted Wi
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Network Authentication 3-10 Network Authentication screen 3-11 WEP configuring 3-10 Wireless Network Name. See SSID.
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Index-8 v1.
