FVX538

NETGEAR CONFIDENTIAL

FVX538

ProSafe VPN Firewall 200


Main Features

• 8 10/100 ports and 1 gigabit LAN port.

• One console port.

• SNMP support (optimized for NMS100) – SNMPv2.

• QoS traffic prioritization.

• Hardware DMZ.

• Security co-processor for optimized throughput performance, 90+ Mbps WAN-LAN and up to 100 Mbps 3DES throughput.

• SPI Firewall and multi-NAT.

• Support 200 VPN tunnels.

• Includes VPN client software with 5-users license.

• Rack-mountable.

• Future upgradability to SSL VPN, IDS, Anti-virus, anti-spam and anti-spyware security measures.


ProSafe Firewalls ComparisonFeature FVS318 v3 FVS338 FVL328 FVX538

VPN Tunnels 8 50 100 200WAN-to-LAN throughput 12. 5 Mbps 90+ Mbps 54 Mbps 90+ Mbps

3DES Throughput 1.2 Mbps 60+ Mbps 15 Mbps 90+ MbpsLAN Ports (8)10/100 LAN (8)10/100 LAN (8) 10/100 LAN (8) 10/100 LAN, (1) Gigabit LANWAN Ports (1)10/100Mbps WAN (1)10/100Mbps WAN (1)10/100Mbps WAN (2)10/100Mbps WANSerial port no yes, for analog backup no yes, console port for local mgmtEncryption DES, 3DES, AES DES, 3DES, AES DES, 3DES DES, 3DES, AES

Encryption Method Hardware for 3DES Hardware Hardware HardwareQoS no yes no yes

SNMP no yes no yesSIP aware no future upgrade no future upgradeSSL VPN no no no future upgrade

Digital Certificate Support yes yes yes yesNAT On/Off no yes yes yesMultNAT no yes yes yes

Other VPN01L included VPN05L includedCLI no yes no yes

Rack mountable no no no yesICSA Firewall yes in testing yes in testing

VPNC certifiable yes yes yes yesUS List Price $157 $278 $418 $557

Average Catalog $109 $199 $249 $399


Front Panel


Rear Panel


Bottom Label


Console - CLI


GUI


http://192.168.1.1

• Username: admin

• Password: password


WAN Setup – WAN 1 ISP


Setup Wizard


WAN Status


WAN Setup – WAN 2 ISP


WAN Setup - Mode


WAN Setup – Protocol Binding


WAN Setup - Options

28Kbps to 100Mbps


WAN Setup – Dynamic DNS


WAN Setup – Traffic Meter


WAN Setup – Traffic Meter

Statistic by Protocol


Security – Groups and Hosts



Add



Edit Group Names


Security – Source MAC Filter


Security – Block Sites


Security – Rules


Security – Rules – Outbound Services


Security – Rules – Inbound Services


Security - Services


Security - Schedule


Security – Logs and Emails


Security – View Log


Security – Logs and Emails

Email Logs and Syslog


VPN – VPN Wizard Box-to-box


VPN – VPN Wizard Box-to-box

Result:


VPN – VPN Wizard Client-to-box


VPN – VPN Wizard Client-to-box


VPN – VPN Status


VPN – IKE Policies


VPN – IKE Policies - Add


VPN – VPN Policies


VPN – VPN Policies – Add Auto Policy


VPN – VPN Policies – Add Manual Policy


VPN - CAs


VPN - Certificates


VPN - CRL


Maintenance – Router Status


Maintenance – Router Status

Show Statistics


Maintenance – Set Password


Maintenance – Remote management


Maintenance - SNMP


Maintenance - Diagnostics


Maintenance – Backup Settings


Maintenance – Router Upgrade


Advanced – LAN Setup


Advanced – LAN Setups

Multi-Home LAN IP Setups


Advanced – DMZ Setups


Port Triggering

Once configured, operation is as follows:

1. A PC makes an outgoing connection using a port number defined in the Port Triggering table.

2. This Router records this connection, opens the INCOMING port or ports associated with this entry in the Port Triggering table, and associates them with the PC.

3. The remote system receives the PCs request, and responds using a different port number.

4. This Router matches the response to the previous request, and forwards the response to the PC. (Without Port Triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the Port Forwarding rules.)


Port Triggering

Note

• Only 1 PC can use a "Port Triggering" application at any time.

• After a PC has finished using a "Port Triggering" application, there is a "Time-out" period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated.

• Normally for games and chat.


Advanced – Port Triggering


Advanced – Static Routes


Knowledge Base / Documentation


Troubleshooting


FAQ#1

• How does the FVX538 support QoS?

• The FVS538 prioritizes the routing of a packet through the router according to the TOS bit in the packet’s layer3 header. For a particular service, you can override the packet’s specified priority by selecting a different priority in the Services menu, Inbound rules or Outbound Rules. Changing the priority setting will affect the priority given to the packet by the router, but will not actually alter the TOS bits in the packet.


FAQ#2

• When I use load balancing through two ISPs, I have problems sending email, getting DNS, or using my ISP’s news server.

• When your ISP provides services such as email, DNS, or newsgroups, it may require that requests for service originate from an IP address within its domain. If you require one of these services from a particular ISP, you should use your router’s Protocol Binding feature to make sure your requests always use the WAN port connected to that ISP.


FAQ#3

• My ISP has provided me with a range of public IP addresses. How can I assign them to servers behind the FVX538?

• When you configure the ISP Settings of your router, assign one IP address as the WAN address to be used by your PCs as the main NAT address for general traffic. In the DMZ Setup menu, you can assign the additional public IP addresses to individual PCs on either your LAN or DMZ (if you have activated port 8 as your DMZ port). To allow inbound traffic to reach one of these PCs, you must create an Inbound Rule for the desired service and set the rule’s Destination Address to the public IP address assigned to that PC.


FAQ#4

• My ISP has provided me with a range of public IP addresses. How can I assign them to servers behind the FVX538?

• When you configure the ISP Settings of your router, assign one IP address as the WAN address to be used by your PCs as the main NAT address for general traffic. In the DMZ Setup menu, you can assign the additional public IP addresses to individual PCs on either your LAN or DMZ (if you have activated port 8 as your DMZ port). To allow inbound traffic to reach one of these PCs, you must create an Inbound Rule for the desired service and set the rule’s Destination Address to the public IP address assigned to that PC. (This feature cannot be used when load balancing is selected.)


FAQ#5

• Is the VPN policy created by the VPN Wizard compatible to other Netgear VPN routers?

• The VPN Wizard will create a compatible configuration with our other products when using fixed IP addresses. When using FQDN, some modifications will be necessary after running the wizard. Please refer to our VPN application notes for detailed information.


Known Issues at initial release

• VPN performance is low (about 25M).• Can’t make VPN using WAN2 when PPPoE.• Dynamic DNS configuration does not save.• Sometimes DHCP server stop after change LAN IP. Need to

reboot.• VPN wizard not compatible with other models when using

FQDN. Policy generated need to be edited in order to work with FVS328, FVL328.

• Upon fail-over, no alert or log entry occurs to notify user.• DMZ Setup – user must visit Groups and Hosts menu first

before PC will display.• VPN status menu – connect and drop button do not work.• VPN in PPPoE environment – can’t ping gateway’s LAN IP.• VPN policies created with VPN Wizard will not work if the

remote side is FQDN.


Known issues at initial release• Statistics window does not correctly show line up or down.

Always said WAN port is up. The LED is correct.• CLI not supported, won’t save settings (READ-only). Console

get Linux OS shell. Need to type “cli” to login. Separate KB articles.

• Can access CLI/GUI by telnet using guest/password, can’t change password.

• Client-to-box VPN – need to append one to three characters after policy name.

• Logging entries are not useful.• Sometimes last VPN policy does not appear in menu.• Setup Wizard and Apply button can’t reliably detect or apply in

DHCP ISP environment. Dynamic or static. Manual setup works.

• Load-balancing protocol binding does not work. Bind an application to a particular WAN.


Known issue at initial release

• Disabling a VPN policy does not drop an active tunnel.

• Can’t edit VPN policy to change LAN subnet.

• An attempt to access a blocked site is not logged.


Fixes with firmware v1.6.12

• VPN throughput increased.

• Number of simultaneous sessions increased.

• Guest password can now be changed separately.

• Default gateway is now shown in routing table.

• Fixed: When WAN2 is primary and in PPPoE mode, VPN tunnel can’t pass trafic.

• Fixed: VPN traffic stops under heavy traffic.

• Remove One-to-one NAT table and Exposed Host, since these functions can be performed with inbound rules.

Date post:	06-Jan-2016
Category:	Documents
Upload:	addison
View:	42 times
Download:	0 times

FVX538

Documents