FVS318v3 Cable/DSL ProSafe VPN Firewall with 8-port switch NETGEAR CONFIDENTIAL
FVS318v3 Cable/DSL ProSafe VPN Firewall with 8-port switch NETGEAR CONFIDENTIAL Gift Box NETGEAR CONFIDENTIAL Features • • • • • 8 simultaneous VPN tunnels. 8 10/100 LAN ports. 10 base-T WAN port. Up to 168 bit 3DES encryption. With v2.4 firmware – Configuration Assistant – VPN Wizard NETGEAR CONFIDENTIAL V1, V2, V3? • Serial number prefix – V1 – FVS9 – V2 – FVS1 – V3 – FVS8 • • • • There are no external difference between model. It is not possible to order one particular version. No upgrade between hardware version is available. Firmware of FVS318v3 is not compatible to FVS318v1 and v2. • Firmware of FVS318 v1 and v2 is not compatible to FVS318v3. NETGEAR CONFIDENTIAL FVS318v3 • The FVS318v3 uses a much improved, more powerful CPU. • Faster routing and VPN throughput. • VPN authentication using X.509 certificates. • Remote Management using HTTPS. • Firewall rules for inbound and outbound traffic NETGEAR CONFIDENTIAL When will the v3 be available? • The FVS318 will start being shipped in late Dec 2004. However, it may take up to late Feb 2005 for it to reach customer since we still have inventory of the v1/v2. • There are several known issues with the FVS318v3 when it is released initially. A bug fix release will be available before the product reach customer. Make sure customer upgrade to the new firmware. NETGEAR CONFIDENTIAL Connecting the FVS318 NETGEAR CONFIDENTIAL LED • • • • Power: The power light should turn solid green. Test: The test light blinks when the router is first turned on then goes off. Internet: The internet port light should be lit. If not, make sure the Ethernet cable is securely attached to the firewall Internet port and the modem, and the modem is power on. LAN: A LAN light should be lit. Green indicates our computer is communicating at 100 Mbps, amber indicates 10 Mbps. If a LAN light not lit, check that the Ethernet cable from the computer to the router is securely attached at both ends, and that the computer is turned on. NETGEAR CONFIDENTIAL GUI NETGEAR CONFIDENTIAL Configuration Assistant • Automatically bring up wizard when user start browser. • Guide user to configure internet connection. • Automatically detect PPPoE, static IP or dynamic IP from ISP. • No longer need to use http://192.168.0.1 to access the administrator interface. • Support and documentation links on GUI menu. • Click Cancel during configuration assistant will bring up the Basic Settings page. (New in v3) NETGEAR CONFIDENTIAL Configuration Assistant - Start NETGEAR CONFIDENTIAL Configuration Assistant - Quit NETGEAR CONFIDENTIAL Configuration Assistant - Testing NETGEAR CONFIDENTIAL Configuration Assistant - Detected NETGEAR CONFIDENTIAL Configuration Assistant – Dynamic IP (DNS) NETGEAR CONFIDENTIAL Configuration Assistant - Update NETGEAR CONFIDENTIAL Configuration Assistant - Success NETGEAR CONFIDENTIAL Configuration Assistant – Done NETGEAR CONFIDENTIAL Configuration Assistant – No connection NETGEAR CONFIDENTIAL Configuration Assistant - PPPoE NETGEAR CONFIDENTIAL Configuration Assistant - PPPoE NETGEAR CONFIDENTIAL Configuration Assistant - PPPoE NETGEAR CONFIDENTIAL Configuration Assistant - PPPoE NETGEAR CONFIDENTIAL FAQ – Configuration Assistant • If user choose to quit Configuration Assistant, the Basic Settings page will come up. • If default home page is blank, configuration assistant won’t come up when start browser. • The configuration assistant will only come up if the router is in factory default state. • If configuration assistant won’t come up, it can be access from: – http://www.routerlogin.com – http://www.routerlogin.net – http://192.168.0.1 NETGEAR CONFIDENTIAL VPN – Box to Box Scenario: Box to Box Network A Network B INTERNET 66.126.237.204 66.126.237.201 ProSafe VPN router ProSafe VPN Router Ethernet Ethernet 192.168.4.0/255.255.255.0 192.168.0.0/255.255.255.0 Network A Local Identifier WAN IP Remote Identifer WAN IP Local subnet 192.168.0.0/24 Remote subnet 192.168.4.0/24 Remote VPN Endpoint 66.126.237.204 Shared Key 12345678 Encryption Algorithm 3DES Authentication Algorithm SHA-1 NETGEAR CONFIDENTIAL Network B WAN IP WAN IP 192.168.4.0/24 192.168.0.0/24 66.126.237.201 12345678 3DES SHA-1 VPN Wizard – Box to Box 1 NETGEAR CONFIDENTIAL VPN Wizard – box to box 2 NETGEAR CONFIDENTIAL VPN Wizard – box to box 3 NETGEAR CONFIDENTIAL VPN Wizard – box to box 4 NETGEAR CONFIDENTIAL VPN Wizard – box to box 5 NETGEAR CONFIDENTIAL VPN Wizard – box to box 6 NETGEAR CONFIDENTIAL VPN Wizard – box to box 7 NETGEAR CONFIDENTIAL VPN Wizard – box to box 8 NETGEAR CONFIDENTIAL VPN – Client to Box Scenario: Client to Box INTERNET 66.126.237.203 ProSafe VPN router Remote User VPN Client Ethernet 192.168.1.0/255.255.255.0 Network A Local Identifier WAN IP Remote Identifer remoteClient Local subnet 192.168.1.0/24 Remote subnet 192.168.100.1 Remote VPN Endpoint 66.126.237.203 Shared Key 12345678 Encryption Algorithm 3DES Authentication Algorithm MD5 NETGEAR CONFIDENTIAL Remote Client remoteClient WAN IP 192.168.100.1 192.168.1.0/24 0.0.0.0 12345678 3DES MD5 VPN Wizard – Client to Box 1 NETGEAR CONFIDENTIAL VPN Wizard – Client to Box 2 NETGEAR CONFIDENTIAL VPN Wizard – Client to Box 3 NETGEAR CONFIDENTIAL VPN Wizard – Client to Box 4 NETGEAR CONFIDENTIAL VPN Wizard – Client to Box 2B NETGEAR CONFIDENTIAL VPN Wizard – Client to Box 3B NETGEAR CONFIDENTIAL VPN Wizard – Client to Box 4B NETGEAR CONFIDENTIAL Basic Setting - Broadband NETGEAR CONFIDENTIAL Basic Setting – Broadband with Login NETGEAR CONFIDENTIAL Security - Log NETGEAR CONFIDENTIAL Security - Block Site NETGEAR CONFIDENTIAL Security – Block Site NETGEAR CONFIDENTIAL Security – Block Site NETGEAR CONFIDENTIAL Security - Rules NETGEAR CONFIDENTIAL Security – Add rule NETGEAR CONFIDENTIAL Security – Add Services NETGEAR CONFIDENTIAL Security - Schedule NETGEAR CONFIDENTIAL Security - Email NETGEAR CONFIDENTIAL VPN – IKE Policy NETGEAR CONFIDENTIAL VPN – VPN Policy NETGEAR CONFIDENTIAL VPN - CAs NETGEAR CONFIDENTIAL VPN - Certificates NETGEAR CONFIDENTIAL VPN - CRL NETGEAR CONFIDENTIAL VPN – VPN Status NETGEAR CONFIDENTIAL Maintenance - Router Status NETGEAR CONFIDENTIAL Router Status – WAN status and Statistics NETGEAR CONFIDENTIAL Maintenance - Attached Devices NETGEAR CONFIDENTIAL Maintenance - Settings Backup NETGEAR CONFIDENTIAL Maintenance - Set Password NETGEAR CONFIDENTIAL Maintenance - Diagnostics NETGEAR CONFIDENTIAL Maintenance - Router Upgrade NETGEAR CONFIDENTIAL Advanced - Dynamic DNS NETGEAR CONFIDENTIAL Advanced - LAN IP Setup NETGEAR CONFIDENTIAL Advanced - Remote Management NETGEAR CONFIDENTIAL Advanced - Static Routes NETGEAR CONFIDENTIAL Web Support - NETGEAR CONFIDENTIAL Troubleshooting NETGEAR CONFIDENTIAL Known Issues • When manage the router through remote management, the interface is slow. • Cannot add VPN client policy when one is active. • LAN PC cannot ping WAN IP address. • When WAN IP 192.168.0.1, can’t route. NETGEAR CONFIDENTIAL VPN Troubleshooting Can the other VPN end point reach you? – What is the remote VPN endpoint? • FQDN: resolve to remote WAN IP? • IP Address: Is IP address reachable? • 0.0.0.0: VPN uses aggressive mode? • Do the VPN parameters matches on both endpoints? – What are the remote/local IKE identities? • Do they match the remote endpoint’s local/remote IKE identities? – What are the local/remote VPN networks? • Do they match remote endpoint’s remote/local VPN networks? – What is the pre-shared key? • Does it match the remote endpoint’s pre-shared key? – What are the encryption/authentication algorithms? • Do they match the remote endpoint’s algorithms? – What is the IKE mode (main/aggressive)? • Does it match the remote endpoint’s IKE mode? NETGEAR CONFIDENTIAL VPN Troubleshooting Flow VPN mode must matches in both remote and local VPN policies VPN not working Refer to Premium support Y N Dynamic IP on local WAN? N Use dynamic DNS? Setup dynamic DNS Y Use FQDN as local VPN identity? Use FQDN as remote VPN identity? Y FQDN resolve to WAN IP? N Use FQDN N Check dynamic DNS setting, make sure FQDN resolve to local WAN IP Y FQDN resolve to WAN IP? N Check dynamic DNS setting, make sure FQDN resolve to remotel WAN IP Preshared key matches? N Y NETGEAR CONFIDENTIAL VPN mode matches N Use dynamic DNS? Y Use FQDN N Y N Setup dynamic DNS N Dynanmic IP on remote WAN? Y Y Preshared key must matches in both remote and local VPN policies Y Authentication algorithim mtaches? N Authentication algorthm must matches in both remote and local VPN policies Y Encryption algorithm matches? N Encryption algorithm must matches in both local and remote VPN policies CTS NETGEAR CONFIDENTIAL CTS Codes: Problems • • • • Hardware Missing Part Power Supply Software NETGEAR CONFIDENTIAL CTS Codes – Causes - Hardware • • • • • • • • • • • • • • Can not print (Print server) Dead on arrival Device keep rebooting itself LED – intermittent flashing LED – no lights/no power Missing Accessories Missing Documentation Missing Power Supply No Connection to Modem (no light) Non-Netgear Product Published feature not working Unit Dead-No Power Wireless Signal – no signal Wireless Signal - weak NETGEAR CONFIDENTIAL CTS Code – Causes – Missing Parts • Accessory • Power supply NETGEAR CONFIDENTIAL CTS Codes – Causes - Software • • • • • • • • • • • • Advanced Feature Request Application – AOL Optimized 9.0 does not work Application – Can not play online game Application – Can not set up application server Application – Can not use messaging services Cannot build VPN tunnel (box-box) Cannot build VPN tunnel (passthrough) Cannot connect to internel Cannot connect to ISP with PPTP connection Cannot display secure web pages Cannot get to AP/Router Cannot send/receive emails. NETGEAR CONFIDENTIAL • • • • • • • • • • • • • • • Cannot use VPN Client (client-box) Crash/Lock Up Device not detected Dial on-demand not working Documentation incorrect Failed Outbound FTP Upload Firmware – failure after update Firmware request ISP parameter incorrect Modem direct connect does not work Router hangs connection Setting lost on device reboot Slow internet Connection Wireless icon – not in SysTray Wireless icon red CTS Codes - Resolutions • • • • • • • • • • • • • • • • • • • • • • • • • Adjusted Antenna Admin – Configured ISP – PPPoA Admin – Configured ISP – PPPoE Admin – Configured ISP – static detected Admin – Provided password Admin – Ran Smart Wizard Admin – Set Port Forwarding Attached to Existing Issue Changed MTU setting Checked/Replaced LAN cable Checked/Replaced power cable Checked/Replaced WAN cable Configured for LAN Configured for Other hardware Connect hub between PC and router Customer not willing to troubleshoot Device tested OK – ISP Problem Disable SPI Disabled/Removed Software Firewall Disconnected/Reconnected Driver – Updated/installed Drivers Firmware – Sent firmware/software Firmware install – latest version Firmware install – previous version Incompatible NETGEAR CONFIDENTIAL • • • • • • • • • • • • • • • • • • • • • • • • Connect hub between PC and router • Customer not willing to troubleshoot • Device tested OK – ISP Problem • Disable SPI • Disabled/Removed Software Firewall • Disconnected/Reconnected • Driver – Updated/installed Drivers • Firmware – Sent firmware/software • Firmware install – latest version • Firmware install – previous version • Incompatible • Non Netgear Issue – ie ISP Problem • Non-Netgear issue – customer error • Physical installation of device • Power cycle Modem/AP/Router/PC • Proxy server added Reconfigured device settings – Incorrect settings Refer – Premium Support – accepted/referral Refer – Premium Support – DECLINED Refer – to KB Refer – UNSUPPORTED – to 3rd party vendor Release/renewed DHCP IP Reset to factory default RMA – DENIED – as outside warranty conditions RMA – DENIED – due to Power Outage RMA – Failure after firmware upgrade RMA – logged completed unit RMA – logged power supply Service Contract Utility – Configured Printer Server Admin Utility – Configured wireless utility Utility – installed wireless utility VPN – configured OTHER client (client-box) VPN – configured Safenet Remote (client-box) VPN – configured setup (box-box) VPN – configured setup (pass through) VPN – configured Win2K (box-box) Practice Questions NETGEAR CONFIDENTIAL Question 1: 1. Fill out VPN parameters according to the network data Network A 129.30.6.121 Key: 12345678 Network B 3DES SHA-1 205.158.9.2 ProSafe VPN router ProSafe VPN Router Ethernet Ethernet 10.1.2.0/255.255.255.0 192.168.1.0/255.255.255.0 Network A Local Identifier Remote Identifer Local subnet Remote subnet Remote VPN Endpoint Shared Key Encryption Algorithm Authentication Algorithm NETGEAR CONFIDENTIAL Network B Questions and Answers NETGEAR CONFIDENTIAL
© Copyright 2024