netgear confidential fvs318v3 cable/dsl prosafe vpn firewall with 8-port switch

NETGEAR CONFIDENTIAL

FVS318v3Cable/DSL ProSafe VPN Firewall with 8-port switch

NETGEAR CONFIDENTIAL

Gift Box

NETGEAR CONFIDENTIAL

Features

• 8 simultaneous VPN tunnels.

• 8 10/100 LAN ports.

• 10 base-T WAN port.

• Up to 168 bit 3DES encryption.

• With v2.4 firmware– Configuration Assistant– VPN Wizard

NETGEAR CONFIDENTIAL

V1, V2, V3?

• Serial number prefix– V1 – FVS9– V2 – FVS1– V3 – FVS8

• There are no external difference between model.

• It is not possible to order one particular version.

• No upgrade between hardware version is available.

• Firmware of FVS318v3 is not compatible to FVS318v1 and v2.

• Firmware of FVS318 v1 and v2 is not compatible to FVS318v3.

NETGEAR CONFIDENTIAL

FVS318v3

• The FVS318v3 uses a much improved, more powerful CPU.

• Faster routing and VPN throughput.

• VPN authentication using X.509 certificates.

• Remote Management using HTTPS.

• Firewall rules for inbound and outbound traffic

NETGEAR CONFIDENTIAL

When will the v3 be available?

• The FVS318 will start being shipped in late Dec 2004. However, it may take up to late Feb 2005 for it to reach customer since we still have inventory of the v1/v2.

• There are several known issues with the FVS318v3 when it is released initially. A bug fix release will be available before the product reach customer. Make sure customer upgrade to the new firmware.

NETGEAR CONFIDENTIAL

Connecting the FVS318

NETGEAR CONFIDENTIAL

LED

• Power: The power light should turn solid green.

• Test: The test light blinks when the router is first turned on then goes off.

• Internet: The internet port light should be lit. If not, make sure the Ethernet cable is securely attached to the firewall Internet port and the modem, and the modem is power on.

• LAN: A LAN light should be lit. Green indicates our computer is communicating at 100 Mbps, amber indicates 10 Mbps. If a LAN light not lit, check that the Ethernet cable from the computer to the router is securely attached at both ends, and that the computer is turned on.

NETGEAR CONFIDENTIAL

GUI

NETGEAR CONFIDENTIAL

Configuration Assistant

• Automatically bring up wizard when user start browser.

• Guide user to configure internet connection.

• Automatically detect PPPoE, static IP or dynamic IP from ISP.

• No longer need to use http://192.168.0.1 to access the administrator interface.

• Support and documentation links on GUI menu.

• Click Cancel during configuration assistant will bring up the Basic Settings page. (New in v3)

NETGEAR CONFIDENTIAL

Configuration Assistant - Start

NETGEAR CONFIDENTIAL

Configuration Assistant - Quit

NETGEAR CONFIDENTIAL

Configuration Assistant - Testing

NETGEAR CONFIDENTIAL

Configuration Assistant - Detected

NETGEAR CONFIDENTIAL

Configuration Assistant – Dynamic IP (DNS)

NETGEAR CONFIDENTIAL

Configuration Assistant - Update

NETGEAR CONFIDENTIAL

Configuration Assistant - Success

NETGEAR CONFIDENTIAL

Configuration Assistant – Done

NETGEAR CONFIDENTIAL

Configuration Assistant – No connection

NETGEAR CONFIDENTIAL

Configuration Assistant - PPPoE

NETGEAR CONFIDENTIAL

Configuration Assistant - PPPoE

NETGEAR CONFIDENTIAL

Configuration Assistant - PPPoE

NETGEAR CONFIDENTIAL

Configuration Assistant - PPPoE

NETGEAR CONFIDENTIAL

FAQ – Configuration Assistant

• If user choose to quit Configuration Assistant, the Basic Settings page will come up.

• If default home page is blank, configuration assistant won’t come up when start browser.

• The configuration assistant will only come up if the router is in factory default state.

• If configuration assistant won’t come up, it can be access from:– http://www.routerlogin.com– http://www.routerlogin.net– http://192.168.0.1

NETGEAR CONFIDENTIAL

VPN – Box to Box

EthernetEthernet

INTERNET

ProSafe VPN router ProSafe VPN Router

192.168.0.0/255.255.255.0

66.126.237.201

192.168.4.0/255.255.255.0

66.126.237.204

Network A Network B

Network A Network BLocal Identifier WAN IP WAN IPRemote Identifer WAN IP WAN IPLocal subnet 192.168.0.0/24 192.168.4.0/24Remote subnet 192.168.4.0/24 192.168.0.0/24Remote VPN Endpoint 66.126.237.204 66.126.237.201Shared Key 12345678 12345678Encryption Algorithm 3DES 3DESAuthentication Algorithm SHA-1 SHA-1

Scenario: Box to Box

NETGEAR CONFIDENTIAL

VPN Wizard – Box to Box 1

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 2

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 3

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 4

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 5

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 6

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 7

NETGEAR CONFIDENTIAL

VPN Wizard – box to box 8

NETGEAR CONFIDENTIAL

VPN – Client to Box

Ethernet

INTERNET

ProSafe VPN router

192.168.1.0/255.255.255.0

66.126.237.203

Remote UserVPN Client

Network A Remote ClientLocal Identifier WAN IP remoteClientRemote Identifer remoteClient WAN IPLocal subnet 192.168.1.0/24 192.168.100.1Remote subnet 192.168.100.1 192.168.1.0/24Remote VPN Endpoint 66.126.237.203 0.0.0.0Shared Key 12345678 12345678Encryption Algorithm 3DES 3DESAuthentication Algorithm MD5 MD5

Scenario: Client to Box

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 1

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 2

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 3

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 4

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 2B

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 3B

NETGEAR CONFIDENTIAL

VPN Wizard – Client to Box 4B

NETGEAR CONFIDENTIAL

Basic Setting - Broadband

NETGEAR CONFIDENTIAL

Basic Setting – Broadband with Login

NETGEAR CONFIDENTIAL

Security - Log

NETGEAR CONFIDENTIAL

Security - Block Site

NETGEAR CONFIDENTIAL

Security – Block Site

NETGEAR CONFIDENTIAL

Security – Block Site

NETGEAR CONFIDENTIAL

Security - Rules

NETGEAR CONFIDENTIAL

Security – Add rule

NETGEAR CONFIDENTIAL

Security – Add Services

NETGEAR CONFIDENTIAL

Security - Schedule

NETGEAR CONFIDENTIAL

Security - Email

NETGEAR CONFIDENTIAL

VPN – IKE Policy

NETGEAR CONFIDENTIAL

VPN – VPN Policy

NETGEAR CONFIDENTIAL

VPN - CAs

NETGEAR CONFIDENTIAL

VPN - Certificates

NETGEAR CONFIDENTIAL

VPN - CRL

NETGEAR CONFIDENTIAL

VPN – VPN Status

NETGEAR CONFIDENTIAL

Maintenance - Router Status

NETGEAR CONFIDENTIAL

Router Status – WAN status and Statistics

NETGEAR CONFIDENTIAL

Maintenance - Attached Devices

NETGEAR CONFIDENTIAL

Maintenance - Settings Backup

NETGEAR CONFIDENTIAL

Maintenance - Set Password

NETGEAR CONFIDENTIAL

Maintenance - Diagnostics

NETGEAR CONFIDENTIAL

Maintenance - Router Upgrade

NETGEAR CONFIDENTIAL

Advanced - Dynamic DNS

NETGEAR CONFIDENTIAL

Advanced - LAN IP Setup

NETGEAR CONFIDENTIAL

Advanced - Remote Management

NETGEAR CONFIDENTIAL

Advanced - Static Routes

NETGEAR CONFIDENTIAL

Web Support -

NETGEAR CONFIDENTIAL

Troubleshooting

NETGEAR CONFIDENTIAL

Known Issues

• When manage the router through remote management, the interface is slow.

• Cannot add VPN client policy when one is active.

• LAN PC cannot ping WAN IP address.

• When WAN IP 192.168.0.1, can’t route.

NETGEAR CONFIDENTIAL

VPN Troubleshooting

Can the other VPN end point reach you?– What is the remote VPN endpoint?

• FQDN: resolve to remote WAN IP?• IP Address: Is IP address reachable?• 0.0.0.0: VPN uses aggressive mode?

• Do the VPN parameters matches on both endpoints?– What are the remote/local IKE identities?

• Do they match the remote endpoint’s local/remote IKE identities?

– What are the local/remote VPN networks?• Do they match remote endpoint’s remote/local VPN networks?

– What is the pre-shared key?• Does it match the remote endpoint’s pre-shared key?

– What are the encryption/authentication algorithms?• Do they match the remote endpoint’s algorithms?

– What is the IKE mode (main/aggressive)?• Does it match the remote endpoint’s IKE mode?

NETGEAR CONFIDENTIAL

VPN Troubleshooting FlowVPN not working

Dynamic IP onlocal WAN?

Dynanmic IPon remote

WAN?

Check dynamicDNS setting, make

sure FQDNresolve to local

WAN IP

Use FQDN

Setup dynamicDNS

VPN mode mustmatches in bothremote and local

VPN policies

Preshared keymust matches inboth remote and

local VPN policies

Encryptionalgorithm mustmatches in bothlocal and remote

VPN policies

Authenticationalgorthm must

matches in bothremote and local

VPN policies

Y

N

Y

Y

N Y Y

N

Y

N

Use dynamicDNS?

Use FQDN aslocal VPNidentity?

Use dynamicDNS?

Use FQDN asremote VPN

identity?

FQDN resolveto WAN IP?

Preshared keymatches?

FQDN resolveto WAN IP?

Authenticationalgorithimmtaches?

Check dynamicDNS setting, make

sure FQDNresolve to remotel

WAN IP

Setup dynamicDNS

Use FQDN

Encryptionalgorithmmatches?

VPN modematches

N

N

Y

N

Y Y

N

N

N

N

Y

N

Refer to Premiumsupport

Y

NETGEAR CONFIDENTIAL

CTS

NETGEAR CONFIDENTIAL

CTS Codes: Problems

• Hardware

• Missing Part

• Power Supply

• Software

NETGEAR CONFIDENTIAL

CTS Codes – Causes - Hardware

• Can not print (Print server)Can not print (Print server)

• Dead on arrivalDead on arrival

• Device keep rebooting itselfDevice keep rebooting itself

• LED – intermittent flashingLED – intermittent flashing

• LED – no lights/no powerLED – no lights/no power

• Missing AccessoriesMissing Accessories

• Missing DocumentationMissing Documentation

• Missing Power SupplyMissing Power Supply

• No Connection to Modem (no light)No Connection to Modem (no light)

• Non-Netgear ProductNon-Netgear Product

• Published feature not workingPublished feature not working

• Unit Dead-No PowerUnit Dead-No Power

• Wireless Signal – no signalWireless Signal – no signal

• Wireless Signal - weakWireless Signal - weak

NETGEAR CONFIDENTIAL

CTS Code – Causes – Missing Parts

• Accessory

• Power supply

NETGEAR CONFIDENTIAL

CTS Codes – Causes - Software

• Advanced Feature Request

• Application – AOL Optimized 9.0 does not work

• Application – Can not play online game

• Application – Can not set up application server

• Application – Can not use messaging services

• Cannot build VPN tunnel (box-box)

• Cannot build VPN tunnel (passthrough)

• Cannot connect to internel

• Cannot connect to ISP with PPTP connection

• Cannot display secure web pages

• Cannot get to AP/Router

• Cannot send/receive emails.

• Cannot use VPN Client (client-box)

• Crash/Lock Up

• Device not detected

• Dial on-demand not working

• Documentation incorrect• Failed Outbound FTP Upload• Firmware – failure after update• Firmware request• ISP parameter incorrect• Modem direct connect does not work• Router hangs connection• Setting lost on device reboot• Slow internet Connection• Wireless icon – not in SysTray• Wireless icon red

NETGEAR CONFIDENTIAL

CTS Codes - Resolutions

• Adjusted Antenna

• Admin – Configured ISP – PPPoA

• Admin – Configured ISP – PPPoE

• Admin – Configured ISP – static detected

• Admin – Provided password

• Admin – Ran Smart Wizard

• Admin – Set Port Forwarding

• Attached to Existing Issue

• Changed MTU setting

• Checked/Replaced LAN cable

• Checked/Replaced power cable

• Checked/Replaced WAN cable

• Configured for LAN

• Configured for Other hardware

• Connect hub between PC and router

• Customer not willing to troubleshoot

• Device tested OK – ISP Problem

• Disable SPI

• Disabled/Removed Software Firewall

• Disconnected/Reconnected

• Driver – Updated/installed Drivers

• Firmware – Sent firmware/software

• Firmware install – latest version

• Firmware install – previous version

• Incompatible

• Connect hub between PC and router• Customer not willing to troubleshoot• Device tested OK – ISP Problem• Disable SPI• Disabled/Removed Software Firewall• Disconnected/Reconnected• Driver – Updated/installed Drivers• Firmware – Sent firmware/software• Firmware install – latest version• Firmware install – previous version• Incompatible• Non Netgear Issue – ie ISP Problem• Non-Netgear issue – customer error• Physical installation of device• Power cycle Modem/AP/Router/PC• Proxy server added• Reconfigured device settings – Incorrect• settings• Refer – Premium Support – accepted/referral• Refer – Premium Support – DECLINED• Refer – to KB• Refer – UNSUPPORTED – to 3rd party vendor• Release/renewed DHCP IP• Reset to factory default

• RMA – DENIED – as outside warranty• conditions• RMA – DENIED – due to Power Outage• RMA – Failure after firmware upgrade• RMA – logged completed unit• RMA – logged power supply• Service Contract• Utility – Configured Printer Server Admin• Utility – Configured wireless utility• Utility – installed wireless utility• VPN – configured OTHER client (client-box)• VPN – configured Safenet Remote (client-box)• VPN – configured setup (box-box)• VPN – configured setup (pass through)• VPN – configured Win2K (box-box)

NETGEAR CONFIDENTIAL

Practice Questions

NETGEAR CONFIDENTIAL

Question 1:

Network A Network BLocal IdentifierRemote IdentiferLocal subnetRemote subnetRemote VPN EndpointShared KeyEncryption AlgorithmAuthentication Algorithm

EthernetEthernet

ProSafe VPN router ProSafe VPN Router

192.168.1.0/255.255.255.0

129.30.6.121

10.1.2.0/255.255.255.0

205.158.9.23DESSHA-1

Key: 12345678Network A

Network B

1. Fill out VPN parameters according to the network data

NETGEAR CONFIDENTIAL

Questions and Answers