Name: NETGEAR FVS318G
Brand: NETGEAR
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Manage Users, Authentication, and VPN Certificates

286

NETGEAR ProSAFE VPN Firewall FVS318G v2

The VPN Firewall’s Authentication Process and Options

Users are assigned to a group, and a group is assigned to a domain. Therefore, you must

first create any domains, then groups, and then user accounts.

You must create name and password accounts for all users who must

be able to conne

ct to

the VPN firewall. This includes administrators and guests. Accounts for IPSec VPN clients

are required only if you enable extended authentication (XAUTH) in your IPSec VPN

configuration.

Users connecting to the VPN firewall must be authenticated before

being allowed to access

the VPN firewall or the VPN-protected network. The login screen that is presented to the user

requires three items: a user name, a password, and a domain selection. The domain

determines the authentication method that is used.

Except in the case of IPSec VPN users, when you create a user account, you

must specify a

group. When you create a group, you must specify a domain.

IPSec VPN and L2TP users do not belong to a domain and are not assigned to

a group.

Do not confuse the authentication groups with the LAN groups. For more information, see

Manage IPv4 Groups and Hosts (IPv4 LAN Groups) on p

age 71.

The following table summarizes the external authentication protocols and methods th

at the

VPN firewall supports.

Table 65. External authentication protocols and methods

Authentication

Protocol or Method

Description

PAP Password Authentication Protocol (P

AP) is a simple protocol in which the client sends a

password in clear text.

CHAP Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake

in which the client and server trade challenge messages, each responding with a hash of

the other’s challenge message that is calculated using a shared secret value.

RADIUS A network-validated PAP or CHAP password-based authentication method that functions

with Remote Authentication Dial In User Service (RADIUS).

MIAS A network-validated PAP or CHAP password-based authentication method that functions

with Microsoft Internet Authentication Service (MIAS), which is a component of Microsoft

Windows 2003 Server.

WiKID WiKID Systems is a PAP or CHAP key-based two-factor authentication method that

functions with public key cryptography. The client sends an encrypted PIN to the WiKID

server and receives a one-time passcode with a short expiration period. The client logs in

with the passcode. For more about WiKID authentication, see Appendix B, Two-Factor

Authentication.

NT Domain A network-validated domain-based authentication method that functions with a Microsoft

Windows NT Domain authentication server. This authentication method was superseded

by Microsoft Active Directory authentication but is supported to authenticate legacy

Windows clients.

Questions and Answers:

Need help?

Do you have a question about the NETGEAR FVS318G and is the answer not in the manual?

NETGEAR FVS318G Specifications

General

Power requirements	12V DC, 1.5A
Firewall throughput	250 Mbit/s
Maximum data transfer rate	1000 Mbit/s
HTTP performance	6000 transactions/sec
Wi-Fi	No
DHCP server	Yes
Number of VLANs	256
VPN tunnels quantity	12
WAN connection	Ethernet (RJ-45)
Connectivity technology	Wired
Ethernet LAN (RJ-45) ports	9
Ethernet DMZ ports quantity	1
Routing protocols	RIP-1, RIP-2
Supported network protocols	TCP/IP, UDP, ICMP, PPPoE
VPN support	IPsec (ESP), IKE, PKI, HTTPS
Security algorithms	128-bit AES, 192-bit AES, 256-bit AES, 3DES, DES, MD5, SHA-1
Internal memory	128 MB
Flash memory	32 MB
Storage media type	Flash
Processor frequency	300 MHz
Storage temperature (T-T)	-20 - 70 °C
Operating temperature (T-T)	0 - 45 °C
Cables included	LAN (RJ-45)