NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

TCD-Experea's avatar
TCD-Experea
Aspirant
Dec 11, 2016
Solved

FVS318Gv2 fails PCI-DSS scans

We use these for gateway to gateway vpn connections between remote offices and the main office. No real issues there now, until they failed a Trustwave scan because of Netgear's built-in certificate ...
PCI-DSS scan fail
Security
  • TCD-Experea's avatar
    TCD-Experea
    Dec 17, 2016

    OK we passed today with this firmware and a written adendum to cover use of L2TP tunnel that Trustwave doesn't like even though it is secured. Had to literally turn off everything else in the way of remotely connecting to these to manage them.

    My management solution is to setup VPN access at all locations and only manage them through the tunnel at the moment... seems to wok, but a failure will lead to about 2 hourss of downtime while I travel to a site with a replacement device. I do have a spare that I can configure to match in about 15 minutes now since I've done it so many times.

DaneA's avatar
DaneA
NETGEAR Employee Retired
Dec 12, 2016

Hi TCD-Experea,

 

Welcome to the community! :) 

 

What is the current firmware version of the FVS318Gv2?

 

Let me share this old forum link to you. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

  • TCD-Experea's avatar
    TCD-Experea
    Aspirant
    Dec 12, 2016

    Firmware is 4.3.4-2 on all 3 devices.

     

    I have disabled remote admin at this point and have asked AP/AR to initiate a new scan.

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Dec 12, 2016

      Hi TCD-Experea,

       

      Let us know how the new scan goes.  

       

      Also, you may want to try to downgrade the firmware to v4.3.3-8.  As per release notes of firmware v4.3.3-8, one of the bug fixes mentioned about PCI Compliance Scans.  You can download the firmware here.  Be reminded that its recommended to perform a factory reset after downgrading the firmware then reconfigure it from scratch and check if same problem will occur.

       

       

      Regards,

       

      DaneA

      NETGEAR Community Team

      • SamirD's avatar
        SamirD
        Prodigy
        Dec 17, 2016

        I second doing the downgrade.  Unless you need something on a firmware level, choose whatever firmware level you want--they all have bugs. :D  And it's not just Netgear, its anyone making smb routers (except zyxel).

         

        I actually treat firmware revisions as 'feature sets'.  I'll run with a 'feature set' until the device can no longer do what I need.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More