Orbi WiFi 7 RBE973
Reply

FVS336G V3 FW 4.3.3-6 VPN config:

johnjvictor
Aspirant

FVS336G V3 FW 4.3.3-6 VPN config:

I just bought this firewall and am trying to configure a Gateway VPN tunnel. I used the VPN wizard and that worked fine. However, when I try to change the encryption from 3DES to AES-256, it works fine for the IKE policy, but when I try to change the VPN policy encryption in the Auto Policy Parameter section to AES-256, it says I need to configure some manual policy parameters before accepting my change. This doesn't seem correct--I am not trying to enter any Manual Policy Parameters. Is this a bug?

Message 1 of 6

Accepted Solutions
johnjvictor
Aspirant

Re: FVS336G V3 FW 4.3.3-6 VPN config:

JohnRo

 

I reloaded the firmware, restored settings to default and restored settings that I saved and the VPN policy page seems to be working fine now.

Thanks!

john

View solution in original post

Message 5 of 6

All Replies
JohnRo
NETGEAR Employee Retired

Re: FVS336G V3 FW 4.3.3-6 VPN config:

Hello johnjvictor, 

 

Welcome to the community! 

 

Before I replied to your post I have tried to duplicate the issue you are having using one of our test units. I did not experience the issue you are having and I am using the same firmware version. Please try the following and see if it will let you change it: 

 

  1. Go to VPN>IPSec VPN>VPN Policies 
  2. Select the VPN Policy you have created and click on "Edit" 
  3. Change the encryption
  4. Click "Apply"
  5. After the setting have been applied, select the policy again then click "Disable"
  6. Go to IKE Policies and select the policy you created
  7. click on "Edit" and change the encryption

See if this will let you apply the changes, if this works go back to VPN policy and enable the policy you have created. 

 

Thanks, 

Message 2 of 6
johnjvictor
Aspirant

Re: FVS336G V3 FW 4.3.3-6 VPN config:

JohnRo

 

Thanks for the suggestion. I tried your sequence exactly and it still did not allow me to change the encryption. But...this is weird and certainly must be a firmware bug. I was finally able to change the encryption by doing the following:

1) Select VPN Policies and disable the one I created

2) Click Edit

3) Change the Policy type from Auto Policy to Manual Policy and then change it back to Auto Policy. When I did this I noticed that the Manual Policy Parameters got grayed out where before they were not.

4) Change the Encryption type to AES-256 in the Auto Policy Parameters section. When I clicked Apply, it asked me to enter End IP addresses in the Traffic Selection section for both Local and Remote. That I can do!!

5) Now when I click Apply it is all good!!

6) Now I can change the Encryption in the IKE policy to AES-256 and then re-enable the VPN policy

 

This unit is not yet in service or connected to our primary WAN link, so hopefully it will work once it trys to sync the tunnel with our live network. I guess it's possible I got a bad firmware upgrade so I should probably try to reload it.

 

Thanks for the help!

Message 3 of 6
JohnRo
NETGEAR Employee Retired

Re: FVS336G V3 FW 4.3.3-6 VPN config:

Hi johnjvictor, 

 

I must say that was a weird behavior. Reloading the firmware and resetting it to default should be a good idea. Hopefully, it works fine during production. 

 

Let us know if you have more questions. The community is happy to help! 

 

Thanks, 

Message 4 of 6
johnjvictor
Aspirant

Re: FVS336G V3 FW 4.3.3-6 VPN config:

JohnRo

 

I reloaded the firmware, restored settings to default and restored settings that I saved and the VPN policy page seems to be working fine now.

Thanks!

john

Message 5 of 6
JohnRo
NETGEAR Employee Retired

Re: FVS336G V3 FW 4.3.3-6 VPN config:

Hello johnjvictor, 

 

I'm glad it worked for you! 🙂

 

Thanks, 

Message 6 of 6
Discussion stats
  • 5 replies
  • 3783 views
  • 1 kudo
  • 2 in conversation
Announcements