Orbi WiFi 7 RBE973
Reply

Re: FVS336Gv3 - Help in configuring router

vpnman
Guide

FVS336Gv3 - Help in configuring router

We have a Netgear FVS336Gv3 running latest firmware (V4.3.4-1).   The FVS336Gv3 has a single LAN network with 4 devices and each have the following IP address:  IP_A, IP_B, IP_C, IP_D.   It also has a single WAN network.

 

What we'd like to do is to configure the FVS336Gv3 to only allow the IP_A device to communicate with IP_D device but everybody else (IP_B and IP_C) are disallowed to communicate with IP_D device.   Note that IP_A, IP_B, and IP_C are allowed to communicate with each other.

 

Would appreciate it if someone can provide directions in configuring the FVS336Gv3 to accomplish the above.

 

Regards,

Al

Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 1 of 11

Accepted Solutions
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

Just want to follow-up.  Any updates?  

 

 

Regards,

 

DaneA

NETGEAR Community Team

View solution in original post

Message 11 of 11

All Replies
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

I think you need a switch that supports access control list or ACL on your network setup to achieve your goal.   Let me share this article below as reference:

 

Setting up VLANs & VLAN Routing with Access Control Lists

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 11
vpnman
Guide

Re: FVS336Gv3 - Help in configuring router

Hi DaneA,

 

Thanks for your response.   Will a Netgear ProSAFE M4100 unit be able to accomplish this and support the additional requirements below?

  • In addition to IP_A device, to only allow a particular VPN client (coming from WAN side) with VPN_IP_Z address to access IP_D device and all other VPN clients are denied access to IP_D device?
  • Can a set of LAN IP address (ex: coming from a port connected to a WIFI access point) be put in a group and manage this group in a ACL rule (ex: deny this group access to IP_D)?

 

Regards,

vpnman

Message 3 of 11
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

About the 1st additional requirement, I believe it can be configured on the VPN policies of the FVS336Gv3.  While the 2nd additional requirement, can be configured on the M4100 switch as an ACL rule. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 11
vpnman
Guide

Re: FVS336Gv3 - Help in configuring router

Aside from the M4100 switch, can it be accomplished using GS110TP and/or GS108T?    Do these support IP-based ACL?

 

Is there a guide or cookbook that shows step-by-step how to configure the FVS336gv3 to deny access to IP_D device from all VPN clients coming from GW-to-GW VPN but only allow a particular one (VPN_IP_Z address)?

Message 5 of 11
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

Both GS108Tv2 and the GS110TP supports either MAC ACL, Standard IP ACL and Extended IP ACL.  Kindly read pages 180-194 of the GS108T and GS110TP Smart Switch software administration manual here.  Check also Appendix B for the ACL configuration examples.

 

You could check on how to manage or modify the VPN policy on pages 381-389 of the FVS336Gv3 reference manual here.  

 

 

Regards,

 

DaneA
NETGEAR Community Team

 

Message 6 of 11
vpnman
Guide

Re: FVS336Gv3 - Help in configuring router

Hi DaneA,

 

Thanks for your response.  Can you advise what's the difference between GS108Tv2/GS110TP vs M4100 specifically on IP ACL capability?   What can the M4100 do that the GS108Tv2/GS110TP can't do?

 

Regards,

vpnman

 

Message 7 of 11
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

I believe the IP ACL capability is the same for both the GS108Tv2/GS110TP switches and the M4100 series switches.  The only difference I found is that  based on the M4100 software administration manual with firmware version 10.0.x here, it has added features, namely:  ACL Mirroring and ACL Redirection.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 8 of 11
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance.  If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 


Regards,

 

DaneA

NETGEAR Community Team
 

Message 9 of 11
vpnman
Guide

Re: FVS336Gv3 - Help in configuring router

Hi DaneA,

 

From your recommendation, we've purchased a new Netgear switch with IP ACL capability.  We'll mark "Accepted Solution" after we try this on the new switch and it does what we want it to do.

 

Regards,

vpnman

Message 10 of 11
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 - Help in configuring router

Hi vpnman,

 

Just want to follow-up.  Any updates?  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 11 of 11
Discussion stats
  • 10 replies
  • 4442 views
  • 3 kudos
  • 2 in conversation
Announcements