Orbi WiFi 7 RBE973
Reply

FVS336Gv3 multi-NAT inbound firewall rules not working

transistor
Aspirant

FVS336Gv3 multi-NAT inbound firewall rules not working

I have about 30 Netgear FVS338 and a few FVS336Gv2 routers in use. I use them to firewall and provide multi-NAT between industrial machines and the WAN. The configuration has changed on the Gv3 models and I can't get a response from behind the firewall or from the router diagnostics page when using the WAN address.

 

In the examples below the WAN is 10.62.

 

FVS336Gv3 inbound rules.png

Figure 1. Two different devices showing two different configuration options.

 

FVS336Gv3 inbound rule 1.pngFVS336Gv3 inbound rule 2.png

Figures 2 and 3. I know the first one is wrong - it would only allow connection from that address. Have I set up the second one correctly to NAT WAN address 10.62.31.55 to LAN address 10.3.110.215?

 

Q1: Is Figure 3 set up correctly?

Q2: Why is it forcing me to create an address range? On the older routers I had the option of just one address.

Q3: Is anyone aware of any problems with this router?

 

 

 

Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 1 of 4

Accepted Solutions
transistor
Aspirant

Re: FVS336Gv3 multi-NAT inbound firewall rules not working

For anyone having the same problem, the FVS336Gv3 requires the manual addition of each new WAN-side address. It's buried in the menu structure:

 

FVS336Gv3 WAN address 0.png

 

Figure 1. Network Configuration | WAN Settings | WAN Setup | WAN1 - Edit.

 

 

FVS336Gv3 WAN address 1.png

Figure 2. Select Secondary Addresses.

 

FVS336Gv3 WAN address 2.png

Figure 3. Add the WAN addresses required.

 

Now setup the inbound firewall rules:

 

FVS336Gv3 inbound rule 3.png

Figure 4. Security | Firewall Rules | Add or Edit. Note that the WAN secondary addresses are available in the WAN Destination IP Address drop-down.

 

Password

There seems to be an issue with this router regarding session timeout. I have received them mutliple times on menu navigation and have to log in again and renavigate. Inactivity timeout is set to 90 minutes. I've never seen this problem on the earlier routers.

 

Also note that the password field now has a restricted character set. e.g., it doesn't accept '$'.

 

View solution in original post

Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 3 of 4

All Replies
DaneA
NETGEAR Employee Retired

Re: FVS336Gv3 multi-NAT inbound firewall rules not working

Hi transistor,

 

As I understand your concern, the configuration you have posted works on FVS338 and FVS336Gv2 but not on FVS336Gv2, am I right?  What is the current firmware version of the FVS336Gv3?  

 

Kindly post a screenshot or image of your detailed network diagram.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 4
transistor
Aspirant

Re: FVS336Gv3 multi-NAT inbound firewall rules not working

For anyone having the same problem, the FVS336Gv3 requires the manual addition of each new WAN-side address. It's buried in the menu structure:

 

FVS336Gv3 WAN address 0.png

 

Figure 1. Network Configuration | WAN Settings | WAN Setup | WAN1 - Edit.

 

 

FVS336Gv3 WAN address 1.png

Figure 2. Select Secondary Addresses.

 

FVS336Gv3 WAN address 2.png

Figure 3. Add the WAN addresses required.

 

Now setup the inbound firewall rules:

 

FVS336Gv3 inbound rule 3.png

Figure 4. Security | Firewall Rules | Add or Edit. Note that the WAN secondary addresses are available in the WAN Destination IP Address drop-down.

 

Password

There seems to be an issue with this router regarding session timeout. I have received them mutliple times on menu navigation and have to log in again and renavigate. Inactivity timeout is set to 90 minutes. I've never seen this problem on the earlier routers.

 

Also note that the password field now has a restricted character set. e.g., it doesn't accept '$'.

 

Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 3 of 4
train_wreck
Luminary

Re: FVS336Gv3 multi-NAT inbound firewall rules not working


@transistor wrote:

Password

There seems to be an issue with this router regarding session timeout. I have received them mutliple times on menu navigation and have to log in again and renavigate. Inactivity timeout is set to 90 minutes. I've never seen this problem on the earlier routers.

 


You can actually change this. It's under "Users" -> "<username>":

 

timeout.png

Message 4 of 4
Discussion stats
  • 3 replies
  • 4897 views
  • 0 kudos
  • 3 in conversation
Announcements