Question about NetGear ProSafe FVS338 (FVS338NA) Firewall

1 Answer

Box to Box connections to nowhere

I have the FVS338 in our corporate office running three box to box connections between an office in NY, and plant in TN, and the owners house. From July until end of November these worked flawlessly.

Out of nowhere in November they just stopped working. Sometimes one of them will connect but it will only last a few hours. Never will they all connect at the same time.

Originally we blamed this on Bellsouth as it happened on the same day as their DNS servers crashed. But Bellsouth maintains that their side is fixed, however our box to box connections have never recovered.

We even did the Netgear firmware upgrade - still no go.

They are all the same router, running the same firmware, all the connects click, packets look like their moving but we go no where. No network drives, no IP phones, if you ping a network drive over a vpn tunnel it times out, if you traceroute it, it dies at hop 3.

Any help would be really appreciated

Posted by on

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points


    An expert that gotĀ 5 achievements.


    An expert that hasĀ over 500 points.


    An expert who has answered 200 questions.

  • Expert
  • 306 Answers
Re: Box to Box connections to nowhere

Its hard when there is 3 network places miles apart. when you were first up and running did your admin make a disk to run in each computer? I would start over from scratch and uninstall and reload onall three places. alls it takes is some one in one of 3 places to change one of there setings to knock the whole network down. who set it up for you in the begining needs to help you again., sorry I dont have much help nfor you

Posted on Jan 04, 2008

Add Your Answer

0 characters

Uploading: 0%


Complete. Click "Add" to insert your video. Add


3 Points

Related Questions:

1 Answer

NAT session table is full

For each connection (TCP or UDP) that your firewall manages to NAT (ie network translate) keeps track on a in memory table. If it gets full means you've too many open connections. This is often the case when using P2P programs such as Torrent, eMule etc.

You can:
1) reduce the connection usage on the P2P application
2) reduce the connection timeout, in order to force the firewall to close stalled connections, recovering some free entry on the nat table
3) upgrade the appliance to something more heavy duty. Any box running pfSense for example could be a good choice: the web GUI is quite similar to the ZyWall one, but the software is both free and more powerful...

Dec 11, 2013 | Zyxel ZyWALL 70 Firewall


Why can Networked Devices not be used when a VPN connection is active?

With most VPNs, as soon as the VPN connection is established, it will take precedence over all other network connections. Access to the Internet (other than to keep the VPN connection itself alive) will go via the VPN and the corporate network you are connected to, rather than the local ISP. Furthermore, access to the local network is temporarily disabled.

As a result, your local print server may not be accessible,
you cannot use devices via the Network USB hub, or the USB ports on your router (if it has these), you may not even be able to access your local router's configuration page or ping the router or other machines in the local network.

This is done because of security reasons.
When a computer is connected to a corporate network via a VPN, the administrator needs to make sure that that machine can not act as a some form of a gateway enabling other machines in the local network to access that corporate network in any way. For that reason, the machine connecting via the VPN must temporarily be isolated from the local network.

on May 05, 2010 | Network Security & Firewall Devices

1 Answer

Netgear cli

NETGEAR FVS338 Comand Line Interface (CLI)

FVS338: />
bin/ config/ stats/

FVS338: /bin>
ls - lists available commands
cd - changes current working directory
help - Used to list directory or help for a specific command
version - Get the Product/ModSets Version history of the image. Usage : version -all
logout - Closes the Current Session
shell - Run a unix shell
linux-version - Prints the Linux-Mod-Set Version
ping - ping <ipaddress/host> [-c count] [-f] [-s packetsize]
ICMP ECHO REQUEST Check statistics

FVS338: /config>
sys/ sntpc/ ip/ ether/ polgrp/
userdb/ ldsv/ snet/ ad/ iapd/
firewall/ relay/ upn/ algs/ tcpreasm/
diag/ trace/ ike/ spd/ sad/
ipsec/ dnsrd/ ddns/ dhcpc/ ipreasm/
dhcpd/ dhcpr/ rtrid/ macdatabase/ cmgr/
scep/ ldap/ syslog/ mesgthrt/
ocsp/ domain/ wan/ snmp/
lxos/ interfaces/ webproxy/ http/

FVS338: /config/sys>
setzone - sets system time zone. Usage: setzone +/-hh:mm abbrivation <-dst [set/reset]>
settime - sets system time. Usage: settime mm-dd-yyyy hh:mm:ss
time - displays system time. Usage: time
reboot - Reboots the system. Usage: reboot
facdefault - Sets factory defaults. Needs reboot
boxtype - Displays the box configuration type(SOHO(SME)/MTU). Syntax: boxtype
syslist - Displays all the system variables USAGE: SysList
syscontact - sets the system contact person info :USAGE SysContact <CONTACT ADDRESS>
sysname - sets the name of this node :USAGE SysName <name string>
syslocation - sets the physical Location of this node :USAGE SysLocation <name string>
domainname - sets the domain name:USAGE domainname <domain name string>
startcap - Starts packet capture :USAGE startcap <IfaceName> [-c NoOfPackets] :Ex startcap ixp0 -c 20
stopcap - Stops the packet capture :USAGE stopcap

FVS338: /config/sntpc>
sntpenable - USAGE: sntpenable [-i <timezone Index>]
1 - UK,GreenWich,Casablanca,Monrovia (GMT).
2 - Eniwetok,Kwajalein (GMT-12:00).
3 - Midway I., Samoa (GMT-11:00).
4 - Hawaii (GMT-10:00).
5 - Marqesas Is. (GMT-9:30).
6 - Alaska (GMT-9:00).
7 - Pitciarn Is. (GMT-8:30).
8 - Pacific Time ..US and Canada (GMT-8:00).
9 - Arizona (GMT-07:00).
10 - MountainTime(USA)(GMT-7:00).
11 - CentralTime(USA),Mexico City,Tequciqalpa (GMT-6:00).
12 - Indiana East (GMT-05:00).
13 - EasternTime(USA),Bogota,Lima,Quito (GMT-5:00).
14 - AtlanticTime,Caracas,La Paz (GMT-4:00).
15 - Newfoundland (GMT-03:30).
16 - Brasilia,Beunos Aires,Georgetown (GMT-3:00).
17 - Mid-Atlantic (GMT-2:00).
18 - Azores,Cape Verde Is. (GMT-1:00).
19 - Europe (GMT+1:00).
20 - Egypt,Finland,Romania,Turkey,Greece,Jordan(GMT+2:0 0).
21 - Israel(GMT+02:00).
22 - Mascow,St.Petersburg,Iraq,Syria(GMT+03:00).
23 - Iran (GMT+3:30).
24 - Armenia, Azerbaijan (GMT+4:00).
25 - Afghanistan (GMT+4:30).
26 - Pakistan,Russia (GMT+5:00).
27 - India (GMT+5:30).
28 - Bangladesh,Russia (GMT+6:00).
29 - Burma (GMT+6:30).
30 - Thailand, Combodia, Laos (GMT+07:00).
31 - China,kuala Lumpur,Singapore,Philippines,Perth(GMT+08:00).
32 - Japan,Korea,Russia (GMT+09:00).
33 - Adelaide (GMT+9:30).
34 - Brisbane,Gaum,Papua New Guinea,Tasmania (GMT+10:00).
35 - Sydney,Melbourne,canberra (GMT+10:00).
36 - Lord Howe I. (GMT+10:30)
37 - Solomon Is., Magadan,Russia (GMT+11:00).
38 - Norfolk I. (GMT+11:30)
39 - New Zealand,Fiji,Kamchatka,Marshall Is.(GMT+12:00).
40 - Tonga (GMT+13:00).
41 - Kiribati,Western Samoa (GMT+14:00).
addservers - USAGE: addservers <Primary Server Domain Name/IP Address> [-pp <Primary Server Port>]
[[-s <Secondary Server Domain Name/IP Address>] [-sp <Secondary Server Port>]]
Public SNTP Servers list:
listservers - list servers ....
sntpdisable - Disables the sntp client....
show - Displays the Sntp Client Parameters...
delservers - Delete servers...
Usage : delservers <prim/sec/all> (primary server/secondary servers /both )

FVS338: /config/ip>
route/ rip/
address - address <ifname> <static/dynamic>[if static only:-><-ip <ipaddr>/<mask'bits>>]
[-rip <enable/disable>] [if dynamic only:-><-dfrt enable/disable>,
we need to tell whether DHCP client should add default route corresponding to
the gateway it got from DHCP server]
alias - alias <interface> <ipaddress> [-m mask] [-b broadcast]
up - USAGE : Up <interface>
down - down <interface>
list - list [-i interface] lists all the statistics
stats - USAGE : stats

FVS338: /config/ip/route>
add - add <ipaddr'default> <gw> <mask> <iface> <metric>
Ex: add eth0 15
del - del <ipaddr'default> <gw> <mask> <iface> <metric>
list - lists all the routing table entries

FVS338: /config/ip/rip>
showrec - To show records: showrec [-name <record name>]
delrec - To delete a rip record: delrec <rip record name>
addrec - To add a rip record: addrec <record name>
<version: 1[for RIPv1] or 2[for RIPv2] or
3[for RIPv2(RIPv1 compatible)]>
<direction control: Tx or Rx or TxRx>
[-auth <authtype: 0(AUTHNONE), 2(SIMPLE) or 3(MD5)>]
[-id1 <authid1>] [-key1 <authkey1>]
[-starttime1 <starttime1>] [-stoptime1 <stoptime1>]
[-id2 <authid2>] [-key2 <authkey2>]
[-starttime2 <starttime2>] [-stoptime2 <stoptime2>]

Note: For Simple authentication use opt parameter [-key1 <authkey1>]
to enter Password
For starttimes and stoptimes:: Time format: <mm/dd/yyyy'hr:min:sec>
Example: -starttime1 6/6/2001'5:30:00
modrec - To modify a rip record: modrec <record name>
<version: 1[for RIPv1] or 2[for RIPv2] or
3[for RIPv2(RIPv1 compatible)]>
<direction control: Tx or Rx or TxRx>
[-auth <authtype: 0(AUTHNONE), 2(SIMPLE) or 3(MD5)>]
[-id1 <authid1>] [-key1 <authkey1>]
[-starttime1 <starttime1>] [-stoptime1 <stoptime1>]
[-id2 <authid2>] [-key2 <authkey2>]
[-starttime2 <starttime2>] [-stoptime2 <stoptime2>]

Note: For Simple authentication use opt parameter [-key1 <authkey1>]
to enter Password

For starttimes and stoptimes:: Time format: <mm/dd/yyyy'hr:min:sec>
Example: -starttime1 6/6/2001'5:30:00
list - List RIP list : list [-name <ifname>]
merge - Set Merge on or off : merge on'off
senddefault - Set SendDefault on or off : senddefault on'off
subnets - Enable/Disable subnets : subnets on'of

Feb 27, 2012 | NetGear Network Security & Firewall...

1 Answer

How to login netgear prosafe vpn firewall

U can login to the prosafe vpn firewall using

And for further Queries u can read the documentation :

Jan 02, 2010 | NetGear ProSafe FVS338 (FVS338NA) Firewall

1 Answer

VPN connects Remote desktop will not

Make sure that the firewall doe's nt block tcp traffic on port 3389.
Hope this help.
Usually all the traffic should be allowed thru the tunnel.

Sep 03, 2008 | Network Security & Firewall Devices

1 Answer

Watchguard site to remote offices

What have you done to date, what is the Config on both sides.
Let me know

Jan 19, 2008 | WatchGuard Technologies FireBox SOHO 6...

1 Answer

Admin log in

This should give you an idea of how to proceed in a recovery

Sep 27, 2007 | Black Box Security Administrator...

1 Answer

Port Forwarding

Instructions for DG834, DG834G, DG824M, FR114W, FM114P, FR114P, FR328S, FVL328, FVS328, FVS338, FVX538, FWAG114, FWG114P, or FVS318v3 These routers do port forwarding by assigning port numbers to a "service" associated with the application you want to run. "Rules" are set for particular services. Rules block or allow access, based on various conditions such as the time of day and the name of the service. To Create a New Inbound or Outbound Rule 1. Submit the router's address in an Internet browser. (The default is 2. Enter the router's username and password. 3. From the main menu, click Security > Rules. 4. Click Add for inbound or outbound traffic, as appropriate to the application you are planning to run. 5. Select the Service. The services the router knows about are listed in the drop down. If the service you want is not listed, add it as described in the next section. 6. Select the Action, for example ALLOW always. 7. For Send to LAN Server, enter the IP address of the local server. Note that this is also the IP address the computers on your LAN will access. 8. For WAN User choose Any, or limit access to particular IP addresses. 9. For Log selection it is reasonable to turn logs on, especially at the beginning when you are unsure of the result of the changes you are making. Later, you may want to set logs to "Never" for performance reasons. 10. Click Apply. As noted in user manual for some models: * Consider using the Dynamic DNS feature on the Advanced menu, so that external users can find your network when the DHCP lease is renewed by your ISP. * If your own LAN server uses DHCP, and your IPs change on rebooting, consider using the Reserved IP Address feature in the LAN IP menu. To Add a Service for These Routers 1. Click Security > Services > Add Custom Service. 2. Enter any name you choose for the service. 3. Select whether the service is to use TCP or UDP. If you are unsure, select both. 4. Enter the lowest port number used by the service. 5. Enter the highest port number used. If the service uses only one port number, enter the same number. 6. Click Apply.

Feb 19, 2006 | NetGear ProSafe FVS338 (FVS338NA) Firewall

Not finding what you are looking for?
NetGear ProSafe FVS338 (FVS338NA) Firewall Logo

Related Topics:

111 people viewed this question

Ask a Question

Usually answered in minutes!

Top NetGear Network Security & Firewall Devices Experts


Level 2 Expert

152 Answers


Level 3 Expert

4327 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a NetGear Network Security and Firewall Device Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides