Netgear FM114P, FR114P, FR114W Reference Guide

Reference Manual for the Model FR114P, FR114W and FM114P Cable/D SL ProSafe Firewall Family

NETGEAR,Inc.

4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR

SM-FM114PNA-0 May 2002

Trademarks

NETGEAR and Auto Uplink are trademarks or registered trademarks of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.

NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

EN 55 022 Declaration of Conformance

This is to certify that the FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).

Bestätigung des Herstellers/Importeurs

Es wird hiermit bestätigt, daß das FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall gemäß der im BMPT-AmtsblVfg243/1991 und Vfg 46/1992 aufgeführtenBestimmungenentstört ist. Das vorschriftsmäßigeBetreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungenin der Betriebsanleitung.

Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.

Certificate of t he Manufacturer/Importer

It is hereby certified that the FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.

Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.

Voluntary Control Council for Interference (VCCI) Statement

This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.

When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.

Technical Support

Refer to the Support Information Card that shipped with your FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall.

World Wide Web

NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.

iii

About This Guide

Typographical Conventions ............................................................................................. xv

Special Message Formats ...............................................................................................xvi

Technical Support ............................................................................................................xvi

Related Publications ........................................................................................................xvi

Chapter 1 Introduction

About the NETGEAR ProSafe Firewalls .........................................................................1-1

Key Features ..................................................................................................................1-1

A Powerful, True Firewall .........................................................................................1-2

Content Filtering .......................................................................................................1-3

Configurable Ethernet Connection ...........................................................................1-3

Protocol Support ......................................................................................................1-3

Easy Installation and Management ..........................................................................1-4

Maintenance and Support ........................................................................................1-5

Chapter 2 SettingUptheHardware

Package Contents ..........................................................................................................2-1

Local Network Hardware Requirements .........................................................................2-2

PC Requirements ..............................................................................................2-2

Access Device Requirement .............................................................................2-2

The Firewall’s Front Panel ..............................................................................................2-3

The Firewall’s Rear Panel ..............................................................................................2-4

Connecting the Firewall ..................................................................................................2-4

Connecting to Your Internet Access Device .............................................................2-5

Connecting to your Local Ethernet Network .............................................................2-5

Preparing your Wireless Devices .............................................................................2-6

Installing a Wireless Card in the FR114W .........................................................2-6

Connecting the Power Adapter ................................................................................2-6

Contents v

Verifying Connections .....................................................................................................2-7

Chapter 3 Preparing Your Network

Preparing Your Personal Computers for IP Networking .................................................3-1

Configuring Windows 95, 98, and ME for IP Networking ................................................3-2

Install or Verify Windows Networking Components ..................................................3-2

Assign TCP/IP configuration by DHCP ....................................................................3-4

Selecting Internet Access Method ............................................................................3-4

Verifying TCP/IP Properties .....................................................................................3-5

Configuring Windows NT or 2000 for IP Networking ......................................................3-5

Install or Verify Windows Networking Components ..................................................3-5

Verifying TCP/IP Properties .....................................................................................3-6

Configuring the Macintosh for IP Networking .................................................................3-6

MacOS 8.6 or 9.x ...............................................................................................3-7

MacOS X ...........................................................................................................3-7

Verifying TCP/IP Properties (Macintosh) ..................................................................3-8

Your Internet Account .....................................................................................................3-8

Login Protocols ........................................................................................................3-9

Account Information .................................................................................................3-9

Obtaining ISP Configuration Information (Windows) .......................................3-10

Obtaining ISP Configuration Information (Macintosh) .....................................3-11

Restarting the Network .................................................................................................3-11

Ready for Configuration ................................................................................................3-12

Chapter 4 Basic Configuration

Accessing the Web Configuration Manager ...................................................................4-1

Configuration using the Setup Wizard ............................................................................4-4

Configuring for Dynamic IP Account ........................................................................4-5

Configuring for Fixed IP Account .............................................................................4-6

Configuring for an Account with Login .....................................................................4-7

Manual Configuration .....................................................................................................4-8

Completing the Configuration .........................................................................................4-9

Chapter 5 Security

What is a Firewall ...........................................................................................................5-1

vi Contents

Security Log ....................................................................................................................5-2

Examples of log messages ......................................................................................5-4

Activation and Administration ............................................................................5-4

Dropped Packets ...............................................................................................5-4

Block Sites ......................................................................................................................5-5

Rules ..............................................................................................................................5-6

Inbound Rules (Port Forwarding) .............................................................................5-8

Inbound Rule Example: A Local Public Web Server ..........................................5-9

Inbound Rule Example: Allowing Videoconference from Restricted Addresses 5-10

Considerations for Inbound Rules: ..................................................................5-10

Outbound Rules (Service Blocking) .......................................................................5-11

Following is an application example of outbound rules: ..................................5-11

Outbound Rule Example: Blocking Instant Messenger ...................................5-11

Order of Precedence for Rules ..............................................................................5-12

Default DMZ Server ...............................................................................................5-12

Respond to Ping on Internet WAN Port .................................................................5-13

Services ........................................................................................................................5-14

Schedule .......................................................................................................................5-16

Time Zone ........................................................................................................5-17

E-Mail ...........................................................................................................................5-18

Chapter 6 Wireless

Wireless Settings ............................................................................................................6-2

Identification ......................................................................................................6-2

Options ..............................................................................................................6-3

Access Point ......................................................................................................6-3

Configuring WEP (Wired Equivalent Privacy) .................................................................6-4

Restricting Wireless Access by MAC Address ...............................................................6-5

Additional Notes .............................................................................................................6-6

Security ....................................................................................................................6-6

Placement and Range ..............................................................................................6-6

Chapter 7 Print Server

Network Printing from Windows .....................................................................................7-1

Installing the PTP Driver ..........................................................................................7-1

Contents vii

Printer Management ..........................................................................................7-3

Port Options .......................................................................................................7-3

LPD/LPR Printing from Windows .............................................................................7-4

Windows NT 4.0 Server Configuration ..............................................................7-5

Client PC Setup for LPD/LPR Printing ...............................................................7-7

Network Printing from the Macintosh ..............................................................................7-9

MacOS 8 or 9 Configuration .....................................................................................7-9

MacOS X Configuration .........................................................................................7-10

Network Printing from Linux .........................................................................................7-10

Troubleshooting the Print Server ..................................................................................7-10

Chapter 8 Maintenance

System Status .................................................................................................................8-1

Attached Devices ............................................................................................................8-4

Changing the Administration Password ..........................................................................8-4

Configuration File Settings Management .......................................................................8-5

Restore and Backup the Configuration ....................................................................8-6

Erase the Configuration ...........................................................................................8-6

Router Upgrade ..............................................................................................................8-7

Diagnostics .....................................................................................................................8-8

Ping an IP Address ..................................................................................................8-8

Perform a DNS Lookup ............................................................................................8-8

Display the Routing Table ........................................................................................8-9

Reboot the Router ....................................................................................................8-9

Chapter 9 Advanced Configuration

Dynamic DNS .................................................................................................................9-1

LAN IP Setup ..................................................................................................................9-3

LAN TCP/IP Setup ...................................................................................................9-3

MTU Size .................................................................................................................9-5

DHCP .......................................................................................................................9-5

Use router as DHCP server ...............................................................................9-5

Reserved IP adresses .......................................................................................9-6

Static Routes ..................................................................................................................9-6

Static Route Example ...............................................................................................9-8

viii Contents

Remote Management .....................................................................................................9-9

Chapter 10 Troubleshooting

Basic Functioning .........................................................................................................10-1

Power LED Not On .................................................................................................10-2

Test LED Never Turns On or Test LED Stays On ...................................................10-2

Local or Internet Port Link LEDs Not On ................................................................10-2

Troubleshooting the Web Configuration Interface ........................................................10-4

Troubleshooting the ISP Connection ............................................................................10-5

Troubleshooting a TCP/IP Network Using a Ping Utility ...............................................10-6

Testing the LAN Path to Your Firewall ....................................................................10-6

Testing the Path from Your PC to a Remote Device ..............................................10-7

Restoring the Default Configuration and Password ......................................................10-8

Using the Default Reset button ..............................................................................10-8

Problems with Date and Time .......................................................................................10-8

Appendix A Technical Specifications

Appendix B Networks, Routing, and Firewall Basics

Basic Router Concepts .................................................................................................. B-1

What is a Router? ................................................................................................... B-1

Routing Information Protocol ................................................................................... B-2

IP Addresses and the Internet ................................................................................. B-2

Netmask .................................................................................................................. B-4

Subnet Addressing .................................................................................................. B-5

Private IP Addresses ............................................................................................... B-7

Single IP Address Operation Using NAT ................................................................. B-8

MAC Addresses and Address Resolution Protocol ................................................. B-9

Domain Name Server .............................................................................................. B-9

IP Configuration by DHCP .................................................................................... B-10

Internet Security and Firewalls .................................................................................... B-10

What is a Firewall? ................................................................................................ B-10

Stateful Packet Inspection ......................................................................................B-11

Denial of Service Attack .........................................................................................B-11

Wireless Networking .................................................................................................... B-12

Contents ix

Wireless Network Configuration ............................................................................ B-12

Ad-hoc Mode (Peer-to-Peer Workgroup) ........................................................ B-12

Infrastructure Mode ........................................................................................ B-12

Extended Service Set Identification (ESSID) ........................................................ B-13

Authentication and WEP Encryption ..................................................................... B-13

Wireless Channel Selection .................................................................................. B-14

Ethernet Cabling .......................................................................................................... B-15

Uplink Switches and Crossover Cables ................................................................ B-16

Cable Quality ......................................................................................................... B-16

Glossary Index

x Contents

Figure 2-1. FR114P Front Panel ................................................................................2-3

Figure 2-2. FR114P Rear Panel .................................................................................2-4

Figure 4-1. Login window ...........................................................................................4-2

Figure 4-2. Browser-based configuration main menu ................................................4-3

Figure 4-3. Setup Wizard menu for Dynamic IP address ...........................................4-5

Figure 4-4. Setup Wizard menu for Fixed IP address ................................................4-6

Figure 4-5. Setup Wizard menu for PPPoE login accounts ........................................4-7

Figure 5-1. Logs menu ...............................................................................................5-2

Figure 5-2. Block Sites menu .....................................................................................5-5

Figure 5-3. Rules menu ..............................................................................................5-6

Figure 5-4. Rule example: A Local Public Web Server ..............................................5-9

Figure 5-5. Rule example: Videoconference from Restricted Addresses .................5-10

Figure 5-6. Rule example: Blocking Instant Messenger ...........................................5-11

Figure 5-7. Rules table with examples .....................................................................5-12

Figure 5-8. Services menu .......................................................................................5-14

Figure 5-9. Add Custom Service menu ....................................................................5-15

Figure 6-1. Wireless Settings menu ...........................................................................6-2

Figure 6-2. Wireless WEP menu ................................................................................6-4

Figure 6-3. Wireless Access menu .............................................................................6-5

Figure 8-1. System Status screen ..............................................................................8-1

Figure 8-2. Router Statistics screen ...........................................................................8-3

Figure 8-3. Attached Devices menu ...........................................................................8-4

Figure 8-4. Set Password menu .................................................................................8-5

Figure 8-5. Settings Backup menu .............................................................................8-6

Figure 8-6. Router Upgrade menu .............................................................................8-7

Figure 8-7. Diagnostics menu ....................................................................................8-8

Figure 9-1. Dynamic DNS menu ................................................................................9-2

Figure 9-2. LAN IP Setup Menu .................................................................................9-3

Figure 9-3. Static Routes Summary Table ..................................................................9-7

Figure 9-4. Static Route Entry and Edit Menu ............................................................9-7

Figure B-1. Three Main Address Classes .................................................................. B-3

Figure B-2. Example of Subnetting a Class B Address ............................................. B-5

Figure B-3. Single IP Address Operation Using NAT ................................................ B-8

xii

Table 2-1. LED Descriptions .....................................................................................2-3

Table 5-1. Log entry descriptions ..............................................................................5-3

Table 5-2. Log action buttons ....................................................................................5-3

Table 8-1. Menu 3.2 - System Status Fields .............................................................8-2

Table 8-2. Router Statistics Fields ...........................................................................8-3

Table B-1. Netmask Notation Translation Table for One Octet ................................. B-6

Table B-2. Netmask Formats .................................................................................... B-6

Table B-3. 802.11 Radio Frequency Channels ....................................................... B-14

Table B-4. UTP Ethernet cable wiring, straight-through ......................................... B-15

xiii

xiv

About This Guide

Congratulations on your purchase of the NETGEAR™FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall. A firewall is a special type of router that incorporates features for security. The NETGEAR ProSafe Firewall is a complete security solution that protects your network from attacks and intrusions.

This guide describes the features of the firewall and provides installation and configuration instructions.

Typographical Conventions

This guide uses the following typographical conventions: italics Book titles and UNIX file, command, and directory names.

courier font Screen text, user-typed command-line entries.

Initial Caps Menu titles and window and button names. [Enter] Named keys in text are shown enclosed in square brackets. The notation

[Enter] is used for the Enter key and the Return key.

[Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text

linked with a plus (+) sign.

ALL CAPS DOS file and directory names.

About This Guide xv

ReferenceManualfortheModelFR114P,FR114WandFM114PCable/DSLProSafeFirewallFamily

Special Message Formats

This guide uses the following formats to highlight special messages:

Note: This format is used to highlight information of importance or special interest.

Caution: This format is used to highlight information that will help you prevent

equipment failure or loss of data.

Warning: This format is used to highlight information about the possibility of injury or

equipment damage.

Danger: This format is used to alert you that there is the potential for incurring an

electrical shock if you mishandle the equipment.

Technical Support

For help with any technical issues, contact Customer Support at 1-888-NETGEAR, or visit us on the Web at www.NETGEAR.com. The NETGEAR Web site includes an extensive knowledge base, answers to frequently asked questions, and a means for submitting technical questions online.

Related Publications

As you read this document, you m ay be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organizationthat defines the architecture and operation of the Internet. The RFC documents outline and define the standard protocols and procedures for the Internet. The documents are listed on the World Wide Web at www.ietf.org andaremirroredandindexedat many other sites worldwide.

xvi About This Guide

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.

For more information about IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

About This Guide xvii

Chapter 1

Introduction

This chapter describes the features of the NETGEAR FR114P, FR114W and FM114P Cable/DSL ProSafe Firewalls.

About the NETGEAR ProSafe Firewalls

The NETGEAR ProSafe Firewall is a complete security solution that protects your network from attacks and intrusions. Unlike simple Internet sharing routers that rely on NAT for security,the NETGEAR ProSafe Firewall uses Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection. The NETGEAR ProSafe Firewall allows Internet access for up to 253 users. The ProSafe Firewall family consists of these three products:

• FR114P Firewall with Print Server

• FR114W Wireless-Ready Firewall

• FM114P Wireless Firewall with Print Server The FR114P and FM114P firewalls include a built-in print server, allowing the sharing of a printer

by all PCs on your network. The FM114P firewall includes an 802.11b-compliant wireless access point, while the FR114W firewall can be upgraded to an access point by adding a NETGEAR

802.11b wireless adapter card.

Key Features

The NETGEAR ProSafe Firewalls offer the following features.

Introduction 1-1

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

A Powerful, True Firewall

Unlike simple Internet sharing NAT routers, the NETGEAR ProSafe Firewall is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:

• Denial of Service (DoS) protection Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.

• Blocks unwanted traffic from the Internet to your LAN.

• Blocks access from your LAN to Internet locations or services that you specify as off-limits.

• Logs security incidents The NETGEAR ProSafe Firewall will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. Youcan configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs.

Wireless Access Point

The FM114P firewall includes an 802.11b-compliant wireless access point, while the FR114W firewall can be upgraded to an access point by adding a NETGEAR 802.11bwireless adapter card. With an integrated wireless access point, the firewall provides continuous, high-speed 11 Mbps access between your wireless and Ethernet devices. The access point provides:

• 802.11b Standards-based wireless networking at up to 11 Mbps

• 64-bit and 128-bit WEP encryption security

• WEP keys can be generated manually or by passphrase

• Wireless access can be restricted by MAC address

Integrated Print Server

The FR114P and FM114P NETGEAR ProSafe Firewalls include a built-in print server. A print server eliminates the bottleneck of a dedicated always-on PC print server and supports multiple print jobs simultaneously.

• Protocol Support PTP (Peer-to-Peer) over TCP/IP for Windows LPR printing for Windows, Macintosh, or Linux

1-2 Introduction

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

• High-speed Parallel Port Connection 36 pin Centronics, bi-directional IEEE 1284 compliant (supports Nibble mode) with up to

1.5Mbps transfer rate

Content Filtering

With its content filtering feature, the NETGEAR ProSafe Firewall prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the firewall to log and report attempts to access objectional Internet sites.

Configurable Ethernet Connection

With its internal 4-port 10/100 switch, the NETGEAR ProSafe Firewall can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN interface is autosensing and is capable of full-duplex or half-duplex operation. An uplink switch is provided for cascading to an external Ethernet hub or switch.

Protocol Support

The NETGEAR ProSafe Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP).

For further information about TCP/IP, refer to Appendix B, “Networks, Routing, and Firewall

Basics.”

• IP Address Sharing by NAT The NETGEAR ProSafe Firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as Network Address Translation (NAT), allows the use of an inexpensive single-user ISP account.

• Automatic Configuration of Attached PCs by DHCP The NETGEAR ProSafe Firewall dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.

Introduction 1-3

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

• DNS Proxy When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.

• PPP over Ethernet (PPPoE) PPP over Ethernet is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as EnterNet or WinPOET on your PC.

•DynamicDNS Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The firewall contains a client that can connect to many popular Dynamic DNS services to register your dynamic IP address.

Easy Installation and Management

You can install, configure, and operate the NETGEAR ProSafe Firewall within minutes after connecting it to the network. The following features simplify installation and management tasks:

• Browser-based management Browser-based configuration allows you to easily configure your firewall from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizardis provided and online help documentation is built into the browser-based Web Management Interface.

• Smart Wizard The firewall automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account.

• Remote management The firewall allows you to login to the Web Management Interface from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.

• Diagnostic functions The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot.

• Visual monitoring The firewall’s front panel LEDs provide an easy way to monitor its status and activity.

1-4 Introduction

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the firewall:

• Flash EPROM for firmware upgrade

• Technical support seven days a week, twenty-four hours a day

Introduction 1-5

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

1-6 Introduction

Chapter 2

Setting Up the Hardware

This chapter describesthe hardware installation of the FR114P, FR114W and FM114P Cable/DSL ProSafe Firewalls.

Package Contents

The product package should contain the following items:

• FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall

• AC power adapter

• Category 5 (CAT5) Ethernet cable

• Resource CD, including: — This manual — Installer for Print server driver (applies to FR114P or FM114P only) — Application Notes, Tools, and other helpful information

• NETGEAR Cable/DSL ProSafe Firewall Installation Guide (for each model)

• Warranty and registration card

• Support information card

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.

Setting Up the Hardware 2-1

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Local Network Hardware Requirements

The NETGEAR ProSafe Firewall is intended for use in a network of personal computers (PCs) that are interconnected by twisted-pair Ethernet cables.

PC Requirements

To install and run the NETGEAR ProSafe Firewall over your network of PCs, each PC must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the PC will connect to your network at 100 Mbps, you must use a C ategory 5 (CAT5) cable such as the cable provided with your firewall.

Any PC that will connect to the firewall (FR114W and FM114P only) by a wireless connection must have an 802.11b-compliant wireless adapter card.

Access Device Requirement

The shared broadband access device (cable modem or DSL modem) must provide a standard 10 Mbps (10BASE-T) Ethernet interface.

2-2 Setting Up the Hardware

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

The Firewall’s Front Panel

The front panel of the NETGEAR ProSafe Firewall contains status LEDs. The FR114P front panel is shown in Figure 2-1

Figure 2-1. FR114P Front Panel

You can use some of the LEDs to verify connections. Table 2-1 lists and describes each LED on the front panel of the firewall. These LEDs are green when lit, except for the TEST LED, which is amber.

Table 2-1. LED Descriptions

Label Activity Description

POWER On Power is supplied to the firewall. TEST On

Off

PRINTER (These LEDs present only on FR114P and FM114P)

ACT Blinking Data is being transmitted or received by the Printer port. ALERT On (Amber) The connected printer is offline, is out of paper,or has a paper

INTERNET

100 (100 Mbps) On

Off

LINK/ACT (Link/Activity)

LOCAL

100 (100 Mbps) On

LINK/ACT (Link/Activity)

WLAN On The Wireless (WLAN) port is operating (FR114Wand FM114P)

On Blinking

Off On

Blinking

The system is initializing. The system is ready and running.

jam.

The Internet (WAN) port is operating at 100 Mbps. The Internet (WAN) port is operating at 10 Mbps.

The Internet port has detected a link with an attached device. Data is being transmitted or received by the Internet port.

The Local port is operating at 100 Mbps. The Local port is operating at 10 Mbps.

The Local port has detected a link with an attached device. Data is being transmitted or received by the Local port.

Setting Up the Hardware 2-3

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

The Firewall’s Rear Panel

The rear panel of the NETGEAR ProSafe Firewall contains port connections. The FR114P Firewall rear panel is shown in Figure 2-2

Figure 2-2. FR114P Rear Panel

The rear panel contains the following features:

• AC power adapter outlet

• Internet (WAN) Ethernet port for connecting the firewall to a cable or DSL modem

• Four Local (LAN) Ethernet ports for connecting the firewall to the local PCs

• Uplink switch for converting LAN port 4 to uplink (crossover) wiring

• Factory Default Reset pushbutton

• Parallel Printer port (FR114P and FM114P only)

• Wireless adapter slot (FR114W only)

• Wireless antenna (FM114P only)

Connecting the Firewall

Before using your firewall, you need to do the following:

• Connect your cable or DSL modem to the Internet port of the firewall (described next.

• Connect your local Ethernet network to the Local port(s) of the firewall (see page 2-5).

• Prepare your wireless devices.

• Install your wireless adapter card (FR114W only)

• Connect the power adapter (see page 2-6)

Note: The Resource CD included with your firewall contains an animated Connection Guide to

help you through this procedure.

2-4 Setting Up the Hardware

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Connecting to Your Internet Access Device

Your cable or DSL modem must provide a standard 10BASE-T or 100BASE-Tx Ethernet connection (not USB) for connection to your PC or network. The FR114P Firewall does not include a cable for this connection. Instead, use the Ethernet cable provided with your access device or any other standard Ethernet cable. Follow these steps:

1. Locate the Ethernet cable currentlygoing from your DSL or cable modem to the computer that

you use to access the Internet.

Note: You must use the existing cable to connect the modem to your firewall, not to connect

your PCs to your firewall. The Ethernet cable supplied by your ISP for connecting to your cable or DSL modem may be an Ethernet crossover cable rather than a normal straight-through cable.

2. Remove this cable from the computer and insert that end into the Internet port on the firewall.

3. Turn the cable or DSL modem off for ten seconds, then on again.

Connecting to your Local Ethernet Network

Your local area network (LAN) will attach to the firewall’s Local ports shown in Figure 2-2.The Local ports are capable of operation at either 10 Mbps (10BASE-T) or 100 Mbps (100BASE-Tx), depending on the Ethernet interface of the attached PC, hub, or switch. For any connection which will operate at 100 Mbps, you must use a Category 5 (CAT5) rated Ethernet cable, such as the cable included with the firewall.

The FR114P Firewall incorporates a four-port switch for connection to your local network. Ports 1 through 3 are permanently configured for MDI-X wiring, for connection to a PC. Port 4 can be set to MDI (Uplink) or MDI-X (Normal) by using the Normal/Uplink pushbutton switch.

Connect up to four PCs directly to any of the four Local ports of the firewall using standard Ethernet cables such as the one included with your firewall. If a PC is connected to port 4, be sure that the Normal/Uplink pushbutton switch is in the Normal position.

If your local network consists of more than four hosts, you will need to connect your firewall to another hub or switch. In t his case, connect port 4 of your firewall to any port of an Ethernet hub or switch, and set the Normal/Uplink pushbutton switch to the Uplink position.

Setting Up the Hardware 2-5

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Preparing your Wireless Devices

For the FM114P Wireless Firewall with Print Server, rotate the antenna to a vertical position and tighten the base.

Installing a Wireless Card in the FR114W

The FR114W Wireless-Ready Firewall can be upgraded to wireless operation by purchasing and installing a NETGEAR Model MA401 802.11b Wireless PC Card. The FR114W will function normally without a wireless adapter card, but will not have wireless connectivity. To install the MA401 Wireless PC Card in your FR114W, follow these steps:

1. Locate the wireless adapter card slot on the rear panel.

2. Remove the rubber dust cover from the slot.

3. Slide the MA401 card into the slot with the card’s front label and LED facing up.

4. Be sure that the MA401 card is securely seated into the internal connector.

The blue plastic end cap of the MA401card should be outside of the FR114W’s case.

Initial Configuration of Your Wireless PCs

Detailed instructions on configuring your wireless devices for TCP/IP networking are provided in the next chapter. However,if you already have a functioning wireless network and you wish to use a wireless PC to initially configure the firewall, you will need to change the settings of that PC to match the default settings of the firewall:

• The SSID should be Wireless (note the capitalization).

• WEP encryption is disabled.

• Your IP address must be in the range of 192.168.0.2 to 192.168.0.254, with a netmask of

255.255.255.0.

Connecting the Power Adapter

To connect the firewall to the power adapter:

1. Plug the connector of the power adapter into the power adapter outlet on the rear panel of the

firewall.

2. Plug the other end of the adapter into a standard wall outlet.

3. Verify that the Power LED on the firewall is lit.

2-6 Setting Up the Hardware

+ 120 hidden pages