NETGEAR and Auto Uplink are trademar ks or registered trademarks of Netgear, Inc.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporat io n.
Other brand and product names are registered trademark s or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liabi l ity that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has b een tested and found to co mply with the limits f or a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential inst allation. This equipment generates, uses, and can radiate radio freq uency energy and, if not insta ll ed and
used in accordance with the inst ructions, m ay caus e harmful inte rference to radio c ommunic ations. Ho wever, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
•Reorient or relocate the receiving an t enna.
•Increase the separation between the equip ment and receiver.
•Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
•Consult the dealer or an experienced radio/TV technician for help.
EN 55 022 Declaration of Conformance
This is to certify that the FR328S Cable/DSL Pr oSafe Firewall with Dial Back-Up is shielded against the generation of
radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is
declared by the application of EN 55 022 Class B (C ISPR 22).
ii
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß dasFR328S Cable/DSL ProSafe Firewall with Dial Back-Up gemäß der im
BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben
einiger Geräte (z.B . Testsender) kann jedoch gewissen Beschrän kungen unterliegen. Lesen Sie dazu bitte die
Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the FR328S Cable/DSL ProSafe Firewall with Dial Back-Up has been suppressed
accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some
in
equipment (for example, test transm itt ers) i n accordance with the regulations may, however, be subject to certain
restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second categor y (information equipment to be used in a residentia l area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver, it may become the cause of radi o i nt erference.
Read instructions for correct handling.
Technical Support
Refer to the Support Information Card that shipped with your FR328S Cable/DSL ProSafe Firewall with Dial Back-Up.
World Wide Web
NETGEAR maintains a World Wide Web home page that you can access at the universal resource locat or (URL)
http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer
or Netscape are required.
Thank your for purchasing the NETGEAR™ FR328S Cable/DSL ProSafe Firewall with Dial
Back-Up.
This manual describes the features of the firewall and provides installation and configuration
instructions.
Audience
This reference manu al assumes th at the reade r has int ermediate to advanced com puter and Intern et
skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial
information is provided in the Appendices.
Typographical Conventions
This guide uses the following typographical conventions:
italicsBook titles and UNIX file, command, and directory names.
courier fontScreen text, user-typed com mand-line entries.
Initial CapsMenu titles and window and button names.
[Enter]Named keys in text are shown enclosed in square brackets. The notation
[Enter] is used for the Enter key and the Return key.
[Ctrl]+CTwo or more keys that must be pressed simultaneously are shown in text
linked with a plus (+) sign.
ALL CAPSDOS file and directory names.
About This Manualxiii
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
Special Message Forma ts
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Procedure: This format is used to let you know that you are following a sequence of
steps required to complete a task.
Warning: This format is used to highl igh t in for m at ion about the possibility of injur y or
equipment damage.
Danger: This format is used to alert you that there is the potential for incurring an
electrical shock if you mishandle the equipment.
Technical Support
For help with any technical issues, contact Customer Support at 1-888-NETGEAR, or visit us on
the Web at www.NETGEAR.com. The NETGEAR Web site includes an extensive knowledge
base, answers to frequently asked questions, and a means for submitting technical questions
online.
xivAbout This Manual
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
About This Manualxv
Chapter 1
Introduction
This chapter describes the features of the NETGEAR FR328S Cable/DSL ProSafe Firewall with
Dial Back-Up.
About the FR328S
The FR328S is a c omplete securit y solut ion that protec ts your network f rom at tacks a nd intru sions.
Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for
security, the FR328S uses S ta teful Pack et I nspect ion for Den ial of Ser vice (Do S) atta ck pro tection
and intrusion detectio n. The 8-port FR328S with aut o fail-over conn ectiv ity through the serial port
provides highly reliable Internet access for up to 253 users.
Key Features
The FR328S o ffers the followin g features.
A Powerful, True Firewall
Unlike simple Internet sharing NAT routers, the FR328S is a true firew all, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
•Denial of Service (DoS) protection
Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death,
SYN Flood, LAND Attack and IP Spoofing.
•Blocks unwanted traffic from the Internet to your LAN.
•Blocks access from your LAN to Internet locations or services that you specify as off-limits.
Introduction1-1
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
•Logs security incidents
The FR328S will log security events suc h as blocke d inco ming traffic, port scans, attack s, and
administrator logins. You can configure the firewall to email the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your email
address or email pager whenever a significant event occurs.
Content Filtering
With its content filtering feature, the FR328S prevents objectionable content from reaching your
PCs. The firewall allows you to control access to Internet content by screening for keywords
within Web addresses. You can configure the firewall to log and report attempts to access
objectionable Internet sites.
Configurable Auto Uplink™ Ethernet Connection
With its internal 8-port 10/100 switch, the FR328S can connect to either a 10 Mbps standard
Ethernet network or a 10 0 Mbps Fast Etherne t net work . Both the l ocal LAN and the I ntern et WAN
interfaces are autosensing and capable of full-duplex or half-duplex operation.
The firewall incorporates Auto UplinkTM technology. Each LOCAL Ethernet port will
automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’
connection such as to a PC or an ‘uplin k’ connecti on such as to a switch or hub. Th at port wil l then
configure itself to the correct configuration. This feature also eliminates the need to worry about
crossover cables, as Auto Uplink will accommodate either type of cable to make the right
connection.
Protocol Support
The FR328S supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing
Information Protocol (RIP).
further information on TCP/IP.
•IP Address Sharing by NAT
The FR328S allows severa l ne tworked PCs to share an Inte rne t ac count using only a single IP
address, which may be statically or dynamically assigned by your Internet service provider
(ISP). This technique, known as Network Address Translation (NAT), allows the use of an
inexpensive single-user ISP account.
1-2Introduction
Appendix B, “Networks, Routing, and Firewall Basics” provides
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
•Automatic Configuration of Attached PCs by DHCP
The FR328S dynamically assigns network configuration information, including IP, gateway,
and domain name server (DNS) addre sses, to attached PCs on the LAN using the Dynamic
Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on
your local network.
•DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the firewall provides its own
address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from
the ISP during connection setup and forwards DNS requests from the LAN.
•PPP over Ethernet (PPPoE)
PPP over Ethernet is a protocol for connecting remote hosts to the Internet over a DSL
connection by simulating a dial-up connection. This feature eliminates the need to run a login
program such as EnterNet or WinPOET on your PC.
•PPTP login support for European ISPs, BigPond login for Telstra cable in Australia.
•Dynamic DNS
Dynamic DNS services allow remote users to find your network using a domain name when
your IP address is not pe rman ent ly assigned. The firewall contai ns a client that can connect to
many popular Dynamic DNS services to register your dynamic IP address.
Easy Installation and Management
You can install, configure, and operate the FR328S within minutes after connecting it to the
network. The following features simplify installation and management tasks:
•Browser-based management
Browser-based configuration allows you to easily configure your firewall from almost any
type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup
Wizard is provided and online help documentation is built into the browser-based Web
Management Interface.
•Smart Wizard
The firewall automatically senses the type of Internet connection, asking you only for the
information required for your type of ISP account.
•Auto fail-over connectivity through an analog or ISDN modem connected to the serial port
If the cable or DSL modem I ntern et c onnect ion f ails , aft er a wait ing f or a n amount o f time you
specify, the FR328S c an aut omatic ally e stabl ish a backup ISDN or di al-u p Inte rnet connect ion
via the serial port on the firewall.
Introduction1-3
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
•Remote management
The firewall allows you to logi n t o the W eb Management Interface from a re mo te loc ati on vi a
the Internet. For security, you can limi t remote management access to a specified remote IP
address or range of addresses, and you can choose a nonstandard port number.
•Remote Access Server connectivity vial the serial port
•Diagnostic functions
The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote
reboot. These functi ons allow you to test Inter net conne ctivity and reboot the fi rewall. You can
use these diagnostic f unctions di rectly from the FR328S when your are conne ct on the LAN or
when you are connected over the Internet via the remote management function.
•Visual monitoring
The firewall’s front panel LEDs provide an easy way to monitor its status and activity.
•Flash EPROM for firmware upgrade
•Regional support, including ISPs like Telstra DSL and BigPond or Deutsche Telekom.
1-4Introduction
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
What’s in the Box?
The product package should contain the following items:
•FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
•AC power adapter
•Category 5 (CAT5) Ethernet cable
•Resource CD, including:
— This manual
— Application Notes, Tools, and other helpful information
•Warranty and registration card
•Support information card
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the product for repair.
The Firewall’s Front Panel
The front panel of the FR328S (Figure 1-1) contains status LEDs.
Figure 1-1: FR328S Front Panel
You can use some of the LEDs to verify connections. Table 1-1 lists and describes each LED on
the front pa nel of the fire wall.
Introduction1-5
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
These LEDs are green when lit, except for the TEST LED, which is amber.
Table 1-1:LED Descriptions
LabelActivityDescription
POWEROnPower is supplied to the firewall.
TESTOn
Off
MODEMOn/BlinkingThe port detected a link with the Internet WAN connection or
INTERNET
100On/BlinkingThe Internet port is operating at 100 Mbps.
LINK/ACT (Activity) On/BlinkingThe port detected a link with the Internet WAN connection and is
LOCAL
100 On/BlinkingThe Local port is operating at 100 Mbps.
LINK/ACT
On/BlinkingThe Local port has detected a link with a LAN connection and is
(Link/Activity)
The system is initializing.
The system is ready and running.
Remote Access Server. Blinking indicates data transmission.
operating at 10 Mbps. Blinking indicates data transmission.
operating at 10 Mbps. Blinking indicates data transmission.
The Firewall’s Rear Panel
The rear panel of the FR328S (Figure 1-2) contains the connections identified below.
MODEM
87654321
10/100M
INTERN ET
12VDCO.5A
LOCA L
Figure 1-2: FR328S Rear Panel
Viewed from left to right, the rear panel contains the following elements:
•DB-9 serial port for modem connection
•Factory Default Reset push button
•Eight Local Ethernet RJ-45 ports for connecting the firewall to the local computers
•Internet WAN Ethernet RJ-45 port for connecting the firewall to a cable or DSL modem
•AC power adapter input
1-6Introduction
Chapter 2
Connecting the Firewall to the Internet
This chapter describes how to set up the firewall on your Local Area Network (LAN), connect to
the Internet, perform basic configuration of your FR328S Cable/DSL ProSafe Firewall with Dial
Back-Up using the Setup Wizard, or how to manually configure your Internet connection.
What You Will Need Before You Begin
You need to prepare these three things before you can connect your firewall to the Internet:
1.A computer properly connected to the firewall as explained below.
2.Active Internet service such as that provided by a DSL or Cable modem account.
3.The Internet Service Provider (ISP) configuration information for your DSL or Cable modem
account.
LAN Hardware Requirements
The FR328S Firewall connects to your LAN via twisted-pair Ethernet cables.
Computer Requirements
To use the FR328S Firewall on your network, each computer must have an installed Ethernet
Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network
at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provide d with your fire wall.
Cable or DSL Modem Requirement
The cable modem or DSL modem must provide a standard 10 Mbps 10BASE-T or 100 Mbps
100BASE-T Ethernet interface.
Connecting the Firewall to the Internet2-1
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
LAN Configuration Requirements
For the initial connection to the Interne t and configuration of your firewall, you will need to
connect a computer to the firewal l which is set to automa ti cally get its TCP/IP configurati on fr om
the firewall via DHCP.
Note: Please refer to Appendix C, "Preparing Your Network" for assistance with DHCP
configuration.
Internet Configuration Requirements
Depending on how your ISP set up your Internet account, you will need one or more of these
configuration parameters to connect your firewall to the Internet:
•Host and Domain Names
•ISP Login Name and Password
•ISP Domain Name Server (DNS) Addresses
•Fixed or Static IP Address
Where Do I Get the Internet Configuration Parameters?
There are several ways you can gather the required Internet connection information.
•Your ISP should have provided you with all the inf orma ti on ne eded to connect to the Inte rne t.
If you cannot locate this information, you can ask your ISP to provide it or you can try one of
the options below.
•If you have a computer already connected using the active Internet access account, you can
gather the configuration information from that computer.
•For Windows 95/98/ME, open the Network control panel, select the TCP/IP entry for the
Ethernet adapter, and click Properties.
•For Windows 2000/XP, open the Local Area Network Connecti on, select the TCP/IP entry
for the Ethernet adapter, and click Properties.
•For Macintosh computers, open the TCP/IP or Network control panel.
•You may also refer to the FR328S Resource CD for the NETGEAR Router ISP Guide which
provides Internet connection infromation for many ISPs.
Once you locate your Internet configu ration par ameters , you may want to rec ord them on the page
below according to the instructions in
page 2-3.
2-2Connecting the Firewall to the Internet
“Record Your Internet Connection Information” on
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
Procedure 2-1: Record Your Internet Connection Information
1.Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP).
ISP Login Name: The login name an d pas swor d ar e ca se s ens itive and must be entered exact ly as
given by your ISP. Some ISPs use your full e -mail addr ess as the l ogin na me. The Ser vice Na me is
not required by all ISPs. If you connect using a login name and password, then fill in the
following:
Login Name: ______________________________ Password: ____________________________
Service Nam e: _____________________________
Fixed or Static IP Address: If you have a static IP address, record the following information. For
example, 169.254.141.148 could be a valid IP address.
Fixed or Static Internet IP Address: ______ . ______ . ______ . ______
Subnet Mask: ______ . ______ . ______ . ______
Gateway IP Address: ______ . ______ . ______ . ______
ISP DNS Se rver Addresses: If you were given DNS server addresses, fill in the following:
Primary DNS Server IP Address: ______ . ______ . ______ . ______
Secondary DNS Server IP Address: ______ . ______ . ______ . ______
Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or
home. If you haven’t been given host or domain names, you can use the following examples as a
guide:
•If your main e-mail account with your ISP is aaa@yyy.com, then use aaa as your host name.
Your ISP might call this your account, user, host, computer, or system name.
•If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.
ISP Host Name: _________________________ ISP Domain Name: _______________________
For Serial Port Internet Access: If you use a dial-up account, record the following:
Account/U ser Name: _________________________ Password: _________________________
Telephone number:
Connecting the Firewall to the Internet2-3
______________________ Alternative number: ______________________
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
Connecting the FR328S Firewall to Your LAN
This section provides instructions for connecting the FR328S Cable/DSL ProSafe Firewall with
Dial Back-Up to your
Note: The Resource CD included with your firewall con tains an animat ed Installat ion Assista nt to
help you through this procedure.
Procedure 2-2: Connecting the Firewall to Your LAN
There are three steps to connecting your firewall:
1.Connect the firewall to your network
2.Log in to the firewall
3.Connect to the Internet
Follow the steps below to connect your firewall to your network. You can also refer to the
Resource CD included wi th your firewa ll which contains an animat ed Inst allation As sistant to help
you through this procedure.
Local Area Network (LAN).
1.Connect the Firewall
a.Turn off your computer and Cable or DSL Modem.
2-4Connecting the Firewall to the Internet
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
b.Disconnect the Ethernet cable (A) from your computer which connects to your Cable or
DSL modem.
A
DSL modem
Figure 2-1: Disconnect the Cable or DSL Modem
c.Connect the Ethernet cable (A) from your Cable or DSL modem to the FR328S’s Internet
port.
DSL
modem
MODEM
LOCAL
10/100M
87654321
A
INTERNET
12VDCO.5A
Figure 2-2: Connect the Cable or DSL Modem to the firewall
Connecting the Firewall to the Internet2-5
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
d.Connect the Ethernet cable (B) which came with the firewall from a Local port on the
router to your computer.
DSL
modem
B
LOCAL
MODEM
10/100M
87654321
INTERNET
A
12VDCO.5A
Figure 2-3: Connect the computers on your network to the firewall
Note: The FR328S Firewall incorporates Auto UplinkTM technology. Each LOCAL Ethernet
port will automatically sense whether the cable plugged into the port should have a 'normal'
connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or
hub). That port will then configure itself to the correct configuration. This feature also
eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either
type of cab le to make the right connec tion.
e.Turn on the Cable or DSL modem and wait about 30 seconds for the lights to stop
blinking.
2.Log in to the Firewall
Note: T o conn ect to the fi rewall, your comput er needs to be conf igured to obt ain an IP addre ss
automatically via DHCP. Please refer to
Appendix C, "Preparing Your Network" for
instructions on how to do this.
a.Turn on the firewall and wait for the Test light to stop blinking.
b.Now, turn on your computer.
Note: If you usually run software to log in to your Internet connection, do not run that
software.
2-6Connecting the Firewall to the Internet
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
Now that the Cable or DSL Modem, firewall, and the computer are turned on, ve rify the
following:
•When power on the firewall was first turned on, the PWR light went on, the TEST light
turned on within a few seconds, and then went off after approximately 10 seconds.
•The firewall’s LOCAL LINK/ACT lights are lit for any compu ters th at are conne cted to it .
•The firewall’s INTERNET LINK light is lit, indicating a l ink has been e stablished to the
cable or DSL modem.
c.Next, use a browser like Internet Explorer or Netscape to log in to the firewall at its default
address of http://192.168.0.1.
Figure 2-4: Log in to the firewall
A login window opens as shown in Figure 2-5 below:
Figure 2-5: Login window
d.For security reasons, the firewall has its own user name and password. When prompted,
admin for the firewall User N ame and password for the firewall Password, both in
enter
lower case letters.
Note: The user name and password are not the same as any user name or password you
may use to log in to your Internet connection.
Connecting the Firewall to the Internet2-7
FR328S Cable/DSL ProSafe Firewall with Dial Back-Up
3.Connect to the Internet
Figure 2-6: Setup Wizard
a.You are now connected to the firewall. If you do not see the menu above, click the Setup
Wizard link on the upper left of the main menu. Click the Yes button in the Setup Wizard.
b.Please click Next to follow the steps in the Setup Wizard to input the configuration
parameters from your ISP to connect to the Internet.
Note: If you were unable to connect to the firewall, please refe r to “Basic Functions” on page 6-1.
Connecting the FR328S Firewall to the Internet
The firewall is now properly attached to your network. You are now ready to configure your
firewall to connect to the Internet. There are two ways you can configure your firewall to connect
to the Internet:
•Let the FR328S auto-detect the type of Internet connection you have and configure it.
•Manually choose which type of Internet connection you have and configure it.
These options are described below. In either case, unless your ISP automatically assigns your
configuration automatically via DHCP, you will need the configuration parameters from your ISP
you recorded in “Record Your Internet Connection Information” on page 2-3.
2-8Connecting the Firewall to the Internet
Loading...
+ 101 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.