NETGEAR FR328S User Manual

FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

NETGEAR, Inc.
4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR
M-10207-01, Reference Manual v2 October 2003
© 2003 by NETGEAR, Inc. Full Manual. All rights reserved.
Trademarks
NETGEAR and Auto Uplink are trademarks or registered trademarks of Netgear, Inc. Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruct ions, may cause harmf ul interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
EN 55 022 Declaration of Conformance
This is to certify that the FR328S ProSafe Firewall with Dial Back-Up is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
ii
M-10207-01, Reference Manual v2
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß dasFR328S ProSafe Firewall with Dial Back-Up gemäß der im BMPT-AmtsblVfg 243/ 1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the FR328S ProSafe Firewall wi th Dial Back-Up has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
Voluntary Contr ol Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference. Read instructions for correct handling.
Technical Support
Refer to the Support Information Card that shipped with your FR328S ProSafe Firewall with Dial Back-Up.
World Wide Web
NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
M-10207-01, Reference Manual v2
iii
iv
M-10207-01, Reference Manual v2

Contents

Chapter 1 About This Manual
Audience, Versions, Conventions ...................................................................................1-1
How to Use this Manual ..................................................................................................1-2
How to Print this Manual .................................................................................................1-3
Chapter 2 Introduction
Key Features ..................................................................................................................2-1
Full Routing on Both the Broadband and Serial Ports ........................ ... ... ... .... ... ... ..2-1
A Powerful, True Firewall with Comprehensive Content Filtering ............................2-2
Protocol Support ......................................................................................................2-2
Configurable Auto Uplink™ Ethernet Connection ....................................................2-3
Easy Installation and Management ..........................................................................2-3
What’s in the Box? ..........................................................................................................2-4
The Firewall’s Front Panel .......................................................................................2-5
The Firewall’s Rear Panel ........................................................................................2-6
Chapter 3 Connecting the Firewall to the Internet
What You Will Need Before You Begin .................................. .... .....................................3-1
Hardware Requirements ..........................................................................................3-1
Configuration Requirements ....................................................................................3-2
Internet Configuration Requirements ....................................................................... 3-2
Where Do I Get the Internet Configuration Parameters? ..................................3-2
Record Your Internet Connection Information ..........................................................3-3
Connecting the FR328S Firewall to Your LAN ...............................................................3-4
How to Connect the Firewall to Your LAN ................................................................3-4
Connecting the FR328S Firewall to the Internet ................... .................... ................... .. 3-8
How to Auto-Detect Your Internet Connection Type ................................................3-8
How to Complete the Wizard-Detected Login Account Setup ................................3-10
Contents v
M-10207-01, Reference Manual v2
How to Complete the Wizard-Detected Dynamic IP Account Setup ......................3-11
How to Complete Wizard-Detected Fixed IP Account Setup .................................3-12
Configuring a Serial Port as the Primary Internet Connection ......................................3-13
How to Configure the Serial Port for an Internet Connection .................................3-13
Testing Your Internet Connection ..................................................................................3-15
Manually Configuring Your Internet Connection ................. ... .... ... ... ... .... ... ... ... ... .... ... ...3-16
How to Manually Configure the Primary Internet Connection ................................3-17
Chapter 4 Serial Port Configuration
Configuring a Serial Port Modem ...................................................................................4-2
Basic Requirements for Serial Port Modem Configuration .......................................4-2
How to Configure a Serial Port Modem ....................................................................4-2
Configuring Auto-Rollover ..............................................................................................4-3
Basic Requirements for Auto-Rollover .....................................................................4-3
How to Configure Auto-Rollover ...............................................................................4-3
Configuring Dial-in on the Serial Port .............................................................................4-4
Basic Requirements for Dial-in .................................................................................4-5
How to Configure Dial-in ..........................................................................................4-5
Configuring LAN-to-LAN Settings ...................................................................................4-6
Basic Requirements for LAN-to-LAN Connections ..................................................4-6
How to Configure LAN-to-LAN Connections ............................................................4-6
Chapter 5 Protecting Your Network
Protecting Access to Your FR328S Firewall ..................................................................5-1
How to Change the Built-In Password .....................................................................5-1
How to Change the Administrator Login Timeout ....................................................5-2
Configuring Basic Firewall Services ...............................................................................5-2
Blocking Keywords, Sites, and Services ......... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ..5-3
How to Block Keywords and Sites ...........................................................................5-3
Services ................................. ................................................ .........................................5-5
How to Define Services ............................................................................................5-5
Rules ..............................................................................................................................5-6
Inbound Rules (Port Forwarding) .............................. ............................................... 5-7
Inbound Rule Example: A Local Public Web Server ..........................................5-8
Inbound Rule Example: Allowing Videoconference from Restricted Addresses 5-10
vi Contents
M-10207-01, Reference Manual v2
Considerations for Inbound Rules ...................................................................5-10
Outbound Rules (Service Blocking) .......................................................................5-11
Outbound Rule Example: Blocking Instant Messenger ...................................5-11
Order of Precedence for Rules ..............................................................................5-13
Setting Times and Scheduling Firewall Services ................................................ .......... 5-13
How to Set Your Time Zone ...................................................................................5-14
How to Schedule Firewall Services ........................................................................5-15
Chapter 6 Managing Your Network
Network Management Information .................................................................................6-1
Viewing Router Status and Usage Statistics ............................................................6-1
Viewing Attached Devices ........................................................................................6-4
Viewing, Selecting, and Saving Logged Information ................................................6-5
Selecting What Information to Log ....................................................................6-6
Saving Log Files on a Server ............................................................................6-7
Examples of log messages ......................................................................................6-7
Activation and Administration ............................................................................6-7
Dropped Packets ...............................................................................................6-7
Enabling Security Event E-mail Notification ...................................................................6-8
Backing Up, Restoring, or Erasing Your Settings ...........................................................6-9
How to Back Up the Configuration to a File ............................................................. 6-9
How to Restore a Configuration from a File .............................. ............................. 6-10
How to Erase the Configuration .............................................................................6-10
Running Diagnostic Utilities and Rebooting the Router ................................................6-11
Enabling Remote Management ....................................................................................6-12
How to Configure Remote Management ................................................................6-12
Upgrading the Router’s Firmware .................... ......... .......... .......... .......... ......... .......... ...6-13
How to Upgrade the Router ...................... .............................................................6-13
Chapter 7 Advanced Configuration
Configuring Advanced Security ......................................................................................7-1
Setting Up A Default DMZ Server ............................................................................7-1
Respond to Ping on Internet WAN Port ...................................................................7-2
Configuring LAN IP Settings ...........................................................................................7-2
LAN TCP/IP Setup ...................................................................................................7-2
Contents vii
M-10207-01, Reference Manual v2
MTU Size .................................................................................................................7-3
DHCP ................................. .............................................................. ........................7-4
Use router as DHCP server ...............................................................................7-4
Reserved IP addresses .....................................................................................7-5
How to Configure LAN TCP/IP Setup ......................................................................7-5
Configuring Dynamic DNS .......................................................................................7-6
How to Configure Dynamic DNS ..............................................................................7-7
Using Static Routes ........................................................................................................7-8
Static Route Example ...............................................................................................7-8
How to Configure Static Routes ...............................................................................7-9
Chapter 8 Troubleshooting
Basic Functions ..............................................................................................................8-1
Power LED Not On ...................................................................................................8-2
Test LED Never Turns On or Test LED Stays On .....................................................8-2
Local or Internet Port Link LEDs Not On ..................................................................8-2
Troubleshooting the Web Configuration Interface ..........................................................8-3
Troubleshooting the ISP Connection ..............................................................................8-4
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................8-5
Testing the LAN Path to Your Firewall ......................................................................8-5
Testing the Path from Your PC to a Remote Device ................................................8-6
Restoring the Default Configuration and Password ............... .........................................8-7
Using the Default Reset button ................................................................................8-7
Problems with Date and Time .........................................................................................8-8
Appendix A Technical Specifications
Appendix B Networks, Routing, and Firewall Basics
Related Publications ...................................................................................................... B-1
Basic Router Concepts .................................................................................................. B-1
What is a Router? ................................................................................................... B-1
Routing Information Protocol ................................................................................... B-2
IP Addresses and the Internet .. ... .... ... ... ... .... ................................................................. B-2
Netmask .................................... ................................................................ ..............B-4
Subnet Addressing .................................................................................................. B-5
viii Contents
M-10207-01, Reference Manual v2
Private IP Addresses ................................. ... ... ... .......................................... ........... B-7
Single IP Address Operation Using NAT ....................................................................... B-8
MAC Addresses and Address Resolution Protocol ................................................. B-9
Related Documents ................................................................................................. B-9
Domain Name Server ............................................................................................ B-10
IP Configuration by DHCP ...................................................................... ... ... ... ... ......... B-10
Internet Security and Firewalls .................................................................................... B-10
What is a Firewall? .................................................................................................B-11
Stateful Packet Inspection ............................................................... ... ... .... ... ...B-11
Denial of Service Attack ..................................................................................B-11
Ethernet Cabling ................................. ... ... .... ... .......................................... ... ... ... .... ... ...B-11
Category 5 Cable Quality ...................................................................................... B-12
Inside Twisted Pair Cables .................................................................................... B-13
Uplink Switches, Crossover Cables, and MDI/MDIX Switching ............................ B-14
Appendix C Preparing Your Network
Preparing Your Computers for TCP/IP Networking ................................................... ... . C-1
Configuring Windows 95, 98, and ME for TCP/IP Networking ................................C-2
Install or V erify Windows Networking Components .......................................... C-2
Enabling DHCP to Automatically Configure TCP/IP Settings ...........................C-4
Selecting Windows’ Internet Access Method ................ ......................... ........... C-4
Verifying TCP/IP Properties .............................................................................. C-5
Configuring Windows NT, 2000 or XP for IP Networking ........................................ C-5
Install or V erify Windows Networking Components .......................................... C-5
Verifying TCP/IP Properties .............................................................................. C-6
Configuring the Macintosh for TCP/IP Networking .................... .......... ......... .......... . C-6
MacOS 8.6 or 9.x ................ ... ... ... .......................................... ........................... C-6
MacOS X .................................. ... .... ...................................... .... ... ... ... ... .... ... ... . C-7
Verifying TCP/IP Properties for Macintosh Computers .....................................C-8
Verifying the Readiness of Your Internet Account ......................................................... C-9
Are Login Protocols Used? ..................................................................................... C-9
What Is Your Configuration Information? ................................................................C-9
Obtaining ISP Configuration Information for Windows Computers .................C-10
Obtaining ISP Configuration Information for Macintosh Computers ............... C-11
Restarting the Network ................................................................................................ C-12
Contents ix
M-10207-01, Reference Manual v2
Glossary Index
x Contents
M-10207-01, Reference Manual v2
Chapter 1
About This Manual
Thank your for purchasing the NETGEAR™ FR328S ProSafe Firewall with Dial Back-Up. This chapter describes the target audience, versions, conventions, and features of this manual.

Audience, Versions, Conventions

This reference manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic co mputer network, Internet, and firewall technologies tutorial information is provided in the Appendices and on the Netgear website.
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
This manual is written for the FR328S Firewall according to these versions.:
Ta ble 1-1. Product, Firmware Version, Manual Version, and Publication Date
Product FR328S ProSafe Firewall with Dial Back-Up Firmware Version Number Version 1.4 Release 05 Manual Part Number M-10207-01, Reference Manual v2 Manual Publication Date October 2003
Note: Product updates are available on the NETGEAR, Inc. web site at http://
www.netgear.com/support/main.asp. Documentation updates are available on the
NETGEAR, Inc. web site at http://www.netgear.com/docs.
About This Manual 1-1
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

How to Use this Manual

The HTML version of this manual includes a variety of navigation features as well as links to PDF versions of the full manual and individual chapters.
1
2 3
Figure Preface -2: HTML version of this manual
1. Left pane. Use the left pane to view the Contents, Index, Search, and Favorites tabs.
To view the HTML version of the manual, you must have a version 4 or later browser with JavaScript enabled.
2. Toolbar buttons. Use the toolbar buttons across the top to navigate, print pages, and more.
The Show in Contents button locates the current topic in the Contents tab.
Previous/Next buttons display the previous or next topic.
The PDF button links to a PDF version of the full manual.
The Print button prints the current topic. Using this button when a step-by-step procedure is displayed will send the entire procedure to your printer--you do not have to worry about specifying the correct range of pages.
3. Right pane. Use the right pane to view the contents of the manual. Also, each page of the
manual includes a link at the top right which links to a PDF file containing just the currently selected chapter of the manual.
1-2 About This Manual
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

How to Print this Manual

To print this manual you man choose one of the following several options, according to your needs.
Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on
the upper right of the toolbar to print the currently displayed topic. Using this button when a step-by-step procedure is displayed will send the entire procedure to your printer--you do not have to worry about specifying the correct range of pages.
Printing a Chapter. Use the link at the top right of any page.
Click “PDF of This Chapter” link at the top right of any page in the chapter you want to
print. The PDF version of the chapter you were viewing opens in a browser window. Note: Your computer must have the free Adobe Acrobat reader installed in order to view
and print PDF files. The Acrobat reader is available on the Adobe web site at
http://www.adobe.com.
Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper an printer ink by selecting this feature.
Printing the Full Manual. Use the PDF button in the toolbar at the top right of the browser
window. – Click the PDF button on the upper right of the toolbar. The PDF version of the
chapter you were viewing opens in a browser window.
Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper an printer ink by selecting this feature.
About This Manual 1-3
M-10207-01, Reference Manual v2
Chapter 2
Introduction
This chapter describes the features of the NETGEAR FR328S ProSafe Firewall with Dial Back-Up.
The FR328S is a complete security solution that protects your network from att acks and intrusions. Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FR328S uses S t ateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection. The 8-port FR328S with auto fail-over connect ivity through the serial port provides highly reliable Internet access for up to 253 users.

Key Features

The FR328S offers the following key features.
Full routing capabilities on both the broadband and serial ports, enabling Internet access via either the serial or broadband ports.
A powerful true firewall with comprehensive content filtering options.
Extensive protocol support.
Configurable Auto Uplink
Easy installation and management.
Ethernet Connections.
These features are discussed below.

Full Routing on Both the Broadband and Serial Ports

You can install, configure, and operate the FR328S to take full advantage of a variety of routing options on both the serial and broadband WAN ports, including:
Internet access via either the serial or broadband port.
Auto fail-over connectivity through an analog or ISDN modem connected to the serial port If the broadband Internet connection fails, after a waiting for an amount of time you specify, the FR328S can automatically establish a backup ISDN or dial-up Internet connection via the serial port on the firewall.
Introduction 2-1
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
Remote Access Server (RAS) allows you to log in remotely through the serial port to access a server on your LAN, other LAN resources, or the Internet based on a user name and password you define.
LAN-to-LAN access between two FR328S firewalls through the serial port with the option of enabling auto-failover Internet access across the serial LAN-to-LAN connection.

A Powerful, True Firewall with Comprehensive Content Filtering

Unlike simple Internet sharing NAT routers, the FR328S is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:
Denial of Service (DoS) protection Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.
Blocks unwanted traffic from the Internet to your LAN.
Blocks access from your LAN to Internet locations or services that you specify as off-limits.
Logs security incidents The FR328S will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs.
With its content filtering feature, the FR328S prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the firewall to log and report attempts to access objectionable Internet sites.

Protocol Support

The FR328S supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). Appendix B, “Networks, Routing, and Firewall Basics” provides further information on TCP/IP.
The Ability to Enable or Disable IP Address Sharing by NAT The FR328S allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account. This feature can also be turned off completely for using the FR328S in settings where you want to manage the IP address scheme of your organization.
2-2 Introduction
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
Automatic Configuration of Attached PCs by DHCP The FR328S dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.
DNS Proxy When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.
PPP over Ethernet (PPPoE) PPP over Ethernet is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as EnterNet or WinPOET on your PC.
PPTP login support for European ISPs, BigPond login for Telstra DSL in Australia.
Dynamic DNS Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The firewall contains a client that can connect to many popular Dynamic DNS services to register your dynamic IP address.

Configurable Auto Uplink™ Ethernet Connection

With its internal 8-port 10/100 switch, the FR328S can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the local LAN and the Internet W AN interfaces are autosensing and capable of full-duplex or half-duplex operation.
TM
The firewall incorporates Auto Uplink
technology. Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as to a PC or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.

Easy Installation and Management

You can install, configure, and operate the FR328S within minutes after connecting it to the network. The following features simplify installation and management tasks:
Introduction 2-3
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
Browser-based management
Browser-based configuration allows you to easily configure your firewall from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help documentation is built into the browser-based interface.
Remote management
The firewall allows you to log in to the browser-based management interface from a remote location via the Internet using SSL encryption. For security , you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.
Smart Wizard
The firewall automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account.
Diagnostic functions
The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot. These functions allow you to test Intern et connectivity and reboot the firewall. You can use these diagnostic functions directly from the FR328S when your are connected on the LAN or when you are connected over the Internet via the remote management function.
Visual monitoring
The firewall’s front panel LEDs provide an easy way to monitor its status and activity.
Flash EPROM for firmware upgrade

What’s in the Box?

The product package should contain the following items:
FR328S ProSafe Firewall with Dial Back-Up
•AC power adapter
Category 5 (CAT5) Ethernet cable
Resource CD (SW-10045-01), including:
— This manual — Application Notes, Tools, and other helpful information
Warranty and registration card
Support information card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the product for repair.
2-4 Introduction
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

The Firewall’s Front Panel

The front panel of the FR328S (Figure 2-1) contains status LEDs.
Figure 2-1: FR328S Front Panel
You can use some of the LEDs to verify connections. Table 2-1 lists and describes each LED on the front panel of the firewall.
These LEDs are green when lit, except for the TEST LED, which is amber.
Table 2-1: LED Descriptions
Label Activity Description
POWER On Power is supplied to the firewall. TEST On
Off
MODEM On/Blinking The port detected a link with the Internet WAN connection or
INTERNET
100 On/Blinking The Internet port is operating at 100 Mbps. LINK/ACT (Activity) On/Blinking The port detected a link with the Internet WAN connection and is
LOCAL
100 On/Blinking The Local port is operating at 100 Mbps. LINK/ACT
(Link/Activity)
On/Blinking The Local port has detected a link with a LAN connection and is
The system is initializing. The system is ready and running.
Remote Access Server. Blinking indicates data transmission.
operating at 10 Mbps. Blinking indicates data transmission.
operating at 10 Mbps. Blinking indicates data transmission.
Introduction 2-5
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

The Firewall’s Rear Panel

The rear panel of the FR328S (Figure 2-2) contains the connections identified below.
LOC AL
MODEM
87654321
10/100M
INTERN ET
Figure 2-2: FR328S Rear Panel
Viewed from left to right, the rear panel contains the following elements:
DB-9 serial port for modem connection
Factory Default Reset push button
Eight Local Ethernet RJ-45 ports for connecting the firewall to the local computers
Internet WAN Ethernet RJ-45 port for connecting the firewall to a cable or DSL modem
12V DC 1.2A power adapter input
12VDC O.5A
2-6 Introduction
M-10207-01, Reference Manual v2
Chapter 3
Connecting the Firewall to the Internet
This chapter describes how to set up the firewall on your Local Area Network (LAN), connect to the Internet, perform basic configuration of your FR328S ProSafe Firewall with Dial Back-Up using the Setup Wizard, or how to manually configure your Internet connection.

What You Will Need Before You Begin

You need to prepare these three things before you can connect your firewall to the Internet:
1. A computer properly connected to the firewall as explained below.
2. Active Internet service such as that provided by a DSL or Cable modem account.
3. The Internet Service Provider (ISP) configuration information for your DSL or Cable modem
account.

Hardware Requirements

The FR328S Firewall connects to your LAN via twisted-pair Ethernet cables. To use the FR328S Firewall on your network, each computer must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided with your firewall. For more on CAT5 cabling, please see “Ethernet Cabling“ on page B-11.
The broadband modem must provide a standard 10 Mbps 10BASE-T or 100 Mbps 100BASE-T Ethernet interface.
The serial modem must have the standard serial modem interface and cable with a DB-9 connector as illustrated in “FR328S Rear Panel“ on page 2-6.
Connecting the Firewall to the Internet 3-1
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

Configuration Requirements

For the initial connection to the Internet and configuration of your firewall, you will need to connect a computer to the firewall which is set to automatically get its TCP/IP configuration from the firewall via DHCP.
Note: For assistance with DHCP configuration, please refer to the animated Windows TCP/IP Configuration Tutorials on the Resource CD (SW-10045-01) or in Appendix C, "Preparing Yo ur
Network".

Internet Configuration Requirements

Depending on how your ISP set up your Internet account, you will need one or more of these configuration parameters to connect your firewall to the Internet:
Host and Domain Names
ISP Login Name and Password
ISP Domain Name Server (DNS) Addresses
Fixed or Static IP Address
Where Do I Get the Internet Configuration Parameters?
There are several ways you can gather the required Internet connection information.
Your ISP should have provided you with all the information needed to connect to the Internet.
If you cannot locate this information, you can ask your ISP to provide it or you can try one of the options below.
If you have a computer already connected using the active Internet access account, you can
gather the configuration information from that computer.
For Windows 95/98/ME, open the Network control panel, select the TCP/IP entry for the Ethernet adapter, and click Properties.
For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP entry for the Ethernet adapter, and click Properties.
For Macintosh computers, open the TCP/IP or Network control panel.
You may also refer to the FR328S Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs.
Once you locate your Internet configuration parameters, you may want to record them on the page below according to the instructions in “Record Your Internet Connection Information” on
page 3-3.
3-2 Connecting the Firewall to the Internet
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

Record Your Internet Connection Information

Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as
given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs. If you connect using a login name and password, then fill in the following:
Login Name: ________________________
Password: ______________________
Service Name: ________________________ Fixed or Static IP Address: If you have a static IP address, record the following information. For
example, 169.254.141.148 could be a valid IP address. Fixed or Static Internet IP Address: ______
.______.______.______ Subnet Mask: ______.______.______.______ Gateway IP Address: ______.______.______.______
ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following: Primary DNS Server IP Address: ______
.______.______.______
Secondary DNS Server IP Address: ______.______.______.______ Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or
home. If you haven’t been given host or domain names, you can use the following examples as a
guide:
If your main e-mail account with your ISP is
aaa@yyy.com, then use aaa as your host name.
Your ISP might call this your account, user, host, computer, or system name.
If your ISP’s mail server is
mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.
ISP Host Name: __________________
ISP Domain Name: ___________________
For Serial Port Internet Access: If you use a dial-up account, record the following: Account/User Name: ___________________
Password: ____________________
Telephone number: _________________ Alternative number: _________________
Connecting the Firewall to the Internet 3-3
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

Connecting the FR328S Firewall to Your LAN

This section provides instructions for connecting the FR328S ProSafe Firewall with Dial Back-Up to your Local Area Network (LAN).
Note: The Resource CD included with your firewall cont ains an animated Installation Assistant to guide you through this procedure.

How to Connect the Firewall to Your LAN

There are three steps to connecting your firewall:
1. Connect the firewall to your network.
2. Log in to the firewall.
3. Connect to the Internet.
Follow the steps below to connect your firewall to your network. You can also refer to the Resource CD included with your firewall which contains an animated Installation Assistant to help you through this procedure.
1. Connect the Firewall
a. Turn off your computer and Cable or DSL Modem. b. Disconnect the Ethernet cable (A) from your computer which connects to yo ur Cable or
DSL modem.
A
DSL modem
Figure 3-1: Disconnect the Cable or DSL Modem
3-4 Connecting the Firewall to the Internet
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
Connect the Ethernet cable (A) from your Cable or DSL modem to the FR328S’s Internet
c.
port.
LOCAL
MODEM
10/100M
87654321
Figure 3-2: Connect the Cable or DSL Modem to the firewall
d.
Connect the Ethernet cable (B) which came with the firewall from a Local port on the
A
INTERNET
12VDCO.5A
router to your computer.
modem
DSL
DSL
modem
B
LOCAL
MODEM
10/100M
87654321
INTERNET
A
12VDCO.5A
Figure 3-3: Connect the computers on your network to the firewall
Note: The FR328S Firewall incorporates Auto UplinkTM technology . Each LOCAL Ethernet
port will automatically sense whether the cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or hub). That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.
Connecting the Firewall to the Internet 3-5
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
Turn on the Cable or DSL modem and wait about 30 seconds for the lights to stop
e.
blinking.
2. Log in to the Firewall
Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. Please refer to Appendix C, "Preparing Your Network" for instructions on how to do this.
a. Turn on the firewall and wait for the Test light to stop blinking. b. Now, turn on your computer.
Note: If you usually run software to log in to your Internet connection, do not run that software.
Now that the Cable or DSL Modem, firewall, and the computer are turned on, verify the following:
When power on the firewall was first turned on, the PWR light went on, the TEST light turned on within a few seconds, and then went off after approximately 10 seconds.
The firewall’s LOCAL LINK/ACT lights are lit for any computers that are connected to it.
The firewall’s INTERNET LINK light is lit, indicating a link has been established to the cable or DSL modem.
c. Next, use a browser like Internet Explorer or Netscape to log in to the firewall at its default
address of http://192.168.0.1.
Figure 3-4: Log in to the firewall
3-6 Connecting the Firewall to the Internet
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
A login window opens as shown in Figure 3-5 below:
Figure 3-5: Login window
d.
For security reasons, the firewall has its own user name and password. When prompted, enter
admin for the firewall User Name and password for the firewall Password, both in
lower case letters. Note: The user name and password are not the same as any user name or password you
may use to log in to your Internet connection.
3. Connect to the Internet
Figure 3-6: Setup Wizard
a.
You are now connected to the firewall. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu.
Connecting the Firewall to the Internet 3-7
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
Select the NAT option and click Next to follow the steps in the Setup Wizard to input the
b.
configuration parameters from your ISP to connect to the Internet. If you choose not to use NAT, each computer on the LAN connected to the FR328S must have a valid public IP address in the same subnet as the Wan port of the FR328S. For more information on NAT, please see “Single IP Address Operation Using NAT“ on page B-8
If you were unable to connect to the firewall, please refer to Troubleshooting “Basic Functions“ on
page 8-1.

Connecting the FR328S Firewall to the Internet

You are now ready to configure your firewall to connect to the Internet. There are two ways you can configure your firewall to connect to the Internet:
Let the FR328S auto-detect the type of Internet connection you have and configure it.
Manually choose which type of Internet connection you have and configure it. These options are described below. Unless your ISP uses DHCP, you will need the parameters
from your ISP you recorded in “Record Your Internet Connection Information” on page 3-3.

How to Auto-Detect Your Internet Connection Type

The Web Configuration Manager built in to the firewall contains a Setup Wizard that can automatically determine your network connection type.
1. If your firewall has not yet been configured, the Setup Wizard should launch automatically.
3-8 Connecting the Firewall to the Internet
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2
When the Wizard launches, select Yes in the menu below to allow the firewall to automatically determine your connection.
Figure 3-7: Setup Wizard
Note: If you do not see the Setup Wizard, click the Setup Wizard link in the upper left to
bring up this menu.
2. Click Next
The Setup Wizard will now check for the following connection types:
Dynamic IP assignment
A login protocol such as PPPoE
Fixed IP address assignment
Next, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration menu. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your firewall and the cable or DSL modem. When the connection is properly made, the firewall’s Internet LED should be on.
The procedures for filling in the configuration menu for each type of connection follow below.
Connecting the Firewall to the Internet 3-9
M-10207-01, Reference Manual v2
FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2

How to Complete the Wizard-Detected Login Account Setup

If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet (PPPoE), you will be directed to a menu like the PPPoE menu in Figure 3-8:
Figure 3-8: Setup Wizard menu for PPPoE login accounts
1.
Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers. If you leave the Domain Name field blank, the firewall will attempt to learn the domain automatically from the ISP. If this is not successful, you may need to enter it manually.
2. Enter the PPPoE login user name and password provided by your ISP. These fields are case
sensitive. If you wish to change the login timeout, enter a new value in minutes. Note: You will no longer need to launch the ISP’s login program on your PC in order to
access the Internet. When you start an Internet application, your firewall will automatically log you in.
3. Domain Name Server (DNS) Address: If you know that your ISP does not automatically
transmit DNS addresses to the firewall during login, select “Use these DNS servers” and enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also.
Note: If you enter an address here, after you finish configuring the firewall, reboot your PCs so that the settings take effect.
3-10 Connecting the Firewall to the Internet
M-10207-01, Reference Manual v2
Loading...
+ 105 hidden pages