Chapter 2
Introduction
This chapter describes the features of the NETGEAR ProSafe Wireless 802.11g VPN Firewall
Model FVG318.
Key Features of the Wireless VPN Firewall
The ProSafe Wireless 802.1 1g VPN Firewall Model F VG318 with eight-port switch connects your
local area network (LAN) to the Internet through an external access device such as a cable modem
or DSL modem and provides 802.11b/g wireless LAN connectivity.
The FVG318 is a complete security solution that protects your network from attacks and
intrusions. Unlike simple Internet sharing firewalls that rely on Network Address Translation
(NAT) for security, the FVG318 uses stateful packet inspection for Denial of Service attack (DoS)
protection and intrusion detection. The FVG318 allows Internet access for up to 253 users. The
FVG318 wireless VPN firewall provides you with multiple Web content filtering options, plus
browsing activity reporting and instant alerts — both via e-mail. Parents and network
administrators can establish restricted access policies based on time-of-day, Web site addresses
and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal
computers. In addition to NAT, the built-in firewall protects you from hackers.
With minimum setup, you can install and use the firewall within minutes.
The FVG318 wireless VPN firewall provides the following features:
• 802.11g and 802.11b standards-based wireless networking.
• Wireless Multimedia (WMM) support.
• Easy, Web-based setup for installation and management.
• Front panel LEDs for easy monitoring of status and activity.
• Content filtering and site blocking security.
• Built-in eight-port 10/100 Mbps switch.
• Ethernet connection to a WAN device, such as a cable modem or DSL modem.
• Extensive protocol support.
• Flash memory for firmware upgrade.
Introduction 2-1
v1.0, October 2005
Reference Manual for the ProSafe Wireless 802.11g VPN Firewall Model FVG318
802.11g and 802.11b Wireless Networking
The FVG318 wireless VPN firewall includes an 802.11g-compliant wireless access point. The
access point provides:
• 802.11b standards-based wireless networking at up to 11 Mbps.
• 802.11g wireless networking at up to 54 Mbps, which conforms to the 802.11g standard.
• WPA and WPA2 enterprise class strong security with RADIUS and certificate authentication
as well as dynamic encryption key generation.
• WPA-PSK and WPA2-PSK pre-shared key authentication without the overhead of RADIUS
servers but with all of the strong security of WPA and WPA2.
• 64-bit and 128-bit WEP encryption security.
• WEP keys can be generated manually or by passphrase.
• Wireless access can be restricted by MAC Address.
• Wireless network name broadcast can be turned off so that only devices that have the network
name (SSID) can connect.
Wireless Multimedia (WMM) Support
WMM is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of
priorities, depending on the kind of data. Time-dependent information such as video or audio will
have a higher priority than normal traffic. For WMM to function correctly, wireless clients must
also support WMM.
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT firewalls, the FVG318 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
• DoS protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs security incidents.
2-2 Introduction
v1.0, October 2005
Reference Manual for the ProSafe Wireless 802.11g VPN Firewall Model FVG318
The FVG318 logs security events such as blocked incoming traffic, port scans, attacks, and
administrator logins. You can configure the firewall to email the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your e-mail
address or email pager whenever a significant event occurs.
• With its content filtering feature, the FVG318 prevents objectionable content from reaching
your PCs. The firewall allows you to control access to Internet content by screening for
keywords within Web addresses. You can configure the firewall to log and report attempts to
access objectionable Internet sites.
Security
The FVG318 wireless VPN firewall is equipped with several features designed to maintain
security, as described in this section.
• PCs Hidden by NAT
NAT opens a temporary path to the Internet for requests originating from the local network.
Requests originating from outside the LAN are discarded, preventing users outside the LAN
from finding and directly accessing the PCs on the LAN.
• Port Forwarding with NAT
Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the
firewall allows you to direct incoming traffic to specific PCs based on the service port number
of the incoming request, or to one designated “DNS” host computer. You can specify
forwarding of single ports or ranges of ports.
Autosensing Ethernet Connections with Auto Uplink
With its internal eight-port 10/100 switch, the FVG318 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are
autosensing and capable of full-duplex or half-duplex operation.
The firewall incorporates Auto Uplink
whether the Ethernet cable plugged into the port should have a normal connection such as to a PC
or an uplink connection such as to a switch or hub. That port then configures itself to the correct
configuration. This feature also eliminates the need to worry about crossover cables, as Auto
Uplink will accommodate either type of cable to make the right connection.
TM
technology. Each Ethernet port automatically senses
Extensive Protocol Support
The FVG318 wireless VPN firewall supports the Transmission Control Protocol/Internet Protocol
(TCP/IP) and Routing Information Protocol
“Internet Networking and TCP/IP Addressing:” in Appendix A.”
Introduction 2-3
(RIP). For further information about TCP/IP, refer to
v1.0, October 2005