NETGEAR FVG318NA User Manual

ProSafe 802.1 1g Wireless VPN Firewall FVG318 Reference Manual

NETGEAR, Inc.

4500 Great America Parkway Santa Clara, CA 95054 USA

202-10318-01 September 2007

Trademarks

NETGEAR and the NETGEAR logo are registered trademarks and ProSafe is a trademark of NETGEAR, Inc. Microsoft, Windows, and Wi ndows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.

NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Bestätigung des Herstellers/Importeurs

Es wird hiermit bestätigt, daß das ProSafe 802.11g Wireless VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.

Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.

Certificate of the Manufacturer/Importer

It is hereby certified that the ProSafe 802.11g Wireless VPN Firewall has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.

Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.

Regulatory Compliance Information

This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.

NOTE: This product's firmware limits operation to only the channels allowed in a particular Region or Country.

Therefore, all options described in this user's guide may not be available in your version of the product.

Europe – EU Declaration of Conformity

Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards:

EN300 328, EN301 489-17, EN60950

v1.0, September 2007

Europe – Declaration of Conformity in Languages of the European Community

Cesky [Czech] NETGEAR Inc. tímto prohlašuje, že tento Radiolan je ve shode se základními

požadavky a dalšími príslušnými ustanoveními smernice 1999/5/ES..

Dansk [Danish]

Deutsch [German]

Eesti [Estonian]

English Hereby, NETGEAR Inc., declares that this Radiolan is in compliance with the essential

Español [Spanish]

Ελληνική [Greek]

Français [French]

Italiano [Italian] Con la presente NETGEAR Inc. dichiara che questo Radiolan è conforme ai requisiti

Latviski [Latvian]

Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.

Hiermit erklärt NETGEAR Inc., dass sich das Gerät Radiolan in Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägig en Bestimmungen der Richtlinie 1999/5/EG befindet.

Käesolevaga kinnitab NETGEAR Inc. seadme Radiolan vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.

requirements and other relevant provisions of Directive 1999/5/EC. Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los

requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE.

ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ NETGEAR Inc. ΔΗΛΩΝΕΙ ΟΤΙ Radiolan ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.

Par la présente NETGEAR Inc. déclare que l'appareil Radiolan est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.

essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE. Ar šo NETGEAR Inc. deklarē, ka Radiolan atbilst Direktīvas 1999/5/EK būtiskaj

prasībām un citiem ar to saistītajiem noteikumiem.

ām

Lietuvių [Lithuanian]

Nederlands [Dutch]

Malti [Maltese] Hawnhekk, NETGEAR Inc., jiddikjara li dan Radiolan jikkonforma mal-htigijiet

Magyar [Hungarian]

Polski [Polish] Niniejszym NETGEAR Inc. oświadcza, że Radiolan jest zgodny z zasadniczymi

Šiuo NETGEAR Inc. deklaruoja, kad šis Radiolan atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.

Hierbij verklaart NETGEAR Inc. dat het toestel Radiolan in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.

essenzjali u ma provvedimenti ohrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Alulírott, NETGEAR Inc. nyilatkozom, hogy a Radiolan megfelel a vonatkozó alapvetõ

követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.

wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.

v1.0, September 2007

iii

Português [Portuguese]

NETGEAR Inc. declara que este Radiolan está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE.

Slovensko [Slovenian]

Slovensky [Slovak]

Suomi [Finnish]

Svenska [Swedish]

Íslenska [Icelandic]

Norsk [Norwegian]

NETGEAR Inc. izjavlja, da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES.

NETGEAR Inc. týmto vyhlasuje, _e Radiolan spĺňa základné po_iadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.

NETGEAR Inc. vakuuttaa täten että Radiolan tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.

Härmed intygar NETGEAR Inc. att denna Radiolan står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.

Hér með lýsir NETGEAR Inc. yfir því að Radiolan er í samræmi við grunnkröfur og aðrar kröfur, sem gerðar eru í tilskipun 1999/5/EC.

NETGEAR Inc. erklærer herved at utstyret Radiolan er i samsvar med de grunnleggende krav og øvrige relevante krav i direktiv 1999/5/EF.

FCC Requirements for Operation in the United States

FCC Information to User

This product does not contain any user serviceable components and is to be used with approved antenn as only. Any product changes or modifications will invalidate all applicable regulatory certifications and approvals

FCC Guidelines for Human Exposure

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body.

This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

FCC Declaration Of Conformity

We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that the model FVG318 ProSafe 802.11g Wireless VPN Firewall complies with Part 15 of FCC Rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference, and

• This device must accept any interference received, including interference that may cause undesired operation.

FCC Radio Frequency Interference Warnings & Instructions

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide rea sonable protection against harmful interference in a residential installation. This equipment uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that

v1.0, September 2007

interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following methods:

• Reorient or relocate the receiving antenna

• Increase the separation between the equipment and the receiver

• Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected

• Consult the dealer or an experienced radio/TV technician for help.

ProSafe 802.11g Wireless VPN Firewall

Tested to Comply with FCC Standards

Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment.

Voluntary Contr ol Council for Interference (VCCI) Statement

This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.

When used near a radio or TV receiver , it may become the cause of radio interference. Read instructions for correct handling.

FOR HOME OR OFFICE USE

Canadian Department of Communications Radio Interference Regulations

This digital apparatus (ProSafe 802.11g Wireless VPN Firewall) does not exceed the Class B limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.

v1.0, September 2007

Product and Publication Details

Model Number: FVG318 Publication Date: September 2007 Product Family: Wireless Router Product Name: ProSafe 802.11g Wireless VPN Firewall Home or Business Product: Business Language: English Publication Part Number: 202-10318-01 Publication Version Number: 1.0

v1.0, September 2007

About This Manual

Conventions, Formats, and Scope ..................................................................................xiii

How to Use This Manual .................................................................................................xiv

How to Print this Manual ..................................................................................................xiv

Revision History ..................... ... ... .... ... ... ... .......................................... .............................xv

Chapter 1 Introduction

Key Features of the VPN Firewall Router .......................................................................1-1

802.11g and 802.11b Wireless Networking ..............................................................1-2

Wireless Multimedia (WMM) Support .......................................................................1-2

A Powerful, True Firewall with Content Filtering ......................................................1-2

Security ....................................................................................................................1-3

Autosensing Ethernet Connections with Auto Uplink ...............................................1-3

Extensive Protocol Support ......................................................................................1-3

Easy Installation and Management ..........................................................................1-4

Maintenance and Support .................. .... ... ... ... .......................................... ... .... ... ... ..1-5

Package Contents ..........................................................................................................1-5

The FVG318 Front Panel .........................................................................................1-5

The FVG318 Rear Panel ..........................................................................................1-6

Chapter 2 Connecting the Firewall to the Internet

Installing Your FVG318 ...................................................................................................2-1

Configuring the FVG318 for Internet Access with Auto Detect .......................................2-4

Manually Configuring your Internet Connection .............................................................2-7

Configuring Dynamic DNS (If Needed) ...........................................................................2-9

Configuring Your Time Zone .........................................................................................2-11

Troubleshooting Tips ....................................................................................................2-12

v1.0, September 2007

vii

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Chapter 3 Configuring Wireless Connectivity

Observing Performance, Placement, and Range Guidelines .........................................3-1

Implementing Appropriate Wireless Security ..................................................................3-2

Understanding Wireless Settings ...................................................................................3-3

Security Check List for SSID and WEP Settings .............................. ...... ...... ....... .....3-7

Setting Up and Testing Basic Wireless Connectivity . ................................... ............ 3-8

Restricting Wireless Access by MAC Address .........................................................3-9

Configuring WEP Security Settings .............................. ... .... ... ... ... .... ... ... ... ... ..........3-10

Configuring WPA with RADIUS ..............................................................................3-12

Configuring WPA2 with RADIUS ............................................................................3-14

Configuring WPA and WPA2 with RADIUS ............................................................3-15

Configuring WPA-PSK ...........................................................................................3-17

Configuring WPA2-PSK .........................................................................................3-18

Configuring WPA-PSK and WPA2-PSK .................................................................3-20

Chapter 4 Firewall Protection and Content Filtering

Firewall Protection and Content Filtering Overview ............ ... .... ... ... ... .... ... ... ... ...............4-1

Block Sites ......................................................................................................................4-1

Using Rules to Block or Allow Specific Kinds of Traffic ..................................................4-4

Inbound Rules (Port Forwarding) .............................. ............................................... 4-6

Outbound Rules (Service Blocking) .........................................................................4-8

Order of Precedence for Rules ................................................................................4-9

Default DMZ Server ...............................................................................................4-10

Attack Checks .............. ... ... ... .... ... ... ... ....................................... ... .... ... ... ... ... ..........4-11

Services ................................. ................................................ .......................................4-12

Using a Schedule to Block or Allow Specific Traffic ......................................................4-13

Getting E-Mail Notifications of Firewall Logs ................................................................4-14

Chapter 5 Basic Virtual Private Networking

Overview of VPN Configuration ......................................................................................5-2

Client-to-Gateway VPN Tunnels ..............................................................................5-2

Gateway-to-Gateway VPN Tunnels .........................................................................5-2

Planning a VPN ..............................................................................................................5-3

VPN Tunnel Configuration .................................. ... .......................................... ... .... ... ... ..5-4

viii Contents

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Setting Up a Client-to-Gateway VPN Configuration .......................................................5-5

Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVG318 .................5-5

Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ...........5-7

Monitoring the Progress and Status of the VPN Client Connection . ... ... ... ... .... ... ...5-15

Transferring a Security Policy to Another Client .......................... .... ... ... ... ... .... ... ...5-17

Setting Up a Gateway-to-Gateway VPN Configuration ................................................5-19

Activating a VPN Tunnel ...............................................................................................5-23

Verifying the Status of a VPN Tunnel .....................................................................5-25

Deactivating a VPN Tunnel ....... ... ... ... .... ................................................................5-26

Deleting a VPN Tunnel ...........................................................................................5-27

Chapter 6 Advanced Virtual Private Networking

Using IKE and VPN Policies to Manage VPN Traffic ......................................................6-1

Using Automatic Key Management ..................................... ................................... .. 6-2

IKE Policy Automatic Key and Authentication Management ............... ..................... 6-2

VPN Policy Configuration for Auto Key and Manual Negotiation .............................6-3

Using Digital Certificates for IKE Auto-Policy Authentication .........................................6-7

Certificate Revocation List (CRL) .............................................................................6-7

VPN Configuration Scenarios on the FVG318 ............................. ... ... .... ... ... ... ... .... ... ... ..6-8

VPN Consortium Scenario 1:

Gateway-to-Gateway with Preshared Secrets .........................................................6-9

VPN Consortium Scenario 2: FVG318 Gateway to Gateway with Digital Certificates 6-15

Chapter 7 Maintenance

Viewing VPN Firewall Router Status Information ................................ .... ........................7-1

Upgrading the Firewall Software ....................................................................................7-4

Backing Up and Restoring Settings ................................................................................7-5

Changing the Administrator Password ...........................................................................7-6

Chapter 8 Advanced Configuration

Configuring Dynamic DNS ..............................................................................................8-1

Using the LAN IP Setup Options ....................................................................................8-2

Configuring LAN TCP/IP Setup Parameters ............................................................8-2

Using the Firewall as a DHCP server .......................................................................8-3

Using Address Reservation ......................................................................................8-4

Contents ix

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Configuring Static Routes ...............................................................................................8-5

Configuring RIP ........................................................................................................8-6

Static Route Example ...............................................................................................8-7

Enabling Remote Management Access .........................................................................8-8

SNMP Administration ...................................................................................................8-10

Enabling Universal Plug and Play (UPnP) ....................................................................8-12

Chapter 9 Troubleshooting

Basic Functioning ...........................................................................................................9-1

Power LED Not On ...................................................................................................9-1

LEDs Never Turn Off ................................................................................................9-2

LAN or Internet Port LEDs Not On ......... ... ... ... ... .... ... ... .......................................... ..9-2

Troubleshooting the Web Configuration Interface ..........................................................9-2

Troubleshooting the ISP Connection ..............................................................................9-3

Troubleshooting a TCP/IP Network Using a Ping Utility .................................................9-5

Testing the LAN Path to Your Firewall ......................................................................9-5

Testing the Path from Your PC to a Remote Device ................................................9-6

Restoring the Default Configuration and Password ............... .........................................9-6

Problems with Date and Time .........................................................................................9-7

Appendix A Default Settings and Technical Specifications

Default Settings ............................................................................................................. A-1

Technical Specifications ................................................................................................. A-3

Appendix B Related Documents

Appendix C VPN Configuration of NETGEAR FVG318

Case Study Overview .................................................................................................... C-1

Gathering the Network Information ......................................................................... C-1

Configuring the Gateways .......................................................................................C-2

Activating the VPN Tunnel ......................................................................................C-3

The FVG318-to-FVG318 Case ......................................................................................C-3

Configuring the VPN Tunnel .................................. ... ... ... .... ... ... ... .... ....................... C-4

Viewing and Editing the VPN Parameters ............................................................... C-5

Initiating and Checking the VPN Connections ........................................................ C-6

x Contents

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

The FVG318-to-FVS318v2 Case .................................................................................. C-7

Configuring the VPN Tunnel .................................. ... ... ... .... ... ... ... .... ....................... C-7

Viewing and Editing the VPN Parameters ............................................................... C-8

Initiating and Checking the VPN Connections ........................................................ C-9

The FVG318-to-FVL328 Case ..................................................................................... C-10

Configuring the VPN Tunnel .................................. ... ... ... .... ... ... ... .... .....................C-10

Viewing and Editing the VPN Parameters ............................................................. C-11

Initiating and Checking the VPN Connections ...................................................... C-12

The FVG318-to-VPN Client Case ................................................................................ C-13

Client-to-Gateway VPN Tunnel Overview ............................................................. C-13

Configuring the VPN Tunnel .................................. ... ... ... .... ... ... ... .... .....................C-14

Initiating and Checking the VPN Connections ...................................................... C-18

Contents xi

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

xii Contents

v1.0, September 2007

About This Manual

The NETGEAR® Pr oSafe™ 802.11g Wir eless VPN Fir ewall FVG318 Refer ence Manual describes how to install, configure and troubleshoot the ProSafe 802.11g Wireless VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills.

Conventions, Formats, and Scope

The conventions, formats, and scope of this manual are described in the following paragraphs:

• Typographical Conventions. This manual uses the following typographical conventions:

Italic Emphasis, books, CDs, file and server names, extensions

Bold User input, IP addresses, GUI screen text

Fixed Command prompt, CLI text, code

italic URL links

• Formats. This manual uses the following formats to highlight special messages:

Note: This format is used to highlight information of importance or special interest.

Tip: This format is used to highlight a procedure that will save time or resources.

Warning: Ignoring this type of note may result in a malfunction or damage to the

equipment.

v1.0, September 2007

xiii

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Danger: This is a safety warning. Failure to take heed of this notice may result in

personal injury or death.

• Scope. This manual is written for the VPN firewall according to these specifications:

Product Version ProSafe 802.11g Wireless VPN Firewall Manual Publication Date September 2007

For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents.

Note: Product updates are available on the NETGEAR, Inc. website at

http://kbserver.netgear.com/products/FVG318.asp.

How to Use This Manual

The HTML version of this manual includes the following:

• Buttons, and , for browsing forwards or backwards through the manual one page at a time

•A button that displays the table of contents and an button. Double-click on a link in the table of contents or index to navigate directly to where the topic is described in the manual.

•A button to access the full NETGEAR, Inc. online knowledge base for the product model.

• Links to PDF versions of the full manual and individual chapters.

How to Print this Manual

To print this manual, you can choose one of the following options, according to your needs.

• Printing a Page from HTML. Each page in the HTML version of the manual is dedicated to a major topic. Select File > Print from the browser menu to print the page contents.

xiv About This Manual

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

• Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at

http://www.adobe.com.

– Printing a PDF Chapter. Use the PDF of This Chapter link at the top left of any page.

• Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window.

• Click the print icon in the upper left of your browser window.

– Printing a PDF version of the Complete Manual. Use the Complete PDF Manual link

at the top left of any page.

• Click the Complete PDF Manual link at the top left of any page in the manual. The PDF version of the complete manual opens in a browser window.

• Click the print icon in the upper left of your browser window.

Tip: If your printer supports printing two pages on a single sheet of paper, you can

save paper and printer ink by selecting this feature.

Revision History

Part Number

202-10318-01 1.0 August 2007 Product update: New firmware and new user Interface

About This Manual xv

Version Number

Date Description

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

xvi About This Manual

v1.0, September 2007

Chapter 1

Introduction

This chapter describes the features of the NETGEAR® ProSafe 802.11g Wireless VPN Firewall, Model FVG318.

Key Features of the VPN Firewall Router

The ProSafe 802.11g Wi reless VPN Firewall with eight-port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem and provides 802.11b/g wireless LAN connectivity.

The FVG318 is a complete security solution that protects your network from attacks and intrusions. Unlike simple Internet sharing firewalls that rely on Network Address Translation (NAT) for security, the FVG318 uses stateful packet inspection for Denial of Service attack (DoS) protection and intrusion detection. The FVG318 allows Internet access for up to 253 users. The VPN firewall provides you with multiple Web content filtering options, plus browsing activity reporting and instant alerts—both via e-mail. Parents and network administrators can establish restricted access policies based on time-of-day, Web site addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal computers. In addition to NAT, the built-in firewall protects you from hackers.

With minimum setup, you can install and use the firewall within minutes. The VPN firewall provides the following features:

• 802.11g and 802.11b standards-based wireless networking.

• Wirel ess Multimedia (WMM) support.

• Easy, Web-based setup for installation and management.

• Front panel LEDs for easy monitoring of status and activity.

• Content filtering and site blocking security.

• Built-in eight-port 10/100 Mbps switch.

• Ethernet connection to a WAN device, such as a cable modem or DSL modem.

• Extensive protocol support.

• Flash memory for firmware upgrade.

v1.0, September 2007

1-1

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

802.11g and 802.11b Wireless Networking

The VPN firewall includes an 802.11g-compliant wireless access point. The access point provides:

• 802.11b standards-based wireless networking at up to 11 Mbps.

• 802.11g wireless networking at up to 54 Mbps, which conforms to the 802.11g standard.

• WPA and WPA2 enterprise class strong security with RADIUS and certificate authentication as well as dynamic encryption key generation.

• WPA-PSK and WPA2-PSK pre-shared key authentication without the overhead of RADIUS servers but with all of the strong security of WPA and WPA2.

• 64-bit and 128-bit WEP encryption security.

• WEP keys can be generated manually or by passphrase.

• Wireless access can be restricted by MAC Address.

• Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect.

Wireless Multimedia (WMM) Support

WMM is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of priorities, depending on the kind of data. Time-dependent information such as video or audio will have a higher priority than normal traffic. For WMM to function correctly, wireless clients must also support WMM.

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT firewalls, the FVG318 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:

• DoS protection. Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND

Attack, and IP Spoofing.

• Blocks unwanted traffic from the Internet to your LAN.

• Blocks access from your LAN to Internet locations or services that you specify as off-limits.

• Logs security incidents.

1-2 Introduction

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

The FVG318 logs security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your e-mail address or email pager whenever a significant event occurs.

• With its content filtering feature, the FVG318 prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the firewall to log and report attempts to access objectionable Internet sites.

Security

The VPN firewall is equipped with several features designed to maintain security, as described in this section.

• PCs Hidden by NAT. NAT opens a temporary path to the Internet for requests originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN.

• Port Forwarding with NAT. Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request, or to one designated DNS host computer. You can specify forwarding of single ports or ranges of ports.

Autosensing Ethernet Connections with Auto Uplink

With its internal eight-port 10/100 switch, the FVG318 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.

The firewall incorporates Auto Uplink whether the Ethernet cable plugged into the port should have a normal connection such as to a PC or an uplink connection such as to a switch or hub. That port then configures itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.

technology. Each Ethernet port automatically senses

Extensive Protocol Support

The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol

“Related Documents.”

Introduction 1-3

(RIP). For further information about TCP/IP, refer to Appendix B,

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

• IP Address Sharing by NAT. The VPN firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account.

• Automatic Configuration of Attached PCs by DHCP. The VPN firewall dynamically assigns network configuration information, including IP,

gateway, and Domain Name Server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.

• DNS Proxy. When DHCP is enabled and no DNS addresses are specified, the firewall

provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.

• Point-to-Point Protocol over Ethernet (PPPoE). PPPoE is a protocol for connecting remote

hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as Entersys or WinPOET on your PC.

Easy Installation and Management

You can install, configure, and operate the ProSafe 802.11g W ireless VPN Firewall within minutes after connecting it to the network. The following features simplify installation and management tasks:

• Browser-based management. Browser-based configuration allows you to easily configure

your firewall from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help documentation is built into the browser-based Web Management Interface.

• Smart Wizard. The VPN firewall automatically senses the type of Internet connection, asking

you only for the information required for your type of ISP account.

• Diagnostic functions. The firewall incorporates built-in diagnostic functions such as Ping,

DNS lookup, and remote reboot.

• Remote management. The firewall allows you to login to the Web Management Interface

from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.

• Visual monitoring. The VPN firewall’s front panel LEDs provide an easy way to monitor its

status and activity.

1-4 Introduction

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the VPN firewall:

• Flash memory for firmware upgrade.

• Free technical support seven days a week, 24 hours a day.

Note: The FVS318v3 firmware is not backward compatible with earlier versions of the

FVS318 firewall.

Package Contents

The product package should contain the following items:

• ProSafe 802.11g Wireless VPN Firewall.

•AC power adapter.

• Category 5 (Cat 5) Ethernet cable.

• Installation Guide.

• Resource CD, including: – This guide. – Application Notes and other helpful information.

• Registration and Warranty Card.

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair.

The FVG318 Front Panel

The front panel of the VPN firewall contains the status LEDs described below.

Figure 1-1

Introduction 1-5

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

You can use some of the LEDs to verify connections. Viewed from left to right, Table 1-1 describes the LEDs on the front panel of the firewall. These LEDs are green when lit.

Table 1-1. LED Descriptions

LED Label Activity Description

PWR On Power is supplied to the firewall. TEST On

Off

INTERNET

100 (100 Mbps) On

Off

LINK/ACT (Link/Activity)

LOCAL

100 (100 Mbps) On

LINK/ACT (Link/Activity)

WLAN On

On Blinking

Off On

Blinking

Off

The system is initializing. The system is ready and running.

The Internet (WAN) port is operating at 100 Mbps. The Internet (WAN) port is operating at 10 Mbps.

The Internet port has detected a link with an attached device. Data is being transmitted or received by the Internet port.

The Local port is operating at 100 Mbps. The Local port is operating at 10 Mbps.

The Local port has detected a link with an attached device. Data is being transmitted or received by the Local port.

The wireless interface is on. The wireless interface is off.

The FVG318 Rear Panel

The rear panel of the VPN firewall contains the port connections listed below.

Antenna

FACTORY Reset Button

LOCAL

Ports

Port

Figure 1-2

1-6 Introduction

v1.0, September 2007

PowerINTERNET

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Viewed from left to right, the rear panel contains the following features:

• Detachable wireless antenna

• Factory default reset push button

• Eight Ethernet LAN ports

• Internet Ethernet WAN port for connecting the firewall to a cable or DSL modem

• DC power input

Introduction 1-7

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

1-8 Introduction

v1.0, September 2007

Chapter 2

Connecting the Firewall to the Internet

This chapter describes how to set up the firewall on your LAN, connect to the Internet, perform basic configuration of your ProSafe 802.11g Wireless VPN Firewall using the Setup Wizard, or how to manually configure your Internet connection.

Follow these instructions to set up your firewall.

Installing Your FVG318

• For Cable Modem Service: When you set up the VPN firewall router, be sure to use the computer you first registered with your cable modem service provider.

• For DSL Service: You may need information such as the DSL login name and password in order to complete the VPN firewall router setup.

To connec t the FVG318:

1. Connect the VPN firewall router to your computer and modem a. Turn off and unplug your cable or DSL modem. b. Turn off your computer c. At the computer end only, disconnect the Ethernet cable (point A in the illustration) that

connects your computer to the cable or DSL modem.

Connecting the Firewall to the Internet 2-1

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Figure 2-1

d. Securely insert the Ethernet cable from your modem into the FVG318 Internet port (point

B in the illustration).

Figure 2-2

e. Securely insert one end of the NETGEAR cable that came with your FVG318 into a Local

port on the router such as port 4 (point C in the illustration), and the other end into the Ethernet port of your computer (point D in the illustration).

2-2 Connecting the Firewall to the Internet

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Figure 2-3

2. Restart your network in the correct sequence

Warning: Failure to restart your network in the correct sequence could prevent you

from connecting to the Internet.

a. First, plug in and turn on the cable or DSL modem.Wait about 2 minutes. b. Now, plug in the power cord to your FVG318 and wait about 30 seconds. c. Last, turn on your computer.

Note: For DSL customers, if ISP-provided software logs you in to the Internet,

do not run that software. You may need to go to the Internet Explorer® Tools menu, Internet Options, Connections tab page where you can select the “Never dial a connection” radio button and click Apply.

d. Check the status lights and verify the following:

Power

Figure 2-4

Connecting the Firewall to the Internet 2-3

Test

Internet Port

Local Ports (8)

Wireless

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

• Power: The power light should be lit. If after 2 minutes the power light turns solid amber,

see the Troubleshooting Tips in this guide.

• Test: The test light blinks when the FVG318 is first turned on. If after 2 minutes it is still

on, see the Troubleshooting Tips in this guide.

• Internet: The Internet light on the FVG318 should be lit. If not, make sure the Ethernet

cable is securely attached to the VPN firewall router Internet port and the powered on modem.

• Wireless: The WLAN light should be lit. If the Wireless light is not lit, see the

Troubleshooting Tips in this guide.

• LOCAL: A LOCAL light should be lit.

Configuring the FVG318 for Internet Access with Auto Detect

To connec t to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP, which is usually the case for most computers. However, if you need instructions on how to configure your TCP/IP settings to obtain an IP address automatically, see “Internet Networking and TCP/IP Processing” at Appendix B, “Related Documents.

Before you begin, be sure you have the configuration parameters from your ISP hand y. To log in the router:

1. 0pen a browser such as Internet Explorer, Netscape Navigator or Firefox and enter the default IP address of the router in the browser address field: http://192.168.0.1.

http://192.168.0.1

Figure 2-5

2-4 Connecting the Firewall to the Internet

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

2. When prompted, enter admin for the firewall User Name and password for the firewall Password. Both fields are case-sensitive. (For security reasons, the firewall has its own User Name and Password.)

Figure 2-6

3. Click Login. You will be connected to the firewall Router Status screen which will give you status of your router configuration and current firmware version.

Figure 2-7

Connecting the Firewall to the Internet 2-5

v1.0, September 2007

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4. Select Network Configuration. The WAN ISP Settings screen will display. Click Auto Detect at the bottom of the WAN ISP Settings screen. The router will automatically attempt to detect your connection type. A message will display indicating if the service connection was detected.

Figure 2-8

If you know your ISP connection type or if want to bypass the auto configuration, you can manually configure the router settings on the WAN ISP screen. See the

“Manually

Configuring your Internet Connection” on page 2-7 to connect your router manually.

5. Click Test to verify that the Internet connection is active.

Note: You might want to enable remote management at this time so that you can log

in remotely in the future to manage the gateway. See

“Enabling Remote Management Access” on page 8-8 for more information. Remote management

enable is cleared with a factory default reset.

2-6 Connecting the Firewall to the Internet

v1.0, September 2007

+ 146 hidden pages