NETGEAR FVL328 User guide

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

NETGEAR, Inc.

4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR

SM-FVL328NA-0 November 2002

Trademarks

NETGEAR and Auto Uplink are trademarks or registered trademarks of Netgear, Inc.

Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.

Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this document are copyright Intoto, Inc.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.

NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. There is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

EN 55 022 Declaration of Conformance

This is to certify that the FVL328 Prosafe High Speed VPN Firewall is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).

Certificate of the Manufacturer/Importer

It is hereby certified that the FVL328 Prosafe High Speed VPN Firewall has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.

The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and

has been granted the right to test the series for compliance with the regulations.

Bestätigung des Herstellers/Importeurs

Es wird hiermit bestätigt, daß dasFVL328 Prosafe High Speed VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.

Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.

Voluntary Control Council for Interference (VCCI) Statement

This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto), and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines, aimed at preventing radio interference in such residential areas.

When used near a radio or TV receiver, it may become the cause of radio interference.

Read instructions for correct handling.

Technical Support

Refer to the Support Information Card that shipped with your FVL328 Prosafe High Speed VPN Firewall.

World Wide Web

NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.

iii

Preface About This Manual

Chapter 1 Introduction

About the FVL328 ...........................................................................................................1-1

Key Features ..................................................................................................................1-1

A Powerful, True Firewall .........................................................................................1-1

Virtual Private Networking ........................................................................................1-2

Content Filtering .......................................................................................................1-2

Configurable Auto Uplink™ Ethernet Connection ....................................................1-2

Protocol Support ...................................................................................................... 1-3

Easy Installation and Management ..........................................................................1-3

What’s in the Box? ..........................................................................................................1-5

The Firewall’s Front Panel .................................................................................1-5

The Firewall’s Rear Panel ..................................................................................1-6

Chapter 2 Connecting the Firewall to the Internet

What You Will Need Before You Begin ...........................................................................2-1

LAN Hardware Requirements ..................................................................................2-1

Computer Requirements .................................................................................... 2-1

Cable or DSL Modem Requirement ..................................................................2-1

LAN Configuration Requirements ............................................................................2-2

Internet Configuration Requirements ....................................................................... 2-2

Where Do I Get the Internet Configuration Parameters? ..................................2-2

Connecting the FVL328 Firewall to Your LAN ................................................................2-4

Connecting the FVL328 Firewall to the Internet .............................................................2-8

Testing Your Internet Connection ..................................................................................2-14

Manually Configuring Your Internet Connection ........................................................... 2-15

Contents v

Chapter 3 Protecting Your Network

Protecting Access to Your FVL328 Firewall .................................................................... 3-1

Configuring Basic Firewall Services ...............................................................................3-3

Blocking Keywords, Sites, and Services ..................................................................3-3

Rules ..............................................................................................................................3-5

Inbound Rules (Port Forwarding) .............................................................................3-7

Inbound Rule Example: A Local Public Web Server ..........................................3-7

Inbound Rule Example: Allowing Videoconferencing from Restricted Addresses 3-9

Considerations for Inbound Rules .....................................................................3-9

Outbound Rules (Service Blocking) ....................................................................... 3-10

Outbound Rule Example: Blocking Instant Messenger ...................................3-10

Order of Precedence for Rules ..............................................................................3-12

Services ........................................................................................................................3-13

Setting Times and Scheduling Firewall Services ..........................................................3-14

Chapter 4 Virtual Private Networking

Overview of FVL328 Policy-Based VPN Configuration ..................................................4-1

Using Policies to Manage VPN Traffic .....................................................................4-2

Using Automatic Key Management .......................................................................... 4-2

IKE Policies’ Automatic Key and Authentication Management ................................4-3

VPN Policy Configuration for Auto Key Negotiation .................................................4-6

VPN Policy Configuration for Manual Key Exchange ...............................................4-9

Using Digital Certificates for IKE Auto-Policy Authentication .......................................4-13

Certificate Revocation List (CRL) ...........................................................................4-13

Walk-Through of Configuration Scenarios on the FVL328 ........................................... 4-14

VPN Consortium Scenario 1:

Gateway-to-Gateway with Preshared Secrets .......................................................4-15

FVL328 Scenario 1: FVL328 to Gateway B with IKE and VPN Policies ................4-16

VPN Consortium Scenario 2:

Gateway-to-Gateway with Certificates ...................................................................4-22

FVL328 Scenario 2: FVL328 to FVL328 with RSA Certificates .............................4-22

Chapter 5 Managing Your Network

Network Management Information ................................................................................. 5-1

Viewing Router Status and Usage Statistics ............................................................ 5-1

vi Contents

Viewing Attached Devices ........................................................................................5-4

Viewing, Selecting, and Saving Logged Information ................................................5-5

Changing the Include in Log Settings ................................................................5-6

Enabling the Syslog Feature .............................................................................5-7

Examples of Log Messages ..................................................................................... 5-7

Activation and Administration ............................................................................5-7

Dropped Packets ...............................................................................................5-7

Enabling Security Event E-mail Notification ...................................................................5-8

Backing Up, Restoring, or Erasing Your Settings ...........................................................5-9

Running Diagnostic Utilities and Rebooting the Router ................................................5-12

Enabling Remote Management ....................................................................................5-13

Upgrading the Router’s Firmware .................................................................................5-14

Chapter 6 Advanced Configuration

Configuring Advanced Security ......................................................................................6-1

Setting Up a Default DMZ Server .............................................................................6-1

Responding to Ping on Internet WAN Port ............................................................... 6-2

Configuring LAN IP Settings ........................................................................................... 6-2

LAN TCP/IP Setup ...................................................................................................6-2

MTU Size .................................................................................................................6-3

DHCP .......................................................................................................................6-4

Using the Router as a DHCP Server .................................................................6-4

Reserved IP Addresses .....................................................................................6-5

Configuring Dynamic DNS .......................................................................................6-6

Using Static Routes ........................................................................................................ 6-8

Static Route Example ...............................................................................................6-8

Chapter 7 Troubleshooting

Basic Functions .............................................................................................................. 7-1

Power LED Not On ................................................................................................... 7-2

Test LED Never Turns On or Test LED Stays On .....................................................7-2

Local or Internet Port Link LEDs Not On ..................................................................7-2

Troubleshooting the Web Configuration Interface ..........................................................7-3

Troubleshooting the ISP Connection ..............................................................................7-4

Troubleshooting a TCP/IP Network Using a Ping Utility .................................................7-5

Contents vii

Testing the LAN Path to Your Firewall ...................................................................... 7-5

Testing the Path from Your PC to a Remote Device ................................................7-6

Restoring the Default Configuration and Password ........................................................7-7

Using the Default Reset Button ................................................................................7-7

Problems with Date and Time .........................................................................................7-8

Appendix A Technical Specifications

Appendix B Networks, Routing, and Firewall Basics

Related Publications ...................................................................................................... B-1

Basic Router Concepts .................................................................................................. B-1

Internet Security and Firewalls .................................................................................... B-10

Ethernet Cabling .......................................................................................................... B-12

How Does VPN Work? ................................................................................................ B-13

Appendix C Preparing Your Network

Preparing Your Computers for TCP/IP Networking ....................................................... C-1

Configuring Windows 95, 98, and Me for TCP/IP Networking ................................ C-2

Configuring Windows NT, 2000 or XP for IP Networking ........................................ C-5

Configuring the Macintosh for TCP/IP Networking .................................................. C-6

Verifying the Readiness of Your Internet Account ......................................................... C-9

Restarting the Network ................................................................................................ C-12

Glossary

Index

viii Contents

List of Procedures

Procedure 2-1: Recording Your Internet Connection Information ..................................2-3

Procedure 2-2: Connecting the Firewall to Your LAN ....................................................2-4

Procedure 2-3: Auto-Detecting Your Internet Connection Type ....................................2-9

Procedure 2-4: Wizard-Detected Login Account Setup ...............................................2-10

Procedure 2-5: Wizard-Detected Dynamic IP Account Setup ..................................... 2-11

Procedure 2-6: Wizard-Detected Fixed IP (Static) Account Setup ..............................2-13

Procedure 2-7: Manual Configuration .........................................................................2-16

Procedure 3-1: Changing the Built-In Password ...........................................................3-2

Procedure 3-1: Changing the Administrator Login Timeout ..........................................3-3

Procedure 3-2: Blocking Keywords and Sites ...............................................................3-4

Procedure 3-3: Defining Services ................................................................................ 3-13

Procedure 3-4: Setting Your Time Zone ......................................................................3-14

Procedure 3-5: Scheduling Firewall Services ..............................................................3-16

Procedure 4-1: Checking VPN Connections ...............................................................4-20

Procedure 5-2: Backing Up the Configuration to a File .................................................5-9

Procedure 5-3: Restoring a Configuration from a File ................................................. 5-11

Procedure 5-4: Erasing the Configuration ................................................................... 5-11

Procedure 5-5: Configuring Remote Management ......................................................5-13

Procedure 5-1: Upgrading the Router .........................................................................5-14

Procedure 6-1: Assigning a Default DMZ Server .......................................................... 6-2

Procedure 6-2: Configuring LAN TCP/IP Setup ............................................................ 6-5

Procedure 6-3: Configuring Dynamic DNS ....................................................................6-7

Procedure 6-4: Configuring Static Routes .....................................................................6-9

xii

Preface

About This Manual

Thank you for purchasing the NETGEAR™ FVL328 Prosafe High Speed VPN Firewall.

This manual describes the features of the firewall and provides installation and configuration instructions.

Audience

This reference manual assumes that the reader has intermediate to advanced computer and Internet skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial information is provided in the Appendices.

Typographical Conventions

This guide uses the following typographical conventions:

italics Media titles, UNIX files, commands, URLs, and directory names.

bold times roman User input

Internet Protocol (IP) First time an abbreviated term is used.

courier font Screen text, user-typed command-line entries.

[Enter] Named keys in text are shown enclosed in square brackets. The notation

[Enter] is used for the Enter key and the Return key.

[Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text

linked with a plus (+) sign.

ALL CAPS DOS file and directory names.

About This Manual xiii

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Special Message Formats

This guide uses the following formats to highlight special messages:

Note: This format is used to highlight information of importance or special interest.

Procedure: This format is used to let you know that you are following a sequence of

steps required to complete a task.

Warning: This format is used to highlight information about the possibility of injury or

equipment damage.

Danger: This format is used to alert you that there is the potential for incurring an

electrical shock if you mishandle the equipment.

Technical Support

For help with any technical issues, contact Customer Support at 1-888-NETGEAR, or visit us on the Web at www.NETGEAR.com. The NETGEAR Web site includes an extensive knowledge base, answers to frequently asked questions, and a means for submitting technical questions online.

xiv About This Manual

Chapter 1

Introduction

This chapter describes the features of the NETGEAR FVL328 Prosafe High Speed VPN Firewall.

About the FVL328

The FVL328 is a complete security solution that protects your network from attacks and intrusions and enables secure communications using sharing routers that rely on Stateful Packet Inspection for The 8-port FVL328 provides highly reliable Internet access for up to 253 users with up to 100 concurrent VPN tunnels.

Network Address Translation (NAT) for security, the FVL328 uses

Denial of Service (DoS) attack protection and intrusion detection.

Virtual Private Networks (VPN). Unlike simple Internet

Key Features

The FVL328 offers the following features.

A Powerful, True Firewall

Unlike simple Internet sharing NAT routers, the FVL328 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:

• DoS protection Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.

• Blocks unwanted traffic from the Internet to your LAN.

• Blocks access from your LAN to Internet locations or services that you specify as off-limits.

Introduction 1-1

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

• Logs security incidents The FVL328 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to e-mail the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your e-mail address or e-mail pager whenever a significant event occurs.

Virtual Private Networking

The FVL328 Firewall provides a secure encrypted connection between your local network and remote networks or clients. Its VPN features include:

• Support for 100 simultaneous VPN connections.

• Support for industry standard VPN protocols. The FVL328 Prosafe High Speed VPN Firewall supports standard keying methods (Manual or IKE), standard authentication methods (MD5 and SHA-1), and standard encryption methods (DES, 3DES). It is compatible with many other VPN products.

• Support for up to 168 bit encryption (3DES) for maximum security.

• Support for VPN Main Mode, Aggressive mode, or Manual Keying.

Content Filtering

With its content filtering feature, the FVL328 prevents objectionable content from reaching your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the firewall to log and report attempts to access objectionable Internet sites.

Configurable Auto Uplink™ Ethernet Connection

With its internal 8-port 10/100 switch, the FVL328 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the local LAN and the Internet WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.

The firewall incorporates Auto UplinkTM technology. Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as to a PC or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.

1-2 Introduction

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Protocol Support

The FVL328 supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). Appendix B, “Networks, Routing, and Firewall Basics” provides further information on TCP/IP.

• IP Address Sharing by NAT The FVL328 allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account.

• Automatic Configuration of Attached PCs by DHCP The FVL328 dynamically assigns network configuration information, including IP, gateway,

domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic

and Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.

• DNS Proxy When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.

Internet service provider

• PPP over Ethernet (PPPoE) PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as EnterNet or WinPOET on your PC.

• Point-to-Point Tunneling Protocol PPTP login support for European ISPs and BigPond login for Telstra cable in Australia.

• Dynamic DNS Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The firewall contains a client that can connect to many popular Dynamic DNS services to register your dynamic IP address.

Easy Installation and Management

You can install, configure, and operate the FVL328 within minutes after connecting it to the network. The following features simplify installation and management tasks:

Introduction 1-3

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

• Browser-based management Browser-based configuration allows you to easily configure your firewall from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help documentation is built into the browser-based Web Management Interface.

• Smart Wizard The firewall automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account.

• Remote management The firewall allows you to login to the Web Management Interface from a remote location via the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.

• Diagnostic functions The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot. These functions allow you to test Internet connectivity and reboot the firewall. You can use these diagnostic functions directly from the FVL328 when your are connected on the LAN or when you are connected over the Internet via the remote management function.

• Visual monitoring The firewall’s front panel LEDs provide an easy way to monitor its status and activity.

• Flash EPROM for firmware upgrade

• Regional support, including ISPs like Telstra DSL and BigPond or Deutsche Telekom.

1-4 Introduction

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

What’s in the Box?

The product package should contain the following items:

• FVL328 Prosafe High Speed VPN Firewall

•AC power adapter

• Category 5 (CAT5) Ethernet cable

• FVL328 Resource CD, including:

— This manual

— Application notes, tools, and other helpful information

• Warranty and registration card

• Support information card

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.

The Firewall’s Front Panel

The front panel of the FVL328 (Figure 1-1) contains status LEDs.

MODEL

ProSafe Hi-Speed VPN Firewall

Cable/DSL

PWR TEST

INTERNET LOCAL

100

LNK/ACT

12345678

100

LNK/ACT

FVL328

Figure 1-1: FVL328 Front Panel

You can use some of the LEDs to verify connections. Table 1-1 lists and describes each LED on the front panel of the firewall.

Introduction 1-5

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

These LEDs are green when lit, except for the TEST LED, which is amber.

Table 1-1: LED Descriptions

Label Activity Description

POWER On Power is supplied to the firewall.

TEST On

Off

INTERNET

100 On/Blinking The Internet port is operating at 100 Mbps.

LINK/ACT (Activity) On/Blinking The port detected a link with the Internet WAN connection and is

LOCAL

100 On/Blinking The Local port is operating at 100 Mbps.

LINK/ACT

On/Blinking The Local port has detected a link with a LAN connection and is

(Link/Activity)

The system is initializing. The system is ready and running.

operating at 10 Mbps. Blinking indicates data transmission.

The Firewall’s Rear Panel

The rear panel of the FVL328 (Figure 1-2) contains the connections identified below.

LOCAL

876543221INTERNET

10/100M

12VDC O.5A

Figure 1-2: FVL328 Rear Panel

Viewed from left to right, the rear panel contains the following elements:

• Ground connector

• Factory Default Reset push button

• Eight Local Ethernet RJ-45 ports for connecting the firewall to local computers

• Internet WAN Ethernet RJ-45 port for connecting the firewall to a cable or DSL modem

• AC power adapter input

1-6 Introduction

Chapter 2

Connecting the Firewall to the Internet

This chapter describes how to set up the firewall on your Local Area Network (LAN), connect to the Internet, perform basic configuration of your FVL328 Prosafe High Speed VPN Firewall using the Setup Wizard, or how to manually configure your Internet connection.

What You Will Need Before You Begin

You need to prepare these three things before you can connect your firewall to the Internet:

1. A computer properly connected to the firewall as explained below.

2. Active Internet service such as that provided by a DSL or Cable modem account.

3. The Internet Service Provider (ISP) configuration information for your DSL or Cable modem

account.

LAN Hardware Requirements

The FVL328 Firewall connects to your LAN via twisted-pair Ethernet cables.

Computer Requirements

To use the FVL328 Firewall on your network, each computer must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided with your firewall.

Cable or DSL Modem Requirement

The cable modem or DSL modem must provide a standard 10 Mbps 10BASE-T or 100 Mbps 100BASE-T Ethernet interface.

Connecting the Firewall to the Internet 2-1

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

LAN Configuration Requirements

For the initial connection to the Internet and configuration of your firewall, you will need to connect a computer to the firewall which is set to automatically get its TCP/IP configuration from the firewall via DHCP.

Note: Please refer to Appendix C, "Preparing Your Network" for assistance with DHCP

configuration.

Internet Configuration Requirements

Depending on how your ISP or IT group set up your Internet access, you will need one or more of these configuration parameters to connect your firewall to the Internet:

• Host and Domain Names

• ISP Login Name and Password

• ISP Domain Name Server (DNS) Addresses

• Fixed or Static IP Address

Where Do I Get the Internet Configuration Parameters?

There are several ways you can gather the required Internet connection information.

• Your ISP should have provided you with all the information needed to connect to the Internet. If you cannot locate this information, you can ask your ISP to provide it or you can try one of the options below.

• If you have a computer already connected using the active Internet access account, you can gather the configuration information from that computer.

• For Windows 95/98/Me, open the Network control panel, select the TCP/IP entry for the

Ethernet adapter, and click Properties.

• For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP entry

for the Ethernet adapter, and click Properties.

• For Macintosh computers, open the TCP/IP or Network control panel.

• You may also refer to the FVL328 Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs.

Once you locate your Internet configuration parameters, you may want to record them on the page below according to the instructions in

page 2-3.

2-2 Connecting the Firewall to the Internet

“Recording Your Internet Connection Information” on

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Procedure 2-1: Recording Your Internet Connection Information

1. Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP).

ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs. If you connect using a login name and password, then fill in the following:

Service Name: _____________________________

Fixed or Static IP Address: If you have a static IP address, record the following information. For example, 169.254.141.148 could be a valid IP address.

Fixed or Static Internet IP Address: ______ . ______ . ______ . ______

Subnet Mask: ______ . ______ . ______ . ______

Gateway IP Address: ______ . ______ . ______ . ______

ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following:

Primary DNS Server IP Address: ______ . ______ . ______ . ______

Secondary DNS Server IP Address: ______ . ______ . ______ . ______

Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or

home. If you haven’t been given host or domain names, you can use the following examples as a

guide:

• If your main e-mail account with your ISP is aaa@yyy.com, then use aaa as your host name. Your ISP might call this your account, user, host, computer, or system name.

• If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.

ISP Host Name: _________________________ ISP Domain Name: _______________________

Connecting the Firewall to the Internet 2-3

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Connecting the FVL328 Firewall to Your LAN

This section provides instructions for connecting the FVL328 Prosafe High Speed VPN Firewall to your

Note: The Resource CD included with your firewall contains an animated Installation Assistant to

help you through this procedure.

Procedure 2-2: Connecting the Firewall to Your LAN

There are three steps to connecting your firewall:

• Connect the firewall to your network.

• Log in to the firewall.

• Connect to the Internet.

Follow the steps below to connect your firewall to your network. You can also refer to the Resource CD included with your firewall which contains an animated Installation Assistant to help you through this procedure.

Local Area Network (LAN).

1. Connect the firewall

a. Turn off your computer and cable or DSL modem.

2-4 Connecting the Firewall to the Internet

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

b. Disconnect the Ethernet cable (A) from your computer which connects to your cable or

DSL modem.

DSL modem

Figure 2-1: Disconnect the cable or DSL modem

c. Connect the Ethernet cable (A) from your Cable or DSL modem to the FVL328’s Internet

port.

Cable or

DSL modem

Figure 2-2: Connect the cable or DSL modem to the firewall

Connecting the Firewall to the Internet 2-5

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

d. Connect the Ethernet cable (B) which came with the firewall from a Local port on the

router to your computer.

Cable or

DSL modem

Figure 2-3: Connect the computers on your network to the firewall

Note: The FVL328 Firewall incorporates Auto UplinkTM technology. Each Ethernet port will automatically sense whether the cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or hub). That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.

e. Turn on the cable or DSL modem and wait about 30 seconds for the lights to stop blinking.

2. Log in to the firewall

Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. Please refer to instructions on how to do this.

a. Turn on the firewall and wait for the TEST light to stop blinking.

b. Now, turn on your computer.

Note: If you usually run software to log in to your Internet connection, do not run that software.

2-6 Connecting the Firewall to the Internet

Appendix C, "Preparing Your Network" for

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Now that the cable or DSL modem, firewall, and the computer are turned on, verify the following:

• When power on the firewall was first turned on, the PWR light went on, the TEST light

turned on within a few seconds, and then went off after approximately 10 seconds.

• The firewall’s LOCAL LINK/ACT lights are lit for any computers that are connected to it.

• The firewall’s INTERNET LINK light is lit, indicating a link has been established to the

cable or DSL modem.

c. Next, use a browser like Internet Explorer or Netscape to log in to the firewall at its default

address of http://192.168.0.1.

Figure 2-4: Log in to the firewall

A login window opens as shown in Figure 2-5 below:

Figure 2-5: Login window

d. For security reasons, the firewall has its own user name and password. When prompted,

admin for the firewall User Name and password for the firewall Password, both in

enter lower case letters. This default password should be changed later, see,

“Protecting Access

to Your FVL328 Firewall“ on page 3-1.

Note: The user name and password are not the same as any user name or password you may use to log in to your Internet connection.

Connecting the Firewall to the Internet 2-7

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

3. Connect to the Internet

Figure 2-6: Setup Wizard

a. You are now connected to the firewall. If you do not see the menu above, click the Setup

Wizard link on the upper left of the main menu. Click the Yes button in the Setup Wizard.

b. Please click Next to follow the steps in the Setup Wizard to input the configuration

parameters from your ISP to connect to the Internet.

Note: If you were unable to connect to the firewall, please refer to “Basic Functions” on page 7-1.

Connecting the FVL328 Firewall to the Internet

The firewall is now properly attached to your network. You are now ready to configure your firewall to connect to the Internet. There are two ways you can configure your firewall to connect to the Internet:

• Let the FVL328 auto-detect the type of Internet connection you have and configure it.

• Manually choose which type of Internet connection you have and configure it.

These options are described below. In either case, unless your ISP automatically assigns your configuration automatically via DHCP, you will need the configuration parameters from your ISP you recorded in “Recording Your Internet Connection Information” on page 2-3.

2-8 Connecting the Firewall to the Internet

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

Procedure 2-3: Auto-Detecting Your Internet Connection Type

The Web Configuration Manager built in to the firewall contains a Setup Wizard that can automatically determine your network connection type.

1. If your firewall has not yet been configured, the Setup Wizard shown in Figure 2-7 should

launch automatically.

When the Wizard launches, select Yes in the menu below to allow the firewall to automatically determine your connection.

Figure 2-7: Built-in Web-based Configuration Manager Setup Wizard

Note: If, instead of the Setup Wizard menu, the main menu of the firewall’s Configuration Manager as shown in

Figure 2-11 appears, click the Setup Wizard link in the upper left to

bring up this menu.

2. Click Next.

The Setup Wizard will now check for the following connection types:

• Dynamic IP assignment

• A login protocol such as PPPoE

• Fixed IP address assignment

Next, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration menu. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your firewall and the cable or DSL modem. When the connection is properly made, the firewall’s Internet LED should be on.

Connecting the Firewall to the Internet 2-9

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

The procedures for filling in the configuration menu for each type of connection follow below.

Procedure 2-4: Wizard-Detected Login Account Setup

If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet (PPPoE), you will be directed to a menu like the PPPoE menu in

Figure 2-8:

Figure 2-8: Setup Wizard menu for PPPoE login accounts

1. Enter your Account Name (may also be called Host Name) and Domain Name. These

parameters may be necessary to access your ISP’s services such as mail or news servers. If you leave the Domain Name field blank, the firewall will attempt to learn the domain automatically from the ISP. If this is not successful, you may need to enter it manually.

2. Enter the PPPoE login user name and password provided by your ISP. These fields are case

sensitive. If you wish to change the login timeout, enter a new value in minutes.

Note: You will no longer need to launch the ISP’s login program on your PC in order to access

the Internet. When you start an Internet application, your firewall will automatically log you in.

2-10 Connecting the Firewall to the Internet

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

3. Domain Name Server (DNS) Address: If you know that your ISP does not automatically

transmit DNS addresses to the firewall during login, select “Use these DNS servers” and enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also.

If you enter an address here, after you finish configuring the firewall, reboot your PCs so that the settings take effect.

4. Click on Apply to save your settings.

5. Click on the Test button to test your Internet connection. If the NETGEAR website does not

appear within one minute, refer to

Chapter 7, Troubleshooting.

Procedure 2-5: Wizard-Detected Dynamic IP Account Setup

If the Setup Wizard determines that your Internet service account uses Dynamic IP assignment, you will be directed to the menu shown in

Figure 2-9 below:

Figure 2-9: Setup Wizard menu for Dynamic IP address

1. Enter your Account Name (may also be called Host Name) and Domain Name. These

Connecting the Firewall to the Internet 2-11

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual

2. If you know that your ISP does not automatically transmit DNS addresses to the firewall

during login, select “Use these DNS servers” and enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also.

A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP address of one or two DNS servers to your firewall during login. If the ISP does not transfer an address, you must obtain it from the ISP and enter it manually here. If you enter an address here, you should reboot your PCs after configuring the firewall.

3. The Router’s MAC Address is the Ethernet MAC address that will be used by the firewall on

the Internet port.

If your ISP allows access from only one specific computer’s Ethernet MAC address, select “Use this MAC address.” The firewall will then capture and use the MAC address of the computer that you are now using. You must be using the one computer that is allowed by the ISP. Otherwise, you can type in a MAC address.

Note: Some ISPs will register the Ethernet MAC address of the network interface card in your PC when your account is first opened. They will then only accept traffic from the MAC address of that PC. This feature allows your firewall to masquerade as that PC by using its MAC address.

4. Click on Apply to save your settings.

5. Click on the Test button to test your Internet connection. If the NETGEAR website does not

appear within one minute, refer to

2-12 Connecting the Firewall to the Internet

Chapter 7, Troubleshooting.

+ 121 hidden pages

NETGEAR FVL328 User guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Audience

Typographical Conventions

Special Message Formats

Technical Support

About the FVL328

Key Features

A Powerful, True Firewall

Virtual Private Networking

Content Filtering

Configurable Auto Uplink™ Ethernet Connection

Protocol Support

Easy Installation and Management

What’s in the Box?

The Firewall’s Front Panel

The Firewall’s Rear Panel

What You Will Need Before You Begin

LAN Hardware Requirements

Computer Requirements

Cable or DSL Modem Requirement

LAN Configuration Requirements

Internet Configuration Requirements

Where Do I Get the Internet Configuration Parameters?

Procedure 2-1: Recording Your Internet Connection Information

Connecting the FVL328 Firewall to Your LAN

Procedure 2-2: Connecting the Firewall to Your LAN

Connecting the FVL328 Firewall to the Internet

Procedure 2-3: Auto-Detecting Your Internet Connection Type

Procedure 2-4: Wizard-Detected Login Account Setup

Procedure 2-5: Wizard-Detected Dynamic IP Account Setup