Netgear FVM318 Reference Guide
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
SM-FVM318NA-0
December 2002
© 2002 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR, the Netgear logo, The Gear Guy, Everybody's Connecting and Auto Uplink are trademarks or
registered trademarks of Netgear, Inc. in the United States and/or other c ountries. Microsoft and Windows
are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other
countries. Other brand and product names are trademarks or registered trademarks of their respective
holders. Information is subject to change without notice. All rights reserved.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liabi l ity that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Radiation Exposure Stateme nt
This equipment complies with FCC radi ation exposure limits set forth fo r an uncontro lled environm ent. In order to avoid
the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less
than 20 cm (8 inches) from all persons and must not be co-located or operating in conjunction with any other antenna or
radio transmitter. Installers and end-users must follow the installation instructions provided in this user guide.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has b een tested and found to co mply with the limits f or a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential inst allation. This equipment generates, uses, and can radiate radio freq uency energy and, if not insta ll ed and
used in accordance with the inst ructions, m ay caus e harmful inte rference to radio c ommunic ations. Ho wever, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving an t enna.
• Increase the separation between the equip ment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
EN 55 022 Declaration of Conformance
This is to certify that the FVM318 Cable/ DSL ProSafe Wireless VPN Security Firewall is shielded against the
generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a.
Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
ii
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß dasFVM318 Cable/DSL ProSafe Wireless VPN Security Firewall gemäß der im
BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben
einiger Geräte (z.B . Testsender) kann jedoch gewissen Beschrän kungen unterliegen. Lesen Sie dazu bitte die
Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall has been suppressed
accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some
in
equipment (for example, test transm itt ers) i n accordance with the regulations may, however, be subject to certain
restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second categor y (information equipment to be used in a residentia l area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver, it may become the cause of radi o i nt erference.
Read instructions for correct handling.
Technical Support
PLEASE REFER TO THE SUPPORT INFORMATION CARD THAT SHIPPED WITH YOUR PRODUCT.
By registering your product at www.NETGEAR.com/register, we can provide you with faster expert technical support
and timely notices of product and software upgr ades.
NETGEAR, INC.
Support Information
Phone: 1-888-NETGEAR (For US & Canada only)
For other countries see your Support information card
E-mail: Support@NETGEAR.com
Web site: www.NETGEAR.com
iii
iv
Contents
Preface About This Manual
Chapter 1 Introduction
Key Features of the FVM318 ..........................................................................................1-1
Virtual Private Networking (VPN) .............................................................................1-1
Enhanced Wireless Security Through IPSec ...........................................................1-2
A Powerful, True Firewall with Content Filtering ......................................................1-2
Autosensing Ethernet Connections with Auto Uplink™ ...........................................1-2
Extensive Protocol Support ......................................................................................1-3
Easy Installation and Management ..........................................................................1-4
What’s in the Box? ..........................................................................................................1-5
The Firewall’s Front Panel .......................................................................................1-5
The Firewall’s Rear Panel ........................................................................................1-7
Chapter 2 Connecting the Firewall to the Internet
What You Will Need Before You Begin ...........................................................................2-1
Cabling and Computer Hardware Requirements .....................................................2-1
Network Configuration Requirements ......................................................................2-1
Internet Configuration Requirements .......................................................................2-2
Where Do I Get the Internet Configuration Parameters? .........................................2-2
Connecting the FVM318 to Your LAN .............................................................................2-4
PPPoE Wizard-Detected Option ..............................................................................2-9
Dynamic IP Wizard-Detected Option .....................................................................2-10
Fixed IP Account Wizard-Detected Option .. ....... ............................................. ...... .2-11
Manually Configuring Your Internet Connection ...........................................................2-12
Chapter 3 Wireless Configuration
Considerations For A Wireless Network .........................................................................3-1
Contents v
Observe Performance, Placement and Range Guidelines ......................................3-1
Implement Appropriate Wireless Security ................................................................3-2
Understanding Wireless Settings ...................................................................................3-3
Wireless Network Settings .......................................................................................3-3
Restricting Access Based on the Wireless Card Access List ...................................3-4
Choosing Authentication and Security Encryption Methods ....................................3-4
Automatic Authentication Scheme Selection .....................................................3-4
Encryption Strength Choices .............................................................................3-5
Disable 3-5
IPSec 3-5
64 or 128 bit WEP 3-6
Configuring IPSec Wireless Connections .....................................................................3-12
Using SoftRemoteLT Instead of SoftRemote Basic ................................................3-17
Chapter 4 Protecting Your Network
Protecting Access to Your FVM318 firewall ....................................................................4-1
Configuring Basic Firewall Servic es ......................................................... ...... ....... ......... 4- 3
Blocking Functions, Keywords, Sites, and Services ................................................4-3
Blocking Services .....................................................................................................4-5
Setting Times and Scheduling Firewall Services ............................................................4-7
Chapter 5 Virtual Private Networking
FVM318 VPN Overview ..................................................................................................5-1
FVM318 VPN Configuration Planning ............................................................................5-3
Network to Network VPN Tunnel Configuration Worksheet 5-4
Network Configuration Settings 5-5
PC to Network VPN Tunnel Configuration Worksheet 5-9
Monitoring the PC VPN Connection Using SafeNet Tools .....................................5-18
Manual Keying ..............................................................................................................5-19
Blank VPN Tunnel Configuration Worksheets ..............................................................5-22
Chapter 6 Managing Your Network
Network Management Information .................................................................................6-1
Viewing Router Status and Usage Statistics ............................................................6-1
Viewing Attached Devices ........................................................................................6-4
vi Contents
Viewing, Selecting, and Saving Logged Information ................................................6-5
Selecting What Information to Include in the Log ..............................................6-6
Enabling SYSLOG .............................................................................................6-7
Examples of log messages ......................................................................................6-7
Activation and Administration ............................................................................6-7
Dropped Packets ...............................................................................................6-7
Enabling Security Event E-mail Notification ...................................................................6-8
Backing Up, Restoring, or Erasing Your Settings ...........................................................6-9
Running Diagnostic Utilities and Rebooting the Router ................................................6-11
Enabling Remote Management ....................................................................................6-12
Upgrading the Router’s Firmware .................................................................................6-13
Chapter 7 Advanced Configuration
Configuring Advanced Security ......................................................................................7-1
Setting Up A Default DMZ Server ............................................................................7-1
Respond to Ping on Internet WAN Port ...................................................................7-2
Configuring LAN IP Settings ...........................................................................................7-2
LAN TCP/IP Setup ...................................................................................................7-2
MTU Size .................................................................................................................7-4
Using the Router as a DHCP Server ........................................................................7-4
Configuring Dynamic DNS .......................................................................................7-7
Using Static Routes ........................................................................................................7-8
Chapter 8 Troubleshooting
Basic Functions .................................... ....... ...... ............................................. ....... ...... ...8-1
Power LED Not On ...................................................................................................8-2
Test LED Never Turns On or Test LED Stays On .....................................................8-2
Local or Internet Port Link LEDs Not On ..................................................................8-2
Troubleshooting the Web Configuration Interface ..........................................................8-3
Troubleshooting the ISP Connection ..............................................................................8-4
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................8-5
Restoring the Default Configuration and Password ........................................................8-7
Problems with Date and Time .........................................................................................8-8
Contents vii
Appendix A Technical Specifications
Appendix B Network, Routing, Firewall, and Wireless Basics
Related Publications ...................................................................................................... B-1
Basic Router Concepts ................... ...... ....... ...... ....... ...... ....... ...... .................................. B - 1
Internet Security and Firewalls .................................................................................... B-10
Wireless Networking .................................................................................................... B-12
Wireless Network Configuration ............................................................................ B-12
Ad Hoc Mode (Peer-to-Peer Workgroup) ....................................................... B-12
Infrastructure Mode ..................................... ...... ....... ...... ...... ....... ...... ............. B-12
Extended Service Set Identification (ESSID) ........................................................ B-13
Authentication and WEP Encryption ..................................................................... B-13
802.11b Authentication ................................................................................... B-13
Open System Authentication B-14
Shared Key Authentication B-15
Overview of WEP Parameters ........................................ ...... ....... ................... B-16
Key Size B-17
WEP Configuration Options B-17
Wireless Channel Selection .................................................................................. B-18
Ethernet Cabling .......................................................................................................... B-19
How Does VPN Work? ................................................................................................ B-21
IKE: Managing and Exchanging Keys ................................................................... B-21
Negotiating the SA - the Internet Key Exchange (IKE) ................................... B-22
Authentication: Phase 1 B-22
Key Exchange: Phase 2 B-23
Two Common Applications of VPN ....................................................................... B-23
Accessing Network Resources from a VPN Client PC ................................... B-23
Linking Two Networks Together ...................................................................... B-24
Additional Reading ......................................................................................... B-24
Appendix C Preparing Your Network
Preparing Your Computers for TCP/IP Networking .......................................................C-1
Configuring Windows 95, 98, and Me for TCP/IP Networking .......................................C-2
Configuring Windows NT4, 2000 or XP for IP Networking ............................................ C-7
viii Contents
Configuring the Macintosh for TCP/IP Networking ......................................................C-17
Verifying the Readiness of Your Internet Account ....................................................... C-19
Restarting the Network ................................................................................................C-22
Glossary
Index
Contents ix
x Contents
List of Procedures
Procedure 2-1: Record Your Internet Connection Information ......................................2-3
Procedure 2-2: Connecting the Firewall to Your LAN ....................................................2-4
Procedure 2-3: Configuring the Internet Connection Manually ...................................2-13
Procedure 3-1: Set Up and Test Basic Wireless Connectivity .......................................3-7
Procedure 3-2: Restrict Wireless Access by MAC Address ..........................................3-9
Procedure 3-3: Configure WEP ...................................................................................3-10
Procedure 3-4: Configure Basic IPSec Wireless Connections ....................................3-13
Procedure 3-5: Configuring the SoftRemoteLT Full Client ..........................................3-18
Procedure 4-1: Changing the Administrator Password .................................................4-1
Procedure 4-2: Changing the Administrator Login Timeout ..........................................4-3
Procedure 4-3: Blocking Functions, Keywords, and Sites .............................................4-4
Procedure 4-4: Configuring Services Blocking ..............................................................4-6
Procedure 4-5: Setting Yo ur Time Zone ........................................................................4-8
Procedure 4-6: Scheduling Firewall Services ................................................................4-9
Procedure 5-1: Configuring a Network to Network VPN Tunnel ....................................5-4
Procedure 5-2: Configuring a Remote PC to Network VPN ..........................................5-8
Procedure 5-3: Deleting a Security Association ..........................................................5-19
Procedure 5-4: Using Manual Keying as an Alternative to IKE ...................................5-19
Procedure 6-1: Backup the Configuration to a File .......................................................6-9
Procedure 6-2: Restore a Configuration from a File ....................................................6-10
Procedure 6-3: Erase the Configuration ......................................................................6-10
Procedure 6-4: Configure Remote Management ........................................................6-12
Procedure 6-5: Router Upgrade ..................................................................................6-14
Procedure 7-1: Using Reserved IP Addresses ..............................................................7-5
Procedure 7-2: Configuring LAN TCP/IP Settings .........................................................7-6
Procedure 7-3: Configuring Dynamic DNS ....................................................................7-7
Procedure 7-4: Configuring Static Routes .....................................................................7-9
Procedure 8-5: Testing the LAN Path to Your Firewall ..................................................8-6
Procedure 8-6: Testing the Path from Your PC to a Remote Device .............................8-7
Procedure 8-7: Using the Default Reset button .............................................................8-8
xi
xii
Preface
About This Manual
Thank your for purchasi ng t he NETGEAR® FVM318 Cable/DSL ProSafe Wireless VPN Security
Firewall. This manual describes the features of the firewall and provides installation and
configuration instructions.
Audience
This reference manu al assumes th at the reade r has int ermediate to advanced com puter and Intern et
skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial
information is provided in the Appendices.
Typographical Conventions
This guide uses the following typographical conventions:
italics Media titles, UNIX files, commands, URLs, and directory names.
bold times roman User input
Internet Protocol (IP)First time an abbreviated term is used.
courier font Screen text, user-typed com mand-line entries.
[Enter] Named keys in text are shown enclosed in square brackets. The notation
[Enter] is used for the Enter key and the Return key.
[Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text
linked with a plus (+) sign.
SMALL CAPS DOS file and directory names.
About This Manual xiii
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
Special Message Forma ts
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Warning: This format is used to highlight information about the possibility of injury or
equipment damage.
Danger: This format is used to alert you that there is the potential for incurring an
electrical shock if you mishandle the equipment.
xiv About This Manual
Chapter 1
Introduction
This chapter describes the features of the NETGEAR® FVM318 Cable/DSL ProSafe Wireless
VPN Security Firewall.
Key Features of the FVM318
The FVM318 firewall is a complete security solution that protects your network from attacks and
intrusions while allowing secure connections with other trusted users over the Internet and across
your local wireless network.
Unlike simple Interne t sh ari ng routers that rely on network addr es s translation
the FVM318 firewall uses Stateful Packet Inspection, widely considered as the most effective
method of filtering IP traffic, to ensure secure firewall filtering. The FVM318 firewall allows
Internet access for up to 253 users.
Applying the full strength of
network, th e FVM318 fire wall provides a level of wireless securi ty unmatched by other wire less
routers that use WEP encryption.
Internet Protocol Security (IPSec) encryption across the wireless
(NAT) for security,
Virtual Private Networking (VPN)
The FVM318 firewall provides a secure encrypted connection between your local area network
(LAN) and remote networks or clients. It includes the following VPN features:
• Supports 70 external VPN connections and 32 local wireless VPN connections.
• Supports industry standard VPN protocols
The FVM318 firewall supports standard Manual or IKE keying methods, standard MD5 and
SHA-1 authentication methods, and standard DES, 3DES, and AES encryption methods. It is
compatible with many other VPN products.
• Supports up to 256 bit AES encryption for maximum security.
Introduction 1-1
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
Enhanced Wireless Security Through IPSec
The FVM318 firewall allows you to easily create an IPSec-encrypted VPN tunnel from your
wireless PC to the firewall.
• Easy to deploy - The included SafeNet SoftRemote Basic VPN client requires only three
parameters to configure a secure connection to the firewall.
• 256 bit AES encryption provides a much higher level of protection than WEP.
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT routers, the FVM318 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
• Denial of Service (DoS) protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs sec urity incidents.
The FVM318 will log security events such as blocked incoming traffic, port scans, attacks,
and administrator logins. You can configure the firewall to email the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your email
address or email pager whenever a significant event occurs.
• With its content filtering feature, the FVM318 prevents objectionable content from reaching
your PCs. The firewall allows you to control acces s to Internet content by screening for
keywords within Web addresses. You can configure the firewall to log and report attempts to
access objectionable In ternet sites.
Autosensing Ethernet Connections with Auto Uplink™
With its internal 8-port 10/100 switch, the FVM318 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. The LAN interfaces are autosensing and
capable of full-duplex or half-duplex operation.
1-2 Introduction
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
The firewall incorporates Auto UplinkTM technology. Each LOCAL Ethernet port will
automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’
connection such as to a PC or an ‘uplin k’ connecti on such as to a switch or hub. Th at port wil l then
configure itself to the correct configuration. This feature also eliminates the need to worry about
crossover cables, as Auto Uplink will accommodate either type of cable to make the right
connection.
Extensive Protocol Support
The FVM318 supports the Transmissio n Co ntr ol Protocol/Internet Pr ot ocol (TCP/IP) and Routing
Information Protocol (RIP). Appendix B-1, “Network, Routing, Firewall, and Wireless Basics”
provides further information on TCP/IP.
• IP Address Sharing by NAT
The FVM318 allows severa l networke d PCs to sha re an Int ernet accoun t usin g only a si ngle IP
address, which may be statically or dynamically assigned by your Internet service provider
(ISP). This technique, known as
inexpensive single-user ISP account.
• Automatic Configuration of Attached PCs by DHCP
Network Address Translation (NAT), allows the use of an
The FVM318 dynamically assigns network configuration information, including IP, gateway,
and
domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic
Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on
your local network. See
Appendix C-1, “Preparing Your Computers for TCP/IP Networking”
for instructions on configuring your computers for DHCP.
• DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the firewall provides its own
address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from
the ISP during connection setup and forwards DNS requests from the LAN.
• Point-to-Point Protocol over Ethernet (PPPoE)
PPPoE connects computers to the Internet over a DSL connection by simulating a dial-up
connection. This feature eliminates the need to run a login program such as EnterNet
®
WinPOET
on your PC.
®
or
• PPTP login support for European ISPs, and BigPond login for Telstra cable in Australia.
•Dynamic DNS.
Introduction 1-3
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
Dynamic DNS services allow remote users to find your network using a domain name when
your IP address is not pe rman ent ly assigned. The firewall contai ns a client that can connect to
a Dynamic DNS service to register your dynamic IP address.
Easy Installation and Management
You can install, configure, and operate the FVM318 within minutes after connecting it to the
network. The following features simplify installation and management tasks:
• Browser-based management.
Browser-based configuration allows you to easily configure your firewall from almost any
type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup
Wizard is provided and online help documentation is built into the browser-based Web
Configuration Manager.
• Smart Wizard.
The firewall automatically senses the type of Internet connection, asking you only for the
information required for your type of ISP account.
• Remote management.
The firewall allows you to logi n t o the W eb Management Interface from a re mo te loc ati on vi a
the Internet. For security, you can limi t remote management access to a specified remote IP
address or range of addresses, and you can choose a nonstandard port number.
• Diagnostic functions.
The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote
reboot. These functi ons allow you to test Inter net conne ctivity and reboot the fi rewall. You can
use these diagnostic functions directly from the FVM318 when your are connect on the LAN
or when you are connected over the Internet via the remote management function.
• Visual monitoring.
The firewall’s front panel LEDs provide an easy way to monitor its status and activity.
• Flash EPROM for firmware upgrade
1-4 Introduction
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
What’s in the Box?
The product package should contain the following items:
• FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall.
• AC power adapter.
• Category 5 (CAT5) Ethernet cable.
• FVM318 Resource CD, including:
— This manual.
— Application Notes, Tools, and other helpful information.
— SafeNet SoftRemote Basic VPN client so ftware.
• Warranty and registration card.
• Support information card.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the product for repair.
The Firewall’s Front Panel
The front panel of the FVM318 (Figure 1-1) contain s various status LEDs.
ProSafe Wireless VPN Security Firewall
Cable/DSL
PWR TEST
INTERNET
WLAN
LNK
ACT
Enable
LOCAL
12345678
Figure 1-1: FVM318 Front Panel
Introduction 1-5
100
LNK/ACT
MODEL
FVM318
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
You can use some of the LEDs to identify the status of the firewall and verify connections.
Table 1-1 describes each LED on the front pa nel of the firewall.
These LEDs are green when lit, except for the TEST LED, which is amber.
Table 1-1: LED Descriptions
Label Activity Description
POWER On Power is supplied to the firewall.
TEST On
Off
INTERNET
LINK On The port detected a link with the Internet WAN connection.
ACT On/Blinking Blinking indicates data transmission.
WLAN On The wireless interface is enabled.
LOCAL
100 On
Off
LINK/ACT On/Blinking The Local port has detected a link with a LAN connection.
The system is initializing.
The system is ready and running.
The Local port is operating at 100 Mbps.
Indicates data trans mi ssion at 10 Mbp s.
Blinking indicates data transmission.
1-6 Introduction
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
The Firewall’s Rear Panel
The rear panel of the FVM318 (Figure 1-2) contains the connections identified below.
LOCAL
10/100M
876543221
INTERNET
Figure 1-2: FVM318 Rear Panel
Viewed from left to right, the rear panel contains the following elements:
• Ground connector.
• Factory Default Reset push button.
• Eight Local Ethernet RJ-45 ports for connecting the firewall to the local computers.
• Internet WAN Ethernet RJ-45 port for connecting the firewall to a cable or DSL modem.
• Wireless antenna.
• AC power adapter input.
• Power switch.
12VDC O.5A
OFF ON
Introduction 1-7
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
1-8 Introduction
Chapter 2
Connecting the Firewall to the Internet
This chapter describes how to set up the firewall on your Local Area Network (LAN), con nect to
the Internet, perform basic configuration of your FVM318 Cable/DSL ProSafe Wireless VPN
Security Firewall using the Setup Wizard, or how to manually configure your Internet connection.
What You Will Need Before You Begin
You need to prepare these three things before you begin:
1. Have active Internet service such as that provided by an cable or DSL broadband account.
2. Locate the Internet Service Provider (ISP) configuration information for your account.
3. Connect the firewall to a cable or DSL modem and a computer as explained below.
Cabling and Computer Hardware Requirements
To use the FVM318 firewall on your network, each computer must have an installed Ethernet
Network Interface Card
at 100 Mbps, you must use a Category 5
(NIC) and an Ethernet cable. If the computer will con nect to your net work
(CAT5) cable such as the one provided with your fire wall.
Network Configuration Requirements
The FVM318 includes a built-in Web Configuration Manager. To access the configuration menus
®
on the FVM318, your must use a Java
uploads such as Microsoft Internet Explorer or Netscape
using Internet Explor er 5.0 or Netsc ape Navigat or 4.7 or above. Free brows er programs are readily
available for Windows
For the initial connection to the Interne t and configuration of your firewall, you will need to
connect a computer to the firewal l which is set to automa ti cally get its TCP/IP configurati on fr om
the firewall via DHCP.
Note: For help with DHCP configuration, please refer to Appendix C, "Preparing Your Network".
Connecting the Firewall to the Internet 2-1
®
, Macintosh®, or UNIX®/Linux®.
-enabled web browser program which supports HTTP
®
Navigator. NETGEAR recommends
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
The cable or DSL modem broadb and access device mu st provid e a standard 10 Mbps (10BASE-T )
Ethernet interface.
Internet Configuration Requirements
Depending on how your ISP set up your Internet account, you will need one or more of these
configuration parameters to connect your firewall to the Internet:
• Host and Domain Names.
• ISP Login Name and Password.
• ISP Domain Name Server (DNS) Addresses.
• Fixed IP Address which is also known as Static IP Address.
Where Do I Get the Internet Configuration Parameters?
There are several ways you can gather the required Internet connection information.
• Your ISP provides all the information needed to connect to the Internet. If you cannot locate
this information, you can ask your ISP to provide it or you can try one of the options below.
• If you have a computer already connected using the active Internet access account, you can
gather the configuration information from that computer.
• For Windo ws® 95/98/ME, open the Network control panel, select the TCP/IP entry for the
Ethernet adapter, and click Properties. Record all the settings for each tab page.
• For Windows 2000/XP, open the Local Area Network Connecti on, select the TCP/IP entry
for the Ethernet adapter, and click Properties. Record all the settings for each tab page.
• For Macintosh® computers, open the TCP/IP or Network control panel. Record all the
settings for each section.
• You may also refer to the NETGEAR Router ISP Guide on the FVM318 Resource CD which
provides Internet connection information for many ISPs.
Once you locate your Internet configuration parameters, record them on the page below.
2-2 Connecting the Firewall to the Internet
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
Procedure 2-1: Record Your Internet Connection Information
Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP).
ISP Login Name: The login name an d pas swor d ar e ca se s ens itive and must be entered exact ly as
given by your ISP. Some ISPs use your full e -mail addr ess as the l ogin na me. The Ser vice Na me is
not required by all ISPs. If you connect using a login name and password, then fill in the
following:
Login Name: ______________________________
Password: ____________________________
Service Name: _____________________________
Fixed or Static IP Address: If you have a static IP address, record the following information. For
example, 169.254.141.148 could be a valid IP address.
Fixed or Static Internet IP Address: ______
. ______ . ______ . ______
Subnet Mask: ______ . ______ . ______ . ______
Gateway IP Address: ______ . ______ . ______ . ______
ISP DNS Se rver Addresses: If you were given DNS server addresses, fill in the following:
Primary DNS Server IP Address: ______
. ______ . ______ . ______
Secondary DNS Server IP Address: ______ . ______ . ______ . ______
Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or
home. If you haven’t been given host or domain names, you can use the following examples as a
guide:
• If your main e-mail account with your ISP is aaa@yyy.com, then use aaa as your host name.
Your ISP might call this your account, user, host, computer, or system name.
• If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.
ISP Host Name: _________________________ ISP Domain Name: _______________________
For Wireless Acce ss: For configuration of the wireless network, record the following:
Wireless Network Name (SSID): __________________
Encryption (circle one): WEP 64, WEP 128, or IPSec
WEP or IPSec key: ____________________
Connecting the Firewall to the Internet 2-3
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
Connecting the FVM318 to Your LAN
This section provides instructions for connecting the FVM318 Cable/DSL ProSafe Wireless VPN
Security Firewall to your LAN. The Resource CD included with your firewall contains an
animated Installation Assistant to help you through this procedure.
Procedure 2-2: Conn ecting the Firewall to Your LAN
There are three steps to connecting your firewall:
1. Connect the firewall to your network.
2. Log in to the firewall.
3. Connect to the Internet.
Follow the steps below to connect your firewall to your network.
1. Connect the firewall.
a. Turn off your computer and cable or DSL Modem.
b. Disconnect the Ethernet cable (A) from your computer which connects to the modem.
A
Cable or DSL modem
Figure 2-1: Disconnect the cable or DSL Modem
2-4 Connecting the Firewall to the Internet
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
c. Connect the Ethernet cable (A) from the modem to the FVM318’s Internet port.
A
LOCA L
10/100M
876543221INTERNET
Model FVM318 Wireless VPN Security Firewall
Cable or DSL modem
12VDCO.5A
OFF ON
Figure 2-2: Connect the cable or DSL Modem to the firewall
d. Connect the Ethernet cable (B) which came with the firewall from a local port on the
router to your computer.
B
LOCA L
10/100M
876543221INTERNET
Model FVM318 Wireless VPN Security Firewall
Cable or DSL modem
Figure 2-3: Connect the computers on your network to the firewall
Connecting the Firewall to the Internet 2-5
12VDCO.5A
OFF ON
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
Note: The FVM318 firewall incorporates Auto UplinkTM technology. Each LAN Ethernet
port will automatically sense whether the cable plugged into the port should have a
'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to
a switch or hub). That port will then configure itself to the correct configuration. This
feature also eliminates the need to worry about crossover cables, as Auto Uplink will
accommodate either type of cable to make the right connection.
e. Turn on the modem and wait about 30 seconds for the lights to stop blinking.
f. Turn on the firewall and wait for the Test light to stop blinking.
g. Now, turn on your computer. If you usually run software to log in to your Internet
connection, do not run that software.
h. Now that the modem, firewall, and computer are tur ned on, verify the following:
• When the firewall was first turned on, the PWR light went on, the TEST light turned
on within a few seconds, and then went off after approximately 10 seconds.
• The firewall’s INTERNET LINK light is lit, indicating a link has been established to
the cable or DSL modem.
• The firewall’s LOCAL LINK/ACT lights are lit for any computers connected to it.
2. Log in to the firewall.
Note: T o conn ect to the fi rewall, your comput er needs to be conf igured to obt ain an IP addre ss
automatically via DHCP. Please refer to
Appendix C, "Preparing Your Network" for
instructions on how to do this.
a. Log in to the firewall at its default address of http://192.168.0.1 using a browser like
Internet Explorer or Netscape
Figure 2-4: Log in to the firewall.
2-6 Connecting the Firewall to the Internet
®
Navigator.
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
A login window opens like the one shown below.
Figure 2-5: Login window
b. For security reasons, the firewall has its own user name and password. When prompted,
enter
admin for the firewall user name and password for the firewall password, both in
lower case letters.
Note: The user name and password are not the same as any user name or password you
may use to log in to your Internet connection.
3. Connect to the Internet
Figure 2-6: Setup Wizard
Connecting the Firewall to the Internet 2-7
Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall
a. You are now connected to the firewall. If you do not see the menu above, click the Setup
Wizard link on the upper left of the main menu.
b. Click Next and follow the steps in the Setup Wizard for inputting the configuration
parameters from your ISP to connect to the Internet.
Note: If you choose not to use the Setup Wizard, you can manually configure your
Internet connection settings by following the procedure
“Manually Configuring Your
Internet Connection” on page 2-12.
Unless your ISP assigns your configuration automatically via DHCP, you will need the
configuration p arame ters from y our ISP as you r eco rded t hem p revio usly i n “ Record Your
Internet Connection Information” on page 2-3.
c. When the firewall successfu lly de tect s an ac tive I nt ernet servi ce, th e Se tup Wizard report s
which connection type it discovered, and displays the appropriate configuration menu. If
the Setup Wizard finds no connection, you will be prompted to check the physical
connection between your firewall and the cable or DSL line.
d. The Setup Wizard will report the type of connection it finds. The options are:
• Connections which require a login using protocols such as PPPoE.
Note: Customers in Austria or Australia who use Internet accounts which require
login will have to use the manual configuration procedure,
“Manually Configuring
Your Internet Connection” on page 2-12. The Smart Wizard will not detect these
options.
• Connections which use dynamic IP address assignment.
• Connections which use fixed IP address assignment.
The procedures for filling in the configuration menu for each type of connection follow
below.
2-8 Connecting the Firewall to the Internet
Loading...