NETGEAR FVS318 User Manual

Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

NETGEAR,Inc.
4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR
SM-FVS318NA-0 April 2002
© 2002 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR and Auto Uplink are trademarks or registered trademarks of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequen cy Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
EN 55 022 Declaration of Conformance
This is to certify that the Model FVS318 Cable/DSL ProSafe VPN Firewall is shielded against the generation o f radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
ii
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das Model FVS318 Cable/DSL ProSafe VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the Model FVS318 Cable/DSL ProSafe VPN Firewall has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.
Technical Support
Refer to the Support Information Card that shipped with your Model FVS318 Cable/DSL ProSafe VPN Firewall.
World Wide Web
NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
iii
iv

Contents

About This Guide
Typographical Conventions ............................................................................................. xv
Special Message Formats ...............................................................................................xvi
Technical Support ............................................................................................................xvi
Related Publications ........................................................................................................xvi
Chapter 1 Introduction
About the FVS318 VPN Firewall ....................................................................................1-1
Key Features ..................................................................................................................1-1
A Powerful, True Firewall .........................................................................................1-1
Virtual Private Networking (VPN) .............................................................................1-2
Content Filtering .......................................................................................................1-2
Configurable Ethernet Connection ...........................................................................1-2
Protocol Support ......................................................................................................1-3
Easy Installation and Management ..........................................................................1-3
Maintenance and Support ........................................................................................1-4
Chapter 2 SettingUptheHardware
Package Contents ..........................................................................................................2-1
Local Network Hardware Requirements .........................................................................2-2
PC Requirements ..............................................................................................2-2
Access Device Requirement .............................................................................2-2
The Firewall’s Front Panel ..............................................................................................2-3
The Firewall’s Rear Panel ..............................................................................................2-4
Connecting the Firewall ..................................................................................................2-4
Connecting to Your Internet Access Device .............................................................2-5
Connecting to your Local Ethernet Network .............................................................2-5
Connecting the Power Adapter ................................................................................2-6
Verifying Connections .....................................................................................................2-6
Contents v
Chapter 3 Preparing Your Network
Preparing Your Personal Computers for IP Networking .................................................3-1
Configuring Windows 95, 98, and ME for IP Networking ................................................3-2
Install or Verify Windows Networking Components ..................................................3-2
Assign TCP/IP configuration by DHCP ....................................................................3-4
Selecting Internet Access Method ............................................................................3-4
Verifying TCP/IP Properties .....................................................................................3-5
Configuring Windows NT or 2000 for IP Networking ......................................................3-5
Install or Verify Windows Networking Components ..................................................3-5
Verifying TCP/IP Properties .....................................................................................3-6
Configuring the Macintosh for IP Networking .................................................................3-6
MacOS 8.6 or 9.x ...............................................................................................3-7
MacOS X ...........................................................................................................3-7
Verifying TCP/IP Properties (Macintosh) ..................................................................3-8
Your Internet Account .....................................................................................................3-8
Login Protocols ........................................................................................................3-9
Account Information .................................................................................................3-9
Obtaining ISP Configuration Information (Windows) .......................................3-10
Obtaining ISP Configuration Information (Macintosh) .....................................3-11
Restarting the Network .................................................................................................3-11
Ready for Configuration ................................................................................................3-12
Chapter 4 Basic Configuration
Accessing the Web Configuration Manager ...................................................................4-1
Configuration using the Setup Wizard ............................................................................4-4
Configuring for Dynamic IP Account ........................................................................4-5
Configuring for Fixed IP Account .............................................................................4-6
Configuring for an Account with Login .....................................................................4-7
Manual Configuration .....................................................................................................4-8
Completing the Configuration .........................................................................................4-9
Chapter 5 Configuring Security Features
Security Log ....................................................................................................................5-2
Block Sites ......................................................................................................................5-3
vi Contents
Schedule .........................................................................................................................5-5
Time Zone ..........................................................................................................5-6
E-Mail .............................................................................................................................5-7
Chapter 6 Virtual Private Networking
What is a VPN ................................................................................................................6-2
Accessing Network Resources from a VPN Client PC ......................................6-3
Linking Two Networks Together .........................................................................6-4
Planning the VPN .....................................................................................................6-4
Configuring a VPN Between Two LANs .........................................................................6-4
Check the LAN Address Ranges .......................................................................6-5
Configure the First Firewall ................................................................................6-5
Configure the Second Firewall ..........................................................................6-8
Check the VPN Connection ...............................................................................6-8
Using the VPN Connection ..............................................................................6-10
Configuring a VPN Between a LAN and a Remote PC ................................................6-10
Configuring the Firewall .........................................................................................6-10
Installing the VPN Client Software .........................................................................6-13
Configuring the Client Software .............................................................................6-14
Open the Security Policy Editor .......................................................................6-14
Create a VPN Connection ...............................................................................6-14
Configure the Security Policy ..........................................................................6-15
Configure the VPN Client Identity ....................................................................6-17
Configure VPN Client Authentication Proposal ...............................................6-18
Configure VPN Client Key Exchange Proposal ...............................................6-19
Save the VPN Client Settings ..........................................................................6-19
Check the VPN Connection .............................................................................6-20
Monitoring the VPN Connection using SafeNet Tools .....................................6-20
Using the VPN Connection ..............................................................................6-22
Accessing Remote Resources across a VPN ..............................................................6-23
Other Topics .................................................................................................................6-23
Deleting a Security Association ..............................................................................6-23
Security Association Notes ....................................................................................6-23
Alternative: Using Manual Keying ..........................................................................6-24
Contents vii
Chapter 7 Maintenance
System Status .................................................................................................................7-1
Attached Devices ............................................................................................................7-4
Changing the Administration Password ..........................................................................7-4
Configuration File Settings Management .......................................................................7-5
Restore and Backup the Configuration ....................................................................7-6
Erase the Configuration ...........................................................................................7-6
Router Upgrade ..............................................................................................................7-7
Chapter 8 Advanced Configuration
Configuring for Port Forwarding to Local Servers ..........................................................8-2
Default DMZ Server .................................................................................................8-3
Supporting Internet Services, Applications, or Games .............................................8-4
Local Web and FTP Server Example ................................................................8-4
Tip: Multiple Computers for Half Life, KALI or Quake III ....................................8-5
Respond to Ping on Internet WAN Port ...................................................................8-5
Dynamic DNS .................................................................................................................8-6
LAN IP Setup ..................................................................................................................8-7
LAN TCP/IP Setup ...................................................................................................8-7
MTU Size .................................................................................................................8-8
DHCP .......................................................................................................................8-9
Use router as DHCP server ...............................................................................8-9
Reserved IP adresses .....................................................................................8-10
Static Routes ................................................................................................................8-10
Static Route Example .............................................................................................8-12
Remote Management ...................................................................................................8-13
Chapter 9 Troubleshooting
Basic Functioning ...........................................................................................................9-1
Power LED Not On ...................................................................................................9-2
Test LED Never Turns On or Test LED Stays On .....................................................9-2
LAN or WAN Port LEDs Not On ...............................................................................9-3
Troubleshooting the Web Configuration Interface ..........................................................9-4
Troubleshooting the ISP Connection ..............................................................................9-5
viii Contents
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................9-6
Testing the LAN Path to Your Firewall ......................................................................9-6
Testing the Path from Your PC to a Remote Device ................................................9-7
Restoring the Default Configuration and Password ........................................................9-8
Using the Default Reset button ................................................................................9-8
Problems with Date and Time .........................................................................................9-8
Troubleshooting the VPN Connection ..........................................................................9-10
Appendix A Technical Specifications
Appendix B Networks, Routing, and Firewall Basics
Basic Router Concepts .................................................................................................. B-1
What is a Router? ................................................................................................... B-1
Routing Information Protocol ................................................................................... B-2
IP Addresses and the Internet ................................................................................. B-2
Netmask .................................................................................................................. B-4
Subnet Addressing .................................................................................................. B-5
Private IP Addresses ............................................................................................... B-7
Single IP Address Operation Using NAT ................................................................. B-8
MAC Addresses and Address Resolution Protocol ................................................. B-9
Domain Name Server .............................................................................................. B-9
IP Configuration by DHCP .................................................................................... B-10
Ethernet Cabling .......................................................................................................... B-10
Uplink Switches and Crossover Cables .................................................................B-11
Cable Quality ..........................................................................................................B-11
Internet Security and Firewalls .....................................................................................B-11
What is a Firewall? ................................................................................................ B-12
Stateful Packet Inspection ..................................................................................... B-12
Denial of Service Attack ........................................................................................ B-12
Glossary Index
Contents ix
x Contents
Figure 2-1. FVS318 Front Panel ................................................................................2-3
Figure 2-2. FVS318 Rear Panel .................................................................................2-4
Figure 4-1. Login window ...........................................................................................4-2
Figure 4-2. Browser-based configuration main menu ................................................4-3
Figure 4-3. Setup Wizard menu for Dynamic IP address ...........................................4-5
Figure 4-4. Setup Wizard menu for Fixed IP address ................................................4-6
Figure 4-5. Setup Wizard menu for PPPoE login accounts ........................................4-7
Figure 6-1. VPN Settings Window ..............................................................................6-6
Figure 6-2. VPN Edit menu for IKE ............................................................................6-6
Figure 6-3. VPN Settings Window ............................................................................6-11
Figure 6-4. VPN Edit menu for connecting with a VPN client ...................................6-11
Figure 6-5. VPN Edit menu for Manual Keying ........................................................6-24
Figure 7-1. System Status screen ..............................................................................7-1
Figure 7-2. Router Statistics screen ...........................................................................7-3
Figure 7-3. Attached Devices menu ...........................................................................7-4
Figure 7-4. Set Password menu .................................................................................7-5
Figure 7-5. Settings Backup menu .............................................................................7-6
Figure 7-6. Router Upgrade menu .............................................................................7-7
Figure 8-1. Port Forwarding Menu .............................................................................8-2
Figure 8-2. LAN IP Setup Menu .................................................................................8-7
Figure 8-3. Static Routes Summary Table ................................................................8-11
Figure 8-4. Static Route Entry and Edit Menu ..........................................................8-1 1
Figure B-1. Three Main Address Classes .................................................................. B-3
Figure B-2. Example of Subnetting a Class B Address ............................................. B-5
Figure B-3. Single IP Address Operation Using NAT ................................................ B-8
xi
xii
Table 2-1. LED Descriptions .....................................................................................2-3
Table 5-1. Log entry descriptions ..............................................................................5-2
Table 5-2. Log action buttons ....................................................................................5-3
Table 7-1. Menu 3.2 - System Status Fields .............................................................7-2
Table 7-2. Router Statistics Fields ...........................................................................7-3
Table B-1. Netmask Notation Translation Table for One Octet ................................. B-6
Table B-2. Netmask Formats .................................................................................... B-6
Table B-3. UTP Ethernet cable wiring, straight-through ......................................... B-10
xiii
xiv

About This Guide

Congratulations on your purchase of the NETGEAR™Model FVS318 Cable/DSL ProSafe VPN Firewall. A firewall is a special type of router that incorporates features for security. The FVS318 VPN Firewall is a complete security solution that protects your network from attacks and intrusions while allowing secure connections with other trusted users over the Internet.
This guide describes the features of the firewall and provides installation and configuration instructions.

Typographical Conventions

This guide uses the following typographical conventions: italics Book titles and UNIX file, command, and directory names.
courier font Screen text, user-typed command-line entries.
Initial Caps Menu titles and window and button names. [Enter] Named keys in text are shown enclosed in square brackets. The notation
[Enter] is used for the Enter key and the Return key.
[Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text
linked with a plus (+) sign.
ALL CAPS DOS file and directory names.
About This Guide xv
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

Special Message Formats

This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Caution: This format is used to highlight information that will help you prevent
equipment failure or loss of data.
Warning: This format is used to highlight information about the possibility of injury or
equipment damage.
Danger: This format is used to alert you that there is the potential for incurring an
electrical shock if you mishandle the equipment.

Technical Support

For help with any technical issues, contact Customer Support at 1-888-NETGEAR, or visit us on the Web at www.NETGEAR.com. The NETGEAR Web site includes an extensive knowledge base, answers to frequently asked questions, and a means for submitting technical questions online.

Related Publications

As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet. The RFC documents outline and define the standard protocols and procedures for the Internet. The documents are listed on the World Wide Web at www.ietf.org andaremirroredandindexedat many other sites worldwide.
xvi About This Guide
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.
For more information about IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
About This Guide xvii
Chapter 1
Introduction
This chapter describes the features of the NETGEAR Model FVS318 Cable/DSL ProSafe VPN Firewall.

About the FVS318 VPN Firewall

The FVS318 VPN Firewall is a complete security solution that protects your network from attacks and intrusions while allowing secure connections with other trusted users over the Internet. Unlike simple Internet sharing routers that rely on NAT for security, the FVS318 uses Stateful Packet Inspection, widely considered as the most effective method of filtering IP traffic, to ensure secure firewall filtering. The FVS318 allows Internet access for up to 253 users, and is capable of eight simultaneous VPN connections.

Key Features

The FVS318 VPN Firewall offers the following features.

A Powerful, True Firewall

Unlike simple Internet sharing NAT routers, the FVS318 VPN Firewall is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:
Denial of Service (DoS) protection Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.
Blocks unwanted traffic from the Internet to your LAN.
Blocks access from your LAN to Internet locations that you specify as off-limits
Introduction 1-1
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
Logs security incidents The FVS318 VPN Firewall will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs.

Virtual Private Networking (VPN)

The FVS318 VPN Firewall provides a secure encrypted connection between your local network and remote networks or clients. Its VPN features include
Supports eight simultaneous VPN connections.
Supports industry standard VPN protocols The FVS318 supports standard keying methods (Manual or IKE), standard authentication methods (MD5 and SHA-1), and standard encryption methods (DES, 3DES). It is compatible with many other VPN products.
Supports up to 168 bit encryption (3DES) for maximum security.

Content Filtering

With its content filtering feature, the FVS318 VPN Firewall prevents objectionable content from reaching your PCs. The FVS318 allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the FVS318 to log and report attempts to access objectional Internet sites.

Configurable Ethernet Connection

With its internal 8-port 10/100 switch, the FVS318 VPN Firewall can connect to either a 10 M bps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN interface is autosensing and is capable of full-duplex or half-duplex operation.
The firewall incorporates Auto Uplink automatically sense whether the Ethernet cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or hub). That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.
1-2 Introduction
TM
technology. Each LOCAL Ethernet port will
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

Protocol Support

The FVS318 VPN Firewall supports the Transmission Control Protocol/Internet Protocol (TCP/ IP) and Routing Information Protocol (RIP).
For further information about TCP/IP, refer to Appendix B, “Networks, Routing, and Firewall
Basics.”
IP Address Sharing by NAT The FVS318 VPN Firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as Network Address Translation (NAT), allows the use of an inexpensive single-user ISP account.
Automatic Configuration of Attached PCs by DHCP The FVS318 VPN Firewall dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.
DNS Proxy When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.
PPP over Ethernet (PPPoE) PPP over Ethernet is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as Entersys or WinPOET on your PC.
•DynamicDNS Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The firewall contains a client that can connect to many popular Dynamic DNS services to register your dynamic IP address.

Easy Installation and Management

You can install, configure, and operate the FVS318 VPN Firewall within minutes after connecting it to the network. The following features simplify installation and management tasks:
Introduction 1-3
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
Browser-based management Browser-based configuration allows you to easily configure your firewall from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizardis provided and online help documentation is built into the browser-based Web Management Interface.
Smart Wizard The FVS318 automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account.
Remote management The FVS318 allows you to login to the Web Management Interface from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.
Visual monitoring The firewall’s front panel LEDs provide an easy way to monitor its status and activity.

Maintenance a nd Support

NETGEAR offers the following features to help you maximize your use of the firewall:
Flash EPROM for firmware upgrade
Five-year warranty, two years on power adapter
Free technical support seven days a week, twenty-four hours a day
1-4 Introduction
Chapter 2
Setting Up the Hardware
This chapter describes the Model FVS318 Cable/DSL ProSafe VPN Firewall hardware and provides instructions for installing it.

Package Contents

The product package should contain the following items:
Model FVS318 Cable/DSL ProSafe VPN Firewall
AC power adapter
Category 5 (CAT5) Ethernet cable
Model FVS318 Resource CD, including: — This manual — Application Notes, Tools, and other helpful information
FVS318 Cable/DSL ProSafe VPN Firewall Installation Guide
Warranty and registration card
Support information card
If any of the parts are incorrect, m issing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.
Setting Up the Hardware 2-1
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

Local Network Hardware Requirements

The FVS318 VPN Firewall is intended for use in a network of personal computers (PCs) that are interconnected by twisted-pair Ethernet cables.

PC Requirements

To install and run the FVS318 VPN Firewall over your network of PCs, each PC must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the PC will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the cable provided with your firewall.

Access Device Requirement

The shared broadband access device (cable modem or DSL modem) must provide a standard 10 Mbps (10BASE-T) Ethernet interface.
2-2 Setting Up the Hardware
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

The Firewall’s Front Panel

The front panel of the Model FVS318 Cable/DSL ProSafe VPN Firewall (Figure 2-1) contains status LEDs.
Figure 2-1. FVS318 Front Panel
You can use some of the LEDs to verify connections. Table 2-1 lists and describes each LED on the f ront panel of the firewall. These LEDs are green when lit, except for the TEST LED, which is amber.
Table 2-1. LED Descriptions
Label Activity Description
POWER On Power is supplied to the firewall. TEST On
Off
INTERNET
LINK On The Internet port has detected a link with an attached device. ACT (Activity) Blinking Data is being transmitted or received by the Internet port.
LOCAL
100 (100 Mbps) On
Off
LINK/ACT (Link/Activity)
On Blinking
The system is initializing. The system is ready and running.
The Local port is operating at 100 Mbps. The Local port is operating at 10 Mbps.
The Local port has detected a link with an attached device. Data is being transmitted or received by the Local port.
Setting Up the Hardware 2-3
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

The Firewall’s Rear Panel

The rear panel of the FVS318 VPN Firewall (Figure 2-2) contains port connections.
Figure 2-2. FVS318 Rear Panel
The rear panel contains the following features:
Power switch
AC power adapter outlet
Internet (WAN) Ethernet port for connecting the firewall to a cable or DSL modem
Eight Local (LAN) Ethernet ports for connecting the firewall to the local PCs
Factory Default Reset pushbutton
Grounding terminal

Connecting the Firewall

Before using your firewall, you need to do the following:
Connect your cable or DSL modem to the Internet port of the firewall (described next.
Connect your local Ethernet network to the Local port(s) of the firewall (see page 2-5).
Connect the power adapter (see page 2-6)
Note: The Resource CD included with your firewall contains an animated Connection Guide to
help you through this procedure.
2-4 Setting Up the Hardware
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

Connecting to Your Internet Access Device

Yourcable or DSL modem must provide a standard 10BASE-T Ethernet connection (not USB) for connection to your PC or network. The FVS318 VPN Firewall does not include a cable for this connection. Instead, use the Ethernet cable provided with your access device or any other standard 10BASE-T Ethernet cable. Follow these steps:
1. Locate the Ethernet cable currently going from your DSL or cable modem to the computer that
you use to access the Internet.
Note: You must use the existing cable to connect the modem to your firewall, not to connect
your PCs to your firewall. The Ethernet cable supplied by your ISP for connecting to your cable or DSL modem may be an Ethernet crossover cable rather than a normal straight-through cable.
2. Remove this cable from the computer and insert that end into the Internet port on the firewall.
3. Turn the cable or DSL modem off for ten seconds, then on again.

Connecting to your Local Ethernet Network

Your local area network (LAN) will attach to the firewall’s Local ports shown in Figure 2-2.The Local ports are capable of operation at either 10 Mbps (10BASE-T) or 100 Mbps (100BASE-Tx), depending on the Ethernet interface of the attached PC, hub, or switch. For any connection which will operate at 100 Mbps, you must use a Category 5 (CAT5) rated Ethernet cable, such as the cable included with the firewall.
The FVS318 VPN Firewall incorporates an eight-port switch for connection to your local network. Connect up to eight PCs directly t o any of the eight Local ports of the firewall using standard Ethernet cables such as the one included with your firewall.
If your local network consists of more than eight hosts, you will need to connect your firewall to another hub or switch. In this case, c onnect any LOCAL port of your firewall to any port of an Ethernet hub or switch. The firewall’s LOCAL port will automatically configure itself for the uplink connection.
Note: The FVS318 V PN Firewall incorporates Auto Uplink
TM
technology. Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or hub). That port will then configure itself to the correct configuration. This feature also eliminates the need to w orry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.
Setting Up the Hardware 2-5
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall

Connecting the Power Adapter

To connect the firewall to the power adapter:
1. Plug the connector of the power adapter into the power adapter outlet on the rear panel of the
firewall.
2. Plug the other end of the adapter into a standard wall outlet.
3. Turn the Power switch to the ON position.
4. Verifythat the Power LED on the firewall is lit.

Verifying Connections

After applying power to the firewall, complete the following steps to verify the connections to it:
1. When power is first applied, verify that the POWER LED is on.
2. Verifythat the TEST LED turns on within a few seconds.
3. After approximately 10 seconds, verify that:
a. The TEST LED has turned off. b. The LOCAL LINK/ACT LEDs are lit for any local ports that are connected. c. The INTERNET LINK/ACT LED is lit.
If a LINK/ACT LED is lit, a link has been established to the connected device.
4. If any LOCAL port is connected to a 100 Mbps device, verify that the 100 LED for that port is
lit.
The firewall is now properly attached to the network. Next, you need to prepare your network to access the Internet through the firewall. See the following chapter.
2-6 Setting Up the Hardware
Chapter 3
Preparing Your Network
This chapter describes how to prepare your PC network to connect to the Internet through the Model FVS318 Cable/DSL ProSafe VPN Firewall and how to order broadband Internet service from an Internet service provider (ISP). .
Note: If an ISP technician configured your PC during the installation of a broadband
modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of your firewall. Write down this information before reconfiguring your PCs. Refer to “Obtaining ISP
Configuration Information (Windows)”onpage 3-10 or “Obtaining ISP Configuration Information (Macintosh)”onpage 3-11 for further information.

Preparing Your Personal Computers for IP Networking

Personal Computers access the Internet using a protocol called TCP/IP (Transmission Control Protocol/Internet Protocol). Each PC on your network must have TCP/IP installed and selected as its networking protocol. If a Network Interface Card (NIC) is already installed in your PC, then TCP/IP is probably already installed as well.
Note: In this chapter, we use the term “PC” to refer to personal computers in general, and not
necessarily Windows computers. Most PC operating systems include the software components you need for networking with TCP/
IP:
®
Windows
Windows 3.1 does not include a TCP/IP component. You need to purchase a third-party TCP/
IP application package such as NetManage Chameleon.
Preparing Your Network 3-1
95 or later includes the software components for establishing a TCP/IP network.
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
Macintosh Operating System 7 or later includes the software components for establishing a
TCP/IP network.
All versions of UNIX or Linux include TCP/IP components. Follow the instructions provided
with your operating system or networking software to install TCP/IP on your computer..
In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address. In most cases, you should install TCP/IP so that the PC obtains its specific network configuration information automatically from a DHCP server during bootup. For a detailed explanation of the meaning and purpose of these configuration items, refer to “Appendix B, “Networks, Routing, and Firewall Basics.”
The FVS318 VPN Firewall is shipped preconfigured as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the PCs are rebooted:
PC or workstation IP addresses—192.168.0.2 through 192.168.0.254
Subnet mask—255.255.255.0
Gateway address (the firewall)—192.168.0.1 These addresses are part of the IETF-designated private address range for use in private networks.

Configuring Windows 95, 98, and ME for IP Networking

As part of the PC preparation process, you need to manually install and configure TCP/IP on each networked PC. Before starting, locate your Windows CD; you may need to insert it during the TCP/IP installation process.

Install or Verify Windows Networking Components

To install or verify the necessary components for IP networking:
1. On the Windows taskbar, click the Start button, point to Settings, and then click Control Panel.
2. Double-click the Network icon.
The Network window opens, which displays a list of installed components:
3-2 Preparing Your Network
Loading...
+ 108 hidden pages