Netgear FWAG114 Reference Manual

FWAG114

ProSafe™ Dual Band Wireless VPN Firewall

with 802.11a/b/g Access Point and
10/100 Mbps Switch

Tri-mode Wireless Operability, High Bandwidth, and
Business-class VPN Security

For an invaluable asset to your wireless network architecture, look to NETGEAR’s ProSafe Dual
Band Wireless VPN Firewall. Equipped with an IEEE standard 802.11a and an 802.11g access
point, it gives your wireless LAN 802.11a/b/g functionality. This high-test firewall uses
business-class 11a, is backward compatible with 11b, and delivers future-forward, 54 Mbps
11g compliance while it capitalizes on your current 11b investment. It features four auto­sensing, Auto Uplink™ 10/100 Mbps switched LAN ports, as well as Network Address
Translation (NAT) routing for IP address conservation and network shielding. True Firewall
provides total business-class security with Denial of Service (DoS) protection and Intrusion
Detection using Stateful Packet Inspection (SPI), URL access and content filtering, logging,
reporting, and real-time alerts. IPSec-based VPN end-point support reduces remote access
costs by providing two (2) 3DES-encrypted tunnels for secure WAN connections. Web
browser-based settings and on-screen help make setup a breeze, and Smart Wizard install
assistant gets your network up and running in minutes.

Two (2) built-in 802.11a/g-based antennas afford powerful tri-mode wireless signal reception and
prolong network life beyond 802.11b. Extends your network to support up to 108 Mbps wireless
throughput (802.11a in turbo mode*) without the need for any new cabling. Upgradable with new
features and enhancements via downloads from www.NETGEAR.com. Protects your investment
with a 3-year warranty.

Integrated four (4) 10/100 Mbps switched LAN ports with auto-sensing and Auto Uplink. High
bandwidth WLAN access and single IP address-sharing with up to 253 users, with up to 96 users
on the WLAN. MAC Address cloning/spoofing, Import/ Export router settings, and LAN DHCP
server controls. Advanced settings offer users additional control.

Full network protection from a True Firewall with Denial of Service (DoS) attack protection and
Intrusion Detection using Stateful Packet Inspection (SPI), logging, reporting and real-time alerts;
web page URL keyword filtering and blocking. Support for two IPSec-based VPN end-point tun­nels for secure remote connections; 168-bit IPSec-based 3DES encryption capability. NAT routing
and VPN pass-through (L2TP, PPTP, IPSec) safely share your broadband connection with multiple
computers.

Auto Uplink on LAN ports eliminates the need for crossover cables. Secure Sockets Layer (SSL)
remote management capability provides ease of deployment and administration for multiple sites.
NETGEAR’s Smart Wizard install assistant guides you through each step and automatically detects
your ISP connection type, saving time and reducing setup errors.

* Region specific

Future Ready

Dynamic

Business Class Secure

Hassle Free

Everybody’s connecting.

™

• Help is there when you need it!
NETGEAR provides, 24x7
technical support** in English,
with selected local language
support during office hours.

Desktop PCs with

FA311 network card

installed

FWAG114 ProSafe

Dual Band Wireless

VPN Firewall

Desktop PC with

FA311 network card

installed

FVS318 VPN
Firewall

Notebook PCs with

MA521 802.11b
Wireless PC Card

Broadband
modem

Internet

VPN Tunnel

encrypts your data

on the WAN

Notebook PC with

WAG511 802.11a/b/g
Dual Band Wireless PC Card

Notebook PC with

WG511 802.11g
Wireless PC Card

Technical Specifications

• Physical Interfaces:

- LAN ports: Four (4) 10/100 Mbps auto-sensing,

Auto Uplink RJ-45 ports (one Cat 5 UTP cable
included)

- WAN port:

10/100BASE-T Ethernet RJ-45
port to connect to any broadband modem
that has an ethernet LAN connection

• Security Features:

- Firewall: Stateful Packet Inspection (SPI) to prevent

notorious Denial of Service (DoS) attacks, Intrusion
Detection System (IDS) including logging, report­ing, and e-mail alerts (address, service and protocol),
Web URL content filtering, prevent replay attack
(reassembly attack). Advanced features include
block Java

™

/URL/ActiveX®based on extension,

FTP/SMTP/RPC program filtering

- VPN Functionality: Two (2) dedicated VPN tunnels,

Manual key and IKE Security Association (SA)
assignment with pre-shared key and RSA/DSA
signatures, PKI features with X.509 v.3 certificate
support, key life and IKE lifetime time settings,
perfect forward secrecy (Diffie-Hellman groups 1
and 2 and Oakley support), operating modes
(Main, Aggressive, Quick)

- IPSec support: IPSec-based 56-bit (DES) or 168-

bit (3DES) encryption algorithm, MD5 or SHA-1
hashing algorithm, AH/AH-ESP support, remote
access VPN (client-to-site), site-to-site VPN, IPSec
NAT traversal (VPN pass-through), tunnel or
transport operating mode

- Wireless Encryption: IEEE 802.11b/g Access

Point, up to 128-bit WEP (152-bit for 802.11g)
encryption IEEE 802.11a Access Point, up to
152-bit WEP encryption

- Mode of Operation: Network Address Translation

(NAT), static routing, unrestricted users per port

- IP Address Assignment: Static IP address assign

ment, internal DHCP server on LAN, DHCP
client on WAN, PPPoE client support

• Performance Features:

- Throughput: 20+ Mbps WAN-to-LAN throughput

• Management Features:

- Administration interface: Web graphic user inter

face, user name and password protected; Smart
Wizard and Auto Detect for basic parameter settings;
remote management support authenticated through IP
address or IP address range, and password; secure
sockets layer (SSL) support for remote managment;
config changes/upgrades through web GUI

- Configuration and upgrades: Upload and

download configuration settings, firmware
upgradable flash memory, and DRAM

- Logging: WELF-based logging format, SYSLOG,

e-mail alerts

• Protocol Support:

- Network: IP routing, TCP/IP, UDP, ICMP, PPPoE

- IP Addressing: DHCP (client and server)

- Routing: RIP v1, RIPv2 (Static Routing, Dynamic

Routing)

- VPN Security: IPSec (ESP, AH), MD5, SHA-1,

DES, 3DES, IKE, PKI

System Requirements

- Cable, DSL, or wireless

broadband modem and
Internet service

- Network card for each

connected PC

- 802.11a, b, or g wireless

network card on each
portable PC

- Network software (i.e. Windows)

-Internet Explorer 5.0 or higher

OR Netscape

®

Navigator 4.7

or higher

Package Contents

- FWAG114 ProSafe Dual Band

Wireless Firewall

- Power adapter

- 3m (10-ft.) Ethernet cable

- Installation guide

- Resource CD

- Warranty/Support

information card

FWAG114 ProSafe Dual Band Wireless VPN Firewall

• User Support:

- LAN: Up to 253 total users (96 users on WLAN)

• RFC Support:

PPTP client and server (RFC 2637)
IPSec tunnel mode (RFC 2401)
Authentication Header Protocol (RFC 2402)
HMAC-MD5-96 (RFC 2403)
HMAC-SHA1-96 (RFC 2404)
DES-CBC Cipher algorithm (RFC 2405)
Encapsulation Security Payload Protocol (RFC 2406)
Domain of Interpretation (RFC 2407)
Internet Security Association and
Key Management Protocol (ISAKMP) (RFC 2408)
Oakley (RFC 2412)
DHCP server (RFC 2131)
DHCP client (RFC 2131)
IP routing (RIP1, RIP2) (RFC 2453)
NAT (many-to-one) (RFC 1631)
Compression Control Protocol (RFC 1974)
IP Control Protocol (RFC 1332)
Certificate Request Message Format (RFC 2511)
PPPoE (RFC 2511)

• Functions:

Smart Wizard to automatically detect ISP Address type
(static, dynamic, PPPoE), Port Range Forwarding, Exposed
Host (DMZ), Enable/Disable WAN Ping, DNS Proxy,
MAC Address Cloning/spoofing, NTP support, URL
Content Filtering, E-mail Alerts, DHCP Server (Info and
display table), PPPoE login client support, Telstra BigPond
Cable login support, WAN DHCP Client, Diagnostic
tools (ping, trace route, other), Port/service blocking, Auto
Uplink on switch ports

• Maintenance:

Save/Restore Configuration, Restore Defaults, Upgrades
via Web Browser, Display Statistics, Logging, SYSLOG

• Hardware Specifications:

- Processor: Broadcom BCM 4702 150 MHz MIPS32

- Wireless card: 802.11a and 802.11g - Atheros 5212

- Memory: 4 Mb Flash, 8 Mb DRAM

- Power requirements: 12VDC, 1.2A; plug is localized to

coutry of sale

- Dimensions: H: 2.8 cm (1.2"); W: 19 cm (7.5");

D: 13 cm (5.1")

- Weight: .73 kg (1.61 lb.)

• Environmental Specifications:

- Operating temperature: 0 to 40°C (32 to 104°F)

- Operating humidity: 90% maximum relative humidity,

noncondensing

• Warranty:

- NETGEAR 3-year warranty

4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone: 1-888-NETGEAR (638-4327)
E-mail: info@NETGEAR.com
www.NETGEAR.com

©2004 NETGEAR, Inc. NETGEAR®, the
Netgear Logo, ProSafe, Auto Uplink, and
Everybody’s connecting are trademarks
or registered trademarks of Netgear,
Inc. in the United States and/or other
countries. Microsoft, Windows, and the
Windows logo are trademarks or
registered trademarks of Microsoft
Corporation in the United States and/or
other countries. Other brand and product
names are trademarks or registered
trademarks of their respective holders.
Information is subject to change without
notice. All rights reserved.

** Free basic installation support
provided for 90 days from date of
purchase. Advanced product features
and configurations are not included in
free basic installation support; optional
premium support available.

D-FWAG114-2

0560

!

Protected Access

Interoperable with:

TM