How it Works
NETGEAR
Loading...
FWG114P v2
User Manual
296 pgs8.44 Mb0
Table of contents
Loading...

NETGEAR FWG114P v2 User Manual

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

NETGEAR, Inc.
4500 Great America Parkway Santa Clara, CA 95054 USA
201-10301-02 May 2005
201-10301-02, May 2005
© 2005 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR is a trademark of Netgear, Inc. Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruct ions, may cause harmf ul interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Caution
1. FCC RF Radiation Exposure Statement: The equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body .
2. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
3. Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user authority to operate the equipment.
EN 55 022 Declaration of Conformance
This is to certify that the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
ii
201-10301-02, May 2005
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the ProSafe Wireless 802.1 1g Firewall/Print Server Model FWG114P v2 has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
Voluntary Contr ol Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference. Read instructions for correct handling.

Product and Publication Details

Model Number: FWG114P v2 Publication Date: May 2005 Product Family: wireless access point Product Name: ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 Home or Business Product: Business Language: English Publication Part Number: 201-10301-02
201-10301-02, May 2005
iii
iv
201-10301-02, May 2005

Contents

Chapter 1 About This Manual
Audience, Scope, Conventions, and Formats ................................................................1-1
How to Use This Manual ................................................................................................1-2
How to Print this Manual .................................................................................................1-3
Chapter 2 Introduction
Key Features of the FWG114P v2 ..................................................................................2-1
Full Routing on Both the Broadband and Serial Ports ................................. .... ... ... ..2-2
802.11g and 802.11b Wireless Networking ..............................................................2-2
Virtual Private Networking ........................................................................................2-3
Wireless Multimedia (WMM) Support .......................................................................2-3
A Powerful, True Firewall with Content Filtering ......................................................2-3
Security ....................................................................................................................2-4
Autosensing Ethernet Connections with Auto Uplink ...............................................2-4
Extensive Protocol Support ......................................................................................2-5
Easy Installation and Management ..........................................................................2-6
NETGEAR Related Products ..........................................................................................2-6
Package Contents ..........................................................................................................2-7
The FWG114P v2 Front Panel .................................................................................2-7
The FWG114P v2 Rear Panel ..................................................................................2-8
Chapter 3 Connecting the FWG114P v2 to the Internet
What You Will Need Before You Begin ..................... .... .......................................... ........3-1
Cabling and Computer Hardware Requirements .....................................................3-1
Computer Network Configuration Requirements ............................. ... ... ... ... .... ... .....3-1
Internet Configuration Requirements ....................................................................... 3-2
Where Do I Get the Internet Configuration Parameters? ............................. ............3-2
Record Your Internet Connection Information ..........................................................3-3
Contents v
201-10301-02, May 2005
Connecting the FWG114P v2 Wireless Firewall/Print Server .........................................3-4
Verify That Basic Requirements Are Met .................................................................3-4
Basic Setup Troubleshooting Tips ................................................................................3-10
FWG114P v2 Setup Wizard Auto Detection .................................................................3-10
Wizard-Detected Login Account Setup ..................................................................3-11
Wizard-Detected Dynamic IP Account Setup .........................................................3-13
Wizard-Detected Fixed IP Account Setup ..............................................................3-14
How to Configure the Serial Port as the Primary Internet Connection .........................3-15
Testing Your Internet Connection ..................................................................................3-17
Manually Configuring Your Internet Connection ...........................................................3-18
How to Manually Configure the Primary Internet Connection ................................3-19
Chapter 4 Wireless Configuration
Observing Performance, Placement, and Range Guidelines .........................................4-1
Implementing Appropriate Wireless Security ..................................................................4-2
Understanding Wireless Settings ...................................................................................4-3
Default Factory Settings ...........................................................................................4-6
Before You Change the SSID and WEP Settings ....................................................4-7
How to Set Up and Test Basic Wireless Connectivity ..............................................4-8
How to Restrict Wireless Access by MAC Address .................................................4-9
How to Configure WEP ..........................................................................................4-10
How to Configure WPA with Radius .......................................................................4-12
How to Configure WPA2 with Radius .....................................................................4-14
How to Configure WPA and WPA2 with Radius .....................................................4-16
How to Configure WPA-PSK ..................................................................................4-18
How to Configure WPA2-PSK ................................................................................4-20
How to Configure WPA-PSK and WPA2-PSK ........................................................4-21
Chapter 5 Serial Port Configuration
Configuring a Serial Port Modem ...................................................................................5-2
Basic Requirements for Serial Port Modem Configuration .......................................5-2
How to Configure a Serial Port Modem ....................................................................5-2
Configuring Auto-Rollover ..............................................................................................5-3
Basic Requirements for Auto-Rollover .....................................................................5-3
How to Configure Auto-Rollover ...............................................................................5-3
vi Contents
201-10301-02, May 2005
Configuring Dial-in on the Serial Port .............................................................................5-4
Basic Requirements for Dial-in .................................................................................5-5
How to Configure Dial-in ..........................................................................................5-5
Configuring LAN-to-LAN Settings ...................................................................................5-6
Basic Requirements for LAN-to-LAN Connections ..................................................5-6
How to Configure LAN-to-LAN Connections ............................................................5-6
Chapter 6 Firewall Protection and Content Filtering
Firewall Protection and Content Filtering Overview ............ ... .... ... ... ... .... ... ... ... ...............6-1
Using the Block Sites Menu to Screen Content ..............................................................6-1
Services and Rules Regulate Inbound and Outbound Traffic .........................................6-3
Defining a Service ....................................................................................................6-3
Using Inbound/Outbound Rules to Block or Allow Services .....................................6-4
Examples of Using Services and Rules to Regulate Traffic ...........................................6-6
Inbound Rules (Port Forwarding) .............................. ............................................... 6-6
Example: Port Forwarding to a Local Public Web Server ..................................6-7
Example: Port Forwarding for Videoconferencing .............................................6-8
Example: Port Forwarding for VPN Tunnels when NAT is Off ...........................6-8
Outbound Rules (Service Blocking or Port Filtering) ........................... ...... ....... ...... ..6-9
Outbound Rule Example: Blocking Instant Messaging ....................................6-10
Other Rules Considerations ............ ... ... ... ....................................................................6-10
Order of Precedence for Rules ..............................................................................6-11
Rules Menu Options ...............................................................................................6-11
Using a Schedule to Block or Allow Content or Traffic .................................................6-12
Setting the Time Zone ........ ... .... ... ... .......................................... ... .... ... ...................6-13
Getting E-Mail Notifications of Event Logs and Alerts ..................................................6-13
Viewing Logs of Web Access or Attempted Web Access .............................................6-16
What to Include in the Event Log ...........................................................................6-17
Chapter 7 Print Server
Printing Options ..............................................................................................................7-1
For Windows XP and 2000, Use TCP/IP LPR Printing ...................................................7-2
For Windows 95/98/Me, Use the Netgear Printer Port Driver .........................................7-6
Printing from the Macintosh ............................................................................................7-9
Windows Printer Port Management ..............................................................................7-10
Contents vii
201-10301-02, May 2005
Troubleshooting the Print Server ..................................................................................7-12
Chapter 8 Virtual Private Networking
Overview of FWG114P v2 Policy-Based VPN Configuration .........................................8-1
Using Policies to Manage VPN Traffic .....................................................................8-2
Using Automatic Key Management ..................................... ................................... .. 8-2
IKE Policies’ Automatic Key and Authentication Management ................................8-3
VPN Policy Configuration for Auto Key Negotiation ..................... ............................ 8-6
VPN Policy Configuration for Manual Key Exchange ...............................................8-9
Using Digital Certificates for IKE Auto-Policy Authentication .......................................8-14
Certificate Revocation List (CRL) ...........................................................................8-14
Walk-Through of Configuration Scenarios on the FWG114P v2 ..................................8-15
How to Use the VPN Wizard to Configure a VPN Tunnel .............................................8-15
VPNC Scenario 1: Gateway to Gateway with Preshared Secrets .........................8-19
Scenario 1: FWG114P v2 to FWG114P v2 with Preshared Secrets ......................8-20
How to Check VPN Connections ...........................................................................8-24
VPNC Scenario 2: Gateway-to-Gateway with Certificates ............................... ...... 8-25
Scenario 2: FWG114P v2 to FWG114P v2 with Certificates ..................................8-26
Netgear VPN Client to FWG114P v2 ............................................................................8-32
Configuration Profile .................................. ... ... ... .... ... ... ... .... ... ................................8-32
Step-By-Step Configuration of FWG114P v2 Gateway .................................................8-33
Step-By-Step Configuration of the Netgear VPN Client ...............................................8-38
Testing the VPN Connection ............................ ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... ..........8-45
From the Client PC to the FWG114P v2 ................................................................8-45
From the FWG114P v2 to the Client PC ................................................................8-46
Monitoring the PC VPN Connection ................ ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ...8-46
Viewing the FWG114P v2 VPN Status and Log Information ........................................8-47
Chapter 9 Maintenance
Viewing Wireless Firewall/Print Server Status Information ............................................. 9-1
Viewing a List of Attached Devices .................................................................................9-6
Upgrading the Router Software ......................................................................................9-7
Configuration File Management .....................................................................................9-7
Restoring and Backing Up the Configuration ...........................................................9-8
Erasing the Configuration .........................................................................................9-9
viii Contents
201-10301-02, May 2005
Changing the Administrator Password ...........................................................................9-9
Chapter 10 Advanced Configuration
Using the WAN Setup Options ........ ... ... ... .... ... ... ... ... .... .......................................... ... ...10-1
How to Configure Dynamic DNS ..................................................................................10-3
Using the LAN IP Setup Options ..................................................................................10-5
Configuring LAN TCP/IP Setup Parameters ..........................................................10-5
Using the Router as a DHCP server ......................................................................10-7
Using Address Reservation ....................................................................................10-7
Configuring Static Routes .............................................................................................10-8
Enabling Remote Management Access .....................................................................10-10
Using Universal Plug and Play (UPnP) ......................................................................10-11
Advanced Wireless Settings .......................................................................................10-12
Chapter 11 Troubleshooting
Basic Functioning .........................................................................................................11-1
Power LED Not On .................................................................................................11-1
LEDs Never Turn Off ..............................................................................................11-2
LAN or Internet Port LEDs Not On ......... ... ... ... ... .... ... ... ..........................................11-2
Troubleshooting the Web Configuration Interface ........................................................11-3
Troubleshooting the ISP Connection ............................................................................11-4
Troubleshooting a TCP/IP Network Using a Ping Utility ...............................................1 1-5
Testing the LAN Path to Your Router .....................................................................11-5
Testing the Path from Your Computer to a Remote Device ...... ... .... ... ...................11-6
Restoring the Default Configuration and Password ............ ... .... ... ... ... .... ... ... ... ... .... ... ...11-7
Problems with Date and Time .......................................................................................11-7
Appendix A Technical Specifications
Appendix B Networks, Routing, and Firewall Basics
Related Publications ...................................................................................................... B-1
Basic Router Concepts .................................................................................................. B-1
What is a Router? ................................................................................................... B-1
Routing Information Protocol ................................................................................... B-2
IP Addresses and the Internet ......................................... .... ... ... ... .... ... ... ... ... .... ... ... . B-2
Netmask .................................... ................................................................ ..............B-4
Contents ix
201-10301-02, May 2005
Subnet Addressing .................................................................................................. B-4
Private IP Addresses ................................. ... ... ... .......................................... ........... B-7
Single IP Address Operation Using NAT ................................................................. B-7
MAC Addresses and Address Resolution Protocol ................................................. B-9
Related Documents ................................................................................................. B-9
Domain Name Server .............................................................................................. B-9
IP Configuration by DHCP .............................. ... .... ... ... ... .... .................................. B-10
Internet Security and Firewalls .................................................................................... B-10
What is a Firewall? .................................................................................................B-11
Stateful Packet Inspection ............................... ... .... ... ... ... .... ... ................................B-11
Denial of Service Attack .........................................................................................B-11
Ethernet Cabling ................................. ... ... .... .......................................... ... ... ... .............B-11
Category 5 Cable Quality ...................................................................................... B-12
Inside Twisted Pair Cables .................................................................................... B-13
Uplink Switches, Crossover Cables, and MDI/MDIX Switching ............................ B-14
Appendix C Preparing Your Network
Preparing Your Computers for TCP/IP Networking ................................ ... ... ... ... .... ... ... . C-1
Configuring Windows 95, 98, and Me for TCP/IP Networking ....................................... C-2
Install or V erify Windows Networking Components ................................................. C-2
Enabling DHCP to Automatically Configure TCP/IP Settings .................................C-4
Selecting Windows’ Internet Access Method ................ ......................... ........... C-4
Verifying TCP/IP Properties .................................................................................... C-5
Configuring Windows NT, 2000 or XP for IP Networking ................................. .............. C-5
Installing or Verifying Windows Networking Components ......... ... .... ... ...... ... .... ... ... . C-5
Verifying TCP/IP Properties .................................................................................... C-6
Configuring the Macintosh for TCP/IP Networking ........................................................ C-6
MacOS 8.6 or 9.x ...................... ... ... ... .... ... ... ... ... .......................................... ...........C-6
MacOS X ...... ...................................... .... ... ... ... ... .... ... ... ....................................... ... . C-7
Verifying TCP/IP Properties for Macintosh Computers ...........................................C-8
Verifying the Readiness of Your Internet Account ......................................................... C-9
Are Login Protocols Used? ..................................................................................... C-9
What Is Your Configuration Information? ................................................................C-9
Obtaining ISP Configuration Information for Windows Computers .......................C-10
Obtaining ISP Configuration Information for Macintosh Computers ..................... C-11
x Contents
201-10301-02, May 2005
Restarting the Network ................................................................................................ C-12
Appendix D Firewall Log Formats
Action List ...................................................................................................................... D-1
Field List ........................................................................................................................ D-1
Outbound Log ..................................... .......................................... ................................. D-1
Inbound Log ...................................................................................................................D-2
Other IP Traffic ... ... ... ... ... .... ...................................... .... ... ... ... .... .................................... D-2
Router Operation ........................................................................................................... D-3
Other Connections and Traffic to this Router ................................................................ D-4
DoS Attack/Scan ...........................................................................................................D-4
Access Block Site .......................................................................................................... D-6
All Web Sites and News Groups Visited ........................................................................D-6
System Admin Sessions ................................................................................................ D-6
Policy Administration LOG .............................................................................................D-7
Appendix E Wireless Networking Basics
Wireless Networking Overview .............................. ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... .... E-1
Infrastructure Mode ................................................................................................. E-1
Ad Hoc Mode (Peer-to-Peer Workgroup) ................................................................ E-2
Network Name: Extended Service Set Identification (ESSID) ................................ E-2
Authentication and WEP Data Encryption .............................................. ... ... ... ... .... ... ... . E-2
802.11 Authentication .............................................................................................. E-3
Open System Authentication .............................. .... ... ... ... .... ... ... ... .... ....................... E-3
Shared Key Authentication ...................................................................................... E-4
Overview of WEP Parameters ................................................................................ E-5
Key Size .................................................................................................................. E-6
WEP Configuration Options ...................... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... ........... E-7
Wireless Channels ....................... .... ... ... ... ..................................................................... E-7
WPA Wireless Security .................................................................................................. E-8
How Does WPA Compare to WEP? ........................................................................ E-9
How Does WPA Compare to IEEE 802.11i? ........................................................ E-10
What are the Key Features of WPA Security? ...................................................... E-10
WPA Authentication: Enterprise-level User
Authentication via 802.1x/EAP and RADIUS .................................................. E-12
WPA Data Encryption Key Management ........................................................ E-14
Contents xi
201-10301-02, May 2005
Is WPA Perfect? ........................................... .......................................... ............... E-16
Product Support for WPA ...................................................................................... E-16
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged ...... E-16
Changes to Wireless Access Points ............................................................... E-17
Changes to Wireless Network Adapters ......................................................... E-17
Changes to Wireless Client Programs .......................... ......................... ......... E-18
Appendix F Virtual Private Networking
What is a VPN? ..............................................................................................................F-1
What is IPSec and How Does It Work? ..........................................................................F-2
IPSec Security Features .............................. ... ... .... ... ... ... .... ... ... ... ............................F-2
IPSec Components ...................... ... ... .... ... ... ... ... .... ... ... ... .........................................F-2
Encapsulating Security Payload (ESP) ....................................................................F-3
Authentication Header (AH) ............................... .... ... ... ... .... ... ... ...............................F-4
IKE Security Association ........... .......................................... ... ... ... ............................F-4
Mode ...................................... ...................... ....................... ....................... ........F-5
Key Management .....................................................................................................F-6
Understand the Process Before You Begin ....................................................................F-6
VPN Process Overview ......... ... ... .... ... ... .......................................... ... .... ... .....................F-7
Network Interfaces and Addresses ..........................................................................F-7
Interface Addressing ..........................................................................................F-7
Firewalls ............................................................................................................F-8
Setting Up a VPN Tunnel Between Gateways .........................................................F-8
VPNC IKE Security Parameters ......... ... ... .... ... .............................................................F-10
VPNC IKE Phase I Parameters ..............................................................................F-10
VPNC IKE Phase II Parameters .............................................................................F-11
Testing and Troubleshooting .........................................................................................F-11
Additional Reading ...................... .... ... .......................................... ... ... .... ......................F-11
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2
Configuration Template ..................................................................................................G-1
Step-By-Step Configuration of FVS318 or FVM318 Gateway A ....................................G-2
Step-By-Step Configuration of FWG114P Gateway B ...................................................G-5
Test the VPN Connection ..............................................................................................G-9
xii Contents
201-10301-02, May 2005
Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
Configuration Template .................................................................................................. H-1
Using DDNS and Fully Qualified Domain Names (FQDN) ..................................... H-2
Step-By-Step Configuration of FVS318 or FVM318 Gateway A .................................... H-3
Step-By-Step Configuration of FVS328 Gateway B ...................................... .................H-7
Test the VPN Connection ............................................................................................ H-11
Glossary
Contents xiii
201-10301-02, May 2005
xiv Contents
201-10301-02, May 2005
Chapter 1
About This Manual
This chapter describes the intended audience, scope, conventions, and formats of this manual.

Audience, Scope, Conventions, and Formats

This reference manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial information is provided in the Appendices and on the Netgear website.
This guide uses the following typographical conventions:
Table 1-1. Typographical Conventions
italics Emphasis, books, CDs, URL names
bold User input
fixed Screen text, file and server names, extensions, commands, IP addresses
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
This manual is written for the FWG114P v2 Wireless Firewall/Print Server according to these specifications:
Table 1-2. Manual Scope
Product Version ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 Manual Publication Date May 2005
Note: Product updates are available on the NETGEAR, Inc. Web site at
http://kbserver.netgear.com/products/FWG114P v2.asp.
About This Manual 1-1
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

How to Use This Manual

The HTML version of this manual includes the following:
Buttons, and , for browsing forwards or backwards through the manual one page at a time
A button that displays the table of contents and an button. Double-click on a link in the table of contents or index to navigate directly to where the topic is described in the manual.
A button to access the full NETGEAR, Inc. online knowledge base for the product model.
Links to PDF versions of the full manual and individual chapters.
1-2 About This Manual
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

How to Print this Manual

To print this manual you can choose one of the following several options, according to your needs.
Printing a Page in the HTML View.
Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents.
Printing a Chapter.
Use the PDF of This Chapter link at the top left of any page. – Click the PDF of This Chapter link at the top right of any page in the chapter you want to
print. The PDF version of the chapter you were viewing opens in a browser window. Note: Your computer must have the free Adobe Acrobat reader installed in order to view
and print PDF files. The Acrobat reader is available on the Adobe Web site at
http://www.adobe.com.
Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
Printing the Full Manual.
Use the Complete PDF Manua l link at the top left of any page. – Click the Complete PDF Manual link at the top left of any page in the manual. The PDF
version of the complete manual opens in a browser window.
Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
About This Manual 1-3
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
1-4 About This Manual
201-10301-02, May 2005
Chapter 2
Introduction
This chapter describes the features of the NETGEAR ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2.

Key Features of the FWG114P v2

The ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2, with a 4-port switch, connects your LAN to the Internet through a broadband modem. With auto fail-over connectivity through the serial port, the FWG114P v2 provides highly reliable Internet access.
The FWG114P v2 is a complete security solution that protects your network from attacks and intrusions and enables secure communications using Virtual Private Networks (VPNs). Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FWG114P v2 uses Stateful Packet Inspection for Denial of Service attack (DoS) attack protection and intrusion detection. The FWG114P v2 allows Internet access for up to 253 users. It provides multiple Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. Parents or network administrators can establish restricted access policies based on time-of-day, Web site addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal computers.
With minimum setup, you can install and use the router within minutes. The FWG114P v2 Wireless Firewall/Print Server provides the following features:
802.11g and 802.11b standards-based wireless networking.
Easy, Web-based setup for installation and management.
Supports two VPN tunnels, Content Filtering, and Site Blocking Security.
Wireless Multimedia (WMM) support.
Built-in 4-port 10/100 Mbps Switch and USB 2.0 Printer Port.
Ethernet and Serial ports for connection to a WAN device, such as a broadband modem.
Extensive Protocol Support.
Login capability.
Front panel LEDs for easy monitoring of status and activity.
Introduction 2-1
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
Flash memory for firmware upgrade.
NAT off (classical routing).

Full Routing on Both the Broadband and Serial Ports

You can install, configure, and operate the FWG114P v2 to take full advantage of a variety of routing options on both the serial and broadband WAN ports, including:
Internet access via either the serial or broadband port.
Auto fail-over connectivity through an analog or ISDN modem connected to the serial port. If the broadband Internet connection fails, after waiting for an amount of time you specify , the FWG114P v2 can automatically establish a backup ISDN or dial-up Internet connection via the serial port on the firewall.
Remote Access Server (RAS) that allows you to log in remotely through the serial port to access a server on your LAN, other LAN resources, or the Internet, based on a user name and password you define.
LAN-to-LAN access between two FWG114P v2 wireless firewall/print servers through the serial port, with the option of enabling auto-failover Internet access across the serial LAN-to-LAN connection.

802.11g and 802.11b Wireless Networking

The FWG114P v2 Wireless Firewall/Print Server includes an 802.11g-compliant wireless access point. The access point provides:
802.11b standards-based wireless networking at up to 11 Mbps.
802.11g wireless networking at up to 54 Mbps, which conforms to the 802.11g standard.
WPA and WPA2 enterprise class strong security with RADIUS and certificate authentication as well as dynamic encryption key generation.
WPA-PSK and WPA2-PSK pre-s h are d ke y au th entication without the overhead of RADIUS servers but with all of the strong security of WPA and WPA2.
64-bit and 128-bit WEP encryption security.
WEP keys can be generated manually or by passphrase.
Wireless access can be restricted by MAC Address.
2-2 Introduction
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect.

Virtual Private Networking

The FWG114P v2 W ireless Firewall/Print Server p rovides a secure encrypted connectio n between your local network and remote networks or clients. Its VPN features include:
Support for up to 2 simultaneous VPN connections.
Support for industry standard VPN protocols. The ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 supports standard
keying methods (Manual or IKE), standard authentication methods (MD5 and SHA-1), and standard encryption methods (DES, 3DES). It is compatible with many other VPN products.
Support for up to 168 bit encryption (3DES) for maximum security.
Support for VPN Main Mode, Aggressive mode, or Manual Keying.
Support for Fully Qualified Domain Name (FQDN) configuration when the Dynamic DNS feature is enabled with one of the supported service providers.

Wireless Multimedia (WMM) Support

WMM is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of priorities, depending on the kind of data. Time-dependent information such as video or audio will have a higher priority than normal traffic. For WMM to function correctly, wireless clients must also support WMM.

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT routers, the FWG114P v2 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:
DoS protection. Automatically detects and thwarts DoS attacks, such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
Blocks unwanted traffic from the Internet to your LAN.
Blocks access from your LAN to Internet locations or services that you specify as off-limits.
Introduction 2-3
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
Logs security incidents. The FWG114P v2 will log security events, such as blocked incoming traffic, port scans,
attacks, and administrator logins. You can configure the router to e-mail the log to you at specified intervals. You can also configure the router to send immediate alert messages to your e-mail address or e-mail pager whenever a significant event occurs.
With its content filtering feature, the FWG114P v2 prevents objectionable content from reaching your PCs. The router allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the router to log and report attempts to access objectionable Internet sites.

Security

The FWG114P v2 Wireless Firewall/Print Server is equipped with several features designed to maintain security, as described in this section:
PCs hidden by NAT. NAT opens a temporary path to the Internet for requests originating from the local network.
Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN.
Port forwarding with NAT. Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the
router allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request, or to one designated “DNS” host computer. You can specify forwarding of single ports or ranges of ports.

Autosensing Ethernet Connections with Auto Uplink

With its internal 8-port 10/100 switch, the FWG11 4P v2 can conn ect to eith er a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.
TM
The router incorporates Auto Uplink whether the Ethernet cable plugged into the port should have a ‘normal’ connection, such as to a computer, or an ‘uplink’ connection, such as to a switch or hub. That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.
2-4 Introduction
technology. Each Ethernet port will automatically sense
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

Extensive Protocol Support

The FWG114P v2 Wireless Firewall/Print Server supports the Transmission Control Protocol/ Internet Protocol (TCP/IP) and Routing Information Protocol (RIP).
The ability to enable or disable IP address sharing by NAT. The FWG114P v2 allows several networked PCs to share an Internet account using only a
single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account. This feature can also be turned off completely for using the FWG114P v2 in settings where you want to manage the IP address scheme of your organization.
Automatic configuration of attached PCs by DHCP. The FWG114P v2 Wireless Firewall/Print Server dynamically assigns network configuration
information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network .
DNS Proxy. When DHCP is enabled and no DNS addresses are specified, the router provides its own
address as a DNS server to the attached PCs. The router obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.
PPP over Ethernet (PPPoE). PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by
simulating a dial-up connection. This feature eliminates the need to run a login program, such as Entersys or WinPOET on your computer.
PPTP login support for European ISPs, BigPond login for Telstra cable in Australia.
Classical IP (RFC 1577). Some Internet service providers, in Europe for example, use Classical IP in their ADSL
services. In such cases, the firewall is able to use the Classical IP address from the ISP.
Introduction 2-5
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

Easy Installation and Management

You can install, configure, and operate the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 within minutes after connecting it to the network. The following features simplify installation and management tasks:
Automatic fail-over connectivity through an analog or ISDN modem connected to the serial port. If the broadband modem Internet connection fails, after waiting for an amount of time you specify, the FWG114P v2 can automatically establish a backup ISDN or dial-up Internet connection via the serial port on the firewall.
Browser-based management. Browser-based configuration allows you to easily configure your router from almost any type
of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help documentation is built into the browser-based Web Management Interface.
Smart Wizard. The FWG114P v2 Wireless Firewall/Print Server automatically senses the type of Internet
connection, asking you only for the information required for your type of ISP account.
Diagnostic functions. The firewall incorporates built-in diagnostic functions, such as Ping, DNS lookup, and remote
reboot.
Remote management. The firewall allows you to log in to the Web Management Interface from a remote location on
the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.
Visual monitoring. The FWG114P v2 Wireless Firewall/Print Server’s front panel LEDs provide an easy way to
monitor its status and activity .
Regional support, including ISPs like Telstra DSL and BigPond, or Deutsche Telekom.
Flash memory for firmware upgrades.

NETGEAR Related Products

The following NETGEAR products are related to the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2:
ProSafe™ Dual Band Wireless PC Card Model WAG511
ProSafe™ Dual Band Wireless PCI Adapter Model WAG311
2-6 Introduction
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
54 Mbps Wireless PC Card Model WG511
54 Mbps Wireless PCI Card Model WG311
54 Mbps Wireless USB 2.0 Adapter Model WG121
ProSafe™ Indoor 5 dBi Omni-directional Antenna Model ANT24O5
ProSafe™ Indoor/Outdoor 18 dBi Patch Panel Directional Antenna Model ANT24D18
ProSafe™ Indoor/Outdoor 9 dBi Omni-directional Antenna Model ANT2409
Low-loss Antenna Cables

Package Contents

The product package should contain the following items:
ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2.
•AC power adapter.
Category 5 (Cat 5) Ethernet cable.
FWG114P Installation Guide (201-10301-01).
Resource CD for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P (SW-10023-03), including:
— This manual. — Application Notes and other helpful information.
Registration and Warranty Card.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the router for repair.

The FWG114P v2 Front Panel

The front panel of the FWG114P v2 contains the status LEDs. Use the LEDs to verify various operations. Viewed from left to right, Table 2-1 describes the LEDs on the front of the router.
Broadband
ProSafe 802.11g Wireless Firewall/Print Server
ACT
ACT
100
1234
PWR
TEST
ALERT
PRINTER MODEM IN TERNET LOCAL WLAN
LNK/ACT
LINK
Figure 2-1: FWG114P v2 Front Panel
Introduction 2-7
201-10301-02, May 2005
100
LNK/ACT
MODEL
FWG114P
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
Table 2-1. LED Descriptions
Label Activity Description
POWER On Power is supplied to the firewall. TEST On
Off
PRINTER
ACT On
Blinking
ALERT On (Amber) The printer has a problem, such as out of paper, out of ink, or a
MODEM
ACT Blinking Data is being transmitted or received by the Modem port. LINK On (Amber) The port has detected a link with an attached device.
INTERNET Note: The operation of these LEDs depends on how the WAN port is configured.
100 (100 Mbps) On
Off
LINK/ACT (Link/Activity)
LOCAL
100 (100 Mbps) On
LINK/ACT (Link/Activity)
WLAN On
On Blinking
Off On
Blinking
Blinking
The system is initializing. The system is ready and running.
The printer is connected and powered on. Data is being transmitted or received by the Printer port.
paper jam.
The Internet (WAN) port is operating at 100 Mbps. The Internet (WAN) port is operating at 10 Mbps.
The Internet port has detected a link with an attached device. Data is being transmitted or received by the Internet port.
The Local port is operating at 100 Mbps. The Local port is operating at 10 Mbps.
The Local port has detected a link with an attached device. The Local port is transmitting or receiving data.
The Wireless (WLAN) port is operating. The Wireless (WLAN) port is transmitting or receiving data.

The FWG114P v2 Rear Panel

The rear panel of the FWG114P v2 Wireless Firewall/Print Server contains the port connections listed below.
2-8 Introduction
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
LOCA L
MODEM
USB
10/100M
4321
INTERNET
12VDC, 1.0A
Figure 1-2: FWG114P v2 Rear Panel
Viewed from left to right, the rear panel contains the following features:
Wireless antenna.
DB-9 serial port for modem connection.
USB 2.0 Printer Port.
Factory Default Reset push button.
Four Ethernet LAN ports.
Internet Ethernet WAN port for connecting the router to a broadband modem.
AC power adapter outlet.
Introduction 2-9
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
2-10 Introduction
201-10301-02, May 2005
Chapter 3
Connecting the FWG114P v2 to the Internet
This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You will find out how to configure your ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 for Internet access using the Setup Wizard, or how to manually configure your Internet connection.

What You Will Need Before You Begin

You need to prepare these three things before you begin:
1. An active Internet service, such as those provided by a cable or DSL broadband account.
2. Locate the Internet Service Provider (ISP) configuration information for your broadband
account.
3. Connect the router to a broadband modem and a computer as explained below.

Cabling and Computer Hardware Requirements

To use the FWG114P v2 Wireless Firewall/Print Server on your network, each computer must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable, such as the one provided with your router.

Computer Network Configuration Requirements

The FWG114P v2 includes a built-in Web Configuration Manager. To access the configuration menus on the FWG114P v2, you must use a Java-enabled Web browser program that supports HTTP uploads, such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer or Netscape Navigator versions 4.0 or above. Free browser programs are readily available for Windows, Macintosh, or UNIX/Linux.
Connecting the FWG114P v2 to the Internet 3-1
201-10301-02, May 2005
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
For the initial connection to the Internet and configuration of your router, you will need to connect a computer to the router that is set to automatically get its TCP/IP configuration from the router via DHCP.
The cable or DSL modem broadband access device must provide a standard 10 Mbps (10BASE-T) Ethernet interface.

Internet Configuration Requirements

Depending on how your ISP set up your Internet account, you might need one or more of these configuration parameters to connect your router to the Internet:
Host and Domain Names.
ISP login name and password.
ISP Domain Name Server (DNS) Addresses.
Fixed IP address which is also known as static IP address.

Where Do I Get the Internet Configuration Parameters?

There are several ways you can gather the required Internet connection information:
Your ISP provides all the information needed to connect to the Internet. If you cannot locate this information, you can ask your ISP to provide it or you can try one of the options below.
If you have a computer already connected using the active Internet access account, you can gather the configuration information from that computer.
— For Windows 95/98/ME, open the Network control panel, select the TCP/IP entry for the
Ethernet adapter, and click Properties. Record all the settings for each tab page.
— For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP entry
for the Ethernet adapter, and click Properties. Record all the settings for each tab page.
— For Macintosh computers, open the TCP/IP or Network control panel. Record all the
settings for each section.
You may also refer to the FWG114P v2 Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs.
Once you locate your Internet configuration parameters, you may want to record them on the following form:
3-2 Connecting the FWG114P v2 to the Internet
201-10301-02, May 2005
Loading...
+ 266 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use