Netgear orporated FWAG114 Users Manual
Reference Manual for the Model FWAG114 Cable/ DSL Wireless ProSafe Firewall
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
SM-FWAG114NA-0
Version 1.0
March 2003
© 2002 by NETGEAR, Inc. All rights reserved.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device
may not cause harmful interference, and (2) this device must accept any interference received, including interference that
may cause undesired operation.
FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void
the user's authority to operate this equipment.
IMPORTANT NOTE:
FCC Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment
should be installed and operated with minimum distance 20cm between the radiator & your body.
If this device is going to be operated in 5.15 ~ 5.25GHz frequency range, then it is restricted in indoor environment only.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
EN 55 022 Declaration of ConformanceThis is to certify that the Model FWAG114 Cable/DSL Wireless ProSafe Firewall is
shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC,
Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
Trademarks
NETGEAR is a trademark of Netgear, Inc.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corpor at io n.
Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liabi l ity that may occur due to the use or applicat ion of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has b een tested and found to comply with the limit s for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protecti on against harmful interference in a
residential inst allation. This equipment generates, uses, a nd can radiate radio frequency energy and, if not installed and
used in accordance with the inst ructions, m ay caus e harmful inte rference to radio c ommunic ations. Ho wever, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving an t enna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help .
EN 55 022 Declaration of Conformance
This is to certify that the Model FWAG114 Cable/DSL Wireless ProSafe Firewall is shielded against the generation of
radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is
declared by the application of EN 55 022 Class B ( CISPR 22).
ii
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das Model FWAG114 Cable/DSL Wireless ProSafe Firewall gemäß der im
BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben
einiger Geräte (z.B . Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die
Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wur de davon unterrich tet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the Model FWAG114 Cable/DSL Wireless ProSafe Firewall has been suppressed
in accordance with the conditions set out in the BMPT-AmtsblVfg 243/199 1 and Vfg 46/1992. The oper ation of some
equipment (for example, test transm itt ers) i n accordance with the regulations may, however, be subject to certain
restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information eq uipment to be used in a residen tial area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference i n such residential areas.
When used near a radio or TV receiver, it may become the cause of radi o i nt erference.
Read instructions for correct handling.
Customer Support
Refer to the Support Information Card that shipped with your Model FWAG114 Cable/DSL Wireless ProSafe Firewall .
World Wide Web
NETGEAR maintains a World Wide Web home page that you can access at the universal resource locat or (URL)
http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer
or Netscape are required.
iii
iv
Contents
About This Manual
Audience ....................................................................................................................... .xi
Typographical Conventions .......................................................................................... .xi
Special Message Formats ............................................................................................ xii
Chapter 1 Introduction
Key Features of the Firewall ...........................................................................................1-1
802.11g and 802.11b Wireless Networking ..............................................................1-2
A Powerful, True Firewall with Content Filtering ......................................................1-2
Security ....................................................................................................................1-3
Autosensing Ethernet Connections with Auto Uplink™ ...........................................1-3
Extensive Protocol Support ......................................................................................1-4
Easy Installation and Management ..........................................................................1-4
Maintenance and Support ........................................................................................1-5
Package Contents ..........................................................................................................1-5
The Firewall’s Front Panel .......................................................................................1-6
The Firewall’s Rear Panel ........................................................................................1-6
Chapter 2 Connecting the Firewall to the Internet
What You Will Need Before You Begin ...........................................................................2-1
Cabling and Computer Hardware Requirements .....................................................2-1
Computer Network Configuration Requirem ents ..... ....... ...... ...... .............................2-1
Internet Configuration Requirements .......................................................................2-2
Where Do I Get the Internet Configuration Parameters? .........................................2-2
Record Your Internet Connection Information ..........................................................2-3
Connecting the Model FWAG114 Cable/DSL Wireless ProSafe Firewall to Your LAN .2-4
PPPoE Wizard-Detected Option ..............................................................................2-8
Telstra Bigpond Cable Wizard-Detected Option .......................................................2-9
Dynamic IP Wizard-Detected Option .....................................................................2-10
Contents v
Fixed IP Account Wizard-Detected Option .. ....... ....................................................2-11
Manually Configuring Your Internet Connection ...........................................................2-12
Chapter 3 Wireless Configuration
Observe Performance, Placement, and Range Guidelines ............................................3-1
Implement Appropriate Wireless Security ......................................................................3-2
Understanding Wireless Settings ...................................................................................3-3
Common Wireless Settings ......................................................................................3-5
Understanding WEP Authentication and Encryption ................................................3-6
Authentication Scheme Selection ......................................................................3-6
Encryption Strength Choices .............................................................................3-6
Default Factory Settings ...........................................................................................3-7
Before You Change the SSID and WEP Settings ....................................................3-7
How to Set Up and Test Basic Wireless Connectivity ..............................................3-9
How to Restrict Wireless Access by MAC Address ...............................................3-10
How to Configure WEP ..........................................................................................3-12
Chapter 4 Firewall Protection and Content Filtering
Firewall Protection and Content Filtering Overview ........................................................4-1
Block Sites ......................... ...... ....... ...... ....... ...... ............................................. ................4-2
Using Rules to Block or Allow Specific Kinds of Traffic ..................................................4-3
Inbound Rules (Port Forwarding) .............................................................................4-5
Inbound Rule Example: A Local Public Web Server ..........................................4-6
Inbound Rule Example: Allowing Videoconference from Restricted Addresses 4-7
Considerations for Inbound Rules .....................................................................4-7
Outbound Rules (Service Blocking) .........................................................................4-8
Following is an application example of outbound rules: ....................................4-8
Outbound Rule Example: Blocking Instant Messenger .....................................4-8
Order of Precedence for Rules ................................................................................4-9
Default DMZ Server .................................................................................................4-9
Respond to Ping on Internet WAN Port .................................................................4-10
Services ...................... .............................................. ............................................. .......4-11
Using a Schedule to Block or Allow Specific Traffic ......................................................4-13
Time Zone ........................................................................................................4-14
Getting E-Mail Notifications of Event Logs and Alerts ..................................................4-15
vi Contents
Viewing Logs of Web Access or Attempted Web Access .............................................4-17
Examples of log messages ....................................................................................4-19
Activation and Administration ..........................................................................4-19
Dropped Packets .............................................................................................4-19
Syslog ....................................................................................................................4-20
Configuring E-Mail Alert and Web Access Log Notifications ........................................4-20
Chapter 5 Maintenance
Viewing Firewall Status Information ................................................................................5-1
Viewing a List of Attached Devices .................................................................................5-5
Upgrading the Router Software ......................................................................................5-5
Configuration File Management .....................................................................................5-6
Restoring and Backing Up the Configuration ...........................................................5-7
Erasing the Configuration .........................................................................................5-8
Changing the Administrator Password ...........................................................................5-8
Chapter 6 Advanced Configuration
Configuring for Port Forwarding to Local Servers ..........................................................6-1
Adding a Custom Service .........................................................................................6-2
Editing or Deleting a Port Forwarding Entry .............................................................6-3
Local Web and FTP Server Example .......................................................................6-3
Multiple Computers for Half Life, KALI or Quake III Example ..................................6-3
Configuring the WAN Setup Options ..............................................................................6-4
Setting Up a Default DMZ Server .............................................................................6-4
Respond to Ping on Internet WAN Port ...................................................................6-5
Setting the MTU Size ...............................................................................................6-5
Using the LAN IP Setup Options ....................................................................................6-6
Configuring LAN TCP/IP Setup Parameters ............................................................6-6
Using the Router as a DHCP server ........................................................................6-7
Using Address Reservation ......................................................................................6-8
Using a Dynamic DNS Service .......................................................................................6-9
Configuring Static Routes .............................................................................................6-10
Enabling Remote Management Access .......................................................................6-12
Using Universal Plug and Play (UPnP) ........................................................................6-14
Contents vii
Chapter 7 Troubleshooting
Basic Functioning ................................. ....... ...... ....... ...................................... ....... ...... ...7-1
Power LED Not On ...................................................................................................7-1
LEDs Never Turn Off ................................................................................................7-2
LAN or WAN Port LEDs Not On ...............................................................................7-2
Troubleshooting the Web Configuration Interface ..........................................................7-3
Troubleshooting the ISP Connection ..............................................................................7-4
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................7-5
Testing the LAN Path to Your Router .......................................................................7-5
Testing the Path from Your PC to a Remote Device ................................................7-6
Restoring the Default Configuration and Password ........................................................7-7
Problems with Date and Time .........................................................................................7-7
Appendix A Technical Specifications
Appendix B Network, Routing, Firewall, and Basics
Related Publications ...................................................................................................... B-1
Basic Router Concepts ................... ...... ....... ...... ............................................. ............... B-1
What is a Router? ................................................................................................... B-2
Routing Information Protocol ................................................................................... B-2
IP Addresses and the Internet ....................................................................................... B-2
Netmask ............................ ................................................................. ..................... B-4
Subnet Addressing .................................................................................................. B-5
Private IP Addresses ............................................................................................... B-7
Single IP Address Operation Using NAT ....................................................................... B-8
MAC Addresses and Address Resolution Protocol ................................................. B-9
Related Documents ................................................................................................. B-9
Domain Name Server ............................................................................................ B-10
IP Configuration by DHCP ........................................................................................... B-10
Internet Security and Firewalls .................................................................................... B-10
What is a Firewall? .................................................................................................B-11
Stateful Packet Inspection ...............................................................................B-11
Denial of Service Attack ..................................................................................B-11
Ethernet Cabling .......................................................................................................... B-12
viii Contents
Uplink Switches, Crossover Cables, and MDI/MDIX Switching ............................ B-12
Cable Quality ......................................................................................................... B-13
Appendix C Preparing Your Network
Preparing Y our Computers for TCP/IP Networking .......................................................C-1
Configuring Windows 95, 98, and Me for TCP/IP Networking .......................................C-2
Install or Verify Windows Networking Components ................................................. C-2
Enabling DHCP to Automatically Configure TCP/IP Settings
C-4
Selecting Windows’ Internet Access Method ..................................... ...... ....... ...... .. C-6
Verifying TCP/IP Properties ....................................................................................C-6
Configuring Windows NT4, 2000 or XP for IP Networking ............................................ C-7
Install or Verify Windows Networking Components ................................................. C-7
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 ............................... C-8
DHCP Configuration of TCP/IP in Windows XP ..................................................... C-8
DHCP Configuration of TCP/IP in Windows 2000 ................................................C-10
DHCP Configuration of TCP/IP in Windows NT4 .................................................. C-13
Verifying TCP/IP Properties for Windows XP, 2000, and NT4 .............................. C-15
Configuring the Macintosh for TCP/IP Networking ......................................................C-16
MacOS 8.6 or 9.x .............. ....... ...... ....... ...... ....... ...... ....... ...... ...... ....... ...... ....... ...... C-16
MacOS X .. ...... ...... ....... ...... ....... ...... ............................................. ....... ...................C -16
Verifying TCP/IP Properties for Macintosh Computers ......................................... C-17
Verifying the Readiness of Your Internet Account .......................................................C-18
Are Login Protocols Used? ...................................................................................C-18
What Is Your Configuration Information? .............................................................. C-18
Obtaining ISP Configuration Information for Windows Computers ....................... C-19
Obtaining ISP Configuration Information for Macintosh Computers ..................... C-20
Restarting the Network ................................................................................................C-21
Appendix D Wireless Networking Basics
Wireless Networking Overview ...................................................................................... D-1
Infrastructure Mode ..................................... ....... ...... ....... ...... ...... ....... ...... ....... ...... .. D-2
Ad Hoc Mode (Peer-to-Peer Workgroup) ................................................................D-2
Network Name: Extended Service Set Identification (ESSID) ................................D-2
Authentication and WEP Data Encryption .....................................................................D-3
802.11 Authentication .............................................................................................. D-3
Contents ix
Open System Authentication .... ...... ....... ...... ....... ...... ...............................................D-4
Shared Key Authentication ......................................................................................D-4
Overview of WEP Parameters .............. ...................................... ....... ...... ....... ...... .. D-5
Key Size .................................................................................................................. D-6
WEP Configuration Options .................................................................................... D-7
Wireless Channels ......................................................................................................... D-7
802/11b/g Wireless Channels .................................................................................D-8
802/11a Legal Power Output and Wireless Channels ............................................. D-9
Glossary
Index
x Contents
About This Manual
Congratulations on your purchase of the NETGEAR® Model FWAG114 Cable/DSL Wireless
ProSafe Fi rewall .
The FWAG114 wireless firewall provides connection for multiple personal computers (PCs) to the
Internet throu gh an exte rnal broa dband acce ss devic e (such a s a cable modem or DSL modem) that
is normally intended for use by a single PC.
Audience
This reference manual assumes that the reader has basic to intermediate computer and Internet
skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial
information is provided in the Appendices and on the Netgear website.
Typographical Conventions
This guide uses the following typographical conventions:
italics Media titles, UNIX files, commands, URLs, and directory names.
bold times roman User input
Internet Protocol
courier font Screen text, user-typed command-line entries.
[Enter] Named keys in text are shown enclosed in square brackets. The notation
[Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text
MALL CAPS DOS file and directory names.
S
About This Manual xi
(IP)First time an abbreviated term is used.
[Enter] is used for the Enter key and the Return key.
linked with a plus (+) sign.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
Special Message Forma ts
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
xii About This Manual
Chapter 1
Introduction
This chapter describes the features of the NETGEAR Model FWAG114 Cable/DSL Wireless
ProSafe Fi rewall .
Key Features of the Firewall
The Model FWAG114 Cable/DSL Wireless ProSafe Firewall with 4-port switch connects your
local area network
or DSL modem.
The FWAG114 is a complete security solution tha t protects your network from attacks and
intrusions. Unlike simple Internet sharing routers that rely on NAT for security, the FWAG114 uses
Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection.
The FWAG114 allows Internet access for up to 253 users. The FWAG114 wireless firewall
provides you with multiple Web content filtering options, plus browsing activity reporting and
instant alerts -- both via e-mail. Parents and network administrators can establish restricted access
policies based on time-of-day, Website addresses and address keywords, and share high-speed
cable/DSL Internet access for up to 253 personal computers. In addition to the Network Address
Translation (NAT) feature, the built-in firewall protects you from hackers.
(LAN) to the Internet t hrough an extern al a ccess de vice su ch as a cabl e modem
With minimum setup, you can install and use the router within minutes.
The FWAG114 wireless firewall provides the following features:
• 802.11 g and 802.11b Standards-based wireless networking.
• Easy, web-based setup for installation and management.
• Content Filtering and Site Blocking Security.
• Built in 4-port 10/100 Mbps Switch.
Introduction 1-1
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
• Ethernet connection to a wide area network (WAN) device, such as a cable modem or DSL
modem.
• Extensive Protocol Support.
• Login capability.
• Front panel LEDs for easy monitoring of status and activity.
• Flash memory for firmware upgrade.
802.11g and 802.11b Wireless Networking
The FWAG114 wireless firewall includes an 802.11b-compliant wireless access point, providing
continuous, high-speed 11 Mbps access between your wireless and Ethernet devices. The access
point provides:
• 802.11b Standards-based wireless networking at up to 11 Mbps.
• 802.11g wireless networking at up to 54 Mbps, which will conform to the 802.11g standard
when ratified.
• 64-bit and 128-bit WEP encryption security.
• WEP keys can be generated manually or by passphrase.
• Wireless access can be restricted by MAC address.
• Wirele ss n et work n ame br oadcast can be turned of f so that only devices that ha ve the network
name (SSID) can connect.
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT routers, the FWAG114 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
• Denial of Service
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs sec urity incidents.
1-2 Introduction
(DoS) protection.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
The FWAG114 will log security events such as blocked incoming traffic, port scans, attacks,
and administrator logins. You can configure the router to email the log to you at specified
intervals. You can also configure the router to send immediate alert messages to your email
address or email pager whenever a significant event occurs.
• With its content filtering feature, the FWAG114 prevents objectionable content from reaching
your PCs. The router allows you to control access to Internet content by screening for
keywords within Web addresses. You can configure the router to log and report attempts to
access objectionable Internet sites .
Security
The FW AG114 wireless firewall is equipped with several features designed to maintain security, as
described in this section.
• PCs Hidden by NAT
NAT opens a temporary path to the Interne t for requests originating from the local network .
Requests originating from outside the LAN are discarded, preventing users outside the LAN
from finding and directly accessing the PCs on the LAN.
• Port Forwarding with NAT
Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the
router allows you to direct incoming traffic to specific PCs based on the service port number
of the incoming request, or to one designated “DMZ” host computer. You can specify
forwarding of single ports or ranges of ports.
Autosensing Ethernet Connections with Auto Uplink™
With its internal 8-port 10/100 switch, the FWAG114 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are
autosensing and capable of full-duplex or half-duplex operation.
TM
The router incorporates Auto Uplink
whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as to a
PC or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to the
correct configuration. This feature also eliminates the need to worry about crossover cables, as
Auto Uplink will accommodate either type of cable to make the right connection.
Introduction 1-3
technology. Each Ethernet port will automatically sense
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
Extensive Protocol Support
The FWAG114 wireless firewall supports the Transmission Control Protocol/Internet Protocol
(TCP/IP) and Routing Information Protocol
Appendix B, “Network, Routing, Firewall, and Basics.”
• IP Address Sharing by NAT
The FWAG114 wireless firewall allows several networked PCs to share an Internet accoun t
using only a single IP address, which may be statically or dynamically assigned by your
Internet service provider
inexpensive single-user ISP account.
• Automatic Configuration of Attached PCs by DHCP
The FWAG114 wireless firewall dynamically assigns network configuration information,
including IP, gateway, and domain name server
using the Dynamic Host Configuration Protocol
configuration of PCs on your local network.
• DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the router provides its own
address as a DNS server to the attached PCs. The router obtains actual DNS addresses from
the ISP during connection setup and forwards DNS requests from the LAN.
(ISP). This technique, known as NAT, allows the use of an
(RIP). For further information about TCP/IP, refer to
(DNS) addresses, to attached PCs on the LAN
(DHCP). This feature gr eatly simpli fies
• PPP over Ethernet
PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by
simulating a dial-up connection. This feature eliminates the need to run a login program such
as Entersys or WinPOET on your PC.
(PPPoE)
Easy Installation and Management
You can install, configure, and operate the Model FWAG114 Cable/DSL Wireless ProSafe
Firewall within minutes after connecting it to the network. The following features sim plify
installation and management tasks:
• Browser-based management
Browser-based configuration allows you to easily configure your router from almost any type
of personal computer, such as Windows, Macintosh, or Linux. A user -fr iendly Setu p W izard is
provided and online help documentation is built into the browser-based Web Management
Interface.
• Smart Wizard
The FWAG114 wireless firewall automatically senses the type of Internet connection, asking
you only for the information required for your type of ISP account.
1-4 Introduction
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
• Diagnostic functions
The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote
reboot.
• Remote management
The firewall allows you to login to the Web Management Interface from a remote location on
the Internet. For security, you can limit remote management access to a specif ied remote IP
address or range of addresses, and you can choose a nonstandard port number.
• Visual monitoring
The FWAG114 wireless firewall’s front panel LED s provide an easy way to monitor its stat us
and activity.
Maintenance and Support
NETGEAR offers the followi ng feature s to help you maxi mize your use of the FWAG11 4 wireless
firewall:
• Flash memory for firmware upgrade
• Free technical support seven days a week, twenty-four hours a day
Package Contents
The product package should contain the following items:
• Model FWAG114 Cable/DSL Wireless ProSafe Firewall .
• AC power adapter.
• Category 5 (CAT5) Ethernet cable.
• Model FWAG114 Resource CD, including:
— This guide.
— Application Notes and other helpful information.
• FWAG114 Cable/DSL Wireless ProSafe Firewall Installation Guide.
• Registration and Warranty Card.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the router for repair.
Introduction 1-5
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
The Firewall’s Front Panel
The front panel of the FWAG114 wireless firewall contains the status LEDs described below.
need product front panel photo
Figure 1-1: FWAG114 Front Panel
You can use some of the LEDs to verify connections. Viewed from left to right, Table 1-1
describes the LEDs on the front panel of the router. These LEDs are green when lit.
Table 1-1. LED Descriptions
Label Activity Description
POWER On Power is supplied to the firewall.
TEST On
Off
INTERNET
100 (100 Mbps) On
Off
LINK/ACT
(Link/Activity)
LOCAL
100 (100 Mbps) On
LINK/ACT
(Link/Activity)
WLAN On The Wireless (WLAN) port is operating.
On
Blinking
Off
On
Blinking
The system is initializing.
The system is ready and running.
The Internet (WAN) port is operating at 100 Mbps.
The Internet (WAN) port is operating at 10 Mbps.
The Internet port has detected a link with an attached device.
Data is being transmitted or received by the Internet port.
The Local port is operating at 100 Mbps.
The Local port is operating at 10 Mbps.
The Local port has detected a link with an attached device.
Data is being transmitted or received by the Local port.
The Firewall’s Rear Panel
The rear panel of the FWAG114 wireless firewall contains the port connections listed below.
1-6 Introduction
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
need product back panel photo
Figure 1-2: FWAG114 Rear Panel
Viewed from left to rig ht, the rear pa nel contains the following features:
• AC power adapter outlet
• Four Local (LAN) Ethernet ports for connecting the router to the local PCs
• Internet (WAN) Ethernet port for connecting the router to a cable or DSL modem
• Factory Default Reset push button
• Wireless antenna
Introduction 1-7
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
1-8 Introduction
Chapter 2
Connecting the Firewall to the Internet
This chapter describes how to set up the router on your local area network (LAN) and connect to
the Internet. You find out how to configure your Model FWAG114 Cable/DSL Wireless ProSafe
Firewall for Internet acc ess using the Setup Wizard, or how to manually configure your Internet
connection.
What You Will Need Before You Begin
You need to prepare these three things before you begin:
1. Have active Internet service such as that provided by an cable or DSL broadband account.
2. Locate the Internet Service Provider (ISP) configuration information for your DSL account.
3. Connect the router to a cable or DSL modem and a computer as explained below.
Cabling and Computer Hardware Requirements
To use the FWAG114 wireless firewall on your network, each computer must have an installed
Ethernet Network In terface Card (NIC) a nd an Ether net cable . If the c omputer wil l connect to your
network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided wit h your
router.
Computer Network Configuration Requirements
The FWAG114 includes a built-in Web Configuration Manager . T o acces s the configura tion menus
on the FWAG114, your must use a Java-enabled web browser program which supports HTTP
uploads such as Microsoft Internet Explorer or Netscape Navigator. NETGEAR recommends
using Internet Explorer or Netscape Navigator 4.0 or above. Free browser programs are readily
available for Windows, Macintosh, or UNIX/Linux.
Connecting the Firewall to the Internet 2-1
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
For the initial c onnect ion to t he Int ernet and confi gurat ion of your router , you wil l need t o connec t
a computer to the router which is set to aut omat ic all y get it s TCP/I P conf iguration from the router
via DHCP.
Note: For help with DHCP configuration, please refer to Appendix C, “Preparing Your Network”.
The cable or DSL modem broadb and access device mu st provid e a standard 10 Mbps (10BASE-T )
Ethernet interface.
Internet Configuration Requirements
Depending on how your ISP set up your Internet account, you will need one or more of these
configuration parameters to connect your router to the Internet:
• Host and Domain Names
• ISP Login Name and Password
• ISP Domain Name Server (DNS) Addresses
• Fixed IP Address which is also known as Static IP Address
Where Do I Get the Internet Configuration Parameters?
There are several ways you can gather the required Internet connection information.
• Your ISP provides all the information needed to connect to the Internet. If you cannot locate
this information, you can ask your ISP to provide it or you can try one of the options below.
• If you have a computer already connected using the active Internet access account, you can
gather the configuration information from that computer.
— For Windows 95/98/ME, open the Network control panel, select the TCP/IP entry for the
Ethernet adapter, and click Properties. Record all the settings for each tab page.
— For W i ndows 2000/XP, open the Local Area Net work Connecti on, select the TCP/IP entry
for the Ethernet adapter, and click Properties. Record all the settings for each tab page.
— For Macintosh computers, open the TCP/IP or Network control panel. Record all the
settings for each section.
• You may also refer to the FWAG11 4 Resource CD for the NETGEAR Rout er ISP Guide which
provides Internet connection information for many ISPs.
Once you locate your Internet configu ration par ameters , you may want to rec ord them on the page
below.
2-2 Connecting the Firewall to the Internet
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
Record Your Internet Connection Information
Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP).
ISP Login Name: The login name an d pas swor d ar e ca se s ens itive and must be entered exact ly as
given by your ISP. For AOL customers, the login name is their primary screen name. Some ISPs
use your full e-mail address as the login name. The Service Name is not required by all ISPs. If
you connect using a login name and password, then fill in the following:
Login Name: ______________________________
Service Name: _____________________________
Fixed or Static IP Address: If you have a static IP address, record the following information. For
example, 169.254.141.148 could be a valid IP address.
Fixed or Static Internet IP Address: ______
Gateway IP Address: ______ . ______ . ______ . ______
Subnet Mask: ______ . ______ . ______ . ______
ISP DNS Se rver Addres ses: If you were given DNS server addresses, fill in the following:
Primary DNS Server IP Address: ______
Secondary DNS Server IP Address: ______ . ______ . ______ . ______
Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or
home. If you haven’t been given host or domain names, you can use the following examples as a
guide:
• If your main e-mail account with your ISP is aaa@yyy.com, then use aaa as your host name.
Your ISP might call this your account, user, host, computer, or system name.
• If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.
ISP Host Name: _________________________
. ______ . ______ . ______
. ______ . ______ . ______
Password: ____________________________
ISP Domain Name: _______________________
For Wireless Acce ss: For configuration of the wireless network, record the following:
Wireless Network Name (SSID): __________________
Encryption (circle one): WEP 64, or WEP 128
WEP passphrase or key: ____________________
Connecting the Firewall to the Internet 2-3
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
Connecting the Model FWAG114 Cable/DSL Wireless ProSafe Firewall to Your LAN
This section provides inst ructi ons for connec ting t he FWAG114 wi reles s fir ewall. Also, th e Model
FWAG114 Resource CD included with your router contains an animated Installation Assistant to
help you through this procedure.
Procedure: Connecting the Firewall
There are three steps to connecting your router:
1. Connect the router to your network
2. Log in to the router
3. Connect to the Internet
Follow the steps below to c onnect your router to your net work. You can also refer to the Resource
CD included with your router which contains an animated Installation Assistant to help you
through this procedure.
1. Connect the firewall to your network.
a. Turn off your computer and Cable or DSL Modem.
b. Disconnect the Ethernet cable (A) from your computer which connects to your cable or
DSL modem.
A
Cable or DSL modem
Figure 2-1: Disconnect the cable or DSL Modem
2-4 Connecting the Firewall to the Internet
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
c.
Connect the Etherne t cabl e fr om your cable or DSL modem to the In ternet port (A) on th e
FWAG114.
Cable
or DSL modem
A
need product back panel photo
Figure 2-2: Connect the cable or DSL Modem to the router
d.
Connect the Ether net ca ble whi ch ca me with the r outer from a Loc al por t on the r outer (B)
to your computer.
Cable or
DSL modem
B
need product back panel photo
Figure 2-3: Connect the computers on your network to the router
Note: The FWAG114 wireless firewall incorporates Auto UplinkTM technology. Each
LOCAL Ethernet port will automatically sense if the cable should have a normal
connection or an uplink connection. This feature eliminates the need to worry about
crossover cables because Auto Uplink will make the right connection either type of cable.
e. Now, turn on your computer. If software usually logs you in to your Internet connection,
do not run that software or cancel it if it starts automatically.
Connecting the Firewall to the Internet 2-5
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
f.
Verify the following:
• When your turn the router on, the power light goes on.
• The router’s local lights are lit for any computers that are connected to it.
• The router’s Internet light is lit, indicating a link has been established to the cable or
DSL modem.
Note: For wireless placement and range guidelines, and wireless configuration
instructions, please see Chapter 3, “Wireless Configuration.”
2. Log in to the firewall.
Note: To connect to the router, your computer needs to be configured to obtain an IP address
automatically via DHCP. If you need instructions on how to do this, please refer to
Appendix C, “Preparing Your Network”.
a. Connect to the router by typing http://192.168.0.1 in the address filed of Internet Explorer
or Netscape® Navigator.
Figure 2-4: Log in to the router
b.
For security reasons, the router has its own user name and password. When prompted,
enter admin for the r outer use r name and password for the router password , both in lowe r
case letters.The router user name and password are not the same as any user name or
password you may use to log in to your Internet connection.
A login window shown below opens:
Figure 2-5: Login window
2-6 Connecting the Firewall to the Internet
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
3. Connect to the Internet
Figure 2-6: Setup Wizard
You are now connected to the router. If you do not see the menu above, click the Setup
a.
Wizard link on the upper left of the main menu.
b. Click Next and follow the steps in the Setup Wizard for inputting the configuration
parameters from your ISP to connect to the Internet.
Note: If you choose not to use the Setup Wizard, you can manually configure your
Internet connection settings by following the procedure “Manually Configuring Your
Internet Connection” on page 2-12.
Unless your ISP automatically assigns your configuration automatically via DHCP, you
will need the configuration parameters from your ISP as you recorded them previously in
“Record Your Internet Connection Information” on page 2-3.
c. When the router successfully detects an active Internet service, the router’s Internet LED
goes on. The Setup Wizard reports which connection type it discovered, and displays the
appropriate configuration menu. If the Setup Wizard finds no connection, you will be
prompted to check the physic al co nnec tion bet ween your ro uter and t he cab le or DSL li ne.
d. The Setup Wizard will report the type of connection it finds. The options are:
• Connections which require a login using protocols such as
PPPoE, PPTP, Telstra, or Bigpond broadband connections.
• Connections which use dynamic IP address assignment.
• Connections which use fixed IP address assignment.
The procedures for filling in the configuration menu for each type of connection follow
below.
Connecting the Firewall to the Internet 2-7
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
PPPoE Wizard-Detected Option
If the Setup Wizard discovers that your ISP uses PPPoE, you will see this menu:
Figure 2-7: Setup Wizard menu for PPPoE accounts
• Enter the Account Name, Domain Name, Logi n, and Passwor d as provide d by your ISP. These
fields are case sensitive. The router will try to discover the domain automatically if you leave
the Domain Name blank. Otherwise, you may need to enter it manually.
• To change the login timeout, enter a new value in minutes. This determines how long the
router keeps the Internet connection active after there is no Internet activity from the LAN.
Entering a timeout value of zero means never log out.
Note: You no longer need to run the ISP’s login program on your PC in order to access the
Internet. When you start an Internet application, your router will automatically log you in.
• If you know that your ISP does not automatically transmi t DNS addresses to the router during
login, select “Use these DNS servers” and enter the IP address of your ISP’s Primary DNS
Server. If a Secondary DNS Server address is available, enter it also.
Note: If you enter DNS addresses, restart your computers so that these settings take effect.
• Click Apply to save your settings.
• Click Test to verify that your Internet connection works. If the NETGEAR website does not
appear within one minute, refer to Chapter 7, “Troubleshooting.”
2-8 Connecting the Firewall to the Internet
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
Telstra Bigpond Cable Wizard-Detected Option
If the Setup Wizard discovers Telstra Bigpond Cable is your ISP, you will see this menu:
Figure 2-8: Setup Wizard menu for Telstra Bigpond Cable accounts
• Enter your Login, Password and Authentication Server. These fields are case sensitive.
Note: You will no longer need to launch the ISP’ s lo gin program on your PC in order to acce ss
the Internet. When you start an Internet application, your router will automatically log you in.
• The Domain Name Server (DNS) Address parameters may be necessary to access your ISP’s
services such as mail or news servers.
Note: If you enter DNS addresses, restart your computers so that these settings take effect.
• Firewall MAC Address:
This section determines the Ethernet MAC address that will be used by the router on the
Internet port. Some ISPs will register the Ethe rne t M AC add res s of the network interface car d
in your PC when your account is first opened. They will then only accept traffic from the
MAC address of that PC. This feature allows your router to masquerade as that PC.
Connecting the Firewall to the Internet 2-9
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall
T o change the MAC address, select “Use this Computer’s MAC address.” The router will then
capture and use the MAC address of the PC that you are now using. You must be using the one
PC that is allowed by the IS P. Or, select “Use this MAC address” and enter it.
• Click Apply to save your settings.
• Click Test to test your Internet connection. If the NETGEAR website does not appear within
one minute, refer to Chapter 7, “Troubleshooting.
Dynamic IP Wizard-Detected Option
If the Setup Wizard discovers that your ISP uses Dynamic IP assignment, you will see this menu:
Figure 2-9: Setup Wizard menu for Dynamic IP address accounts
• Enter your Account Name (may also be called Host Name) and Domain Name. These
parameters may be ne cessary to acc ess your ISP’s services such as mail or news se rvers. If you
leave the Domain Name field blank, the r outer tr y to discover the domain. Ot herwise, yo u may
need to enter it manually.
• If you know that your ISP does not automatically transmi t DNS addresses to the router during
login, select Use these DNS servers and enter the IP address of your ISP’s Primary DNS
Server. If a Secondary DNS Server address is available, enter it also.
Note: If you enter DNS addresses, restart your computers so that these settings take effect.
• Click Apply to save your settings.
• Click Test to test your Internet connection. If the NETGEAR website does not appear within
one minute, refer to Chapter 7, “Troubleshooting.”
2-10 Connecting the Firewall to the Internet
Loading...