Netgear orporated FWG114PV2 Users Manual
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
b. Click Pre-Shared Key.
In this example, enter this
pre-shared key in this field:
hr5xb84l6aa9r6
Figure 8-29: Connection Identity Pre-Shared Key
c. Enter hr5xb84l6aa9r6, which is the same Pre-Shared Key entered in the FWG114P.
d. Click OK.
4. Configure the Connection Identity Settings.
a. In the Network Security Policy list, click the Security Policy subheading.
Figure 8-30: Security Policy
b. For this example, ensure that the following settings are configured:
– In the Select Phase 1 Negotiation Mode menu, select Aggressive Mode.
– Select the Enable Perfect Forward Secrecy (PFS) check box.
– In the PFS Key Group drop-down list, Diffie-Hellman Group 2.
– Select the Enable Replay Detection check box.
Virtual Private Networking 8-41
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Configure the Connection Security Policy
5.
In this step, you will provide the authentication (IKE Phase 1) settings, and the key exchange
(Phase 2) settings. The setting choices in this procedure follow the VPNC guidelines.
Figure 8-31: Connection Security Policy Authentication (Phase 1)
a. Configure the Authentication (Phase 1) Settings.
• Expand the Security Policy heading, then expand the Authentication (Phase 1)
heading, and click on Proposal 1.
• For this example, ensure that the following settings are configured:
– In the Encrypt Alg menu, select Triple DES.
– In the Hash Alg, select SHA-1.
– In the SA Life, select Unspecified.
– In the Key Group menu, select Diffie-Hellman Group 2.
8-42 Virtual Private Networking
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Figure 8-32: Connection Security Policy Key Exchange (Phase 2)
b. Configure the Key Exchange (Phase 2).
• Expand the Key Exchange (Phase 2) heading, and click on Proposal 1.
• For this example, ensure that the following settings are configured:
– In the SA Life menu, select Unspecified.
– In the Compression menu, select None.
– Check the Encapsulation Protocol (ESP) check box.
– In the Encrypt Alg menu, select Triple DES.
– In the Hash Alg, select SHA-1.
– In the Encapsulation menu, select Tunnel.
Virtual Private Networking 8-43
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Configure the Global Policy Settings.
6.
a. From the Options menu at the top of the Security Policy Editor window, select Global
Policy Settings.
Figure 8-33: Security Policy Editor Global Policy Options
b. Increase the Retransmit Interval period to 45 seconds.
c. Select the Allow to Specify Internal Network Address check box and click OK.
7. Save the VPN Client Settings.
From the File menu at the top of the Security Policy Editor window, select Save.
After you have configured and saved the VPN client information, your PC will automatically
open the VPN connection when you attempt to access any IP addresses in the range of the
remote VPN router’s LAN.
Note: Whenever you make changes to a Security Policy, save them first, then deactivate
the security policy, rel oad the security policy, and finally activate the security policy.
This ensures that your new settings will take effect.
8-44 Virtual Private Networking
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Testing the VPN Connection
You can test the VPN connection in several ways:
• From the client PC to the FWG114P
• From the FWG114P to the client PC
These procedures are explained below.
Note: V irus protection or fir ewall software can interfere with VPN communications. Be
sure such software is not running on the remote PC with the Netgear ProSafe VPN
Client and that the firewall features of the FWG114P are not set in such a way as to
prevent VPN communications.
From the Client PC to the FWG114P
To check the VPN Connection, you can initiate a request from the remote PC to the FWG114P by
using the “Connect” option of the FWG114P Wireless Firewall/Print Server popup menu.
1. Open the popup menu by right-clicking on the system tray icon.
2. Select Connect to open the My Connections list.
3. Choose FWG114P.
The FWG114P Wireless Firewall/Print Server will report the results of the attempt to connect.
Once the connection is established, you can access resources of the network connected to the
FWG114P.
Another method is to ping from the remote PC to the LAN IP address of the FWG114P. To
perform a ping test using our example, start from the remote PC:
1. Establish an Internet connection from the PC.
2. On the Windows taskbar, click the Start button, and then click Run.
3. Type ping -t 192.168.0.1 and click OK.
This will cause a continuous ping to be sent to the first FWG114P. After a period of up to two
minutes, the ping response should change from “timed out” to “reply.”
Virtual Private Networking 8-45
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
T o test the connection to a computer connected to the FWG114P, simply ping the IP address of
that computer.
Once connected, you can open a browser on the remote PC and enter the LAN IP Address of the
FWG114P, which is http://192.168.0.1 in this example. After a short wait, you should see the login
screen of the FWG114P.
From the FWG114P to the Client PC
You can use the FWG114P Diagnostic utilities to test the VPN connection from the FWG114P to
the client PC. Run ping tests from the Diagnostics link of the FWG114P main menu.
Monitoring the PC VPN Connection
Information on the progress and status of the VPN client connection can be viewed by opening the
Netgear ProSafe VPN Client Connection Monitor or Log Viewer. To launch these functions, click
on the Windows Start button, then select Programs, then Netgear ProSafe VPN Client, then either
the Connection Monitor or Log Viewer.
The Log Viewer screen for a successful connection is similar to the one shown below:
Figure 8-34: Log Viewer screen
8-46 Virtual Private Networking
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
A sample Connection Monitor screen for a different connection is shown below:
Figure 8-35: Connection Monitor screen
In this example the following connection options apply:
• The FWG114P has a public IP WAN address of 66.120.188.153
• The FWG114P has a LAN IP address of 192.168.0.1
• The VPN client PC is behind a home NAT router and has a dynamically assigned address
of 192.168.0.3
While the connection is being established, the Connection Name field in this menu will say “SA”
before the name of the connection. When the connection is successful, the “SA” will change to the
yellow key symbol shown in the illustration above.
Viewing the FWG114P VPN Status and Log Information
Information on the status of the VPN client connection can be viewed by opening the FWG114P
VPN Status screen. To view this screen, click the VPN Status link on the FWG114P main menu.
Virtual Private Networking 8-47
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
The FWG114P VPN Status screen for a successful connection is shown below:
Figure 8-36: FWG114P VPN Statu s sc ree n
8-48 Virtual Private Networking
March 2004, 202-10027-01
Chapter 9
Maintenance
This chapter describes how to use the maintenance features of your ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P. These features are accessed via the Main Menu
Maintenance heading.
Viewing Wireless Firewall/Print Server Status Information
The Router Status menu provides status and usage information. From the main menu of the
browser interface, click on Maintenance, then select Router Status to view this screen.
Figure 9-1: Router Status screen
Maintenance 9-1
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
The Router Status screen shows the following parameters:
Table 9-1. Status Fields
Field Description
System Name The System Name assigned to the router.
Firmware Version The router firmware version.
Printer Status The printer status.
WAN Port These parameters apply to the Internet (WAN) port of the router.
MAC Address This field displays the MAC address being used by the Internet (WAN)
port of the router.
IP Address This field displays the IP address being used by the Internet (WAN) port
of the router. If no address is shown, the router cannot connect to the
Internet.
DHCP This field if the WAN port DHCP settings are dynamic or static.
IP Subnet Mask This field displays the IP Subnet Mask being used by the Internet (WAN)
port of the router.
Domain Name Server Identifies the IP address of the DNS server(s).
LAN Port
MAC Address The Media Access Control address being used by the LAN port of the
router.
IP Address The IP address being used by the Local (LAN) port of the router. The
default is 192.168.0.1.
DHCP Identifies if the router’s built-in DHCP server is active for the LAN
attached devices.
IP Subnet Mask The IP Subnet Mask being used by the Local (LAN) port of the router.
The default is 255.255.255.0.
Wireless Port
Name (SSID) This field displays the wireless network name (SSID) being used by the
wireless port of the router. The default is Wireless.
Region This field displays the MAC address being used by the wireless port of
the router.
Channel/Frequency Identifies the channel the wireless port is using. See “Wireless
Channels” on page E-7 for the frequencies used on each channel.
Mode Identifies if the channel the wireless port is set for 802.11b, 802.11g, or
both.
Wireless AP Identifies if the wireless access point is on or off.
9-2 Maintenance
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Table 9-1. Status Fields
Field Description
Broadcast Name Identifies if the Name (SSID) is being broadcast.
Serial Port
Status The status of the serial port. Click the Details button to view the Serial
Port Log, Port Status, Physical Link, PPP Link, PPP IP Address, Phone
Line Speed, and Serial Line Speed.
Modem The status of the modem port.
Dial-In The status of the Dial-In port.
Internet Access The status of the serial Internet connection.
Lan-to-LAN The status of the serial LAN-to-LAN connection.
Click “WAN Status” to display the WAN connection status.
Figure 9-2: Connection Status screen
This screen shows the following statistics:.
Table 9-1. Connection Status Fields
Field Description
Connection Time The length of time the router has been connected to your Internet service provider ’s
network.
Connection Method The method used to obtain an IP address from your Internet service provider.
IP Address The WAN (Internet) IP Address assigned to the router.
Maintenance 9-3
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Table 9-1. Connection Status Fields (continued)
Field Description
Network Mask The WAN (Internet) Subnet Mask assigned to the router.
Default Gateway The WAN (Internet) default gateway the router communicates with.
Log action buttons are described in Table 9-2.
Table 9-2. Connection Status action buttons
Field Description
Renew Click the Renew button to renew the DHCP lease.
Click “Show Statistics” to display router usage statistics.
Figure 9-3: Router Statistics screen
This screen shows the following statistics:
Table 9-1. Router Statistics Fields
Field Description
interface The statistics for the WAN (Internet), LAN (local), Wireless, and Serial interfaces. For
each interface, the screen displays:
Status The link status of the interface.
TxPkts The number of packets transmitted on this interface since reset or manual clear.
RxPkts The number of packets received on this interface since reset or manual clear.
9-4 Maintenance
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Table 9-1. Router Statistics Fields (continued)
Field Description
Collisions The number of collisions on this interface since reset or manual clear.
Tx B/s The current transmission (outbound) bandwidth used on the interfaces.
Rx B/s The current reception (inbound) bandwidth used on the interfaces.
Up Time The amount of time since the router was last restarted.
Serial Up Time The time elapsed since this port acquired the link.
Poll Interval Specifies the intervals at which the statistics are updated in this window. Click on Stop
to freeze the display.
WAN Status action buttons are described in Table 9-2.
Table 9-2. Connection Status action buttons
Field Description
Set Interval Enter a time and click the button to set the polling frequency.
Stop Click the Stop button to freeze the polling information.
Viewing a List of Attached Devices
The Attached Devices menu contains a table of all IP devices that the router has discovered on the
local network. From the Main Menu of the browser interface, under the Maintenance heading,
select Attached Devices to view the table shown below:
Figure 9-4: Attached Devices menu
Maintenance 9-5
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
For each device, the table shows the IP address, Device Name (if available), and Ethernet MAC
address. Note that if the router is rebooted, the table data is lost until the router rediscovers the
devices. To force the router to look for attached devices, click the Refresh button.
Upgrading the Router Software
The routing software of the FWG114P W ireless Firewall/Print Server is stored in FLASH memory ,
and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded
from Netgear's Web site. If the upgrade file is compressed (.ZIP file), you must first extract the
binary file before sending it to the router. The upgrade file can be sent to the router using your
browser.
Note: The Web browser used to upload new firmware into the FWG114P Wireless Firewall/Print
Server must support HTTP uploads. NETGEAR recommends using Microsoft Internet Explorer or
Netscape Navigator 3.0, or above.
From the Main Menu of the browser interface, under the Maintenance heading, select the Router
Upgrade heading.
To upload new firmware:
1. Download and unzip the new software file from NETGEAR.
2. In the Router Upgrade menu, click the Browse button and browse to the location of the binary
(.IMG) upgrade file.
3. Click Upload.
Note: When uploading software to the FWG114P, it is important not to interrupt the Web
browser by closing the window, clicking a link, or loading a new page. If the browser is
interrupted, it may corrupt the software. When the upload is complete, your router will
automatically restart. The upgrade process will typically take about one minute.
In some cases, you may need to reconfigure the router after upgrading.
Configuration File Management
The configuration settings of the FWG114P Wireless Firewall/Print Server are stored within the
router in a configuration file. This file can be saved (backed up) to a user’s computer, retrieved
(restored) from the user’s computer, or cleared to the factory default settings.
9-6 Maintenance
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
From the Main Menu of the browser interface, under the Maintenance heading, select the Settings
Backup heading to bring up the menu shown below.
Figure 9-5: Settings Backup menu
Three options are available, and are described in the following sections.
Restoring and Backing Up the Configuration
The Restore and Backup options in the Settings Backup menu allow you to save and retrieve a file
containing your router’s configuration settings.
To save your settings, click Backup. Your browser will extract the configuration file from the
router and will prompt you for a location on your computer to store the file. You can give the file a
meaningful name at this time, such as SBC.cfg.
To restore your settings from a saved configuration file, enter the full path to the file on your
computer or click the Browse button to locate the file. When you have located it, click the Restore
button to send the file to the router. The router will then reboot automatically.
Maintenance 9-7
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Erasing the Configuration
It is sometimes desirable to restore the router to a known blank condition. This can be done by
using the Erase function, which will restore all factory settings. After an erase, the router's
password will be password, the LAN IP address will be 192.168.0.1, and the router's DHCP client
will be enabled.
To erase the configuration, click the Erase button.
To restore the factory default configuration settings without knowing the login password or IP
address, you must use the Default Reset button on the rear panel of the router. See “Restoring the
Default Configuration and Password” on page 11-7.
Changing the Administrator Password
The default password for the router’s Web Configuration Manager is password. Netgear
recommends that you change this password to a more secure password.
From the main menu of the browser interface, under the Maintenance heading, select Set Password
to bring up this menu.
Figure 9-6: Set Password menu
T o change the password, first enter the old password, and then enter the new password twice. Click
Apply. To change the login idle timeout, change the number of minutes and click Apply.
9-8 Maintenance
March 2004, 202-10027-01
Chapter 10
Advanced Configuration
This chapter describes how to configure the advanced features of your ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P. These features can be found under the Advanced heading
in the Main Menu of the browser interface.
Using the WAN Setup Options
The first feature category under the Advanced heading is WAN Setup. This menu allows
configuration of a DMZ server, MTU size, port speed, and so on. From the Main Menu of the
browser interface, under Advanced, click on WAN IP Setup to view the WAN IP Setup menu,
shown below.
Figure 10-1: WAN Setup Menu
The WAN Setup options let you configure a DMZ server, change the MTU size, and set the W AN
port speed. These options are discussed below.
• Connect Automatically, as Required
Advanced Configuration 10-1
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Normally, this option is Enabled, so that an Internet connection will be made automatically
whenever Internet-bound traffic is detected. In locations where Internet access is billed by the
minute, if this causes high connection costs, you can disable this setting.
If disabled, you must connect manually, using the sub-screen accessed from the Router Status
menu “Show WAN Status” screen.
• Setting Up a Default DMZ Server
Note: DMZ servers pose a security risk. A computer designated as the default DMZ
server loses much of the protection of the firewall, and is exposed to attacks from the
Internet. If compromised, the DMZ server can be used to attack your network.
The use of the term ‘DMZ’ has become common, although it is a misnomer. In traditional
firewalls, a DMZ is actually a separate physical network port. A true DMZ port is for
connecting servers that require greater access from the outside, and will therefore be provided
with a different level of security by the firewall. A better term for our application is Exposed
Host.
The default DMZ server feature is helpful when using some online games and
videoconferencing applications that are incompatible with NAT. The router is programmed to
recognize some of these applications and to work properly with them, but there are other
applications that may not function well. In some cases, one local computer can run the
application properly if that computer’s IP address is entered as the default DMZ server.
Incoming traffic from the Internet is normally discarded by the router unless the traffic is a
response to one of your local computers or a service that you have configured in the Ports
menu. Instead of discarding this traffic, you can have it forwarded to one computer on your
network. This computer is called the Default DMZ Server.
The WAN Setup menu lets you configure a Defa ult DMZ Server.
To assign a computer or server to be a Default DMZ server, follow these steps:
1. Click WAN Setup link on the Advanced section of the main menu.
2. Type the IP address for that server. To remove the default DMZ server, replace the IP
address numbers with all zeros.
3. Click Apply.
• Respond to Ping on Internet WAN Port
If you want the router to respond to a 'ping' from the Internet, click the ‘Respond to Ping on
Internet WAN Port’ check box. This should only be used as a diagnostic tool, since it allows
your router to be discovered. Do not check this box unless you have a specific reason to do so.
10-2 Advanced Configuration
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
• Setting the MTU Size
The default MTU size is usually fine. The normal MTU (Maximum Transmit Unit) value for
most Ethernet networks is 1500 Bytes. For some ISPs, particularly those using PPPoE, you
may need to reduce the MTU. This should not be done unless you are sure it is necessary for
your ISP.
Any packets sent through the router that are larger than the configured MTU size will be
repackaged into smaller packets to meet the MTU requirement. To change the MTU size,
under MTU Size, enter a new size between 64 and 1500. Then, click Apply to save the new
configuration.
• Setting the WAN Port Speed
In most cases, your router can automatically determine (AutoSense) the connection speed of
the Internet (WAN) port. If you cannot establish an Internet connection and the Internet LED
blinks continuously, you may need to manually select the port speed.
If you know that the Ethernet port on your broadband modem supports 100BaseT, select
100M; otherwise, select 10M.
How to Configure Dynamic DNS
If your network has a permanently assigned IP address, you can register a domain name and have
that name linked with your IP address by public Domain Name Servers (DNS). However, if your
Internet account uses a dynamically assigned IP address, you will not know in advance what your
IP address will be, and the address can change frequently. In this case, you can use a commercial
dynamic DNS service, which will allow you to register your domain to their IP address, and will
forward traffic directed to your domain to your frequently-changing IP address.
The router contains a client that can connect to a dynamic DNS service provider. To use this
feature, you must select a service provider and obtain an account with them. After you have
configured your account information in the router, whenever your ISP-assigned IP address
changes, your router will automatically contact your dynamic DNS service provider, log in to your
account, and register your new IP address.
1. Log in to the router at its default LAN address of http://192.168.0.1, with its default user name
of
admin, default password of password, or using whatever password and LAN address you
have chosen for the router.
2. From the Main Menu of the browser interface, under Advanced, click on Dyna mic DNS.
Advanced Configuration 10-3
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
3. Access the website of one of the dynamic DNS service providers whose names appear in the
‘Select Service Provider’ box, and register for an account.
For example, for dyndns.org, go to www.dyndns.org.
4. Select the “Use a dynamic DNS service” check box.
5. Select the name of your dynamic DNS Service Provider.
6. Type the host name that your dynamic DNS service provider gave you.
The dynamic DNS service provider may call this the domain name. If your URL is
myName.dyndns.org, then your host name is “myName.”
7. Type the user name for your dynamic DNS account.
8. Type the password (or key) for your dynamic DNS account.
9. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may
select the Use wildcards check box to activate this feature.
For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same
IP address as yourhost.dyndns.org
10. Click Apply to save your configuration.
Note: If your ISP assigns a private WAN IP address, such as 192.168.x.x or 10.x.x.x,
the dynamic DNS service will not work because private addresses will not be routed on
the Internet.
10-4 Advanced Configuration
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Using the LAN IP Setup Options
The second feature category under the Advanced heading is LAN IP Setup. This menu allows
configuration of LAN IP services, such as DHCP and RIP. From the Main Menu of the browser
interface, under Advanced, click on LAN IP Setup to view the LAN IP Setup menu, shown below.
Figure 10-2: LAN IP Setup Menu
Configuring LAN TCP/IP Setup Parameters
The router is shipped preconfigured to use private IP addresses on the LAN side, and to act as a
DHCP server. The router’s default LAN IP configuration is:
• LAN IP addresses—192.168.0.1
• Subnet mask—255.255.255.0
Advanced Configuration 10-5
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
These addresses are part of the IETF-designated private address range for use in private networks,
and should be suitable in most applications. If your network has a requirement to use a different IP
addressing scheme, you can make those changes in this menu.
The LAN IP parameters are:
• IP Address
This is the LAN IP address of the router.
• IP Subnet Mask
This is the LAN Subnet Mask of the router. Combined with the IP address, the IP Subnet Mask
allows a device to know which other addresses are local to it, and which must be reached
through a gateway or router.
• RIP Direction
RIP (Router Information Protocol) allows a router to exchange routing information with other
routers. The RIP Direction selection controls how the router sends and receives RIP packets.
Both is the default.
— When set to Both or Out Only, the router will broadcast its routing table periodically.
— When set to Both or In Only, it will incorporate the RIP information that it receives.
— When set to None, it will not send any RIP packets and will ignore any RIP packets
received.
• RIP Version
This controls the format and the broadcasting method of the RIP packets that the router sends.
(It recognizes both formats when receiving.) By default, this is set for RIP-1.
— RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you
have an unusual network setup.
— RIP-2 carries more information. RIP-2B uses subnet broadcasting.
Note: If you change the LAN IP address of the router while connected through the
browser, you will be disconnected. You must then open a new connection to the new IP
address and log in again.
10-6 Advanced Configuration
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Using the Router as a DHCP server
By default, the router will function as a DHCP (Dynamic Host Configuration Protocol) server,
allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to
the router's LAN. The assigned default gateway address is the LAN address of the router. IP
addresses will be assigned to the attached PCs from a pool of addresses specified in this menu.
Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN.
For most applications, the default DHCP and TCP/IP settings of the router are satisfactory. See “IP
Configuration by DHCP” on page B-10 for an explanation of DHCP and information about how to
assign IP addresses for your network.
If another device on your network will be the DHCP server, or if you will manually configure the
network settings of all of your computers, clear the ‘Use router as DHCP server’ check box.
Otherwise, leave it checked.
Specify the pool of IP addresses to be assigned by setting the Starting IP Address and Ending IP
Address. These addresses should be part of the same IP address subnet as the router’s LAN IP
address. Using the default addressing scheme, you should define a range between 192.168.0.2 and
192.168.0.253, although you may wish to save part of the range for device s with fixed addresses.
The router will deliver the following parameters to any LAN device that requests DHCP:
• An IP Address from the range you have defined.
• Subnet Mask.
• Gateway IP Address (the router’s LAN IP address).
• Primary DNS Server (if you entered a Primary DNS address in the Basic Settings menu;
otherwise, the router’s LAN IP address).
• Secondary DNS Server (if you entered a Secondary DNS address in the Basic Settings menu).
Using Address Reservation
When you specify a reserved IP address for a computer on the LAN, that computer will always
receive the same IP address each time it access the router’s DHCP server. Reserved IP addresses
should be assigned to servers that require permanent IP settings.
To reserve an IP address:
1. Click the Add button.
Advanced Configuration 10-7
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
2. In the IP Address box, type the IP address to assign to the computer or server.
(choose an IP address from the router’s LAN subnet, such as 192.168.0.X)
3. Type the MAC Address of the computer or server.
(Tip: If the computer is already present on your network, you can cop y its MAC address from
the Attached Devices menu and paste it here.)
4. Click Apply to enter the reserved address into the table.
Note: The reserved address will not be assigned until the next time the computer contacts the
router's DHCP server. Reboot the computer or access its IP configuration and force a DHCP
release and renew.
To edit or delete a reserved address entry:
1. Click the button next to the reserved address you want to edit or delete.
2. Click Edit or Delete.
Configuring Static Routes
Static Routes provide additional routing information to your router. Under normal circumstances,
the router has adequate routing information after it has been configured for Internet access, and
you do not need to configure additional static routes. You must configure static routes only for
unusual cases, such as multiple routers or multiple IP subnets located on your network.
From the Main Menu of the browser interface, under Advanced, click on Static Routes to view the
Static Route menu.
To add or edit a Static Route:
1. Click the Add button to open the Static Routes menu.
10-8 Advanced Configuration
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Figure 10-3. Static Route Entry and Edit Menu
2. Type a route name for this static route in the Route Name box.
(This is for identification purpose only.)
3. Select Active to make this route effective.
4. Select Private if you want to limit access to the LAN only. The static route will not be reported
in RIP.
5. Type the Destination IP Address of the final destination.
6. Type the IP Subnet Mask for this destination.
If the destination is a single host, type 255.255.255.254.
7. T ype the Gateway IP Address, which must be a router on the same LAN segment as the router.
8. Type a number between 1 and 15 as the Metric value.
This represents the number of routers between your network and the destination. Usually, a
setting of 2 or 3 works, but if this is a direct connection, set it to 1.
9. Click Apply to have the static route entered into the table.
As an example of when a static route is needed, consider the following case:
• Your primary Internet access is through a cable modem to an ISP.
• You have an ISDN router on your home network for connecting to the company where
you are employed. This router’s address on your LAN is 192.168.0.100.
Advanced Configuration 10-9
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
• Your company’s network is 134.177.0.0.
When you first configured your router, two implicit static routes were created. A default route was
created with your ISP as the gateway, and a second static route was created to your local network
for all 192.168.0.x addresses. With this configuration, if you attempt to access a device on the
134.177.0.0 network, your router will forward your request to the ISP. The ISP forwards your
request to the company where you are employed, and the request will likely be denied by the
company’s firewall.
In this case you must define a static route, telling your router that 134.177.0.0 should be accessed
through the ISDN router at 192.168.0.100. The static route would look like Figure 10-3.
In this example:
• The Destination IP Address and IP Subnet Mask fields specify that this static route applies to
all 134.177.x.x addresses.
• The Gateway IP Address fields specifies that all traffic for these addresses should be
forwarded to the ISDN router at 192.168.0.100.
• A Metric value of 1 will work since the ISDN router is on the LAN.
• Private is selected only as a precautionary security measure in case RIP is activated.
Enabling Remote Management Access
Using the Remote Management page, you can allow a user or users on the Internet to configure,
upgrade and check the status of your FWG114P Wireless Firewall/Print Server.
Note: Be sure to change the router's default configuration password to a very secure
password. The ideal password should contain no dictionary words from any language,
and should be a mixture of letters (both upper and lower case), numbers, and symbols.
Your password can be up to 30 characters.
To configure your router for Remote Management:
1. Select the Turn Remote Management On check box.
2. Specify what external addresses will be allowed to access the router’s remote management.
Note: For enhanced security, restrict access to as few external IP addresses as practical.
a. To allow access from any IP address on the Internet, select Everyone.
10-10 Advanced Configuration
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
b. To allow access from a range of IP addresses on the Internet, select IP address range.
Enter a beginning and ending IP address to define the allowed range.
c. To allow access from a single IP address on the Internet, select Only this computer.
Enter the IP address that will be allowed access.
3. Specify the Port Number that will be used for accessing the management interface.
Web browser acces s normally uses the standard HTTP service port 80. For greater security,
you can change the remote management Web interface to a custom port by entering that
number in the box provided. Choose a number between 1024 and 65535, but do not use the
number of any common service port. The default is 8080, which is a common alternate for
HTTP.
4. Click Apply to have your changes take effect.
Note: When accessing your router from the Internet, you will type your router's WAN IP address
into your browser's Address (in IE) or Location (in Netscape) bo x, follo wed by a colo n (:) an d the
custom port number. For example, if your external address is 134.177.0.123 and you use port
number 8080, you must enter in your browser: http://134.177.0.123:8080
Using Universal Plug and Play (UPnP)
Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access
the network and connect to other devices as needed. UPnP devices can automatically discover the
services from other registered UPnP devices on the network.
Figure 10-4. UPnP Menu
Advanced Configuration 10-11
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Turn UPnP On: UPnP can be enabled or disabled for automatic device configuration. The default
setting for UPnP is enabled. If disabled, the router will not allow any device to automatically
control the resources, such as port forwarding (mapping), of the router.
Advertisement Period: The Advertisement Period is how often the router will broadcast its UPnP
information. This value can range from 1 to 1440 minutes. The default period is 30 minutes.
Shorter durations will ensure that control points have current device status at the expense of
additional network traffic. Longer durations may compromise the freshness of the device status but
can significantly reduce network traffic.
Advertisement Time To Live: The time to live for the advertisement is measured in hops (steps)
for each UPnP packet sent. The time to live hop count is the number of steps a broadcast packet is
allowed to propagate for each UPnP advertisement before it disappears. The number of hops can
range from 1 to 255. The default value for the advertisement time to live is 4 hops, which should
be fine for most home networks. If you notice that some devices are not being updated or reached
correctly, then it may be necessary to increase this value a little.
UPnP Portmap T able: The UPnP Portmap Table displays the IP address of each UPnP device that
is currently accessing the router and which ports (Internal and External) that device has opened.
The UPnP Portmap T able also displays what type of port is opened and if that port is still active for
each IP address.
Advanced Wireless Settings
Note: Incorrectly changing these settings can prevent the wireless functions from working.
• RTS Threshold
Request to Send Threshold. The packet size that is used to determine if it should use the
CSMA/CD (Carrier Sense Multiple Access with Collision Detection) mechanism or the
CSMA/CA define the mechanism for packet transmission. With the CSMA/CD transmission
mechanism, the transmitting station sends out the actual packet as soon as it has waited for the
silence period. With the CSMA/CA transmission mechanism, the transmitting station sends
out an RTS packet to the receiving station, and waits for the receiving station to send back a
CTS (Clear to Send) packet before sending the actual packet data.
• Fragmentation Length
This is the maximum packet size used for fragmentation. Packets larger than the size
programmed in this field will be fragmented. The Fragment Threshold value must be larger
than the RTS Threshold value.
10-12 Advanced Configuration
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
• Beacon Interval
Specifies the data beacon rate between 20 and 1000.
•DTIM
The Delivery Traffic Indication Message. Specifies the data beacon rate between 1 and 255.
• Preamble Type
A long transmit preamble may provide a more reliable connection or slightly longer range. A
short transmit preamble gives better performance.
Advanced Configuration 10-13
March 2004, 202-10027-01
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
10-14 Advanced Configuration
March 2004, 202-10027-01
Loading...