NETGEAR FWG114P - ProSafe 802.11g Wireless Firewall, Reference Manual

Page 1: ...2004 202 10027 01 202 10027 01 Version 2 0 March 2004 NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA Reference Manual for the ProSafe Wireless 802 11g Firewall Print Server Model FWG...

Page 2: ...ment off and on the user is encouraged to try to correct the interference by one Ol omore of the following measures Reorient or relocate the receiving antenna Increase the separation between the equip...

Page 3: ...dance with the conditions set out in the BMPT AmtsblVfg 243 1991 and Vfg 46 1992 The operation of some equipment for example test transmitters in accordance with the regulations may however be subject...

Page 4: ...March 2004 202 10027 01 iv...

Page 5: ...ng Ethernet Connections with Auto Uplink 2 4 Extensive Protocol Support 2 4 Easy Installation and Management 2 5 Package Contents 2 6 The FWG114P Front Panel 2 7 The FWG114P Rear Panel 2 8 Chapter 3 C...

Page 6: ...standing Wireless Settings 4 3 Default Factory Settings 4 7 Before You Change the SSID and WEP Settings 4 8 How to Set Up and Test Basic Wireless Connectivity 4 9 How to Restrict Wireless Access by MA...

Page 7: ...Port Filtering 6 9 Outbound Rule Example Blocking Instant Messaging 6 10 Other Rules Considerations 6 10 Order of Precedence for Rules 6 11 Rules Menu Options 6 11 Using a Schedule to Block or Allow C...

Page 8: ...4P to FWG114P with Certificates 8 26 Netgear VPN Client to FWG114P 8 32 Configuration Profile 8 32 Step By Step Configuration of FWG114P Gateway 8 33 Step By Step Configuration of the Netgear VPN Clie...

Page 9: ...Troubleshooting the ISP Connection 11 4 Troubleshooting a TCP IP Network Using a Ping Utility 11 5 Testing the LAN Path to Your Router 11 5 Testing the Path from Your Computer to a Remote Device 11 6...

Page 10: ...P to Automatically Configure TCP IP Settings C 4 Selecting Windows Internet Access Method C 4 Verifying TCP IP Properties C 5 Configuring Windows NT 2000 or XP for IP Networking C 5 Installing or Veri...

Page 11: ...ntication and WEP Data Encryption E 2 802 11 Authentication E 3 Open System Authentication E 3 Shared Key Authentication E 4 Overview of WEP Parameters E 5 Key Size E 6 WEP Configuration Options E 7 W...

Page 12: ...ng F 7 Firewalls F 8 Setting Up a VPN Tunnel Between Gateways F 8 VPNC IKE Security Parameters F 10 VPNC IKE Phase I Parameters F 10 VPNC IKE Phase II Parameters F 11 Testing and Troubleshooting F 11...

Page 13: ...Contents xiii March 2004 202 10027 01 Step By Step Configuration of FVS328 Gateway B H 7 Test the VPN Connection H 11 Glossary List of Glossary Terms G 1 Index...

Page 14: ...March 2004 202 10027 01 xiv Contents...

Page 15: ...ical conventions This guide uses the following formats to highlight special messages This manual is written according to these specifications Table 1 Typographical conventions italics Emphasis books C...

Page 16: ...avaScript enabled 2 Toolbar buttons Use the toolbar buttons across the top to navigate print pages and more The Show in Contents button locates the current topic in the Contents tab Previous Next butt...

Page 17: ...in the chapter you want to print The PDF version of the chapter you were viewing opens in a browser window Note Your computer must have the free Adobe Acrobat reader installed in order to view and pr...

Page 18: ...Reference Manual for the ProSafe Wireless 802 11g Firewall Print Server Model FWG114P 1 4 About This Manual March 2004 202 10027 01...

Page 19: ...sion detection The FWG114P allows Internet access for up to 253 users It provides multiple Web content filtering options plus browsing activity reporting and instant alerts via e mail Parents or netwo...

Page 20: ...ased on a user name and password you define LAN to LAN access between two FWG114P wireless firewall print servers through the serial port with the option of enabling auto failover Internet access acro...

Page 21: ...rue Firewall with Content Filtering Unlike simple Internet sharing NAT routers the FWG114P is a true firewall using stateful packet inspection to defend against hacker attacks Its firewall features in...

Page 22: ...anges of ports Autosensing Ethernet Connections with Auto Uplink With its internal 8 port 10 100 switch the FWG114P can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Etherne...

Page 23: ...own address as a DNS server to the attached PCs The router obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN PPP over Ethernet PPPoE PPPoE is a...

Page 24: ...location on the Internet For security you can limit remote management access to a specified remote IP address or range of addresses and you can choose a nonstandard port number Visual monitoring The F...

Page 25: ...or received by the Modem port LINK On Amber The port has detected a link with an attached device INTERNET Note The operation of these LEDs depends on how the WAN port is configured 100 100 Mbps On Of...

Page 26: ...port connections listed below Figure 1 2 FWG114P Rear Panel Viewed from left to right the rear panel contains the following features Wireless antenna DB 9 serial port for modem connection USB 2 0 Pri...

Page 27: ...or your broadband account 3 Connect the router to a broadband modem and a computer as explained below Cabling and Computer Hardware Requirements To use the FWG114P Wireless Firewall Print Server on yo...

Page 28: ...nfiguration Parameters There are several ways you can gather the required Internet connection information Your ISP provides all the information needed to connect to the Internet If you cannot locate t...

Page 29: ...ss Fixed or Static Internet IP Address ______ ______ ______ ______ Gateway IP Address ______ ______ ______ ______ Subnet Mask ______ ______ ______ ______ ISP DNS Server Addresses If you were given DNS...

Page 30: ...you through this procedure Verify That Basic Requirements Are Met Assure that the following requirements are met You have your broadband Internet service settings handy The computer is configured to...

Page 31: ...came with your wireless firewall print server into a Local port on the router such as Local port 4 C and the other end into the Ethernet port of your computer D Figure 3 3 Connect the computers on yo...

Page 32: ...the status lights and verify the following Power The power light goes on when your turn the wireless firewall print server on Test The test light turns on then goes off after less than a minute Local...

Page 33: ...your browser will display a page not found message b Connect to the wireless firewall print server by typing http 192 168 0 1 in the address field of Internet Explorer or Netscape Navigator Figure 3 5...

Page 34: ...ess in the same subnet as the Wan port of the FWG114P For more information on NAT please see Single IP Address Operation Using NAT on page B 7 Furthermore if you turn NAT off and plan to use VPN you w...

Page 35: ...ight on the wireless firewall print server will be lit if the Ethernet cable from the wireless firewall print server to the modem is plugged in securely and the modem and wireless firewall print serve...

Page 36: ...nection follow below Wizard Detected Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet PPPoE you will be directed to...

Page 37: ...on the amount of time connected to the Internet Whenever a computer on the network requests access to the Internet the FWG114P will automatically reconnect 4 Domain Name Server DNS Address If you know...

Page 38: ...l attempt to learn the domain automatically from the ISP If this is not successful you may need to enter it manually 2 If you know that your ISP does not automatically transmit DNS addresses to the fi...

Page 39: ...the Ethernet MAC address of the network interface card in your computer when your account is first opened They will then only accept traffic from the MAC address of that computer This feature allows...

Page 40: ...ave the settings 4 Click Test to test your Internet connection If the NETGEAR Web site does not appear within one minute refer to Chapter 11 Troubleshooting How to Configure the Serial Port as the Pri...

Page 41: ...u c Fill in the ISDN or analog ISP Internet configuration parameters as appropriate For a Dial up Account enter the Account information Check Connect as required to enable the firewall to automaticall...

Page 42: ...re using the User Defined Modem Type you must first use the Serial Port menu Modem link to fill in the Modem Properties settings for your modem e Click Apply to save your settings 3 Connect to the Int...

Page 43: ...004 202 10027 01 Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below or you can allow the Setup Wizard to determine your configuration as descri...

Page 44: ...automatically assigns private IP addresses for example 192 168 0 x to LAN connected devices When NAT is disabled only standard routing is performed by this router Note Disabling NAT will reboot the ro...

Page 45: ...This feature allows your firewall to masquerade as that computer by cloning its MAC address To change the MAC address select Use This Computer s MAC Address The firewall will then capture and use the...

Page 46: ...Reference Manual for the ProSafe Wireless 802 11g Firewall Print Server Model FWG114P 3 20 Connecting the FWG114P to the Internet March 2004 202 10027 01...

Page 47: ...ults place your wireless firewall print server Near the center of the area in which your PCs will operate In an elevated location such as a high shelf where the wirelessly connected PCs have line of s...

Page 48: ...icting access by MAC address adds an obstacle against unwanted access to your network but the data broadcast over the wireless link is fully exposed Turn Off the Broadcast of the Wireless Network Name...

Page 49: ...w standard wireless device driver and software availability may be limited Understanding Wireless Settings To configure the wireless settings of your FWG114P click the Wireless link in the Setup secti...

Page 50: ...mation on the wireless channel frequencies please refer to Wireless Channels on page E 7 Mode Select the desired wireless mode The options are g b Both 802 11g and 802 11b wireless stations can be use...

Page 51: ...data encryption Note With Open Network Authentication and 64 or 128 bit WEP Data Encryption the FWG114P does perform 64 or 128 bit data encryption but does not perform any authentication Security Encr...

Page 52: ...using RADIUS servers For a full explanation of WPA see WPA Wireless Security on page E 8 Fill in the following Primary Radius Server Name IP Address This field is required Enter the name or IP addres...

Page 53: ...panel as seen in the illustration FWG114P Rear Panel on page 2 8 After you install the FWG114P Wireless Firewall Print Server use the procedures below to customize any of the settings to better meet...

Page 54: ...eless nodes in the same network must be configured with the same SSID Authentication Circle one Open System or Shared Key Choose Shared Key for more security Note If you select shared key the other de...

Page 55: ...Note The characters are case sensitive An access point always functions in infrastructure mode The SSID for any wireless device communicating with the access point must match the SSID configured in t...

Page 56: ...ess Settings menu click Setup Access List 3 Click the Turn Access Control On checkbox to enable MAC filtering 4 Click Add to open the Wireless Card Access Setup menu You can select a device from the l...

Page 57: ...ength options You can manually or automatically program the four data encryption keys These values must be identical on all PCs and Access Points in your network Automatic Enter a word or group of pri...

Page 58: ...river must also support WPA Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings To configure WPA follow these steps 1 Log in at...

Page 59: ...er and WPA client software for instructions on configuring WPA settings To configure WPA PSK follow these steps 1 Log in at the default LAN address of http 192 168 0 1 with the default user name of ad...

Page 60: ...Reference Manual for the ProSafe Wireless 802 11g Firewall Print Server Model FWG114P 4 14 Wireless Configuration March 2004 202 10027 01...

Page 61: ...configuration options Modem Use this option to configure the serial modem settings for any of the features below Auto Rollover Use this option to provide a backup connection for your broadband service...

Page 62: ...serial port modem requires these elements 1 A serial analog or ISDN modem 2 A serial modem cable with a DB9 connector 3 An active phone or ISDN line How to Configure a Serial Port Modem Follow the st...

Page 63: ...re information on this procedure please refer to the support area of the NETGEAR Web site 4 Click Apply to save your settings Configuring Auto Rollover You can configure the serial port of the FWG114P...

Page 64: ...ollover configuration menu 3 Configure the Auto Rollover settings 4 Click Apply for the changes to take effect Configuring Dial in on the Serial Port Dial in lets a single remote computer connect to t...

Page 65: ...A serial modem properly configured and attached to the DB9 connector on the serial port 4 The Dial in settings configured and applied to the FWG114P How to Configure Dial in Follow the steps below to...

Page 66: ...an active ISDN or dial up ISP account 2 A serial modem properly configured and attached to the DB9 connector on the serial port 3 A broadband connection to one FWG114P for LAN to LAN auto rollover Int...

Page 67: ...FWG114P Serial Port Configuration 5 7 March 2004 202 10027 01M 10207 01 Reference Manual v2 Figure 5 5 LAN to LAN configuration menu 3 Configure the LAN to LAN settings Note The LAN subnet address of...

Page 68: ...Reference Manual for the ProSafe Wireless 802 11g Firewall Print Server Model FWG114P 5 8 Serial Port Configuration March 2004 202 10027 01M 10207 01 Reference Manual v2...

Page 69: ...rotects one network the trusted network such as your LAN from another the untrusted network such as the Internet while allowing communication between the two A firewall incorporates the functions of a...

Page 70: ...re 6 1 Block Sites menu To enable filtering click the checkbox next to the type of filtering you want to enable The filtering choices are Proxy blocks use of a proxy server Java blocks use of Java app...