NETGEAR ProSafe Quad WAN FR538G, Reference Manual

Page 1: ...November 2007 202 10289 01 v1 0 NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual...

Page 2: ...uipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equ...

Page 3: ...ed subject to the following conditions 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form mus...

Page 4: ...s derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retai...

Page 5: ...ndorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATI...

Page 6: ...perate correctly when you follow the operating instructions Keep your system away from radiators and heat sources Also do not block cooling vents Do not spill food or liquids on your system components...

Page 7: ...thernet Connections with Auto Uplink 1 3 Extensive Protocol Support 1 3 Easy Installation and Management 1 4 Maintenance and Support 1 4 Package Contents 1 5 Router Front Panel 1 5 Router Rear Panel 1...

Page 8: ...3 6 Port Management 3 7 Managing Groups and Hosts LAN Groups 3 8 Creating the Network Database 3 9 Setting Up Address Reservation 3 12 Configuring and Enabling the DMZ Port 3 12 Static Routes 3 15 Co...

Page 9: ...P2P Software Prevention 4 22 Adding Customized Services 4 24 Setting a Schedule to Block or Allow Specific Traffic 4 26 Setting Block Sites Content Filtering 4 27 Enabling IP MAC Binding 4 29 Setting...

Page 10: ...uter Configuration and System Status 5 24 Monitoring WAN Ports Status 5 25 DHCP Log 5 26 Configuring QoS Quality of Service 5 27 Maximum Bandwidth for WAN Ports 5 32 Performing Diagnostics 5 33 Chapte...

Page 11: ...Network Configuration Requirements D 3 Internet Configuration Requirements D 4 Where Do I Get the Internet Configuration Parameters D 4 Internet Connection Information Form D 5 Overview of the Plannin...

Page 12: ...xii Contents v1 0 November 2007...

Page 13: ...ng paragraphs Typographical Conventions This manual uses the following typographical conventions Formats This manual uses the following formats to highlight special messages Italics Emphasis books CDs...

Page 14: ...or index to navigate directly to where the topic is described in the manual A button to access the full NETGEAR Inc online knowledge base for the product model Links to PDF versions of the full manual...

Page 15: ...he chapter you were viewing opens in a browser window Click the print icon in the upper left of your browser window Printing a PDF version of the Complete Manual Use the Complete PDF Manual link at th...

Page 16: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual xvi v1 0 November 2007...

Page 17: ...of day Website addresses and address keywords The FR538G is a plug and play device that can be installed and configured within minutes Key Features The quad WAN gigabit firewall provides the followin...

Page 18: ...l packet inspection to defend against hacker attacks Its firewall features include DoS protection Automatically detects and thwarts DoS attacks such as Ping of Death SYN Flood LAND Attack and IP Spoof...

Page 19: ...l duplex or half duplex operation The firewall incorporates Auto UplinkTM technology Each Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal c...

Page 20: ...tup Wizard is provided and online help documentation is built into the browser based Web Management Interface Auto Detect The quad WAN gigabit firewall automatically senses the type of Internet connec...

Page 21: ...er feet Category 5 Cat5 Ethernet cable Installation Guide FR538G ProSafe Quad WAN Gigabit Firewall Resource CD including Reference Manual Warranty and Support Information Card If any of the parts are...

Page 22: ...rt has a valid Internet connection The Internet connection is down or not being used because the port is available for failover in case the connection on other WAN port fails The WAN port is either no...

Page 23: ...contains the On Off switch and AC power connection Viewed from left to right the rear panel contains the following elements 1 Fan vent 2 AC power in 3 On Off switch Rack Mounting Hardware The FR538G...

Page 24: ...om of the FR538G s enclosure if you forget the following factory default information IP Address http 192 168 1 1 to reach the Web based GUI from the LAN User name admin Password password Default Log I...

Page 25: ...e Quad WAN Gigabit Firewall FR538G Reference Manual Introduction 1 9 v1 0 November 2007 3 Once the login screen displays Figure 1 5 enter the following information admin for User Name password for Pas...

Page 26: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1 10 Introduction v1 0 November 2007...

Page 27: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Introduction 1 11 v1 0 November 2007...

Page 28: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1 12 Introduction v1 0 November 2007...

Page 29: ...to the quad WAN gigabit firewall 1 Connect to the firewall by typing http 192 168 1 1 in the address field of Internet Explorer Mozilla Firefox or Netscape Navigator 2 When prompted enter admin for t...

Page 30: ...WAN mode required for quad WAN operation Select either auto rollover mode or load balancing mode on a mutually exclusive basis For load balancing you can also select the protocol bindings 5 Configure...

Page 31: ...your ISP Auto Detect will probe for different connection methods and suggest one that your ISP will most likely support When Auto Detect successfully detects an active Internet service it reports whi...

Page 32: ...the traffic meter for WAN1 Settings if desired See Programming the Traffic Meter if Desired on page 2 9 PPTP Login Username Password Account Name Local IP address and PPTP Server IP address BigPond Ca...

Page 33: ...ettings WAN3 ISP Settings and WAN4 ISP Settings screen see Configuring the Advanced WAN Options If Needed on page 2 20 Manually Configuring Your Internet Connection If you know your ISP connection typ...

Page 34: ...talled login software such as WinPoET or Enternet then your connection type is PPPoE Select this connection and configure the following fields Account Name Valid account name for the PPPoE connection...

Page 35: ...SP settings 1 Select the WAN ISP Settings tab to configure each WAN ISP port The WAN ISP screen for the port you selected will display 2 Repeat steps 1 through 7 above to set each WAN ISP WAN2 ISP WAN...

Page 36: ...he Subnet Mask of the server c Gateway IP Address Enter the default Gateway Address of the network server 5 Check the Use These DNS Servers radio box in the Domain Name Server DNS Servers section and...

Page 37: ...olume over a given period of time or if you want to look at traffic types over a period of time To enable the traffic meter 1 From the primary menu select Monitoring and then select Traffic Meter from...

Page 38: ...in the limit Increase this month s limit Use this to temporarily increase the Traffic Limit if you have reached the monthly limit but need to continue accessing the Internet Check the checkbox and ent...

Page 39: ...ancing Mode In this mode the router distributes the outbound traffic equally among the WAN interfaces that are functional For both alternatives you must also set up Network Address Translation NAT NAT...

Page 40: ...o use a redundant ISP link for backup purposes ensure that the backup WAN port has already been configured Then you select the WAN port that will act as the primary link for this mode and configure th...

Page 41: ...t will not reject the Ping request or will not consider the traffic abuse Queries are sent to this server through the WAN interface being monitored 5 Enter a Test Period in seconds DNS query is sent p...

Page 42: ...em For example if the HTTP protocol is bound to WAN1 and the FTP protocol is bound to WAN2 then the router will automatically channel FTP data from and to the computers on the LAN through the WAN2 por...

Page 43: ...2 b Destination Network These settings determine which Internet locations are covered by the rule based on their IP address Select the desired option Any All Internet IP address are covered by this ru...

Page 44: ...ocol bindings for all of the WAN ports To Edit or Add additional Protocol Binding settings 1 Select Network Configuration from the main menu and Protocol Binding from the submenu The WAN1 Protocol Bin...

Page 45: ...TZO and Iego are provided for your convenience on the Dynamic DNS Configuration screen The quad WAN gigabit firewall firmware includes software that notifies dynamic DNS servers of changes in the WAN...

Page 46: ...g mode you may still need a fully qualified domain name FQDN either for convenience or if you have a dynamic IP address To configure Dynamic DNS 1 Select Network Configuration from the primary menu an...

Page 47: ...fter setting up your account return to the Dynamic DNS Configuration screen and fill in the required fields for the DDNS service you selected a In the Host and Domain Name field enter the entire FQDN...

Page 48: ...d feature will cause yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org 5 Click Apply to save your configuration 6 Click Reset to return to the previous settings Configuri...

Page 49: ...links continuously you may need to set the port speed manually This could occur with some older broadband modems If you know that the Ethernet port on your broadband modem supports 100BaseT select 100...

Page 50: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 2 22 Connecting the FR538G v1 0 November 2007...

Page 51: ...a Computer for Network Access in Appendix C Related Documents for an explanation of DHCP and information about how to assign IP addresses for your network If another device on your network will be the...

Page 52: ...nistrator To modify your LAN setup 1 Select Network Configuration from the primary menu and LAN Setup from the submenu The LAN Setup screen will display 2 Enter the IP Address of your router factory d...

Page 53: ...sses in the IP address pool Any new DHCP client joining the LAN will be assigned an IP address between the Starting IP address and this IP address The IP address 192 168 1 100 is the default ending ad...

Page 54: ...router The IP Address is the alias added to the LAN port of the router This will be the gateway for computers that need to access the Internet The Subnet Mask is the IPv4 Subnet Mask To add a seconda...

Page 55: ...he Action column adjacent to the selected entry The Edit Secondary LAN IP Setup screen will display 2 Modify the IP Address and Subnet Mask fields and click Apply Figure 3 2 Note Additional IP address...

Page 56: ...he Port Mirror tab The Port Mirror screen will display 2 Select the Yes radio box to enable Port Mirror 3 Select the LAN radio box for the port you want to enable as the mirror port 4 Check Egress Ing...

Page 57: ...ndaries so only stations whose ports are members of the same VLAN can see those frames To enable Port Management 1 Select Network Configuration LAN Setup from the main menu and then click the Port Man...

Page 58: ...assigned dynamic IP addresses by this router Collectively these entries make up the Network Database The Network Database is created in two ways DHCP Client Requests By default the DHCP server in thi...

Page 59: ...identify each PC or device So changing a PC s IP address does not affect any restrictions on that PC Group and individual control over PCs You can assign PCs to Groups and apply restrictions to each...

Page 60: ...n will display 2 In the Add Known PCs and Devices table enter the name of the PC or device 3 From the IP Address Type pull down menu select Reserved DHCP Client to direct the router to reserve the IP...

Page 61: ...on this screen 3 Click Reset to cancel your settings and return to the previous settings 4 Click Apply to save your new settings The modified record will appear in the Know PCs and Devices table To e...

Page 62: ...nt IP settings The Reserved IP address that you select must be outside of the DHCP Server pool To reserve an IP address use the Groups and Hosts screen under the Network Configuration menu LAN Groups...

Page 63: ...run the application properly if those PCs are used on the DMZ port The DMZ Setup screen allows you to set up the DMZ port It permits you to enable or disable the hardware DMZ port LAN port 4 see Route...

Page 64: ...the IP address pool c WINS Server This box specifies the Windows Internet Naming Service Server IP d Lease Time This box specifies the Lease time to be given to the DHCP Clients e Enable DNS Proxy If...

Page 65: ...te routing information after it has been configured for Internet access and you do not need to configure additional static routes You should configure static routes only for unusual cases such as mult...

Page 66: ...physical network interface WAN1 WAN2 WAN3 WAN4 or LAN through which this route is accessible 9 Enter the Gateway IP Address through which the destination host or network can be reached must be a fire...

Page 67: ...ting from the main menu When the Routing screen displays click the RIP Configuration link The RIP Configuration screen will display 2 From the RIP Direction pull down menu select the direction in whic...

Page 68: ...M send the routing data in RIP 2 format RIP 2B Sends the routing data in RIP 2 format and uses subnet broadcasting RIP 2M Sends the routing data in RIP 2 format and uses multicasting 4 Authentication...

Page 69: ...the company s firewall In this case you must define a static route telling your firewall that 134 177 0 0 should be accessed through the ISDN firewall at 192 168 1 100 In this example The Destination...

Page 70: ...using the following symtax rules 1 The file content must be a text file 2 You must use the following syntax rules to compose your file network xxx xxx xxx xxx mask yyy yyy yyy yyy or host zzz zzz zzz...

Page 71: ...Manual LAN Configuration 3 21 v1 0 November 2007 For example network 60 12 32 0 mask 255 255 240 0 network 60 12 48 0 mask 255 255 248 0 host 60 12 56 0 host 60 12 56 1 network 60 12 56 2 mask 255 25...

Page 72: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3 22 LAN Configuration v1 0 November 2007...

Page 73: ...Internet while allowing communication between the two You can further segment keyword blocking to certain known groups see Configuring Port Mirror on page 3 6 to set up LAN Groups A firewall incorpora...

Page 74: ...the firewall unless the traffic is in response to a request from the LAN side The firewall can be configured to allow this otherwise blocked traffic Customized Services Additional services can be adde...

Page 75: ...hedule3 that will be used by this rule This drop down menu gets activated only when BLOCK by schedule otherwise Allow or ALLOW by schedule otherwise Block is selected as Action Use schedule page to co...

Page 76: ...e local server PC is assigned by DHCP it may change when the PC is rebooted To avoid this you can implement one of the following methods Use the Reserved IP address feature in the LAN Groups menu unde...

Page 77: ...ault rule Action Select Schedule Select the desired time schedule i e Schedule1 Schedule2 or Schedule3 that will be used by this rule see Setting a Schedule to Block or Allow Specific Traffic on page...

Page 78: ...ress applicable to incoming traffic This is the public IP address that will map to the internal LAN server it can either be the address of the WAN1 WAN2 WAN3 or WAN4 ports or another public IP address...

Page 79: ...more rules may be important in determining the disposition of a packet For example you should place the most strict rules at the top those with the most specific services or addresses The Up and Down...

Page 80: ...make any changes to the rule definition of an existing rule The Outbound Service screen will display containing the data for the selected rule see Figure 4 3 on page 4 9 Up to move the rule up one pos...

Page 81: ...Administrator Tips on page 4 38 To create a new outbound service rule 1 Click Add under the Outbound Services Table The Add LAN WAN Outbound Service screen will display 2 Complete the Outbound Servic...

Page 82: ...le 4 2 on page 4 5 3 Click Reset to cancel your settings and return to the previous settings 4 Click Apply to save your changes and reset the fields on this screen The new rule will be listed on the I...

Page 83: ...Default Outbound Policy 1 Select Security from the main menu Firewall Rules from the submenu and then select the DMZ WAN Rules tab The DMZ WAN Rules screen will display 2 Click Add under the Outbound...

Page 84: ...block specific types of traffic from either going out from the LAN to the DMZ Outbound or coming in from the DMZ to the LAN Inbound To access the LAN DMZ Rules screen 1 Select Security on the main me...

Page 85: ...bound Services Rules To create a new outbound LAN DMZ service rule 1 Click Add under the Outbound Services Table The Add LAN DMZ Outbound Service screen will display 2 Complete the Outbound Service sc...

Page 86: ...ound Rule Hosting A Local Public Web Server If you host a public Web server on your local network you can define a rule to allow inbound Web HTTP requests from any outside IP address to the IP address...

Page 87: ...e public IP address for your use you can use the additional public IP addresses to map to servers on your LAN or DMZ One of these public IP addresses will be used as the primary IP address of the rout...

Page 88: ...will display 4 From the Service pull down menu select the HTTP service for a Web server 5 From the Action pull down menu select Allow Always 6 In the Send to LAN Server field enter the local IP addre...

Page 89: ...is the public IP address you have mapped to your Web server You should see the home page of your Web server LAN WAN or DMZ WAN Inbound Rule Specifying an Exposed Host Specifying an exposed host allows...

Page 90: ...le Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours you can create an outbound rule to block that application from any internal IP address to a...

Page 91: ...firewall will reject all ping packets to avoid an ICMP Sweep or Ping Sweep attack DDoS Protection Block Fragmenting Attacks Fragmentation attack is a form of attack that is initiated when one machine...

Page 92: ...e excessive ICMP return packets do not reach him thus making the attacker s network location anonymous Block Non standard Packets Abnormal packets are often used by hackers especially for DoS attacks...

Page 93: ...the Session Limit tab The Session Limit screen will display 2 Select one of the session limit options by clicking the corresponding radio button a If no session limit is desired for any client click...

Page 94: ...the specific P2P applications to protect your computer You can also add custom P2P applications P2P software prevention is disabled by default To enable P2P Software Prevention 1 Select Security Firew...

Page 95: ...o indicate that the service has been enabled To add a new custom service 1 Add the following information in the Add Custom P2P Application Service table a In the Name column enter the name of the serv...

Page 96: ...The service numbers for many common protocols are defined by the Internet Engineering Task Force IETF and published in RFC1700 Assigned Numbers Service numbers for other applications are typically cho...

Page 97: ...venience 3 Select the Layer 4 Protocol that the service uses as its transport protocol It can be TCP UDP TCP UDP or ICMP 4 Enter the first TCP or UDP port of the range that the service uses If the ser...

Page 98: ...ted The firewall allows you to specify when blocking will be enforced by configuring one of the Schedules Schedule 1 Schedule 2 or Schedule 3 To invoke rules and block keywords or Internet domains bas...

Page 99: ...ll see a Blocked by NETGEAR message Several types of blocking are available Web Components blocking You can block the following Web component types Proxy Java ActiveX and Cookies Even sites on the Tru...

Page 100: ...k all Internet browsing access enter the keyword To enable Content Filtering 1 Select Security Block Sites from the sub menu The Block Sites screen will display 2 Check the Yes radio button to enable...

Page 101: ...ring 4 29 v1 0 November 2007 Enabling IP MAC Binding IP MAC binding allows you to assign a fixed IP address to a client This IP address does not change over time even after the router is rebooted Once...

Page 102: ...Repeat this step until all desired IP MAC address bindings are entered 4 Click Apply to save your settings otherwise click Reset to return to the previous settings To delete existing IP MAC binding 1...

Page 103: ...ts for a timeout interval and then closes the port or range of ports making them available to other computers on the private network Port triggering allows some applications running on a LAN network t...

Page 104: ...fter which the Port Trigger will timeout 4 In the Add Port Triggering Rule section enter a user defined name for this rule in the Name field 5 In the Service User section select the Any radio box or s...

Page 105: ...Reference Manual Firewall Protection and Content Filtering 4 33 v1 0 November 2007 To edit or modify a rule 1 Click Edit in the Action column opposite the rule you wish to edit The Edit Port Triggeri...

Page 106: ...other information to a specified e mail address For example your quad WAN gigabit firewall will log security related events such as accepted and dropped packets on different segments of your LAN or DM...

Page 107: ...so it is good practice to select only those events which are required To set up Firewall Logs and E mail alerts 1 Select Monitoring Firewall Logs E mail from the main menu The Firewall Logs E mail sc...

Page 108: ...rver requirements Then enter the user name and password to be used for authentication 7 If you want to respond to IDENT protocol check the Respond to Identd from SMTP Server radio box The Ident Protoc...

Page 109: ...the E mail Logs options as been enabled you can send a copy of the log by clicking send log 3 Click refresh log to retrieve the latest update and click clear log to delete all entries Log entries are...

Page 110: ...ased Rules on page 4 2 Schedules see Setting a Schedule to Block or Allow Specific Traffic on page 4 26 Block sites see Setting Block Sites Content Filtering on page 4 27 IP Mac Binding see Enabling I...

Page 111: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Firewall Protection and Content Filtering 4 39 v1 0 November 2007...

Page 112: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 4 40 Firewall Protection and Content Filtering v1 0 November 2007...

Page 113: ...ets through when there is a bottleneck and either reducing unnecessary traffic or rescheduling some traffic to low peak times to prevent bottlenecks from occurring in the first place The quad WAN giga...

Page 114: ...Service blocking Block sites Source MAC filtering Service Blocking You can control specific outbound traffic for example from LAN to WAN and from DMZ to WAN Outbound Services lists all existing rules...

Page 115: ...ffic on page 4 1 for the procedure on how to use this feature Services The Rules menu contains a list of predefined Services for creating firewall rules If a service does not appear in the predefined...

Page 116: ...word blocking has been enabled will be blocked Blocking does not occur for the PCs that are in the groups for which keyword blocking has not been enabled You can bypass keyword blocking for trusted do...

Page 117: ...default rule blocks all inbound traffic Each rule lets you specify the desired action for the connections covered by the rule BLOCK always BLOCK by schedule otherwise Allow ALLOW always ALLOW by sched...

Page 118: ...ou can specify whether the rule is to be applied on the Schedule 1 Schedule 2 or Schedule 3 time schedule see Setting a Schedule to Block or Allow Specific Traffic on page 4 26 See Using Rules to Bloc...

Page 119: ...nabled see Router Front Panel on page 1 5 See Configuring and Enabling the DMZ Port on page 3 12 and Setting DMZ WAN Rules on page 4 10 for the procedure on how to use this feature Using QoS to Shift...

Page 120: ...tion Manager is password Netgear recommends that you change this password to a more secure password You can also configure a separate password for guests To modify User or Admin settings 1 Select Admi...

Page 121: ...ing Remote Management Access on page 5 9 Figure 5 1 Note The password and time out value you enter will be changed back to password and 5 minutes respectively after a factory defaults reset Note Be su...

Page 122: ...select IP address range Enter a beginning and ending IP address to define the allowed range c To allow access from a single IP address on the Internet select Only this PC Enter the IP address that wi...

Page 123: ...rt The trap port of the configuration Community The trap community string of the configuration To create a new SNMP configuration entry 1 Select Administration SNMP from the main menu The SNMP screen...

Page 124: ...configuration in the Community field 5 Click Add to create the new configuration The entry will display in the SNMP Configuration table 6 Click Edit in the Action column adjacent to the entry to modi...

Page 125: ...UPnP screen will display 2 Check the Enable radio box under Do you want to enable UPnP service 3 Click Apply to save the settings otherwise click Reset to return to previous settings Settings Backup...

Page 126: ...the file click restore An Alert page will appear indicating the status of the restore operation You must manually restart the quad WAN gigabit firewall for the restored settings to take effect To res...

Page 127: ...e your firmware the Firmware Version will change to reflect the new version To download a firmware version 1 Click Check to go to the NETGEAR website and then click on Downloads You can also select th...

Page 128: ...e computer clock times in a network of computers Select Administration from the main menu and Time Zone from the submenu The Time Zone screen will display To set Time Date and NTP servers 1 Select Adm...

Page 129: ...ver 1 or Server 2 fields empty they will be set to the Default Netgear NTP servers 5 Click Apply to save your settings or click Cancel to revert to your previous settings Monitoring the Router You can...

Page 130: ...d the Traffic Meter these statistics are not available Traffic by Protocol Click this button to display Internet Traffic details The volume of traffic for each protocol will be displayed in a sub wind...

Page 131: ...the Firewall Logs E mail screen that is invoked by selecting Monitoring from the main menu and selecting Firewall Logs E mail from the submenu You can send a System log of firewall activities to an em...

Page 132: ...enu contains a table of all IP devices that the quad WAN gigabit firewall has discovered on the local network Select Monitoring Attached Devices from the main menu The Attached Devices screen will dis...

Page 133: ...lients However sometimes the name of the PC or device cannot be accurately determined and will be shown as Unknown You can set the polling interval in seconds The Attached Devices table lists all curr...

Page 134: ...rebooted the table data is lost until the quad WAN gigabit firewall rediscovers the devices Figure 5 11 Table 5 2 Port Triggering Status data Item Description Rule The name of the Rule LAN IP Address...

Page 135: ...work Management 5 23 v1 0 November 2007 Viewing Router Configuration and System Status The Router Status screen provides status and usage information Select Monitoring from the main menu and Router St...

Page 136: ...he router is using This will change if you upgrade your router LAN Port Displays the current settings for MAC address IP address DHCP role and IP Subnet Mask that you set in the LAN IP Setup page DHCP...

Page 137: ...ter and Network Management 5 25 v1 0 November 2007 DHCP Log You can view the DHCP log from the LAN Setup screen Select Network Configuration from the main menu and LAN Setup from the submenu When the...

Page 138: ...traffic Bandwidth allocation or priority can be assigned for individual traffic to ensure service quality The following table provides an explanation of the configuration parameters available for QoS...

Page 139: ...ic that exceeds the traffic profile which is defined by local policy is discarded DiffServ EF Assured Forwarding AF Has four classes AF1 AF2 AF3 AF4 and three drop precedences within each class for a...

Page 140: ...creen will display 2 From the Interface pull down menu select the WAN interface where QoS will be implemented 3 From the Service pull down menu select the protocol service that will be controlled by Q...

Page 141: ...ct the class of QoS see Table 5 4 on page 5 26 for a description of the values 6 For the Hosts to be controlled by QoS select either The IP Address checkbox and then enter an IP range or The Group che...

Page 142: ...dd at the bottom of the screen The Add QoS screen for Priority will display 2 From the Interface pull down menu select the WAN port that will control the QoS 3 From the Service pull down menu select t...

Page 143: ...our ISP To enter the maximum bandwidth provided by your ISP 1 Select Monitoring QoS from the main menu and then click the Maximum Bandwidth tab The Maximum Bandwidth screen will display 2 Enter the ma...

Page 144: ...nostics You can perform diagnostics such as pinging an IP address performing a DNS lookup displaying the routing table rebooting the firewall and capturing packets Select Monitoring Diagnostics from t...

Page 145: ...screen click Back on the Windows menu bar to return to the Diagnostics screen Perform a DNS Lookup A DNS Domain Name Server converts the Internet name e g www netgear com to an IP address If you need...

Page 146: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 5 34 Router and Network Management v1 0 November 2007...

Page 147: ...hat are connected c The Internet port LED is lit If a port s LED is lit a link has been established to the connected device If a LAN port is connected to a 100 Mbps device verify that the port s LED i...

Page 148: ...pport LAN or Internet Port LEDs Not On If either the LAN LEDs or Internet LED do not light when the Ethernet connection is made check the following Make sure that the Ethernet cable connections are se...

Page 149: ...in and the password is password Make sure that CAPS LOCK is off when entering this information If the firewall does not save changes you have made in the Web Configuration Interface check the followin...

Page 150: ...P address from the ISP you may need to force your cable or DSL modem to recognize your new firewall by performing the following procedure 1 Turn off power to the cable or DSL modem 2 Turn off power to...

Page 151: ...etwork Using a Ping Utility Most TCP IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device The device then responds with an echo reply Tro...

Page 152: ...SP s DNS server If the path is functioning correctly replies as in the previous section are displayed If you do not receive replies Check that your PC has the IP address of your firewall listed as the...

Page 153: ...defaults 1 Press and hold the reset button until the Test LED turns on and begins to blink about 10 seconds 2 Release the reset button and wait for the firewall to reboot Problems with Date and Time...

Page 154: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 6 8 Troubleshooting v1 0 November 2007...

Page 155: ...utton for a shorter period of time will simply cause your device to reboot Table A 1 quad WAN gigabit firewall Default Configuration Settings Feature Default Behavior Router Login User Login URL http...

Page 156: ...the http port Outbound communications going out to the Internet Enabled all Source MAC filtering Disabled Table A 2 quad WAN gigabit firewall Technical Specifications Feature Specifications Network Pr...

Page 157: ...e 0 to 50 C 32 to 122 F Operating humidity 90 maximum relative humidity noncondensing Electromagnetic Emissions Meets requirements of FCC Part 15 Class B EN 55 022 CISPR 22 Class B Interface Specifica...

Page 158: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual A 4 Default Settings and Technical Specifications v1 0 November 2007...

Page 159: ...ewall Network Configuration Diagnostic Monitor When preparing to use the CLI engine make sure that your serial port parameters are set as follows To activate the CLI engine 1 Configure the serial port...

Page 160: ...d cmd Arguments cmd name of CLI command which will be called help Command Description Presents detailed description and arguments for the CLI command Synopsis help cmd Arguments cmd CLI help command t...

Page 161: ...ommand Description Show current completer system configuration Synopsis admin showConfig admin crashDump Command Description Code dump when system crashes Synopsis admin crashDump Firewall fw mac stat...

Page 162: ...n Show port trigger web status Synopsis fw ptrgr status fw rules attackChecks status Command Description Show Defense Against DDoS Attack status firewall dos Synopsis fw rules attackChecks status fw r...

Page 163: ...anDmz outbound show Command Description Show landmz outbound rules Synopsis fw rules dmzLan outbound show fw rules lanWan inbound show Command Description Show firewall lanwan inbound rules Synopsis f...

Page 164: ...sis fw svc customsvcshow fw svc defaultsvcshow Command Description Show default firewall service Synopsis fw svc defaultsvcshow fw web keyword show Command Description Show block site keyword Synopsis...

Page 165: ...escription Display all known and discovered hosts on the LAN Synopsis netConf lanGrps list netConf lanSetup dhcpd show Command Description Display DHCP daemon status enabled or disabled If DHCP daemon...

Page 166: ...254 mask 255 255 255 0 netConf lanSetup lanStatic ifConf 2 192 168 10 254 mask 255 255 255 0 netConf lanSetup lanStatic ifDel Command Description Disable LAN interfaces including LAN and DMZ Synopsis...

Page 167: ...ALShow netConf lanSetup lanStatic ipAShow Command Description Display a single LAN IP and its alias Synopsis netConf lanSetup lanStatic ipAShow id netConf lanSetup lanStatic ipAConf Command Descriptio...

Page 168: ...dresses total netConf routing rip show Command Description Show current RIP configuration Synopsis netConf routing rip show netConf routing static get Command Description Show all list entries of rout...

Page 169: ...ption Show current configuration of WAN port Synopsis netConf wan wanSetup show WANID Arguments WANID WAN port number Results 0 All 1 WAN 1 2 WAN 2 3 WAN 3 4 WAN 4 netConf wan wanSetup status Command...

Page 170: ...table Synopsis monitor diag arpDel d IP monitor diag arpShow Command Description Show all arp address mapping entries Synopsis monitor diag arpShow IP monitor diag nsLookup Command Description Show th...

Page 171: ...eboot monitor diag routeDisplay Command Description show IP routing table Synopsis monitor diag routeDisplay monitor diag tcpdumpStart Command Description Capture the network packets on a specified in...

Page 172: ...Destination IP address DomainName Destination domain name monitor firewallLogs logger viewLog Command Description Browses the log messages Synopsis monitor firewallLogs logger viewLog monitor firewall...

Page 173: ...irewall FR538G Reference Manual Command Line Interface Guide B 15 v1 0 November 2007 Arguments WANID WAN port number Results 0 All 1 WAN 1 2 WAN 2 3 WAN 3 4 WAN 4 Examples monitor trafficMtr show 1 or...

Page 174: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual B 16 Command Line Interface Guide v1 0 November 2007...

Page 175: ...etworking and TCP IP Addressing http documentation netgear com reference enu tcpip index htm Wireless Communications http documentation netgear com reference enu wireless index htm Preparing a Compute...

Page 176: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual C 2 Related Documents v1 0 November 2007...

Page 177: ...c IP address b If you are going to use all WAN ports determine whether you are going to use them in rollover mode for increased system reliability or load balancing mode for maximum bandwidth efficien...

Page 178: ...ng a separate ISP for each WAN port or are having the traffic of both WAN ports routed through the same ISP You will need your ISP information for Configuring the WAN Port Internet Connections on page...

Page 179: ...igabit Firewall Cabling and Computer Hardware Requirements To use the quad WAN gigabit firewall on your network each computer must have an installed Ethernet Network Interface Card NIC and an Ethernet...

Page 180: ...you can ask your ISPs to provide it or you can try one of the options below If you have a computer already connected using the active Internet access account you can gather the configuration informati...

Page 181: ...atic Internet IP Address ______ ______ ______ ______ Gateway IP Address ______ ______ ______ ______ Subnet Mask ______ ______ ______ ______ ISP DNS Server Addresses If you were given DNS server addres...

Page 182: ...rather than being discarded The mechanism for making the IP address public depends on whether the quad WAN ports are configured to either roll over or balance the loads See Inbound Traffic on page D...

Page 183: ...you have configured in the Inbound Rules menu Instead of discarding this traffic you can have it forwarded to one or more LAN hosts on your network The addressing of the firewall s quad WAN port depen...

Page 184: ...ems The IP address range of the firewall s WAN port must be both fixed and public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled...

Page 185: ...cing Figure D 6 the Internet address of each WAN port is either fixed if the IP address is fixed or a fully qualified domain name if the IP address is dynamic Note Load balancing is implemented for ou...

Page 186: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual D 10 Network Planning for Quad WAN Ports v1 0 November 2007...

Page 187: ...2 11 restoring WAN interface 2 14 use with DDNS 2 18 Using WAN port 2 12 B Back up settings 5 14 backup and restore settings 5 14 bandwidth capacity 5 1 LAN side 5 1 Load balancing mode 5 1 Rollover...

Page 188: ...3 1 configuring secondary IP addresses 3 5 diagnostics DNS lookup 5 33 packet capture 5 33 ping 5 33 rebooting 5 33 routing table 5 33 Diagnostics screen 5 33 Disable DHCP Server 3 1 3 3 DMZ about 3 1...

Page 189: ...wall Protection Content Filtering about 4 1 firewall protection 4 1 firmware downloading 5 16 upgrade 5 15 Fixed IP 2 4 Fixed IP Address 3 10 FQDN 2 18 fully qualified domain name See FQDN FR538G8 fea...

Page 190: ...3 9 L LAN configuration 3 1 using LAN IP setup options 3 2 LAN DMZ Inbound Services adding rule 4 13 LAN DMZ Outbound Services adding rule 4 13 LAN DMZ Rules 4 12 LAN DMZ Rules screen 4 12 LAN DMZ se...

Page 191: ...7 NTP Servers custom 5 17 default 5 17 NTP servers setting 5 17 O Outbound Rules default definition 4 2 field descriptions 4 3 order of precedence 4 7 service blocking 4 2 outbound rules 4 2 Outbound...

Page 192: ...7 reducing traffic 5 2 Block Sites 5 4 Service Blocking 5 2 Source MAC Filtering 5 5 remote management 5 10 access 5 10 configuration 5 10 requirements hardware D 3 Reserved IP Address 3 10 Reserved...

Page 193: ...raffic D 7 sniffer 6 3 SNMP about 5 11 configuring 5 11 global access 5 12 host only access 5 12 subnet access 5 12 SNMP screen 5 12 Source MAC Filtering reducing traffic 5 5 Source Network Add Protoc...

Page 194: ...cing 2 14 viewing logs 5 20 W WAN configuring Advanced options 2 20 configuring WAN Mode 2 11 WAN Failure Detection Method 2 11 2 12 WAN Mode 2 12 WAN Port 1 status 2 4 WAN Ports monitoring status 5 2...