Netgear orporated FWG114PV2 ProSafe 802.11g Wireless Firewall/Print Server User Manual FullManual

Netgear Incorporated ProSafe 802.11g Wireless Firewall/Print Server FullManual

Contents

Users Manual Part 1

March 2004, 202-10027-01202-10027-01 Version 2.0March 2004NETGEAR, Inc.4500 Great America Parkway Santa Clara, CA 95054 USAReference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
~~ 2004 by NETGEAR, Inc. All rights reserved.,TrademarksNETGEAR is a trademark of Netgear, Inc.Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.Other brand and product names are registered trademarks or trademarks of their respective holders.Statement of Conditions .In the interest of improving internal design, operational function, and/or reliability,NETGEAR reserves the right tomake changes to the products described in this document without notice.NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuitlayout(s) described herein.Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice ......, This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant topart 15of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in aresidential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed andused in accordance with the instructions, may cause harmful interference to radio communications. However, there is noguarantee that interference will not occur in a particular installation. Ifthis equipment does cause harmful interference toradio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to tryto correct the interference by one Ol)omoreof the following measures:Reorient or relocate the receiving antenna.Increase the separation between the equipment and receiver.Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.Consult the dealer or an experienced radio/TV technician for help.FCC Caution1. FCC RF Radiation Exposure Statement: The equipment complies with FCC RF radiation exposure limits set forthfor an un.controlled environment. This equipment should be installed and operated with a minimum distance of20centimeters between the radiator and your body.This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.Changes or modifications to this unit not expressly approved by the party responsible for compliance could void theuser authority to operate the equipment.2.3.EN 55 022 Declaration of ConformanceThis is to certify that the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P is shielded against thegeneration ofradio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a.Conformity is declared by the application of EN 55022 Class B (CISPR 22).This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:(1) This device may not cause harmful interference, and (2) This device must accept any interference received,including interference that may cause undesired operation.iiMarch 2004,202-10027-01"."
March 2004, 202-10027-01iiiBestätigung des Herstellers/ImporteursEs wird hiermit bestätigt, daß das ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.Certificate of the Manufacturer/ImporterIt is hereby certified that the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions. Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations. Voluntary Control Council for Interference (VCCI) StatementThis equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.
March 2004, 202-10027-01iv
Contents vMarch 2004, 202-10027-01ContentsChapter 1 About This ManualAudience, Conventions, Scope ......................................................................................1-1How to Use this Manual ..................................................................................................1-2How to Print this Manual .................................................................................................1-3Chapter 2 IntroductionKey Features of the FWG114P .......................................................................................2-1Full Routing on Both the Broadband and Serial Ports .............................................2-2802.11g and 802.11b Wireless Networking ..............................................................2-2Virtual Private Networking ........................................................................................2-3A Powerful, True Firewall with Content Filtering ......................................................2-3Security ....................................................................................................................2-4Autosensing Ethernet Connections with Auto Uplink ...............................................2-4Extensive Protocol Support ......................................................................................2-4Easy Installation and Management ..........................................................................2-5Package Contents ..........................................................................................................2-6The FWG114P Front Panel ......................................................................................2-7The FWG114P Rear Panel ......................................................................................2-8Chapter 3 Connecting the FWG114P to the InternetWhat You Will Need Before You Begin ...........................................................................3-1Cabling and Computer Hardware Requirements .....................................................3-1Computer Network Configuration Requirements .....................................................3-1Internet Configuration Requirements .......................................................................3-2Where Do I Get the Internet Configuration Parameters? .........................................3-2Record Your Internet Connection Information ..........................................................3-3Connecting the FWG114P Wireless Firewall/Print Server ..............................................3-4Verify That Basic Requirements Are Met .................................................................3-4
March 2004, 202-10027-01vi ContentsBasic Setup Troubleshooting Tips ..................................................................................3-9FWG114P Setup Wizard Auto Detection ........................................................................3-9Wizard-Detected Login Account Setup ..................................................................3-10Wizard-Detected Dynamic IP Account Setup .........................................................3-12Wizard-Detected Fixed IP Account Setup ..............................................................3-13How to Configure the Serial Port as the Primary Internet Connection .........................3-14Testing Your Internet Connection ..................................................................................3-16Manually Configuring Your Internet Connection ...........................................................3-17How to Manually Configure the Primary Internet Connection ................................3-18Chapter 4 Wireless ConfigurationObserving Performance, Placement, and Range Guidelines .........................................4-1Implementing Appropriate Wireless Security ..................................................................4-2Understanding Wireless Settings ...................................................................................4-3Default Factory Settings ...........................................................................................4-7Before You Change the SSID and WEP Settings ....................................................4-8How to Set Up and Test Basic Wireless Connectivity ..............................................4-9How to Restrict Wireless Access by MAC Address ...............................................4-10How to Configure WEP .......................................................................................... 4-11How to Configure WPA ..........................................................................................4-12How to Configure WPA-PSK ..................................................................................4-13Chapter 5 Serial Port ConfigurationConfiguring a Serial Port Modem ...................................................................................5-2Basic Requirements for Serial Port Modem Configuration .......................................5-2How to Configure a Serial Port Modem ....................................................................5-2Configuring Auto-Rollover ..............................................................................................5-3Basic Requirements for Auto-Rollover .....................................................................5-3How to Configure Auto-Rollover ...............................................................................5-3Configuring Dial-in on the Serial Port .............................................................................5-4Basic Requirements for Dial-in .................................................................................5-5How to Configure Dial-in ..........................................................................................5-5Configuring LAN-to-LAN Settings ...................................................................................5-6Basic Requirements for LAN-to-LAN Connections ..................................................5-6How to Configure LAN-to-LAN Connections ............................................................5-6
Contents viiMarch 2004, 202-10027-01Chapter 6 Firewall Protection and Content FilteringFirewall Protection and Content Filtering Overview ........................................................6-1Using the Block Sites Menu to Screen Content ..............................................................6-1Services and Rules Regulate Inbound and Outbound Traffic .........................................6-3Defining a Service ....................................................................................................6-3Using Inbound/Outbound Rules to Block or Allow Services .....................................6-4Examples of Using Services and Rules to Regulate Traffic ...........................................6-6Inbound Rules (Port Forwarding) .............................................................................6-6Example: Port Forwarding to a Local Public Web Server ..................................6-7Example: Port Forwarding for Videoconferencing .............................................6-8Example: Port Forwarding for VPN Tunnels when NAT is Off ...........................6-8Outbound Rules (Service Blocking or Port Filtering) ................................................6-9Outbound Rule Example: Blocking Instant Messaging ....................................6-10Other Rules Considerations .........................................................................................6-10Order of Precedence for Rules .............................................................................. 6-11Rules Menu Options ............................................................................................... 6-11Using a Schedule to Block or Allow Content or Traffic .................................................6-12Setting the Time Zone ............................................................................................6-13Getting E-Mail Notifications of Event Logs and Alerts ..................................................6-13Viewing Logs of Web Access or Attempted Web Access .............................................6-16What to Include in the Event Log ...........................................................................6-17Chapter 7 Print ServerPrinting Options ..............................................................................................................7-1For Windows XP and 2000, Use TCP/IP LPR Printing ...................................................7-2For Windows 95/98/Me, Use the Netgear Printer Port Driver .........................................7-5Printing from the Macintosh ............................................................................................7-8Windows Printer Port Management ................................................................................7-9Troubleshooting the Print Server ..................................................................................7-11Chapter 8 Virtual Private NetworkingOverview of FWG114P Policy-Based VPN Configuration ..............................................8-1Using Policies to Manage VPN Traffic .....................................................................8-2Using Automatic Key Management ..........................................................................8-2
March 2004, 202-10027-01viii ContentsIKE Policies’ Automatic Key and Authentication Management ................................8-3VPN Policy Configuration for Auto Key Negotiation .................................................8-6VPN Policy Configuration for Manual Key Exchange ...............................................8-9Using Digital Certificates for IKE Auto-Policy Authentication .......................................8-14Certificate Revocation List (CRL) ...........................................................................8-14Walk-Through of Configuration Scenarios on the FWG114P .......................................8-15How to Use the VPN Wizard to Configure a VPN Tunnel .............................................8-15VPNC Scenario 1: Gateway to Gateway with Preshared Secrets .........................8-19Scenario 1: FWG114P to FWG114P with Preshared Secrets ................................8-20How to Check VPN Connections ...........................................................................8-24VPNC Scenario 2: Gateway-to-Gateway with Certificates .....................................8-25Scenario 2: FWG114P to FWG114P with Certificates ...........................................8-26Netgear VPN Client to FWG114P .................................................................................8-32Configuration Profile ...............................................................................................8-32Step-By-Step Configuration of FWG114P Gateway .....................................................8-33Step-By-Step Configuration of the Netgear VPN Client ...............................................8-38Testing the VPN Connection .........................................................................................8-45From the Client PC to the FWG114P .....................................................................8-45From the FWG114P to the Client PC .....................................................................8-46Monitoring the PC VPN Connection .............................................................................8-46Viewing the FWG114P VPN Status and Log Information .............................................8-47Chapter 9 MaintenanceViewing Wireless Firewall/Print Server Status Information .............................................9-1Viewing a List of Attached Devices .................................................................................9-5Upgrading the Router Software ......................................................................................9-6Configuration File Management .....................................................................................9-6Restoring and Backing Up the Configuration ...........................................................9-7Erasing the Configuration .........................................................................................9-8Changing the Administrator Password ...........................................................................9-8Chapter 10 Advanced ConfigurationUsing the WAN Setup Options .....................................................................................10-1How to Configure Dynamic DNS ..................................................................................10-3Using the LAN IP Setup Options ..................................................................................10-5
Contents ixMarch 2004, 202-10027-01Configuring LAN TCP/IP Setup Parameters ..........................................................10-5Using the Router as a DHCP server ......................................................................10-7Using Address Reservation ....................................................................................10-7Configuring Static Routes .............................................................................................10-8Enabling Remote Management Access .....................................................................10-10Using Universal Plug and Play (UPnP) ......................................................................10-11Advanced Wireless Settings .......................................................................................10-12Chapter 11 TroubleshootingBasic Functioning .........................................................................................................11-1Power LED Not On ................................................................................................. 11-1LEDs Never Turn Off ..............................................................................................11-2LAN or Internet Port LEDs Not On .........................................................................11-2Troubleshooting the Web Configuration Interface ........................................................ 11-3Troubleshooting the ISP Connection ............................................................................ 11-4Troubleshooting a TCP/IP Network Using a Ping Utility ...............................................11-5Testing the LAN Path to Your Router ..................................................................... 11-5Testing the Path from Your Computer to a Remote Device ...................................11-6Restoring the Default Configuration and Password ......................................................11-7Problems with Date and Time .......................................................................................11-7Appendix A Technical SpecificationsAppendix B Networks, Routing, and Firewall BasicsRelated Publications ...................................................................................................... B-1Basic Router Concepts .................................................................................................. B-1What is a Router? ................................................................................................... B-1Routing Information Protocol ................................................................................... B-2IP Addresses and the Internet ................................................................................. B-2Netmask .................................................................................................................. B-4Subnet Addressing .................................................................................................. B-4Private IP Addresses ............................................................................................... B-7Single IP Address Operation Using NAT ................................................................. B-7MAC Addresses and Address Resolution Protocol ................................................. B-9Related Documents ................................................................................................. B-9
March 2004, 202-10027-01xContentsDomain Name Server .............................................................................................. B-9IP Configuration by DHCP .................................................................................... B-10Internet Security and Firewalls .................................................................................... B-10What is a Firewall? .................................................................................................B-11Stateful Packet Inspection ......................................................................................B-11Denial of Service Attack .........................................................................................B-11Ethernet Cabling ...........................................................................................................B-11Category 5 Cable Quality ...................................................................................... B-12Inside Twisted Pair Cables .................................................................................... B-13Uplink Switches, Crossover Cables, and MDI/MDIX Switching ............................ B-14Appendix C Preparing Your NetworkPreparing Your Computers for TCP/IP Networking ....................................................... C-1Configuring Windows 95, 98, and Me for TCP/IP Networking ....................................... C-2Install or Verify Windows Networking Components ................................................. C-2Enabling DHCP to Automatically Configure TCP/IP Settings ................................. C-4Selecting Windows’ Internet Access Method .................................................... C-4Verifying TCP/IP Properties .................................................................................... C-5Configuring Windows NT, 2000 or XP for IP Networking ............................................... C-5Installing or Verifying Windows Networking Components ....................................... C-5Verifying TCP/IP Properties .................................................................................... C-6Configuring the Macintosh for TCP/IP Networking ........................................................ C-6MacOS 8.6 or 9.x .................................................................................................... C-6MacOS X ................................................................................................................. C-7Verifying TCP/IP Properties for Macintosh Computers ........................................... C-8Verifying the Readiness of Your Internet Account ......................................................... C-9Are Login Protocols Used? ..................................................................................... C-9What Is Your Configuration Information? ................................................................ C-9Obtaining ISP Configuration Information for Windows Computers ....................... C-10Obtaining ISP Configuration Information for Macintosh Computers ..................... C-11Restarting the Network ................................................................................................ C-12Appendix D Firewall Log FormatsAction List ...................................................................................................................... D-1Field List ........................................................................................................................ D-1
Contents xiMarch 2004, 202-10027-01Outbound Log ................................................................................................................ D-1Inbound Log ................................................................................................................... D-2Other IP Traffic .............................................................................................................. D-2Router Operation ........................................................................................................... D-3Other Connections and Traffic to this Router ................................................................ D-4DoS Attack/Scan ........................................................................................................... D-4Access Block Site .......................................................................................................... D-6All Web Sites and News Groups Visited ........................................................................ D-6System Admin Sessions ................................................................................................ D-6Policy Administration LOG ............................................................................................. D-7Appendix E Wireless Networking BasicsWireless Networking Overview ...................................................................................... E-1Infrastructure Mode ................................................................................................. E-1Ad Hoc Mode (Peer-to-Peer Workgroup) ................................................................ E-2Network Name: Extended Service Set Identification (ESSID) ................................ E-2Authentication and WEP Data Encryption ..................................................................... E-2802.11 Authentication .............................................................................................. E-3Open System Authentication ................................................................................... E-3Shared Key Authentication ...................................................................................... E-4Overview of WEP Parameters ................................................................................ E-5Key Size .................................................................................................................. E-6WEP Configuration Options .................................................................................... E-7Wireless Channels ......................................................................................................... E-7WPA Wireless Security .................................................................................................. E-8How Does WPA Compare to WEP? ........................................................................ E-9How Does WPA Compare to IEEE 802.11i? ........................................................ E-10What are the Key Features of WPA Security? ...................................................... E-10WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS .................................................. E-12WPA Data Encryption Key Management ........................................................ E-14Is WPA Perfect? .................................................................................................... E-16Product Support for WPA ...................................................................................... E-16Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged ...... E-16Changes to Wireless Access Points ............................................................... E-17Changes to Wireless Network Adapters ......................................................... E-17
March 2004, 202-10027-01xii ContentsChanges to Wireless Client Programs ............................................................ E-18Appendix F Virtual Private NetworkingWhat is a VPN? ..............................................................................................................F-1What is IPSec and How Does It Work? ..........................................................................F-2IPSec Security Features ..........................................................................................F-2IPSec Components ..................................................................................................F-2Encapsulating Security Payload (ESP) ....................................................................F-3Authentication Header (AH) .....................................................................................F-4IKE Security Association ..........................................................................................F-4Mode ..................................................................................................................F-5Key Management .....................................................................................................F-6Understand the Process Before You Begin ....................................................................F-6VPN Process Overview ..................................................................................................F-7Network Interfaces and Addresses ..........................................................................F-7Interface Addressing ..........................................................................................F-7Firewalls ............................................................................................................F-8Setting Up a VPN Tunnel Between Gateways .........................................................F-8VPNC IKE Security Parameters ...................................................................................F-10VPNC IKE Phase I Parameters ..............................................................................F-10VPNC IKE Phase II Parameters .............................................................................F-11Testing and Troubleshooting .........................................................................................F-11Additional Reading .......................................................................................................F-11Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG114PConfiguration Template ..................................................................................................G-1Step-By-Step Configuration of FVS318 or FVM318 Gateway A ....................................G-2Step-By-Step Configuration of FWG114P Gateway B ...................................................G-5Test the VPN Connection ..............................................................................................G-9Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328Configuration Template .................................................................................................. H-1Using DDNS and Fully Qualified Domain Names (FQDN) ..................................... H-2Step-By-Step Configuration of FVS318 or FVM318 Gateway A .................................... H-3
Contents xiiiMarch 2004, 202-10027-01Step-By-Step Configuration of FVS328 Gateway B ....................................................... H-7Test the VPN Connection ............................................................................................ H-11 GlossaryList of Glossary Terms ...................................................................................................G-1 Index
March 2004, 202-10027-01xiv Contents
About This Manual 1-1March 2004, 202-10027-01Chapter 1 About This ManualCongratulations on your purchase of the NETGEAR® ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P. This chapter introduces important features of this manual.Audience, Conventions, Scope This reference manual assumes that the reader has basic-to-intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and networking technology tutorial information is provided in the appendices.This guide uses the following typographical conventions:This guide uses the following formats to highlight special messages: This manual is written according to these specifications.Table 1. Typographical conventionsitalics Emphasis, books, CDs, URL namesbold times roman User inputcourier font Screen text, file and server names, extensions, commands, IP addressesNote: This format is used to highlight information of importance or special interest.Table 1-1. Manual SpecificationsProduct Version ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2Firmware Version Version 2 Release 06Manual Veraion and Publication Date Manual Version 2.0, March 2004Note: Product updates are available on the NETGEAR, Inc. Web site at http://kbserver.netgear.com/products/FWG114P.asp.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P1-2 About This ManualMarch 2004, 202-10027-01How to Use this ManualThe HTML version of this manual includes a variety of navigation features as well as links to PDF versions of the full manual and individual chapters. Figure Preface -2: HTML version of this manual1. Left pane. Use the left pane to view the Contents, Index, Search, and Favorites tabs. To view the HTML version of the manual, you must have a version 4 or later IE or Netscape browser with JavaScript enabled.2. Toolbar buttons. Use the toolbar buttons across the top to navigate, print pages, and more.The Show in Contents button locates the current topic in the Contents tab.Previous/Next buttons display the previous or next topic.The PDF button links to a PDF version of the full manual.The Print button prints the current topic. Using this button when a step-by-step procedure is displayed will send the entire procedure to your printer. You do not have to worry about specifying the correct range of pages.3. Right pane. Use the right pane to view the contents of the manual. Also, each page of the manual includes a link at the top right which links to a PDF file containing just the currently selected chapter of the manual.123
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PAbout This Manual 1-3March 2004, 202-10027-01How to Print this ManualTo print this manual you may choose one of the following options, according to your needs:•Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on the upper right of the toolbar to print the currently displayed topic. Using this button when a step-by-step procedure is displayed will send the entire procedure to your printer. You do not have to worry about specifying the correct range of pages. •Printing a Chapter. Use the link at the top right of any page.– Click the “PDF of This Chapter” link at the top right of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. Note: Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.– Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.•Printing the Full Manual. Use the PDF button in the toolbar at the top right of the browser window.– Click the PDF button on the upper right of the toolbar. The PDF version of the chapter you were viewing opens in a browser window. – Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P1-4 About This ManualMarch 2004, 202-10027-01
Introduction 2-1March 2004, 202-10027-01Chapter 2 IntroductionThis chapter describes the features of the NETGEAR ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P.Key Features of the FWG114PThe ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P, with a 4-port switch, connects your LAN to the Internet through a broadband modem. With auto fail-over connectivity through the serial port, the FWG114P provides highly reliable Internet access. The FWG114P is a complete security solution that protects your network from attacks and intrusions and enables secure communications using Virtual Private Networks (VPNs). Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FWG114P uses Stateful Packet Inspection for Denial of Service attack (DoS) attack protection and intrusion detection. The FWG114P allows Internet access for up to 253 users. It provides multiple Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. Parents or network administrators can establish restricted access policies based on time-of-day, Web site addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal computers. With minimum setup, you can install and use the router within minutes. The FWG114P Wireless Firewall/Print Server provides the following features:• 802.11g and 802.11b standards-based wireless networking.• Easy, Web-based setup for installation and management.• Supports two VPN tunnels, Content Filtering, and Site Blocking Security.• Built-in 4-port 10/100 Mbps Switch and USB 2.0 Printer Port.• Ethernet and Serial ports for connection to a WAN device, such as a broadband modem.• Extensive Protocol Support.• Login capability.• Front panel LEDs for easy monitoring of status and activity.• Flash memory for firmware upgrade.• NAT off (classical routing).
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P2-2 IntroductionMarch 2004, 202-10027-01Full Routing on Both the Broadband and Serial PortsYou can install, configure, and operate the FWG114P to take full advantage of a variety of routing options on both the serial and broadband WAN ports, including:• Internet access via either the serial or broadband port.• Auto fail-over connectivity through an analog or ISDN modem connected to the serial port. If the broadband Internet connection fails, after waiting for an amount of time you specify, the FWG114P can automatically establish a backup ISDN or dial-up Internet connection via the serial port on the firewall.• Remote Access Server (RAS) that allows you to log in remotely through the serial port to access a server on your LAN, other LAN resources, or the Internet, based on a user name and password you define.• LAN-to-LAN access between two FWG114P wireless firewall/print servers through the serial port, with the option of enabling auto-failover Internet access across the serial LAN-to-LAN connection.802.11g and 802.11b Wireless NetworkingThe FWG114P Wireless Firewall/Print Server includes an 802.11g-compliant wireless access point. The access point provides:• 802.11b standards-based wireless networking at up to 11 Mbps.• 802.11g wireless networking at up to 54 Mbps, which conforms to the 802.11g standard.• WPA enterprise class strong security with RADIUS and certificate authentication as well as dynamic encryption key generation.• WPA-PSK pre-shared key authentication without the overhead of RADIUS servers but with all of the strong security of WPA.• 64-bit and 128-bit WEP encryption security.• WEP keys can be generated manually or by passphrase.• Wireless access can be restricted by MAC Address.• Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PIntroduction 2-3March 2004, 202-10027-01Virtual Private NetworkingThe FWG114P Wireless Firewall/Print Server provides a secure encrypted connection between your local network and remote networks or clients. Its VPN features include: • Support for up to 2 simultaneous VPN connections.• Support for industry standard VPN protocols.The ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P supports standard keying methods (Manual or IKE), standard authentication methods (MD5 and SHA-1), and standard encryption methods (DES, 3DES). It is compatible with many other VPN products.• Support for up to 168 bit encryption (3DES) for maximum security.• Support for VPN Main Mode, Aggressive mode, or Manual Keying.• Support for Fully Qualified Domain Name (FQDN) configuration when the Dynamic DNS feature is enabled with one of the supported service providers. A Powerful, True Firewall with Content FilteringUnlike simple Internet sharing NAT routers, the FWG114P is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:• DoS protection.Automatically detects and thwarts DoS attacks, such as Ping of Death, SYN Flood, LAND Attack, and IP Spoofing.• Blocks unwanted traffic from the Internet to your LAN.• Blocks access from your LAN to Internet locations or services that you specify as off-limits.• Logs security incidents.The FWG114P will log security events, such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the router to e-mail the log to you at specified intervals. You can also configure the router to send immediate alert messages to your e-mail address or e-mail pager whenever a significant event occurs.• With its content filtering feature, the FWG114P prevents objectionable content from reaching your PCs. The router allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the router to log and report attempts to access objectionable Internet sites.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P2-4 IntroductionMarch 2004, 202-10027-01SecurityThe FWG114P Wireless Firewall/Print Server is equipped with several features designed to maintain security, as described in this section:• PCs hidden by NAT.NAT opens a temporary path to the Internet for requests originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN.• Port forwarding with NAT.Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the router allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request, or to one designated “DNS” host computer. You can specify forwarding of single ports or ranges of ports.Autosensing Ethernet Connections with Auto Uplink With its internal 8-port 10/100 switch, the FWG114P can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation. The router incorporates Auto UplinkTM technology. Each Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’ connection, such as to a computer, or an ‘uplink’ connection, such as to a switch or hub. That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.Extensive Protocol SupportThe FWG114P Wireless Firewall/Print Server supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to Appendix B, “Network, Routing, and Firewall Basics.”
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PIntroduction 2-5March 2004, 202-10027-01• The ability to enable or disable IP address sharing by NAT.The FWG114P allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account. This feature can also be turned off completely for using the FWG114P in settings where you want to manage the IP address scheme of your organization.• Automatic configuration of attached PCs by DHCP.The FWG114P Wireless Firewall/Print Server dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.• DNS Proxy.When DHCP is enabled and no DNS addresses are specified, the router provides its own address as a DNS server to the attached PCs. The router obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.• PPP over Ethernet (PPPoE).PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program, such as Entersys or WinPOET on your computer.• PPTP login support for European ISPs, BigPond login for Telstra cable in Australia.• Classical IP (RFC 1577).Some Internet service providers, in Europe for example, use Classical IP in their ADSL services. In such cases, the firewall is able to use the Classical IP address from the ISP.Easy Installation and ManagementYou can install, configure, and operate the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P within minutes after connecting it to the network. The following features simplify installation and management tasks:• Automatic fail-over connectivity through an analog or ISDN modem connected to the serial port. If the broadband modem Internet connection fails, after waiting for an amount of time you specify, the FWG114P can automatically establish a backup ISDN or dial-up Internet connection via the serial port on the firewall.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P2-6 IntroductionMarch 2004, 202-10027-01• Browser-based management.Browser-based configuration allows you to easily configure your router from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help documentation is built into the browser-based Web Management Interface.• Smart Wizard.The FWG114P Wireless Firewall/Print Server automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account.• Diagnostic functions.The firewall incorporates built-in diagnostic functions, such as Ping, DNS lookup, and remote reboot.• Remote management.The firewall allows you to log in to the Web Management Interface from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.• Visual monitoring.The FWG114P Wireless Firewall/Print Server’s front panel LEDs provide an easy way to monitor its status and activity.• Regional support, including ISPs like Telstra DSL and BigPond, or Deutsche Telekom.• Flash memory for firmware upgrades.Package ContentsThe product package should contain the following items:• ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P.•AC power adapter.• Category 5 (Cat 5) Ethernet cable.• FWG114P Installation Guide (M-10150-02).•Resource CD for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P (SW-10023-02), including:— This manual.— Application Notes and other helpful information.• Registration and Warranty Card.If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the router for repair.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PIntroduction 2-7March 2004, 202-10027-01The FWG114P Front PanelThe front panel of the FWG114P contains the status LEDs. Use the LEDs to verify various operations. Viewed from left to right, Table 2-1 describes the LEDs on the front of the router.Figure 2-1: FWG114P Front PanelTable 2-1. LED DescriptionsLabel Activity DescriptionPOWER On Power is supplied to the firewall.TEST OnOff The system is initializing.The system is ready and running.PRINTER ACT OnBlinking The printer is connected and powered on.Data is being transmitted or received by the Printer port.ALERT On (Amber) The printer has a problem, such as out of paper, out of ink, or a paper jam.MODEM ACT Blinking Data is being transmitted or received by the Modem port.LINK On (Amber) The port has detected a link with an attached device. INTERNET Note: The operation of these LEDs depends on how the WAN port is configured. 100 (100 Mbps) OnOff The Internet (WAN) port is operating at 100 Mbps.The Internet (WAN) port is operating at 10 Mbps.LINK/ACT (Link/Activity) OnBlinking The Internet port has detected a link with an attached device.Data is being transmitted or received by the Internet port.LOCAL 100 (100 Mbps) OnOff The Local port is operating at 100 Mbps.The Local port is operating at 10 Mbps.LINK/ACT (Link/Activity) OnBlinking The Local port has detected a link with an attached device.The Local port is transmitting or receiving data.WLAN OnBlinking The Wireless (WLAN) port is operating.The Wireless (WLAN) port is transmitting or receiving data.ProSafe 802.11g Wireless Firewall/Print ServerBroadband MODEL FWG114PPWRPR IN TER MO DEM IN TERN ET LOCA L W LANTESTACTALERTACTLINK1001234LNK/ACT100LNK/ACT
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P2-8 IntroductionMarch 2004, 202-10027-01The FWG114P Rear PanelThe rear panel of the FWG114P Wireless Firewall/Print Server contains the port connections listed below.Figure 1-2: FWG114P Rear PanelViewed from left to right, the rear panel contains the following features:• Wireless antenna.• DB-9 serial port for modem connection.• USB 2.0 Printer Port.• Factory Default Reset push button.• Four Ethernet LAN ports.• Internet Ethernet WAN port for connecting the router to a broadband modem.• AC power adapter outlet.12VDC, 1.0A4321IN TERN ETLO CA L10/100MUSBMODEM
Connecting the FWG114P to the Internet 3-1March 2004, 202-10027-01Chapter 3 Connecting the FWG114P to the InternetThis chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You will find out how to configure your ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P for Internet access using the Setup Wizard, or how to manually configure your Internet connection.What You Will Need Before You BeginYou need to prepare these three things before you begin:1. An active Internet service, such as those provided by a cable or DSL broadband account.2. Locate the Internet Service Provider (ISP) configuration information for your broadband account. 3. Connect the router to a broadband modem and a computer as explained below.Cabling and Computer Hardware RequirementsTo use the FWG114P Wireless Firewall/Print Server on your network, each computer must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable, such as the one provided with your router.Computer Network Configuration RequirementsThe FWG114P includes a built-in Web Configuration Manager. To access the configuration menus on the FWG114P, you must use a Java-enabled Web browser program that supports HTTP uploads, such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer or Netscape Navigator versions 4.0 or above. Free browser programs are readily available for Windows, Macintosh, or UNIX/Linux.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-2 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01For the initial connection to the Internet and configuration of your router, you will need to connect a computer to the router that is set to automatically get its TCP/IP configuration from the router via DHCP.Note: For help with DHCP configuration, please refer to Appendix C, “Preparing Your Network.”The cable or DSL modem broadband access device must provide a standard 10 Mbps (10BASE-T) Ethernet interface.Internet Configuration RequirementsDepending on how your ISP set up your Internet account, you might need one or more of these configuration parameters to connect your router to the Internet: • Host and Domain Names.• ISP login name and password.• ISP Domain Name Server (DNS) Addresses.• Fixed IP address which is also known as static IP address.Where Do I Get the Internet Configuration Parameters?There are several ways you can gather the required Internet connection information:• Your ISP provides all the information needed to connect to the Internet. If you cannot locate this information, you can ask your ISP to provide it or you can try one of the options below.• If you have a computer already connected using the active Internet access account, you can gather the configuration information from that computer.— For Windows 95/98/ME, open the Network control panel, select the TCP/IP entry for the Ethernet adapter, and click Properties. Record all the settings for each tab page.— For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP entry for the Ethernet adapter, and click Properties. Record all the settings for each tab page.— For Macintosh computers, open the TCP/IP or Network control panel. Record all the settings for each section.•You may also refer to the FWG114P Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs.Once you locate your Internet configuration parameters, you may want to record them on the following form:
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-3March 2004, 202-10027-01Record Your Internet Connection InformationPrint this page. Fill in the configuration parameters from your Internet Service Provider (ISP).ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. For AOL customers, the login name is their primary screen name. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs. If you connect using a login name and password, then fill in the following:Login Name: ______________________________ Password: ____________________________Service Name: _____________________________ Fixed or Static IP Address: If you have a static IP address, record the following information. For example, 169.254.141.148 could be a valid IP address.Fixed or Static Internet IP Address: ______.______.______.______Gateway IP Address: ______.______.______.______Subnet Mask: ______.______.______.______ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following:Primary DNS Server IP Address: ______.______.______.______Secondary DNS Server IP Address: ______.______.______.______Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or home. If you have not been given host or domain names, you can use the following examples as a guide:• If your main e-mail account with your ISP is aaa@yyy.com, then use aaa as your host name. Your ISP might call this your account, user, host, computer, or system name. • If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name.ISP Host Name: _________________________ ISP Domain Name: _______________________Serial Port Internet Access: If you use a dial-up account, record the following: Account/User Name: _________________________ Password: _________________________ Telephone number: ______________________ Alternative number: ______________________
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-4 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01Connecting the FWG114P Wireless Firewall/Print ServerThis section provides instructions for connecting the FWG114P Wireless Firewall/Print Server. Also, the Resource CD for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P (SW-10023-02), included with your router, contains an animated Installation Assistant to help you through this procedure.Verify That Basic Requirements Are MetAssure that the following requirements are met:• You have your broadband Internet service settings handy.• The computer is configured to obtain an IP address automatically via DHCP. For instructions on how to do this, please see the Reference Manual on the Resource CD for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P (SW-10023-02).1. CONNECT THE WIRELESS FIREWALL/PRINT SERVER a. Turn off your computer and cable or DSL modem.b. Disconnect the Ethernet cable (A) from your computer which connects to the broadband modem.Figure 3-1: Disconnect the broadband modem&DEOHRU'6/PRGHPADisconnectfromcomputer
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-5March 2004, 202-10027-01c. Securely insert the Ethernet cable from your broadband modem into the Internet port (B) on the FWG114P.Figure 3-2: Connect the broadband modem to the routerd. Securely insert one end of the Ethernet cable that came with your wireless firewall/print server into a Local port on the router, such as Local port 4 (C), and the other end into the Ethernet port of your computer (D).Figure 3-3: Connect the computers on your network to the routerNote: The FWG114P incorporates Auto UplinkTM technology which eliminates the need to worry about crossover cables by automatically adjusting to the cable type. 12VDC, 1.0A4321INTERN ETLOC A L10/100MUSBMODEMBroadband modemBInternet Port12VDC, 1.0A4321INTERN ETLOC A L10/100MUSBMODEMBroadband modemDCLocal Port 4
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-6 Connecting the FWG114P to the InternetMarch 2004, 202-10027-012. RESTART YOUR NETWORK IN THE CORRECT SEQUENCEWarning: Failure to restart your network in the correct sequence could prevent you from connecting to the Internet.a. First, turn on the broadband modem and wait 2 minutes.b. Now, turn on your wireless firewall/print server. c. Last, turn on your computer. Note: If software usually logs you in to the Internet, do not run that software, or cancel it if it starts automatically. Figure 3-4: Verify the connections to the firewalld. Check the status lights and verify the following:•Power: The power light goes on when your turn the wireless firewall/print server on.•Test: The test light turns on, then goes off after less than a minute.•Local: A Local light on the router is lit. If no Local lights are lit, check that the Ethernet cable connecting the powered on computer to the router is securely attached at both ends.•Internet: The Internet light on the wireless firewall/print server is lit. If the Internet light is not lit, make sure the Ethernet cable is securely attached to the wireless firewall/print server Internet port and the powered on modem.ProSafe 802.11g Wireless Firewall/Print ServerBroadband MODEL FWG114PPWRPRIN TER MO DEM IN TERNET LOCAL W LANTESTACTALERTACTLINK1001234LNK/ACT100LNK/ACTPower Test Internet Port Local Port 4
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-7March 2004, 202-10027-013. LOG IN TO THE WIRELESS FIREWALL/PRINT SERVERa. From your PC, launch your Internet browser. Because you are not yet connected to the Internet, your browser will display a page not found message.b. Connect to the wireless firewall/print server by typing http://192.168.0.1 in the address field of Internet Explorer or Netscape® Navigator. Figure 3-5: Log in to the firewallc. Enter admin for the router user name and password for the router password, both in lower case letters.A login window opens as shown here:Figure 3-6: Login windowd. After logging in to the router, you will see the Internet connection Setup Wizard on the settings main page.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-8 Connecting the FWG114P to the InternetMarch 2004, 202-10027-014. RUN THE SETUP WIZARD TO CONNECT TO THE INTERNETFigure 3-7: Setup Wizard a. You are now connected to the router. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu. b. Choose NAT or Classical Routing. Typically, NAT is used. NAT automatically assigns private IP addresses (192.168.0.x) to LAN connected devices. Classical routing lets you directly manage the IP addresses the FWG114P uses. Note: If you choose not to use NAT, each computer on the LAN connected to the FWG114P must have a valid public IP address in the same subnet as the Wan port of the FWG114P. For more information on NAT, please see “Single IP Address Operation Using NAT” on page B-7. Furthermore, if you turn NAT off and plan to use VPN, you will have to open UDP port 500 in the Security settings according to the instructions at c. Click Next to proceed. Input your ISP settings, as needed.d. At the end of the Setup Wizard, click the Test button to verify your Internet connection and register your product. If you have trouble connecting to the Internet, use the Troubleshooting Tips below to correct basic problems, or refer to the Reference Manual on the CD.If you were unable to connect to the firewall, please refer to Basic Functioning “Basic Functioning” on page 11-1.You are now connected to the Internet!Note: For wireless placement and range guidelines, and wireless configuration instructions, please see Chapter 4, “Wireless Configuration.”
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-9March 2004, 202-10027-01Basic Setup Troubleshooting TipsHere are some tips for correcting simple problems that prevent with you from connecting to the Internet or connecting to the wireless firewall/print server.Be sure to restart your network in the correct sequence. Follow this sequence. Turn off the modem, wireless firewall/print server, and computer. Turn on the modem first and wait two minutes. Next, turn on the wireless firewall/print server, and finally the computer. Make sure the Ethernet cables are securely plugged in. • For each powered on computer connected to the wireless firewall/print server with a securely plugged in Ethernet cable, the corresponding wireless firewall/print server Local port status light will be lit. The label on the bottom of the wireless firewall/print server identifies the number of each Local port. • The Internet port status light on the wireless firewall/print server will be lit if the Ethernet cable from the wireless firewall/print server to the modem is plugged in securely and the modem and wireless firewall/print server are turned on. Make sure the network settings of the computer are correct. LAN connected computers must be configured to obtain an IP address automatically via DHCP, unless you have turned NAT off and are managing the IP addresses directly. For instructions on these configuration settings, please see the Reference Manual on the Resource CD for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P (SW-10023-02).FWG114P Setup Wizard Auto DetectionThere are two ways you can configure your firewall to connect to the Internet:• Let the FWG114P auto-detect the type of Internet connection you have and configure it.• Manually choose which type of Internet connection you have and configure it.These options are described below. Unless your ISP uses DHCP, you will need the parameters from your ISP you entered in “Record Your Internet Connection Information” on page 3.The Setup Wizard will can check for the following connection types:• Dynamic IP assignment• A login protocol, such as PPPoE
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-10 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01• Fixed IP address assignmentNext, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration menu. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your firewall and the cable or DSL modem. When the connection is properly made, the firewall’s Internet LED should be on.The procedures for filling in the configuration menu for each type of connection follow below.Wizard-Detected Login Account SetupIf the Setup Wizard determines that your Internet service account uses a login protocol, such as PPP over Ethernet (PPPoE), you will be directed to a menu like the PPPoE menu in Figure 3-8:Figure 3-8: Setup Wizard menu for PPPoE login accounts1. Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services, such as mail or news servers. If you leave the Domain Name field blank, the firewall will attempt to learn the domain automatically from the ISP. If this is not successful, you may need to enter it manually.2. Enter the PPPoE login user name and password provided by your ISP. These fields are case sensitive. If you wish to change the idle timeout, enter a new value in minutes.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-11March 2004, 202-10027-01Note: You will no longer need to launch the ISP’s login program on your computer in order to access the Internet. When you start an Internet application, your firewall will automatically log you in.3. The Idle Timeout setting determines how long to wait after there is no activity before disconnecting from the Internet. This is useful in countries where Internet service charges are based on the amount of time connected to the Internet. Whenever a computer on the network requests access to the Internet the FWG114P will automatically reconnect.4. Domain Name Server (DNS) Address: If you know that your ISP does not automatically transmit DNS addresses to the firewall during login, select “Use these DNS servers” and enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also.Note: If you enter an address here, after you finish configuring the firewall, reboot your PCs so that the settings take effect.5. Click Apply to save your settings.6. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting”.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-12 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01Wizard-Detected Dynamic IP Account SetupIf the Setup Wizard determines that your Internet service account uses Dynamic IP assignment, you will be directed to the menu shown in Figure 3-9 below: Figure 3-9: Setup Wizard menu for Dynamic IP address1. Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services, such as mail or news servers. If you leave the Domain Name field blank, the firewall will attempt to learn the domain automatically from the ISP. If this is not successful, you may need to enter it manually.2. If you know that your ISP does not automatically transmit DNS addresses to the firewall during login, select “Use these DNS servers” and enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also.Note: DNS servers are required to perform the function of translating an Internet name, such as www.netgear.com to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here. You should reboot your PCs after configuring the firewall for these settings to take effect.3. The Router’s MAC Address is the Ethernet MAC address that will be used by the firewall on the Internet port.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-13March 2004, 202-10027-01If your ISP allows access from only one specific computer’s Ethernet MAC address, select “Use this MAC address.” The firewall will then capture and use the MAC address of the computer that you are now using. You must be using the one computer that is allowed by the ISP. Otherwise, you can type in a MAC address.Note: Some ISPs will register the Ethernet MAC address of the network interface card in your computer when your account is first opened. They will then only accept traffic from the MAC address of that computer. This feature allows your firewall to masquerade as that computer by using its MAC address.4. Click Apply to save your settings.5. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting”.Wizard-Detected Fixed IP Account SetupIf the Setup Wizard determines that your Internet service account uses Fixed IP assignment, you will be directed to the menu shown in Figure 3-10 below:Figure 3-10: Setup Wizard menu for Fixed IP address
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-14 Connecting the FWG114P to the InternetMarch 2004, 202-10027-011. Enter your assigned IP Address, Subnet Mask, and the IP Address of your ISP’s gateway router. This information should have been provided to you by your ISP. You will need the configuration parameters from your ISP you recorded in “Record Your Internet Connection Information” on page 3.2. Enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also.Note: DNS servers are required to perform the function of translating an Internet name, such as www.netgear.com to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here. You should reboot your PCs after configuring the firewall for these settings to take effect.3. Click Apply to save the settings.4. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting.How to Configure the Serial Port as the Primary Internet ConnectionUse the procedure below to configure an Internet connection via the serial port of your firewall.There are three steps to configuring the serial port of your firewall for an Internet connection:1. Connect the firewall to your ISDN or dial-up analog modem.2. Configure the firewall.3. Connect to the Internet.Follow the steps below to configure a serial port Internet connection on your firewall.1. Connect the Firewall to your ISDN or dial-up modema. Turn off your modem and connect the cable from the serial port of the FWG114P to the modem.b. Turn on the modem and wait about 30 seconds for the lights to stop blinking. 2. Configure the Serial Port of the Firewall.a. Use a browser to log in to the firewall at http://192.168.0.1 with its default User Name of admin and default Password of password, or using whatever Password you have set up.b. From the Setup Basic Settings menu, click Serial Port.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-15March 2004, 202-10027-01 Figure 3-11: Serial Internet Connection configuration menuc. Fill in the ISDN or analog ISP Internet configuration parameters as appropriate:• For a Dial-up Account, enter the Account information. Check “Connect as required” to enable the firewall to automatically dial the number. To enable Idle Time disconnect, check the box and enter a time in minutes.• To configure the Internet IP settings, fill in the address parameters your ISP provided.d. Configure the Modem parameters.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-16 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01Note: You can validate modem string settings by first connecting the modem directly to a computer, establishing a connection to your ISP, and then copying the modem string settings from the computer configuration and pasting them into the FWG114P Modem Properties Initial String field. For more information on this procedure, please refer to the support area of the NETGEAR Web site.• Select the Serial Line Speed. This is the maximum speed the modem will attempt to use. For ISDN permanent connections, the speeds are typically 64000 or 128000 bps. For dial-up modems, 56000 bps would be a typical setting.• Select the Modem Type:– For ISDN, select “Permanent connection (leased line).”– For dial-up, select your modem from the list. “Standard Modem” should work in most cases.– If your modem is not on the list, select “User Defined” and enter the Modem Properties.Note: If you are using the “User Defined” Modem Type, you must first use the Serial Port menu Modem link to fill in the Modem Properties settings for your modem. e. Click Apply to save your settings.3. Connect to the Internet to test your configuration.a. If you have a broadband connection, disconnect it.b. From a workstation, open a browser and test your serial port Internet connection.Note: The response time of your serial port Internet connection will be slower than a broadband Internet connection.Testing Your Internet ConnectionAfter completing the Internet connection configuration, your can test your Internet connection. Log in to the firewall, then, from the Setup Basic Settings link, click the Test button. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting.”Note: Popup blocking software may block the test page from opening. Alternately, you can just open a new browser window and browse the Internet.To access the Internet from any computer connected to your firewall, launch a browser, such as Microsoft Internet Explorer or Netscape Navigator. You should see the firewall’s Internet LED blink, indicating communication to the ISP. The browser should begin to display a Web page.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-17March 2004, 202-10027-01Manually Configuring Your Internet ConnectionYou can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.Figure 3-12: Browser-based configuration Basic Settings menuISP Does Not Require Login ISP Does Require Login
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-18 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01How to Manually Configure the Primary Internet ConnectionUse these steps to manually configure the primary Internet connection in the Basic Settings menu.1. Select your Internet connection type (broadband with or without login, or serial).Note: If you are a Telstra BigPond broadband customer, or if you are in an area, such as Austria that uses broadband PPTP, login is required. If so, select BigPond or PPTP from the Internet Service Type drop down box.2. Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services, such as mail or news servers.3. If needed, enter the PPPoE login user name and password provided by your ISP. These fields are case sensitive. To change the login timeout, enter a new value in minutes.Note: You will no longer need to run the ISP’s login program on your computer in order to access the Internet. When you start an Internet application, your firewall automatically logs you in.4. You should only disable NAT if you are sure you do not require it. NAT automatically assigns private IP addresses (for example, 192.168.0.x) to LAN connected devices. When NAT is disabled, only standard routing is performed by this router. Note: Disabling NAT will reboot the router and reset all the FWG114P configuration settings to the factory default. Disable NAT only if you plan to install the FWG114P in a setting where you will be manually administering the IP address space on the LAN side of the router.5. Internet IP Address: If your ISP assigned you a permanent, fixed IP address for your computer, select “Use Static IP Address.” Enter the IP address your ISP assigned. Also enter the IP Subnet Mask and the Gateway IP address. The Gateway is the ISP’s router to which your firewall will connect.6. Domain Name Server (DNS) Address: If your ISP does not automatically transmit DNS addresses to the firewall during login, select “Use These DNS Servers” and enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it.Note: A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP address of one or two DNS servers to your firewall during login. If the ISP does not transfer an address, you must obtain it from the ISP and enter it manually here. If you enter an address here, you should reboot your PCs after configuring the firewall.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PConnecting the FWG114P to the Internet 3-19March 2004, 202-10027-017. Router’s MAC Address: This section determines the Ethernet MAC address that will be used by the firewall on the Internet port. Some ISPs will register the Ethernet MAC address of the network interface card in your computer when your account is first opened. They will then only accept traffic from the MAC address of that computer. This feature allows your firewall to masquerade as that computer by “cloning” its MAC address. To change the MAC address, select “Use This Computer’s MAC Address.” The firewall will then capture and use the MAC address of the computer that you are now using. You must be using the one computer that is allowed by the ISP. Or, select “Use This MAC Address” and enter it.8. Click Apply to save your settings.9. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting.”The remaining chapters in this manual describe how to configure the Advanced features of your firewall, and how to troubleshoot problems that may occur.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P3-20 Connecting the FWG114P to the InternetMarch 2004, 202-10027-01
Wireless Configuration 4-1March 2004, 202-10027-01Chapter 4 Wireless ConfigurationThis chapter describes how to configure the wireless features of your FWG114P Wireless Firewall/Print Server.Observing Performance, Placement, and Range GuidelinesIn planning your wireless network, you should consider the level of security required. You should also select the physical placement of your FWG114P in order to maximize the network speed. For further information on wireless networking, refer to in Appendix E, “Wireless Networking Basics.”The operating distance or range of your wireless connection can vary significantly based on the physical placement of the FWG114P Wireless Firewall/Print Server. The latency, data throughput performance, and notebook power consumption also vary depending on your configuration choices. For best results, place your wireless firewall/print server:• Near the center of the area in which your PCs will operate.• In an elevated location, such as a high shelf where the wirelessly connected PCs have line-of-sight access (even if through walls). The best location is elevated, such as wall mounted or on the top of a cubicle, and at the center of your wireless coverage area for all the mobile devices.• Away from sources of interference, such as PCs, microwaves, and 2.4 GHz cordless phones.• Away from large metal surfaces.Be aware that the time it takes to establish a wireless connection can vary depending on both your security settings and placement. WEP connections can take slightly longer to establish. Also, WEP encryption can consume more battery power on a notebook computer.Note: Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the wireless firewall/print server. For complete range and performance specifications, please see Appendix A, “Technical Specifications.”
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-2 Wireless ConfigurationMarch 2004, 202-10027-01Implementing Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of your wireless equipment. The FWG114P Wireless Firewall/Print Server provides highly effective security features which are covered in detail in this chapter. Figure 4-1: FWG114P wireless data security optionsThere are several ways you can enhance the security of your wireless network:•Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the FWG114P. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed. •Turn Off the Broadcast of the Wireless Network Name SSID. If you disable broadcast of the SSID, only devices that have the correct SSID can connect. This nullifies wireless network ‘discovery’ feature of some products, such as Windows XP, but the data is still exposed.•WEP. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP Shared Key authentication and WEP data encryption will block all but the most determined eavesdropper. Note: Indoors, computers can connect to wireless networks at ranges of 300 feet or more. Such distances allow others outside of your area to access your network..O3ECURITY%ASYBUTNOSECURITY-!#!CCESS,IST.ODATASECURITY7%03ECURITYBUTSOMEPERFORMANCEIMPACT70!OR70!03+6ERYSTRONGSECURITY:LUHOHVV'DWD6HFXULW\2SWLRQV5DGLXV8SWR)HHW+Á.?wjËoåÔ±¤¤~Ë8ÁjjÄÄËÁjÝ?Ê+ÁÍË.jÁÜjÁÁ?aM?a # 8¤¤|+3:502).4%2 -/$%- ).4%2.%4 ,/#!, 7,!.7(67$&7$/(57$&7$/(57/1.$&7/1.$&7FWG114P
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PWireless Configuration 4-3March 2004, 202-10027-01•WPA or WPA-PSK. Wi-Fi Protected Access (WPA) data encryption provides data security. The very strong authentication along with dynamic per frame rekeying of WPA make it virtually impossible to compromise. Because this is a new standard, wireless device driver and software availability may be limited. Understanding Wireless SettingsTo configure the wireless settings of your FWG114P, click the Wireless link in the Setup section of the main menu. The wireless settings menu will appear, as shown below.Figure 4-2: Wireless Settings menuNote: The 802.11b and 802.11g wireless networking protocols are configured in exactly the same fashion. The FWG114P will automatically adjust to the 802.11g or 802.11b protocol as the device requires without compromising the speed of the other devices.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-4 Wireless ConfigurationMarch 2004, 202-10027-01•Wireless Network. The station name of the FWG114P.—Wireless Network Name (SSID). The SSID is also known as the wireless network name. Enter a value of up to 32 alphanumeric characters. In a setting where there is more than one wireless network, different wireless network names provide a means for separating the traffic. Any device you want to participate in the 802.11b/g wireless network will need to use this SSID for that network. The FWG114P default SSID is: NETGEAR.—Region. This field identifies the region where the FWG114P can be used. It may not be legal to operate the wireless features of the wireless firewall/print server in a region other than one of those identified in this field. Unless you select a region, you will only be able to use Channel 11.—Channel. This field determines which operating frequency will be used. It should not be necessary to change the wireless channel unless you notice interference problems with another nearby access point. For more information on the wireless channel frequencies, please refer to “Wireless Channels” on page E-7.—Mode. Select the desired wireless mode. The options are: • g & b - Both 802.11g and 802.11b wireless stations can be used. • g only - Only 802.11g wireless stations can be used. • b only - All 802.11b wireless stations can be used. 802.11g wireless stations can still be used if they can operate in 802.11b mode. The default is “g & b” which allows both 802.11g and 802.11b wireless stations to access this device. • Wireless Access Point— Enable Wireless Access Point. Enables the wireless radio. When disabled, there are no wireless communications through the FWG114P.—Allow Broadcast of Name (SSID). The default setting is to enable SSID broadcast. If you disable broadcast of the SSID, only devices that have the correct SSID can connect. Disabling SSID broadcast somewhat hampers the wireless network ‘discovery’ feature of some products.• Wireless Card Access ListLets you restrict wireless connections according to a list of Trusted PCs MAC addresses. When the Trusted PCs Only radio button is selected, the FWG114P checks the MAC address of the wireless station and only allows connections to PCs identified on the trusted PCs list.To restrict access based on MAC addresses, click the Set up Access List button and update the MAC access control list.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PWireless Configuration 4-5March 2004, 202-10027-01• Security OptionsTable 4-1. Wireless Security OptionsField DescriptionDisable Wireless security is not used.WEP (Wired Equivalent Privacy)You can select the following WEP options: Authentication Type• Open: the FWG114P does not perform any authentication. • Shared: WEP shared key authentication. For a full explanation of WEP shared key, see “Authentication and WEP Data Encryption” on page E-2. Encryption Strength• If Shared or Open Network Authentication is enabled, you can choose 64- or 128-bit WEP data encryption. Note: With Open Network Authentication and 64- or 128-bit WEP Data Encryption, the FWG114P does perform 64- or 128-bit data encryption but does not perform any authentication. Security Encryption (WEP) KeyThese key values must be identical on all wireless devices in your network (key 1 must be the same for all, key 2 must be the same for all, and so on). The FWG114P provides two methods for creating WEP encryption keys:• Passphrase. These characters are case sensitive. Enter a word or group of printable characters in the Passphrase box and click the Generate button. Note: Not all wireless adapters support passphrase key generation.• Manual. These values are not case sensitive. 64-bit WEP: enter 10 hexadecimal digits (any combination of 0-9, a-f, or A-F).128-bit WEP: enter 26 hexadecimal digits (any combination of 0-9, a-f, or A-F).
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-6 Wireless ConfigurationMarch 2004, 202-10027-01WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)WPA Pre-Shared-Key uses a pre-shared key to perform the authentication and generate the initial data encryption keys. Then, it dynamically varies the encryption key. For a full explanation of WPA, see “WPA Wireless Security” on page E-8.Note: Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA.WPA User authentication is implemented using RADIUS servers. For a full explanation of WPA, see “WPA Wireless Security” on page E-8.Fill in the following:• Primary Radius Server Name/IP Address This field is required. Enter the name or IP address of the Radius Server on your LAN. • Secondary Radius Server Name/IP Address This field is optional. Enter the name or IP address of the Secondary Radius Server on your LAN. • Radius Port Enter the port number used for connections to the Radius Server. • Radius Shared Key Enter the desired value for the Radius shared key. This key enables the FWG114P to log in to the Radius server and must match the value used on the Radius server. Radius Accounting OptionThe Radius Accounting option can be enabled so that you can track various information like who connected to the network, when they connected, how long they were connected, how much network traffic they generated, and so on. Table 4-1. Wireless Security OptionsField Description
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PWireless Configuration 4-7March 2004, 202-10027-01Default Factory SettingsThe FWG114P default factory settings shown below. You can restore these defaults with the Factory Default Restore button on the rear panel as seen in the illustration “FWG114P Rear Panel” on page 2-8. After you install the FWG114P Wireless Firewall/Print Server, use the procedures below to customize any of the settings to better meet your networking needs.FEATURE DEFAULT FACTORY SETTINGSSSID NETGEARRF Channel 11 until the region is selectedAccess Point EnabledSSID broadcast EnabledWireless Card Access List for Access Point Connections All wireless stations allowedWEP Security DisabledAuthentication Type Open System
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-8 Wireless ConfigurationMarch 2004, 202-10027-01Before You Change the SSID and WEP SettingsTake the following steps:For a new wireless network, print or copy this form and fill in the configuration parameters. For an existing wireless network, the person who set up or is responsible for the network will be able to provide this information. Be sure to set the Regulatory Domain correctly as the first step.•SSID: The Service Set Identification (SSID) identifies the wireless local area network. Wireless is the default FWG114P SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below. Note: The SSID in the wireless firewall/print server is the SSID you configure in the wireless adapter card. All wireless nodes in the same network must be configured with the same SSID: • AuthenticationCircle one: Open System or Shared Key. Choose “Shared Key” for more security.Note: If you select shared key, the other devices in the network will not connect unless they are set to Shared Key as well and have the same keys in the same positions as those in the FWG114P.• WEP Encryption KeysFor all four 802.11b keys, choose the Key Size. Circle one: 64 or 128 bitsKey 1: ___________________________________ Key 2: ___________________________________ Key 3: ___________________________________ Key 4: ___________________________________ • WPA-PSK (Pre-Shared Key)Record the WPA-PSK key:Key: ___________________________________ • WPA RADIUS SettingsFor WPA, record the following RADIUS settings:Server Name/IP Address: Primary _________________ Secondary __________________ Port: ___________________________________ Shared Key: ___________________________________ Use the procedures described in the following sections to configure the FWG114P. Store this information in a safe place.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PWireless Configuration 4-9March 2004, 202-10027-01How to Set Up and Test Basic Wireless ConnectivityFollow the instructions below to set up and test basic wireless connectivity. Once you have established basic wireless connectivity, you can enable security settings appropriate to your needs.1. Log in using the default LAN address of http://192.168.0.1 with the default user name of admin and default password of password, or using whatever LAN address and password you have set up.Figure 4-3: Wireless Settings menu2. Set the Regulatory Domain correctly.3. Choose a suitable descriptive name for the wireless network name (SSID). In the SSID box, enter a value of up to 32 alphanumeric characters. The default SSID is NETGEAR.Note: The characters are case sensitive. An access point always functions in infrastructure mode. The SSID for any wireless device communicating with the access point must match the SSID configured in the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P. If they do not match, you will not get a wireless connection to the FWG114P.4. Set the Channel. It should not be necessary to change the wireless channel unless you notice interference problems with another nearby wireless router or access point. Select a channel that is not being used by any other wireless networks within several hundred feet of your wireless firewall/print server. For more information on the wireless channel frequencies please refer to “Wireless Channels” on page E-7. 5. Depending on the types of wireless adapters you have in your computers, choose from the Mode drop-down list. 6. For initial configuration and test, leave the Wireless Card Access List set to “All Wireless Stations” and the Encryption Strength set to “Disable.”
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-10 Wireless ConfigurationMarch 2004, 202-10027-017. Click Apply to save your changes.8. Configure and test your PCs for wireless connectivity.Program the wireless adapter of your PCs to have the same SSID that you configured in the FWG114P. Check that they have a wireless link and are able to obtain an IP address by DHCP from the wireless firewall/print server.Once your PCs have basic wireless connectivity to the wireless firewall/print server, then you can configure the advanced options and wireless security functions.How to Restrict Wireless Access by MAC AddressTo restrict access based on MAC addresses, follow these steps:1. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of password.2. Click Wireless in the main menu of the FWG114P. From the Wireless Settings menu, click Setup Access List.3. Click the Turn Access Control On checkbox to enable MAC filtering. 4. Click Add to open the Wireless Card Access Setup menu. You can select a device from the list of available wireless cards the FWG114P has discovered in your area, or you can manually enter the MAC address and Device Name (usually the NetBIOS name).5. Click Add to add this device to your MAC access control list.Note: If you are configuring the FWG114P from a wireless computer and you change the wireless firewall/print server’s SSID, channel, or security settings, you will lose your wireless connection when you click on Apply. You must then change the wireless settings of your computer to match the FWG114P’s new settings.Note: When configuring the FWG114P from a wireless computer whose MAC address is not in the access control list, if you select Turn Access Control On, you will lose your wireless connection when you click Apply. You must then access the wireless firewall/print server from a wired computer or from a wireless computer which is on the access control list to make any further changes.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PWireless Configuration 4-11March 2004, 202-10027-016. Be sure to click Apply to save your trusted wireless PCs list settings. Now, only devices on this list will be allowed to wirelessly connect to the FWG114P.To remove a MAC address from the table, click to select it, then click the Delete button.How to Configure WEPTo configure WEP data encryption, follow these steps:1. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of password, or using whatever LAN address and password you set up.2. Click Wireless Settings in the main menu of the FWG114P. 3. Click the WEP radio button. The WEP options menu will open.4. Choose the Authentication Type and Encryption Strength options. You can manually or automatically program the four data encryption keys. These values must be identical on all PCs and Access Points in your network.• Automatic - Enter a word or group of printable characters in the Passphrase box. This phrase is case sensitive. Click Generate. The four keys will be automatically generated.• Manual - Enter ten hexadecimal digits (any combination of 0-9, a-f, or A-F) These hex values are not case sensitive. Select which of the four keys will be the default.Please refer to “Overview of WEP Parameters” on page E-5 for a full explanation of each of these options, as defined by the IEEE 802.11b wireless communication standard.5. Click Apply to save your settings.Note: When changing the wireless settings from a wireless computer, you will lose your wireless connection when you click Apply. You must then either configure your wireless adapter to match the new wireless settings or access the wireless firewall/print server from a wired computer to make any further changes.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-12 Wireless ConfigurationMarch 2004, 202-10027-01How to Configure WPANote: Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings.To configure WPA, follow these steps:1. Log in at the default LAN address of http://192.168.0.1 with the default user name of admin and default password of password, or using whatever LAN address and password you have set up.2. Click Wireless Settings in the Setup section of the main menu of the FWG114P. Figure 4-4: Wireless Settings menu3. Choose the WPA radio button. The WPA menu will open.4. Enter the Radius settings.5. Click Apply to save your settings.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PWireless Configuration 4-13March 2004, 202-10027-01How to Configure WPA-PSKNote: Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings.To configure WPA-PSK, follow these steps:1. Log in at the default LAN address of http://192.168.0.1, with the default user name of admin and default password of password, or using whatever LAN address and password you have set up.2. Click Wireless Settings in the Setup section of the main menu of the FWG114P. 3. Choose the WPA-PSK radio button. The WPA-PSK menu will open.4. Enter the pre-shared key in the Passphrase field. 5. Enter the Key Lifetime. This setting determines how often the encryption key is changed. Shorter periods provide greater security, but adversely affect performance.6. Click Apply to save your settings.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P4-14 Wireless ConfigurationMarch 2004, 202-10027-01
Serial Port Configuration 5-1March 2004, 202-10027-01M-10207-01, Reference Manual v2Chapter 5Serial Port ConfigurationThis chapter describes how to configure the serial port options of your ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P. The FWG114P serial port lets you share the broadband connection of another FWG114P, share resources between two LANs, and take advantage of the routing functions on the broadband (WAN), LAN, and serial network interfaces. Note: If you configure the serial port of the FWG114P as the primary Internet connection, you will not be able to configure the other serial port options. For instructions on configuring the serial port as the primary Internet connection, please see “How to Configure the Serial Port as the Primary Internet Connection“ on page 3-14.The FWG114P provides these serial port configuration options:•ModemUse this option to configure the serial modem settings for any of the features below. • Auto-RolloverUse this option to provide a backup connection for your broadband service. If the broadband service you configured in the Basic Settings menu fails, the FWG114P will automatically connect to the Internet through the serial port. However, you will then be accessing the Internet at a slower speed than you would through your broadband service.• Dial-inDial-in lets a single remote computer connect to the FWG114P through the serial port to gain access to LAN resources or a remote access server.• LAN-to-LANLAN-to-LAN enables direct communications between two FWG114P wireless firewall/print servers to:— Share resources on the two LANs. — Let users on one FWG114P share the Internet connection of the other FWG114P.— Let users on one FWG114P connect to the Internet through the second FWG114P in case the broadband connection of the first FWG114P fails.The procedures for these configuration options are presented below.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P5-2 Serial Port ConfigurationMarch 2004, 202-10027-01M-10207-01, Reference Manual v2Configuring a Serial Port Modem You can configure a serial port modem for any of the features described above.Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure.Basic Requirements for Serial Port Modem ConfigurationConfiguring a serial port modem requires these elements:1. A serial analog or ISDN modem.2. A serial modem cable with a DB9 connector. 3. An active phone or ISDN line.How to Configure a Serial Port ModemFollow the steps below to configure a serial port modem.1. From the main menu, click Modem in the Serial Port section.Figure 5-1: Serial Port Modem configuration menu2. Select the Serial Line Speed. This is the maximum speed the modem will attempt to use. For ISDN permanent connections, the speeds are typically 64000 or 128000 bps. For dial-up modems, 56000 bps would be a typical setting.3. Select the Modem Type:— For ISDN, select “Permanent connection (leased line).”
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PSerial Port Configuration 5-3March 2004, 202-10027-01M-10207-01, Reference Manual v2— For dial-up, “Standard Modem” should work in most cases. Otherwise, select your modem from the list.— If your modem is not on the list, select “User Defined” and enter the Modem Properties.If you are using the “User Defined” selection and configuring your own modem stings, fill in the Modem Properties settings.Note: You can validate modem string settings by first connecting the modem directly to a computer, establishing a connection to your ISP, and then copying the modem string settings from the computer configuration and pasting them into the FWG114P Modem Properties Initial String field. For more information on this procedure, please refer to the support area of the NETGEAR Web site.4. Click Apply to save your settings.Configuring Auto-RolloverYou can configure the serial port of the FWG114P to provide an auto-rollover backup connection for your broadband service.Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure.Basic Requirements for Auto-RolloverAuto-Rollover requires these elements:1. A broadband connection to the FWG114P.2. An ISDN or analog phone line with an active ISDN or dial-up ISP account.3. A serial modem properly configured and attached to the DB9 connector on the serial port. 4. The Auto-Rollover settings configured and applied to the FWG114P. How to Configure Auto-RolloverFollow the steps below to configure a serial port auto-rollover connection.1. Configure a serial port modem according to the instructions above.2. From the main menu, click Auto-rollover in the Serial Port section.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P5-4 Serial Port ConfigurationMarch 2004, 202-10027-01M-10207-01, Reference Manual v2Figure 5-2: Auto-Rollover configuration menu3. Configure the Auto-Rollover settings. 4. Click Apply for the changes to take effect.Configuring Dial-in on the Serial PortDial-in lets a single remote computer connect to the FWG114P through the serial port to gain access to LAN resources or a remote access server.Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PSerial Port Configuration 5-5March 2004, 202-10027-01M-10207-01, Reference Manual v2Basic Requirements for Dial-inDial-in requires these elements:1. A broadband connection to the FWG114P.2. An analog phone line.3. A serial modem properly configured and attached to the DB9 connector on the serial port. 4. The Dial-in settings configured and applied to the FWG114P. How to Configure Dial-inFollow the steps below to configure a serial port dial-in connection.1. Configure a serial port modem according to the instructions above.2. From the Serial Port section of the main menu, click Dial-in. Figure 5-3: Serial Port Dial-in settings screen3. Configure the Dial-in settings. 4. Click Apply for the changes to take effect.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P5-6 Serial Port ConfigurationMarch 2004, 202-10027-01M-10207-01, Reference Manual v2Configuring LAN-to-LAN SettingsLAN-to-LAN enables direct communications between two FWG114P wireless firewall/print servers.Figure 5-4: LAN-to-LAN network configurationBasic Requirements for LAN-to-LAN ConnectionsSerial port LAN-to-LAN configurations require these elements:1. An ISDN or analog phone line with an active ISDN or dial-up ISP account.2. A serial modem properly configured and attached to the DB9 connector on the serial port. 3. A broadband connection to one FWG114P for LAN-to-LAN auto-rollover Internet access.4. The LAN-to-LAN settings configured and applied to the two FWG114P wireless firewall/print servers. How to Configure LAN-to-LAN ConnectionsFollow these steps to configure a serial port LAN-to-LAN connection.1. Configure a serial port modem.2. From the main menu, click LAN-to-LAN in the Serial Port section. )LUHZDOO$ )LUHZDOO% 6HULDO&RQQHFWLRQ+Á.?wjËoåÔ±¤¤~Ë8ÁjjÄÄËÁjÝ?Ê+ÁÍË.jÁÜjÁÁ?aM?a # 8¤¤|+3:502).4%2 -/$%- ).4%2.%4 ,/#!, 7,!.7(67$&7$/(57$&7$/(57/1.$&7/1.$&7+Á.?wjËoåÔ±¤¤~Ë8ÁjjÄÄËÁjÝ?Ê+ÁÍË.jÁÜjÁÁ?aM?a # 8¤¤|+3:502).4%2 -/$%- ).4%2.%4 ,/#!, 7,!.7(67$&7$/(57$&7$/(57/1.$&7/1.$&7
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114PSerial Port Configuration 5-7March 2004, 202-10027-01M-10207-01, Reference Manual v2Figure 5-5: LAN-to-LAN configuration menu3. Configure the LAN-to-LAN settings. Note: The LAN subnet address of each FWG114P must be different.4. Click Apply for the changes to take effect.
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P5-8 Serial Port ConfigurationMarch 2004, 202-10027-01M-10207-01, Reference Manual v2
Firewall Protection and Content Filtering 6-1March 2004, 202-10027-01Chapter 6 Firewall Protection and Content FilteringThis chapter describes how to use the content filtering features of the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P to protect your network. These features can be found by clicking on the Content Filtering heading in the Main Menu of the browser interface. Firewall Protection and Content Filtering OverviewThe ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P provides you with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. Parents and network administrators can establish restricted access policies based on time-of-day, Web addresses, and Web address keywords. You can also block Internet access by applications and services, such as chat or games.A firewall is a special category of router that protects one network (the “trusted” network, such as your LAN) from another (the “untrusted” network, such as the Internet), while allowing communication between the two. A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network from attacks and intrusions. NAT performs a very limited stateful inspection in that it considers whether the incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far beyond NAT.To configure these features of your router, click on the subheadings under the Content Filtering heading in the Main Menu of the browser interface. The subheadings are described below:Using the Block Sites Menu to Screen ContentThe FWG114P allows you to restrict access based on the following categories:• Use of a proxy server• Type of file (Java, ActiveX, Cookie)
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P6-2 Firewall Protection and Content FilteringMarch 2004, 202-10027-01• Web addresses• Web address keywordsThese options are discussed below.The Keyword Blocking menu is shown here.Figure 6-1: Block Sites menuTo enable filtering, click the checkbox next to the type of filtering you want to enable. The filtering choices are:• Proxy: blocks use of a proxy server• Java: blocks use of Java applets• ActiveX: blocks use of ActiveX components (OCX files) used by IE on Windows• Cookies: blocks all cookies To enable keyword blocking, check “Turn keyword blocking on”, then click Apply.To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.

Navigation menu