NETGEAR FR328S Cable/DSL ProSafe Firewall FR328S FR328S Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Firewall
  5. ProSafe FR328S
  6. Reference manual

NETGEAR FR328S Cable/DSL ProSafe Firewall FR328S FR328S Reference Manual

Netgear firewall with dial back-up reference manual
Hide thumbs Also See for FR328S Cable/DSL ProSafe Firewall FR328S FR328S:
Table of Contents

Advertisement

Quick Links

Download this manual
FR328S ProSafe Firewall
with Dial Back-Up
Reference Manual v2
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
M-10207-01, Reference Manual v2
October 2003

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FR328S Cable/DSL ProSafe Firewall FR328S FR328S and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for NETGEAR FR328S Cable/DSL ProSafe Firewall FR328S FR328S

Summary of Contents for NETGEAR FR328S Cable/DSL ProSafe Firewall FR328S FR328S

  • Page 1 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR M-10207-01, Reference Manual v2 October 2003...
  • Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Refer to the Support Information Card that shipped with your FR328S ProSafe Firewall with Dial Back-Up. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
  • Page 4 M-10207-01, Reference Manual v2...

  • Page 5: Table Of Contents

    Chapter 1 About This Manual Audience, Versions, Conventions ...1-1 How to Use this Manual ...1-2 How to Print this Manual ...1-3 Chapter 2 Introduction Key Features ...2-1 Full Routing on Both the Broadband and Serial Ports ...2-1 A Powerful, True Firewall with Comprehensive Content Filtering ...2-2 Protocol Support ...2-2 Configurable Auto Uplink™...
  • Page 6 How to Complete the Wizard-Detected Dynamic IP Account Setup ... 3-11 How to Complete Wizard-Detected Fixed IP Account Setup ...3-12 Configuring a Serial Port as the Primary Internet Connection ...3-13 How to Configure the Serial Port for an Internet Connection ...3-13 Testing Your Internet Connection ...3-15 Manually Configuring Your Internet Connection ...3-16 How to Manually Configure the Primary Internet Connection ...3-17...
  • Page 7 Considerations for Inbound Rules ...5-10 Outbound Rules (Service Blocking) ... 5-11 Outbound Rule Example: Blocking Instant Messenger ... 5-11 Order of Precedence for Rules ...5-13 Setting Times and Scheduling Firewall Services ...5-13 How to Set Your Time Zone ...5-14 How to Schedule Firewall Services ...5-15 Chapter 6 Managing Your Network Network Management Information ...6-1...
  • Page 8 MTU Size ...7-3 DHCP ...7-4 Use router as DHCP server ...7-4 Reserved IP addresses ...7-5 How to Configure LAN TCP/IP Setup ...7-5 Configuring Dynamic DNS ...7-6 How to Configure Dynamic DNS ...7-7 Using Static Routes ...7-8 Static Route Example ...7-8 How to Configure Static Routes ...7-9 Chapter 8 Troubleshooting...
  • Page 9 Private IP Addresses ... B-7 Single IP Address Operation Using NAT ... B-8 MAC Addresses and Address Resolution Protocol ... B-9 Related Documents ... B-9 Domain Name Server ... B-10 IP Configuration by DHCP ... B-10 Internet Security and Firewalls ... B-10 What is a Firewall? ...B-11 Stateful Packet Inspection ...B-11 Denial of Service Attack ...B-11...
  • Page 10 Glossary Index Contents M-10207-01, Reference Manual v2...

  • Page 11: About This Manual

    Product Firmware Version Number Manual Part Number Manual Publication Date Note: Product updates are available on the NETGEAR, Inc. web site at www.netgear.com/support/main.asp. Documentation updates are available on the NETGEAR, Inc. web site at http://www.netgear.com/docs. About This Manual About This Manual FR328S ProSafe Firewall with Dial Back-Up.

  • Page 12: How To Use This Manual

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 How to Use this Manual The HTML version of this manual includes a variety of navigation features as well as links to PDF versions of the full manual and individual chapters. Figure Preface -2: HTML version of this manual 1.

  • Page 13: How To Print This Manual

    How to Print this Manual To print this manual you man choose one of the following several options, according to your needs. • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button the upper right of the toolbar to print the currently displayed topic. Using this button when a step-by-step procedure is displayed will send the entire procedure to your printer--you do not have to worry about specifying the correct range of pages.

  • Page 15: Introduction

    This chapter describes the features of the NETGEAR FR328S ProSafe Firewall with Dial Back-Up. The FR328S is a complete security solution that protects your network from attacks and intrusions. Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FR328S uses Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection.

  • Page 16: A Powerful, True Firewall With Comprehensive Content Filtering

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 • Remote Access Server (RAS) allows you to log in remotely through the serial port to access a server on your LAN, other LAN resources, or the Internet based on a user name and password you define.

  • Page 17: Configurable Auto Uplink™ Ethernet Connection

    • Automatic Configuration of Attached PCs by DHCP The FR328S dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.

  • Page 18: What's In The Box

    • Support information card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. M-10207-01, Reference Manual v2...

  • Page 19: The Firewall's Front Panel

    The Firewall’s Front Panel The front panel of the FR328S Figure 2-1: FR328S Front Panel You can use some of the LEDs to verify connections. the front panel of the firewall. These LEDs are green when lit, except for the TEST LED, which is amber. Table 2-1: LED Descriptions Label...

  • Page 20: The Firewall's Rear Panel

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 The Firewall’s Rear Panel The rear panel of the FR328S (Figure M O DEM Figure 2-2: FR328S Rear Panel Viewed from left to right, the rear panel contains the following elements: •...

  • Page 21: Connecting The Firewall To The Internet

    Connecting the Firewall to the Internet This chapter describes how to set up the firewall on your Local Area Network (LAN), connect to the Internet, perform basic configuration of your FR328S ProSafe Firewall with Dial Back-Up using the Setup Wizard, or how to manually configure your Internet connection. What You Will Need Before You Begin You need to prepare these three things before you can connect your firewall to the Internet: A computer properly connected to the firewall as explained below.

  • Page 22: Configuration Requirements

    For Macintosh computers, open the TCP/IP or Network control panel. • You may also refer to the FR328S Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the page...

  • Page 23: Record Your Internet Connection Information

    Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs.

  • Page 24: Connecting The Fr328S Firewall To Your Lan

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Connecting the FR328S Firewall to Your LAN This section provides instructions for connecting the FR328S ProSafe Firewall with Dial Back-Up to your Local Area Network (LAN). Note: The Resource CD included with your firewall contains an animated Installation Assistant to guide you through this procedure.
  • Page 25 Connect the Ethernet cable (A) from your Cable or DSL modem to the FR328S’s Internet port. Figure 3-2: Connect the Cable or DSL Modem to the firewall Connect the Ethernet cable (B) which came with the firewall from a Local port on the router to your computer.
  • Page 26 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Turn on the Cable or DSL modem and wait about 30 seconds for the lights to stop blinking. Log in to the Firewall Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP.
  • Page 27 A login window opens as shown in Figure 3-5: Login window For security reasons, the firewall has its own user name and password. When prompted, enter admin for the firewall User Name and lower case letters. Note: The user name and password are not the same as any user name or password you may use to log in to your Internet connection.

  • Page 28: Connecting The Fr328S Firewall To The Internet

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Select the NAT option and click Next to follow the steps in the Setup Wizard to input the configuration parameters from your ISP to connect to the Internet. If you choose not to use NAT, each computer on the LAN connected to the FR328S must have a valid public IP address in the same subnet as the Wan port of the FR328S.
  • Page 29 When the Wizard launches, select Yes in the menu below to allow the firewall to automatically determine your connection. Figure 3-7: Setup Wizard Note: If you do not see the Setup Wizard, click the Setup Wizard link in the upper left to bring up this menu.

  • Page 30: How To Complete The Wizard-Detected Login Account Setup

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 How to Complete the Wizard-Detected Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet (PPPoE), you will be directed to a menu like the PPPoE menu in Figure 3-8: Setup Wizard menu for PPPoE login accounts Enter your Account Name (may also be called Host Name) and Domain Name.

  • Page 31: How To Complete The Wizard-Detected Dynamic Ip Account Setup

    Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, How to Complete the Wizard-Detected Dynamic IP Account Setup If the Setup Wizard determines that your Internet service account uses Dynamic IP assignment,...

  • Page 32: How To Complete Wizard-Detected Fixed Ip Account Setup

    PC. This feature allows your firewall to masquerade as that PC by using its MAC address. Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8,...

  • Page 33: Configuring A Serial Port As The Primary Internet Connection

    Note: DNS servers are required to perform the function of translating an Internet name such as www.netgear.com to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here. You should reboot your PCs after configuring the firewall for these settings to take effect.
  • Page 34 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 From the Setup Basic Settings menu, click Serial Port. Figure 3-11: Serial Internet Connection configuration menu Fill in the ISDN or analog ISP Internet configuration parameters as appropriate: • For a Dial-up Account, enter the Account information. Check “Connect as required” to enable the firewall to automatically dial the number.

  • Page 35: Testing Your Internet Connection

    Log in to the firewall, then, from the Setup Basic Settings link, click on the Test button. If the NETGEAR website does not appear within one minute, refer to To access the Internet from any computer connected to your firewall, launch a browser such as Microsoft Internet Explorer or Netscape Navigator.

  • Page 36: Manually Configuring Your Internet Connection

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. ISP Does Not Require Login ISP Does Require Login Figure 3-12: Browser-based configuration Basic Settings menu...

  • Page 37: How To Manually Configure The Primary Internet Connection

    PC that you are now using. You must be using the one PC that is allowed by the ISP. Or, select “Use this MAC address” and enter it. Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8,...
  • Page 38 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 3-18 Connecting the Firewall to the Internet M-10207-01, Reference Manual v2...

  • Page 39: Serial Port Configuration

    This chapter describes how to configure the serial port options of your FR328S ProSafe Firewall with Dial Back-Up. The FR328S serial port lets you share the broadband connection of another FR328S, share resources between two LANs, and take advantage of the routing functions on the broadband (WAN), LAN, and serial network interfaces.

  • Page 40: Configuring A Serial Port Modem

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Configuring a Serial Port Modem You can configure a serial port modem for any of the features described above. Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure. Basic Requirements for Serial Port Modem Configuration Configuring a serial port modem requires these elements: A serial analog or ISDN modem.

  • Page 41: Configuring Auto-Rollover

    PC configuration and pasting them into the FR328S Modem Properties Initial String field. For more information on this procedure, please refer to the support area of the NETGEAR web site. Click Apply to save your settings. Configuring Auto-Rollover You can configure the serial port of the FR328S to provide an auto-rollover backup connection for your broadband service.

  • Page 42: Configuring Dial-In On The Serial Port

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Figure 4-2: Auto-Rollover configuration menu Configure the Auto-Rollover settings. Click Apply for the changes to take effect. Configuring Dial-in on the Serial Port Dial-in lets a single remote computer connect to the FR328S through the serial port to gain access to LAN resources or a remote access server.

  • Page 43: Basic Requirements For Dial-In

    Basic Requirements for Dial-in Dial-in requires these elements: A broadband connection to the FR328S. An analog phone line. A serial modem properly configured and attached to the DB9 connector on the serial port. The Dial-in settings configured and applied to the FR328S. How to Configure Dial-in Follow the steps below to configure a serial port dial-in connection.

  • Page 44: Configuring Lan-To-Lan Settings

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Configuring LAN-to-LAN Settings LAN-to-LAN enables direct communications between two FR328S firewalls. FR328S A 192.168.3.1 Figure 4-4: LAN-to-LAN network configuration Basic Requirements for LAN-to-LAN Connections Serial port LAN-to-LAN configurations require these elements: An ISDN or analog phone line with an active ISDN or dial-up ISP account.
  • Page 45 Figure 4-5: LAN-to-LAN configuration menu Configure the LAN-to-LAN settings. Note: The LAN subnet address of each FR328S must be different. Click Apply for the changes to take effect. Serial Port Configuration FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 M-10207-01, Reference Manual v2...
  • Page 46 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Serial Port Configuration M-10207-01, Reference Manual v2...

  • Page 47: Protecting Your Network

    This chapter describes how to use the basic firewall features of the FR328S ProSafe Firewall with Dial Back-Up to protect your network. Protecting Access to Your FR328S Firewall For security reasons, the firewall has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect.

  • Page 48: How To Change The Administrator Login Timeout

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 From the Main Menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown in Figure 5-1: Set Password menu To change the password, first enter the old password, and then enter the new password twice. Click Apply to save your changes.

  • Page 49: Blocking Keywords, Sites, And Services

    Blocking Keywords, Sites, and Services firewall provides a variety of options for blocking Internet based content and communications services. With its content filtering feature, the FR328S Firewall prevents objectionable content from reaching your PCs. The FR328S allows you to control access to Internet content by screening for keywords within Web addresses.
  • Page 50 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Click on the Block Sites link of the Security menu. Figure 5-2: Block Sites menu To enable keyword blocking, check “Turn keyword blocking on”, enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply. Some examples of Keyword application follow: •...

  • Page 51: Services

    Services Services are functions performed by server computers at the request of client computers. For example, Web servers serve web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.

  • Page 52: Rules

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Modify the menu shown below for defining or editing a service. Figure 5-4: Add Services menu Click Apply to save your changes. Rules Firewall rules are used to block or allow specific traffic passing through from one side to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources.

  • Page 53: Inbound Rules (Port Forwarding)

    To access the Rules configuration of the FR328S, click the Rules link on the main menu, then click Add for either an Outbound or Inbound Service. Figure 5-5. Rules menu • To edit an existing rule, select its button on the left side of the table and click Edit. •...

  • Page 54: Inbound Rule Example: A Local Public Web Server

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
  • Page 55 The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add Services menu to add any additional services or applications that do not already appear. •...

  • Page 56: Inbound Rule Example: Allowing Videoconference From Restricted Addresses

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Inbound Rule Example: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown Figure 5-7, CU-SeeMe connections are allowed only from a specified range of external IP addresses.

  • Page 57: Outbound Rules (Service Blocking)

    Outbound Rules (Service Blocking) The FR328S allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local PC based on the: •...
  • Page 58 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add Services menu to add any additional services or applications that do not already appear.

  • Page 59: Order Of Precedence For Rules

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 5-9: Figure 5-9. Rules table with examples For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules at the bottom.

  • Page 60: How To Set Your Time Zone

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 How to Set Your Time Zone In order to localize the time for your log entries, you must specify your Time Zone: Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of , default password of admin...

  • Page 61: How To Schedule Firewall Services

    Enabling Daylight Savings Time will cause one hour to be added to the standard time. The firewall uses Netgear NTP servers by default. If you would prefer to use a particular NTP server as the primary server, enter its IP address under Use this NTP Server.
  • Page 62 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 5-16 Protecting Your Network M-10207-01, Reference Manual v2...

  • Page 63: Managing Your Network

    Chapter 6 Managing Your Network This chapter describes how to perform network management tasks with your FR328S ProSafe Firewall with Dial Back-Up. Network Management Information The FR328S provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the Main Menu, under Maintenance, select Router Status to view the screen in Figure 6-1.
  • Page 64 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 This screen shows the following parameters: Table 6-1. Menu 3.2 - Router Status Fields Field System Name Firmware Version LAN Port MAC Address IP Address IP Subnet Mask DHCP WAN Port MAC Address IP Address DHCP...
  • Page 65 Click the “Show Statistics” button to display firewall usage statistics, as shown in below: Figure 6-2. Router Statistics screen This screen shows the following statistics: Table 6-2. Router Statistics Fields Field Description WAN, LAN, or The statistics for the WAN (Internet), LAN (local), and Serial ports. For each port, the Serial Port screen displays: Status...

  • Page 66: Viewing Attached Devices

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select Attached Devices to view the table, shown in Figure 6-3.

  • Page 67: Viewing, Selecting, And Saving Logged Information

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Viewing, Selecting, and Saving Logged Information The firewall will log security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites menu, the Logs page shows you when someone on your network tried to access a blocked site.

  • Page 68: Selecting What Information To Log

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Log entries are described in Table 6-5 Table 6-5: Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any. Action Source IP The IP address of the initiating device for this log entry.

  • Page 69: Saving Log Files On A Server

    Following are examples of log messages. In all cases, the log entry shows the timestamp as: Day, Year-Month-Date Hour:Minute:Second Activation and Administration Tue, 2002-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2 Thu, 2002-05-21 18:56:58 - Administrator logout - IP:192.168.0.2...

  • Page 70: Enabling Security Event E-Mail Notification

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-Mail subheading: Figure 6-7: E-mail notification menu • Turn e-mail notification on Check this box if you wish to receive e-mail logs and alerts from the firewall.

  • Page 71: Backing Up, Restoring, Or Erasing Your Settings

    • Send to this e-mail address Enter the e-mail address to which logs and alerts are sent. This e-mail address will also be used as the From address. If you leave this box blank, log and alert messages will not be sent via e-mail.

  • Page 72: How To Restore A Configuration From A File

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 From the Maintenance heading of the Main Menu, select the Settings Backup menu as seen in Figure 6-8. Figure 6-8: Settings Backup menu Click Backup to save a copy of the current settings. Store the file on a computer on your network.

  • Page 73: Running Diagnostic Utilities And Rebooting The Router

    The firewall will then reboot automatically. After an erase, the firewall password will be password, the LAN IP address will be 192.168.0.1, and the router's DHCP client will be enabled. Note: To restore the factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the rear panel of the firewall.

  • Page 74: Enabling Remote Management

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Enabling Remote Management Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your FR328S ProSafe Firewall with Dial Back-Up. Note: Be sure to change the router's default password to a very secure password.

  • Page 75: Upgrading The Router's Firmware

    The software of the FR328S Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's website. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.IMG) file before uploading it to the firewall.
  • Page 76 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Click Upload. Note: When uploading software to the firewall, it is important not to interrupt the Web browser by closing the window, clicking a link, or loading a new page. If the browser is interrupted, it may corrupt the software.

  • Page 77: Advanced Configuration

    This chapter describes how to configure the advanced features of your FR328S ProSafe Firewall with Dial Back-Up. Configuring Advanced Security The FR328S ProSafe Firewall with Dial Back-Up provides a variety of advanced features, such as: • Setting up a Demilitarized Zone (DMZ) Server •...

  • Page 78: Respond To Ping On Internet Wan Port

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 To assign a computer or server to be a Default DMZ server: Click Default DMZ Server. Type the IP address for that server. Click Apply. Respond to Ping on Internet WAN Port If you want the firewall to respond to a 'ping' from the Internet, click the ‘Respond to Ping on Internet WAN Port’...

  • Page 79: Mtu Size

    • RIP Direction RIP (Router Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction selection controls how the firewall sends and receives RIP packets. Both is the default. — When set to Both or Out Only, the firewall will broadcast its routing table periodically. —...

  • Page 80: Dhcp

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 DHCP By default, the firewall will function as a DHCP (Dynamic Host Configuration Protocol) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the router's LAN.

  • Page 81: Reserved Ip Addresses

    Reserved IP addresses When you specify a reserved IP address for a PC on the LAN, that PC will always receive the same IP address each time it access the firewall’s DHCP server. Reserved IP addresses should be assigned to servers that require permanent IP settings. To reserve an IP address: Click Add.

  • Page 82: Configuring Dynamic Dns

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 From the Main Menu, under Advanced, click the LAN IP Setup link to view the menu, shown Figure 7-1 Figure 7-1: LAN IP Setup Menu Enter the TCP/IP, MTU, or DHCP parameters. Click Apply to save your changes.

  • Page 83: How To Configure Dynamic Dns

    How to Configure Dynamic DNS Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin , default password of address you have chosen for the firewall. From the Main Menu of the browser interface, under Advanced, click Dynamic DNS. Access the website of one of the dynamic DNS service providers whose names appear in the ‘Select Service Provider’...

  • Page 84: Using Static Routes

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Using Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You must configure static routes only for unusual cases such as multiple routers or multiple IP subnets located on your network.

  • Page 85: How To Configure Static Routes

    How to Configure Static Routes Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin , default password of address you have chosen for the firewall. From the Main Menu of the browser interface, under Advanced, click on Static Routes to view the Static Routes menu.
  • Page 86 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Type a number between 1 and 15 as the Metric value. This represents the number of routers between your network and the destination. Usually, a setting of 2 or 3 works, but if this is a direct connection, set it to 1. Click Apply to have the static route entered into the table.

  • Page 87: Troubleshooting

    This chapter gives information about troubleshooting your FR328S ProSafe Firewall with Dial Back-Up. For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to “Basic Functions“ on page •...

  • Page 88: Power Led Not On

    • Check that you are using the 12VDC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 89: Troubleshooting The Web Configuration Interface

    • Be sure you are using the correct cable: — When connecting the firewall’s Internet port to a cable or DSL modem, use the cable that was supplied with the cable or DSL modem. This cable could be a standard straight-through Ethernet cable or an Ethernet crossover cable.

  • Page 90: Troubleshooting The Isp Connection

    Web Configuration Manager. To check the WAN IP address: Launch your browser and select an external site such as www.netgear.com Access the Main Menu of the firewall’s configuration at http://192.168.0.1 Under the Maintenance heading, select Router Status Check that an IP address is shown for the WAN Port If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.

  • Page 91: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. If you entered a DNS address during the firewall’s configuration, reboot your PC and verify the DNS address as described in Properties“...

  • Page 92: Testing The Path From Your Pc To A Remote Device

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 In the field provided, type Ping followed by the IP address of the firewall, as in this example: ping 192.168.0.1 Click on OK. You should see a message like this one: Pinging <IP address>...

  • Page 93: Restoring The Default Configuration And Password

    — Check that your PC has the IP address of your firewall listed as the default gateway. If the IP configuration of your PC is assigned by DHCP, this information will not be visible in your PC’s Network Control Panel. Verify that the IP address of the firewall is listed as the default gateway as described in —...

  • Page 94: Problems With Date And Time

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Press and hold the Default Reset button until the Test LED turns on (about 10 seconds). LO CA L 1 0 / 1 0 0 M M O DEM Reset Figure 8-1. Reset Button Release the Default Reset button and wait for the firewall to reboot.

  • Page 95: Technical Specifications

    This appendix provides technical specifications for the FR328S ProSafe Firewall with Dial Back-Up. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output): Physical Specifications Dimensions: Weight: Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions...
  • Page 96 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Meets requirements of: Interface Specifications Local: Internet: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 M-10207-01, Reference Manual v2 Technical Specifications...

  • Page 97: Networks, Routing, And Firewall Basics

    Appendix B Networks, Routing, and Firewall Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.

  • Page 98: Routing Information Protocol

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Routing Information Protocol One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table.
  • Page 99 There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class.

  • Page 100: Netmask

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. • Class E Class E addresses are for experimental use. This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network.

  • Page 101: Subnet Addressing

    Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number.
  • Page 102 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet The following table lists the additional subnet mask bits in dotted-decimal notation.

  • Page 103: Private Ip Addresses

    Table 8-2. Netmask Formats 255.255.255.252 255.255.255.254 255.255.255.255 Configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.

  • Page 104: Single Ip Address Operation Using Nat

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router.

  • Page 105: Mac Addresses And Address Resolution Protocol

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router. This filtering can prevent intruders from probing your system.

  • Page 106: Domain Name Server

    Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. Just as...

  • Page 107: What Is A Firewall

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack.

  • Page 108: Category 5 Cable Quality

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Table B-1. UTP Ethernet cable wiring, straight-through Wire color Signal Orange/White Transmit (Tx) + Orange Transmit (Tx) - Green/White Receive (Rx) + Blue Blue/White Green Receive (Rx) - Brown/White Brown Category 5 Cable Quality Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.) or 100 meters (m) in length, divided as follows: 20 ft.

  • Page 109: Inside Twisted Pair Cables

    Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemented internally as part of the circuitry in the device. Computers and workstation adapter cards are usually media-dependent interface ports, called MDI or uplink ports.

  • Page 110: Uplink Switches, Crossover Cables, And Mdi/Mdix Switching

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Figure 8-7: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network.
  • Page 111 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 The FR328S Firewall incorporates Auto Uplink technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g. connecting to a router, switch, or hub).
  • Page 112 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 B-16 Networks, Routing, and Firewall Basics M-10207-01, Reference Manual v2...

  • Page 113: Appendix C Preparing Your Network

    This appendix describes how to prepare your network to connect to the Internet through the FR328S ProSafe Firewall with Dial Back-Up and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of your firewall.

  • Page 114: Configuring Windows 95, 98, And Me For Tcp/Ip Networking

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address.
  • Page 115 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.

  • Page 116: Enabling Dhcp To Automatically Configure Tcp/Ip Settings

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 If you need Client for Microsoft Networks: Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect. Enabling DHCP to Automatically Configure TCP/IP Settings After the TCP/IP protocol components are installed, each PC must be assigned specific information about itself and resources that are available on its network.

  • Page 117: Verifying Tcp/Ip Properties

    From the drop-down box, select your Ethernet adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP address is between 192.168.0.2 and 192.168.0.254 •...

  • Page 118: Verifying Tcp/Ip Properties

    A command window opens Type ipconfig /all Your IP Configuration information will be listed, and should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP address is between 192.168.0.2 and 192.168.0.254 •...

  • Page 119: Macos X

    The TCP/IP Control Panel opens: From the “Connect via” box, select your Macintosh’s Ethernet interface. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty. Close the TCP/IP Control Panel. Repeat this for each Macintosh on your network. MacOS X From the Apple menu, choose System Preferences, then Network.

  • Page 120: Verifying Tcp/Ip Properties For Macintosh Computers

    TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...

  • Page 121: Verifying The Readiness Of Your Internet Account

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.

  • Page 122: Obtaining Isp Configuration Information For Windows Computers

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account’s full server names may look like this: mail.xxx.yyy.com...

  • Page 123: Obtaining Isp Configuration Information For Macintosh Computers

    If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. Select the DNS Configuration tab. If any DNS server addresses are shown, write down the addresses. If any information appears in the Host or Domain information box, write it down.

  • Page 124: Restarting The Network

    FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Restarting the Network Once you’ve set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your FR328S Firewall , you are ready to access and configure the firewall.
  • Page 125 Glossary Use the list below to find definitions for technical terms used in this manual. 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. Access Control List (ACL) An ACL is a database that an Operating System uses to track each user’s access rights to system objects (such as file directories and/or files).
  • Page 126 .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain. Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5...
  • Page 127 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 (known as the upstream rate). ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world gain access. DSLAM DSL Access Multiplexor. The piece of equipment at the telephone company central office that provides the ADSL signal.
  • Page 128 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 recognizes the packet as belonging to a computer within its immediate neighborhood or domain. That gateway then forwards the packet directly to the computer whose address is specified. Because a message is divided into a number of packets, each packet can, if necessary, be sent by a different route across the Internet.
  • Page 129 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 MAC address The Media Access Control address is a unique 48-bit hardware address assigned to every network interface card. Usually written in the form 01:23:45:67:89:ab. Maximum Receive Unit The size in bytes of the largest packet that can be sent or received. Maximum Transmit Unit The size in bytes of the largest packet that can be sent or received.
  • Page 130 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 PPP over Ethernet PPPoE. PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection. PPTP Point-to-Point Tunneling Protocol. A method for establishing a virtual private network (VPN) by embedding Microsoft’s network protocol into Internet packets.
  • Page 131 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 See “Wide Area Network” Also known as World-Wide Web (WWW) or W3. An Internet client-server system to distribute information, based upon the hypertext transfer protocol (HTTP). WEB Proxy Server A Web proxy server is a specialized HTTP server that allows clients access to the Internet from behind a firewall.
  • Page 132 FR328S ProSafe Firewall with Dial Back-Up Reference Manual v2 Glossary M-10207-01, Reference Manual v2...
  • Page 133 Account Name 3-10, 3-11, 3-17 Address Resolution Protocol B-9 Austria 3-17 Auto MDI/MDI-X B-15, G-1 Auto Uplink 2-3, B-15, G-1 backup configuration 6-9 BigPond 3-17 Cabling B-11 Cat5 cable 3-1, B-12, G-2 configuration automatic by DHCP 2-3 backup 6-9 erasing 6-10 router, initial 3-1 crossover cable 2-3, 8-3, B-14, B-15, G-1 customer support 1-iii...
  • Page 134 IANA contacting B-2 IETF B-1 Web site address B-7 inbound rules 5-7 installation 2-3 Internet account address information C-9 establishing C-9 IP addresses C-10, C-11 and NAT B-8 and the Internet B-2 assigning B-2, B-9 auto-generated 8-3 private B-7 translating B-9 IP configuration by DHCP B-10 IP networking for Macintosh C-6...
  • Page 135 publications, related B-1 rear panel 2-6 reserved IP addresses 7-5 reset button, clearing config 8-7 restore factory settings 6-10 1466 B-7, B-9 1597 B-7, B-9 1631 B-8, B-9 finding B-7 RIP (Router Information Protocol) 7-3 router concepts B-1 Routing Information Protocol 2-2, B-2 RTS Threshold 4-3, 4-5, 4-6 rules inbound 5-7...

Table of Contents