NETGEAR FWG114P Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Print Server
  5. FWG114P - ProSafe 802.11g Wireless Firewall
  6. Reference manual

NETGEAR FWG114P Reference Manual

Prosafe wireless 802.11g firewall/print server
Hide thumbs Also See for FWG114P:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual
Reference Manual for the
ProSafe Wireless 802.11g
Firewall/Print Server
Model FWG114P
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10027-01
Version 2.0
March 2004
March 2004, 202-10027-01

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR FWG114P

Summary of Contents for NETGEAR FWG114P

  • Page 1 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10027-01 Version 2.0 March 2004 March 2004, 202-10027-01...
  • Page 3 Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
  • Page 4 March 2004, 202-10027-01...

  • Page 5: Table Of Contents

    Computer Network Configuration Requirements .............3-1 Internet Configuration Requirements ...............3-2 Where Do I Get the Internet Configuration Parameters? .........3-2 Record Your Internet Connection Information ............3-3 Connecting the FWG114P Wireless Firewall/Print Server ..........3-4 Verify That Basic Requirements Are Met ..............3-4 Contents March 2004, 202-10027-01...
  • Page 6 Basic Setup Troubleshooting Tips ..................3-9 FWG114P Setup Wizard Auto Detection ................3-9 Wizard-Detected Login Account Setup ..............3-10 Wizard-Detected Dynamic IP Account Setup ............3-12 Wizard-Detected Fixed IP Account Setup ..............3-13 How to Configure the Serial Port as the Primary Internet Connection ......3-14 Testing Your Internet Connection ..................3-16...
  • Page 7 Print Server Printing Options ......................7-1 For Windows XP and 2000, Use TCP/IP LPR Printing ...........7-2 For Windows 95/98/Me, Use the Netgear Printer Port Driver .........7-5 Printing from the Macintosh ....................7-8 Windows Printer Port Management ................7-9 Troubleshooting the Print Server .................. 7-11...
  • Page 8 How to Use the VPN Wizard to Configure a VPN Tunnel ..........8-15 VPNC Scenario 1: Gateway to Gateway with Preshared Secrets ......8-19 Scenario 1: FWG114P to FWG114P with Preshared Secrets ........8-20 How to Check VPN Connections ................8-24 VPNC Scenario 2: Gateway-to-Gateway with Certificates ........8-25 Scenario 2: FWG114P to FWG114P with Certificates ...........8-26...
  • Page 9 Configuring LAN TCP/IP Setup Parameters ............10-5 Using the Router as a DHCP server ..............10-7 Using Address Reservation ..................10-7 Configuring Static Routes .....................10-8 Enabling Remote Management Access ..............10-10 Using Universal Plug and Play (UPnP) ..............10-11 Advanced Wireless Settings ..................10-12 Chapter 11 Troubleshooting Basic Functioning ......................
  • Page 10 Domain Name Server ....................B-9 IP Configuration by DHCP ..................B-10 Internet Security and Firewalls ..................B-10 What is a Firewall? ....................B-11 Stateful Packet Inspection ..................B-11 Denial of Service Attack ..................B-11 Ethernet Cabling ......................B-11 Category 5 Cable Quality ..................B-12 Inside Twisted Pair Cables ..................
  • Page 11 Outbound Log ........................ D-1 Inbound Log ........................D-2 Other IP Traffic ......................D-2 Router Operation ......................D-3 Other Connections and Traffic to this Router ..............D-4 DoS Attack/Scan ......................D-4 Access Block Site ......................D-6 All Web Sites and News Groups Visited ................ D-6 System Admin Sessions ....................
  • Page 12 NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P Configuration Template ....................G-1 Step-By-Step Configuration of FVS318 or FVM318 Gateway A ........G-2 Step-By-Step Configuration of FWG114P Gateway B ........... G-5 Test the VPN Connection ....................G-9 Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 Configuration Template ....................
  • Page 13 Step-By-Step Configuration of FVS328 Gateway B ............H-7 Test the VPN Connection .................... H-11 Glossary List of Glossary Terms ....................G-1 Index Contents xiii March 2004, 202-10027-01...
  • Page 14 Contents March 2004, 202-10027-01...

  • Page 15: About This Manual

    Congratulations on your purchase of the NETGEAR ® ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P. This chapter introduces important features of this manual. Audience, Conventions, Scope This reference manual assumes that the reader has basic-to-intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and networking technology tutorial information is provided in the appendices.

  • Page 16: How To Use This Manual

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P How to Use this Manual The HTML version of this manual includes a variety of navigation features as well as links to PDF versions of the full manual and individual chapters.

  • Page 17: How To Print This Manual

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P How to Print this Manual To print this manual you may choose one of the following options, according to your needs: • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button the upper right of the toolbar to print the currently displayed topic.
  • Page 18 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P About This Manual March 2004, 202-10027-01...

  • Page 19: Introduction

    FWG114P uses Stateful Packet Inspection for Denial of Service attack (DoS) attack protection and intrusion detection. The FWG114P allows Internet access for up to 253 users. It provides multiple Web content filtering options, plus browsing activity reporting and instant alerts via e-mail.

  • Page 20: Full Routing On Both The Broadband And Serial Ports

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Full Routing on Both the Broadband and Serial Ports You can install, configure, and operate the FWG114P to take full advantage of a variety of routing options on both the serial and broadband WAN ports, including: •...

  • Page 21: Virtual Private Networking

    A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the FWG114P is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include: •...

  • Page 22: Security

    Autosensing Ethernet Connections with Auto Uplink With its internal 8-port 10/100 switch, the FWG114P can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.

  • Page 23: Easy Installation And Management

    The ability to enable or disable IP address sharing by NAT. The FWG114P allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP).

  • Page 24: Package Contents

    — Application Notes and other helpful information. • Registration and Warranty Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the router for repair. Introduction...

  • Page 25: The Fwg114P Front Panel

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P The FWG114P Front Panel The front panel of the FWG114P contains the status LEDs. Use the LEDs to verify various operations. Viewed from left to right, Table 2-1 describes the LEDs on the front of the router.

  • Page 26: The Fwg114P Rear Panel

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P The FWG114P Rear Panel The rear panel of the FWG114P Wireless Firewall/Print Server contains the port connections listed below. LO CA L 10/100M IN TER N ET MODEM 12VDC, 1.0A...

  • Page 27: Connecting The Fwg114P To The Internet

    This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You will find out how to configure your ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P for Internet access using the Setup Wizard, or how to manually configure your Internet connection.

  • Page 28: Internet Configuration Requirements

    • You may also refer to the FWG114P Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the...

  • Page 29: Record Your Internet Connection Information

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP.

  • Page 30: Connecting The Fwg114P Wireless Firewall/Print Server

    Connecting the FWG114P Wireless Firewall/Print Server This section provides instructions for connecting the FWG114P Wireless Firewall/Print Server. Also, the Resource CD for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P (SW-10023-02), included with your router, contains an animated Installation Assistant to help you through this procedure.
  • Page 31 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Securely insert the Ethernet cable from your broadband modem into the Internet port (B) on the FWG114P. Internet Port LO CA L 10/100M IN TER N ET MODEM 12VDC, 1.0A...
  • Page 32 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P ESTART YOUR NETWORK IN THE CORRECT SEQUENCE Warning: Failure to restart your network in the correct sequence could prevent you from connecting to the Internet. First, turn on the broadband modem and wait 2 minutes.
  • Page 33 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P OG IN TO THE WIRELESS FIREWALL PRINT SERVER From your PC, launch your Internet browser. Because you are not yet connected to the Internet, your browser will display a page not found message.

  • Page 34: Private Ip Addresses

    Note: If you choose not to use NAT, each computer on the LAN connected to the FWG114P must have a valid public IP address in the same subnet as the Wan port of the FWG114P. For more information on NAT, please see “Single IP Address Operation Using...

  • Page 35: Basic Setup Troubleshooting Tips

    There are two ways you can configure your firewall to connect to the Internet: • Let the FWG114P auto-detect the type of Internet connection you have and configure it. • Manually choose which type of Internet connection you have and configure it.

  • Page 36: Wizard-Detected Login Account Setup

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P • Fixed IP address assignment Next, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration menu. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your firewall and the cable or DSL modem.

  • Page 37: Domain Name Server

    Note: If you enter an address here, after you finish configuring the firewall, reboot your PCs so that the settings take effect. Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting”.

  • Page 38: Wizard-Detected Dynamic Ip Account Setup

    Note: DNS servers are required to perform the function of translating an Internet name, such as www.netgear.com to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here. You should reboot your PCs after configuring the firewall for these settings to take effect.

  • Page 39: Wizard-Detected Fixed Ip Account Setup

    This feature allows your firewall to masquerade as that computer by using its MAC address. Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting”.

  • Page 40: How To Configure The Serial Port As The Primary Internet Connection

    Follow the steps below to configure a serial port Internet connection on your firewall. Connect the Firewall to your ISDN or dial-up modem Turn off your modem and connect the cable from the serial port of the FWG114P to the modem.
  • Page 41 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Figure 3-11: Serial Internet Connection configuration menu Fill in the ISDN or analog ISP Internet configuration parameters as appropriate: • For a Dial-up Account, enter the Account information. Check “Connect as required”...

  • Page 42: Testing Your Internet Connection

    Note: You can validate modem string settings by first connecting the modem directly to a computer, establishing a connection to your ISP, and then copying the modem string settings from the computer configuration and pasting them into the FWG114P Modem Properties Initial String field. For more information on this procedure, please refer to the support area of the NETGEAR Web site.

  • Page 43: Manually Configuring Your Internet Connection

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.

  • Page 44: How To Manually Configure The Primary Internet Connection

    Note: Disabling NAT will reboot the router and reset all the FWG114P configuration settings to the factory default. Disable NAT only if you plan to install the FWG114P in a setting where you will be manually administering the IP address space on the LAN side of the router.
  • Page 45 ISP. Or, select “Use This MAC Address” and enter it. Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 11, “Troubleshooting.”...
  • Page 46 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P 3-20 Connecting the FWG114P to the Internet March 2004, 202-10027-01...

  • Page 47: Wireless Configuration

    Observing Performance, Placement, and Range Guidelines In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your FWG114P in order to maximize the network speed. For further information on wireless networking, refer to in Appendix E, “Wireless Networking...

  • Page 48: Implementing Appropriate Wireless Security

    Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the FWG114P. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.

  • Page 49: Understanding Wireless Settings

    Understanding Wireless Settings To configure the wireless settings of your FWG114P, click the Wireless link in the Setup section of the main menu. The wireless settings menu will appear, as shown below. Figure 4-2: Wireless Settings menu Note: The 802.11b and 802.11g wireless networking protocols are configured in exactly...
  • Page 50 SSID for that network. The FWG114P default SSID is: NETGEAR. — Region. This field identifies the region where the FWG114P can be used. It may not be legal to operate the wireless features of the wireless firewall/print server in a region other than one of those identified in this field.
  • Page 51 • If Shared or Open Network Authentication is enabled, you can choose 64- or 128-bit WEP data encryption. Note: With Open Network Authentication and 64- or 128-bit WEP Data Encryption, the FWG114P does perform 64- or 128-bit data encryption but does not perform any authentication. Security Encryption (WEP) Key These key values must be identical on all wireless devices in your network (key 1 must be the same for all, key 2 must be the same for all, and so on).
  • Page 52 Enter the port number used for connections to the Radius Server. • Radius Shared Key Enter the desired value for the Radius shared key. This key enables the FWG114P to log in to the Radius server and must match the value used on the Radius server.

  • Page 53: Default Factory Settings

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Default Factory Settings The FWG114P default factory settings shown below. You can restore these defaults with the Factory Default Restore button on the rear panel as seen in the illustration “FWG114P Rear Panel”...

  • Page 54: Before You Change The Ssid And Wep Settings

    • SSID: The Service Set Identification (SSID) identifies the wireless local area network. Wireless is the default FWG114P SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below. Note: The SSID in the wireless firewall/print server is the SSID you configure in the wireless adapter card.

  • Page 55: How To Set Up And Test Basic Wireless Connectivity

    The SSID for any wireless device communicating with the access point must match the SSID configured in the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P. If they do not match, you will not get a wireless connection to the FWG114P. Set the Channel.

  • Page 56: How To Restrict Wireless Access By Mac Address

    Program the wireless adapter of your PCs to have the same SSID that you configured in the FWG114P. Check that they have a wireless link and are able to obtain an IP address by DHCP from the wireless firewall/print server.

  • Page 57: How To Configure Wep

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Be sure to click Apply to save your trusted wireless PCs list settings. Now, only devices on this list will be allowed to wirelessly connect to the FWG114P. To remove a MAC address from the table, click to select it, then click the Delete button.

  • Page 58: How To Configure Wpa

    LAN address and password you have set up. Click Wireless Settings in the Setup section of the main menu of the FWG114P. Figure 4-4: Wireless Settings menu Choose the WPA radio button. The WPA menu will open.

  • Page 59: How To Configure Wpa-Psk

    LAN address and password you have set up. Click Wireless Settings in the Setup section of the main menu of the FWG114P. Choose the WPA-PSK radio button. The WPA-PSK menu will open.
  • Page 60 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P 4-14 Wireless Configuration March 2004, 202-10027-01...

  • Page 61: Serial Port Configuration

    (WAN), LAN, and serial network interfaces. Note: If you configure the serial port of the FWG114P as the primary Internet connection, you will not be able to configure the other serial port options. For instructions on configuring the serial port as the primary Internet connection, please see “How to Configure the Serial Port as the Primary...

  • Page 62: Configuring A Serial Port Modem

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Configuring a Serial Port Modem You can configure a serial port modem for any of the features described above. Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure.

  • Page 63: Configuring Auto-Rollover

    Click Apply to save your settings. Configuring Auto-Rollover You can configure the serial port of the FWG114P to provide an auto-rollover backup connection for your broadband service. Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure.

  • Page 64: Configuring Dial-In On The Serial Port

    Click Apply for the changes to take effect. Configuring Dial-in on the Serial Port Dial-in lets a single remote computer connect to the FWG114P through the serial port to gain access to LAN resources or a remote access server. Be sure you have prepared the basic requirements listed below, then follow the ‘how to’ procedure.

  • Page 65: Basic Requirements For Dial-In

    Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Basic Requirements for Dial-in Dial-in requires these elements: A broadband connection to the FWG114P. An analog phone line. A serial modem properly configured and attached to the DB9 connector on the serial port.

  • Page 66: Configuring Lan-To-Lan Settings

    A serial modem properly configured and attached to the DB9 connector on the serial port. A broadband connection to one FWG114P for LAN-to-LAN auto-rollover Internet access. The LAN-to-LAN settings configured and applied to the two FWG114P wireless firewall/print servers. How to Configure LAN-to-LAN Connections Follow these steps to configure a serial port LAN-to-LAN connection.
  • Page 67 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Figure 5-5: LAN-to-LAN configuration menu Configure the LAN-to-LAN settings. Note: The LAN subnet address of each FWG114P must be different. Click Apply for the changes to take effect. Serial Port Configuration...
  • Page 68 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Serial Port Configuration March 2004, 202-10027-01M-10207-01, Reference Manual v2...

  • Page 69: Stateful Packet Inspection

    This chapter describes how to use the content filtering features of the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P to protect your network. These features can be found by clicking on the Content Filtering heading in the Main Menu of the browser interface.
  • Page 70 Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P • Web addresses • Web address keywords These options are discussed below. The Keyword Blocking menu is shown here. Figure 6-1: Block Sites menu To enable filtering, click the checkbox next to the type of filtering you want to enable. The filtering choices are: •...

Table of Contents