NETGEAR ProSafe Quad WAN FR538G Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Firewall
  5. ProSafe Quad WAN FR538G
  6. Reference manual

NETGEAR ProSafe Quad WAN FR538G Reference Manual

Gigabit firewall
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
ProSafe Quad WAN
Gigabit Firewall FR538G
Reference Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
November 2007
202-10289-01
v1.0

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ProSafe Quad WAN FR538G and is the answer not in the manual?

Questions and answers

Related Manuals for NETGEAR ProSafe Quad WAN FR538G

Summary of Contents for NETGEAR ProSafe Quad WAN FR538G

  • Page 1 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA November 2007 202-10289-01 v1.0...
  • Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations. Additional Copyrights Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK. All rights reserved.
  • Page 4 Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Page 5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.
  • Page 6 Safety Precautions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. To reduce the risk of bodily injury, electrical shock, fire, and damage to the equipment, observe the following precautions: •...

  • Page 7: Table Of Contents

    Contents About This Manual Conventions, Formats and Scope ...................xiii How to Use This Manual ....................xiv How to Print this Manual ....................xiv Revision History ....................... xv Chapter 1 Introduction Key Features ........................1-1 Quad WAN Ports for Increased Reliability or Outbound Load Balancing ....1-2 A Powerful, True Firewall with Content Filtering ............1-2 Security Features .....................1-2 Autosensing Ethernet Connections with Auto Uplink ..........1-3...
  • Page 8 Connecting Your Router in Transparent Bridge Mode ............2-7 Programming the Traffic Meter (if Desired) ..............2-9 Configuring the WAN Mode (Required for Quad WAN) ..........2-11 Setting Up Auto-Rollover Mode ................2-12 Setting Up Load Balancing ..................2-14 Configuring Dynamic DNS (If Needed) .................2-17 Configuring the Advanced WAN Options (If Needed) ...........2-20 Chapter 3 LAN Configuration...
  • Page 9 LAN DMZ Outbound Services Rules ...............4-13 LAN DMZ Inbound Services Rules ..............4-13 Inbound Rules Examples ..................4-14 LAN WAN Inbound Rule: Hosting A Local Public Web Server ......4-14 LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses 4-14 LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping 4-15 LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host .....4-17 Outbound Rules Example ..................4-18 LAN WAN Outbound Rule: Blocking Instant Messenger .........4-18...
  • Page 10 Enabling Remote Management Access ..............5-10 Using a SNMP Manager ..................5-11 Enabling UPnP (Universal Plug and Play) .............5-13 Settings Backup and Firmware Upgrade ...............5-14 Backup and Restore Settings ................5-14 Router Upgrade ....................5-15 Setting the Time Zone ....................5-17 Monitoring the Router ....................5-18 Enabling the Traffic Meter ..................5-18 Setting Login Failures and Attacks Notification ............5-20 Monitoring Attached Devices .................5-21...
  • Page 11 Appendix A Default Settings and Technical Specifications Appendix B Command Line Interface Guide Common ........................B-2 System ........................... B-3 Firewall .......................... B-3 Network Configuration ....................B-7 Diagnostic/Monitor ....................... B-12 Appendix C Related Documents Appendix D Network Planning for Quad WAN Ports What You Will Need to Do Before You Begin ..............
  • Page 12 Contents v1.0, November 2007...

  • Page 13: About This Manual

    About This Manual The NETGEAR ® ProSafe™ Quad WAN Gigabit Firewall describes how to install, configure and troubleshoot the ProSafe Quad WAN Gigabit Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in the following paragraphs.

  • Page 14: How To Use This Manual

    For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix C, “Related Documents.” Note: Updates to this product are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/FR538G.asp. How to Use This Manual The HTML version of this manual includes the following: •...

  • Page 15: Revision History

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
  • Page 16 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual v1.0, November 2007...

  • Page 17: Introduction

    • Quality of Service (QoS) support for traffic prioritization, voice, and multimedia. • One console port for local management. • SNMP Manageable, optimized for the NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. •...

  • Page 18: Quad Wan Ports For Increased Reliability Or Outbound Load Balancing

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Quad WAN Ports for Increased Reliability or Outbound Load Balancing The FR538G has four broadband WAN ports (WAN1, WAN2, WAN3 and WAN4) capable of operating independently at speeds of 10 MBps, 100 Mbps or 1G. The four WAN ports let you connect a second broadband Internet line that can be configured on a mutually-exclusive basis to: •...

  • Page 19: Autosensing Ethernet Connections With Auto Uplink

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • PCs Hidden by NAT. NAT opens a temporary path to the Internet for requests originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN. •...

  • Page 20: Easy Installation And Management

    Visual monitoring. The quad WAN gigabit firewall’s front panel LEDs provide an easy way to monitor its status and activity. Maintenance and Support NETGEAR offers the following features to help you maximize your use of the quad WAN gigabit firewall: •...

  • Page 21: Package Contents

    • Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. Router Front Panel The ProSafe Quad WAN Gigabit Firewall front panel shown below contains the port connections, status LEDs, and the factory defaults reset button.
  • Page 22 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 1-1. Object Descriptions Object Activity Description On (Green) Power is supplied to the firewall. 1. Power Power is not supplied to the firewall. On (Amber) Test mode: The system is initializing or the initialization has failed. Blinking (Amber) Writing to Flash memory (during upgrading or resetting to defaults).

  • Page 23: Router Rear Panel

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Router Rear Panel The rear panel of the ProSafe Quad WAN Gigabit Firewall (Figure 1-2) contains the On/Off switch and AC power connection. Figure 1-2 Viewed from left to right, the rear panel contains the following elements: 1.

  • Page 24: The Router's Ip Address, Login Name, And Password

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual The Router’s IP Address, Login Name, and Password Check the label on the bottom of the FR538G’s enclosure if you forget the following factory default information: • IP Address: to reach the Web-based GUI from the LAN http://192.168.1.1 •...
  • Page 25 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3. Once the login screen displays (Figure 1-5), enter the following information: • for User Name admin • for Password password Introduction v1.0, November 2007...
  • Page 26 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1-10 Introduction v1.0, November 2007...
  • Page 27 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Introduction 1-11 v1.0, November 2007...
  • Page 28 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1-12 Introduction v1.0, November 2007...

  • Page 29: Connecting The Fr538G

    Chapter 2 Connecting the FR538G You can connect your router to the Internet directly, or set up one or more of the WAN ports in Bridge Mode. In Bridge Mode, your router acts as a transparent bridge for connecting two network segments.

  • Page 30: Configuring The Wan Port Internet Connections

    Test LED to go out. Make sure your Ethernet and LAN LEDs are lit. (See the Installation Guide, FR538G ProSafe Quad WAN Gigabit Firewall for complete steps. A PDF of the Installation Guide is on your Resource CD and on the NETGEAR website at: http://kbserver.netgear.com.) 2.
  • Page 31 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 2-1 2. Click Auto Detect at the bottom of the screen to automatically detect the type of Internet connection provided by your ISP. Auto Detect will probe for different connection methods and suggest one that your ISP will most likely support.
  • Page 32 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 2-1. Internet connection methods (continued) Connection Method Data Required PPTP Login (Username, Password), Account Name, Local IP address, and PPTP Server IP address; BigPond Cable Login Username, Password), Login Server. DHCP (Dynamic IP) No data is required.

  • Page 33: Setting The Router's Mac Address

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual The configure WAN2 Settings, WAN3 Settings and WAN4 Settings: 1. Repeat the above steps to set up the parameters for WAN2, WAN3 and WAN4. Start by selecting the WAN2 Settings tab. Next click Auto Detect on the WAN2 Settings screen and then confirm the connection by clicking the WAN Status link.
  • Page 34 Login Server and Idle Timeout fields. The Login Server is the IP address of the local BigPond Login Server in your area. You can find login server information at http://www.netgear.com.sg/support/bigpond.asp 3. If your ISP has assigned a fixed (static or permanent) IP address, select the Use Static IP Address radio box and fill in the following fields: a.

  • Page 35: Connecting Your Router In Transparent Bridge Mode

    6. Click Reset to discard any changes and revert to the previous settings. 7. Click Test to try and connect to the NETGEAR Web site. If you connect successfully and your settings work, then you may click Logout or go on and configure additional settings.
  • Page 36 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 4. Check the Use Static IP Address radio box in the Internet (IP) Address Section and fill in the following fields: a. IP Address: Enter the WAN IP address of the network server. b.

  • Page 37: Programming The Traffic Meter (If Desired)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Programming the Traffic Meter (if Desired) The traffic meter is useful when an ISP charges by traffic volume over a given period of time or if you want to look at traffic types over a period of time. To enable the traffic meter: 1.
  • Page 38 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3. Select the WAN2 Traffic Meter tab, WAN3 Traffic Meter tab, and WAN4 Traffic Meter tab and repeat steps 1 through 3 to set the Traffic Meter for all the WAN ports. Table 2-2.

  • Page 39: Configuring The Wan Mode (Required For Quad Wan)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 2-2. Traffic Meter Settings Parameter Description Internet Traffic This displays statistics on Internet Traffic via the WAN port. If you have not enabled Statistics the Traffic Meter, these statistics are not available. Traffic by Protocol Click this link if you want to know more details of the Internet Traffic.

  • Page 40: Setting Up Auto-Rollover Mode

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – The Router uses NAT to select the correct PC (on your LAN) to receive any incoming data. – If you only have a single Internet IP address, you MUST use NAT. NAT is the default setting.
  • Page 41 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • DNS lookup using configured DNS Servers (ISP DNS Servers) – In this case, DNS queries are sent to the DNS server configured on the WAN ISP pages (see “Configuring the WAN Port Internet Connections” on page 2-2).

  • Page 42: Setting Up Load Balancing

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Once a rollover occurs, an alert will be generated (see “E-Mail Notifications of Event Logs and Alerts” on page 4-34). When notified that the failed WAN interface has been restored, you can force traffic back on the original primary WAN interface by reapplying the Auto-Rollover settings in the WAN Port Mode menu.
  • Page 43 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 2-6 2. Enter the following data in the Add Protocol Binding section: a. Service – From the pull-down menu, select the desired Services or applications to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see “Services-Based Rules”...
  • Page 44 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Address range – If this option is selected, you must enter the start and finish fields. • Group 1-Group 8 – If this option is selected, the devices assigned to this group will be affected.

  • Page 45: Configuring Dynamic Dns (If Needed)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 2-7 Configuring Dynamic DNS (If Needed) Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, TZO.com or Iego.net.
  • Page 46 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual IP address will be, and the address can change frequently—hence, the need for a commercial DDNS service, which allows you to register an extension to its domain, and restores DNS requests for the resulting FQDN to your frequently-changing IP address. After you have configured your account information in the firewall, whenever your ISP-assigned IP address changes, your firewall will automatically contact your DDNS service provider, log in to your account, and register your new IP address.
  • Page 47 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual DDNS links Figure 2-8 4. After setting up your account, return to the Dynamic DNS Configuration screen and fill in the required fields for the DDNS service you selected: a. In the Host and Domain Name field, enter the entire FQDN name that your dynamic DNS service provider gave you (for example: <yourname>.dyndns.org).

  • Page 48: Configuring The Advanced Wan Options (If Needed)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual b. Enter the User Name, User email Address, or Account Name requested by the DDNS Service to identify you when logging into your DDNS account. c. Enter the Password, or User Key, for your DDNS account. d.
  • Page 49 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3. Edit the default information you want to change. • MTU Size – The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs you may have to reduce the MTU.
  • Page 50 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 2-22 Connecting the FR538G v1.0, November 2007...

  • Page 51: Lan Configuration

    Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Quad WAN Gigabit Firewall. These features can be found by selecting Network Configuration from the primary menu and LAN Setup from the submenu of the browser interface. Using the Firewall as a DHCP server By default, the firewall will function as a DHCP (Dynamic Host Configuration Protocol) server, allowing it to assign IP, DNS server, WINS Server, and default gateway addresses to all computers...

  • Page 52: Configuring The Lan Setup Options

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Configuring the LAN Setup Options The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and allows you to configure a secondary or “multi-home” LAN IP setup in the LAN. The default values are suitable for most users and situations.
  • Page 53 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 4. Check the Enable DHCP Server radio button. By default, the router will function as a DHCP (Dynamic Host Configuration Protocol) server, providing TCP/IP configuration for all computers connected to the router's LAN. If another device on your network will be the DHCP server, or if you will manually configure all devices, check the Disable DHCP Server radio button.

  • Page 54: Configuring Multi Home Lan Ips

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 6. Click Reset to discard any changes and revert to the previous configuration. Note: Once you have completed the LAN IP setup, all outbound traffic is allowed and all inbound traffic is discarded. To change these traffic rules, refer to Chapter 4, “Firewall Protection and Content Filtering.
  • Page 55 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-2 Note: Additional IP addresses cannot be configured in the DHCP server. The hosts on the secondary subnets must be manually configured with IP addresses, gateway IP and DNS server IPs. To make changes to the selected entry: 1.

  • Page 56: Configuring Port Mirror

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3. Click Reset to discard any changes and revert to the previous settings. Tip: The Secondary LAN IP address will be assigned to the LAN interface of the router and can be used as a gateway by the secondary subnet. Configuring Port Mirror Port Mirror is a mechanism for enhancing the security on local area networks by configuring one port to monitor the other ports.

  • Page 57: Port Management

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-3 Port Management Port Management allows you to manage specific features for each LAN port: • The QoS priority for each port (either high or normal). • Set the Mbps speed for each LAN port and whether it is to operate at full-duplex or half- duplex.

  • Page 58: Managing Groups And Hosts (Lan Groups)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-4 Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table on the Groups and Hosts screen contains a list of all known PCs and network devices, as well as hosts, that are assigned dynamic IP addresses by this router. Collectively, these entries make up the Network Database.

  • Page 59: Creating The Network Database

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Scanning the Network. The local network is scanned using standard methods such as ARP. This will detect active devices which are not DHCP clients. However, sometimes the name of the PC or device cannot be accurately determined, and will be shown as Unknown. Creating the Network Database Some advantages of the Network Database are: •...
  • Page 60 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • IP Address: The current IP address of the computer. For DHCP clients of the router, this IP address will not change. If a computer is assigned a static IP addresses, you will need to update this entry manually if the IP address on the computer has been changed.
  • Page 61 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 7. Click Add. The device will be added to the Known PCs and Devices table. Figure 3-5 To edit the information of any of the Known PCs or Devices: 1. Click Edit in the Action column opposite the name of the device. The Edit Groups and Hosts screen will display.

  • Page 62: Setting Up Address Reservation

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 4. Click Apply to save the settings. Figure 3-6 Setting Up Address Reservation When you specify a reserved IP address for a device on the LAN (based on the MAC address of the device), that computer or device will always receive the same IP address each time it accesses the firewall’s DHCP server.
  • Page 63 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual server, or email server, for example) and give public access to them. The fourth LAN port on the router can be dedicated as a hardware DMZ port for safely providing services to the Internet, without compromising security on your LAN.
  • Page 64 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-7 4. If desired, Enable the DHCP Server (Dynamic Host Configuration Protocol), which will provide TCP/IP configuration for all computers connected to the router’s DMZ network. Then configure the following items: a.

  • Page 65: Static Routes

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual To define the DMZ WAN Rules and LAN DMZ Rules, see “Setting DMZ WAN Rules” on page 4-10 “Setting LAN DMZ Rules” on page 4-12, respectively. Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes.
  • Page 66 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-8 4. Select Active to make this route effective. 5. Select Private if you want to limit access to the LAN only. The static route will not be advertised in RIP. 6.

  • Page 67: Routing Information Protocol (Rip)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks (LANs). It allows a router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.
  • Page 68 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-9 3. From the RIP Version pull-down menu, select the version: • RIP-1 – A classful routing that does not include subnet information. This is the most commonly supported version. • RIP-2 –...

  • Page 69: Static Route Example

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Static Route Example For example, you may require a static route if: • Your primary Internet access is through a cable modem to an ISP. • You have an ISDN firewall on your home network for connecting to the company where you are employed.
  • Page 70 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 3-10 As an option, you may also import a file by using the following symtax rules: 1. The file content must be a text file. 2. You must use the following syntax rules to compose your file: network xxx.xxx.xxx.xxx mask yyy.yyy.yyy.yyy or host zzz.zzz.zzz.zzz where:...
  • Page 71 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual For example: network 60.12.32.0 mask 255.255.240.0 network 60.12.48.0 mask 255.255.248.0 host 60.12.56.0 host 60.12.56.1 network 60.12.56.2 mask 255.255.255.254 network 60.12.56.4 mask 255.255.255.252 LAN Configuration 3-21 v1.0, November 2007...
  • Page 72 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3-22 LAN Configuration v1.0, November 2007...

  • Page 73: Firewall Protection And Content Filtering

    Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Quad WAN Gigabit Firewall to protect your network. These features can be found by selecting Security from the main menu and selecting Block Sites from the submenu of the browser interface. About Firewall Protection and Content Filtering The ProSafe Quad WAN Gigabit Firewall provides you with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail.

  • Page 74: Services-Based Rules

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the FR538G are: • Inbound: Block all access from outside except responses to requests from the LAN side. •...
  • Page 75 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 4-1. Outbound Rules Item Description Service Name Select the desired Service or application to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see “Adding Customized Services”...

  • Page 76: Inbound Rules (Port Forwarding)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 4-1. Outbound Rules (continued) Item Description DMZ Users These settings determine which DMZ computers on DMZ network are affected by this rule. Select the desired options. • Any – All PCs and devices on your DMZ network. •...
  • Page 77 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Local PCs must access the local server using the PCs’ local LAN address. Attempts by local PCs to access the server using the external WAN IP address will fail. Note: See “Setting Up Port Triggering (in NAT mode)”...
  • Page 78 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 4-2. Inbound Rules (continued) Item Description WAN Users These settings determine which Internet locations are covered by the rule, based on their IP addresses. Select the desired option: • Any – All Internet IP address are covered by this rule. •...

  • Page 79: Order Of Precedence For Rules

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu as the last item in the list, as shown in Figure 4-1: Figure 4-1 For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules Table, beginning at the top and proceeding to the bottom.
  • Page 80 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1. Select Security from the main menu and Firewall Rules from the submenu. The LAN WAN Rules screen will display. 2. Change the Default Outbound Policy by selecting Block Always from the drop-down menu and click Apply..

  • Page 81: Lan Wan Outbound Services Rules

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual LAN WAN Outbound Services Rules You may define rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day.

  • Page 82: Setting Dmz Wan Rules

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual allowing inbound services opens holes in your firewall. Only enable those ports that are necessary for your network. To create a new inbound service rule: 1. Click Add under the Inbound Services Table. The Add LAN WAN Inbound Service screen will display.
  • Page 83 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual (Inbound). The default outbound policy can be changed to block all outbound traffic and enable only specific services to pass through the router by adding an Outbound services Rule. Figure 4-5 To change the Default Outbound Policy: 1.

  • Page 84: Setting Lan Dmz Rules

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual The procedures described in “Setting LAN WAN Rules” on page 4-7 for setting inbound and outbound rules on the standard LAN firewall are the same as the procedures used for setting inbound and outbound rules on the DMZ port firewall. Setting LAN DMZ Rules The LAN DMZ Rules screen allows you to create rules that define the movement of traffic between the LAN and the DMZ.

  • Page 85: Lan Dmz Outbound Services Rules

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Click Disable to disable the rule. The “!” Status icon will change from green to grey, indicating that the rule is disabled. (By default, when a rule is added to the table it is automatically enabled.) •...

  • Page 86: Inbound Rules Examples

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 2. Complete the Inbound Service screen and save the data (see “Inbound Rules (Port Forwarding)” on page 4-4). 3. Click Reset to cancel your settings and return to the previous settings. 4. Click Apply to save your settings. The new rule will be added to the Inbound Services table. Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web...

  • Page 87: Lan Wan Or Dmz Wan Inbound Rule: Setting Up One-To-One Nat Mapping

    Internet access to your LAN PCs through NAT. The other addresses are available to map to your servers. The following addressing scheme is used to illustrate this procedure: • NETGEAR FR538G ProSafe Quad WAN Gigabit Firewall – WAN1 IP address: 10.1.0.118 –...
  • Page 88 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – Access to Web server is (simulated) public IP address: 10.1.0.52 Tip: If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ.

  • Page 89: Lan Wan Or Dmz Wan Inbound Rule: Specifying An Exposed Host

    1. Create an inbound rule that allows all protocols. 2. Place the rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.

  • Page 90: Outbound Rules Example

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1. Select Any and Allow Always (or Allow by Schedule) 2. Place rule below all other inbound rules Figure 4-12 Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger, Real Audio or other non-essential sites.

  • Page 91: Implementing Dos And Ddos

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-13 Implementing DoS and DDoS This screen allows you to specify whether or not the router should be protected against DoS (denial of service) and (distributed denial of service) attacks in the DMZ, LAN and WAN networks.

  • Page 92: Imposing Session Limits

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – Block UDP Flood. A UDP flood is a form of denial of service attack that can be initiated when one machine sends a large number of UDP packets to random ports on a remote host.
  • Page 93 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual etc., from using up all the sessions. The various options for session limit configuration are listed below: • Disable – No session limit is imposed on any network client. Any client can use as many sessions as allowed by the router.

  • Page 94: Setting Up P2P Software Prevention

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-15 Setting Up P2P Software Prevention P2P Software Prevention is used to enable or disable the specific P2P applications to protect your computer. You can also add custom P2P applications. P2P software prevention is disabled by default.
  • Page 95 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-16 To enable services in the P2P Application Services Table: 1. Select the checkbox adjacent to the service you want to enable. 2. Click enable. The Status ! icon will turn from gray to green to indicate that the service has been enabled.

  • Page 96: Adding Customized Services

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Adding Customized Services Services are functions performed by server computers at the request of client computers. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.
  • Page 97 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-17 To add a customized service: 1. Select Security from the main menu and Services from the submenu. The Services screen will display. 2. In the Add Custom Service table, enter a descriptive name for the service (this is for your convenience).

  • Page 98: Setting A Schedule To Block Or Allow Specific Traffic

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1. In the Custom Services Table, click the Edit icon adjacent to the service you want to edit. The Edit Service screen will display. 2. Modify the parameters you wish to change. 3.

  • Page 99: Setting Block Sites (Content Filtering)

    Web site is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message. Several types of blocking are available: •...
  • Page 100 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual You can bypass Keyword blocking for Trusted IPs by adding the Trusted IP Address in the Trusted IP fields and selecting the Allow Trusted IP address to Visit Block sites. Access to the domains or keywords from this IP address still be allowed without any blocking.

  • Page 101: Enabling Ip/Mac Binding

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-19 Enabling IP/MAC Binding IP/MAC binding allows you to assign a fixed IP address to a client. This IP address does not change over time even after the router is rebooted. Once configured, the particular client will use the same IP address for all connections.
  • Page 102 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-20 To add IP/MAC binding: 1. Select Security > IP/MAC Binding from the main menu. The IP/MAC Binding screen will display. 2. Click the Yes radio box to Enable IP/MAC Binding. IP/MAC binding is disabled by default. 3.

  • Page 103: Setting Up Port Triggering (In Nat Mode)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Setting Up Port Triggering (in NAT mode) This screen is used when the router is in NAT mode to configure port triggering for applications. Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly.
  • Page 104 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • After a PC has finished using a Port Triggering application, there is a Time-out period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated.
  • Page 105 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 4-21 To edit or modify a rule: 1. Click Edit in the Action column opposite the rule you wish to edit. The Edit Port Triggering Rule screen will display. Firewall Protection and Content Filtering 4-33 v1.0, November 2007...

  • Page 106: E-Mail Notifications Of Event Logs And Alerts

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 2. Modify any of the fields for this rule. 3. Click Reset to cancel any changes and return to the previous settings. 4. Click Apply to save your modifications. Your changes will appear in the Port Triggering Rules table.
  • Page 107 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual page 4-37). Selecting all events will increase the size of the log, so it is good practice to select only those events which are required. Figure 4-23 To set up Firewall Logs and E-mail alerts: 1.
  • Page 108 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3. In the Security Logs section, check the network segments radio box for which you would like logs to be sent (for example, LAN to WAN under Dropped Packets). 4. In the System Logs section, check the radio box for the type of system events to be logged. 5.
  • Page 109 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 4-3. SysLog Facility Message Levels (continued) Numerical Code Severity Warning: Warning conditions Notice: Normal but significant conditions Informational: Informational messages Debug: Debug level messages To view the Firewall logs: 1. Click the View link icon opposite the Firewall Logs & E-mail tab. The Logs screen will display.

  • Page 110: Administrator Tips

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 4-4. Firewall Log Field Descriptions Field Description Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address of the initiating device for this log entry.
  • Page 111 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Firewall Protection and Content Filtering 4-39 v1.0, November 2007...
  • Page 112 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 4-40 Firewall Protection and Content Filtering v1.0, November 2007...

  • Page 113: Router And Network Management

    Chapter 5 Router and Network Management This chapter describes how to use the network management features of your ProSafe Quad WAN Gigabit Firewall. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The ProSafe Quad WAN Gigabit Firewall offers many tools for managing the network traffic to optimize its performance.

  • Page 114: Quad Wan Gigabit Firewall Features That Reduce Traffic

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Using the quad WAN ports in load balancing mode increases the bandwidth capacity of the WAN side of the quad WAN gigabit firewall. But there is no backup in case one of the WAN ports fail. In such an event and with one exception, the traffic that would have been sent on the failed WAN port gets diverted to the WAN port that is still working, thus increasing its loading.
  • Page 115 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – Address range: The rule is applied to a range of addresses. – Groups: The rule is applied to a Group (see “Managing Groups and Hosts (LAN Groups)” on page 3-8) to assign PCs to a Group using Network Database). •...

  • Page 116: Ip/Mac Binding

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Schedule. If you have set firewall rules on the Rules screen, you can configure three different schedules (schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a schedule is configured, it affects all Rules that use this schedule.

  • Page 117: Port Forwarding

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Port forwarding • Port triggering • DMZ port • Exposed hosts Port Forwarding The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the service is unavailable).
  • Page 118 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • WAN Users – These settings determine which Internet locations are covered by the rule, based on their IP address. – Any: The rule applies to all Internet IP address. – Single address: The rule applies to a single Internet IP address. –...

  • Page 119: Using Qos To Shift The Traffic Mix

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – After a PC has finished using a Port Triggering application, there is a time-out period before the application can be used by another PC. This is required because the firewall cannot be sure when the application has terminated. “Setting Up Port Triggering (in NAT mode)”...

  • Page 120: Tools For Traffic Management

    Changing Passwords and Settings The default passwords for the firewall’s Web Configuration Manager is password. Netgear recommends that you change this password to a more secure password. You can also configure a separate password for guests.

  • Page 121: Enabling Remote Management Access

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-1 Note: The password and time-out value you enter will be changed back to password and 5 minutes, respectively, after a factory defaults reset. Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your quad WAN gigabit firewall.
  • Page 122 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-2 To configure your firewall for Remote Management: 1. Select Administration from the main menu and Remote Management from the submenu. The Remote Management screen will display. 2. Check Allow Remote Management radio box. 3.

  • Page 123: Using A Snmp Manager

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 5. Click Apply to have your changes take effect. When accessing your firewall from the Internet enter http:// and type your Firewall’s WAN IP address into your browser, followed by a colon (:) and the custom port number. For example, if your WAN IP address is 134.177.0.123 and you use port number 8080, type the following in your browser: http://134.177.0.123:8080...
  • Page 124 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • If you want to make the quad WAN gigabit firewall globally accessible using the community string, but still receive traps on the host, enter 0.0.0.0 as the Subnet Mask and an IP Address for where the traps will be received. 3.

  • Page 125: Enabling Upnp (Universal Plug And Play)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Enabling UPnP (Universal Plug and Play) The UPnP architecture supports zero-configuration, and automatic discovery of networking device categories from a range of vendors; any device can dynamically join a network, obtain an IP address, announce its name, convey its capabilities upon request, and learn about the presence and capabilities of other devices.

  • Page 126: Backup And Restore Settings

    To restore settings from a backup file: 1. Click Browse. Locate and select the previously saved backup file (by default, netgear.cfg). 2. When you have located the file, click restore.

  • Page 127: Router Upgrade

    Firmware Version will change to reflect the new version. To download a firmware version: 1. Click Check to go to the NETGEAR website, and then click on Downloads. (You can also select the Check for New Version Upon Log-in check box if you want your router to check for new firmware automatically.)

  • Page 128: Setting The Time Zone

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual To upgrade router software: 1. Select Administration > Settings Backup and Firmware Upgrade from the main menu. The Settings Backup and Firmware Upgrade screen will display. 2. In the Router Upgrade section, click Browse to locate the saved upgrade file. 3.

  • Page 129: Monitoring The Router

    • Use Default NTP Servers: If this is enabled, then the RTC (Real-Time Clock) is updated regularly by contacting a Default Netgear NTP Server on the Internet. • Use Custom NTP Servers: If you prefer to use a particular NTP server, enable this instead and enter the name or IP address of an NTP Server in the Server 1 Name/IP Address field.
  • Page 130 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual The Traffic Meter screen also provides the following information: • Internet Traffic Statistics – Displays statistics on Internet Traffic via the WAN port. If you have not enabled the Traffic Meter, these statistics are not available. •...

  • Page 131: Setting Login Failures And Attacks Notification

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-8 Setting Login Failures and Attacks Notification Figure 5-9 shows the Firewall Logs & E-mail screen that is invoked by selecting Monitoring from the main menu and selecting Firewall Logs & E-mail from the submenu. You can send a System log of firewall activities to an email address or a log of the firewall activities can be viewed, saved to a Syslog server, and then sent to an e-mail address.

  • Page 132: Monitoring Attached Devices

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual View System Logs Select the types of events to email. Select the segments to track for System Log events. Enable email alerts. Syslog Server enabled Figure 5-9 Monitoring Attached Devices The Attached Devices menu contains a table of all IP devices that the quad WAN gigabit firewall has discovered on the local network.
  • Page 133 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-10 The network database is an automatically-maintained list of all known PCs and network devices. PCs and devices become known by the following methods: • DHCP Client Requests – By default, the DHCP server in this Router is enabled, and will accept and respond to DHCP client requests from PCs and other network devices.

  • Page 134: Viewing Port Triggering Status

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Note: If the quad WAN gigabit firewall is rebooted, the table data is lost until the quad WAN gigabit firewall rediscovers the devices. Viewing Port Triggering Status You can view the status of Port Triggering by selecting Security from the main menu and Port Triggering from the submenu.

  • Page 135: Viewing Router Configuration And System Status

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Viewing Router Configuration and System Status The Router Status screen provides status and usage information. Select Monitoring from the main menu and Router Status from the submenu. The Router Status screen will display. Figure 5-12 Router and Network Management 5-23...

  • Page 136: Monitoring Wan Ports Status

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 5-3. Router Status Fields Item Description System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will change if you upgrade your router.

  • Page 137: Dhcp Log

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-13 DHCP Log You can view the DHCP log from the LAN Setup screen. Select Network Configuration from the main menu and LAN Setup from the submenu. When the LAN Setup screen displays, click the DHCP Log link.

  • Page 138: Configuring Qos (Quality Of Service)

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-14 Configuring QoS (Quality of Service) QoS refers to the capability of providing better service to selected network traffic. Bandwidth allocation or priority can be assigned for individual traffic to ensure service quality. The following table provides an explanation of the configuration parameters available for QoS.
  • Page 139 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 5-4. QoS Configuration Parameters (continued) Item Description Direction Available options include: • Upstream: control over LAN clients upstream bandwidth • Downstream: control over LAN clients downstream bandwidth • Server in LAN Upstream: control over upstream bandwidth utilization for clients on the external network accessing the server located in LAN.
  • Page 140 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table 5-4. QoS Configuration Parameters (continued) Item Description Bandwidth Sharing Two modes are available: • Share total bandwidth w/ all IP addresses: all clients share this bandwidth for the particular service. • Assign bandwidth for each IP address: this bandwidth is reserved for each client for the particular service.
  • Page 141 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 5. From the DiffServ QoS Match pull-down menu, select the class of QoS (see Table 5-4 on page 5-26 for a description of the values). 6. For the Hosts to be controlled by QoS, select either: •...
  • Page 142 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 8. Enter a maximum bandwidth reserved for this service in (as a percentage) in the Max Rate field. 9. Select the checkbox for the Bandwidth Sharing algorithm: • Share total bandwidth with all IP addresses – all IP addresses share the total bandwidth;...

  • Page 143: Maximum Bandwidth For Wan Ports

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-16 Maximum Bandwidth for WAN Ports The maximum bandwidth table lists the available bandwidth provisioned by your ISP. To enter the maximum bandwidth provided by your ISP: 1. Select Monitoring > QoS from the main menu, and then click the Maximum Bandwidth tab. The Maximum Bandwidth screen will display.

  • Page 144: Performing Diagnostics

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Figure 5-17 Performing Diagnostics You can perform diagnostics such as pinging an IP address, performing a DNS lookup, displaying the routing table, rebooting the firewall, and capturing packets. Select Monitoring > Diagnostics from the main menu.
  • Page 145 “Back” on the Windows menu bar to return to the Diagnostics screen. Perform a DNS A DNS (Domain Name Server) converts the Internet name (e.g. www.netgear.com) to Lookup an IP address. If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can do a DNS lookup to find the IP address.
  • Page 146 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 5-34 Router and Network Management v1.0, November 2007...

  • Page 147: Troubleshooting

    • Check that you are using the AC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 148: Leds Never Turn Off

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turns on for about 10 seconds and then turn off. If all the LEDs stay on, there is a fault within the firewall. If all LEDs are still on one minute after power up: •...
  • Page 149 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Make sure your PC’s IP address is on the same subnet as the firewall. If you are using the recommended addressing scheme, your PC’s address should be in the range of 192.168.1.2 to 192.168.1.254.

  • Page 150: Troubleshooting The Isp Connection

    Web Configuration Manager. To check the WAN IP address: 1. Launch your browser and select an external site such as www.netgear.com 2. Access the Main Menu of the firewall’s configuration at http://192.168.1.1 3. Under the Monitoring menu, select Router Status 4.

  • Page 151: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring Your Internet Connection” on page 2-5. If your firewall can obtain an IP address, but your PC is unable to load any Web pages from the Internet: •...

  • Page 152: Testing The Path From Your Pc To A Remote Device

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual • Wrong physical connections – Make sure the LAN port LED is on. If the LED is off, follow the instructions in “LAN or Internet Port LEDs Not On” on page 6-2. –...

  • Page 153: Restoring The Default Configuration And Password

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the firewall’s administration password to password and the IP address to 192.168.1.1. You can erase the current configuration and restore factory defaults in two ways: •...
  • Page 154 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Troubleshooting v1.0, November 2007...
  • Page 155 Appendix A Default Settings and Technical Specifications You can use the reset button located on the front of your device to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, push and hold the reset button for approximately 5 seconds (until the TEST LED blinks rapidly).
  • Page 156 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table A-1. quad WAN gigabit firewall Default Configuration Settings (continued) Feature Default Behavior Disabled Time Zone Time Zone Adjusted for Daylight Saving Disabled Time SNMP Disabled Remote Management Disabled Firewall Inbound (communications coming in from Disabled (except traffic on port 80, the http port) the Internet) Outbound (communications going out to...
  • Page 157 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Table A-2. quad WAN gigabit firewall Technical Specifications (continued) Feature Specifications Environmental Specifications Operating temperature: 0° to 50° C (32º to 122º F) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B EN 55 022 (CISPR 22), Class B...
  • Page 158 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Default Settings and Technical Specifications v1.0, November 2007...

  • Page 159: Command Line Interface Guide

    Appendix B Command Line Interface Guide This Appendix describes the command line tool available on the FR538G and contains instructions for setting up and activating the CLI engine. You can use the CLI commands as an alternative to using the web interface which can be particularly helpful when performing diagnostics. The command types covered in this appendix include: •...

  • Page 160: Common

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Common Command Description Navigate between the CLI commands. Synopsis cd<cmd> Arguments = name of CLI command which will be called help Command Description Presents detailed description and arguments for the CLI command. Synopsis help<cmd>...

  • Page 161: System

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual System admin/showConfig Command Description Show current completer system configuration Synopsis admin/showConfig admin/crashDump Command Description Code dump when system crashes. Synopsis admin/crashDump Firewall fw/mac/statusGet Command Description Show current mac. Synopsis fw/mac/statusGet fw/mac/show Command Description Show all mac Synopsis fw/mac/show...
  • Page 162 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual fw/ptrgr/show Command Description Show port trigger rules. Synopsis fw/ptrgr/show fw/ptrgr/status Command Description Show port trigger web status Synopsis fw/ptrgr/status fw/rules/attackChecks/status Command Description Show Defense Against DDoS Attack status (firewall->dos) Synopsis fw/rules/attackChecks/status fw/rules/dmzWan/inbound/show Command Description Show dmzwan inbound rules.
  • Page 163 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual fw/rules/lanDmz/inbound/show Command Description Show landmz inbound rules Synopsis fw/rules/dmzLan/inbound/show fw/rules/lanDmz/outbound/show Command Description Show landmz outbound rules Synopsis fw/rules/dmzLan/outbound/show fw/rules/lanWan/inbound/show Command Description Show firewall lanwan inbound rules Synopsis fw/rules/lanWan/inbound/show fw/rules/lanWan/outbound/show Command Description Show firewall lanwan outbound rules. Synopsis fw/rules/lanWan/outbound/show fw/sched/show...
  • Page 164 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual fw/svc/customsvcshow Command Description Show custom firewall service (security -> service), Synopsis fw/svc/customsvcshow fw/svc/defaultsvcshow Command Description Show default firewall service. Synopsis fw/svc/defaultsvcshow fw/web/keyword/show Command Description Show block site keyword. Synopsis fw/web/keyword/show fw/web/status Command Description Show block site web status.

  • Page 165: Network Configuration

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Network Configuration netConf/dmzSetup/show Command Description Display DMZ status, enabled or disabled. If DMZ is enabled, then display current configuration of the DMZ port. Synopsis netConf/dmzSetup/show netConf/lanGrps/list Command Description Display all known and discovered hosts on the LAN. Synopsis netConf/lanGrps/list netConf/lanSetup/dhcpd/show...
  • Page 166 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Returns = Both LAN and DMZ = LAN = DMZ Examples netConf/lanSetup/lanStatic/ifConf 0 192.168.1.254 mask 255.255.255.0 192.168.10.254 mask 255.255.255.0 netConf/lanSetup/lanStatic/ifConf 1 192.168.1.254 mask 255.255.255.0 netConf/lanSetup/lanStatic/ifConf 2 192.168.10.254 mask 255.255.255.0 netConf/lanSetup/lanStatic/ifDel Command Description Disable LAN interfaces, including LAN and DMZ.
  • Page 167 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Returns = Both LAN and DMZ = DMZ netConf/lanSetup/lanStatic/ipALShow Command Description Display all LAN IPs and relevant relevant id (alias). Synopsis netConf/lanSetup/lanStatic/ipALShow netConf/lanSetup/lanStatic/ipAShow Command Description Display a single LAN IP and its alias. Synopsis netConf/lanSetup/lanStatic/ipAShow <id>...
  • Page 168 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Synopsis netConf/lanSetup/lanStatic/ipADel <id> Example netConf/lanSetup/lanStatic/ipADel 2 ID can not be 0 or over the number of alias addresses total netConf/routing/rip/show Command Description Show current RIP configuration. Synopsis netConf/routing/rip/show netConf/routing/static/get Command Description Show all list entries of routes already configured in the system. Synopsis netConf/routing/static/get netConf/wan/wanMode/show...
  • Page 169 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual = WAN #3 = WAN #4 netConf/wan/wanSetup/show Command Description Show current configuration of WAN port. Synopsis netConf/wan/wanSetup/show <WANID> Arguments = WAN port number WANID Results = All = WAN #1 = WAN #2 = WAN #3 = WAN #4 netConf/wan/wanSetup/status...

  • Page 170: Diagnostic/Monitor

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual = WAN #4 Diagnostic/Monitor monitor/diag/arpDel Command Description Delete a specified entry from the arp address mapping table. Synopsis monitor/diag/arpDel -d <IP> monitor/diag/arpShow Command Description Show all arp address mapping entries. Synopsis monitor/diag/arpShow <IP> monitor/diag/nsLookup Command Description Show the IP address of a specified domain name...
  • Page 171 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Arguments = Destination IP address = Destination domain name DomainName monitor/diag/reboot Command Description Reboot the system. Synopsis monitor/diag/reboot monitor/diag/routeDisplay Command Description show IP routing table. Synopsis monitor/diag/routeDisplay monitor/diag/tcpdumpStart Command Description Capture the network packets on a specified interface. Synopsis tcpdumpStart [lan | DMZ | WAN1 | WAN2 | WAN3 | WAN4] Examples...
  • Page 172 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Synopsis tcpdumpStop monitor/diag/traceRoute Trace out the route for a particular destination IP. Synopsis traceRoute <IP | DomainName> Arguments = Destination IP address = Destination domain name DomainName monitor/firewallLogs/logger/viewLog Command Description Browses the log messages. Synopsis monitor/firewallLogs/logger/viewLog monitor/firewallLogs/logger/clearLog...
  • Page 173 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Arguments WANID = WAN port number Results = All = WAN #1 = WAN #2 = WAN #3 = WAN #4 Examples monitor/trafficMtr/show 1 monitor/trafficMtr/show 4 Command Line Interface Guide B-15 v1.0, November 2007...
  • Page 174 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual B-16 Command Line Interface Guide v1.0, November 2007...

  • Page 175: Appendix C Related Documents

    Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP ttp://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing: Wireless Communications: http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
  • Page 176 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Related Documents v1.0, November 2007...

  • Page 177: Network Planning For Quad Wan Ports

    Appendix D Network Planning for Quad WAN Ports This appendix describes the factors to consider when planning a network using a firewall that has quad WAN ports. What You Will Need to Do Before You Begin The ProSafe Quad WAN Gigabit Firewall is a powerful and versatile solution for your networking needs.
  • Page 178 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual – You can also add your own service protocols to the list (see “Services-Based Rules” on page 4-2 for information on how to do this). 3. Set up your accounts a. Have active Internet services such as that provided by cable or DSL broadband accounts and locate the Internet Service Provider (ISP) configuration information.

  • Page 179: Cabling And Computer Hardware Requirements

    FR538G, your must use a Java-enabled Web browser program that supports HTTP uploads such as Microsoft Internet Explorer or Netscape Navigator. NETGEAR recommends using Internet Explorer or Netscape Navigator 4.0 or above. Free browser programs are readily available for Windows, Macintosh, or UNIX/Linux.

  • Page 180: Internet Configuration Requirements

    • You may also refer to the FR538G Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the page below.

  • Page 181: Internet Connection Information Form

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Internet Connection Information Form Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP.

  • Page 182: Overview Of The Planning Process

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Overview of the Planning Process The areas that require planning when using a firewall that has quad WAN ports include: • Inbound traffic (for example, port forwarding, port triggering, DMZ port) The four WAN ports can be configured on a mutually-exclusive basis to either: •...

  • Page 183: The Load Balancing Case For Firewalls With Quad Wan Ports

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual The Load Balancing Case for Firewalls With Quad WAN Ports Load balancing (Figure D-3) for the quad WAN port case is similar to the single WAN port case when specifying the IP address. Each IP address is either fixed or dynamic based on the ISP: fully- qualified domain names must be used when the IP address is dynamic and are optional when the IP address is static.

  • Page 184: Inbound Traffic To Quad Wan Port Systems

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual In the single WAN case (Figure D-4), the WAN’s Internet address is either fixed IP or a fully- qualified domain name if the IP address is dynamic. Figure D-4 Inbound Traffic to Quad WAN Port Systems The IP address range of the firewall’s WAN port must be both fixed and public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.

  • Page 185: Inbound Traffic: Quad Wan Ports For Load Balancing

    ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Inbound Traffic: Quad WAN Ports for Load Balancing In the quad WAN port case for load balancing (Figure D-6), the Internet address of each WAN port is either fixed if the IP address is fixed or a fully-qualified domain name if the IP address is dynamic.
  • Page 186 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual D-10 Network Planning for Quad WAN Ports v1.0, November 2007...

  • Page 187: Index

    Index Load balancing mode 5-1 Rollover mode 5-1 access WAN side 5-1 remote management 5-10 BigPond Cable 2-4, 2-5 Add DMZ WAN Outbound Services screen 4-11 Internet connection 2-6 Add LAN DMZ Inbound Service screen 4-13 Block Sites 1-2 Add LAN DMZ Outbound Service screen 4-13 Content Filtering 4-27 reducing traffic 5-4 Add LAN WAN Inbound Service 4-10...
  • Page 188 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Customized Services adding 4-2, 4-24 about 3-12 firewall security 3-13 DMZ Port increasing traffic 5-7 Date DMZ port 1-3 setting 5-17 setting up 3-13 troubleshooting 6-7 DMZ Setup screen 3-13 Daylight Savings Time DMZ WAN Inbound Rule adjusting for 5-17 example of 4-17...
  • Page 189 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual e-mail logs FR538G8 enabling notification 4-34 features of 1-1 E-mail Server address 4-36 Enable DHCP Server 3-3 Enable DHCP server 3-1 Group Names Enable DNS Proxy 3-3 editing 3-11 Enable the DHCP Server Groups and Hosts screen 3-10, 3-11, 3-12 DMZ port 3-14 groups, managing 3-8...
  • Page 190 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Interior Gateway Protocol. See IGP. LAN DMZ Rules 4-12 Internet LAN DMZ Rules screen 4-12 configuration requirements D-4, D-5 LAN DMZ service rule configuring the connection manually 2-5 modifying 4-12 Internet connection LAN Security Checks 4-19, 4-20 configuring 2-2 LAN Setup screen 3-2, 5-26...
  • Page 191 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual format of 2-21 order of precedence 4-7 spoofing 6-5 service blocking 4-2 Maximum Failover 2-13 outbound rules 4-2 monitoring devices 5-21 Outbound Service Rule by DHCP Client Requests 5-22 modifying 4-8 by Scanning the Network 5-22 Outbound Services MTU Size 2-21 field descriptions 4-3...
  • Page 192 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual status 5-23 requirements hardware D-3 Port Triggering screen 4-32, 5-23 Reserved IP Address 3-10 ports explanation of WAN and LAN 1-6 Reserved IP address restrictions 3-10 PPP over Ethernet. See PPPoE. Reserved IP Addresses 3-12 PPPoE 1-4, 2-3, 2-5 Internet connection 2-6 Restore saved settings 5-14...
  • Page 193 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Specifying an Exposed Host example of 4-17 schedule spoof MAC address 6-5 blocking traffic 4-26 Starting IP Address Schedule 1 screen 4-26 DHCP Address Pool 3-3 secondary IP addresses Stateful Packet Inspection DHCP, use with 3-5 firewall, use with 4-1 Secondary LAN IPs...
  • Page 194 ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual traffic management 5-8 WAN side bandwidth capacity 5-1 Traffic Meter 2-9 WAN Status 2-4 traffic meter 2-4 programming 2-9 WAN1 Advanced Options 2-20 WAN2 ISP settings 2-5 WAN1 ISP Settings Traffic Meter screen manual setup 2-5 router monitoring 5-18 WAN1 ISP Settings screen 2-2...

Table of Contents