Page 1 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Family NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR SM-FM114PNA-0 May 2002...
Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3 Firewall. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
Page 5: Table Of Contents
Typographical Conventions ... xv Special Message Formats ...xvi Technical Support ...xvi Related Publications ...xvi Chapter 1 Introduction About the NETGEAR ProSafe Firewalls ...1-1 Key Features ...1-1 A Powerful, True Firewall ...1-2 Content Filtering ...1-3 Configurable Ethernet Connection ...1-3 Protocol Support ...1-3 Easy Installation and Management ...1-4...
Page 6 Verifying Connections ...2-7 Chapter 3 Preparing Your Network Preparing Your Personal Computers for IP Networking ...3-1 Configuring Windows 95, 98, and ME for IP Networking ...3-2 Install or Verify Windows Networking Components ...3-2 Assign TCP/IP configuration by DHCP ...3-4 Selecting Internet Access Method ...3-4 Verifying TCP/IP Properties ...3-5 Configuring Windows NT or 2000 for IP Networking ...3-5 Install or Verify Windows Networking Components ...3-5...
Page 7 Security Log ...5-2 Examples of log messages ...5-4 Activation and Administration ...5-4 Dropped Packets ...5-4 Block Sites ...5-5 Rules ...5-6 Inbound Rules (Port Forwarding) ...5-8 Inbound Rule Example: A Local Public Web Server ...5-9 Inbound Rule Example: Allowing Videoconference from Restricted Addresses 5-10 Considerations for Inbound Rules: ...5-10 Outbound Rules (Service Blocking) ...
Page 8 Reboot the Router ...8-9 Chapter 9 Advanced Configuration Dynamic DNS ...9-1 LAN IP Setup ...9-3 LAN TCP/IP Setup ...9-3 MTU Size ...9-5 DHCP ...9-5 Use router as DHCP server ...9-5 Reserved IP adresses ...9-6 Static Routes ...9-6 Static Route Example ...9-8 viii Contents...
Page 9 Appendix A Technical Specifications Appendix B Networks, Routing, and Firewall Basics Basic Router Concepts ... B-1 What is a Router? ... B-1 Routing Information Protocol ... B-2 IP Addresses and the Internet ... B-2 Netmask ... B-4 Subnet Addressing ... B-5 Private IP Addresses ...
Page 10 Wireless Network Configuration ... B-12 Ad-hoc Mode (Peer-to-Peer Workgroup) ... B-12 Infrastructure Mode ... B-12 Extended Service Set Identification (ESSID) ... B-13 Authentication and WEP Encryption ... B-13 Wireless Channel Selection ... B-14 Ethernet Cabling ... B-15 Uplink Switches and Crossover Cables ... B-16 Cable Quality ...
Page 11 Figure 2-1. FR114P Front Panel ...2-3 Figure 2-2. FR114P Rear Panel ...2-4 Figure 4-1. Login window ...4-2 Figure 4-2. Browser-based configuration main menu ...4-3 Figure 4-3. Setup Wizard menu for Dynamic IP address ...4-5 Figure 4-4. Setup Wizard menu for Fixed IP address ...4-6 Figure 4-5.
Page 13 Table 5-2. Log action buttons ...5-3 Table 8-1. Menu 3.2 - System Status Fields ...8-2 Table 8-2. Router Statistics Fields ...8-3 Table B-1. Netmask Notation Translation Table for One Octet ... B-6 Table B-2. Netmask Formats ... B-6 Table B-3.
Page 15: About This Guide
Congratulations on your purchase of the NETGEAR ProSafe Firewall. A firewall is a special type of router that incorporates features for security. The NETGEAR ProSafe Firewall is a complete security solution that protects your network from attacks and intrusions. This guide describes the features of the firewall and provides installation and configuration instructions.
Page 16: Special Message Formats
Technical Support For help with any technical issues, contact Customer Support at 1-888-NETGEAR, or visit us on the Web at www.NETGEAR.com. The NETGEAR Web site includes an extensive knowledge base, answers to frequently asked questions, and a means for submitting technical questions online.
Page 17 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.
Page 19: Introduction
• FM114P Wireless Firewall with Print Server The FR114P and FM114P firewalls include a built-in print server, allowing the sharing of a printer by all PCs on your network. The FM114P firewall includes an 802.11b-compliant wireless access point, while the FR114W firewall can be upgraded to an access point by adding a NETGEAR 802.11b wireless adapter card.
Page 20: A Powerful, True Firewall
The FM114P firewall includes an 802.11b-compliant wireless access point, while the FR114W firewall can be upgraded to an access point by adding a NETGEAR 802.11b wireless adapter card. With an integrated wireless access point, the firewall provides continuous, high-speed 11 Mbps access between your wireless and Ethernet devices.
Page 21: Content Filtering
Internet sites. Configurable Ethernet Connection With its internal 4-port 10/100 switch, the NETGEAR ProSafe Firewall can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN interface is autosensing and is capable of full-duplex or half-duplex operation. An uplink switch is provided for cascading to an external Ethernet hub or switch.
Page 22: Easy Installation And Management
Dynamic DNS services to register your dynamic IP address. Easy Installation and Management You can install, configure, and operate the NETGEAR ProSafe Firewall within minutes after connecting it to the network. The following features simplify installation and management tasks: •...
Page 23: Maintenance And Support
Maintenance and Support NETGEAR offers the following features to help you maximize your use of the firewall: • Flash EPROM for firmware upgrade • Technical support seven days a week, twenty-four hours a day Introduction...
Page 24 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Introduction...
Page 25: Setting Up The Hardware
• Support information card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. Setting Up the Hardware...
Page 26: Local Network Hardware Requirements
Ethernet cables. PC Requirements To install and run the NETGEAR ProSafe Firewall over your network of PCs, each PC must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the PC will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the cable provided with your firewall.
Page 27: The Firewall's Front Panel
The Firewall’s Front Panel The front panel of the NETGEAR ProSafe Firewall contains status LEDs. The FR114P front panel is shown in Figure 2-1 Figure 2-1. FR114P Front Panel You can use some of the LEDs to verify connections. the front panel of the firewall. These LEDs are green when lit, except for the TEST LED, which is amber.
Page 28: The Firewall's Rear Panel
The Firewall’s Rear Panel The rear panel of the NETGEAR ProSafe Firewall contains port connections. The FR114P Firewall rear panel is shown in Figure 2-2. FR114P Rear Panel The rear panel contains the following features: • AC power adapter outlet •...
Page 29: Connecting To Your Internet Access Device
Your cable or DSL modem must provide a standard 10BASE-T or 100BASE-Tx Ethernet connection (not USB) for connection to your PC or network. The FR114P Firewall does not include a cable for this connection. Instead, use the Ethernet cable provided with your access device or any other standard Ethernet cable.
Page 30: Preparing Your Wireless Devices
The FR114W Wireless-Ready Firewall can be upgraded to wireless operation by purchasing and installing a NETGEAR Model MA401 802.11b Wireless PC Card. The FR114W will function normally without a wireless adapter card, but will not have wireless connectivity. To install the MA401 Wireless PC Card in your FR114W, follow these steps: Locate the wireless adapter card slot on the rear panel.
Page 31: Verifying Connections
Verifying Connections After applying power to the firewall, complete the following steps to verify the connections to it: When power is first applied, verify that the POWER LED is on. Verify that the TEST LED turns on within a few seconds. After approximately 10 seconds, verify that: The TEST LED has turned off.
Page 32 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Setting Up the Hardware...
Page 33: Preparing Your Network
This chapter describes how to prepare your PC network to connect to the Internet through the FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall and how to order broadband Internet service from an Internet service provider (ISP). . Note: If an ISP technician configured your PC during the installation of a broadband modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of your firewall.
Page 34: Configuring Windows 95, 98, And Me For Ip Networking
DHCP server during bootup. For a detailed explanation of the meaning and purpose of these configuration items, refer to The NETGEAR ProSafe Firewall is shipped preconfigured as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the PCs are rebooted: •...
Page 35 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
Page 36: Assign Tcp/Ip Configuration By Dhcp
The simplest way to configure this information is to allow the PC to obtain the information from the internal DHCP server of the NETGEAR ProSafe Firewall. To use DHCP with the recommended default addresses, follow these steps: Connect all PCs to the firewall, then restart the firewall and allow it to boot.
Page 37: Verifying Tcp/Ip Properties
From the drop-down box, select your Ethernet adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP address is between 192.168.0.2 and 192.168.0.254 •...
Page 38: Verifying Tcp/Ip Properties
A command window opens Type ipconfig /all Your IP Configuration information will be listed, and should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP address is between 192.168.0.2 and 192.168.0.254 •...
Page 39: Macos 8.6 Or 9.X
MacOS 8.6 or 9.x From the Apple menu, select Control Panels, then TCP/IP. The TCP/IP Control Panel opens: From the “Connect via” box, select your Macintosh’s Ethernet interface. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty. Close the TCP/IP Control Panel.
Page 40: Verifying Tcp/Ip Properties (Macintosh)
TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...
Page 41: Login Protocols
• An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account’s full server names may look like this:...
Page 42: Obtaining Isp Configuration Information (Windows)
As mentioned above, you may need to collect configuration information from your PC so that you can use this information when you configure the NETGEAR ProSafe Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information.
Page 43: Obtaining Isp Configuration Information (Macintosh)
As mentioned above, you may need to collect configuration information from your Macintosh so that you can use this information when you configure the NETGEAR ProSafe Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information.
Page 44: Ready For Configuration
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Ready for Configuration After configuring all of your PCs for TCP/IP networking and connecting them to the local network of your NETGEAR ProSafe Firewall, you are ready to access and configure the firewall. Proceed to the next chapter. 3-12...
Page 45: Basic Configuration
This chapter describes how to perform the basic configuration of your FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall using the Setup Wizard, which walks you through the configuration process for your Internet connection. Accessing the Web Configuration Manager In order to use the browser-based Web Configuration Manager, your PC must have a web browser program installed such as Microsoft Internet Explorer or Netscape Navigator.
Page 46: Figure 4-1. Login Window
A login window opens as shown in Figure 4-1. Login window This screen may have a different appearance in other browsers. Type in the User Name box, admin (If your firewall password was previously changed, enter the current password.) If your firewall has not yet been configured, the Setup Wizard should launch automatically. Otherwise, the main menu of the Web Configuration Manager will appear as shown in below: Figure 4-1...
Page 47: Figure 4-2. Browser-Based Configuration Main Menu
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Figure 4-2. Browser-based configuration main menu You can manually configure your firewall using this menu as described in “Manual Configuration“ on page 4-8, or you can allow the Setup Wizard to determine your configuration as described in the following chapter.
Page 48: Configuration Using The Setup Wizard
Configuration using the Setup Wizard The Web Configuration Manager contains a Setup Wizard that can automatically determine your network connection type. If the Setup Wizard does not launch automatically, click on the Setup Wizard heading in the upper left of the opening screen, shown in When the Wizard launches, allow the firewall to automatically determine your connection type by selecting Yes in the menu below and clicking Next: The Setup Wizard will now check for a connection on the Internet port.
Page 49: Configuring For Dynamic Ip Account
Configuring for Dynamic IP Account If the Setup Wizard determines that your Internet service account uses Dynamic IP assignment, you will be directed to the menu shown in Figure 4-3. Setup Wizard menu for Dynamic IP address Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers.
Page 50: Configuring For Fixed Ip Account
Router’s MAC Address: This section determines the Ethernet MAC address that will be used by the firewall on the Internet port. If your ISP allows access by only one specific PC’s Ethernet MAC address, select "Use this MAC address". The firewall will then capture and use the MAC address of the PC that you are now using.
Page 51: Configuring For An Account With Login
A DNS server is a host on the Internet that translates Internet names (such as www addresses) to numeric IP addresses. Typically your ISP transfers the IP addresses of one or two DNS servers to your firewall during login. If the ISP does not transfer an address, you must obtain it from the ISP and enter it manually here.
Page 52: Manual Configuration
Internet IP Address: If your ISP has assigned you a permanent, fixed (static) IP address for your PC, select “Use static IP address”. Enter the IP address that your ISP assigned. Also enter the netmask and the Gateway IP address. The Gateway is the ISP’s router to which your firewall will connect.
Page 53: Completing The Configuration
Click Apply, then proceed to Completing the Configuration Click on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Your firewall is now configured to provide Internet access for your network. When your firewall and PCs are configured correctly, your firewall automatically accesses the Internet when one of your LAN devices requires access.
Page 54 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall The following chapters describe how to configure the Advanced features of your firewall, and how to troubleshoot problems that may occur. 4-10 Basic Configuration...
Page 55: Security
Chapter 5 Security This chapter describes how to use the security features of your FR114P, FR114W or FM114P Cable/DSL ProSafe Firewall. The firewall provides you with selective blocking of inbound and outbound services, Web content filtering by keyword, and with security incident logging. You can configure the firewall to e-mail its log to you at specified intervals.
Page 56: Security Log
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Security Log The firewall will log security-related events such as denied incoming and outgoing service requests, hacker probes, and administrator logins. If you enable content filtering in the Block Sites menu, the Log page will also show you when someone on your network tried to access a blocked site.
Page 57 Log entries are described in Table 5-1. Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any. Action Source IP The IP address of the initiating device for this log entry.
Page 58: Examples Of Log Messages
Following are examples of log messages. In all cases, the log entry shows the timestamp as: Day, Year-Month-Date Hour:Minute:Second Activation and Administration Tue, 2002-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2002-05-21 18:53:28 - Administrator login failed - IP:192.168.0.2 Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2...
Page 59: Block Sites
Block Sites The NETGEAR ProSafe Firewall allows you to restrict access based on Web addresses and Web address keywords. Up to 255 entries are supported in the Keyword list. The Keyword Blocking menu is shown in Figure 5-2: Figure 5-2.
Page 60: Rules
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the NETGEAR ProSafe Firewall are: • Inbound: Block all access from outside except responses to requests from the LAN side.
Page 61 You may define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. You can also choose to log traffic that matches or does not match the rule you have defined.
Page 62: Inbound Rules (Port Forwarding)
Inbound Rules (Port Forwarding) Because the NETGEAR ProSafe Firewall uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. However, by defining an inbound rule you can can make a local server (for example, a web server or game server) visible and available to the Internet.
Page 63: Inbound Rule Example: A Local Public Web Server
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Inbound Rule Example: A Local Public Web Server If you host a public web server on your local network, you can define a rule to allow inbound web (HTTP) requests from any outside IP address to the IP address of your web server at any time of day.
Page 64: Inbound Rule Example: Allowing Videoconference From Restricted Addresses
Inbound Rule Example: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown Figure 5-5, CU-SeeMe connections are allowed only from a specified range of external IP addresses.
Page 65: Outbound Rules (Service Blocking)
Outbound Rules (Service Blocking) The NETGEAR ProSafe Firewall allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local PC based on: •...
Page 66: Order Of Precedence For Rules
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 5-7: Figure 5-7. Rules table with examples...
Page 67: Respond To Ping On Internet Wan Port
In some cases, one local PC can run the application properly if that PC’s IP address is entered as the Default DMZ Server.. Note: For security, NETGEAR strongly recommends that you avoid using the Default DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses much of the protection of the firewall, and is exposed to many exploits from the Internet.
Page 68: Services
1024 to 65535 by the authors of the application. Although the NETGEAR ProSafe Firewall already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall rules.
Page 69: Figure 5-9. Add Custom Service Menu
To define a new service, first you must determine which port number or range of numbers is used by the application. This information can usually be determined by contacting the publisher of the application or from user groups of newsgroups. When you have the port number information, go the the Services menu and click on the Add Custom Service button.
Page 70: Schedule
Schedule If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The firewall allows you to specify when blocking will be enforced by configuring the Schedule tab shown below: To block keywords or Internet domains based on a schedule: Select Every Day or select one or more days.
Page 71: Time Zone
Click Apply Time Zone The NETGEAR ProSafe Firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. In order to localize the time for your log entries, you must select your Time Zone from the list.
Page 72: E-Mail
E-Mail In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-Mail subheading: • Turn e-mail notification on Check this box if you wish to receive e-mail logs and alerts from the firewall. •...
Page 73 You can specify that logs are sent to you according to a schedule. Select whether you would like to receive the logs Hourly, Daily, Weekly, or When Full. Depending on your selection, you may also need to specify: – Day for sending log Relevant when the log is sent weekly or daily.
Page 74 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall 5-20 Security...
Page 75: Chapter 6 Wireless
FR114P Firewall with Print Server. The FR114W Wireless-Ready Firewall can be upgraded to wireless operation by purchasing and installing a NETGEAR Model MA401 802.11b Wireless PC Card. For instructions on upgrading the FR114W, refer to “Installing a Wireless Card in the FR114W“ on page Note: If you are configuring the firewall from a wireless PC and you change the firewall’s SSID, channel, or WEP settings, you will lose your wireless connection when...
Page 76: Wireless Settings
Enter a value of up to 32 alphanumeric characters. The same SSID must be assigned to all wireless devices in your network. The default SSID is Wireless, but NETGEAR strongly recommends that you change your network’s SSID to a different value.
Page 77: Options
Options Channel Number This field determines which operating frequency will be used. It should not be necessary to change the wireless channel unless you notice interference problems with another nearby access point. The default wireless channel is 10. WEP Status This field displays the current WEP (Wired Equivalent Privacy) setting.
Page 78: Configuring Wep (Wired Equivalent Privacy)
Configuring WEP (Wired Equivalent Privacy) From the Wireless menu, click the Configure WEP button to display the Wireless WEP menu, shown in Figure 6-2: Figure 6-2. Wireless WEP menu Authentication Type Normally this can be left at the default value of "Automatic". If that fails, select the appropriate value - "Open System"...
Page 79: Restricting Wireless Access By Mac Address
• Manual - Enter ten hexadecimal digits (any combination of 0-9, a-f, or A-F) • Automatic - Enter a word or group of printable characters in the Passphrase box and click the Generate Keys button. Default Key Select which of the four keys will be active. Be sure to click Apply to save any settings from this menu.
Page 80: Additional Notes
Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, NETGEAR strongly recommends that you make use of the security features of your wireless equipment. As a minimum security precaution, you should change the SSID setting of all devices on your network from the factory setting to a unique password.
Page 81: Print Server
This chapter describes how to install and configure the print server in your FR114P Firewall with Print Server or FM114P Wireless Firewall with Print Server. This chapter does not apply to the FR114W Wireless-Ready Firewall. Network Printing from Windows The NETGEAR ProSafe Firewall supports two methods for printing from Windows: •...
Page 82 Scroll down to the Drivers section and click on FR114P Print Server driver for Windows. When asked, select ‘Run this program from its current location’. Follow the steps to install the Print Server driver. When the installation is finished, make sure the ‘Run Print Port Setup now’ checkbox is checked, and click Finish.
Page 83: Printer Management
Installation is now complete. You can now print using this printer. To make changes later, use the Start menu to run this program. The default installation is Start -> Programs -> NETGEAR Firewall Print Server -> Add Port. Printer Management •...
Page 84: Lpd/Lpr Printing From Windows
Use Start -> Settings -> Printers to open the Printers folder, then right-click the Printer and select Properties. The Port Settings button is on either the Details or Port tab, depending on your version of Windows. An example screen is shown below: Items shown on this screen are as follows: •...
Page 85: Windows Nt 4.0 Server Configuration
Select Add Port, then select LPR Port and click New Port. In the Dialog requesting ‘Name or Address of server providing lpd’, enter the IP address of the FR114P Firewall. For Name of printer or print queue on that server, enter L1.
Page 86 Select Other Network File and Print Services, then click the Details button. Enable Print Services for Unix, then click OK. Click Next and complete the Wizard. Adding the Printer: Open your Printers folder, and start the Add Printer Wizard. When prompted, select Local Printer. Print Server...
Page 87: Client Pc Setup For Lpd/Lpr Printing
In the Select the Printer Port screen, select LPR Port, as shown below. Click Next to continue. In the Dialog requesting ‘Name or Address of server providing lpd’, enter the IP address of the FR114P Firewall. For Name of printer or print queue on that server, enter L1.
Page 88 When prompted for Network Path or Queue Name, click the Browse button, and locate the Server and Printer that your Network Administrator advised you to use. Click OK, then Next. Select the correct printer Manufacturer and Model, then click Next. Follow the prompts to complete the Wizard.
Page 89: Network Printing From The Macintosh
Network Printing from the Macintosh Macintosh computers can connect to a TCP/IP network printer using the Line Printer Remote (LPR) protocol. LPR printing can be set up on any Macintosh that has Desktop Printing installed or available. Desktop Printing is supported on MacOS versions beginning from 8.1. LaserWriter8 version 8.5.1 or higher is also required.
Page 90: Macos X Configuration
LPR printing. The NETGEAR ProSafe Firewall’s print server supports graphics mode printing. Troubleshooting the Print Server When I tried to install the Printer Driver for Peer-to-Peer printing, I received an error message and the installation was aborted.
Page 91 Open Start -> Settings -> Control Panel -> Add/Remove Programs. Look for an entry with a name like “NETGEAR ProSafe Firewall Router”, “NETGEAR Print Server”, "Print Server Driver" or "Print Server Port". Select this item, click Add/Remove, and confirm the deletion.
Page 92 Right-click the new printer and select Properties. Then select the Details tab, as shown below. Click the Add Port button. On the resulting screen, select Other, then select the NETGEAR Print Server Port as the port to add. 7-12 Print Server...
Page 93 Click OK to see the Print Port Configuration screen. Click the Browse Device button, select the firewall, and click OK. Click OK to return to the Printers folders, and right-click on the new printer. Make sure that the Work Offline option is NOT checked. The new printer should no longer be grayed out, and is ready for use.
Page 94 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall 7-14 Print Server...
Page 95: System Status
Chapter 8 Maintenance This chapter describes how to use the maintenance features of your FR114P, FR114W and FM114P Cable/DSL ProSafe Firewalls. These features can be found by clicking on the Maintenance heading in the Main Menu of the browser interface.
Page 96 This screen shows the following parameters: Table 8-1. Menu 3.2 - System Status Fields Field System Name Firmware Version WAN Port MAC Address IP Address DHCP IP Subnet Mask Domain Name Servers (DNS) LAN Port MAC Address IP Address IP Subnet Mask DHCP Description This field displays the Host Name assigned to the firewall in the Basic...
Page 97: Figure 8-2. Router Statistics Screen
Click on the “Show Statistics” button to display firewall usage statistics, as shown in below: Figure 8-2. Router Statistics screen This screen shows the following statistics:. Table 8-2. Router Statistics Fields Field Description Port The statistics for the WAN (Internet) and LAN (local) ports. For each port, the screen...
Page 98: Attached Devices
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Click on the “Show VPN Log” “Show VPN Status” buttons to display VPN connection information, as described in Chapter 6, “Virtual Private Networking.” Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network.
Page 99: Configuration File Settings Management
Click Apply to save your changes or click Cancel to keep the current period. Configuration File Settings Management The configuration settings of the FR114P Firewall are stored within the firewall in a configuration file. This file can be saved (backed up) to a user’s PC, retrieved (restored) from the user’s PC, or cleared to factory default settings.
Page 100: Restore And Backup The Configuration
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall From the Main Menu of the browser interface, under the Maintenance heading, select the Settings Backup heading to bring up the menu shown in Figure 8-5. Figure 8-5.
Page 101: Router Upgrade
Default Reset button“ on page Router Upgrade The software of the FR114P Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's website. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.BIN or .IMG) file before sending it to the firewall.
Page 102: Diagnostics
Internet name you have entered. Enter a fully qualified domain name, such as www.netgear.com, then click the Lookup button. The resulting IP address will be shown below the Lookup button. The IP addresses of your DNS servers also appear in this section.
Page 103: Display The Routing Table
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Display the Routing Table This button will open a new window showing the table of routes that the firewall will use to determine where to send packets. Your LAN and WAN subnets will be shown, along with any Static Routes that you have defined.
Page 104 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall 8-10 Maintenance...
Page 105: Advanced Configuration
Chapter 9 Advanced Configuration This chapter describes how to configure the advanced features of your FR114P, FR114W and FM114P Cable/DSL ProSafe Firewalls. These features can be found under the Advanced heading in the Main Menu of the browser interface. Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS).
Page 106: Figure 9-1. Dynamic Dns Menu
From the Main Menu of the browser interface, under Advanced, click on Dynamic DNS to view the Dynamic DNS menu shown in Figure 9-1. Dynamic DNS menu To configure Dynamic DNS: Access the website of one of the dynamic DNS service providers whose names appear in the ‘Select Service Provider’...
Page 107: Lan Ip Setup
Click Apply to save your configuration. Note: If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the dynamic DNS service will not work because private addresses will not be routed on the Internet. LAN IP Setup The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and RIP.
Page 108 • RIP Version This controls the format and the broadcasting method of the RIP packets that the router sends. (It recognizes both formats when receiving.) By default, this is set for RIP-1. — RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you have an unusual network setup.
Page 109: Mtu Size
IP, DNS server, and default gateway addresses to all computers connected to the router's LAN. The assigned default gateway address is the LAN address of the firewall. IP addresses will be assigned to the attached PCs from a pool of addresses specified in this menu.
Page 110: Reserved Ip Adresses
Click Apply to enter the reserved address into the table. Note: The reserved address will not be assigned until the next time the PC contacts the router's DHCP server. Reboot the PC or access its IP configuration and force a DHCP release and renew.
Page 111: Figure 9-3. Static Routes Summary Table
From the Main Menu of the browser interface, under Advanced, click on Static Routes to view the Static Routes menu, shown in Figure 9-3. Static Routes Summary Table To add or edit a Static Route, click the Add or Edit button to open the Edit Menu, shown in Figure 9-4.
Page 112: Static Route Example
– If the network is reached through another router on the same LAN segment as the firewall, type that router’s LAN IP address. – If the network is another IP subnet located on your physical LAN, type your firewall’s LAN IP address.
Page 113: Remote Management
Select the Allow Remote Management check box. Specify what external addresses will be allowed to access the firewall’s remote management. For security, NETGEAR recommends that you restrict access to as few external IP addresses as practical. To allow access from any IP address on the Internet, select Everyone.
Page 114 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall 9-10 Advanced Configuration...
Page 115: Troubleshooting
This chapter gives information about troubleshooting your FR114P, FR114W and FM114P Cable/ DSL ProSafe Firewalls. For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to “Basic Functioning“ on page •...
Page 116: Power Led Not On
• Check that you are using the 12VDC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
Page 117 • Make sure that the Ethernet cable connections are secure at the firewall and at the hub or PC. • Make sure that power is turned on to the connected hub or PC. • Be sure you are using the correct cable: —...
Page 118: Troubleshooting The Web Configuration Interface
Troubleshooting the Web Configuration Interface If you are unable to access the firewall’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the firewall as described in the previous section.
Page 119: Troubleshooting The Isp Connection
Web Configuration Manager. To check the WAN IP address: Launch your browser and select an external site such as www.netgear.com Access the Main Menu of the firewall’s configuration at http://192.168.0.1 Under the Maintenance heading, select Router Status Check that an IP address is shown for the WAN Port If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.
Page 120: Troubleshooting A Tcp/Ip Network Using A Ping Utility
Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manual Configuration“ on page If your firewall can obtain an IP address, but your PC is unable to load any web pages from the Internet: •...
Page 121: Testing The Path From Your Pc To A Remote Device
Pinging <IP address> with 32 bytes of data If the path is working, you see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: •...
Page 122: Restoring The Default Configuration And Password
The E-Mail menu in the Content Filtering section displays the current date and time of day. The FR114P Firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is stamped with the date and time of day.
Page 123 • Date shown is January 1, 2000 Cause: The firewall has not yet successfully reached a Network Time Server. Check that your Internet access settings are configured correctly. If you have just completed configuring the firewall, wait at least five minutes and check the date and time again. •...
Page 124 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Family 10-10 Troubleshooting...
Page 125: Technical Specifications
This appendix provides technical specifications for the FR114P, FR114W and FM114P Cable/DSL ProSafe Firewalls. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output): Physical Specifications Dimensions: Weight: Technical Specifications...
Page 126 Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions Meets requirements of: Interface Specifications Local: Internet: 0 to 40 C 90% maximum relative humidity, noncondensing FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T or 100BASE-Tx, RJ-45 Technical Specifications...
Page 127: Networks, Routing, And Firewall Basics
A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network.
Page 128: Routing Information Protocol
Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. The FR114P Firewall supports both the older RIP-1 and the newer RIP-2 protocols. Among other improvements, RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications.
Page 129: Figure B-1. Three Main Address Classes
There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class.
Page 130: Netmask
• Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. • Class E Class E addresses are for experimental use. This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network.
Page 131: Subnet Addressing
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number.
Page 132 Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet. The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet bits.
Page 133: Private Ip Addresses
Netmask Formats 255.255.255.252 255.255.255.254 255.255.255.255 NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.
Page 134: Single Ip Address Operation Using Nat
The FR114P Firewall employs an address-sharing method called Network Address Translation (NAT). This method allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your ISP.
Page 135: Mac Addresses And Address Resolution Protocol
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router. This filtering can prevent intruders from probing your system.
Page 136: Ip Configuration By Dhcp
IP addresses, along with other information (such as gateway and DNS addresses) that it may assign to the other devices on the network. The FR114P Firewall has the capacity to act as a DHCP server.
Page 137: Stateful Packet Inspection
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Stateful Packet Inspection Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to ensure secure firewall filtering to protect your network from attacks and intrusions. Since user-level applications such as FTP and Web browsers can create complex patterns of network traffic, it is necessary for the firewall to analyze groups of network connection "states".
Page 138: Wireless Networking
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Family Wireless Networking The FR114W Wireless-Ready Firewall and FM114P Wireless Firewall with Print Server conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard for wireless LANs (WLANs).
Page 139: Extended Service Set Identification (Essid
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple Access Points via a wired Ethernet backbone can further extend the wireless network coverage.
Page 140: Wireless Channel Selection
The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal characters to ease encryption key entry.
Page 141: Ethernet Cabling
Note: The available channels supported by the wireless products in various countries are different. The preferred channel separation between the channels in neighboring wireless networks is 25 MHz (5 channels). This means that you can apply up to three different channels within your wireless network.
Page 142: Uplink Switches And Crossover Cables
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Family Uplink Switches and Crossover Cables In the wiring table, the concept of transmit and receive are from the perspective of the PC. For example, the PC transmits on pins 1 and 2. At the hub, the perspective is reversed, and the hub receives on pins 1 and 2.
Page 143: Glossary
Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
Page 144 IETF Internet Engineering Task Force. An open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. Working groups of the IETF propose standard protocols and procedures for the Internet, which are published as RFCs (Request for Comment) at www.ietf.org.
Page 145 Internet. RFCs can be found at www.ietf.org. See Routing Information Protocol. router A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses. Routing Information A protocol in which routers periodically exchange information with one...
Page 146 subnet mask See netmask. Unshielded twisted pair. The cable used by 10BASE-T and 100BASE-Tx Ethernet networks. Virtual Private Network. A method for securely transporting data between two private networks by using a public network such as the Internet as a connection.
Page 147 Cat5 cable 2-2, 2-5, B-16 Channel B-14 Channel Number 6-3 configuration automatic by DHCP 1-3 backup 8-6 erasing 8-6 router, initial 4-1 connections verifying 2-7 content filtering 1-3, 5-1 conventions typography xv crossover cable 2-5, 10-3, B-16 customer support iii...
Page 148 Obtaining ISP Configuration Information 3-11 masquerading 3-9 metric 9-8 MTU 9-5 multicasting 9-4 NAT 3-9 NAT. See Network Address Translation NETGEAR contacting xvi netmask translation table B-6 Network Address Translation 1-3, 3-9, B-8 Network Time Protocol 5-17, 10-8 NTP 5-17, 10-8...
Page 149 10-8 restore factory settings 8-6 1466 xvii, B-7 1597 xvii, B-7 1631 xvii, B-8 finding B-7 RIP (Router Information Protocol) 9-4 router concepts B-1 Index Routing Information Protocol 1-3, B-2 routing table 8-9 rules inbound 5-8...
Page 150 Uplink switch B-16 USB 3-8 WEP 6-4, B-13 WEP, Keys 6-4 Wi-Fi B-12 Windows, configuring for IP routing 3-2, 3-5 winipcfg utility 3-5 WinPOET 3-9 Wired Equivalent Privacy. See WEP Wireless Ethernet B-12 World Wide Web iii Index...

This manual is also suitable for:

Fm114p Fr114w

NETGEAR FR114P Reference Manual

About this Guide

Chapter 1 Introduction

Chapter 2 Setting up the Hardware

Chapter 3 Preparing Your Network

Chapter 4 Basic Configuration

Chapter 5 Security

Chapter 6 Wireless

Chapter 7 Print Server

Chapter 8 Maintenance

Chapter 9 Advanced Configuration

Chapter 10 Troubleshooting

Appendix A

Technical Specifications

Appendix B Networks, Routing, and Firewall Basics

Glossary

Quick Links

Troubleshooting

Related Manuals for NETGEAR FR114P

Summary of Contents for NETGEAR FR114P

This manual is also suitable for:

Table of Contents