Page 1 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR SM-FR314NA-3 January 2002...
Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3: Customer Support
Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Page 5: Table Of Contents
Typographical Conventions ... xv Special Message Formats ...xvi Technical Support ...xvi Related Publications ...xvi Chapter 1 Introduction About the Netgear Firewall/VPN Router ...1-1 Key Features ...1-2 A Powerful, True Firewall ...1-2 Virtual Private Networking (VPN) ...1-2 Content Filtering ...1-2 Configurable Ethernet Connection ...1-3 Protocol Support ...1-3...
Page 6 Account Information ...3-8 Obtaining ISP Configuration Information (Windows) ...3-8 Obtaining ISP Configuration Information (Macintosh) ...3-9 Ready for Configuration ...3-10 Chapter 4 Initial Configuration of the Firewall Router Accessing the Web Management Interface ...4-1 Chapter 5 General Configuration Status ...5-2 Network Settings ...5-3 Network Addressing Mode ...5-4...
Page 7 Restrict Web Features ...6-3 Use Filter List (Web/News/FTP/Gopher) ...6-3 Time of Day ...6-4 Bypassing the Filter ...6-5 Updating the Content Filter List ...6-5 Customizing the Filter List ...6-7 Content Filter List Category Descriptions ...6-8 Chapter 7 Network Access Rules Services ...7-2 Network Access Rules Options ...7-3 Creating a Public LAN Server (Port Forwarding) ...7-4 Notes on DMZ or Bastion Host ...7-4...
Page 8 Chapter 9 DHCP Server Configuration DHCP Server Overview ...9-1 Configuring the DHCP Server ...9-2 General Setup ...9-3 WINS ...9-4 Dynamic Ranges ...9-4 Static Entries ...9-4 Current DHCP Leases ...9-5 Chapter 10 Virtual Private Networking What is a VPN ...10-1 Accessing Network Resources from a VPN Client PC ...10-2 Linking Two Networks Together ...10-3 Initial Setup of the VPN ...10-3 Configuring a Security Association ...10-5...
Page 9 Troubleshooting the Web Management Interface ...12-3 Troubleshooting the ISP Connection ...12-3 Troubleshooting a TCP/IP Network Using a Ping Utility ...12-5 Testing the LAN Path to Your Router ...12-6 Testing the Path from Your PC to a Remote Device ...12-6 Recovering From a Lost Password ...12-7...
Page 10 Subnet Addressing ... B-5 Private IP Addresses ... B-7 Single IP Address Operation Using NAT ... B-8 MAC Addresses and Address Resolution Protocol ... B-9 Domain Name Server ... B-9 IP Configuration by DHCP ... B-10 Ethernet Cabling ... B-10 Uplink Switches and Crossover Cables ...B-11 Cable Quality ...B-11 Internet Security and Firewalls ...B-11...
Page 11 Figure 2-1. FR314 Front Panel ...2-3 Figure 2-2. FR314 Rear Panel ...2-4 Figure 4-1. Web Manager Login Window ...4-2 Figure 4-2. Setup Wizard, Password Window ...4-2 Figure 4-3. Setup Wizard, Time Zone Window ...4-3 Figure 4-4. Setup Wizard, Connecting to the Internet Window ...4-4 Figure 4-5.
Page 12 Figures...
Page 13 Table 2-1. LED Descriptions ...2-3 Table 6-1. Content Filter List Categories ...6-4 Table 8-1. Content Filter List Categories ...8-3 Table B-1. Netmask Notation Translation Table for One Octet ... B-6 Table B-2. Netmask Formats ... B-6 Table B-3. UTP Ethernet cable wiring, straight-through ... B-10 Tables Tables xiii...
Page 14 Tables...
Page 15: About This Guide
Congratulations on your purchase of the NETGEAR Firewall Router. The firewall router is a complete security solution that protects your network from attacks and intrusions, filters objectionable Web content, and logs security threats. This guide describes the features of the firewall router and provides installation and configuration instructions.
Page 16: Special Message Formats
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest.
Page 17 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.
Page 19: Introduction
Internet. The FR314 and FR318 Firewall Routers allow Internet access for up to eight users. Optional upgrades may be purchased for a total of 20 users or 45 users. The FV318 VPN Router allows Internet access for up to 20 users, with an optional upgrade available for a total of 45 users.
Page 20: Key Features
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Key Features The Netgear Firewall/VPN Router offers the following features. A Powerful, True Firewall Unlike simple Internet sharing routers, the Netgear Firewall/VPN Router is a true firewall, using stateful packet inspection to defend against hacker attacks, and lets you define rules for Internet access and content viewing.
Page 21: Configurable Ethernet Connection
Web sites) occurs. Configurable Ethernet Connection With its internal, 4-port (FR314) or 8-port (FR318 and FV318) 10/100 switch, the firewall router can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network.
Page 22: Easy Installation And Management
PPPoE client so that the user does not need to manually log in for Internet access. Easy Installation and Management You can install, configure, and operate the Model FR314, FR318 or FV318 firewall router within minutes after connecting it to the network. The following features simplify installation and management tasks: •...
Page 23 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Flash EPROM for firmware upgrade • Five-year warranty, two years on power adapter • Free technical support seven days a week, twenty-four hours a day...
Page 24 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Introduction...
Page 25: Setting Up The Hardware
Registration and Warranty Card • Support Information Card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall router for repair.
Page 26: Local Network Hardware Requirements
(10 Mbps or 100 Mbps), you need to use a dual-speed hub or switch. The firewall router provides a 4-port (FR314) or 8-port (FR318 and FV318) switch capable of either 10 Mbps or 100 Mbps operation. Links operating at 100 Mbps must be connected with Category 5 cable.
Page 27: Figure 2-1. Fr314 Front Panel
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Firewall Router’s Front Panel The front panel of the Model FR314, FR318 or FV318 firewall router LEDs. Figure 2-1. FR314 Front Panel You can use some of the LEDs to verify connections.
Page 28: The Firewall Router's Rear Panel
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Firewall Router’s Rear Panel The rear panel of the FR314 is shown in number of ports and the absence of an Uplink switch. Refer to this diagram to identify the firewall router ports before attempting to make any connections.
Page 29: Connecting To Your Local Ethernet Network
NORMAL. If your local network consists of more hosts than LOCAL ports, you need to connect your firewall router to another hub or switch. For the FR314, this can be done using either of the following methods: Connect the FR314’s last LOCAL port to any normal port of an Ethernet hub or switch using standard Ethernet cable.
Page 30: Connecting To Your Internet Access Device
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Connecting to Your Internet Access Device To connect the firewall router to the Internet (or WAN): Connect the firewall router’s INTERNET port to the 10BASE-T Ethernet port on your existing Internet access device (your cable modem or DSL modem).
Page 31 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If a LINK/ACT LED is lit, a link has been established to the connected device. If any LOCAL port is connected to a 100 Mbps device, verify that the 100 LED for that port is lit.
Page 32 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Setting Up the Hardware...
Page 33: Preparing Your Network
This chapter describes how to prepare your PC network to connect to the Internet through the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers and how to order broadband Internet service from an Internet service provider (ISP). Preparing Your Personal Computers for IP Networking The Netgear Firewall/VPN Router uses the Transmission Control Protocol/Internet Protocol (TCP/ IP).
Page 34: Configuring Windows 95 Or Later For Ip Networking
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Follow the instructions provided with your operating system or networking software to install TCP/IP on your computer. Although TCP/IP is built into the Windows operating system (starting...
Page 35 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
Page 36: Configuring Tcp/Ip Properties
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Select TCP/IP, and then click OK. If you need Client for Microsoft Networks: Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK.
Page 37: Configuring The Macintosh For Ip Networking
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To check your PC’s TCP/IP configuration: On the Windows taskbar, click the Start button, and then click Run. The Run window opens. Type , and then click OK.
Page 38: Verifying Tcp/Ip Properties (Macintosh)
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The TCP/IP Control Panel opens: From the “Connect via” box, select your Macintosh’s Ethernet interface. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty.
Page 39: Your Internet Account
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...
Page 40: Login Protocols
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Login Protocols Some ISPs require a special login protocol, such as PPP over Ethernet (PPPoE). If your ISP requires one, you need a login name and password, and you also need to select PPPoE when you configure the firewall router.
Page 41: Obtaining Isp Configuration Information (Macintosh)
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Network window opens, which displays a list of installed components. Select TCP/IP, and then click Properties. The TCP/IP Properties dialog box opens. Select the IP Address tab.
Page 42: Ready For Configuration
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If any Name Server addresses are shown, write down the addresses. These are your ISP’s DNS addresses. If any information appears in the Search domains information box, write it down.
Page 43: Initial Configuration Of The Firewall Router
Initial Configuration of the Firewall Router This chapter describes how to perform the initial configuration of your Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers using the Setup Wizard, which walks you through the configuration process. The Setup Wizard should result in a working and secure configuration, but you will need to use the main menus to download the Content Filter List and set any other desired firewall rules.
Page 44: Figure 4-1. Web Manager Login Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 4-1. Web Manager Login Window Type in the User Name box, admin If your firewall router password was previously changed, enter the current password. If the Setup Wizard does not automatically launch when the Web Management Interface appears, select Setup Wizard from the navigation bar on the left.
Page 45: Figure 4-3. Setup Wizard, Time Zone Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Choose a password that cannot be easily guessed. First enter the old password, and then enter the new password twice. If you do not enter the new password exactly the same in both New Password boxes, the operation fails.
Page 46: Figure 4-4. Setup Wizard, Connecting To The Internet Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Next. The firewall router attempts to automatically determine your network addressing mode. If it cannot automatically determine the mode, the Connecting to the Internet window opens.
Page 47: Figure 4-5. Setup Wizard, Pppoe Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP account uses a PPP over Ethernet (PPPoE) login procedure, you are prompted to enter your account’s Login Name and Password in the PPPoE window: Figure 4-5.
Page 48: Figure 4-6. Setup Wizard, Static Address Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP account does not dynamically assign a network address, you are prompted to enter your static (fixed) address information in the next window. Figure 4-6.
Page 49: Figure 4-7. Setup Wizard, Isp Settings Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Next. The ISP Settings window opens: Figure 4-7. Setup Wizard, ISP Settings Window Enter your account’s Host Name and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers.
Page 50: Figure 4-8. Setup Wizard, Final Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Next.The final Setup Wizard window opens: Figure 4-8. Setup Wizard, Final Window Reboot your firewall router in order for the configuration to take effect, and then reboot any attached PCs.
Page 51: General Configuration
General Configuration This chapter describes how to interpret current status information and how to configure the Model FR314, FR318 and FV318 firewall routers' network settings, which include the firewall router's IP addressing method and settings. If you need to configure the firewall’s more advanced features, see Chapter 6, “Content...
Page 52: Status
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Status To view the firewall router's status information, click General from the navigation bar on the left, and then click the Status subtopic. The Status window opens as shown in...
Page 53: Network Settings
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Network Settings This section describes how to configure the firewall router's IP address information. To configure the firewall router's network settings, click General from the navigation bar on the left, and then click the Network subtopic.
Page 54: Network Addressing Mode
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Network Addressing Mode You can use the Network Addressing Mode menu to configure how the firewall router determines its network address and accesses the network. This section describes each option; for configuration...
Page 55: Wan Settings
Class C subnet mask is used, all local area network addresses should contain the same first three numbers as the firewall router’s LAN IP Address (for example, have a need to change it, NETGEAR recommends that you use the default subnet mask of 255.255.255.0...
Page 56: Mac Address Proxy
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers DNS Servers, or Domain Name Servers, resolve descriptive names of network resources (such as www.NETGEAR.com) to numeric IP addresses. One or more DNS Server addresses should be assigned by your ISP for your use.
Page 57: Selecting And Configuring A Network Addressing Mode
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP requires a user name and password to connect (using a PPPoE client like EnterNet or WinPOET, for example) then you may find it necessary or beneficial to set your MTU to a lower value than the standard 1500.
Page 58: Configuring For Dynamic Addressing
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You can enter a number from 1 to 99 minutes. Click Update. Once the firewall router has been updated, a message confirming the update is shown at the bottom of the browser window.
Page 59: Configuring For Nat Disabled
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Network Addressing Mode window, select NAT with Fixed Addressing. NETGEAR recommends that you leave the NETGEAR Firewall LAN IP Address field and the LAN Subnet Mask field at their default values of respectively.
Page 60: Additional Notes
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers In the NETGEAR Firewall LAN IP Address box, type a unique, valid IP address from your LAN address range. The firewall router LAN IP Address is the address assigned to the firewall router's LAN port and is used for management of the firewall router.
Page 61 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For more information about NAT, DNS, DHCP, and other networking concepts, refer to Appendix B, “Networks, Routing, and Firewall Basics.” General Configuration 5-11...
Page 62 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 5-12 General Configuration...
Page 63: Content Filtering
Chapter 6 Content Filtering This chapter describes how to use the the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers’ content filtering features. With these features, you can prevent objectional content from reaching the PCs on your LAN. You can block access to Web sites by category, domain name, or keyword.
Page 64: Figure 6-1. Filter Categories Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 6-1. Filter Categories Window Using the options in the Filter Categories window, you can configure content filtering and blocking in three different ways: • Restrict Web Features •...
Page 65: Restrict Web Features
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Each category and its options are described in the sections that follow. Restrict Web Features You can restrict access to the following Web features: • ActiveX ActiveX is a programming language that embeds scripts in Web pages.
Page 66: Time Of Day
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers When you register the firewall router at <http://fr3.netgear.com>, you may download a one-month subscription to Content Filter List updates. The following is a list of the Content Filter List categories: Table 6-1.
Page 67: Bypassing The Filter
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Bypassing the Filter You may allow a trusted user to bypass the content filtering and have access to sites that would otherwise be blocked by the router. This can be done by defining a user name and password in the Filter Bypass section of the Filter Categories menu.
Page 68 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To configure Content Filter List updates, click one of the following options: • Download Now Immediately downloads and installs a new Content Filter List. This process may take several minutes and requires a current subscription to Content Filter List updates.
Page 69: Customizing The Filter List
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Customizing the Filter List To customize the Content Filter List, click Filter from the navigation bar on the left, and then click the Customize subtopic. The Filter Customize window opens as shown in...
Page 70: Content Filter List Category Descriptions
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Trusted Domains To allow access to a Web site that is blocked by the Content Filter List, enter the host name, such as "www.ok-site.com", into the Trusted Domains boxes. Do not include the prefix "http:/ /".
Page 71 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Partial Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia. (Excludes all swimsuits, including thongs.) Full Nudity Pictures exposing any or all portions of the human genitalia.
Page 72 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Drugs/Drug Culture Pictures or text advocating the illegal use of drugs for entertainment. Includes substances used for other than their primary purpose to alter the individual's state of mind, such as glue sniffing. This excludes currently illegal drugs legally prescribed for medicinal purposes (for example, drugs used to treat glaucoma or cancer).
Page 73: Network Access Rules
Chapter 7 Network Access Rules This chapter describes the Model FR314, FR318 or FV318 Cable/DSL Firewall Router’s Network Access Rules. Network Access Rules include inbound and outbound access policy, user authentication and remote management. Network Access Rules...
Page 74: Services
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Services To configure inbound and outbound access policies by service, click Firewall from the navigation bar on the left, then Access, and then Services. The Network Access Rules window opens as...
Page 75: Network Access Rules Options
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Services window allows you to customize Network Access Rules by service. The Default rule, at the bottom of the table, encompasses all Services. Network Access Rules Options This section describes the options you can configure in the Network Access Rules window.
Page 76: Creating A Public Lan Server (Port Forwarding)
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Creating a Public LAN Server (Port Forwarding) A Public LAN Server is a server on your LAN that is accessible to users on the Internet. Creating a Public LAN Server in the Services window is the easiest way to set up a mail server, Web server, or other public server, on your LAN.
Page 77: Adding A Service
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • If users on the Internet cannot access Public LAN Servers, make sure that the Public LAN Servers are properly configured and have Internet connectivity. If you are trying to access the servers by name rather than by IP address, confirm that the DNS mx-record points to the correct IP address: the WAN IP (NAT Public) Address, if NAT is enabled.
Page 78: Adding A Known Service
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Two numbers appear in brackets next to each service. The first number indicates the service's IP port number. The second number indicates the IP protocol type (6 for TCP, 17 for UDP, or 1 for ICMP).
Page 79: Disabling Logging
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Note: If multiple entries with the same name are created, they are grouped together as a single service and may not function as expected. Disabling Logging You can disable logging of events in the Event Log.
Page 80: Node License Count
If you have enabled stealth mode and you are having difficulties sending regular email or NETGEAR logs or alerts out through a mail server run by your ISP, you may want to enable forwarding of authentication (Identd) traffic in the Add Services menu. Follow these steps: Go to the Add Service menu.
Page 81: Excluding Devices From Node License Count
For example, the FR314 allows Internet access for up to 8 users. If your local network contains 8 PCs and a print server, it is possible that your router will detect the print server and count it toward your node license.
Page 82 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 7-10 Network Access Rules...
Page 83: Logging And Alerting
Chapter 8 Logging and Alerting This chapter describes the Model FR314, FR318 or FV318 firewall router’s logging, alerting and reporting features. Viewing the Log The firewall router maintains an event log that lists potential security threats. You can view this log from the Web Management Interface or you can specify that the log is automatically sent to an e-mail address for convenience and archiving.
Page 84: Log Messages
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To view the log, click Firewall from the navigation bar at the left and then click the Log subtopic and then the View Log subtopic. The View Log window opens.
Page 85 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • TCP, UDP, or ICMP packets dropped When IP packets are blocked by the firewall router, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address.
Page 86: Log Settings
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the PC under attack and the source of the attack are displayed. In many attacks, the source address shown is forged and does not reflect the real source of the attack.
Page 87: Sending The Log
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Log Settings options are grouped as follows: • Sending the Log These options specify where logs and alerts are sent, and are described on •...
Page 88: Log And Alert Categories
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Send Log Specifies how often to send the logs: Daily, Weekly, or When Full. • Every Specifies which day of the week to send the log. Relevant when the log is sent weekly or daily.
Page 89: Alert Categories
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Dropped UDP When enabled, log messages showing blocked incoming UDP packets are displayed. • Dropped ICMP When enabled, log messages showing blocked incoming ICMP packets are displayed.
Page 90: Data Collection
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 8-3. Log Reports Window In this window, you can configure how data is collected and view available reports. The Log Report options are grouped as follows: •...
Page 91: View Data
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers View Data You can select which report to view in the “Report to view” list box. The available reports are: • Web Site Hits Lists the URLs for the 25 most frequently accessed Web sites and the number of hits to that site during the current sample period.
Page 92 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 8-10 Logging and Alerting...
Page 93: Dhcp Server Configuration
This chapter describes how to configure the Model FR314, FR318 or FV318 Cable/DSL Firewall Router’s DHCP server. DHCP Server Overview DHCP, or Dynamic Host Configuration Protocol, is a method for distributing TCP/IP settings from a centralized server to the computers on a network. The firewall router’s DHCP server distributes IP addresses, gateway addresses, DNS server addresses, and other IP configuration information to the computers on your LAN.
Page 94: Configuring The Dhcp Server
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Configuring the DHCP Server To modify the configuration of the DHCP server, click General from the navigation bar on the left, and then click the DHCP subtopic. The DHCP Server Configuration window opens.
Page 95: General Setup
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • WINS Setup • Dynamic Ranges • Static Entries • Current DHCP Leases All options are described in the sections that follow. General Setup The General Setup options are: •...
Page 96: Wins
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers WINS WINS, or Windows Internet Naming Service, is a server process for resolving Windows-based computer names to IP addresses. If a remote network contains a WINS server, your Windows PCs can gather information from that WINS server about its local hosts.
Page 97: Current Dhcp Leases
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Update. When the firewall router is updated, a message confirming the update is displayed at the bottom of the window. Continue this process until you have added all the necessary static entries.
Page 98 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers DHCP Server Configuration...
Page 99: Virtual Private Networking
Note: In order to perform the VPN function, the FR318 must be upgraded by purchasing the VPN Upgrade Option. The FV318 does not require an upgrade. The FR314 does not support VPN. What is a VPN A VPN can be thought of as a secure tunnel passing through the Internet, connecting two devices such as a PC or router, which form the two tunnel endpoints.
Page 100: Accessing Network Resources From A Vpn Client Pc
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The tunnel endpoint device, which encodes or decodes the data, can either be a PC running VPN client software or a VPN-enabled router or server. Several software standards exist for VPN data encapsulation and encryption, such as PPTP and IPSec.
Page 101: Linking Two Networks Together
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For a PC to act as a tunnel endpoint to your Netgear Firewall/VPN Router, the PC must run a VPN client program based on the IPSec protocol. Netgear recommends that you use the SafeNet Soft-PK (or SoftRemote) VPN client program, which is available from SafeNet (www.safenet-inc.com).
Page 102: Figure 10-1. Vpn Summary Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 10-1. VPN Summary Window If you have an FR318 and have not purchased and installed the VPN Upgrade Option, you will see a screen directing you to purchase and install the option.
Page 103: Configuring A Security Association
The VPN Summary window also displays a list of currently configured security associations, showing the name of the SA, The Destination Network Address and the type of SA that is configured. The two types are Peer Netgear Router (router to router) and VPN Client (client to router).
Page 104 The content of this box differs depending on whether you have selected a connection to a Peer Netgear Router or to a VPN Client PC. In either case, you are offered the choice of a faster 56-bit payload encryption or a stronger 168-bit encryption.
Page 105: Deleting A Security Association
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Shared Secret must be between 8 and 128 characters. For greater security, enter a combination of letters, numbers and symbols, such as "Aa8^Hjj@e$FF#." Letters are case sensitive.
Page 106: Installing And Configuring The Safenet Vpn Client
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Installing and Configuring the SafeNet VPN Client Netgear recommends and supports the SafeNet Soft-PK (or SoftRemote) Secure VPN Client for Windows, Version 5 or later. The SafeNet VPN Client can be purchased from SafeNet at www.safenet-inc.com.
Page 107: Open The Security Policy Editor
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Open the Security Policy Editor To launch the VPN client, click on the Windows Start button, then select Programs, then SafeNet Soft-PK (or SoftRemote), then Security Policy Editor. The Security Policy Editor window window will appear:.
Page 108 Secure. In the ID Type menu, select IP Subnet. In the Subnet field, type the NETGEAR Firewall LAN IP Address of the router to which you will be connecting. In the Mask field, type the NETGEAR Firewall LAN Subnet Mask.
Page 109: Configure The Security Policy
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Configure the Security Policy These settings do not depend on your network information. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the new connection by double clicking its name or clicking on the “+”...
Page 110: Configure The Vpn Client Identity
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Options menu at the top of the Security Policy Editor window, select Global Policy Settings. Increase the Retransmit Interval (seconds) period to 45. Check the Allow to Specify Internal Network Address checkbox and click OK.
Page 111 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers In the Network Security Policy list on the left side of the Security Policy Editor window, click on My Identity. In the Select Certificate menu, choose None.
Page 112: Configure Vpn Client Authentication Proposal
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Enter the NETGEAR Firewall's Shared Secret in the Pre-Shared Key field and click OK. Note that this field is case sensitive. Configure VPN Client Authentication Proposal These settings do not depend on your network information.
Page 113: Save The Vpn Client Settings
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Save the VPN Client Settings From the File menu at the top of the Security Policy Editor window, select Save Changes. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router’s LAN.
Page 114 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • The remote VPN router has a public IP WAN address of 216.136.206.110. • The remote VPN router has a LAN IP address of 192.168.10.1. The Connection Monitor screen for this connection is shown below: While the connection is being established, the Connection Name field in this menu will say “SA”...
Page 115: Accessing Remote Resources Across A Vpn
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You can also monitor the progress of the connection on the log screen of the remote VPN router, as shown below: When the connection has been successfully established, the log message will say “IKE negotiation complete.
Page 116 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Refer to Windows documentation for information on using Find Computer, LMHOSTS files, and WINS servers. 10-18 Virtual Private Networking...
Page 117: System Maintenance
This chapter describes the maintenance and diagnostic tools included with the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers. These tools allow you to save and restore configuration settings, perform diagnostic tests, and upgrade your system software. Restart After making configuration changes or performing other tasks, you may need to restart the firewall router.
Page 118: Figure 11-1. Preferences Window
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To configure these options, click Maintenance from the navigation bar on the left, and then click Preferences. The Preferences window opens. Figure 11-1. Preferences Window These options are described in the sections that follow.
Page 119: Overview Of Settings Files
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Overview of Settings Files A settings file contains information about your firewall router’s configuration. NETGEAR highly recommends that you back up your settings file once your firewall router is up and running, and then again whenever you upgrade the firmware.
Page 120: Launch The Setup Wizard
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Yes to confirm the action. Restart the firewall router for the settings to take effect. Note: The LAN IP Address and LAN Subnet Mask, configured in the Network window in the General section, is not reset.
Page 121: Updating Firmware
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Updating Firmware The firewall router has flash memory and you can easily upgrade it with new firmware. You can obtain current firmware from NETGEAR’s Web site to your Management Station and then upload the firmware to the firewall router.
Page 122: Uploading New Firmware
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Uploading New Firmware Note: The Web browser used to upload new firmware into the firewall router must support HTTP uploads. NETGEAR recommends using Netscape Navigator 3.0 or above.
Page 123: Upgrade Features
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Upgrade Features The firewall router may be upgraded to support new or optional features, such as increasing the limit on the number of users. For information about purchasing firewall router options and upgrades, or a Content Filter List subscription, please contact NETGEAR at <http://...
Page 124: Dns Name Lookup
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The available diagnostic tools are: • DNS Name Lookup • Find Network Path • Ping • Packet Trace • Tech Support Report These reports are described in the sections that follow.
Page 125: Ping
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Enter the IP address of the host. Click Go. The test takes a few seconds to complete. Once completed, a message showing the results is displayed in the window.
Page 126 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From a local PC, initiate an IP session with the remote host using an IP client, such as Web, FTP, or Telnet. Do not enter a host name, such as "www.yahoo.com"; instead, type the same IP address entered in the “Trace on IP address”...
Page 127: Tech Support Report
The Tech Support Report generates a detailed report of the firewall router’s configuration and status, and saves it to the local hard disk. If requested, you can then e-mail this file to NETGEAR Technical Support to help assist with a problem.
Page 128 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 11-12 System Maintenance...
Page 129: Basic Functioning
• Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem. Contact NETGEAR technical support.
Page 130: Test Led Stays On
— If you are connecting one of the router’s LOCAL ports to a PC, use a standard straight-through Ethernet cable like the one provided with your router. — (FR314 only) If you are connecting the FR314’s LOCAL port 4 to a PC, set the NORMAL/UPLINK switch to the NORMAL position.
Page 131: Troubleshooting The Web Management Interface
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Troubleshooting the Web Management Interface If you are unable to access the router’s Web Management Interface from a PC on your local network, check the following: •...
Page 132 Check that an WAN IP address is shown under WAN Settings. If your router is unable to obtain an IP address from the ISP, you may need to force your cable or DSL modem to recognize your new router by performing the following procedure: Turn off power to the cable or DSL modem.
Page 133: Troubleshooting A Tcp/Ip Network Using A Ping Utility
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Your PC may not recognize any DNS server addresses. A DNS server is a host on the Internet that translates Internet names (such as “www”...
Page 134: Testing The Lan Path To Your Router
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Testing the LAN Path to Your Router You can ping the router from your PC to verify that the LAN path to your router is set up correctly. To ping the router from a Windows PC: On the Windows taskbar, click the Start button and then click Run.
Page 135: Recovering From A Lost Password
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Windows run menu, type as your ISP’s DNS server. If the path is functioning correctly, replies as those described in the previous section are displayed.
Page 136 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers On the rear panel of the router, locate the small hole to the left of the Normal/Uplink button. A small pushbutton is accessible through this hole.
Page 137: Technical Specifications
This appendix provides technical specifications for the Model FR314, FR318 and FV318 Cable/ DSL Firewall and VPN Routers. General Specifications Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output):...
Page 138 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Physical Specifications Dimensions: Weight: Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: 253 by 181 by 35 mm 9.95 by 7.1 by 1.4 in.
Page 139: Networks, Routing, And Firewall Basics
A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network.
Page 140: Routing Information Protocol
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers is a small office router that routes the IP protocol over a single-user broadband connection.
Page 141: Figure B-1. Three Main Address Classes
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network.
Page 142: Netmask
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. •...
Page 143: Subnet Addressing
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number.
Page 144 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet.
Page 145: Private Ip Addresses
Netmask Formats 255.255.255.252 255.255.255.254 255.255.255.255 NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.
Page 146: Single Ip Address Operation Using Nat
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router.
Page 147: Mac Addresses And Address Resolution Protocol
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router.
Page 148: Ip Configuration By Dhcp
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers IP Configuration by DHCP When an IP-based local area network is installed, each PC must be configured with an IP address. If the PCs need to access the Internet, they should also be configured with a gateway address and one or more DNS server addresses.
Page 149: Uplink Switches And Crossover Cables
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Uplink Switches and Crossover Cables In the wiring table, the concept of transmit and receive are from the perspective of the PC. For example, the PC transmits on pins 1 and 2. At the hub, the perspective is reversed, and the hub receives on pins 1 and 2.
Page 150: What Is A Firewall
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack.
Page 151: Glossary
Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
Page 152 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Dynamic Host DHCP. An Ethernet protocol specifying how a centralized DHCP server can Configuration assign network configuration information to multiple DHCP clients. The Protocol assigned information includes IP addresses, DNS addresses, and gateway (router) addresses.
Page 153 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers local area network LAN. A communications network serving users within a limited area, such as one floor of a building. A LAN typically connects multiple personal computers and shared network devices such as storage and printers.
Page 154 Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers PPTP Point-to-Point Tunneling Protocol. A method for establishing a virtual private network (VPN) by embedding Microsoft’s network protocol into Internet packets. PSTN Public Switched Telephone Network.
Page 155: Index
6-8 by keyword 6-8 cookies 6-3 Java applets 6-3 Cabling B-10 Cat5 cable 2-2, 2-5, B-11 configuration automatic by DHCP 1-4 router, initial 4-1 configuring network addressing mode 5-7 connecting router 2-4 Connection Monitor 10-15 connections Index verifying 2-6...
Page 156 DNS server 3-9, 3-10, 5-5 DNS settings 5-5 domain 3-9 domain name server (DNS) B-9 domains forbidden 6-8 trusted 6-8 DoS attack B-12 dynamic NAT. See Network Address Translation email problems 7-8 Encryption Algorithm 10-6 endpoint 10-1 EPROM, for firmware upgrade 1-5 Ethernet 1-3 Ethernet cable B-10 Ethernet MAC address 5-6, 12-4...
Page 157 2-1 packet trace 11-9 password for the Configuration Manager 4-2 restoring 12-7 PC, using to configure 3-10 Peer Netgear Router 10-6 ping 11-9, 12-5 port forwarding 1-4, 7-4 locations 2-4 port forwarding behind NAT B-9 PPP over Ethernet (PPPoE) 1-4, 4-5...
Page 158 2-4 reports logging 8-7 requirements access device 2-2 browser 4-1 hardware 2-2 restarting the firewall router 11-1 restoring defaults 11-3 restrict Web features 6-3 1466 xvii, B-7 1597 xvii, B-7 1631 xvii, B-8 finding B-7 router concepts B-1...
Page 159 WAN gateway (router) address 5-5 WAN IP address 5-5 WAN settings 5-5 WAN/DMZ subnet mask 5-5 warranty 1-5 Web Management Interface 4-1 Web proxy 6-3 Windows, configuring for IP routing 3-2 winipcfg utility 3-4, 12-7 World Wide Web iii Index...

This manual is also suitable for:

Fr318 Fv318

NETGEAR FR314 Reference Manual

About this Guide

Chapter 1 Introduction

Chapter 2 Setting up the Hardware

Chapter 3 Preparing Your Network

Chapter 4 Initial Configuration of the Firewall Router

Chapter 5 General Configuration

Chapter 6 Content Filtering

Chapter 7 Network Access Rules

Chapter 8 Logging and Alerting

Chapter 9 DHCP Server Configuration

Chapter 10 Virtual Private Networking

Chapter 11 System Maintenance

Chapter 12 Troubleshooting

Appendix A Technical Specifications

Appendix B Networks, Routing, and Firewall Basics

Glossary

Index

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for NETGEAR FR314

Summary of Contents for NETGEAR FR314

This manual is also suitable for:

Table of Contents