Page 1
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR SM-FR314NA-3 January 2002...
Page 2
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Typographical Conventions ... xv Special Message Formats ...xvi Technical Support ...xvi Related Publications ...xvi Chapter 1 Introduction About the Netgear Firewall/VPN Router ...1-1 Key Features ...1-2 A Powerful, True Firewall ...1-2 Virtual Private Networking (VPN) ...1-2 Content Filtering ...1-2 Configurable Ethernet Connection ...1-3 Protocol Support ...1-3...
Page 6
Account Information ...3-8 Obtaining ISP Configuration Information (Windows) ...3-8 Obtaining ISP Configuration Information (Macintosh) ...3-9 Ready for Configuration ...3-10 Chapter 4 Initial Configuration of the Firewall Router Accessing the Web Management Interface ...4-1 Chapter 5 General Configuration Status ...5-2 Network Settings ...5-3 Network Addressing Mode ...5-4...
Page 7
Restrict Web Features ...6-3 Use Filter List (Web/News/FTP/Gopher) ...6-3 Time of Day ...6-4 Bypassing the Filter ...6-5 Updating the Content Filter List ...6-5 Customizing the Filter List ...6-7 Content Filter List Category Descriptions ...6-8 Chapter 7 Network Access Rules Services ...7-2 Network Access Rules Options ...7-3 Creating a Public LAN Server (Port Forwarding) ...7-4 Notes on DMZ or Bastion Host ...7-4...
Page 8
Chapter 9 DHCP Server Configuration DHCP Server Overview ...9-1 Configuring the DHCP Server ...9-2 General Setup ...9-3 WINS ...9-4 Dynamic Ranges ...9-4 Static Entries ...9-4 Current DHCP Leases ...9-5 Chapter 10 Virtual Private Networking What is a VPN ...10-1 Accessing Network Resources from a VPN Client PC ...10-2 Linking Two Networks Together ...10-3 Initial Setup of the VPN ...10-3 Configuring a Security Association ...10-5...
Page 9
Troubleshooting the Web Management Interface ...12-3 Troubleshooting the ISP Connection ...12-3 Troubleshooting a TCP/IP Network Using a Ping Utility ...12-5 Testing the LAN Path to Your Router ...12-6 Testing the Path from Your PC to a Remote Device ...12-6 Recovering From a Lost Password ...12-7...
Page 10
Subnet Addressing ... B-5 Private IP Addresses ... B-7 Single IP Address Operation Using NAT ... B-8 MAC Addresses and Address Resolution Protocol ... B-9 Domain Name Server ... B-9 IP Configuration by DHCP ... B-10 Ethernet Cabling ... B-10 Uplink Switches and Crossover Cables ...B-11 Cable Quality ...B-11 Internet Security and Firewalls ...B-11...
Page 11
Figure 2-1. FR314 Front Panel ...2-3 Figure 2-2. FR314 Rear Panel ...2-4 Figure 4-1. Web Manager Login Window ...4-2 Figure 4-2. Setup Wizard, Password Window ...4-2 Figure 4-3. Setup Wizard, Time Zone Window ...4-3 Figure 4-4. Setup Wizard, Connecting to the Internet Window ...4-4 Figure 4-5.
Congratulations on your purchase of the NETGEAR Firewall Router. The firewall router is a complete security solution that protects your network from attacks and intrusions, filters objectionable Web content, and logs security threats. This guide describes the features of the firewall router and provides installation and configuration instructions.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest.
Page 17
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.
Internet. The FR314 and FR318 Firewall Routers allow Internet access for up to eight users. Optional upgrades may be purchased for a total of 20 users or 45 users. The FV318 VPN Router allows Internet access for up to 20 users, with an optional upgrade available for a total of 45 users.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Key Features The Netgear Firewall/VPN Router offers the following features. A Powerful, True Firewall Unlike simple Internet sharing routers, the Netgear Firewall/VPN Router is a true firewall, using stateful packet inspection to defend against hacker attacks, and lets you define rules for Internet access and content viewing.
Web sites) occurs. Configurable Ethernet Connection With its internal, 4-port (FR314) or 8-port (FR318 and FV318) 10/100 switch, the firewall router can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network.
PPPoE client so that the user does not need to manually log in for Internet access. Easy Installation and Management You can install, configure, and operate the Model FR314, FR318 or FV318 firewall router within minutes after connecting it to the network. The following features simplify installation and management tasks: •...
Page 23
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Flash EPROM for firmware upgrade • Five-year warranty, two years on power adapter • Free technical support seven days a week, twenty-four hours a day...
Page 24
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Introduction...
Registration and Warranty Card • Support Information Card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall router for repair.
(10 Mbps or 100 Mbps), you need to use a dual-speed hub or switch. The firewall router provides a 4-port (FR314) or 8-port (FR318 and FV318) switch capable of either 10 Mbps or 100 Mbps operation. Links operating at 100 Mbps must be connected with Category 5 cable.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Firewall Router’s Front Panel The front panel of the Model FR314, FR318 or FV318 firewall router LEDs. Figure 2-1. FR314 Front Panel You can use some of the LEDs to verify connections.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Firewall Router’s Rear Panel The rear panel of the FR314 is shown in number of ports and the absence of an Uplink switch. Refer to this diagram to identify the firewall router ports before attempting to make any connections.
NORMAL. If your local network consists of more hosts than LOCAL ports, you need to connect your firewall router to another hub or switch. For the FR314, this can be done using either of the following methods: Connect the FR314’s last LOCAL port to any normal port of an Ethernet hub or switch using standard Ethernet cable.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Connecting to Your Internet Access Device To connect the firewall router to the Internet (or WAN): Connect the firewall router’s INTERNET port to the 10BASE-T Ethernet port on your existing Internet access device (your cable modem or DSL modem).
Page 31
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If a LINK/ACT LED is lit, a link has been established to the connected device. If any LOCAL port is connected to a 100 Mbps device, verify that the 100 LED for that port is lit.
Page 32
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Setting Up the Hardware...
This chapter describes how to prepare your PC network to connect to the Internet through the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers and how to order broadband Internet service from an Internet service provider (ISP). Preparing Your Personal Computers for IP Networking The Netgear Firewall/VPN Router uses the Transmission Control Protocol/Internet Protocol (TCP/ IP).
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Follow the instructions provided with your operating system or networking software to install TCP/IP on your computer. Although TCP/IP is built into the Windows operating system (starting...
Page 35
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Select TCP/IP, and then click OK. If you need Client for Microsoft Networks: Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To check your PC’s TCP/IP configuration: On the Windows taskbar, click the Start button, and then click Run. The Run window opens. Type , and then click OK.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The TCP/IP Control Panel opens: From the “Connect via” box, select your Macintosh’s Ethernet interface. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Login Protocols Some ISPs require a special login protocol, such as PPP over Ethernet (PPPoE). If your ISP requires one, you need a login name and password, and you also need to select PPPoE when you configure the firewall router.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Network window opens, which displays a list of installed components. Select TCP/IP, and then click Properties. The TCP/IP Properties dialog box opens. Select the IP Address tab.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If any Name Server addresses are shown, write down the addresses. These are your ISP’s DNS addresses. If any information appears in the Search domains information box, write it down.
Initial Configuration of the Firewall Router This chapter describes how to perform the initial configuration of your Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers using the Setup Wizard, which walks you through the configuration process. The Setup Wizard should result in a working and secure configuration, but you will need to use the main menus to download the Content Filter List and set any other desired firewall rules.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 4-1. Web Manager Login Window Type in the User Name box, admin If your firewall router password was previously changed, enter the current password. If the Setup Wizard does not automatically launch when the Web Management Interface appears, select Setup Wizard from the navigation bar on the left.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Choose a password that cannot be easily guessed. First enter the old password, and then enter the new password twice. If you do not enter the new password exactly the same in both New Password boxes, the operation fails.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Next. The firewall router attempts to automatically determine your network addressing mode. If it cannot automatically determine the mode, the Connecting to the Internet window opens.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP account uses a PPP over Ethernet (PPPoE) login procedure, you are prompted to enter your account’s Login Name and Password in the PPPoE window: Figure 4-5.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP account does not dynamically assign a network address, you are prompted to enter your static (fixed) address information in the next window. Figure 4-6.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Next. The ISP Settings window opens: Figure 4-7. Setup Wizard, ISP Settings Window Enter your account’s Host Name and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Next.The final Setup Wizard window opens: Figure 4-8. Setup Wizard, Final Window Reboot your firewall router in order for the configuration to take effect, and then reboot any attached PCs.
General Configuration This chapter describes how to interpret current status information and how to configure the Model FR314, FR318 and FV318 firewall routers' network settings, which include the firewall router's IP addressing method and settings. If you need to configure the firewall’s more advanced features, see Chapter 6, “Content...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Status To view the firewall router's status information, click General from the navigation bar on the left, and then click the Status subtopic. The Status window opens as shown in...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Network Settings This section describes how to configure the firewall router's IP address information. To configure the firewall router's network settings, click General from the navigation bar on the left, and then click the Network subtopic.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Network Addressing Mode You can use the Network Addressing Mode menu to configure how the firewall router determines its network address and accesses the network. This section describes each option; for configuration...
Class C subnet mask is used, all local area network addresses should contain the same first three numbers as the firewall router’s LAN IP Address (for example, have a need to change it, NETGEAR recommends that you use the default subnet mask of 255.255.255.0...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers DNS Servers, or Domain Name Servers, resolve descriptive names of network resources (such as www.NETGEAR.com) to numeric IP addresses. One or more DNS Server addresses should be assigned by your ISP for your use.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP requires a user name and password to connect (using a PPPoE client like EnterNet or WinPOET, for example) then you may find it necessary or beneficial to set your MTU to a lower value than the standard 1500.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You can enter a number from 1 to 99 minutes. Click Update. Once the firewall router has been updated, a message confirming the update is shown at the bottom of the browser window.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Network Addressing Mode window, select NAT with Fixed Addressing. NETGEAR recommends that you leave the NETGEAR Firewall LAN IP Address field and the LAN Subnet Mask field at their default values of respectively.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers In the NETGEAR Firewall LAN IP Address box, type a unique, valid IP address from your LAN address range. The firewall router LAN IP Address is the address assigned to the firewall router's LAN port and is used for management of the firewall router.
Page 61
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For more information about NAT, DNS, DHCP, and other networking concepts, refer to Appendix B, “Networks, Routing, and Firewall Basics.” General Configuration 5-11...
Page 62
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 5-12 General Configuration...
Chapter 6 Content Filtering This chapter describes how to use the the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers’ content filtering features. With these features, you can prevent objectional content from reaching the PCs on your LAN. You can block access to Web sites by category, domain name, or keyword.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 6-1. Filter Categories Window Using the options in the Filter Categories window, you can configure content filtering and blocking in three different ways: • Restrict Web Features •...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Each category and its options are described in the sections that follow. Restrict Web Features You can restrict access to the following Web features: • ActiveX ActiveX is a programming language that embeds scripts in Web pages.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers When you register the firewall router at <http://fr3.netgear.com>, you may download a one-month subscription to Content Filter List updates. The following is a list of the Content Filter List categories: Table 6-1.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Bypassing the Filter You may allow a trusted user to bypass the content filtering and have access to sites that would otherwise be blocked by the router. This can be done by defining a user name and password in the Filter Bypass section of the Filter Categories menu.
Page 68
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To configure Content Filter List updates, click one of the following options: • Download Now Immediately downloads and installs a new Content Filter List. This process may take several minutes and requires a current subscription to Content Filter List updates.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Customizing the Filter List To customize the Content Filter List, click Filter from the navigation bar on the left, and then click the Customize subtopic. The Filter Customize window opens as shown in...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Trusted Domains To allow access to a Web site that is blocked by the Content Filter List, enter the host name, such as "www.ok-site.com", into the Trusted Domains boxes. Do not include the prefix "http:/ /".
Page 71
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Partial Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia. (Excludes all swimsuits, including thongs.) Full Nudity Pictures exposing any or all portions of the human genitalia.
Page 72
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Drugs/Drug Culture Pictures or text advocating the illegal use of drugs for entertainment. Includes substances used for other than their primary purpose to alter the individual's state of mind, such as glue sniffing. This excludes currently illegal drugs legally prescribed for medicinal purposes (for example, drugs used to treat glaucoma or cancer).
Chapter 7 Network Access Rules This chapter describes the Model FR314, FR318 or FV318 Cable/DSL Firewall Router’s Network Access Rules. Network Access Rules include inbound and outbound access policy, user authentication and remote management. Network Access Rules...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Services To configure inbound and outbound access policies by service, click Firewall from the navigation bar on the left, then Access, and then Services. The Network Access Rules window opens as...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Services window allows you to customize Network Access Rules by service. The Default rule, at the bottom of the table, encompasses all Services. Network Access Rules Options This section describes the options you can configure in the Network Access Rules window.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Creating a Public LAN Server (Port Forwarding) A Public LAN Server is a server on your LAN that is accessible to users on the Internet. Creating a Public LAN Server in the Services window is the easiest way to set up a mail server, Web server, or other public server, on your LAN.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • If users on the Internet cannot access Public LAN Servers, make sure that the Public LAN Servers are properly configured and have Internet connectivity. If you are trying to access the servers by name rather than by IP address, confirm that the DNS mx-record points to the correct IP address: the WAN IP (NAT Public) Address, if NAT is enabled.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Two numbers appear in brackets next to each service. The first number indicates the service's IP port number. The second number indicates the IP protocol type (6 for TCP, 17 for UDP, or 1 for ICMP).
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Note: If multiple entries with the same name are created, they are grouped together as a single service and may not function as expected. Disabling Logging You can disable logging of events in the Event Log.
If you have enabled stealth mode and you are having difficulties sending regular email or NETGEAR logs or alerts out through a mail server run by your ISP, you may want to enable forwarding of authentication (Identd) traffic in the Add Services menu. Follow these steps: Go to the Add Service menu.
For example, the FR314 allows Internet access for up to 8 users. If your local network contains 8 PCs and a print server, it is possible that your router will detect the print server and count it toward your node license.
Page 82
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 7-10 Network Access Rules...
Chapter 8 Logging and Alerting This chapter describes the Model FR314, FR318 or FV318 firewall router’s logging, alerting and reporting features. Viewing the Log The firewall router maintains an event log that lists potential security threats. You can view this log from the Web Management Interface or you can specify that the log is automatically sent to an e-mail address for convenience and archiving.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To view the log, click Firewall from the navigation bar at the left and then click the Log subtopic and then the View Log subtopic. The View Log window opens.
Page 85
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • TCP, UDP, or ICMP packets dropped When IP packets are blocked by the firewall router, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the PC under attack and the source of the attack are displayed. In many attacks, the source address shown is forged and does not reflect the real source of the attack.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Log Settings options are grouped as follows: • Sending the Log These options specify where logs and alerts are sent, and are described on •...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Send Log Specifies how often to send the logs: Daily, Weekly, or When Full. • Every Specifies which day of the week to send the log. Relevant when the log is sent weekly or daily.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Dropped UDP When enabled, log messages showing blocked incoming UDP packets are displayed. • Dropped ICMP When enabled, log messages showing blocked incoming ICMP packets are displayed.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 8-3. Log Reports Window In this window, you can configure how data is collected and view available reports. The Log Report options are grouped as follows: •...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers View Data You can select which report to view in the “Report to view” list box. The available reports are: • Web Site Hits Lists the URLs for the 25 most frequently accessed Web sites and the number of hits to that site during the current sample period.
Page 92
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 8-10 Logging and Alerting...
This chapter describes how to configure the Model FR314, FR318 or FV318 Cable/DSL Firewall Router’s DHCP server. DHCP Server Overview DHCP, or Dynamic Host Configuration Protocol, is a method for distributing TCP/IP settings from a centralized server to the computers on a network. The firewall router’s DHCP server distributes IP addresses, gateway addresses, DNS server addresses, and other IP configuration information to the computers on your LAN.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Configuring the DHCP Server To modify the configuration of the DHCP server, click General from the navigation bar on the left, and then click the DHCP subtopic. The DHCP Server Configuration window opens.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • WINS Setup • Dynamic Ranges • Static Entries • Current DHCP Leases All options are described in the sections that follow. General Setup The General Setup options are: •...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers WINS WINS, or Windows Internet Naming Service, is a server process for resolving Windows-based computer names to IP addresses. If a remote network contains a WINS server, your Windows PCs can gather information from that WINS server about its local hosts.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Update. When the firewall router is updated, a message confirming the update is displayed at the bottom of the window. Continue this process until you have added all the necessary static entries.
Page 98
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers DHCP Server Configuration...
Note: In order to perform the VPN function, the FR318 must be upgraded by purchasing the VPN Upgrade Option. The FV318 does not require an upgrade. The FR314 does not support VPN. What is a VPN A VPN can be thought of as a secure tunnel passing through the Internet, connecting two devices such as a PC or router, which form the two tunnel endpoints.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The tunnel endpoint device, which encodes or decodes the data, can either be a PC running VPN client software or a VPN-enabled router or server. Several software standards exist for VPN data encapsulation and encryption, such as PPTP and IPSec.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For a PC to act as a tunnel endpoint to your Netgear Firewall/VPN Router, the PC must run a VPN client program based on the IPSec protocol. Netgear recommends that you use the SafeNet Soft-PK (or SoftRemote) VPN client program, which is available from SafeNet (www.safenet-inc.com).
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 10-1. VPN Summary Window If you have an FR318 and have not purchased and installed the VPN Upgrade Option, you will see a screen directing you to purchase and install the option.
The VPN Summary window also displays a list of currently configured security associations, showing the name of the SA, The Destination Network Address and the type of SA that is configured. The two types are Peer Netgear Router (router to router) and VPN Client (client to router).
Page 104
The content of this box differs depending on whether you have selected a connection to a Peer Netgear Router or to a VPN Client PC. In either case, you are offered the choice of a faster 56-bit payload encryption or a stronger 168-bit encryption.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Shared Secret must be between 8 and 128 characters. For greater security, enter a combination of letters, numbers and symbols, such as "Aa8^Hjj@e$FF#." Letters are case sensitive.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Installing and Configuring the SafeNet VPN Client Netgear recommends and supports the SafeNet Soft-PK (or SoftRemote) Secure VPN Client for Windows, Version 5 or later. The SafeNet VPN Client can be purchased from SafeNet at www.safenet-inc.com.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Open the Security Policy Editor To launch the VPN client, click on the Windows Start button, then select Programs, then SafeNet Soft-PK (or SoftRemote), then Security Policy Editor. The Security Policy Editor window window will appear:.
Page 108
Secure. In the ID Type menu, select IP Subnet. In the Subnet field, type the NETGEAR Firewall LAN IP Address of the router to which you will be connecting. In the Mask field, type the NETGEAR Firewall LAN Subnet Mask.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Configure the Security Policy These settings do not depend on your network information. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the new connection by double clicking its name or clicking on the “+”...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Options menu at the top of the Security Policy Editor window, select Global Policy Settings. Increase the Retransmit Interval (seconds) period to 45. Check the Allow to Specify Internal Network Address checkbox and click OK.
Page 111
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers In the Network Security Policy list on the left side of the Security Policy Editor window, click on My Identity. In the Select Certificate menu, choose None.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Enter the NETGEAR Firewall's Shared Secret in the Pre-Shared Key field and click OK. Note that this field is case sensitive. Configure VPN Client Authentication Proposal These settings do not depend on your network information.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Save the VPN Client Settings From the File menu at the top of the Security Policy Editor window, select Save Changes. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router’s LAN.
Page 114
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • The remote VPN router has a public IP WAN address of 216.136.206.110. • The remote VPN router has a LAN IP address of 192.168.10.1. The Connection Monitor screen for this connection is shown below: While the connection is being established, the Connection Name field in this menu will say “SA”...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You can also monitor the progress of the connection on the log screen of the remote VPN router, as shown below: When the connection has been successfully established, the log message will say “IKE negotiation complete.
Page 116
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Refer to Windows documentation for information on using Find Computer, LMHOSTS files, and WINS servers. 10-18 Virtual Private Networking...
This chapter describes the maintenance and diagnostic tools included with the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers. These tools allow you to save and restore configuration settings, perform diagnostic tests, and upgrade your system software. Restart After making configuration changes or performing other tasks, you may need to restart the firewall router.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To configure these options, click Maintenance from the navigation bar on the left, and then click Preferences. The Preferences window opens. Figure 11-1. Preferences Window These options are described in the sections that follow.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Overview of Settings Files A settings file contains information about your firewall router’s configuration. NETGEAR highly recommends that you back up your settings file once your firewall router is up and running, and then again whenever you upgrade the firmware.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Click Yes to confirm the action. Restart the firewall router for the settings to take effect. Note: The LAN IP Address and LAN Subnet Mask, configured in the Network window in the General section, is not reset.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Updating Firmware The firewall router has flash memory and you can easily upgrade it with new firmware. You can obtain current firmware from NETGEAR’s Web site to your Management Station and then upload the firmware to the firewall router.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Uploading New Firmware Note: The Web browser used to upload new firmware into the firewall router must support HTTP uploads. NETGEAR recommends using Netscape Navigator 3.0 or above.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Upgrade Features The firewall router may be upgraded to support new or optional features, such as increasing the limit on the number of users. For information about purchasing firewall router options and upgrades, or a Content Filter List subscription, please contact NETGEAR at <http://...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The available diagnostic tools are: • DNS Name Lookup • Find Network Path • Ping • Packet Trace • Tech Support Report These reports are described in the sections that follow.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Enter the IP address of the host. Click Go. The test takes a few seconds to complete. Once completed, a message showing the results is displayed in the window.
Page 126
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From a local PC, initiate an IP session with the remote host using an IP client, such as Web, FTP, or Telnet. Do not enter a host name, such as "www.yahoo.com"; instead, type the same IP address entered in the “Trace on IP address”...
The Tech Support Report generates a detailed report of the firewall router’s configuration and status, and saves it to the local hard disk. If requested, you can then e-mail this file to NETGEAR Technical Support to help assist with a problem.
Page 128
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 11-12 System Maintenance...
• Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem. Contact NETGEAR technical support.
— If you are connecting one of the router’s LOCAL ports to a PC, use a standard straight-through Ethernet cable like the one provided with your router. — (FR314 only) If you are connecting the FR314’s LOCAL port 4 to a PC, set the NORMAL/UPLINK switch to the NORMAL position.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Troubleshooting the Web Management Interface If you are unable to access the router’s Web Management Interface from a PC on your local network, check the following: •...
Page 132
Check that an WAN IP address is shown under WAN Settings. If your router is unable to obtain an IP address from the ISP, you may need to force your cable or DSL modem to recognize your new router by performing the following procedure: Turn off power to the cable or DSL modem.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Your PC may not recognize any DNS server addresses. A DNS server is a host on the Internet that translates Internet names (such as “www”...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Testing the LAN Path to Your Router You can ping the router from your PC to verify that the LAN path to your router is set up correctly. To ping the router from a Windows PC: On the Windows taskbar, click the Start button and then click Run.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Windows run menu, type as your ISP’s DNS server. If the path is functioning correctly, replies as those described in the previous section are displayed.
Page 136
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers On the rear panel of the router, locate the small hole to the left of the Normal/Uplink button. A small pushbutton is accessible through this hole.
This appendix provides technical specifications for the Model FR314, FR318 and FV318 Cable/ DSL Firewall and VPN Routers. General Specifications Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output):...
Page 138
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Physical Specifications Dimensions: Weight: Environmental Specifications Operating temperature: Operating humidity: Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: 253 by 181 by 35 mm 9.95 by 7.1 by 1.4 in.
A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers is a small office router that routes the IP protocol over a single-user broadband connection.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. •...
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number.
Page 144
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet.
Netmask Formats 255.255.255.252 255.255.255.254 255.255.255.255 NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers IP Configuration by DHCP When an IP-based local area network is installed, each PC must be configured with an IP address. If the PCs need to access the Internet, they should also be configured with a gateway address and one or more DNS server addresses.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Uplink Switches and Crossover Cables In the wiring table, the concept of transmit and receive are from the perspective of the PC. For example, the PC transmits on pins 1 and 2. At the hub, the perspective is reversed, and the hub receives on pins 1 and 2.
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack.
Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
Page 152
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Dynamic Host DHCP. An Ethernet protocol specifying how a centralized DHCP server can Configuration assign network configuration information to multiple DHCP clients. The Protocol assigned information includes IP addresses, DNS addresses, and gateway (router) addresses.
Page 153
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers local area network LAN. A communications network serving users within a limited area, such as one floor of a building. A LAN typically connects multiple personal computers and shared network devices such as storage and printers.
Page 154
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers PPTP Point-to-Point Tunneling Protocol. A method for establishing a virtual private network (VPN) by embedding Microsoft’s network protocol into Internet packets. PSTN Public Switched Telephone Network.
Page 159
WAN gateway (router) address 5-5 WAN IP address 5-5 WAN settings 5-5 WAN/DMZ subnet mask 5-5 warranty 1-5 Web Management Interface 4-1 Web proxy 6-3 Windows, configuring for IP routing 3-2 winipcfg utility 3-4, 12-7 World Wide Web iii Index...
Need help?
Do you have a question about the FR314 and is the answer not in the manual?
Questions and answers