NETGEAR FR328S Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Firewall
  5. ProSafe FR328S
  6. Reference manual
NETGEAR FR328S Reference Manual

NETGEAR FR328S Reference Manual

Cable/dsl prosafe firewall with dial back-up
Hide thumbs Also See for FR328S:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual
FR328S Cable/DSL
ProSafe Firewall with Dial
Back-Up
Reference Manual
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
SM-FR328SNA-0
Sept 2002

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR FR328S

Summary of Contents for NETGEAR FR328S

  • Page 1 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR SM-FR328SNA-0 Sept 2002...
  • Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Read instructions for correct handling. Technical Support Refer to the Support Information Card that shipped with your FR328S Cable/DSL ProSafe Firewall with Dial Back-Up. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com.

  • Page 5: Table Of Contents

    Cable or DSL Modem Requirement ..............2-1 LAN Configuration Requirements ................2-2 Internet Configuration Requirements ...............2-2 Where Do I Get the Internet Configuration Parameters? ........2-2 Connecting the FR328S Firewall to Your LAN ..............2-4 Connecting the FR328S Firewall to the Internet .............2-8 Contents...
  • Page 6 Testing Your Internet Connection ..................2-18 Manually Configuring Your Internet Connection ............2-19 Chapter 3 Protecting Your Network Protecting Access to Your FR328S Firewall ..............3-1 Configuring Basic Firewall Services ................3-3 Blocking Keywords, Sites, and Services ..............3-3 Rules ..........................3-5 Inbound Rules (Port Forwarding) ................3-7 Inbound Rule Example: A Local Public Web Server ..........3-7...
  • Page 7 Chapter 5 Advanced Configuration Configuring Advanced Security ..................5-1 Setting Up A Default DMZ Server ................5-1 Respond to Ping on Internet WAN Port ..............5-2 Configuring LAN IP Settings ...................5-2 LAN TCP/IP Setup ....................5-2 MTU Size .........................5-3 DHCP ........................5-4 Use router as DHCP server ................5-4 Reserved IP addresses ..................5-5 Configuring Dynamic DNS ..................5-6 Using Static Routes ......................5-8...
  • Page 8 IP Addresses and the Internet ................. B-2 Netmask ........................B-4 Subnet Addressing ....................B-5 Private IP Addresses ....................B-7 Single IP Address Operation Using NAT ..............B-8 MAC Addresses and Address Resolution Protocol ..........B-9 Related Documents ....................B-10 Domain Name Server .................... B-10 IP Configuration by DHCP ..................B-11 Internet Security and Firewalls ..................B-11 What is a Firewall? ....................B-11...
  • Page 9 Obtaining ISP Configuration Information for Macintosh Computers ....C-11 Restarting the Network ....................C-12 Glossary Index Contents...
  • Page 10 Contents...
  • Page 11 List of Procedures Procedure 2-1: Record Your Internet Connection Information ........2-3 Procedure 2-2: Connecting the Firewall to Your LAN ............2-4 Procedure 2-3: Auto-Detecting Your Internet Connection Type ........2-9 Procedure 2-4: Wizard-Detected Login Account Setup ..........2-10 Procedure 2-5: Wizard-Detected Dynamic IP Account Setup ........2-11 Procedure 2-6: Wizard-Detected Fixed IP (Static) Account Setup ......2-13 Procedure 2-7: Serial Port Internet Connection Configuration ........2-14 Procedure 2-8: Manual Configuration .................2-20...

  • Page 13: Preface

    Preface About This Manual Thank your for purchasing the NETGEAR ™ FR328S Cable/DSL ProSafe Firewall with Dial Back-Up. This manual describes the features of the firewall and provides installation and configuration instructions. Audience This reference manual assumes that the reader has intermediate to advanced computer and Internet skills.

  • Page 14: Special Message Formats

    Technical Support For help with any technical issues, contact Customer Support at 1-888-NETGEAR, or visit us on the Web at www.NETGEAR.com. The NETGEAR Web site includes an extensive knowledge base, answers to frequently asked questions, and a means for submitting technical questions online.
  • Page 15 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up About This Manual...

  • Page 17: Introduction

    Dial Back-Up. About the FR328S The FR328S is a complete security solution that protects your network from attacks and intrusions. Unlike simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FR328S uses Stateful Packet Inspection for Denial of Service (DoS) attack protection and intrusion detection.

  • Page 18: Content Filtering

    Internet sites. Configurable Auto Uplink™ Ethernet Connection With its internal 8-port 10/100 switch, the FR328S can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the local LAN and the Internet WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.

  • Page 19: Easy Installation And Management

    Dynamic DNS services to register your dynamic IP address. Easy Installation and Management You can install, configure, and operate the FR328S within minutes after connecting it to the network. The following features simplify installation and management tasks: •...
  • Page 20 These functions allow you to test Internet connectivity and reboot the firewall. You can use these diagnostic functions directly from the FR328S when your are connect on the LAN or when you are connected over the Internet via the remote management function.

  • Page 21: What's In The Box

    • Support information card If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. The Firewall’s Front Panel...

  • Page 22: The Firewall's Rear Panel

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up These LEDs are green when lit, except for the TEST LED, which is amber. Table 1-1: LED Descriptions Label Activity Description POWER Power is supplied to the firewall. TEST The system is initializing.

  • Page 23: Connecting The Firewall To The Internet

    The FR328S Firewall connects to your LAN via twisted-pair Ethernet cables. Computer Requirements To use the FR328S Firewall on your network, each computer must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided with your firewall.

  • Page 24: Lan Configuration Requirements

    For Macintosh computers, open the TCP/IP or Network control panel. • You may also refer to the FR328S Resource CD for the NETGEAR Router ISP Guide which provides Internet connection infromation for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the page below according to the instructions in “Record Your Internet Connection Information”...

  • Page 25: Procedure 2-1: Record Your Internet Connection Information

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 2-1: Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP.

  • Page 26: Connecting The Fr328S Firewall To Your Lan

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Connecting the FR328S Firewall to Your LAN This section provides instructions for connecting the FR328S Cable/DSL ProSafe Firewall with Dial Back-Up to your Local Area Network (LAN). Note: The Resource CD included with your firewall contains an animated Installation Assistant to help you through this procedure.
  • Page 27 Disconnect the Ethernet cable (A) from your computer which connects to your Cable or DSL modem. DSL modem Figure 2-1: Disconnect the Cable or DSL Modem Connect the Ethernet cable (A) from your Cable or DSL modem to the FR328S’s Internet port. modem LO CA L 1 0 / 1 0 0 M 1 2 V D C O .
  • Page 28 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Connect the Ethernet cable (B) which came with the firewall from a Local port on the router to your computer. modem LO CA L 1 0 / 1 0 0 M 1 2 V D C O . 5 A...
  • Page 29 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Now that the Cable or DSL Modem, firewall, and the computer are turned on, verify the following: • When power on the firewall was first turned on, the PWR light went on, the TEST light turned on within a few seconds, and then went off after approximately 10 seconds.

  • Page 30: Connecting The Fr328S Firewall To The Internet

    Internet. There are two ways you can configure your firewall to connect to the Internet: • Let the FR328S auto-detect the type of Internet connection you have and configure it. • Manually choose which type of Internet connection you have and configure it.

  • Page 31: Procedure 2-3: Auto-Detecting Your Internet Connection Type

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 2-3: Auto-Detecting Your Internet Connection Type The Web Configuration Manager built in to the firewall contains a Setup Wizard that can automatically determine your network connection type. If your firewall has not yet been configured, the Setup Wizard shown in...

  • Page 32: Procedure 2-4: Wizard-Detected Login Account Setup

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Next, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration menu. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your firewall and the cable or DSL modem.

  • Page 33: Procedure 2-5: Wizard-Detected Dynamic Ip Account Setup

    If you enter an address here, after you finish configuring the firewall, reboot your PCs so that the settings take effect. Click on Apply to save your settings. Click on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 6, Troubleshooting”.
  • Page 34 MAC address of that PC. This feature allows your firewall to masquerade as that PC by using its MAC address. Click on Apply to save your settings. Click on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 6, Troubleshooting”.

  • Page 35: Procedure 2-6: Wizard-Detected Fixed Ip (Static) Account Setup

    PCs after configuring the firewall for these settings to take effect. Click on Apply to save the settings. Click on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 6, Troubleshooting.

  • Page 36: Configuring A Serial Port Internet Connection

    Follow the steps below to configure a serial port Internet connection on your firewall. Connect the Firewall to your ISDN or dial-up modem Turn off your Modem and connect the cable (C) from your FR328S’s serial port to the modem.
  • Page 37 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Configure the Serial Port of the Firewall. Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. If you need instructions on how to do this, please refer to Appendix C, "Preparing Your...
  • Page 38 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Choose the type of Serial Port Usage: • Auto-rollover with a wait time in minutes • Primary Internet connection Fill in the ISP Internet configuration parameters as appropriate: • For a Dial-up Account, enter the Account/User Name, Password, the Telephone number to dial, an Alternative Telephone number if available.
  • Page 39 PC, establishing a connection to your ISP, and then copying the modem string settings from the PC configuration and pasting them into the FR328S Modem Properties Initial String field. For more information on this procedure, please refer to the support area of the NETGEAR web site.

  • Page 40: Testing Your Internet Connection

    After completing the Internet connection configuration, your can test your Internet connection. Log in to the firewall, then, from the Setup Basic Settings link, click on the Test button. If the NETGEAR website does not appear within one minute, refer to Chapter 6, Troubleshooting.

  • Page 41: Manually Configuring Your Internet Connection

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. Figure 2-15: Browser-based configuration Basic Settings menu...

  • Page 42: Procedure 2-8: Manual Configuration

    A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP address of one or two DNS servers to your firewall during login. If the ISP does not transfer an address, you must obtain it from the ISP and enter it manually here.
  • Page 43 PC that is allowed by the ISP. Or, select “Use this MAC address” and enter it. Click Apply to save your settings. Click on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 6, Troubleshooting.
  • Page 44 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up 2-22 Connecting the Firewall to the Internet...

  • Page 45: Protecting Your Network

    Chapter 3 Protecting Your Network This chapter describes how to use the basic firewall features of the FR328S Cable/DSL ProSafe Firewall with Dial Back-Up to protect your network. Protecting Access to Your FR328S Firewall For security reasons, the firewall has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect.

  • Page 46: Procedure 3-1: Changing The Built-In Password

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 3-1: Changing the Built-In Password Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of , default password of , or using whatever Password and LAN...

  • Page 47: Configuring Basic Firewall Services

    Internet based content and communications services. With its content filtering feature, the FR328S Firewall prevents objectionable content from reaching your PCs. The FR328S allows you to control access to Internet content by screening for keywords within Web addresses. Key content filtering options include: •...

  • Page 48: Procedure 3-2: Block Keywords And Sites

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 3-2: Block Keywords and Sites The FR328S Firewall allows you to restrict access to Internet content based on functions such as Java or Cookies, Web addresses and Web address keywords. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User...

  • Page 49: Rules

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up • If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu or .gov) can be viewed. • Enter the keyword “.” to block all Internet browsing access. Up to 32 entries are supported in the Keyword list.
  • Page 50 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up To access the Rules configuration of the FR328S, click the Rules link on the main menu, then click Add for either an Outbound or Inbound Service. Figure 3-4. Rules menu • To edit an existing rule, select its button on the left side of the table and click Edit.

  • Page 51: Inbound Rules (Port Forwarding)

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Inbound Rules (Port Forwarding) Because the FR328S uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers.
  • Page 52 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add Services menu to add any additional services or applications that do not already appear.

  • Page 53: Inbound Rule Example: Allowing Videoconference From Restricted Addresses

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Inbound Rule Example: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown...

  • Page 54: Outbound Rules (Service Blocking)

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Outbound Rules (Service Blocking) The FR328S allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local PC based on: •...
  • Page 55 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add Services menu to add any additional services or applications that do not already appear.

  • Page 56: Order Of Precedence For Rules

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 3-8: Figure 3-8. Rules table with examples For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules at the bottom.

  • Page 57: Services

    1024 to 65535 by the authors of the application. Although the FR328S already holds a list of many service port numbers, you are not limited to these choices. Use the procedure below to create your own service definitions.

  • Page 58: Setting Times And Scheduling Firewall Services

    Setting Times and Scheduling Firewall Services The FR328S Firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. In order to localize the time for your log entries, you must select your Time Zone from the list.
  • Page 59 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Click on the Schedule link of the Security menu to display menu shown below. Figure 3-11: Schedule Services menu Select your Time Zone. This setting will be used for the blocking schedule according to your local time zone and for time-stamping log entries.

  • Page 60: Procedure 3-5: Scheduling Firewall Services

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 3-5: Scheduling Firewall Services If you enabled services blocking in the Block Services menu or Port forwarding in the Ports menu, you can set up a schedule for when blocking occurs or when access isn't restricted.

  • Page 61: Managing Your Network

    ProSafe Firewall with Dial Back-Up. Network Management Information The FR328S provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the Main Menu, under Maintenance, select Router Status to view the screen in Figure 4-1.
  • Page 62 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up The Router Status menu provides a limited amount of status and usage information. From the Main Menu of the browser interface, under Maintenance, select Router Status to view the status screen, shown in Figure 4-1.
  • Page 63 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Click on the “Show Statistics” button to display firewall usage statistics, as shown in Figure 4-2 below: Figure 4-2. Router Statistics screen This screen shows the following statistics:. Table 4-2. Router Statistics Fields...

  • Page 64: Viewing Attached Devices

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading,...

  • Page 65: Viewing, Selecting, And Saving Logged Information

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Viewing, Selecting, and Saving Logged Information The firewall will log security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites menu, the Logs page shows you when someone on your network tried to access a blocked site.

  • Page 66: Selecting What Information To Log

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Log entries are described in Table 4-5 Table 4-5: Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any.

  • Page 67: Saving Log Files On A Server

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up • Router operation (start up, get time, etc.) • Known DoS attacks and Port Scans Saving Log Files on a Server You can choose to write the logs to a PC running a syslog program. To activate this feature, check the box under Syslog and enter the IP address of the server where the log file will be written.

  • Page 68: Enabling Security Event E-Mail Notification

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-Mail subheading: • Turn e-mail notification on Check this box if you wish to receive e-mail logs and alerts from the firewall.

  • Page 69: Backing Up, Restoring, Or Erasing Your Settings

    Backing Up, Restoring, or Erasing Your Settings The configuration settings of the FR328S Firewall are stored in a configuration file in the firewall. This file can be backed up to your computer, restored, or reverted to factory default settings. The procedures below explain how to do these tasks.
  • Page 70 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up From the Maintenance heading of the Main Menu, select the Settings Backup menu as seen in Figure 4-7. Figure 4-7: Settings Backup menu Click Backup to save a copy of the current settings.

  • Page 71: Procedure 4-7: Restore A Configuration From A File

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 4-7: Restore a Configuration from a File Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of , default password of , or using whatever Password and LAN...

  • Page 72: Running Diagnostic Utilities And Rebooting The Router

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Running Diagnostic Utilities and Rebooting the Router The FR328S Firewall has a diagnostics feature. You can use the diagnostics menu to perform the following functions from the firewall: • Ping an IP Address to test connectivity to see if you can reach a remote host.

  • Page 73: Enabling Remote Management

    Select the Allow Remote Management check box. Specify what external addresses will be allowed to access the firewall’s remote management. For security, NETGEAR recommends that you restrict access to as few external IP addresses as practical. To allow access from any IP address on the Internet, select Everyone.

  • Page 74: Upgrading The Router's Firmware

    Upgrading the Router’s Firmware The software of the FR328S Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's website. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.BIN or .IMG) file before uploading it to the firewall.
  • Page 75 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up In the Router Upgrade menu, click the Browse to locate the binary (.BIN or .IMG) upgrade file. Click Upload. Note: When uploading software to the firewall, it is important not to interrupt the Web browser by closing the window, clicking a link, or loading a new page.
  • Page 76 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up 4-16 Managing Your Network...

  • Page 77: Advanced Configuration

    Chapter 5 Advanced Configuration This chapter describes how to configure the advanced features of your FR328S Cable/DSL ProSafe Firewall with Dial Back-Up. Configuring Advanced Security The FR328S Cable/DSL ProSafe Firewall with Dial Back-Up provides a variety of advanced features, such as: •...

  • Page 78: Respond To Ping On Internet Wan Port

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service that you have configured in the Ports menu.

  • Page 79: Mtu Size

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up • IP Subnet Mask This is the LAN Subnet Mask of the firewall. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router.

  • Page 80: Dhcp

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Enter a new size between 64 and 1500. Click Apply to save the new configuration. DHCP By default, the firewall will function as a DHCP (Dynamic Host Configuration Protocol) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the router's LAN.

  • Page 81: Reserved Ip Addresses

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up hort for Windows Internet Naming Service Server, determines the IP • WINS Server, s address associated with a particular Windows computer. A WINS server records and reports a list of names and IP address of Windows PCs on its local network. If you connect to a remote network that contains a WINS server, enter the server’s IP address...

  • Page 82: Configuring Dynamic Dns

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 5-1: Configure LAN TCP/IP Setup Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of , default password of , or using whatever Password and LAN...

  • Page 83: Procedure 5-2: Configure Dynamic Dns

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up The firewall contains a client that can connect to a dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with them. After you have...

  • Page 84: Using Static Routes

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Using Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You must configure static routes only for unusual cases such as multiple routers or multiple IP subnets located on your network.

  • Page 85: Procedure 5-3: Configuring Static Routes

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Procedure 5-3: Configuring Static Routes Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of , default password of , or using whatever Password and LAN...
  • Page 86 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Select Private if you want to limit access to the LAN only. The static route will not be reported in RIP. Type the Destination IP Address of the final destination. Type the IP Subnet Mask for this destination.

  • Page 87: Troubleshooting

    Chapter 6 Troubleshooting This chapter gives information about troubleshooting your FR328S Cable/DSL ProSafe Firewall with Dial Back-Up. For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to “Basic Functions“...

  • Page 88: Power Led Not On

    • Check that you are using the 12VDC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
  • Page 89 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up • Make sure that the Ethernet cable connections are secure at the firewall and at the hub or PC. • Make sure that power is turned on to the connected hub or PC.

  • Page 90: Troubleshooting The Web Configuration Interface

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Troubleshooting the Web Configuration Interface If you are unable to access the firewall’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the firewall as described in the previous section.

  • Page 91: Troubleshooting The Isp Connection

    Web Configuration Manager. To check the WAN IP address: Launch your browser and select an external site such as www.netgear.com Access the Main Menu of the firewall’s configuration at http://192.168.0.1 Under the Maintenance heading, select Router Status Check that an IP address is shown for the WAN Port If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.

  • Page 92: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. If you entered a DNS address during the firewall’s configuration, reboot your PC and verify the DNS address as described in “Verifying TCP/IP...

  • Page 93: Testing The Path From Your Pc To A Remote Device

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Pinging <IP address> with 32 bytes of data If the path is working, you see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message:...

  • Page 94: Restoring The Default Configuration And Password

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up — If your ISP assigned a host name to your PC, enter that host name as the Account Name in the Basic Settings menu. — Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many...

  • Page 95: Problems With Date And Time

    The E-Mail menu in the Content Filtering section displays the current date and time of day. The FR328S Firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is stamped with the date and time of day.
  • Page 96 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up 6-10 Troubleshooting...

  • Page 97: Technical Specifications

    Appendix A Technical Specifications This appendix provides technical specifications for the FR328S Cable/DSL ProSafe Firewall with Dial Back-Up. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz, input...
  • Page 98 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Environmental Specifications Operating temperature: 32 -140 F (0 to 40 C) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B...

  • Page 99: Networks, Routing, And Firewall Basics

    Appendix B Networks, Routing, and Firewall Basics This chapter provides an overview of IP networks, routing, and firewalls. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.

  • Page 100: What Is A Router

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall What is a Router? A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network.
  • Page 101 Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifies the host node or station on the network.

  • Page 102: Netmask

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node. They are in this range: 192.0.1.x to 223.255.254.x.

  • Page 103: Subnet Addressing

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash ( / ), as “/n.”...
  • Page 104 Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address to the network address.

  • Page 105: Private Ip Addresses

    255.255.255.248 255.255.255.252 255.255.255.254 255.255.255.255 NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.

  • Page 106: Single Ip Address Operation Using Nat

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines explained here. For more information about address assignment, refer to RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.

  • Page 107: Mac Addresses And Address Resolution Protocol

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall Private IP addresses assigned by user IP addresses assigned by ISP 192.168.0.2 192.168.0.3 192.168.0.1 172.21.15.105 Internet 192.168.0.4 192.168.0.5 7786EA Figure 6-4: Single IP Address Operation Using NAT This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection.

  • Page 108: Related Documents

    Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. Just as...

  • Page 109: Ip Configuration By Dhcp

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall IP Configuration by DHCP When an IP-based local area network is installed, each PC must be configured with an IP address. If the PCs need to access the Internet, they should also be configured with a gateway address and one or more DNS server addresses.

  • Page 110: Stateful Packet Inspection

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall Stateful Packet Inspection Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to ensure secure firewall filtering to protect your network from attacks and intrusions. Since user-level applications such as FTP and Web browsers can create complex patterns of network traffic, it is necessary for the firewall to analyze groups of network connection "states."...

  • Page 111: Uplink Switches And Crossover Cables

    Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall Table 6-1. UTP Ethernet cable wiring, straight-through Wire color Signal Brown/White Brown Uplink Switches and Crossover Cables In the wiring table, the concept of transmit and receive are from the perspective of the PC. For example, the PC transmits on pins 1 and 2.
  • Page 112 Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall B-14 Networks, Routing, and Firewall Basics...

  • Page 113: Appendix C Preparing Your Network

    Preparing Your Network This appendix describes how to prepare your network to connect to the Internet through the FR328S Cable/DSL ProSafe Firewall with Dial Back-Up and how to verify the readiness of broadband Internet service from an Internet service provider (ISP).

  • Page 114: Configuring Windows 95, 98, And Me For Tcp/Ip Networking

    “Appendix B, “Networks, Routing, and Firewall Basics.” The FR328S Firewall is shipped preconfigured as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the PCs are rebooted: • PC or workstation IP addresses—192.168.0.2 through 192.168.0.254 •...
  • Page 115 FR328S Cable/DSL ProSafe Firewall with Dial Back-Up You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.

  • Page 116: Enabling Dhcp To Automatically Configure Tcp/Ip Settings

    The simplest way to configure this information is to allow the PC to obtain the information from the internal DHCP server of the FR328S Firewall. To use DHCP with the recommended default addresses, follow these steps: Connect all PCs to the firewall, then restart the firewall and allow it to boot.

  • Page 117: Verifying Tcp/Ip Properties

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Uncheck all boxes in the LAN Internet Configuration screen and click Next. Proceed to the end of the Wizard. Verifying TCP/IP Properties After your PC is configured and has rebooted, you can check the TCP/IP configuration using the utility winipcfg.exe:...

  • Page 118: Verifying Tcp/Ip Properties

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Verify that ‘Client for Microsoft Networks’ and ‘Internet Protocol (TCP/IP)’ are present. If not, select Install and add them. Select ‘Internet Protocol (TCP/IP)’, click Properties, and verify that “Obtain an IP address automatically is selected.

  • Page 119: Macos X

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up The TCP/IP Control Panel opens: From the “Connect via” box, select your Macintosh’s Ethernet interface. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty. Close the TCP/IP Control Panel.

  • Page 120: Verifying Tcp/Ip Properties For Macintosh Computers

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Verifying TCP/IP Properties for Macintosh Computers After your Macintosh is configured and has rebooted, you can check the TCP/IP configuration by returning to the TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP.

  • Page 121: Verifying The Readiness Of Your Internet Account

    FR328S Cable/DSL ProSafe Firewall with Dial Back-Up Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.

  • Page 122: Obtaining Isp Configuration Information For Windows Computers

    As mentioned above, you may need to collect configuration information from your PC so that you can use this information when you configure the FR328S Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information.

  • Page 123: Obtaining Isp Configuration Information For Macintosh Computers

    As mentioned above, you may need to collect configuration information from your Macintosh so that you can use this information when you configure the FR328S Firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information.

  • Page 124: Restarting The Network

    Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your FR328S Firewall, you are ready to access and configure the firewall.
  • Page 125 Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
  • Page 126 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall IETF Internet Engineering Task Force. An open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. Working groups of the IETF propose standard protocols and procedures for the Internet, which are published as RFCs (Request for Comment) at www.ietf.org.
  • Page 127 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall netmask A number that explains which part of an IP address comprises the network address and which part is the host address on that network. It can be expressed in dotted-decimal notation or as a number appended to the IP address.
  • Page 128 Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Virtual Private Network. A method for securely transporting data between two private networks by using a public network such as the Internet as a connection. See wide area network. Wired Equivalent Privacy.
  • Page 129 Index DHCP 1-3, 5-4, B-11 DHCP Client ID C-7 Account Name 2-10, 2-12, 2-20 DHCP Setup field, Ethernet Setup menu 4-2 Address Resolution Protocol B-9 DMZ Server 5-1 Austria 2-20 DNS Proxy 1-3 Auto Uplink 1-2 DNS server 2-11, 2-12, 2-20, C-11 DNS, dynamic 5-6 domain C-11 backup configuration 4-9...
  • Page 130 IANA contacting B-2 IETF B-1 Web site address B-8 NAT C-9 inbound rules 3-7 NAT. See Network Address Translation installation 1-3 NETGEAR Internet account contacting 1-xiv address information C-9 netmask establishing C-9 translation table B-6 IP addresses C-10, C-11 Network Address Translation 1-2, B-8, C-9...

  • Page 131: Stateful Packet Inspection

    configuring C-1 network, troubleshooting 6-6 rear panel 1-6 TCP/IP properties remote management 5-10 verifying for Macintosh C-8 requirements verifying for Windows C-5, C-6 access device 2-1 technical support 1-xiv hardware 2-1 Telstra 2-20 reserved IP adresses 5-5 time of day 6-9 reset button, clearing config 6-8 time zone 3-15 restore factory settings 4-11...

Table of Contents