NETGEAR FWG114P v2 manual

Page 1

201-10301-02 , May 200 5 201-10301-02 May 2005 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95 054 USA Reference Manual for the ProSafe Wireless 802.1 1g Firewall/Print Server Model FWG1 14P v2[...]

Page 2

ii 201-10301-02 , May 200 5 © 2005 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR is a trademark of Netge ar , Inc. Microsoft, W indows, and W indow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered tradem arks or trad emarks of their respective holders. St atement of Conditions In th[...]

Page 3

201-10301-02 , May 200 5 iii Bestätigung des Hers tellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe W ireless 802.11 g Firewall/Print Server Mo del FWG1 14P v2 gemäß der im BMP T -AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimm ungen entstört ist. Das vor schriftsmäßige Betreiben einiger Geräte (z.B. T estsender) kann [...]

Page 4

201-10301- 02, May 2005 iv[...]

Page 5

Contents v 201-10301-02, May 2005 Content s Chapter 1 About This Manual Audience, Scope, Conventions, and Formats . ......... ................. ................ ............. ........ 1-1 How to Use This Manual ................. ................ ................ ................ ................ ............. .. 1-2 How to Print this Manual . .....[...]

Page 6

201-10301-02, May 200 5 vi Contents Connecting the FWG1 14P v2 Wireless Firewall/ Print Server ................. ................ ........ 3-4 V erify That Basic Requirements Are Met .. ...................... ............. ................ ............ 3-4 Basic Setup T roubleshooting T ips ... ................ ................ ................ ...[...]

Page 7

Contents vii 201-10301-02, May 2005 Configuring Dial-in on the Serial Port ........... ................ ................ ................ ................ .. 5-4 Basic Requirements for Dial-in .. ................... ................ ................ ................ ............ 5-5 How to Configure Dial-in .............. ................ .........[...]

Page 8

201-10301-02, May 200 5 viii Contents T roubles hooting the Print Server ..... ............. ... ............. ................ ................ ............. ... 7-12 Chapter 8 Virt ual Private Ne tworking Overview of FWG1 14P v2 Policy-Based VPN Co nfiguration .... ................ ................ ..... 8-1 Using Policies to Manage VPN Traf f ic[...]

Page 9

Contents ix 201-10301-02, May 2005 Changing the Administrator Pa ssword ..... ............. ................ ................. ................ ........ 9-9 Chapter 10 Advanced Configurat ion Using the W AN Set up Opti ons ........... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ............. ... .... ... ... 10-1 How to Configure[...]

Page 10

201-10301-02, May 200 5 x Contents Subnet Addressing ................ ............. ................ ................. ............. ................ ....... B-4 Private IP Addresses .......... ... .... ............. ... ... ... ... .... ... ... ... ............. .... ... ... ... ... .... ... ... . B-7 Single IP Address Operation Using NA T .......[...]

Page 11

Contents xi 201-10301-02, May 2005 Restarting the Network ....... ................ ................ ................ ................ ................ ......... C-12 Appendix D Firewall Log Format s Action List . ................ ............. ................ ................ ............. ................ ................ ........ ... D-1 Field L[...]

Page 12

201-10301-02, May 200 5 xii Contents Is WP A Perfect? ........... ... ............. ... ... .... ... ... ... ... .... ... ............. ... ... .... ... ... ... ... .... ..... E-16 Product Support for WP A ............. ................ ................ ................ ................ ......... E-16 Supporting a Mixtur e of WP A and WEP Wi reless[...]

Page 13

Contents xiii 201-10301-02, May 2005 Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 Configuration T emplate ... .... ... ............. ............. ................ ............. ................ ............. .... H-1 Using DDNS and Fully Qualified Domain Name s (FQDN) ....... ................ ............. . H-2 S tep-[...]

Page 14

201-10301-02, May 200 5 xiv Contents[...]

Page 15

About This Manual 1-1 201-10301-02, May 20 05 Chapter 1 About This Manual This chapter describes the intended audience, sc ope, conventions, and formats of this manual. Audience, Scope, Conventions, and Format s This reference manual assumes that the reader h as basic to interme diate computer and Internet skills. However , basic comp uter network,[...]

Page 16

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 1-2 About This Manual 201-10301-02, May 2005 How to Use This Manual The HTML version of this ma nual includes the following: • Buttons, and , for browsing forwards or backwards through the manual one pag e at a time • A button that displays the table of co[...]

Page 17

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 About This Manual 1-3 201-10301-02, May 20 05 How to Print this Manual T o print this manual you can choose one of the fo llowing several options, a ccording to your needs. • Printing a Page in the HTML V iew . Each page in the HTML version of the manu al i[...]

Page 18

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 1-4 About This Manual 201-10301-02, May 2005[...]

Page 19

Introduction 2-1 201-10301-02, May 2005 Chapter 2 Introduction This chapter describes the features of the NETG EAR ProSafe W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2. Key Features of the FWG1 14P v2 The ProSafe W ireless 802.1 1g Firewall/Print Serv er Model FWG1 14P v2, w ith a 4-port switch, connects your LAN to the Internet throu[...]

Page 20

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 2-2 Introduction 201-10301-02, May 2005 • Flash memory for firmware upgrade. • NA T off (classical routing). Full Routing on Both the Broadband and Serial Port s Y ou can install, configure, and ope rate the FWG1 14P v2 to take full advantage of a variety [...]

Page 21

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Introduction 2-3 201-10301-02, May 2005 • W ireless n etwork name broadc ast can be turned off so that only devices that have the network name (SSID) can connect. V irtual Private Networking The FWG1 14P v2 W ireless Firewall/Print Server provides a secure [...]

Page 22

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 2-4 Introduction 201-10301-02, May 2005 • Logs security incidents. The FWG1 14P v2 will log security events, such as blocked incoming traffic, port scans, attacks, and administrator logins. Y ou can conf igure the router to e-mail the log to you at specified[...]

Page 23

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Introduction 2-5 201-10301-02, May 2005 Extensive Protocol Support The FWG1 14P v2 W ireless Firewall/Print Server supports the T ransmission Control Protocol/ Internet Protocol (TCP/IP) and Ro uting Information Protocol (RIP). • The ability to enable or di[...]

Page 24

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 2-6 Introduction 201-10301-02, May 2005 Easy Inst allation and Management Y ou can install, configure, and operate the ProSaf e W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2 within minutes after connecting it to the network. The following features[...]

Page 25

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Introduction 2-7 201-10301-02, May 2005 • 54 Mbps W ireless PC Card Model WG51 1 • 54 Mbps W ireless PCI Card Model WG31 1 • 54 Mbps W ireless USB 2.0 Adapter Model WG121 • ProSafe™ Indoor 5 dBi Omni-directional Antenna Model ANT2 4O5 • ProSafe™[...]

Page 26

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 2-8 Introduction 201-10301-02, May 2005 The FWG1 14P v2 Rear Panel The rear panel of the FWG1 14P v2 W ireless Fire wall/Print Server contains the port connections listed below . T able 2-1. LED Descriptions Label Activity Description POWER On Power is supplie[...]

Page 27

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Introduction 2-9 201-10301-02, May 2005 Figure 1-2: FWG1 14P v2 Rear Panel V iewed from left to right, the rear panel contains the following features: • W ireless antenna. • DB-9 serial port for modem connection. • USB 2.0 Printer Port. • Factory Defa[...]

Page 28

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 2-10 Introduction 201-10301-02, May 2005[...]

Page 29

Connecting the FWG114P v2 to the Internet 3-1 201-10301-02, May 20 05 Chapter 3 Connecting the FWG1 14P v2 to the Internet This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. Y ou will find out how to configure your ProSafe W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2 for In te[...]

Page 30

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-2 Connecting the FWG1 14P v2 to the Internet 201-10301-02, May 2005 For the initial connection to the In ternet and configuration of your router , you will need to connect a computer to the router that is set to automatically get its TCP/IP configuration fro[...]

Page 31

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FW G 1 14 P v2 to the Internet 3-3 201-10301-02, May 20 05 Record Y our Internet Co nnection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and passwor[...]

Page 32

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-4 Connecting the FWG1 14P v2 to the Internet 201-10301-02, May 2005 Connecting the FWG1 14P v2 Wireless Firewall/Print Server This section provides instructio ns for connecting the FWG1 14P v2 W ireless Firewall/Print Server. Also, the Resour ce CD for the P[...]

Page 33

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FW G 1 14 P v2 to the Internet 3-5 201-10301-02, May 20 05 c. Securely insert the Ethernet cable from your broadban d modem into the Internet po rt ( B) on the FWG1 14P v2. Figure 3-2: Connect the broadb and modem to the router d. Securely inse[...]

Page 34

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-6 Connecting the FWG1 14P v2 to the Internet 201-10301-02, May 2005 2. R ESTART YOUR NETWORK IN THE CORRECT SEQUENCE Wa r n i n g : Failure to restart your network in the correct sequence could prevent you from connecting to the Internet. a. First, turn on t[...]

Page 35

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FW G 1 14 P v2 to the Internet 3-7 201-10301-02, May 20 05 3. L OG IN TO THE WIRELESS FIREWALL / PRINT SERVER a. From your PC, launch your Internet browser . Because you are not yet connected to the Internet, your browser will disp lay a page n[...]

Page 36

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-8 Connecting the FWG1 14P v2 to the Internet 201-10301-02, May 2005 d. After logging in to the router , y ou will see the login result page. Figure 3-7: Login Result p age[...]

Page 37

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FW G 1 14 P v2 to the Internet 3-9 201-10301-02, May 20 05 4. R UN THE S ETUP W IZARD TO CONNECT TO THE I NTERNET Figure 3-8: Se tup Wizard a. Y ou are now connec ted to the router . If you do not see the menu above, click the Setup W izard lin[...]

Page 38

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-10 Connecting the FWG114 P v2 to the Internet 201-10301-02, May 2005 Basic Setup T roubleshooting Tip s Here are some tips for correcting simple problem s that prevent with yo u from connecting to the Internet or connectin g to the wireless fi rewall/print s[...]

Page 39

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FWG114 P v2 to the Internet 3-11 201-10301-02, May 20 05 • Fixed IP address assignment Next, the Setup W izard will repo rt which connection type it h as discovered, and then display the appropriate configuration menu. If the Setu p W izard f[...]

Page 40

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-12 Connecting the FWG114 P v2 to the Internet 201-10301-02, May 2005 Note: Y ou will no longer need to launch the ISP’ s lo gin program on your computer in order to access the Internet. When you start an Internet application, your firewa ll will automatica[...]

Page 41

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FWG114 P v2 to the Internet 3-13 201-10301-02, May 20 05 Wizard-Detected Dynamic IP Account Setup If the Setup W izard determines that your Intern et service account uses Dynamic IP assignme nt, you will be directed to the menu shown in Figure [...]

Page 42

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-14 Connecting the FWG114 P v2 to the Internet 201-10301-02, May 2005 If your ISP allows access from only one specific computer ’ s Ethernet MAC address, select “Use this MAC address.” The firewall will then capture and use the MAC address of the comput[...]

Page 43

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FWG114 P v2 to the Internet 3-15 201-10301-02, May 20 05 1. Enter your assigned IP Address, Subnet Mask , and the IP Address of your ISP’ s gateway router . This information should have been provided to you by your ISP . Y ou will need the co[...]

Page 44

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-16 Connecting the FWG114 P v2 to the Internet 201-10301-02, May 2005 Figure 3-12: Serial Inter net Connection configuration menu c. Fill in the ISDN or analog ISP Internet configuration parameters as appropriate: • For a Dial-up Account, ente r the Account[...]

Page 45

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FWG114 P v2 to the Internet 3-17 201-10301-02, May 20 05 Note: Y ou can validate modem string se ttings by first connecting the modem directly to a computer , establishing a connection to yo ur ISP , and then copy ing the modem string settings [...]

Page 46

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-18 Connecting the FWG114 P v2 to the Internet 201-10301-02, May 2005 Manually Configuring Y our Internet Connection Y ou can manually configure your firewall using the menu b elow , or you can allo w the Setup W izard to determine your configuration as descr[...]

Page 47

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Connecting the FWG114 P v2 to the Internet 3-19 201-10301-02, May 20 05 How to Manually Configure th e Primary Intern et Connection Use these steps to manually configure the primary Internet connection in th e Basic Settings menu. 1. Select your Internet conn[...]

Page 48

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 3-20 Connecting the FWG114 P v2 to the Internet 201-10301-02, May 2005 7. Router ’ s MAC Address: This section determines the Ethernet MAC address that will be used by the firewall on the Internet po rt. Some ISPs will register th e Ethernet MAC address of t[...]

Page 49

Wireless Configuration 4-1 201-10301-02, May 20 05 Chapter 4 Wireless Configuration This chapter describes how to configure the wire less features of your FWG114P v2 W ireles s Firewall/Print Server. Observing Performance, Placem ent, and Range Guidelines In planning your wire less network, you sh ou ld consider the level of se curity required. Y o[...]

Page 50

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-2 Wireless Configuration 201-10301-02, May 2005 Implementing Appropriate Wireless Security Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapte r . For this reason, us[...]

Page 51

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4-3 201-10301-02, May 20 05 • WP A/WP A2 with Radius or WP A/WP A2-PSK. W i-Fi Protected Access (WP A and WP A2) data encryption provides data security . The very strong authentication along with dynamic per frame rekeying of WP A and[...]

Page 52

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-4 Wireless Configuration 201-10301-02, May 2005 • Wir eless Ne twork. The station name of the FWG1 14P v2. — Wir eless Network Name (SSID). The SSID is also kn own as the wireless network name. Enter a value of up to 32 alphanumeric characters. In a se t[...]

Page 53

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4-5 201-10301-02, May 20 05 T o restrict access based on MAC addresses, c lick the Set up Access List button and update the MAC access control list . • Security Options – Disable : No data encryption is used. – WEP (Wir ed Equival[...]

Page 54

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-6 Wireless Configuration 201-10301-02, May 2005 Default Factory Settings The FWG1 14P v2 default factory settings shown be low . Y ou can restore these defaults with the Factory Default Restore button on the re ar panel as seen in the illustration “FWG1 14[...]

Page 55

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4-7 201-10301-02, May 20 05 Before Y ou Change the SSID and WEP Settings T ake the following steps: For a new wireless network, print or copy this form and fill in the configuration parameters. For an existing wireless network, the pers[...]

Page 56

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-8 Wireless Configuration 201-10301-02, May 2005 How to Set Up and T est B asic Wireless Connectivity Follow the instructions below to set up and te st basic wireless conne ctivity . Once you have established basic wireless connectivity , you can enable secur[...]

Page 57

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4-9 201-10301-02, May 20 05 7. Click Apply to save your changes. 8. Configure and test your PCs for wireless connectivity . Program the wireless adapter of your PCs to ha ve the same SSID that you configured in the FWG1 14P v2. Check th[...]

Page 58

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-10 Wireless Configur ation 201-10301-02, May 2005 4. Click Add to open the W ireless Card Access Setup menu. Y ou can select a de vice from the list of available wireless cards the FWG114P v2 has discovered in your area, or you can manually enter the MAC add[...]

Page 59

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4 -11 201-10301-02, May 20 05 2. Click W ireless Settings in the main menu of the F WG1 14P v2. Figure 4-5: Wire le ss Settings menu (WEP) 3. Select WEP on the pulldown menu. The WEP options menu will open. 4. Choose the Authentication [...]

Page 60

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-12 Wireless Configur ation 201-10301-02, May 2005 – WEP Keys : If using WEP , you can manually or automatically progra m the four data encryption keys. These values must be identi cal on all PCs and A ccess Points in your network. • Automatic Key Generat[...]

Page 61

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4 -13 201-10301-02, May 20 05 2. Click W ireless Settings in the main menu of the F WG1 14P v2. Figure 4-6: Wire le ss Settings menu (WP A with Radius) 3. Select WP A with Radius on the pulldown menu. The WP A with Radius menu will open[...]

Page 62

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-14 Wireless Configur ation 201-10301-02, May 2005 • Radius Port : Enter the port number used for conn ecting to the Radius S erver . • Shar ed Key : Enter the desired value for the Shared Key . This must match the value used on the Radius server . • Ra[...]

Page 63

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4 -15 201-10301-02, May 20 05 2. Click W ireless Settings in the main menu of the F WG1 14P v2. Figure 4-7: Wirele ss Settings menu (WP A2 with Radius) 3. Select WP A2 with Radius on the pulldown menu. The WP A2 with Radius menu will op[...]

Page 64

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-16 Wireless Configur ation 201-10301-02, May 2005 • Secondary Radius Server Name/IP Addr ess : This field is optional. If you have a Secondary Radius Server on yo ur LAN, enter its name or IP address here. • Radius Port : Enter the port number used for c[...]

Page 65

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4 -17 201-10301-02, May 20 05 2. Click W ireless Settings in the main menu of the F WG1 14P v2. Figure 4-8: Wirele ss Settings menu (WP A and WP A2 with Radius) 3. Select WP A and WP A2 with Radius on the pulldown menu. The WP A and WP [...]

Page 66

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-18 Wireless Configur ation 201-10301-02, May 2005 • Secondary Radius Server Name/IP Addr ess : This field is optional. If you have a Secondary Radius Server on yo ur LAN, enter its name or IP address here. • Radius Port : Enter the port number used for c[...]

Page 67

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4 -19 201-10301-02, May 20 05 2. Click W ireless Settings in the main menu of the F WG1 14P v2. Figure 4-9: Wire less Settings menu (WP A-PSK) 3. Select WP A-PSK on the pulldown menu. The WP A-PSK menu will open. 4. Select the desired E[...]

Page 68

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-20 Wireless Configur ation 201-10301-02, May 2005 How to Configure WP A2-PSK Note : Not all wireless adapters support WP A2. Furthermore, client software is required on the client. W indows XP and W indows 2000 with Servi ce Pack 3 do include the client soft[...]

Page 69

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Configuration 4 -21 201-10301-02, May 20 05 4. Select the desired Encryption method. Fo r WP A2-PSK, the only option is AES. 5. Enter the pre-shared key in the Passphra se field. Enter a w ord or group of printable characters in the Passphrase box. T[...]

Page 70

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 4-22 Wireless Configur ation 201-10301-02, May 2005 2. Click W ireless Settings in the main menu of the F WG1 14P v2. Figure 4-1 1: Wireless Sett ings menu (WP A-PSK and WP A2-PSK) 3. Select WP A-PSK and WP A2-PSK on the pulldown menu. The WP A-PSK and WP A2-P[...]

Page 71

Serial Port Configuration 5-1 201-10301-02, May 2005M-10 207-01, Reference Manual v2 Chapter 5 Serial Port Configuration This chapter describes how to configure th e serial port options of y our ProSafe W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2. The FWG1 14P v2 serial port lets you share the broadband co nnection of another FWG1 14[...]

Page 72

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 5-2 S erial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2 Configuring a Serial Port Modem Y ou can configure a se rial port modem for any of the features described above. Be sure you have prepared the basic re quirements listed belo[...]

Page 73

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Serial Port Con figuration 5-3 201-10301-02, May 2005M-10 207-01, Reference Manual v2 — For dial-up, “Standard Modem” should work in most cases. Otherwise, select your modem from the list. — If your modem is not on the list, select “U ser Defined”[...]

Page 74

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 5-4 S erial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2 Figure 5-2: Auto-Rollover config uration menu 3. Configure the Auto-Rollover settings. 4. Click Apply for the changes to take effect . Configuring Dial-in on the Serial Port [...]

Page 75

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Serial Port Con figuration 5-5 201-10301-02, May 2005M-10 207-01, Reference Manual v2 Basic Requirement s for Dial-in Dial-in requires these elements: 1. A broadband co nnection to the F WG1 14P v2. 2. An analog phone line. 3. A serial modem properly configur[...]

Page 76

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 5-6 S erial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2 Configuring LAN-to-LAN Settings LAN-to-LAN e nables dire ct communic ations be tween two FWG1 14P v2 wireless firewall/print servers. Figure 5-4: LAN-to-LAN ne twork configur[...]

Page 77

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Serial Port Con figuration 5-7 201-10301-02, May 2005M-10 207-01, Reference Manual v2 Figure 5-5: LAN-to-LAN configur ation menu 3. Configure the LAN-to-LAN settings. Note: The LAN subnet address of each FWG1 14P v2 must be dif ferent. 4. Click Apply for the [...]

Page 78

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 5-8 S erial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2[...]

Page 79

Firewall Protection and Conten t Filtering 6-1 201-10301-02, May 20 05 Chapter 6 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2 to protect your network. These f eatures can be found by clicking on the Content Filteri[...]

Page 80

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-2 Firewall Protection and Content Filtering 201-10301-02, May 2005 • W eb addresses • W eb address keywords These options are discussed below . The Keyword Blockin g menu is shown here. Figure 6-1: Block Sites menu T o enable filtering, click the checkb [...]

Page 81

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6-3 201-10301-02, May 20 05 T o delete a keyword or domain, select it from th e list, click Delete Keyword, then click Apply . Keyword application examples: • If the keyword "XXX" is specified, the URL <[...]

Page 82

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-4 Firewall Protection and Content Filtering 201-10301-02, May 2005 The service numbers for man y co mmon protocols are defined by the Internet Engineering T ask Force (IETF) and published in RFC1700, “Assi gned Numbers.” Servic e numbers for other applic[...]

Page 83

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6-5 201-10301-02, May 20 05 These default rules are shown in the Rules table of th e Rules menu in Figure 6-2 : Figure 6-2: Rules menu Y ou can define additional rules that will specify exce ptions to the default ru l[...]

Page 84

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-6 Firewall Protection and Content Filtering 201-10301-02, May 2005 • Service. From this list, sel ect the application or service to be allowed or blocked. The list already displays many common services, but yo u are not limited to these choices. Use the Se[...]

Page 85

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6-7 201-10301-02, May 20 05 Follow these guidelines when setting up port forwarding inbound rules: • If your external IP address is assigned dynamically by your ISP , the IP address may change periodically as the DH[...]

Page 86

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-8 Firewall Protection and Content Filtering 201-10301-02, May 2005 This rule is shown in Figure 6-3 . Example: Port Forwarding for Vide oconferencing If you want to allow incoming vi deoconferencing to be initiated from a restricted range of outside IP addre[...]

Page 87

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6-9 201-10301-02, May 20 05 Figure 6-5: Service example: port forwarding for VPN when NA T is Off In the example shown in Figure 6-5 , UDP port 500 connection s are de fined as the IPSec se rv ice. Figure 6-6: Inbound[...]

Page 88

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-10 Firewall Protection and Content Filtering 201-10301-02, May 2005 • IP address of the Internet site being contacted (destination address) •T i m e o f d a y • T ype of service be ing requested (service port number) Outbound Rule Example: Blocking Ins[...]

Page 89

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6 -11 201-10301-02, May 20 05 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu. For any traffic attempting to pass through the firewall, the packet informatio n is [...]

Page 90

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-12 Firewall Protection and Content Filtering 201-10301-02, May 2005 Using a Schedule to Block or Allow Content or T raffic If you enabled content filtering in the Block Sites me nu, or if you d efined an outbound rule to use a schedule, you can set up a sche[...]

Page 91

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6 -13 201-10301-02, May 20 05 Note: Enter the values in 24-hour time format. For ex ample, 10:30 am would b e 10 hours and 30 minutes and 10:3 0 pm would be 22 hours and 30 minutes. Be sure to click Apply when you h a[...]

Page 92

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-14 Firewall Protection and Content Filtering 201-10301-02, May 2005 Figure 6-9: E-mail menu • T urn e-mail notification on. Select this check box if you want to receive e-mail logs and alerts from the router . • Send alerts and logs by e-mail. If you ena[...]

Page 93

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6 -15 201-10301-02, May 20 05 – If a Denial of Service attack is detected. – If a Port Scan is detected. – If a user on your LAN attemp ts to access a website that you blocked using Keyword blocking. • Send lo[...]

Page 94

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-16 Firewall Protection and Content Filtering 201-10301-02, May 2005 V iewing Logs of W eb Access or Attempted W eb Access The router will log security-related events, such as denied incomi ng and outgoing service requests, hacker probes, and administrator lo[...]

Page 95

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Protection and Content Filtering 6 -17 201-10301-02, May 20 05 Log action buttons are described in Ta b l e 6 - 1 . What to Include in the Event Log Use these ch eckbox es t o determine which ev ents a r e included in the log. Checking all options wi[...]

Page 96

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 6-18 Firewall Protection and Content Filtering 201-10301-02, May 2005 Enable one of these three options, as required: • Disable - select this if you do not have a Syslog server . • Broadcast on LAN - the Sysl og data is broadcast, rather than sent to a spe[...]

Page 97

Print Server 7-1 201-10301-02, May 20 05 Chapter 7 Print Server This chapter describes how to in stall and configure the print ser ver in your ProSafe W ireless 802.1 1g Firewall/Print Se rver Model FWG1 14P v2. Printing Options The FWG1 14P v2 supports these methods for printing: • For Windows XP and 2000 Only: TCP/IP Line Printer Remote (LPR) P[...]

Page 98

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-2 Print Server 201-10301-02, May 2005 For Windows XP and 2000, U se TCP/IP LPR Printing Follow these instructions to set up TCP/IP printing on your W indows XP and 2000 PCs. Install the FWG1 14P v2, connect your printer to the USB port on the FWG1 14P v2, an[...]

Page 99

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-3 201-10301-02, May 20 05 Complete the Add S tandard TCP/IP Printer Port Wizard. a. Click Next to proceed with the Add Standard TCP/IP Printer Port W izard. The Add Port screen will display . b. From the Add Port screen, enter 192.168.0.1 , the[...]

Page 100

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-4 Print Server 201-10301-02, May 2005 Identify the printer connected to FWG1 14P v2 USB printer port. a. From the Install Printer Software screen selection lists, find the manufacturer and model of the printer you connected to the USB port on the FWG1 14P v2[...]

Page 101

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-5 201-10301-02, May 20 05 Note: If two long files are sent to the printer at once, W indows will pop up a print failure error message. This message ca n be ignored. The file will pr int once the printer finishes printing the first file.[...]

Page 102

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-6 Print Server 201-10301-02, May 2005 For Windows 95/98/Me, Use the Ne tgear Printer Port Driver Follow these instructions to set up the Netg ear Printer Port Drive on W indows 9x PCs. Install the Netgear Printer Port Driver and configuration utility softwar[...]

Page 103

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-7 201-10301-02, May 20 05 Set up the Netgear printer port driver . a. Click Finish when the Installation W izard is done. The Printer Port Setup utility displays, and queries the network to locate the print server in the FWG1 14P v2. After a sh[...]

Page 104

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-8 Print Server 201-10301-02, May 2005 Identify the printer connected to the FWG1 14P v2 USB printer port. a. From the Add Printer W izard screen selection lists, find the manufacturer and model of the printer you connected to the USB port on the FWG1 14P v2.[...]

Page 105

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-9 201-10301-02, May 20 05 Printing from the Macintosh Macintosh computers can connect to a TCP/IP network printer using the Line Printer Remote (LPR) protocol. LPR printi ng can be set up on any Macinto sh that has Desktop Printi ng installed o[...]

Page 106

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-10 Print Server 201-10301-02, May 2005 6. In the LPR Printer Selec tion box, click Change... 7. In the Printer Address field, type the name or IP address of the FWG1 14P v2 W ire less Firewall/Print Server. The IP address will us ually be 192.168.0.1. Y ou c[...]

Page 107

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-11 201-10301-02, May 20 05 Figure 7-1: Print Port Configu ration menu Items shown on this screen are as follows: •P o r t If desired, click Browse Device to select a diff erent device. The Select Device Port button supports multi-port models,[...]

Page 108

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-12 Print Server 201-10301-02, May 2005 T roubleshooting the Print Server Question: When I tried to install the Printer Driver for Peer -to-Peer printin g, I received an error message and the installation was aborted. Answer: This may be caused by an existing[...]

Page 109

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-13 201-10301-02, May 20 05 c. For Network Path or Queue, enter a dummy value, such as 123, as shown below . Select NO for “Do you print from MS-DOS-based programs?”. d. Click Next. Figure 7-2: Windows Add Printe r Wizard e. The printer wi[...]

Page 110

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-14 Print Server 201-10301-02, May 2005 g. Right-click the new printer and select Properti es. Then select the De tails tab, as shown below . Figure 7-3: Windows Print er Properties h. Click the Add Port button. On the resultin g screen, select Ot her , then [...]

Page 111

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Print Server 7-15 201-10301-02, May 20 05 k. Click OK to return to the Prin ters folders, and right-cl ick on the new printer . Make sure that the W ork Offline option is NOT checked. l. From the printer Properties page, General tab, pr int a test page to con[...]

Page 112

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 7-16 Print Server 201-10301-02, May 2005[...]

Page 113

Virtual Private Networking 8-1 201-10301-02, May 20 05 Chapter 8 V irtual Private Networking This chapter describes how to u se the virtual private networking (VPN) features of the FWG1 14P v2 W ireless Firewall/Print Server. VPN tunnel s provide secure, encr ypted communications between your local network and a remote network or computer . The FWG[...]

Page 114

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-2 Virtual Private Networking 201-10301-02, May 2005 Using Policies to Manage VPN T r affic Y ou create policy definitions to manage VPN traffic on the FWG1 14P v2. There are two kinds of policies: • IKE Policies : Define the authenticatio n scheme and auto[...]

Page 115

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking 8-3 201-10301-02, May 20 05 IKE Policies’ Automatic Key and Authentication Management Click the IKE Policies link from the VPN section of the main menu , and then click the Add button of the IKE Policies screen to display th e IKE[...]

Page 116

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-4 Virtual Private Networking 201-10301-02, May 2005 The IKE Policy Configuration fields are defined in the following tabl e. T able 8-1. IKE Policy Configuration Fields Field Description General These setti ngs identify this polic y an d determine its major [...]

Page 117

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking 8-5 201-10301-02, May 20 05 Remote These parameters apply to the target remote FWG1 14P v2, VPN gateway , or VPN client. Remote Identity T ype Use this field to identi fy th e remote FWG1 14P v2. Y ou can choose one of the following[...]

Page 118

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-6 Virtual Private Networking 201-10301-02, May 2005 VPN Policy Configuration for Auto Key Negotiation An already defined IKE policy is required for VP N - Auto Policy config uration. From the VPN Policies section of the main menu, you can navigate to the VPN[...]

Page 119

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking 8-7 201-10301-02, May 20 05 The VPN Auto Poli cy fields ar e defined in the following tabl e. T able 8-1. VPN Auto Policy Configuration Field s Field Description General These setti ngs identify this polic y an d determine its major[...]

Page 120

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-8 Virtual Private Networking 201-10301-02, May 2005 T raffic Selector These settings determine if and when a VPN tunnel will be established. If network tr affic me ets all criteria, then a VPN tunnel will be created. Local IP The drop-down menu allows yo u t[...]

Page 121

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking 8-9 201-10301-02, May 20 05 VPN Policy Configuration for Manual Key Exchange W ith Manual Key Management, you w ill not use an IKE poli cy . Y ou mu st manually type in all the required key information. Clic k the VPN Policies link [...]

Page 122

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-10 Virtual Private Ne tworking 201-10301-02, May 2005 Figure 8-4: VPN - Manual Policy Menu[...]

Page 123

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-11 201-10301-02, May 20 05 The VPN Manual Policy fields are defined in t he following table. T able 8-1. VPN Manual Poli cy Configuration Fields Field Description General These setti ngs identify this polic y an d determine its m[...]

Page 124

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-12 Virtual Private Ne tworking 201-10301-02, May 2005 SPI - Incoming Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the remote VPN end point has the sam e val u e in it s "Outgoin g SPI" fi el d . SPI - Outgoing Enter a Hex valu[...]

Page 125

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-13 201-10301-02, May 20 05 Encryption Algorithm If you enable ESP Encryption, then select the Encr yption Algorithm: • DES is the default. • 3DES is more secure. Key - In Enter the key in the fie ld s pro vi d ed . • For DE[...]

Page 126

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-14 Virtual Private Ne tworking 201-10301-02, May 2005 Using Digit al Certificates for IKE Auto-Policy Authentication Digital certificates are strings gene rated us ing encryption and authe n tication schemes which cannot be duplicated by anyone w ithout acce[...]

Page 127

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-15 201-10301-02, May 20 05 W alk-Through of Configurati on Scenarios on the FWG1 14P v2 There are a variety of configurations yo u migh t implement with the FWG1 14P v2. The scenarios listed below illustrate typical configura tio[...]

Page 128

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-16 Virtual Private Ne tworking 201-10301-02, May 2005 Figure 8-5: VPN Wizard S t art Screen 2. Fill in the Connection Name, pre- shared key , and select the type of target end point, and click Next to proceed. Figure 8-6: Connection Na me and Remote IP T ype[...]

Page 129

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-17 201-10301-02, May 20 05 3. Fill in the IP Address or F QDN for the ta rget VPN endpoint W AN connectio n and click Next . Figure 8-7: Remote IP 4. Identify the IP addresses at the target endp oint which can use th is tunnel, a[...]

Page 130

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-18 Virtual Private Ne tworking 201-10301-02, May 2005 Figure 8-9: VPN Wizard Summary T o view the VPNC recommended authenticatio n and encryption Phase 1 and Phase 2 se ttings the VPN W izard used, click the “ her e ” link. 5. Click Done to complete the [...]

Page 131

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-19 201-10301-02, May 20 05 VPNC Scenario 1: Gate way to Gateway with Preshared Secret s The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 8-10: VPN Consortium Sc ena rio 1 G[...]

Page 132

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-20 Virtual Private Ne tworking 201-10301-02, May 2005 Scenario 1: FWG1 14P v2 to FW G1 14P v2 with Preshared Secrets Note : This scenario assumes all ports are open on the FWG1 14P v2. Y ou can verify this by reviewing the security settings as seen in the ?[...]

Page 133

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-21 201-10301-02, May 20 05 c. From the main menu Advanced secti on, click on the LAN IP Setup link. Figure 8-13: LAN IP configurat ion menu d. Configure the LAN IP address according to th e settings above and click Apply to save [...]

Page 134

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-22 Virtual Private Ne tworking 201-10301-02, May 2005 3. Set up the IKE Policy illustrated below on th e FWG1 14P v2. a. From the main menu VPN sectio n, click on the IKE Policies link, and then click the Add button to display the screen below . Figure 8-14:[...]

Page 135

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-23 201-10301-02, May 20 05 4. Set up the FWG1 14P v2 VPN -Auto Policy illustrated below . a. From the main menu VPN sectio n, click on the VPN Policies link, and then click on the Add Auto Policy button. Figure 8-15: Scenario 1 V[...]

Page 136

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-24 Virtual Private Ne tworking 201-10301-02, May 2005 How to Check VPN Connections Y ou can te st connectivity and view VPN status information on the FWG1 14P v2. 1. T o test connectivity betwee n the Gateway A FWG1 14P v2 LAN and the Gateway B LAN, follow t[...]

Page 137

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-25 201-10301-02, May 20 05 VPNC Scenario 2: Gateway-to -Gateway with Certificates The following is a typical gatewa y-to-gateway VPN that uses PKIX certificates for authentication. Figure 8-16: VPN Consortium Sc ena rio 2 Gateway[...]

Page 138

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-26 Virtual Private Ne tworking 201-10301-02, May 2005 • Selectors for all IP protocols, all ports, between 10.5.6.0/24 an d 172.23.9.0/24, using IPv4 subnets Scenario 2: FWG1 14P v2 to FWG1 14P v2 with Certificates The following is a typical gate way-to-ga[...]

Page 139

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-27 201-10301-02, May 20 05 b. Click the Generate Request button to display the screen illustrated in Figure 8-17 below . . Figure 8-17: Generate Se lf Certificat e Request menu c. Fill in the fields on the Add Self Certificate sc[...]

Page 140

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-28 Virtual Private Ne tworking 201-10301-02, May 2005 – E-mail Address. Y ou can enter your e-mail address here. d. Click the Next button to continue. The FWG1 14 P v2 generates a Self Certificate Request as shown below . Figure 8-18: Self Ce rtificate Req[...]

Page 141

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-29 201-10301-02, May 20 05 c. When you have finished gathering the Self Ce rtificate Request data, click the Done button. Y ou will return to the Certificates screen where your pending “FWG1 14P v2” Self Certificate Request w[...]

Page 142

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-30 Virtual Private Ne tworking 201-10301-02, May 2005 f. Y ou will now see the “FWG1 14P v2” entry in the Active Self Certificates table and the pending “FWG1 14P v2” Self Certificate Request is gone, as illustrated bel ow . Figure 8-20: Self Certif [...]

Page 143

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-31 201-10301-02, May 20 05 Now , the traf fic from devices within the range of the LAN subnet addresses on FWG1 14P v2 A and Gateway B will be authenticated using the certificates rather tha n via a shared key . 8. Set up Certifi[...]

Page 144

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-32 Virtual Private Ne tworking 201-10301-02, May 2005 Netgear VPN Client to FWG1 14P v2 Follow these procedure s to configure a VPN tunn el from a NETGEAR ProSafe VPN Client to an FWG1 14P v2. This case study follows the V i rtual Private Network Consortium [...]

Page 145

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-33 201-10301-02, May 20 05 Figure 8-22: Addressing and Subnet Used for Examples S tep-By-Step Configuratio n of FWG1 14P v2 Gateway 1. Log in to the FWG1 14P v2 ga teway as in the illustration. Out of the box, the FW G1 14P v2 is[...]

Page 146

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-34 Virtual Private Ne tworking 201-10301-02, May 2005 2. Click IKE Policies under the VPN menu and click Add on the IKE Policies Menu. Figure 8-23: NETGEAR FWG1 14P v2 IKE Policy Configuration – Enter a descriptive name for the policy in the Policy Name fi[...]

Page 147

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-35 201-10301-02, May 20 05 – From the Remote Identit y drop-down box, select Fully Qualified Domain Name . –T y p e VPNclien t in the Remote Identity Data. This will also be entered in the VPN Client My Identity ID T ype fiel[...]

Page 148

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-36 Virtual Private Ne tworking 201-10301-02, May 2005 3. Click the VPN Policies link under the VPN category on the le ft side of the main menu. This will take you to the VPN Policies Menu page. Click Add Auto Policy . This will open a new screen titled VPN ?[...]

Page 149

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-37 201-10301-02, May 20 05 – From the Remote VP N Endpoint Address T ype drop -down box, select IP Address . –T y p e 0.0.0.0 as the Address Data of the client beca use we are assuming the remote PC will have a dynamically as[...]

Page 150

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-38 Virtual Private Ne tworking 201-10301-02, May 2005 – Select Enable Authentication in the ESP Configuration Enable Authentication check box. Note : Do not confuse this with the Authentication Protocol (AH) option. Using the AH option will prevent clients[...]

Page 151

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-39 201-10301-02, May 20 05 1. Install the Netgear VPN Client Software on the PC. • Y ou may need to insert your W indow s CD to complete the installation. • Reboot your PC after installing the client software. 2. Configur e t[...]

Page 152

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-40 Virtual Private Ne tworking 201-10301-02, May 2005 Note : If the configuration settings on this scree n are not available for editing, go to the Options menu, select Secure, and Specified Options to enable editing these se ttings. From the Edit menu of th[...]

Page 153

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-41 201-10301-02, May 20 05 b. Click Pr e-Shar ed Key . Figure 8-29: Connection Identi ty Pre-Shared Key c. Enter hr5xb84l6aa9r6 , which is the same Pre-Shared Key entered in the FWG1 14P v2. d. Click OK . 4. Configur e the Connec[...]

Page 154

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-42 Virtual Private Ne tworking 201-10301-02, May 2005 5. Configur e the Connection Security Policy In this step, you will provid e the authentication (IKE Phase 1) settings, and th e key exchange (Phase 2) settings. The setting choices in this procedure foll[...]

Page 155

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-43 201-10301-02, May 20 05 Figure 8-32: Connection Security Policy Key Exchange (Phase 2) b. Configure the Key Exchange (Phase 2). • Expand the Key Exchange (Phase 2) he ading, and click on Proposal 1. • For this example, ens[...]

Page 156

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-44 Virtual Private Ne tworking 201-10301-02, May 2005 6. Configur e the Global Policy Setti ngs. a. From the Options menu at the top of th e Security Policy Editor window , select Global Policy Settings . Figure 8-33: Security Policy Editor Global Policy Opt[...]

Page 157

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-45 201-10301-02, May 20 05 T esting the VPN Connection Y ou can test the VPN connection in several ways: • From the client PC to the FWG1 14P v2 • From the FWG1 14P v2 to the client PC These procedures are explained below . F[...]

Page 158

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-46 Virtual Private Ne tworking 201-10301-02, May 2005 T o test the connection to a co mputer connected to the FWG1 14P v2, simply ping the IP address of that computer . Once connected, you can open a brows er on the remote PC and enter the LAN IP Address of [...]

Page 159

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Ne tworking 8-47 201-10301-02, May 20 05 A sample Connection Monitor screen for a dif f erent conn ectio n is sh own below: Figure 8-35: Connection Monit or screen In this example the follo wing connection op tions apply: • The FWG1 1 4P v2 [...]

Page 160

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 8-48 Virtual Private Ne tworking 201-10301-02, May 2005 The FWG1 14P v2 VPN Status screen for a successful connection is shown below : Figure 8-36: FWG1 14P v 2 VPN St atus screen[...]

Page 161

Maintenance 9-1 201-10301-02, May 20 05 Chapter 9 Maintenance This chapter describes how to use the maintenan ce features of your ProSafe Wireless 802.1 1g Firewall/Print Server Model FWG1 14P v2. Thes e features are accessed via the Main Menu Maintenance heading. V iewing Wireless Firewall/Print Server S t atus Information The Router S tatus menu [...]

Page 162

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 9-2 Maintenance 201-10301-02, May 2005 Figure 9-1: Router S t atus screen The Router S tatus screen shows the following parameters: T able 9-1. St atus Fields Field Description System Name The System Name assigne d to the router . Firmware V ersion The ro uter[...]

Page 163

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Maintenanc e 9-3 201-10301-02, May 20 05 Printer S tatus The printer status. W AN Port These parameters apply to the Internet (WAN) port of the router . MAC Address This field displays the MAC addr ess being used by the Internet (WAN) port of the router . IP [...]

Page 164

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 9-4 Maintenance 201-10301-02, May 2005 Click “W AN Status” to displa y the W AN connection status. Figure 9-2: Connectio n S tatus screen This screen shows the following statistics:. Modem The status of the modem port. Dial-In The status of the Dial-In por[...]

Page 165

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Maintenanc e 9-5 201-10301-02, May 20 05 Log action buttons are described in Ta b l e 9 - 2 . Click “Show S tatistics” to di splay router usage statistics. Figure 9-3: Router S t atistics screen This screen shows the following statistics: T able 9-2. Conn[...]

Page 166

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 9-6 Maintenance 201-10301-02, May 2005 W AN Status action buttons are described in T able 9-2 . V iewing a List of Att ached Devices The Attached Devices menu contains a table of all IP devices that the router has discovered on the local network. From the Main[...]

Page 167

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Maintenanc e 9-7 201-10301-02, May 20 05 Upgrading the Router Sof tware The routing software of the FWG1 14P v2 W irele ss Firewall/Print Server is stored in FLASH memory , and can be upgraded as new software is released by NETGEAR. Upgrade files can be downl[...]

Page 168

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 9-8 Maintenance 201-10301-02, May 2005 From the Main Menu of the brow ser interface, under the Maintenan ce heading, select the Settings Backup heading to b ring up the menu sho wn below . Figure 9-5: Settings Ba cku p menu Three options are available, and are[...]

Page 169

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Maintenanc e 9-9 201-10301-02, May 20 05 Erasing the Configuration It is sometimes desirable to restore the router to a known blank condition. This can be done by using the Erase function, which will restore al l factory settings. After an erase, the router&a[...]

Page 170

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 9-10 Maintenance 201-10301-02, May 2005[...]

Page 171

Advanced Configuration 10-1 201-10301-02, May 20 05 Chapter 10 Advanced Configuration This chapter describes how to configure the advan ced features of your ProSafe W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2. Thes e features can be found under the Advanced heading in the Main Menu of the browser interface. Using the W AN Setup Optio[...]

Page 172

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-2 Advanced Configuration 201-10301-02, May 2005 Normally , this option is Enabled, so that an Internet connection will be made automatically whenever Internet-bound traffic is detected. In locations where Internet access is billed by the minute, if this cau[...]

Page 173

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Advanced Configur ation 10-3 201-10301-02, May 20 05 • Setting the MTU Size The default MTU size is usually fine. The no rmal MTU (Maximum T ransmit Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs, particularly those using PPPoE, you may[...]

Page 174

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-4 Advanced Configuration 201-10301-02, May 2005 3. Access the website of one of the dynamic DNS service providers whose names appear in the ‘Select Service Provider ’ box, and register for an account. For example, for dyndns.o rg, go to www .dyndns.or g[...]

Page 175

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Advanced Configur ation 10-5 201-10301-02, May 20 05 Using the LAN IP Setup Options The second feature category under the Advanced heading is LAN IP Setup. This menu allows configuration of LAN IP services, such as DHCP and RIP . From the Main Menu of the bro[...]

Page 176

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-6 Advanced Configuration 201-10301-02, May 2005 These addresses are part of the IETF-designated private address range for use in private networks, and should be suitabl e in most applications. If yo ur network has a requirement to use a different IP address[...]

Page 177

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Advanced Configur ation 10-7 201-10301-02, May 20 05 Using the Router as a DHCP server By default, the router will function as a DHCP (Dynamic Host Configuration Protocol) server , allowing it to assign IP , DNS server , and default gateway addresses to all c[...]

Page 178

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-8 Advanced Configuration 201-10301-02, May 2005 3. T ype the MA C Address of the computer or server . (T ip: If the computer is already present on your network, you can copy its MAC address from the Attached Devices menu and paste it here.) 4. Click Apply t[...]

Page 179

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Advanced Configur ation 10-9 201-10301-02, May 20 05 Figure 10-3. St atic Route Entry and Edit Menu 2. T ype a route name for this static route in the Route Name box. (This is for identification purpose only .) 3. Select Active to make this route ef fective. [...]

Page 180

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-10 Advanced Configuration 201-10301-02, May 2005 • Y our company’ s network is 13 4.1 77.0.0. When you first configure d your router , two implic it static routes were crea ted. A default route was created with your ISP as the gateway , and a second sta[...]

Page 181

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Advanced Configur ation 10-11 201-10301-02, May 20 05 b. T o a llow access from a range of IP addresses on the Internet, select IP address range. Enter a beginning and end ing IP address to defi ne the allowed range. c. T o a llow access from a single IP addr[...]

Page 182

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-12 Advanced Configuration 201-10301-02, May 2005 T urn UPnP On: UPnP can be enab led or disabled for automatic devic e configuration. The default setting for UPnP is enabled. If disabled, the rout er will not allow any device to automatically control the re[...]

Page 183

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Advanced Configur ation 10-13 201-10301-02, May 20 05 These settings normally do not need to be changed. • WMM support WMM (W ireless Multimedia) is a subset of th e 802.1 1e standard. WM M allows wireless traffic to have a range of priorities, depending on[...]

Page 184

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 10-14 Advanced Configuration 201-10301-02, May 2005[...]

Page 185

Troubleshooting 11-1 201-10301-02 , May 2005 Chapter 11 T roubleshooting This chapter gives information about troubleshooting your ProSafe Wireless 802.1 1g Firewall/ Print Server Model FWG1 14P v2. After each prob lem description, instructions are provided to help you diagnose and solve the problem. Basic Functioning After you turn on power to the[...]

Page 186

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 11-2 Troubleshooting 201-10301-02 , May 2005 LEDs Never T urn Off When the router is turned on, th e LEDs turns on for about 10 seconds and then turns off. If all the LEDs stay on, there is a fault within the router . If all LEDs are still on one minute after [...]

Page 187

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Troubleshooting 11-3 201-10301-02 , May 2005 T roubleshooting the Web Configuration Interface If you are unable to acce ss the router ’ s W eb Config uration interface from a computer on your local network, check the following : • Check the Ethernet conne[...]

Page 188

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 11-4 Troubleshooting 201-10301-02 , May 2005 T roubleshooting the ISP Connection If your router is unable to access the Internet, you should first determine whether the router is able to obtain a W AN IP address from the ISP . Unless yo u have been assigned a [...]

Page 189

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Troubleshooting 11-5 201-10301-02 , May 2005 OR Configure your router to spoof your computer ’ s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring Y our Internet Conn ectio n” on page 3-18 . If your router can obta[...]

Page 190

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 11-6 Troubleshooting 201-10301-02 , May 2005 Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message: Request timed out If the path is not functioning correctly , you could have one of t he following proble[...]

Page 191

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Troubleshooting 11-7 201-10301-02 , May 2005 — Y ou r ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allo wing traffic from the MAC address of your broadband modem, but some IS Ps ad[...]

Page 192

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 11-8 Troubleshooting 201-10301-02 , May 2005[...]

Page 193

Technical Specifications A-1 201-10301-02, May 20 05 Appendix A T echnical S pecifications This appendix provides technica l specifications for the ProSafe W ireless 802.1 1g Firewall/Print Server Model FWG1 14P v2. Network Protocol and St andards Compatibility Data and Routing Protocols: TCP/IP , RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) VPN Pr[...]

Page 194

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 A-2 Technical Specifications 201-10301-02, May 2005 Electromagnetic Emissions For North America and Australia FCC Part 15 Class B For Japan VCCI Class B For Europe EN 300 328, EN 301 489-17, E N 301 489-1, EN 60950 Interface S p ecifications LAN: 10BASE-T or 1[...]

Page 195

Networks, Routing, and Firewall Basics B-1 201-10301-02, May 20 05 Appendix B Networks, Routing, and Firewall Basics This appendix provides an ov erview of IP networks, routing, and firewalls. Related Publications As you read this document, you may be dire cted to various RF C documents for further information. An RFC is a Request For Comment (RFC)[...]

Page 196

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-2 Networks, Routing, and Firewall Basics 201-10301-02, May 2005 Routing Information Protocol One of the protocol s used b y a rout er to b uild an d maintain a picture of the network is the Routing Information Protocol (RIP). Us ing RIP , routers periodicall[...]

Page 197

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-3 201-10301-02, May 20 05 Figure 1 1- 1: Three Main Address Classes The five address classes are: • Class A Class A addresses can have up to 16,777,2 14 hosts on a single network. They use an eight-bit network number[...]

Page 198

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-4 Networks, Routing, and Firewall Basics 201-10301-02, May 2005 This addressing structure allows IP addresses to uniquely identify each phys ical network and each node on each ph ysical network. For each unique value of the network portion of the address, th[...]

Page 199

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-5 201-10301-02, May 20 05 Subnet addressing al lows us to split one IP network ad dress into smaller multiple physical networks known as sub networks. Some of the node numbers are used as a su bn et number instead. A C[...]

Page 200

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-6 Networks, Routing, and Firewall Basics 201-10301-02, May 2005 The following table lists the additional subnet mask bits in dotted-decimal notation. T o use the table, write down the original class netmask and replace the 0 value octets with the dotted-deci[...]

Page 201

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-7 201-10301-02, May 20 05 NETGEAR strongly recommends that you configur e all hosts on a LAN se gment to use the same netmask for the following reasons: • So that hosts recognize lo cal IP broadcast packets. When a d[...]

Page 202

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-8 Networks, Routing, and Firewall Basics 201-10301-02, May 2005 The router accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Inte rnet. The inte rnal LAN IP addresses can be eith[...]

Page 203

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-9 201-10301-02, May 20 05 MAC Addresses an d Address Re solution Protocol An IP address alone cannot be used to deliver da ta from one LAN device to another . T o send data between LAN devices, you must convert the IP [...]

Page 204

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-10 Networks, Routing, and Firewall Ba sics 201-10301-02, May 2005 When a PC accesses a resource by its descriptive name, it first contacts a DN S server to obtain the IP address of the resource. The PC sends the d esired message using the IP address. Ma ny l[...]

Page 205

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-11 201-10301-02, May 20 05 What is a Firewall? A firewall is a device that protects one netw ork from another , while allowing communication between the two. A firewall incorporates the functi ons of the NA T router , [...]

Page 206

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-12 Networks, Routing, and Firewall Ba sics 201-10301-02, May 2005 . Category 5 Cable Quality Category 5 distributed cable that me ets ANSI/EIA/ TIA-568-A building wiring stan dards can be a maximum of 328 feet (ft.) or 10 0 meters (m) in length, div ided as [...]

Page 207

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-13 201-10301-02, May 20 05 Inside T wisted Pair Cables For two devices to communicate, th e transmitter of each device must be connected to the receiver of the other device. The cro sso ver function is usually implemen[...]

Page 208

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-14 Networks, Routing, and Firewall Ba sics 201-10301-02, May 2005 Figure B-3: Category 5 UTP Cable with Male RJ -4 5 Plug at Each End Note : Flat “silver satin” tele phone cable may have the same RJ-45 plug . However , using tele phone cable results in e[...]

Page 209

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Networks, Routing, and Firewall Basics B-15 201-10301-02, May 20 05 The FWG1 14P v2 W ireless Firewall/Print Server incorporates Auto Uplink TM technology (als o called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable pl[...]

Page 210

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 B-16 Networks, Routing, and Firewall Ba sics 201-10301-02, May 2005[...]

Page 211

Preparing Your Netwo rk C-1 201-10301-02, May 20 05 Appendix C Prep aring Y our Network This appendix describes how to prepare your ne twork to connect to the Internet through the ProSafe W ireless 802.11g Firewall/Print Serv er Model FWG1 14P v2 and how to verify the readiness of broadband Internet service from an Internet serv ice provider (ISP).[...]

Page 212

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 C-2 Preparing Yo ur Network 201-10301-02, May 2005 In your IP network, each PC and the firewall must be assigned unique IP addresses. Each PC must also have certain other IP configuratio n informa tion, such as a subnet ma sk (netmask), a domain name server (D[...]

Page 213

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Preparing Your Netwo rk C-3 201-10301-02, May 20 05 Y ou must have an Ethernet adapter , the TCP/IP protocol, and Client for M icrosoft Networks. If you need to install a ne w adapter , follow these steps: a. Click the Add button. b. Select Adapter , and then[...]

Page 214

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 C-4 Preparing Yo ur Network 201-10301-02, May 2005 If you need Client for Micro soft Networks: a. Click the Add button. b. Select Client, and then click Ad d. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. 3. Restart your PC f[...]

Page 215

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Preparing Your Netwo rk C-5 201-10301-02, May 20 05 5. Uncheck all boxes in the LAN Internet Configuration screen and click Next. 6. Proceed to the end of th e W izard. V erifying TCP/IP Properties After your PC is configured and has rebooted, you can check t[...]

Page 216

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 C-6 Preparing Yo ur Network 201-10301-02, May 2005 5. V erify that ‘Client for Microsoft Networks’ and ‘Internet Protocol (TCP/IP)’ are present. If not, select Install and add them. 6. Select ‘Internet Protocol (TCP/IP)’, click Prop erties, and ver[...]

Page 217

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Preparing Your Netwo rk C-7 201-10301-02, May 20 05 The TCP/IP Control Panel opens: 2. From the “Connect via” box, select your Macintosh’ s Ethernet interface. 3. From the “Configure” box, select Using DHCP Server . Y ou can leave the DHCP Client ID[...]

Page 218

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 C-8 Preparing Yo ur Network 201-10301-02, May 2005 V erifying TCP/IP Properties for Macintosh Computers After your Macintosh is configured and has rebo oted, you can check the TC P/IP configuration by returning to the TCP/IP Control Panel. From th e Apple menu[...]

Page 219

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Preparing Your Netwo rk C-9 201-10301-02, May 20 05 V erifying the Readiness of Y our Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable m[...]

Page 220

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 C-10 Preparing Your Network 201-10301-02, May 2005 • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’ s router • One or more domain name server (DNS) IP addresses • Host name and domain suf fix For example, your [...]

Page 221

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Preparing Your Netwo rk C-11 201-10301-02, May 20 05 If an IP address appears under Installed Gatewa ys, write down the address. This is the ISP’ s gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Co[...]

Page 222

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 C-12 Preparing Your Network 201-10301-02, May 2005 Rest arting the Network Once you have set up your com puters to work with the firewall, you must reset the network for the devices to be able to communicat e correctly . Restart any computer that is connected [...]

Page 223

Firewall Log Formats D-1 201-10301-02, May 20 05 Appendix D Firewall Log Format s Action List Drop: Packet dropped by Firewall current inbound or outbound rules. Reset: TCP session reset by Firewa ll. Forward: Packet forwarded by Firewall to the ne xt hop based on matching the criteria in the rules table. Receive: Packet was pe rmitted by the firew[...]

Page 224

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 D-2 Firewall Log Formats 201-10301-02, May 2005 The format is: <DATE> <TIME> <PKT_TYPE> <SRC_IP> <S RC_INF> <DST_IP > <DST_INF> <ACTION><DESCRIPTION> [Fri, 2003-12-05 22:19:42] - UDP Pac ket - Source:172.31[...]

Page 225

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Log Formats D-3 201-10301-02, May 20 05 The format is: <DATE><TIME><PKT_TYPE>< SRC_IP><SRC_ PORT ><SRC_INF>< DST_IP><DST_POR T ><DST_PORT><ACTION><DESCRIPTION> <DATE><TIME>[...]

Page 226

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 D-4 Firewall Log Formats 201-10301-02, May 2005 Other Connections and T r affic to this Router The format is: <DATE><TIME>< PKT_TYPE ><SRC_IP><DST _IP><ACTION> [Fri, 2003-12-05 22:31:27] - ICMP Pa cket[Echo Request] - Source[...]

Page 227

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Log Formats D-5 201-10301-02, May 20 05 The format is: <DATE><TIME><PKT_TYPE>< SRC_IP><SRC_ PORT ><SRC_INF>< DST_IP><DST_POR T ><DST_PORT><ACTION><DESCRIPTION> <DATE> <TIME>[...]

Page 228

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 D-6 Firewall Log Formats 201-10301-02, May 2005 Access Block Site If keyword blocking is enabled and a keyword is specified, attempts to access a site whose URL contains a specified keyword are logged. The format is <DATE> <TIME> <EVENT> <[...]

Page 229

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Firewall Log Formats D-7 201-10301-02, May 20 05 The format is: <DATE><TIME><EVENT ><SRC_IP> <DATE><TIME><EVENT ><SRC_IP><SRC_PORT><DST_I P><DST_P ORT><ACT ION> [Fri, 2003-12-05 21:07:43][...]

Page 230

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 D-8 Firewall Log Formats 201-10301-02, May 2005[...]

Page 231

Wireless Networking Basics E-1 201-10301-02, May 20 05 Appendix E Wireless Networking Basics This chapter provides an overview of W ireless networking. Wireless Networking Overview The FWG1 14P v2 W ireless Firewall/Print Server conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.1 1b and 802.1 1g standards for wireless LAN[...]

Page 232

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-2 Wireless Networking B asics 201-10301-02, May 2005 Ad Hoc Mode (Peer- to-Peer Workgroup) In an ad hoc network, computers are brought together as needed; thus, there is no structure or fixed points to the network - each node can g enerally communicate with [...]

Page 233

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-3 201-10301-02, May 20 05 • Shar ed Key . With Shared Key authentication, on ly those PCs that possess the correct authentication key can join the ne twork. By default, IEEE 802. 1 1 wireless devices operate in an Open System ne[...]

Page 234

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-4 Wireless Networking B asics 201-10301-02, May 2005 2. The access point auth enticates the station. 3. The station associates with the access point and joins the network. This process is illustrated below . Figure E-1: O pen syst em authen tication Shared K[...]

Page 235

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-5 201-10301-02, May 20 05 Figure E-2: Shared key authentication Overview of WEP Parameters Before enabling WEP on an 80 2.1 1 network, you must first consider what type of encryption you require and the key size you wa nt to use. [...]

Page 236

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-6 Wireless Networking B asics 201-10301-02, May 2005 Key Size The IEEE 802.1 1 standard su pports two types of WEP en cryption: 40-bit and 128-bit. The 64-bit WEP data encryption meth od allows for a five-character (40-bit) input. Additionally , 24 factory-s[...]

Page 237

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-7 201-10301-02, May 20 05 WEP Configuration Options The WEP settings must match on a ll 802.1 1 devices that are within the same wireless network as identified by the SSID. In general, if your mobile clients will roam between acce[...]

Page 238

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-8 Wireless Networking B asics 201-10301-02, May 2005 Note: The availab le channels supported by the wireless products in va rious countries are dif ferent. For example, Channels 1 to 1 1 are supported in the U.S. and Canada, and Channels 1 to 13 are supporte[...]

Page 239

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-9 201-10301-02, May 20 05 WP A offers the following benefits: • Enhanced data privacy • Robust key management • Data origin authentication • Data integrity protection The W i-Fi Alliance is now perform ing interoperability[...]

Page 240

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-10 Wirele ss Network ing Basi cs 201-10301-02, May 2005 How Does WP A Comp are to IEEE 802.1 1i? WP A will be forward compatible with the IEEE 802.1 1i security specification currently under development. WP A is a subset of the current 8 02.11i draft and use[...]

Page 241

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-11 201-10301-02, May 20 05 The primary information conveyed in the Beacon frames is the authentication method and the cipher suite. Possible authentication methods in clude 802.1X an d Pr e-s h are d ke y . Pre-shared key is an au[...]

Page 242

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-12 Wirele ss Network ing Basi cs 201-10301-02, May 2005 WP A Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS Figure E-3: W P A Overview IEEE 802.1x offers an ef fective framework for authenticating and controlling user traffic [...]

Page 243

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-13 201-10301-02, May 20 05 Figure E-4: 802.1x Authent ication Sequence The AP sends Beacon Frames with WP A informatio n element to the stations in the service set. Information ele ments include the required au thentication method[...]

Page 244

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-14 Wirele ss Network ing Basi cs 201-10301-02, May 2005 3. The client sends an EAP-response packet containing the identity to the authentication server . The access point responds by enabling a port fo r passing only EAP packets from the client to an authent[...]

Page 245

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-15 201-10301-02, May 20 05 T emporal Key Integrity Protocol (TKIP) WP A uses TKIP to provide important data encr yption en hancements including a per -packet key mixing function, a message integrity check (M IC) named Michael , an[...]

Page 246

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-16 Wirele ss Network ing Basi cs 201-10301-02, May 2005 Is WP A Perfect? WP A is not without its vulnerabiliti es. Specifically , it is susceptible to denial of service (DoS) attacks. If the access point receives two da ta pa ckets that fail the mes sag e in[...]

Page 247

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Wireless Networking Basics E-17 201-10301-02, May 20 05 Changes to Wireless Access Point s W irele ss access points must have their firm ware upda ted to support the following: • The new WP A information element T o advertise their support of WP A, wireless[...]

Page 248

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 E-18 Wirele ss Network ing Basi cs 201-10301-02, May 2005 Microsoft has worked with many wireless vend ors to embed the WP A fi rmware update in the wireless adapter driver . So, to update yo ur Microsoft W indows wireless client, all you have to do is obtain [...]

Page 249

Virtual Private Networking F-1 201-10301-02, May 20 05 Appendix F V irtual Private Networking There have been many improvements in the Internet, includin g Quality of S ervice, network performance, and inexpensive technologies, such as DSL. But one of the most important advances has been in V irtual Private Networking (VPN) Inte rnet Protocol secur[...]

Page 250

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 F-2 Virtual Private Networking 201-10301-02, May 2005 • Remote Access: Remote access enables telecommuters and mobile workers to access e-ma il and business applications. A dia l-up connection to an organization’ s modem pool is one method of access for re[...]

Page 251

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking F-3 201-10301-02, May 20 05 • Encapsulating Security Payload (ESP) : Provides confidentiality , authentication, and integrity . • Authentication Header (AH) : Provides authentication and integrity . • Internet Key Exchange (IK[...]

Page 252

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 F-4 Virtual Private Networking 201-10301-02, May 2005 The ESP header is inserted into the packet betw een the IP header and any subsequent packet contents. However , because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header , n[...]

Page 253

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking F-5 201-10301-02, May 20 05 Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunne l mode or tran sport mode. T ypically , the tunnel mode is used for gate[...]

Page 254

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 F-6 Virtual Private Networking 201-10301-02, May 2005 Key Management IPSec uses the Internet Key Exchange (IKE) protoc ol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sende[...]

Page 255

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking F-7 201-10301-02, May 20 05 VPN Process Overview Even though IPSec is standards-based, e ach vendo r has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to revie[...]

Page 256

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 F-8 Virtual Private Networking 201-10301-02, May 2005 It will also be importan t to kn ow the su bnet mask of both gateway LAN Connections. Firewalls It is important to understand tha t many gateways are also firewalls. VPN tunn els c annot function properly i[...]

Page 257

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking F-9 201-10301-02, May 20 05 Figure F-5: VPN T unnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This comm unication is often referred to as [...]

Page 258

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 F-10 Virtual Private Networking 201-10301-02, May 2005 2. IKE Phase I. a. The two parties negotiate the en cryption and au thentication algorithms to use in the IKE SAs. b. The two parties authenticate each other us ing a predetermined mechanism, such as presh[...]

Page 259

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Virtual Private Networking F-11 201-10301-02, May 20 05 VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: •T r i p l e D E S • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying • SA lifetim[...]

Page 260

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 F-12 Virtual Private Networking 201-10301-02, May 2005 • [RFC 791] Internet Pr otocol DARP A Internet Pr ogram Pr otocol Specification , Information Sciences Institute, US C, September 1981. • [RFC 1058] Routing Information Pr otocol , C Hedrick, Rutgers U[...]

Page 261

NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 G-1 201-10301-02, May 20 05 Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG1 14P v2 This appendix provides a case study on how to configure a secure IPSec VPN tunnel between a NETGEAR FVS318 or FVM318 to a FWG1 14P v2. The configuratio n options and screens for the FVS318 and FVM[...]

Page 262

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 G-2 NETGEAR VPN Configuration FV S318 or FVM318 to FWG114P v2 201-10301-02, May 2005 Figure G-1: Addressing and Subne t Used for Examples S tep-By-Step Configuration of FVS318 or FVM318 Gateway A 1. Log in to the FVS318 or FVM318 la beled Gateway A as in the i[...]

Page 263

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 G-3 201-10301-02, May 20 05 2. Click the VPN Settings link on the left side of the Settings management GUI. Click the radio button of the first available VPN leg (all 8 links are available in the exampl[...]

Page 264

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 G-4 NETGEAR VPN Configuration FV S318 or FVM318 to FWG114P v2 201-10301-02, May 2005 – Choose a subnet from local address from the “T unnel ca n access” pull-down menu. – T ype the starting LAN IP Address of Gateway B ( 172.23.9.1 in our example) in th[...]

Page 265

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 G-5 201-10301-02, May 20 05 S tep-By-Step Configuratio n of FWG1 14P Gateway B 1. Log in to the NETGEAR FVS328 labe led Gateway B as in the illustration. Out of the box, the FVS328 is se t for its defau[...]

Page 266

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 G-6 NETGEAR VPN Configuration FV S318 or FVM318 to FWG114P v2 201-10301-02, May 2005 Figure G-6: NETGEAR FVS328 IKE Policy Configuration – Part 2 – From the Encryption Al go rithm drop-down bo x, sele ct 3DES. – From the Authentication Algorith m drop-do[...]

Page 267

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 G-7 201-10301-02, May 20 05 Figure G-8: NETGEAR FVS328 VPN – Auto Policy (p art 1) – Enter a unique name to identify this policy . This name is not supplied to the remote VPN endpoint. In ou r exa m[...]

Page 268

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 G-8 NETGEAR VPN Configuration FV S318 or FVM318 to FWG114P v2 201-10301-02, May 2005 – T ype the LAN Subnet Mask of Gateway B ( 255.255.25 5.0 in our example) in the Local IP Subnet Mask field. Figure G-9: NETGEAR FWG1 14P v2 VPN – Auto Policy (par t 2) ?[...]

Page 269

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 G-9 201-10301-02, May 20 05 Figure G-10: NETGEAR FWG1 14P v2 VPN Policies Menu (Post Configurat ion) 6. When the sc reen returns to the VPN Policies , make sure the Enable check box is selected. Click t[...]

Page 270

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 G-10 NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 201-10301-02, May 2005[...]

Page 271

NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 H-1 201-10301-02, May 20 05 Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 This appendix provides a case study on how to configure a VPN tunnel between a NETGEAR FVS318 or FVM318 to a FWG1 14P v2 using a Fu lly Qualified Domain Name (FQDN) to resolve the publi[...]

Page 272

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 H-2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 201-10301-02, May 2005 Figure H-1: Addressing and Subnet Used for Examples Using DDNS and Fully Qualif ied Domain Names (FQDN) Many ISPs (Internet Service Pr oviders) provide connectivity to th[...]

Page 273

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 H-3 201-10301-02, May 20 05 DynDNS service. Gateway B w ill use the DDNS Service Provider when establishing a VPN tunnel. In order to establish VPN conn ectivity Gateway A must be conf igured to u[...]

Page 274

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 H-4 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 201-10301-02, May 2005 4. Select the Use a dynamic DNS service radio button for the servic e you are using. In this example we are using www .DynDNS .org as the service provider . – T ype the[...]

Page 275

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 H-5 201-10301-02, May 20 05 Figure H-4: NETGEAR FVS318 VPN Settings (p art 1) – Main Mode – In the Connection Name box, enter in a unique nam e for the VPN tunnel to be configured between the [...]

Page 276

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 H-6 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 201-10301-02, May 2005 – T ype the finishing LAN IP Addres s of Gateway B ( 0.0.0.0 in our example) in the Local IP Remote LAN Finish IP Address field. – T ype the LAN Subnet Mask of Gatewa[...]

Page 277

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 H-7 201-10301-02, May 20 05 S tep-By-Step Configurat ion of FVS328 Gateway B 1. Log in to the NETGEAR FVS328, labeled Gateway B in the illustration. Out of the box, the FVS328 is se t for its defa[...]

Page 278

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 H-8 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 201-10301-02, May 2005 Figure H-7: NETGEAR FVS328 IKE Policy Configuration – Part 2 – From the Encryption Al go rithm drop-down bo x, sele ct 3DES. – From the Authentication Algorith m dr[...]

Page 279

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 H-9 201-10301-02, May 20 05 Figure H-9: NETGEAR FVS328 VPN – Auto Policy (p art 1) – Enter a unique name to identify this policy . This name is not supplied to the remote VPN endpoint. In our [...]

Page 280

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 H-10 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 201-10301-02, May 2005 Figure H-10: NETGEAR FVS328 VPN – Auto Po licy (p art 2) – From the T raffic Selector Remote IP drop-down box, select Subnet address. – T ype the starting LAN IP A[...]

Page 281

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 H-1 1 201-10301-02, May 20 05 Figure H-1 1: NETGEAR FVS328 VPN Policies Menu (Post Configuration) 6. When the sc reen return s to the VPN Policies, make sure the Enable check box is selected. Clic[...]

Page 282

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 H-12 NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 201-10301-02, May 2005[...]

Page 283

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -1 201-10301-02, May 20 05 Glossary Use the list below to find definitions for technical terms used in this manual. 802.1 1 S t andard 802.1 1, or IEEE 802.1 1, is a type of radio technology used for wireless local area networks (WLANs). It is a stan[...]

Page 284

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -2 Glossary 201-10301-02, May 2005 802.1 1e Standard 802.1 1e is a proposed IEEE standard to define quality of service (QoS) mechanis ms for wireless gear that gives support to bandwidth-sen sitiv e applications such as voice and video. 802.1 1g Standard Simil[...]

Page 285

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -3 201-10301-02, May 20 05 A bridge connects devices that all use the same kind of pro tocol. A router can connect networks that use differing protocols. It also reads th e addresses included in the packets and routes them to the appropriate computer[...]

Page 286

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -4 Glossary 201-10301-02, May 2005 ISA bus W i-Fi radi os. Client devices usually co mmunicate with hub devi ces li ke access points and gateways. Collision av oidance A network node characteristic for pr oactively detecting that it can transm it a si gnal wit[...]

Page 287

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -5 201-10301-02, May 20 05 DNS (Domai n Name Sy stem) A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers. The prog ram w ork s behind the scenes to facilitate su rfing the W eb with a[...]

Page 288

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -6 Glossary 201-10301-02, May 2005 Gateway In the wireless world, a gateway is an access point wi th additional software capab ilities such as providing NA T and DHCP . Gateways may also pro vide VPN support, roaming, firewalls, various levels of security , et[...]

Page 289

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -7 201-10301-02, May 20 05 IP (Internet Protocol) address A 32-bit number that identifies each se nder or receiver of information that is sent across the Internet. An IP address has two parts: an identifier of a particular netw ork on the Internet an[...]

Page 290

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -8 Glossary 201-10301-02, May 2005 In a wireless mesh example, each of the spheres be low represent a mesh router . Corporate servers and printers may be shared by attach ing to each mesh router . For wirele ss access to the mesh, an access point must be attac[...]

Page 291

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -9 201-10301-02, May 20 05 PHY defines parameters such as data rates, modula tion method, signaling para meters, transmitter/receiver synchronization, etc. W ithin an actual radio i mplementa tion, the PH Y corresponds to the radio fro nt end and bas[...]

Page 292

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -10 Glossary 201-10301-02, May 2005 Satellite broadb and A wireless high-speed Internet connection provided by satellit es. Som e sat e lli te broadband connections are two-way—up and down. Others are one-way , wit h the satell ite providing a high-speed dow[...]

Page 293

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -11 201-10301-02, May 20 05 For example, when a web page is downloaded fro m a web server, the TCP program layer in that server divides the file into packets, numb ers the packet s, and th en forwards them individually to th e IP program layer . Alth[...]

Page 294

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -12 Glossary 201-10301-02, May 2005 node equipped with WEP . W archalkers also draw identi fiers above the symbols to indicate the password that can be used to access the node, which can eas ily be obtained with snif fer software. As a recent development, the [...]

Page 295

Reference Manual for the ProS afe Wireless 802. 11g Firewall/Print Server Model FWG114P v2 Glossary -13 201-10301-02, May 20 05 with the benefit of easier administration and use. This is similar to 802.1x support and requires a RADIUS server in order to implement. The W i-Fi Alliance will call this, 'WP A-Enterprise.' One variation of WP [...]

Page 296

Reference Manual for the ProSafe Wireless 802.11g Firewall/Prin t Server Model FWG114P v2 -14 Glossary 201-10301-02, May 2005 Wi-Fi Protected Access in "Mixed Mode" Deployment In a large network with many clients, a likely scenario is that access points will be upgraded before all the W i-Fi clients. Some access points may operate in a &q[...]

NETGEAR FWG114P v2 manual

Similar user manuals

Printer

NETGEAR PS111W

Printer

NETGEAR FWG114P v2

Printer

NETGEAR PS121

Printer

NETGEAR PS121v2

A good user manual

What is an instruction?

What should a perfect user manual contain?

Why don't we read the manuals?

Why one should read the manuals?

Table of contents for the manual

Page 1

Page 2

Page 3

Page 4

Page 5

Page 6

Page 7

Page 8

Page 9

Page 10

Page 11

Page 12

Page 13

Page 14

Page 15

Page 16

Page 17

Page 18

Page 19

Page 20

Page 21

Page 22

Page 23

Page 24

Page 25

Page 26

Page 27

Page 28

Page 29

Page 30

Page 31

Page 32

Page 33

Page 34

Page 35

Page 36

Page 37

Page 38

Page 39

Page 40

Page 41

Page 42

Page 43

Page 44

Page 45

Page 46

Page 47

Page 48

Page 49

Page 50

Page 51

Page 52

Page 53

Page 54

Page 55

Page 56

Page 57

Page 58

Page 59

Page 60

Page 61

Page 62

Page 63

Page 64