Quick Reference Guide

ManualsBrandsNetgear ManualsModemsNetgear FV318

SM-FR314NA-3

January 2002

NETGEAR,Inc.

4500 Great America Parkway

Santa Clara, CA 95054 USA

Phone 1-888-NETGEAR

Reference Guide for the

Model FR314, FR318 and

FV318 Cable/DSL Firewall

and VPN Routers

Summary of content (159 pages)

PAGE 1
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers NETGEAR, Inc.
PAGE 2
© 2001 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR is a trademark of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
PAGE 3
Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
PAGE 4
iv
PAGE 5
Contents About This Guide Typographical Conventions ............................................................................................. xv Special Message Formats ...............................................................................................xvi Technical Support ............................................................................................................xvi Related Publications ........................................................................................
PAGE 6
Chapter 3 Preparing Your Network Preparing Your Personal Computers for IP Networking .................................................3-1 Configuring Windows 95 or later for IP Networking ........................................................3-2 Configuring TCP/IP Properties .................................................................................3-4 Verifying TCP/IP Properties (Windows) ...................................................................
PAGE 7
Restrict Web Features .............................................................................................6-3 Use Filter List (Web/News/FTP/Gopher) .................................................................6-3 Time of Day ..............................................................................................................6-4 Bypassing the Filter ........................................................................................................
PAGE 8
Chapter 9 DHCP Server Configuration DHCP Server Overview ..................................................................................................9-1 Configuring the DHCP Server ........................................................................................9-2 General Setup ..........................................................................................................9-3 WINS ........................................................................................................
PAGE 9
Importing the Settings File .............................................................................. 11-3 Restoring Factory Default Settings ....................................................................... 11-3 Launch the Setup Wizard ....................................................................................... 11-4 Updating Firmware ...................................................................................................... 11-5 Uploading New Firmware ......................
PAGE 10
Subnet Addressing .................................................................................................. B-5 Private IP Addresses ............................................................................................... B-7 Single IP Address Operation Using NAT ................................................................. B-8 MAC Addresses and Address Resolution Protocol ................................................. B-9 Domain Name Server ...........................................
PAGE 11
Figures Figure 2-1. FR314 Front Panel ...................................................................................2-3 Figure 2-2. FR314 Rear Panel ...................................................................................2-4 Figure 4-1. Web Manager Login Window ...................................................................4-2 Figure 4-2. Setup Wizard, Password Window ............................................................4-2 Figure 4-3. Setup Wizard, Time Zone Window ....
PAGE 12
xii Figures
PAGE 13
Tables Table 2-1. LED Descriptions .....................................................................................2-3 Table 6-1. Content Filter List Categories ..................................................................6-4 Table 8-1. Content Filter List Categories ..................................................................8-3 Table B-1. Netmask Notation Translation Table for One Octet ................................. B-6 Table B-2. Netmask Formats .............................
PAGE 14
xiv Tables
PAGE 15
About This Guide Congratulations on your purchase of the NETGEAR™ Model FR314, FR318 or FV318 Cable/DSL Firewall Router. The firewall router is a complete security solution that protects your network from attacks and intrusions, filters objectionable Web content, and logs security threats. This guide describes the features of the firewall router and provides installation and configuration instructions.
PAGE 16
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest. Caution: This format is used to highlight information that will help you prevent equipment failure or loss of data. Warning: This format is used to highlight information about the possibility of injury or equipment damage.
PAGE 17
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space. For more information about IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
PAGE 18
PAGE 19
Chapter 1 Introduction This chapter describes the features of the NETGEAR Model FR314, FR318 and FV318 Cable/ DSL Firewall and VPN Routers. About the Netgear Firewall/VPN Router The Model FR314, FR318 or FV318 Cable/DSL Firewall Router is a complete security solution that protects your network from attacks and intrusions. The firewall router prevents theft, destruction, and malicious tampering, filters objectionable Web content, and logs security threats.
PAGE 20
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Key Features The Netgear Firewall/VPN Router offers the following features. A Powerful, True Firewall Unlike simple Internet sharing routers, the Netgear Firewall/VPN Router is a true firewall, using stateful packet inspection to defend against hacker attacks, and lets you define rules for Internet access and content viewing.
PAGE 21
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Content filtering by subscription The Netgear Firewall/VPN Router uses content filtering to enforce your network’s Internet access policies. You can use the Content Filter List to block Web sites by category, such as pornography or racial intolerance.
PAGE 22
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • IP address masquerading by dynamic NAT+ The firewall router allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, an extension of Network Address Translation (NAT), is also known as IP address masquerading and allows the use of an inexpensive single-user ISP account.
PAGE 23
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Flash EPROM for firmware upgrade • Five-year warranty, two years on power adapter • Free technical support seven days a week, twenty-four hours a day Introduction 1-5
PAGE 24
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 1-6 Introduction
PAGE 25
Chapter 2 Setting Up the Hardware This chapter describes the Netgear Firewall/VPN Router hardware and provides instructions for installing it.
PAGE 26
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Local Network Hardware Requirements The Netgear Firewall/VPN Router is intended for use in a network of personal computers (PCs) that are interconnected by twisted-pair Ethernet cables. PC Requirements To install and run the firewall router over your network of PCs, each PC must have the following: • An installed Ethernet Network Interface Card (NIC). • A connection to the network via a hub or switch.
PAGE 27
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Firewall Router’s Front Panel The front panel of the Model FR314, FR318 or FV318 firewall router (Figure 2-1) contains status LEDs. Figure 2-1. FR314 Front Panel You can use some of the LEDs to verify connections. Table 2-1 lists and describes each LED on the front panel of the firewall router. These LEDs are green when lit, except for the TEST LED, which is amber. Table 2-1.
PAGE 28
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Firewall Router’s Rear Panel The rear panel of the FR314 is shown in Figure 2-2. The FR318 and FV318 differ only in the number of ports and the absence of an Uplink switch. Refer to this diagram to identify the firewall router ports before attempting to make any connections. Figure 2-2.
PAGE 29
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Connecting to Your Local Ethernet Network Your local network attaches to the firewall router ports that are marked LOCAL. The LOCAL ports of the firewall router are capable of operation at either 10 Mbps (10BASE-T) or 100 Mbps (100BASE-TX), depending on the Ethernet interface of the attached PC, hub, or switch.
PAGE 30
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Connecting to Your Internet Access Device To connect the firewall router to the Internet (or WAN): 1. Connect the firewall router’s INTERNET port to the 10BASE-T Ethernet port on your existing Internet access device (your cable modem or DSL modem). Note: The attached modem device must provide a standard 10BASE-T Ethernet connection. The firewall router does not include a cable for this connection.
PAGE 31
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If a LINK/ACT LED is lit, a link has been established to the connected device. 4. If any LOCAL port is connected to a 100 Mbps device, verify that the 100 LED for that port is lit. The firewall router is now properly attached to the network. Next, you need to prepare your network to access the Internet through the firewall router. See the following chapter.
PAGE 32
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 2-8 Setting Up the Hardware
PAGE 33
Chapter 3 Preparing Your Network This chapter describes how to prepare your PC network to connect to the Internet through the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers and how to order broadband Internet service from an Internet service provider (ISP). Preparing Your Personal Computers for IP Networking The Netgear Firewall/VPN Router uses the Transmission Control Protocol/Internet Protocol (TCP/ IP).
PAGE 34
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Follow the instructions provided with your operating system or networking software to install TCP/IP on your computer. Although TCP/IP is built into the Windows operating system (starting with Windows 95), you need to enable and configure it as described in “Configuring Windows 95 or later for IP Networking” on page 3-2. To configure the Macintosh, see “Configuring the Macintosh for IP Networking on page 3-5.
PAGE 35
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks. If you need the adapter: a. Click the Add button. b. Select Adapter, and then click Add. c.
PAGE 36
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers d. Select TCP/IP, and then click OK. If you need Client for Microsoft Networks: 3. a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect.
PAGE 37
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To check your PC’s TCP/IP configuration: 1. On the Windows taskbar, click the Start button, and then click Run. The Run window opens. 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. Select your Ethernet adapter.
PAGE 38
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The TCP/IP Control Panel opens: 2. From the “Connect via” box, select your Macintosh’s Ethernet interface. 3. From the “Configure” box, select Using DHCP Server. You can leave the DHCP Client ID box empty. 4. Close the TCP/IP Control Panel. 5. Repeat this for each Macintosh on your network.
PAGE 39
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP Address is between 192.168.0.2 and 192.168.0.9 • The Subnet mask is 255.255.255.0 • The Router address is 192.168.0.
PAGE 40
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Login Protocols Some ISPs require a special login protocol, such as PPP over Ethernet (PPPoE). If your ISP requires one, you need a login name and password, and you also need to select PPPoE when you configure the firewall router. After your network and firewall router are configured, the firewall router performs the login task when needed, and you will no longer need to log in from your PC.
PAGE 41
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Network window opens, which displays a list of installed components. 3. Select TCP/IP, and then click Properties. The TCP/IP Properties dialog box opens. 4. Select the IP Address tab. If an IP address and subnet mask are shown, write down the information. If an address is present, your account uses a fixed (static) IP address. If no address is present, your account uses a dynamically-assigned IP address.
PAGE 42
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 4. If any Name Server addresses are shown, write down the addresses. These are your ISP’s DNS addresses. 5. If any information appears in the Search domains information box, write it down. 6. Change the “Configure” setting to “Using DHCP Server”. 7. Close the TCP/IP Control Panel.
PAGE 43
Chapter 4 Initial Configuration of the Firewall Router This chapter describes how to perform the initial configuration of your Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers using the Setup Wizard, which walks you through the configuration process. The Setup Wizard should result in a working and secure configuration, but you will need to use the main menus to download the Content Filter List and set any other desired firewall rules. These procedures are described in subsequent chapters.
PAGE 44
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 4-1. 5. Web Manager Login Window Type admin in the User Name box, password in the Password box, and then click OK. If your firewall router password was previously changed, enter the current password. 6. If the Setup Wizard does not automatically launch when the Web Management Interface appears, select Setup Wizard from the navigation bar on the left. 7.
PAGE 45
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 8. • Choose a password that cannot be easily guessed. First enter the old password, and then enter the new password twice. If you do not enter the new password exactly the same in both New Password boxes, the operation fails.
PAGE 46
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 10. Click Next. The firewall router attempts to automatically determine your network addressing mode. If it cannot automatically determine the mode, the Connecting to the Internet window opens. Figure 4-4. Setup Wizard, Connecting to the Internet Window If this window appears, you must manually select your addressing mode.
PAGE 47
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 11. If your ISP account uses a PPP over Ethernet (PPPoE) login procedure, you are prompted to enter your account’s Login Name and Password in the PPPoE window: Figure 4-5. Setup Wizard, PPPoE Window Enter the user name and password provided by your ISP for your Internet account. These entries are case sensitive. This password is for logging into your ISP account.
PAGE 48
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 12. If your ISP account does not dynamically assign a network address, you are prompted to enter your static (fixed) address information in the next window. Figure 4-6. Setup Wizard, Static Address Window Enter the following information for each option: 4-6 • WAN IP Address and Subnet Mask Enter the IP Address and Subnet Mask assigned to your account by your ISP.
PAGE 49
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 13. Click Next. The ISP Settings window opens: Figure 4-7. Setup Wizard, ISP Settings Window Enter your account’s Host Name and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers. If you leave the Domain Name field blank, the router will attempt to automatically obtain the domain name from the ISP.
PAGE 50
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 14. Click Next.The final Setup Wizard window opens: Figure 4-8. Setup Wizard, Final Window 15. Reboot your firewall router in order for the configuration to take effect, and then reboot any attached PCs. Your PCs should now have secure Internet access. You can test this by browsing to any Internet location, such as NETGEAR’s Web site at www.NETGEAR.com.
PAGE 51
Chapter 5 General Configuration This chapter describes how to interpret current status information and how to configure the Model FR314, FR318 and FV318 firewall routers' network settings, which include the firewall router's IP addressing method and settings. If you need to configure the firewall’s more advanced features, see Chapter 6, “Content Filtering,” and Chapter 7, “Network Access Rules.
PAGE 52
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Status To view the firewall router's status information, click General from the navigation bar on the left, and then click the Status subtopic. The Status window opens as shown in Figure 5-1 below: Figure 5-1. General Status Window The Status window provides information on the current operating conditions of the router. Please view this window periodically for helpful status information.
PAGE 53
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Network Settings This section describes how to configure the firewall router's IP address information. To configure the firewall router's network settings, click General from the navigation bar on the left, and then click the Network subtopic. The Network Settings window opens as shown as shown in Figure 5-2 below: Figure 5-2.
PAGE 54
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Network Addressing Mode You can use the Network Addressing Mode menu to configure how the firewall router determines its network address and accesses the network. This section describes each option; for configuration procedures for each option, see “Selecting and Configuring a Network Addressing Mode,” starting on page 5-7.
PAGE 55
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The LAN Subnet Mask defines the range of IP addresses that are on the LAN. The default Class C subnet mask of 255.255.255.0 supports up to 254 IP addresses on the LAN. If the Class C subnet mask is used, all local area network addresses should contain the same first three numbers as the firewall router’s LAN IP Address (for example, 192.168.0).
PAGE 56
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers DNS Servers, or Domain Name Servers, resolve descriptive names of network resources (such as www.NETGEAR.com) to numeric IP addresses. One or more DNS Server addresses should be assigned by your ISP for your use. DNS Server addresses are assigned automatically when Dynamic Addressing or PPPoE is selected as your addressing mode.
PAGE 57
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If your ISP requires a user name and password to connect (using a PPPoE client like EnterNet or WinPOET, for example) then you may find it necessary or beneficial to set your MTU to a lower value than the standard 1500. You should try 1492, 1452, or 1404 (subtracting 8, 48, or 96), working from higher to lower to see which results in a higher speed connection.
PAGE 58
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You can enter a number from 1 to 99 minutes. 7. Click Update. Once the firewall router has been updated, a message confirming the update is shown at the bottom of the browser window. 8. Click Restart for these changes to take effect. The restart may take up to 90 seconds, during which time the firewall router is inaccessible and all network traffic through the firewall router is halted.
PAGE 59
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 1. From the Network Addressing Mode window, select NAT with Fixed Addressing. 2. NETGEAR recommends that you leave the NETGEAR Firewall LAN IP Address field and the LAN Subnet Mask field at their default values of 192.168.0.1 and 255.255.255.0, respectively. 3. In the NETGEAR Firewall WAN IP (NAT Public) Address box, type the single valid IP address assigned by your ISP.
PAGE 60
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 2. In the NETGEAR Firewall LAN IP Address box, type a unique, valid IP address from your LAN address range. The firewall router LAN IP Address is the address assigned to the firewall router's LAN port and is used for management of the firewall router. 3. In the LAN Subnet Mask box, type your network's subnet mask. The LAN Subnet Mask notifies your firewall router which IP addresses are on your LAN.
PAGE 61
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For more information about NAT, DNS, DHCP, and other networking concepts, refer to Appendix B, “Networks, Routing, and Firewall Basics.
PAGE 62
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 5-12 General Configuration
PAGE 63
Chapter 6 Content Filtering This chapter describes how to use the the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers’ content filtering features. With these features, you can prevent objectional content from reaching the PCs on your LAN. You can block access to Web sites by category, domain name, or keyword. Categories To configure content filtering and blocking options by category, click Filter from the navigation bar on the left, and then click on the Categories subtopic.
PAGE 64
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 6-1.
PAGE 65
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Each category and its options are described in the sections that follow. Restrict Web Features You can restrict access to the following Web features: • ActiveX ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers use ActiveX to delete files or compromise security. Select the ActiveX check box to block ActiveX controls.
PAGE 66
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers When you register the firewall router at , you may download a one-month subscription to Content Filter List updates. The following is a list of the Content Filter List categories: Table 6-1.
PAGE 67
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Bypassing the Filter You may allow a trusted user to bypass the content filtering and have access to sites that would otherwise be blocked by the router. This can be done by defining a user name and password in the Filter Bypass section of the Filter Categories menu. To set up filter bypassing: 1. Go to the Filter Categories menu. 2.
PAGE 68
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To configure Content Filter List updates, click one of the following options: • Download Now Immediately downloads and installs a new Content Filter List. This process may take several minutes and requires a current subscription to Content Filter List updates. Downloading the Content Filter List interrupts Internet access, so NETGEAR recommends that you download new lists when Internet access is at a minimum.
PAGE 69
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Customizing the Filter List To customize the Content Filter List, click Filter from the navigation bar on the left, and then click the Customize subtopic. The Filter Customize window opens as shown in Figure 6-2 below: Figure 6-2.
PAGE 70
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Trusted Domains To allow access to a Web site that is blocked by the Content Filter List, enter the host name, such as "www.ok-site.com", into the Trusted Domains boxes. Do not include the prefix "http:/ /". All subdomains are allowed. For example, entering "yahoo.com" will allow "mail.yahoo.com" and "my.yahoo.com". Up to 256 entries are supported in the Trusted Domains list.
PAGE 71
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Partial Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia. (Excludes all swimsuits, including thongs.) Full Nudity Pictures exposing any or all portions of the human genitalia. Excluded from the Partial Nudity and Full Nudity categories are sites containing nudity or partial nudity of a wholesome nature.
PAGE 72
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Drugs/Drug Culture Pictures or text advocating the illegal use of drugs for entertainment. Includes substances used for other than their primary purpose to alter the individual's state of mind, such as glue sniffing. This excludes currently illegal drugs legally prescribed for medicinal purposes (for example, drugs used to treat glaucoma or cancer).
PAGE 73
Chapter 7 Network Access Rules This chapter describes the Model FR314, FR318 or FV318 Cable/DSL Firewall Router’s Network Access Rules. Network Access Rules include inbound and outbound access policy, user authentication and remote management.
PAGE 74
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Services To configure inbound and outbound access policies by service, click Firewall from the navigation bar on the left, then Access, and then Services. The Network Access Rules window opens as shown in Figure 7-1 below: Figure 7-1. Network Access Rules Window Note: The LAN In column is not displayed if NAT is enabled.
PAGE 75
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Services window allows you to customize Network Access Rules by service. The Default rule, at the bottom of the table, encompasses all Services. Network Access Rules Options This section describes the options you can configure in the Network Access Rules window. For procedural information, also see “Creating a Public LAN Server (Port Forwarding)” on page 7-4 and “Adding a Service” on page 7-5.
PAGE 76
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Creating a Public LAN Server (Port Forwarding) A Public LAN Server is a server on your LAN that is accessible to users on the Internet. Creating a Public LAN Server in the Services window is the easiest way to set up a mail server, Web server, or other public server, on your LAN. To create a Public LAN Server: 1. Determine what type of service your server uses, such as FTP, Web, or Mail.
PAGE 77
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • If users on the Internet cannot access Public LAN Servers, make sure that the Public LAN Servers are properly configured and have Internet connectivity. If you are trying to access the servers by name rather than by IP address, confirm that the DNS mx-record points to the correct IP address: the WAN IP (NAT Public) Address, if NAT is enabled.
PAGE 78
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Two numbers appear in brackets next to each service. The first number indicates the service's IP port number. The second number indicates the IP protocol type (6 for TCP, 17 for UDP, or 1 for ICMP). Note: You may notice multiple entries with the same name. For example, the default configuration has two entries labeled "Name Service (DNS)"--for UDP port 53 and TCP port 53.
PAGE 79
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Note: If multiple entries with the same name are created, they are grouped together as a single service and may not function as expected. Disabling Logging You can disable logging of events in the Event Log. For example, if LINUX's authentication messages are filling up your log, you may disable logging of LINUX authentication. To disable logging: 1.
PAGE 80
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Stealth mode may cause problems with some applications, such as sending email. If your ISP's mail server runs on UNIX or Linux (common for large ISPs), that mail server will attempt to send you traffic whenever you try to send mail to it. That traffic is called authentication (or Identd) and it uses TCP port 113.
PAGE 81
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers When the number of IP addresses allowed by your node license is exceeded, the General Status menu will display the message: “License exceeded: too many IP addresses are in use on your LAN.” Excluding Devices from Node License Count If you have devices on your network that do not need Internet access, such as print servers or file servers, you should exclude them from counting toward your node license.
PAGE 82
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 7-10 Network Access Rules
PAGE 83
Chapter 8 Logging and Alerting This chapter describes the Model FR314, FR318 or FV318 firewall router’s logging, alerting and reporting features. Viewing the Log The firewall router maintains an event log that lists potential security threats. You can view this log from the Web Management Interface or you can specify that the log is automatically sent to an e-mail address for convenience and archiving.
PAGE 84
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To view the log, click Firewall from the navigation bar at the left and then click the Log subtopic and then the View Log subtopic. The View Log window opens. Figure 8-1. View Log Window The log is displayed in a table. Each log entry contains the date and time of the event and a brief message describing the event. Some log entries contain additional information such as IP addresses, port numbers, or notes.
PAGE 85
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • TCP, UDP, or ICMP packets dropped When IP packets are blocked by the firewall router, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log messages usually include the name of the service in quotation marks.
PAGE 86
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the PC under attack and the source of the attack are displayed. In many attacks, the source address shown is forged and does not reflect the real source of the attack. Note: Varying conditions can produce symptoms that appear as an attack, even when no one is deliberately attacking the LAN.
PAGE 87
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Log Settings options are grouped as follows: • • • Sending the Log These options specify where logs and alerts are sent, and are described on page 8-5. Automation These options specify how often logs are sent to the specified e-mail address, and are described on page 8-5. Categories These options specify what types of messages appear in the log, and are described on page 8-6.
PAGE 88
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Send Log Specifies how often to send the logs: Daily, Weekly, or When Full. • Every Specifies which day of the week to send the log. Relevant when the log is sent weekly or daily. • At Specifies the time of day to send the log. Relevant when the log is sent daily. If the Weekly or Daily option is selected and the log fills up, the log is automatically e-mailed to the specified e-mail address.
PAGE 89
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Dropped UDP When enabled, log messages showing blocked incoming UDP packets are displayed. • Dropped ICMP When enabled, log messages showing blocked incoming ICMP packets are displayed. • Denied LAN IP When enabled, log messages showing denied LAN IP addresses are displayed. By default, all messages are shown except Denied LAN IP messages.
PAGE 90
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 8-3. Log Reports Window In this window, you can configure how data is collected and view available reports. The Log Report options are grouped as follows: • • Data Collection View Data These options are described in the following sections. Data Collection The Data Collection options are: • Start Data Collection Click the Start Data Collection button to begin log analysis.
PAGE 91
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers View Data You can select which report to view in the “Report to view” list box. The available reports are: • Web Site Hits Lists the URLs for the 25 most frequently accessed Web sites and the number of hits to that site during the current sample period. You can use this report to help ensure that, for the most part, users are accessing appropriate Web sites.
PAGE 92
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 8-10 Logging and Alerting
PAGE 93
Chapter 9 DHCP Server Configuration This chapter describes how to configure the Model FR314, FR318 or FV318 Cable/DSL Firewall Router’s DHCP server. DHCP Server Overview DHCP, or Dynamic Host Configuration Protocol, is a method for distributing TCP/IP settings from a centralized server to the computers on a network. The firewall router’s DHCP server distributes IP addresses, gateway addresses, DNS server addresses, and other IP configuration information to the computers on your LAN.
PAGE 94
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Configuring the DHCP Server To modify the configuration of the DHCP server, click General from the navigation bar on the left, and then click the DHCP subtopic. The DHCP Server Configuration window opens. Figure 9-1.
PAGE 95
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • WINS Setup • Dynamic Ranges • Static Entries • Current DHCP Leases All options are described in the sections that follow. General Setup The General Setup options are: • Enable DHCP Server By default, the firewall router’s DHCP server is enabled. To disable the DHCP server, clear this check box. • Client Default Gateway In most cases, the firewall router is the only or primary router on a local network.
PAGE 96
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers WINS WINS, or Windows Internet Naming Service, is a server process for resolving Windows-based computer names to IP addresses. If a remote network contains a WINS server, your Windows PCs can gather information from that WINS server about its local hosts. This allows your PCs to browse that remote network using Network Neighborhood.
PAGE 97
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 3. Click Update. When the firewall router is updated, a message confirming the update is displayed at the bottom of the window. 4. Continue this process until you have added all the necessary static entries. To remove a static address: 1. Select the address from the list of static entries. 2. Click Delete Static.
PAGE 98
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 9-6 DHCP Server Configuration
PAGE 99
Chapter 10 Virtual Private Networking This chapter describes how to use the the virtual private networking (VPN) features of the FR318 and FV318. A VPN provides secure, encrypted communication between your local network and a remote network. Note: In order to perform the VPN function, the FR318 must be upgraded by purchasing the VPN Upgrade Option. The FV318 does not require an upgrade. The FR314 does not support VPN.
PAGE 100
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The tunnel endpoint device, which encodes or decodes the data, can either be a PC running VPN client software or a VPN-enabled router or server. Several software standards exist for VPN data encapsulation and encryption, such as PPTP and IPSec. Your Netgear Firewall/VPN Router uses IPSec.
PAGE 101
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers For a PC to act as a tunnel endpoint to your Netgear Firewall/VPN Router, the PC must run a VPN client program based on the IPSec protocol. Netgear recommends that you use the SafeNet Soft-PK (or SoftRemote) VPN client program, which is available from SafeNet (www.safenet-inc.com). Installation and configuration instructions for the SafeNet client program are provided on page 10-8.
PAGE 102
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Figure 10-1. VPN Summary Window If you have an FR318 and have not purchased and installed the VPN Upgrade Option, you will see a screen directing you to purchase and install the option. Under Global Settings: 1. Enter an alphanumeric name for your FR318 or FV318 in the Unique Firewall Identifier field or use the default value, the firewall router’s Ethernet MAC address.
PAGE 103
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The VPN Summary window also displays a list of currently configured security associations, showing the name of the SA, The Destination Network Address and the type of SA that is configured. The two types are Peer Netgear Router (router to router) and VPN Client (client to router).
PAGE 104
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers If you have an FR318 with the VPN Upgrade Option, you can configure one security association. If you have an FV318, you can configure up to five security associations. A security association is configured as follows: 1. In the Security Association pull-down menu, select “Add New SA” to define a new security association, or select the name of an existing security association to modify its configuration. 2.
PAGE 105
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The Shared Secret must be between 8 and 128 characters. For greater security, enter a combination of letters, numbers and symbols, such as "Aa8^Hjj@e$FF#." Letters are case sensitive. 7. Destination Network Address: Enter the network IP address and subnet mask for the remote network to which your VPN will connect. The two endpoint networks must have different LAN IP address ranges.
PAGE 106
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Installing and Configuring the SafeNet VPN Client Netgear recommends and supports the SafeNet Soft-PK (or SoftRemote) Secure VPN Client for Windows, Version 5 or later. The SafeNet VPN Client can be purchased from SafeNet at www.safenet-inc.com. Note: Netgear recommends that you use Windows98 Second Edition or a later release of Windows with this VPN Client software.
PAGE 107
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Open the Security Policy Editor To launch the VPN client, click on the Windows Start button, then select Programs, then SafeNet Soft-PK (or SoftRemote), then Security Policy Editor. The Security Policy Editor window window will appear:. Create a VPN Connection In this step you will need to provide information about the VPN router to which you will be connecting.
PAGE 108
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Edit menu at the top of the Security Policy Editor window, click Add, then Connection. A ”New Connection” listing will appear in the list of policies.. 1. Click and rename the “New Connection” list item to a descriptive name such as “SantaClara” 2. In the Connection Security box on the right side of the Security Policy Editor window, select Secure. 3. In the ID Type menu, select IP Subnet. 4.
PAGE 109
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Configure the Security Policy These settings do not depend on your network information. 1. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the new connection by double clicking its name or clicking on the “+” symbol. My Identity and Security Policy subheadings should appear below the connection name. 2.
PAGE 110
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 6. From the Options menu at the top of the Security Policy Editor window, select Global Policy Settings. 7. Increase the Retransmit Interval (seconds) period to 45. 8. Check the Allow to Specify Internal Network Address checkbox and click OK. Configure the VPN Client Identity In this step, you will provide information about the remote VPN client PC.
PAGE 111
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 1. In the Network Security Policy list on the left side of the Security Policy Editor window, click on My Identity. 2. In the Select Certificate menu, choose None. 3. In the ID Type menu, select Domain Name. 4. In the field below the ID Type menu, enter the name of the Security Association. Note that this field is case sensitive and must exactly match the SA Name entry that you configured in the router. 5.
PAGE 112
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 9. Enter the NETGEAR Firewall's Shared Secret in the Pre-Shared Key field and click OK. Note that this field is case sensitive. Configure VPN Client Authentication Proposal These settings do not depend on your network information. 1. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double clicking its name or clicking on the “+” symbol.
PAGE 113
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Save the VPN Client Settings From the File menu at the top of the Security Policy Editor window, select Save Changes. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router’s LAN. To test this, open your browser and enter the Firewall LAN IP Address of the remote VPN router.
PAGE 114
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • • The remote VPN router has a public IP WAN address of 216.136.206.110. The remote VPN router has a LAN IP address of 192.168.10.1. The Connection Monitor screen for this connection is shown below: While the connection is being established, the Connection Name field in this menu will say “SA” before the name of the connection.
PAGE 115
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers You can also monitor the progress of the connection on the log screen of the remote VPN router, as shown below: When the connection has been successfully established, the log message will say “IKE negotiation complete. Adding IPSec SA. Phase 2 Done.” Accessing Remote Resources across a VPN Only non-broadcast IP traffic will pass over the VPN tunnel.
PAGE 116
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Refer to Windows documentation for information on using Find Computer, LMHOSTS files, and WINS servers.
PAGE 117
Chapter 11 System Maintenance This chapter describes the maintenance and diagnostic tools included with the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers. These tools allow you to save and restore configuration settings, perform diagnostic tests, and upgrade your system software. Restart After making configuration changes or performing other tasks, you may need to restart the firewall router. To restart the firewall router: 1. From the navigation bar on the left, click Maintenance. 2.
PAGE 118
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To configure these options, click Maintenance from the navigation bar on the left, and then click Preferences. The Preferences window opens. Figure 11-1. Preferences Window These options are described in the sections that follow.
PAGE 119
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Overview of Settings Files A settings file contains information about your firewall router’s configuration. NETGEAR highly recommends that you back up your settings file once your firewall router is up and running, and then again whenever you upgrade the firmware.
PAGE 120
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 2. Click Yes to confirm the action. 3. Restart the firewall router for the settings to take effect. Note: The LAN IP Address and LAN Subnet Mask, configured in the Network window in the General section, is not reset. Also, the management password is not reset. Launch the Setup Wizard To launch the Setup Wizard, click the Launch Wizard button in the Preferences window.
PAGE 121
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Updating Firmware The firewall router has flash memory and you can easily upgrade it with new firmware. You can obtain current firmware from NETGEAR’s Web site to your Management Station and then upload the firmware to the firewall router. To configure firmware options, click Maintenance from the navigation bar on the left, and then click Firmware. The Firmware Update window opens. Figure 11-2.
PAGE 122
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Uploading New Firmware Note: The Web browser used to upload new firmware into the firewall router must support HTTP uploads. NETGEAR recommends using Netscape Navigator 3.0 or above. To upload new firmware: 1. Disconnect all LAN and WAN connections from your firewall router except for the connection to the Management Station PC. 2. Export your preferences as described on page 11-3.
PAGE 123
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Upgrade Features The firewall router may be upgraded to support new or optional features, such as increasing the limit on the number of users. For information about purchasing firewall router options and upgrades, or a Content Filter List subscription, please contact NETGEAR at or at NETGEAR’s main website at .
PAGE 124
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers The available diagnostic tools are: • DNS Name Lookup • Find Network Path • Ping • Packet Trace • Tech Support Report These reports are described in the sections that follow. DNS Name Lookup The DNS lookup tool returns the numerical IP address of a domain name. To perform a DNS name lookup: 1. From the “Choose a diagnostic tool” box, select DNS Name Lookup. 2.
PAGE 125
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 2. Enter the IP address of the host. 3. Click Go. The test takes a few seconds to complete. Once completed, a message showing the results is displayed in the window. If the network path is incorrect, check your router’s Network settings. Note: Find Network Path requires an IP address for the target host. You can use the DNS Name Lookup tool to find the IP address of a host.
PAGE 126
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 4. From a local PC, initiate an IP session with the remote host using an IP client, such as Web, FTP, or Telnet. Do not enter a host name, such as "www.yahoo.com"; instead, type the same IP address entered in the “Trace on IP address” box. 5. Click Refresh. The packet trace information is displayed. 6. Click Stop to terminate the packet trace, and Reset to clear the results.
PAGE 127
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From 192.168.0.3 / 1282 (00:a0:4b:05:96:4a) To 204.71.200.74 / 80 (02:00:cf:58:d3:6a) Client sends a final ACK, and waits for start of data transfer. 6 TCP sent on WAN [ACK] From 207.88.211.116 / 1937 (00:40:10:0c:01:4e) To 204.71.200.74 / 80 (02:00:cf:58:d3:6a) The firewall router forwards the client's ACK to the remote host and waits for start of data transfer.
PAGE 128
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 11-12 System Maintenance
PAGE 129
Chapter 12 Troubleshooting This chapter provides troubleshooting information for your Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers. Each problem description includes instructions for helping you diagnose and solve the problem. Basic Functioning After you turn on power to the router, the following sequence of events should occur: • The PWR LED is on. • The Test LED is on while the router performs its self-test, which takes about 90 seconds to complete.
PAGE 130
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Test LED Stays On When the router is turned on, the Test LED should illuminate for about 90 seconds and then turn off. If the Test LED stays on, there is a fault within the router. If you experience problems with the Test LED: • Turn off the router for a few seconds, and then turn it back on to see if the router recovers, and if the LED turns off after the correct amount of time.
PAGE 131
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Troubleshooting the Web Management Interface If you are unable to access the router’s Web Management Interface from a PC on your local network, check the following: • Check the Ethernet connection between your PC and the router as described in the previous section. • Make sure your PC’s IP address is on the same subnet as the router.
PAGE 132
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers To check the WAN IP address: 1. Launch your browser and select an external site such as www.NETGEAR.com Although you may not have success in accessing the Web site, this step is necessary because it causes your router to request an IP address from the ISP. 2. In your browser’s Address box, type http://192.168.0.1 and press Enter. 3.
PAGE 133
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Your PC may not recognize any DNS server addresses. A DNS server is a host on the Internet that translates Internet names (such as “www” addresses) to numeric IP addresses. Typically, your ISP provides the addresses of one or two DNS servers for your use.
PAGE 134
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Testing the LAN Path to Your Router You can ping the router from your PC to verify that the LAN path to your router is set up correctly. To ping the router from a Windows PC: 1. On the Windows taskbar, click the Start button and then click Run. The Run window opens. 2. Type ping, followed by the IP address of the router, as shown in the following example: ping 192.168.0.1 3. Click OK.
PAGE 135
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers From the Windows run menu, type PING -n 10 followed by the IP address of a remote device such as your ISP’s DNS server. If the path is functioning correctly, replies as those described in the previous section are displayed. If you do not receive replies: • Check that your PC has the IP address of your router listed as the default gateway.
PAGE 136
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 3. On the rear panel of the router, locate the small hole to the left of the Normal/Uplink button. A small pushbutton is accessible through this hole. 4. With the router powered off, use a thin tool such as a pencil point to press and hold the pushbutton. 5. While holding the pushbutton, turn on the router. 6. Within about 5 seconds, the Test LED begins to blink. Release the pushbutton.
PAGE 137
Appendix A Technical Specifications This appendix provides technical specifications for the Model FR314, FR318 and FV318 Cable/ DSL Firewall and VPN Routers. General Specifications Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, NAT, DHCP, IPSec PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz, input United Kingdom, Australia: 240V, 50 Hz, input Europe: 230V, 50 Hz, input Japan: 100V, 50/60 Hz, input All regions (output): 12 V DC @ 1.
PAGE 138
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Physical Specifications Dimensions: 253 by 181 by 35 mm 9.95 by 7.1 by 1.4 in. Weight: 1.1 kg 2.5 lb.
PAGE 139
Appendix B Networks, Routing, and Firewall Basics This chapter provides an overview of IP networks, routing, and firewalls. Basic Router Concepts Large amounts of bandwidth can be provided easily and relatively inexpensively in a local area network (LAN). However, providing high bandwidth between a local network and the Internet can be very expensive. Because of this expense, Internet access is usually provided by a slower-speed wide-area network (WAN) link such as a cable or DSL modem.
PAGE 140
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers is a small office router that routes the IP protocol over a single-user broadband connection.
PAGE 141
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class.
PAGE 142
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. • Class E Class E addresses are for experimental use. This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network.
PAGE 143
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number. It is unlikely that the smaller office LANs would have that many devices. You can resolve this problem by using a technique known as subnet addressing.
PAGE 144
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet. The following table lists the additional subnet mask bits in dotted-decimal notation.
PAGE 145
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Table B-2. Netmask Formats 255.255.255.252 /30 255.255.255.254 /31 255.255.255.255 /32 NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.
PAGE 146
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router.
PAGE 147
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router. This filtering can prevent intruders from probing your system.
PAGE 148
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers IP Configuration by DHCP When an IP-based local area network is installed, each PC must be configured with an IP address. If the PCs need to access the Internet, they should also be configured with a gateway address and one or more DNS server addresses. As an alternative to manual configuration, there is a method by which each PC on the network can automatically obtain this configuration information.
PAGE 149
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers Uplink Switches and Crossover Cables In the wiring table, the concept of transmit and receive are from the perspective of the PC. For example, the PC transmits on pins 1 and 2. At the hub, the perspective is reversed, and the hub receives on pins 1 and 2. When connecting a PC to a PC, or a hub port to another hub port, the transmit pair must be exchanged with the receive pair.
PAGE 150
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be recognized when they occur.
PAGE 151
Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. ARCFour A data encryption algorithm used for communications with secure Web sites using the SSL protocol. A newer scheme than the common DES method, ARCFour is faster, resulting in improved VPN throughput. Authenticated Header AH.
PAGE 152
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 2 Dynamic Host Configuration Protocol DHCP. An Ethernet protocol specifying how a centralized DHCP server can assign network configuration information to multiple DHCP clients. The assigned information includes IP addresses, DNS addresses, and gateway (router) addresses. Encapsulated Secure Payload ESP.
PAGE 153
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers local area network LAN. A communications network serving users within a limited area, such as one floor of a building. A LAN typically connects multiple personal computers and shared network devices such as storage and printers. Although many technologies exist to implement a LAN, Ethernet is the most common for connecting personal computers. MAC address Media Access Control address.
PAGE 154
Reference Guide for the Model FR314, FR318 and FV318 Cable/DSL Firewall and VPN Routers 4 PPTP Point-to-Point Tunneling Protocol. A method for establishing a virtual private network (VPN) by embedding Microsoft’s network protocol into Internet packets. PSTN Public Switched Telephone Network. Point-to-Point Protocol PPP. A protocol allowing a computer using TCP/IP to connect directly to the Internet. RFC Request For Comment.
PAGE 155
Index Numerics 3DES 10-6 A ActiveX blocking 6-3 Address Resolution Protocol B-9 Administrator Settings IE checkbox 11-11 alerts categories 8-7 ARCFour 10-6 B Bastion Host 7-4 blocking ActiveX controls 6-3 by domain 6-8 by keyword 6-8 cookies 6-3 Java applets 6-3 C Cabling B-10 Cat5 cable 2-2, 2-5, B-11 configuration automatic by DHCP 1-4 router, initial 4-1 configuring network addressing mode 5-7 connecting router 2-4 Connection Monitor 10-15 connections Index verifying 2-6 Content Filter List 6-3 cat
PAGE 156
DNS server 3-9, 3-10, 5-5 DNS settings 5-5 domain 3-9 G Gateway Address 10-6 gateway address 3-9 domain name server (DNS) B-9 domains forbidden 6-8 trusted 6-8 H DoS attack B-12 Host Name 5-8 HMAC 10-7 dynamic NAT.
PAGE 157
K Keep Alive 10-7 L LAN IP address 5-4 LAN settings 5-4 LAN subnet mask 5-4 LEDs description 2-3 troubleshooting 12-2 Log Viewer 10-15 logging disabling 7-7 login protocols 3-8 logs automated sending 8-5 categories 8-6 reports 8-7 sending 8-5 settings 8-4 types of messages 8-2 viewing 8-1 Network Address Translation 1-4, B-8 Network Address Translation (NAT) network addressing modes configuring for dynamic addressing 5-8 configuring for fixed addressing 5-8 configuring for NAT disabled 5-9 configuring for
PAGE 158
R rear panel 2-4 reports logging 8-7 requirements access device 2-2 browser 4-1 hardware 2-2 restarting the firewall router 11-1 restoring defaults 11-3 restrict Web features 6-3 RFC 1466 xvii, B-7 1597 xvii, B-7 1631 xvii, B-8 finding B-7 stealth mode 7-7 stealth mode, email problems 7-8 subnet addressing B-5 subnet mask 3-9, B-5 subscription, purchasing 6-5 T TCP/IP configuring 3-1 network, troubleshooting 12-5 TCP/IP properties verifying for Macintosh 3-6 verifying for Windows 3-4 technical specificati
PAGE 159
W WAN gateway (router) address 5-5 WAN IP address 5-5 WAN settings 5-5 WAN/DMZ subnet mask 5-5 warranty 1-5 Web Management Interface 4-1 Web proxy 6-3 Windows, configuring for IP routing 3-2 winipcfg utility 3-4, 12-7 World Wide Web iii Index 5