Main
ii
201-10301-02, May 2005
Trademarks
Statement of Conditions
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
FCC Caution
Product and Publication Details
Page
Contents
Page
Page
Page
Page
Page
Page
Page
Page
Page
Chapter 1 About This Manual
Audience, Scope, Conventions, and Formats
How to Use This Manual
How to Print this Manual
Page
Chapter 2 Introduction
Key Features of the FWG114P v2
Full Routing on Both the Broadband and Serial Ports
802.11g and 802.11b Wireless Networking
Virtual Private Networking
Wireless Multimedia (WMM) Support
A Powerful, True Firewall with Content Filtering
Security
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
NETGEAR Related Products
Package Contents
The FWG114P v2 Front Panel
2-8 Introduction
The FWG114P v2 Rear Panel
Table 2-1. LED Descriptions
Page
Page
Chapter 3 Connecting the FWG114P v2 to the Internet
What You Will Need Before You Begin
Cabling and Computer Hardware Requirements
Computer Network Configuration Requirements
Internet Configuration Requirements
Where Do I Get the Internet Configuration Parameters?
Record Your Internet Connection Information
Connecting the FWG114P v2 Wireless Firewall/Print Server
A
Verify That Basic Requirements Are Met
B
Internet Port
Local Port 4
DC
Page
Page
Page
4. RUN THE SETUP WIZARD TO CONNECT TO THE INTERNET
Basic Setup Troubleshooting Tips
FWG114P v2 Setup Wizard Auto Detection
Wizard-Detected Login Account Setup
Page
Wizard-Detected Dynamic IP Account Setup
Wizard-Detected Fixed IP Account Setup
How to Configure the Serial Port as the Primary Internet Connection
Page
Testing Your Internet Connection
Page
How to Manually Configure the Primary Internet Connection
Page
Chapter 4 Wireless Configuration
Observing Performance, Placement, and Range Guidelines
Implementing Appropriate Wireless Security
:LUHOHVV'DWD 6HFXULW\2SWLRQV 5DGLXV8SWR)HHW
FWG114P
Understanding Wireless Settings
Page
Page
Default Factory Settings
Before You Change the SSID and WEP Settings
How to Set Up and Test Basic Wireless Connectivity
How to Restrict Wireless Access by MAC Address
How to Configure WEP
Page
How to Configure WPA with Radius
Page
How to Configure WPA2 with Radius
Page
How to Configure WPA and WPA2 with Radius
Page
How to Configure WPA-PSK
Page
How to Configure WPA2-PSK
How to Configure WPA-PSK and WPA2-PSK
Page
Chapter 5 Serial Port Configuration
Configuring a Serial Port Modem
Basic Requirements for Serial Port Modem Configuration
How to Configure a Serial Port Modem
Configuring Auto-Rollover
Basic Requirements for Auto-Rollover
How to Configure Auto-Rollover
Configuring Dial-in on the Serial Port
Basic Requirements for Dial-in
How to Configure Dial-in
5-6 Serial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2
Configuring LAN-to-LAN Settings
LAN-to-LAN enables direct communications between two FWG114P v2 wireless firewall/print servers.
6HULDO&RQQHFWLRQ
Page
Page
Chapter 6 Firewall Protection and Content Filtering
Firewall Protection and Content Filtering Overview
Using the Block Sites Menu to Screen Content
Page
Services and Rules Regulate Inbound and Outbound Traffic
Defining a Service
Using Inbound/Outbound Rules to Block or Allow Services
Page
Examples of Using Services and Rules to Regulate Traffic
Inbound Rules (Port Forwarding)
Page
Page
Outbound Rules (Service Blo cking or Port Filtering)
Other Rules Considerations
Order of Precedence for Rules
Rules Menu Options
Using a Schedule to Block or Allow Content or Traffic
Setting the Time Zone
Getting E-Mail Notifications of Event Logs and Alerts
Page
Page
Viewing Logs of Web Access or Attempted Web Access
What to Include in the Event Log
Page
Chapter 7 Print Server
Printing Options
For Windows XP and 2000, Use TCP/IP LPR Printing
Page
Page
Page
For Windows 95/98/Me, Use the Netgear Printer Port Driver
Page
Page
Printing from the Macintosh
Windows Printer Port Management
Page
Troubleshooting the Print Server
Page
Page
Page
Page
Virtual Private Networking 8-1
Chapter 8 Virtual Private Networking
#OMPUTERS
Figure 8-1: Secure access through FWG114P v2 VPN routers
Overview of FWG114P v2 Policy-Based VPN Configuration
931WXQQHOV HQFU\SWGDWD
Using Policies to Manage VPN Traffic
Using Automatic Key Management
Page
8-4 Virtual Private Networking
The IKE Policy Configuration fields are defined in the following table.
Table 8-1. IKE Policy Configuration Fields
Virtual Private Networking 8-5
Table 8-1. IKE Policy Configuration Fields
Page
Virtual Private Networking 8-7
The VPN Auto Poli cy fields ar e defined in the following table.
8-8 Virtual Private Networking
Virtual Private Networking 8-9
VPN Policy Configuration for Manual Key Exchange
Page
Virtual Private Networking 8-11
The VPN Manual Policy fields are defined in the following table.
8-12 Virtual Private Networking
Virtual Private Networking 8-13
Using Digital Certificates for IKE Auto-Policy Authentication
Certificate Revocation List (CRL)
Walk-Through of Configuration Scenarios on the FWG114P v2
How to Use the VPN Wizard to Configure a VPN Tunnel
Page
Page
Page
VPNC Scenario 1: Gateway to Gateway with Preshared Secrets
Scenario 1: FWG114P v2 to FWG114P v2 with Preshared Secrets
Page
Page
Page
How to Check VPN Connections
VPNC Scenario 2: Gateway-to-Gateway with Certificates
Scenario 2: FWG114P v2 to FWG114P v2 with Certificates
Page
Page
Page
Page
Page
Netgear VPN Client to FWG114P v2
Configuration Profile
Step-By-Step Configuration of FWG114P v2 Gateway
1HWZRUN$GGUHVVHV
Page
Page
Page
Page
Step-By-Step Configuration of the Netgear VPN Client
Page
Page
Page
Page
Page
Page
Testing the VPN Connection
From the Client PC to the FWG114P v2
From the FWG114P v2 to the Client PC
Monitoring the PC VPN Connection
Viewing the FWG114P v2 VPN Status and Log Information
Page
Page
Page
Maintenance 9-3
Table 9-1. Status Fields
Click WAN Status to display the WAN connection status.
This screen shows the following statistics:.
Log action buttons are described in Table 9-2.
Click Show Statistics to display router usage statistics.
This screen shows the following statistics:
Viewing a List of Attached Devices
Upgrading the Router Software
Configuration File Management
Restoring and Backing Up the Configuration
Erasing the Configuration
Changing the Administrator Password
Page
Chapter 10 Advanced Configuration
Using the WAN Setup Options
Page
How to Configure Dynamic DNS
Page
Using the LAN IP Setup Options
Configuring LAN TCP/IP Setup Parameters
Page
Using the Router as a DHCP server
Using Address Reservation
Configuring Static Routes
Page
Enabling Remote Management Access
Using Universal Plug and Play (UPnP)
Advanced Wireless Settings
Page
Page
Chapter 11 Troubleshooting
Basic Functioning
Power LED Not On
LEDs Never Turn Off
LAN or Internet Port LEDs Not On
Troubleshooting the W e b Configuration Interface
Troubleshooting the ISP Connection
Troubleshooting a TCP/IP Network Using a Ping Utility
Testing the LAN Path to Your Router
Testing the Path from Your Computer to a Remote Device
Restoring the Default Configuration and Password
Problems with Date and Time
Page
Appendix A Technical Specifications
Page
Appendix B Networks, Routing, and Firewall Basics
Related Publications
Basic Router Concepts
What is a Router?
Routing Information Protocol
IP Addresses and the Internet
Page
Netmask
Subnet Addressing
Page
Page
Private IP Addresses
Single IP Address Operation Using NAT
Page
MAC Addresses and Address Resolution Protocol
Related Documents
Domain Name Server
IP Configuration by DHCP
Internet Security and Firewalls
What is a Firewall?
Stateful Packet Inspection
Denial of Service Attack
Ethernet Cabling
Category 5 Cable Quality
Inside Twisted Pair Cables
Uplink Switches, Crossover Cables, and MDI/MDIX Switching
Page
Page
Appendix C Preparing Your Network
Preparing Your Computers for TCP/IP Networking
Configuring Windows 95, 98, and Me for TCP/IP Networking
Install or Verify Windows Networking Components
Page
Enabling DHCP to Automatically Configure TCP/IP Settings
Verifying TCP/IP Properties
Configuring Windows NT, 2000 or XP for IP Networking
Installing or Verifying Windows Networking Components
Verifying TCP/IP Properties
Configuring the Macintosh for TCP/IP Networking
MacOS 8.6 or 9.x
MacOS X
Verifying TCP/IP Properties for Macintosh Computers
Verifying the Readiness of Your Internet Account
Are Login Protocols Used?
What Is Your Configuration Information?
Obt aining ISP Configuration Information for W indows Computers
Obtaining ISP Configuration Information for Macintosh Computers
Page
Firewall Log Formats D-1
Appendix D Firewall Log Formats
Action List
Outgoing packets that match the Firewall rules are logged.
Field List
Outbound Log
Inbound Log
Incoming packets that match the Firewall rules are logged.
Some special packets matching the Firewall rules, like VPN connection, etc. are logged.
Other IP Traffic
Firewall Log Formats D-3
Router Operation
Operations that the router initiates are logged.
D-4 Firewall Log Formats
Other Connections and Traffic to this Router
DoS Attack/Scan
Common attacks and scans are logged.
Firewall Log Formats D-5
Access Block Site
All Web Sites and News Groups Visited
System Admin Sessions
Firewall Log Formats D-7
Policy Administration LOG
Page
Appendix E Wireless Networking Basics
Wireless Networking Overview
Infrastructure Mode
Ad Hoc Mode (Peer-to-Peer Workgroup)
Network Name: Extended Service Set Identification (ESSID)
Authentication and WEP Data Encryption
802.11 Authentication
Open System Authentication
Shared Key Authentication
2SHQ6\VWHP $XWKHQWLFDWLRQ6WHSV
Overview of WEP Parameters
6KDUHG.H\ $XWKHQWLFDWLRQ6WHSV
Key Size
WEP Configuration Options
Wireless Channels
WPA Wireless Security
How Does WPA Compare to WEP?
How Does WPA Compare to IEEE 802.11i?
What are the Key Features of WPA Security?
Page
Wired Network with Optional 802.1x Port Based Network Access Control
Wireless LAN
Page
Page
Page
Is WPA Perfect?
Product Support for WPA
Page
Page
Appendix F Virtual Private Networking
What is a VPN?
What is IPSec and How Does It Work?
IPSec Security Features
IPSec Components
Encapsulating Security Payload (ESP)
Authentication Header (AH)
IKE Security Association
Page
Key Management
Understand the Process Before You Begin
VPN Process Overview
Network Interfaces and Addresses
Setting Up a VPN Tunnel Between Gateways
AB
IPSec Security Association IKE VPN Tunnel Negotiation Steps
VPNC IKE Security Parameters
VPNC IKE Phase I Parameters
VPNC IKE Phase II Parameters
Testing and Troubleshooting
Additional Reading
Page
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2
Configuration Template
S tep-By-Step Configuration of FVS318 or FVM318 Gateway A
Page
Page
Step-By-Step Configuration of FWG114P Gateway B
Page
Page
Page
Test the VPN Connection
Page
Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
Configuration Template
Using DDNS and Fully Qualified Domain Names (FQDN)
S tep-By-Step Configuration of FVS318 or FVM318 Gateway A
Page
Page
Page
Step-By-Step Configuration of FVS328 Gateway B
Page
Page
Page
Test the VPN Connection
Page
Glossary
Use the list below to find definitions for technical terms used in this manual.