Summary of Contents for NETGEAR 108 MBPS WIRELESS WGT624 V3
Page 1
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10090-02 v 1.4 April 2005...
Page 2
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3
Refer to the Support Information Card that shipped with your WGT624 v3 108 Mbps Wireless Firewall Router. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
Chapter 1 About This Manual Audience, Scope, Conventions, and Formats ...1-1 How to Use This Manual ...1-2 How to Print this Manual ...1-3 Chapter 2 Introduction Key Features ...2-1 802.11g Wireless Networking ...2-2 A Powerful, True Firewall with Content Filtering ...2-2 Security ...2-3 Autosensing Ethernet Connections with Auto Uplink ...2-3 Extensive Protocol Support ...2-3...
Page 6
Scheduling When Blocking Will Be Enforced ...4-4 Configuring E-Mail Alert and Web Access Log Notifications ...4-5 Viewing Logs of Web Access or Attempted Web Access ...4-6 Chapter 5 Maintenance Viewing Wireless Router Status Information ...5-1 Viewing a List of Attached Devices ...5-5 Upgrading the Router Software ...5-5 Configuration File Management ...5-7 Restoring and Backing Up the Configuration ...5-7...
Page 7
Power LED Not On ...7-1 LEDs Never Turn Off ...7-2 Local or Internet Port LEDs Not On ...7-2 Troubleshooting the Web Configuration Interface ...7-3 Troubleshooting the ISP Connection ...7-4 Troubleshooting a TCP/IP Network Using a Ping Utility ...7-5 Testing the LAN Path to Your Router ...7-5 Testing the Path from Your PC to a Remote Device ...7-6 Restoring the Default Configuration and Password ...7-7 Problems with Date and Time ...7-7...
Page 8
Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking ... C-1 Configuring Windows 95, 98, and Me for TCP/IP Networking ... C-2 Install or Verify Windows Networking Components ... C-2 Enabling DHCP to Automatically Configure TCP/IP Settings ... C-4 Selecting Windows’...
Page 9
Overview of WEP Parameters ... D-5 Key Size ... D-6 WEP Configuration Options ... D-7 Wireless Channels ... D-7 WPA and WPA2 Wireless Security ... D-8 How Does WPA Compare to WEP? ... D-9 How Does WPA Compare to WPA2 (IEEE 802.11i)? ... D-10 What are the Key Features of WPA and WPA2 Security? ...
This manual is written for the WGT624 v3 wireless router according to these specifications: Table 1-2. Manual Scope Product Version Manual Publication Date Note: Product updates are available on the NETGEAR, Inc. Web site at http://kbserver.netgear.com/products/WGT624 About This Manual About This Manual WGT624 v3 108 Mbps Wireless Firewall Router April 2005 v3.asp.
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual is dedicated to a major topic.
Page 14
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 About This Manual 202-10090-02 v 1.4, July 2005...
Internet through an external broadband access device (such as a cable modem or DSL modem) that is normally intended for use by a single computer. This chapter describes the features of the NETGEAR WGT624 v3 108 Mbps Wireless Firewall Router. Key Features...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Flash memory for firmware upgrade. 802.11g Wireless Networking The WGT624 v3 wireless router includes an 802.11g wireless access point, providing continuous, high-speed 54 Mbps access between your wireless and Ethernet devices. The access point provides: •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • The WGT624 v3 prevents objectionable content from reaching your PCs. The router allows you to control access to Internet content by screening for keywords within web addresses. You can configure the router to log and report attempts to access objectionable Internet sites.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • IP Address Sharing by NAT The WGT624 v3 wireless router allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP).
Registration and Warranty Card. • Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the router for repair. Introduction...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The Router’s Front Panel The front panel of the WGT624 v3 wireless router contains the status LEDs described below. Figure 2-1: WGT624 v3 Front Panel You can use some of the LEDs to verify connections. Viewed from left to right, describes the LEDs on the front panel of the router.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The Router’s Rear Panel The rear panel of the WGT624 v3 wireless router contains the port connections listed below. Figure 1-2: WGT624 v3 Rear Panel Viewed from left to right, the rear panel contains the following features: •...
Page 22
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Introduction 202-10090-02 v 1.4, July 2005...
Configuring the Internet and Wireless Settings This chapter describes how to use the Smart Wizard Installation Assistant on the Resource CD to configure your wireless router’s Internet connection and wireless parameters. Once you are connected to the Internet and your wireless connections are working, you can also configure the router’s content filtering parameters if you need to change the default settings.
When you get to the wireless settings, you will have to select the country where you are located and decide whether you want to have security on your wireless links (Netgear strongly recommends enabling security). – Depending on the type of security you select, you will also have to enter security key or passphrase information (see the wireless authentication and encryption parameters).
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 If you want to change your Internet or wireless settings later, see Configuration” on page 3-6. Logging Into Your Router To log into your router after you have configured your router, do the following: Type http://www.routerlogin.net Navigator.
Page 26
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Click OK and the resulting window below appears: Figure 3-4: Login result Configuring the Internet and Wireless Settings 202-10090-02 v 1.4, July 2005...
Page 27
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Enable the Firmware Upgrade Assistant if you want the router to check for the lastest firmware everytime you log into the router (otherwise, you can check yourself manually; see “Upgrading the Router Software”...
Basic Settings, No Login Basic Settings, Login Required Figure 3-6: Basic Settings screens The Basic Settings pages allow you to configure, upgrade and check the status of your NETGEAR Wireless Router. Configuring the Internet and Wireless Settings 202-10090-02 v 1.4, July 2005...
Page 29
Internet Explorer, you may click an item in the center column to jump directly to the related help section; otherwise, scroll down until you reach it. For the most current documentation, go to: http://kbserver.netgear.com/products_automatic/WGT624v3.asp Note: If you are setting up the router for the first time, the default settings may work for you with no changes.
Page 30
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 If you have a fixed (static, permanent) IP address, your ISP will have provided you with an IP address. Select Use static IP address and type in the IP Address. •...
Page 31
Address is selected once a value has already been set in the Use This MAC Address selection. Click Test to connect to the NETGEAR Web site. If you connect successfully, your settings work and you may click Logout to exit these pages and... enjoy surfing the 'net!
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Wireless Settings To change the Internet settings, click Wireless Settings on the left menu bar. One of the following screens appears: Wireless Settings: No security Figure 3-7: Wireless Settings screens NOTE: To ensure proper agency compliance and compatibility between similar products in your area;...
Page 33
Name (SSID): Enter a value of up to 32 alphanumeric characters. The same Name (SSID) must be assigned to all wireless devices in your network. The default SSID is NETGEAR, but NETGEAR strongly recommends that you change your network's Name (SSID) to a different value.
Page 34
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Security Encryption (WEP) Key: If WEP is enabled, you can manually or automatically program the four data encryption keys. These values must be identical on all PCs and Access Points in your network. •...
Chapter 4 Content Filtering This chapter describes how to use the content filtering features of the WGT624 v3 108 Mbps Wireless Firewall Router to protect your network. These features can be found by clicking on the Content Filtering heading in the Main Menu of the browser interface. The WGT624 v3 108 Mbps Wireless Firewall Router provides you with web content filtering options, plus browsing activity reporting and instant alerts via e-mail.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 To enable keyword blocking, select either “Per Schedule” or “Always”, then click Apply. If you want to block by schedule, be sure that a time period is specified in the Schedule menu. To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.
Page 37
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Services are functions performed by server computers at the request of client computers. For example, web servers serve web pages, time servers serve time and date information, and game hosts serve data about other players’...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Enter the Starting Port and Ending Port numbers. If the application uses a single port number, enter that number in both boxes. If you know that the application uses either TCP or UDP, select the appropriate protocol. If you are not sure, select Both.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Time of Day to Block. Select a start and end time in 23:59 format. Select All day for 24 hour blocking. Click Apply. Note: Be sure to select your time zone in the E-Mail menu. Configuring E-Mail Alert and Web Access Log Notifications In order to receive logs and alerts by email, you must provide your email information in the E-Mail menu, shown below:...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Your outgoing mail server Enter the name of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com). You may be able to find this information in the configuration menu of your e-mail program. If you leave this box blank, log and alert messages will not be sent via e-mail.
Page 41
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Figure 4-6: Logs menu Log entries are described in Table 4-1 Table 4-1. Log entry descriptions Field Description Number The index number of the content filter log entries. 128 entries are available numbered from 0 to 127.
Page 42
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Log action buttons are described in Table 4-2. Log action buttons Field Description Refresh Click this button to refresh the log screen. Clear Log Click this button to clear the log entries. Send Log Click this button to email the log immediately.
Chapter 5 Maintenance This chapter describes how to use the maintenance features of your WGT624 v3 108 Mbps Wireless Firewall Router. These features can be found by clicking on the Maintenance heading in the Main Menu of the browser interface. Viewing Wireless Router Status Information The Router Status menu provides a limited amount of status and usage information.
Page 44
Wireless port of the router. This field displays the wireless network name (SSID) being used by the wireless port of the router. The default is NETGEAR. This field displays the geographic region where the router being used. It may be illegal to use the wireless features of the router in some parts of the world.
Page 45
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Click on the “Show WAN Status” button to display the WAN status, as shown below. Figure 5-2: Connection Status screen This screen shows the following statistics:. Table 5-1. Connection Status Fields Field Description Connection Time...
Page 46
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Click on the “Show Statistics” button to display router usage statistics, as shown below. Figure 5-3: Router Statistics screen This screen shows the following statistics: Table 5-1. Router Statistics Fields Field Description Port...
The router software of the WGT624 v3 wireless router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Note: The web browser used to upload new firmware into the WGT624 v3 wireless router must support HTTP uploads.
Page 48
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Note: Be sure to check the NETGEAR web site for documentation updates which are available at http://www.netgear.com/docs. From the Main Menu of the browser interface, under the Maintenance heading, select the Router Upgrade heading to display the menu shown below.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Configuration File Management The configuration settings of the WGT624 v3 wireless router are stored within the router in a configuration file. This file can be saved (backed up) to a user’s PC, retrieved (restored) from the user’s PC, or cleared to factory default settings.
7-7. Changing the Administrator Password The default password for the router’s web Configuration Manager is password. Netgear recommends that you change this password to a more secure password. From the Main Menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown below.
This chapter describes how to configure the advanced features of your WGT624 v3 108 Mbps Wireless Firewall Router. These features can be found under the Advanced heading in the Main Menu of the browser interface. Configuring Port Forwarding to Local Servers Although the router causes your entire local network to appear as a single machine to the Internet, you can make a local server (for example, a web server or game server) visible and available to the Internet.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Use the Port Forwarding menu to configure the router to forward incoming protocols to computers on your local network. In addition to servers for specific applications, you can also specify a Default DMZ Server to which all other incoming protocols are forwarded.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Local Web and FTP Server Example If a local PC with a private IP address of 192.168.1.33 acts as a web and FTP server, configure the Ports menu to forward HTTP (port 80) and FTP (port 21) to local address 192.168.1.33 In order for a remote user to access this server from the Internet, the remote user must know the IP address that has been assigned by your ISP.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Some online games and videoconferencing applications are incompatible with NAT. The WGT624 v3 wireless router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC’s IP address is entered as the default in the PORTS Menu.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Port Triggering Rules Menu The Port Triggering Rules Menu lists the current rules: • Enable - Indicates if the rule is enabled or disabled. Generally, there is no need to disable a rule unless it interferes with some other function, such as Port Forwarding.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Incoming (Response) Port Range - enter the range of port numbers used by the remote system when it responds to the PC's request. Modifying or Deleting an existing Rule: •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Configuring WAN Setup Options The WAN Setup options let you configure a DMZ server, change the MTU size and enable the wireless router to respond to a Ping on the WAN port. These options are discussed below. Figure 6-3: WAN Setup menu.
Page 58
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Setting Up a Default DMZ Server The default DMZ server feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT. The router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Under MTU Size, enter a new size between 64 and 1500. Then, click Apply to save the new configuration. Using a Dynamic DNS Service If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS).
Page 60
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 To configure Dynamic DNS: Register for an account with one of the dynamic DNS service providers whose names appear in the ‘Select Service Provider’ box. For example, for dyndns.org, go to www.dyndns.org. Select the Use a Dynamic DNS service check box.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Using LAN IP Setup Options The LAN IP Setup feature is under the Advanced heading of the main menu. This feature allows configuration of LAN IP services such as DHCP and RIP. From the Main Menu of the browser interface, under Advanced, click on LAN IP Setup to view the LAN IP Setup menu, shown below.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • IP Subnet Mask This is the LAN Subnet Mask of the router. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 If another device on your network will be the DHCP server, or if you will manually configure the network settings of all of your computers, clear the ‘Use router as DHCP server’ check box. Otherwise, leave it checked.
Page 64
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 To reserve an IP address: Click the Add button. Figure 6-6: Address Reservation screen In the IP Address box, type the IP address to assign to the PC or server. (choose an IP address from the router’s LAN subnet, such as 192.168.1.X) Type the MAC Address of the PC or server.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 How to Configure Static Routes Static Routes provide additional routing information to your router. Under normal circumstances, the router has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes.
Page 66
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Select Private if you want to limit access to the LAN only. The static route will not be reported in RIP. Select Active to make this route effective. Type the Destination IP Address of the final destination. Type the IP Subnet Mask for this destination.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Enabling Remote Management Access Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your WGT624 v3 wireless router. Note: Be sure to change the router's default configuration password to a very secure password.
Page 68
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 To allow access from a range of IP addresses on the Internet, select IP address range. Enter a beginning and ending IP address to define the allowed range. To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Using Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network.
Page 70
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 UPnP Portmap Table: The UPnP Portmap Table displays the IP address of each UPnP device that is currently accessing the router and which ports (Internal and External) that device has opened. The UPnP Portmap Table also displays what type of port is opened and if that port is still active for each IP address.
Firewall Router. After each problem description, instructions are provided to help you diagnose and solve the problem. Note: Product updates are available on the NETGEAR Web site at www.netgear.com/support/main.asp. Documentation updates are available on the NETGEAR, Inc. Web site at www.netgear.com/docs.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Check that you are using the 12 V DC 1A power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Troubleshooting the Web Configuration Interface If you are unable to access the router’s web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the router as described in the previous section.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Troubleshooting the ISP Connection If your router is unable to access the Internet, you should first determine whether the router is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address, your router must request an IP address from the ISP.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Configure your router to spoof your PC’s MAC address. This can be done in the Basic Settings menu. If your router can obtain an IP address, but your PC is unable to load any web pages from the Internet: •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 If the path is working, you see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 — If your ISP assigned a host name to your PC, enter that host name as the Account Name in the Basic Settings menu. — Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem.
Page 78
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Troubleshooting 202-10090-02 v 1.4, July 2005...
This appendix provides technical specifications for the WGT624 v3 108 Mbps Wireless Firewall Router. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output): Physical Specifications Dimensions: Weight: Environmental Specifications Operating temperature: Operating humidity: Technical Specifications...
Page 80
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: Wireless Radio Data Rates Frequency Data Encoding: Maximum Computers Per Wireless Network: Operating Frequency Ranges: Encryption: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45...
Appendix B Network, Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Routing Information Protocol One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table.
Page 83
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Class A Network Class B Network Class C Network Figure 7-1: Three Main Address Classes The five address classes are: • Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use an eight-bit network number and a 24-bit node number.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. For each unique value of the network portion of the address, the base address of the range (host address of all zeros) is known as the network address and is not usually assigned to a host.
Page 85
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node numbers translating to 64,000 nodes.
Page 86
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet bits.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address. In order for this scheme to work, all devices on the segment must agree on which bits comprise the host address.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The following figure illustrates a single IP address operation. Private IP addresses assigned by user 192.168.0.2 192.168.0.3 192.168.0.1 192.168.0.4 192.168.0.5 Figure 7-3: Single IP Address Operation Using NAT This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection.
Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. Just as...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 IP Configuration by DHCP When an IP-based local area network is installed, each PC must be configured with an IP address. If the PCs need to access the Internet, they should also be configured with a gateway address and one or more DNS server addresses.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Stateful Packet Inspection Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to ensure secure firewall filtering to protect your network from attacks and intrusions. Since user-level applications such as FTP and web browsers can create complex patterns of network traffic, it is necessary for the firewall to analyze groups of network connection states.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Category 5 Cable Quality Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.) or 100 meters (m) in length, divided as follows: 20 ft.
Page 93
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Figure B-1: Straight-Through Twisted-Pair Cable Figure B-2 illustrates crossover twisted pair cable. Figure B-2: Crossover Twisted-Pair Cable Figure B-3: Category 5 UTP Cable with Male RJ-45 Plug at Each End Network, Routing, Firewall, and Basics B-13 202-10090-02 v 1.4, July 2005...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network.
This appendix describes how to prepare your network to connect to the Internet through the WGT624 v3 108 Mbps Wireless Firewall Router and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of your firewall.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address.
Page 97
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 If you need Client for Microsoft Networks: Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect. Enabling DHCP to Automatically Configure TCP/IP Settings After the TCP/IP protocol components are installed, each PC must be assigned specific information about itself and resources that are available on its network.
Page 99
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it.
From the drop-down box, select your Ethernet adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process for each of these versions of Windows.
Page 103
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/ IP in Windows XP.
Page 105
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. •...
Page 106
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. •...
Page 108
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. C-14 202-10090-02 v 1.4, July 2005 Preparing Your Network...
Type ipconfig /all Your IP Configuration information will be listed, and should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: • The IP address is between 192.168.1.2 and 192.168.1.254 •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • The default gateway is 192.168.1.1 Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP. MacOS 8.6 or 9.x From the Apple menu, select Control Panels, then TCP/IP.
TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses •...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. Select the DNS Configuration tab.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Restarting the Network Once you’ve set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your WGT624 v3 wireless router, you are ready to access and configure the firewall.
Page 116
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 C-22 Preparing Your Network 202-10090-02 v 1.4, July 2005...
Appendix D Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The WGT624 v3 wireless router conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b and 802.11g standards for wireless LANs (WLANs). On an 802.11b or g wireless link, data is encoded using direct-sequence spread-spectrum (DSSS) technology and is transmitted in the unlicensed radio spectrum at 2.5GHz.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Ad Hoc Mode (Peer-to-Peer Workgroup) In an ad hoc network, computers are brought together as needed; thus, there is no structure or fixed points to the network - each node can generally communicate with any other node. There is no Access Point involved in this configuration.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 • Shared Key. With Shared Key authentication, only those PCs that possess the correct authentication key can join the network. By default, IEEE 802.11 wireless devices operate in an Open System network. Wired Equivalent Privacy (WEP) data encryption is used when the wireless devices are configured to operate in Shared Key authentication mode.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The access point authenticates the station. The station associates with the access point and joins the network. This process is illustrated below. Open System Authentication Steps 1) Authentication request sent to AP 3) Client connects to network Client attempting...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 This process is illustrated below. Shared Key Authentication Steps 1) Authentication request sent to AP 2) AP sends challenge text Client 3) Client encrypts attempting challenge text and to connect sends it back to AP 4) AP decrypts, and if correct, authenticates client...
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Key Size The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit. The 64-bit WEP data encryption method allows for a five-character (40-bit) input. Additionally, 24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 WEP Configuration Options The WEP settings must match on all 802.11 devices that are within the same wireless network as identified by the SSID. In general, if your mobile clients will roam between access points, then all of the 802.11 access points and all of the 802.11 client adapters on the network must have the same WEP settings.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Table D-2: 802.11b/g Radio Frequency Channels Channel Center Frequency 2427 MHz 2432 MHz 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz 2467 MHz 2472 MHz Note: The available channels supported by the wireless products in various countries are different.
The Wi-Fi Alliance is now performing interoperability certification testing on Wi-Fi Protected Access products. Starting August of 2003, all new Wi-Fi certified products have to support WPA. NETGEAR is implementing WPA and WPA2 on client and access point products. The 802.11i standard was ratified in 2004.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 How Does WPA Compare to WPA2 (IEEE 802.11i)? WPA is forward compatible with the WPA2 security specification. WPA is a subset of WPA2 and used certain pieces of the early 802.11i draft, such as 802.1x and TKIP. The main pieces of WPA2 that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 802.11 VoIP phones), as well as enhanced encryption protocols, such as AES-CCMP.
Page 127
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The primary information conveyed in the Beacon frames is the authentication method and the cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared key is an authentication method that uses a statically configured pass phrase on both the stations and the access point.
WPA supports Extensible Authentication Protocol (EAP). For environments without a RADIUS infrastructure, WPA supports the use of a pre-shared key. Together, these technologies provide a framework for strong user authentication. Windows XP implements 802.1x natively, and several NETGEAR switch and wireless access point products support 802.1x. D-12 Wired Network with Optional 802.1x Port Based Network...
Page 129
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Client with a WPA/ WPA2-enabled wireless adapter and supplicant (Win XP, Funk, Meetinghouse) Figure 4-7: 802.1x Authentication Sequence The AP sends Beacon Frames with WPA/WPA2 information element to the stations in the service set.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point.
Page 131
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Temporal Key Integrity Protocol (TKIP) WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
Product Support for WPA/WPA2 Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Changes to Wireless Access Points Wireless access points must have their firmware updated to support the following: • The new WPA/WPA2 information element To advertise their support of WPA/WPA2, wireless APs send the beacon frame with a new 802.11 WPA/WPA2 information element that contains the wireless AP's security configuration (encryption algorithms and wireless security configuration information).
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Microsoft has worked with many wireless vendors to embed the WPA driver update in the wireless adapter driver. So, to update your Microsoft Windows wireless client, all you have to do is obtain the new WPA/WPA2-compatible driver and install the driver.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Glossary Use the list below to find definitions for technical terms used in this manual. 802.11 Standard 802.11, or IEEE 802.11, is a type of radio technology used for wireless local area networks (WLANs). It is a standard that has been developed by the IEEE (Institute of Electrical and Electronic Engineers), http://standards.ieee.org.
Page 136
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 802.11e Standard 802.11e is a proposed IEEE standard to define quality of service (QoS) mechanisms for wireless gear that gives support to bandwidth-sensitive applications such as voice and video. 802.11g Standard Similar to 802.11b, this physical layer standard provides a throughput of up to 54 Mbps.
Page 137
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 A bridge connects devices that all use the same kind of protocol. A router can connect networks that use differing protocols. It also reads the addresses included in the packets and routes them to the appropriate computer station, working with any other routers in the network to choose the best path to send the packets on.
Page 138
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 ISA bus Wi-Fi radios. Client devices usually communicate with hub devices like access points and gateways. Collision avoidance A network node characteristic for proactively detecting that it can transmit a signal without risking a collision, thereby ensuring a more reliable connection.
Page 139
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 DNS (Domain Name System) A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers. The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses.
Page 140
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Gateway In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, etc.
Page 141
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 IP (Internet Protocol) address A 32-bit number that identifies each sender or receiver of information that is sent across the Internet. An IP address has two parts: an identifier of a particular network on the Internet and an identifier of the particular device (which can be a server or a workstation) within that network.
Page 142
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 In a wireless mesh example, each of the spheres below represent a mesh router. Corporate servers and printers may be shared by attaching to each mesh router. For wireless access to the mesh, an access point must be attached to any one of the mesh routers.
Page 143
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 PHY defines parameters such as data rates, modulation method, signaling parameters, transmitter/receiver synchronization, etc. Within an actual radio implementation, the PHY corresponds to the radio front end and baseband signal processing sections. Plug and Play A computer system feature that provides for automatic configuration of add-ons and peripheral devices such as wireless PC Cards, printers, scanners and multimedia devices.
Page 144
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Satellite broadband A wireless high-speed Internet connection provided by satellites. Some satellite broadband connections are two-way—up and down. Others are one-way, with the satellite providing a high-speed downlink and then using a dial-up telephone connection or other land-based system for the uplink to the Internet.
Page 145
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 For example, when a web page is downloaded from a web server, the TCP program layer in that server divides the file into packets, numbers the packets, and then forwards them individually to the IP program layer.
Page 146
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 node equipped with WEP. Warchalkers also draw identifiers above the symbols to indicate the password that can be used to access the node, which can easily be obtained with sniffer software. As a recent development, the debate over the legality of warchalking is still going on.
Page 147
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 with the benefit of easier administration and use. This is similar to 802.1x support and requires a RADIUS server in order to implement. The Wi-Fi Alliance will call this, 'WPA-Enterprise.' One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short - this provides an authentication alternative to an expensive RADIUS server.
Page 148
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Wi-Fi Protected Access in "Mixed Mode" Deployment In a large network with many clients, a likely scenario is that access points will be upgraded before all the Wi-Fi clients. Some access points may operate in a "mixed mode", which supports both clients running Wi-Fi Protected Access and clients running original WEP security.