NETGEAR FVM318 Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Wireless Router
  5. ProSafe FVM318
  6. Reference manual
NETGEAR FVM318 Reference Manual

NETGEAR FVM318 Reference Manual

Cable/dsl prosafe wireless vpn security firewall
Hide thumbs Also See for FVM318:
Table of Contents

Advertisement

Quick Links

Download this manual
Reference Manual for the
Model FVM318 Cable/DSL
ProSafe Wireless VPN
Security Firewall
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
SM-FVM318NA-0
December 2002

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR FVM318

Summary of Contents for NETGEAR FVM318

  • Page 1 Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR SM-FVM318NA-0 December 2002...
  • Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Serie auf die Erfüllung der Vorschriften hin zu überprüfen. Certificate of the Manufacturer/Importer It is hereby certified that the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions.

  • Page 5: Table Of Contents

    Network Configuration Requirements ...2-1 Internet Configuration Requirements ...2-2 Where Do I Get the Internet Configuration Parameters? ...2-2 Connecting the FVM318 to Your LAN ...2-4 PPPoE Wizard-Detected Option ...2-9 Dynamic IP Wizard-Detected Option ...2-10 Fixed IP Account Wizard-Detected Option ... 2-11 Manually Configuring Your Internet Connection ...2-12...
  • Page 6 Configuring IPSec Wireless Connections ...3-12 Using SoftRemoteLT Instead of SoftRemote Basic ...3-17 Chapter 4 Protecting Your Network Protecting Access to Your FVM318 firewall ...4-1 Configuring Basic Firewall Services ...4-3 Blocking Functions, Keywords, Sites, and Services ...4-3 Blocking Services ...4-5 Setting Times and Scheduling Firewall Services ...4-7...
  • Page 7 Viewing, Selecting, and Saving Logged Information ...6-5 Selecting What Information to Include in the Log ...6-6 Enabling SYSLOG ...6-7 Examples of log messages ...6-7 Activation and Administration ...6-7 Dropped Packets ...6-7 Enabling Security Event E-mail Notification ...6-8 Backing Up, Restoring, or Erasing Your Settings ...6-9 Running Diagnostic Utilities and Rebooting the Router ...
  • Page 8 Appendix A Technical Specifications Appendix B Network, Routing, Firewall, and Wireless Basics Related Publications ... B-1 Basic Router Concepts ... B-1 Internet Security and Firewalls ... B-10 Wireless Networking ... B-12 Wireless Network Configuration ... B-12 Ad Hoc Mode (Peer-to-Peer Workgroup) ... B-12 Infrastructure Mode ...
  • Page 9 Configuring the Macintosh for TCP/IP Networking ... C-17 Verifying the Readiness of Your Internet Account ... C-19 Restarting the Network ... C-22 Glossary Index Contents...
  • Page 10 Contents...
  • Page 11 List of Procedures Procedure 2-1: Record Your Internet Connection Information ...2-3 Procedure 2-2: Connecting the Firewall to Your LAN ...2-4 Procedure 2-3: Configuring the Internet Connection Manually ...2-13 Procedure 3-1: Set Up and Test Basic Wireless Connectivity ...3-7 Procedure 3-2: Restrict Wireless Access by MAC Address ...3-9 Procedure 3-3: Configure WEP ...3-10 Procedure 3-4: Configure Basic IPSec Wireless Connections ...3-13 Procedure 3-5: Configuring the SoftRemoteLT Full Client ...3-18...

  • Page 13: Typographical Conventions

    Two or more keys that must be pressed simultaneously are shown in text linked with a plus (+) sign. DOS file and directory names. MALL About This Manual About This Manual ® FVM318 Cable/DSL ProSafe Wireless VPN Security Preface xiii...

  • Page 14: Special Message Formats

    Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest. Warning: This format is used to highlight information about the possibility of injury or equipment damage.

  • Page 15: Introduction

    VPN Security Firewall. Key Features of the FVM318 The FVM318 firewall is a complete security solution that protects your network from attacks and intrusions while allowing secure connections with other trusted users over the Internet and across your local wireless network.

  • Page 16: Enhanced Wireless Security Through Ipsec

    Internet sites. Autosensing Ethernet Connections with Auto Uplink™ With its internal 8-port 10/100 switch, the FVM318 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The LAN interfaces are autosensing and capable of full-duplex or half-duplex operation.

  • Page 17: Extensive Protocol Support

    • IP Address Sharing by NAT The FVM318 allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as Network Address Translation (NAT), allows the use of an inexpensive single-user ISP account.

  • Page 18: Easy Installation And Management

    IP address is not permanently assigned. The firewall contains a client that can connect to a Dynamic DNS service to register your dynamic IP address. Easy Installation and Management You can install, configure, and operate the FVM318 within minutes after connecting it to the network. The following features simplify installation and management tasks: •...

  • Page 19: What's In The Box

    • Support information card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. The Firewall’s Front Panel...
  • Page 20 You can use some of the LEDs to identify the status of the firewall and verify connections. Table 1-1 describes each LED on the front panel of the firewall. These LEDs are green when lit, except for the TEST LED, which is amber. Table 1-1: LED Descriptions Label...

  • Page 21: The Firewall's Rear Panel

    The Firewall’s Rear Panel The rear panel of the FVM318 LOCAL 10/100M Figure 1-2: FVM318 Rear Panel Viewed from left to right, the rear panel contains the following elements: • Ground connector. • Factory Default Reset push button. • Eight Local Ethernet RJ-45 ports for connecting the firewall to the local computers.
  • Page 22 Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Introduction...

  • Page 23: Connecting The Firewall To The Internet

    Connect the firewall to a cable or DSL modem and a computer as explained below. Cabling and Computer Hardware Requirements To use the FVM318 firewall on your network, each computer must have an installed Ethernet Network Interface Card (NIC) and an Ethernet cable. If the computer will connect to your network at 100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided with your firewall.

  • Page 24: Internet Configuration Requirements

    • You may also refer to the NETGEAR Router ISP Guide on the FVM318 Resource CD which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, record them on the page below.

  • Page 25: Procedure 2-1: Record Your Internet Connection Information

    Procedure 2-1: Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs.

  • Page 26: Connecting The Fvm318 To Your Lan

    Connecting the FVM318 to Your LAN This section provides instructions for connecting the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall to your LAN. The Resource CD included with your firewall contains an animated Installation Assistant to help you through this procedure.
  • Page 27 Connect the Ethernet cable (A) from the modem to the FVM318’s Internet port. LO CA L 10/ 100M IN TER N ET Model FVM318 Wireless VPN Cable or DSL modem Figure 2-2: Connect the cable or DSL Modem to the firewall Connect the Ethernet cable (B) which came with the firewall from a local port on the router to your computer.
  • Page 28 Note: The FVM318 firewall incorporates Auto Uplink port will automatically sense whether the cable plugged into the port should have a 'normal' connection (e.g. connecting to a PC) or an 'uplink' connection (e.g. connecting to a switch or hub). That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.
  • Page 29 A login window opens like the one shown below. Figure 2-5: Login window For security reasons, the firewall has its own user name and password. When prompted, enter for the firewall user name and admin lower case letters. Note: The user name and password are not the same as any user name or password you may use to log in to your Internet connection.
  • Page 30 You are now connected to the firewall. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu. Click Next and follow the steps in the Setup Wizard for inputting the configuration parameters from your ISP to connect to the Internet.

  • Page 31: Pppoe Wizard-Detected Option

    Note: If you enter DNS addresses, restart your computers so that these settings take effect. • Click Apply to save your settings. • Click Test to verify that your Internet connection works. If the NETGEAR website does not appear within one minute, refer to Connecting the Firewall to the Internet Chapter 8,...

  • Page 32: Dynamic Ip Wizard-Detected Option

    Note: If you enter DNS addresses, restart your computers so that these settings take effect. • Click Apply to save your settings. • Click Test to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, 2-10 Troubleshooting.

  • Page 33: Fixed Ip Account Wizard-Detected Option

    • Click Apply to save the settings. • Click Test to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Connecting the Firewall to the Internet 2-3.

  • Page 34: Manually Configuring Your Internet Connection

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.

  • Page 35: Procedure 2-3: Configuring The Internet Connection Manually

    Procedure 2-3: Configuring the Internet Connection Manually You can manually configure the firewall using the Basic Settings menu shown in using these steps: Log in to the firewall at its default address of ® Explorer or Netscape Navigator. Click the Basic Settings link under the Setup section of the main menu. If your Internet connection does not require a login, click No at the top of the Basic Settings menu and fill in the settings according to the instructions below.
  • Page 36 If your Internet connection does require a login, fill in the settings according to the instructions below. Select Yes if you normally must launch a login program such as Enternet or WinPOET in order to access the Internet. Note: After you finish setting up your firewall, you will no longer need to launch the ISP’s login program on your PC in order to access the Internet.

  • Page 37: Wireless Configuration

    This chapter describes how to configure the wireless features of your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. Considerations For A Wireless Network In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your firewall in order to maximize the network speed. For further information on wireless networking, refer to “Network, Routing, Firewall, and Wireless...

  • Page 38: Implement Appropriate Wireless Security

    WEP, there may be degradation of the data throughput on the wireless link, and WEP configurations can be less reliable. Unique to the FVM318, you can use the highly secure, reliable, high performance IPSec VPN communications protocols for your wireless connection.

  • Page 39: Understanding Wireless Settings

    SSID. The FVM318 default SSID is: Wireless. • Region. This field identifies the region where the FVM318 can be used. It may not be legal to operate the wireless features of the firewall in a region other than one of those identified on this drop-down list.

  • Page 40: Restricting Access Based On The Wireless Card Access List

    Everyone. The FVM318 will not restrict wireless access based on MAC address. • Trusted PCs Only. Requires specifying the MAC address in the list if trusted PC MAC addresses before any device connecting wirelessly to the FVM318 will be allowed to connect to the firewall. Choosing Authentication and Security Encryption Methods...

  • Page 41: Encryption Strength Choices

    • Choose Aggressive or Main Mode. Aggressive Mode is the default. Aggressive Mode is required when you use the SafeNet SoftRemote Basic VPN Client for Windows which is included on the FVM318 Resource CD. • Select the Encryption Protocol. Wireless Configuration...

  • Page 42: 64 Or 128 Bit Wep

    October 2000, replacing the DES encryption it used. AES works at multiple network layers simultaneously. Once you have filled in the FVM318 settings, configure the wireless client accordingly. 64 or 128 bit WEP When 64 Bit WEP or 128 Bit WEP is selected, WEP encryption will be applied.

  • Page 43: Procedure 3-1: Set Up And Test Basic Wireless Connectivity

    WEP provides some degree of privacy, but can be defeated without great difficulty. If WEP is enabled, you can manually or automatically program the four data encryption keys. These values must be identical on all PCs and access points in your network. Figure 3-8: 64 or 128 bit WEP encryption strength Please refer to “Overview of WEP Parameters”...
  • Page 44 32 alphanumeric characters. The default SSID is Wireless. Wireless access point devices like the FVM318 broadcast the SSID and any other wireless node in the same area can receive this SSID. This is not a security feature. It is simply the name of the wireless network.

  • Page 45: Procedure 3-2: Restrict Wireless Access By Mac Address

    LAN address and password you have set up. Click the Wireless Settings link in the main menu of the FVM318 firewall. From the Wireless Settings menu, click the Trusted PCs button to display the Wireless Access menu shown below.

  • Page 46: Procedure 3-3: Configure Wep

    Log in to the FVM318 firewall at its default LAN address of user name of admin and default password of password, or using whatever LAN address and password you have set up. Click the Wireless Settings link in the main menu of the FVM318 firewall. 3-10 http://192.168.0.1...
  • Page 47 From the Security Encryption menu drop-down list, select the WEP encryption type you will use. Figure 3-11. Wireless Settings encryption menu You can manually or automatically program the four data encryption keys. These values must be identical on all PCs and Access Points in your network. •...

  • Page 48: Configuring Ipsec Wireless Connections

    Figure 3-12. Configuring basic wireless IPSec VPN tunnel connections To use the IPSec features of the FVM318, you must have VPN client software installed on your PC. The SafeNet SoftRemote Basic VPN client software included on the FVM318 Resource CD provides a simple and very easy way to set up wireless VPN connections to the FVM318.

  • Page 49: Procedure 3-4: Configure Basic Ipsec Wireless Connections

    Procedure 3-4: Configure Basic IPSec Wireless Connections The SafeNet SoftRemote Basic VPN client installer program is on the FVM318 Resource CD. Observe the following guidelines when using the SafeNet SoftRemote Basic VPN client: • The SoftRemote Basic client requires Windows 95 or later.
  • Page 50 Note: Before installing the SafeNet SoftRemote Basic VPN Client software, be sure to turn off any virus protection or firewall software you may be running on your PC. Place the FVM318 Resource CD in your CD drive. If the CD does not autostart, double click on the Install the SafeNet SoftRemote Basic VPN client.
  • Page 51 VPN client task menu, as shown below. Figure 3-16. SafeNet system tray icon menu The VPN client Security Policy menu will appear as shown below. SafeNet Basic Client Configuration Figure 3-17. SafeNet basic configuration menu Wireless Configuration FVM318 IPSec Settings 3-15...
  • Page 52 In most cases, you can leave the IPSec Gateway as “LAN Gateway”, which indicates the firewall. If you are not using the firewall as your network’s default gateway, change IPSec Gateway to indicate either the IP Address or the network name of the firewall. Enter the User Name and the Pre-Shared Key value that you programmed for this PC in the firewall’s IPSec Client Settings menu.

  • Page 53: Using Softremotelt Instead Of Softremote Basic

    The SafeNet SoftRemote Basic VPN Client that is included with the firewall is only suitable for establishing a local wireless IPSec connection with the FVM318 firewall. If your PC is mobile, you may want to also use it to connect to your firewall over the Internet from a remote location. In that case you will need a full VPN Client.

  • Page 54: Procedure 3-5: Configuring The Softremotelt Full Client

    Procedure 3-5: Configuring the SoftRemoteLT Full Client To configure a policy for a secure local wireless connection to the FVM318 firewall using the SoftRemoteLT client, use the FVM318 configuration from Connections” on page 3-13 and follow procedure below for configuring the full VPN client.
  • Page 55 Select Any in the ID Type menu below the checkbox. Select Gateway IP Address in the box to the right of ID Type. Enter the LAN IP Address of the FVM318 firewall in the lower right box (usually 192.168.0.1). Wireless Configuration...
  • Page 56 Configure the VPN Client Identity In this step, you will provide information about your client PC. You will need to provide: • The User Name that you configured in the FVM318 firewall. • The Pre-Shared Key that you configured in the FVM318 firewall.
  • Page 57 SafeNet Security Policy Editor edit identity menu Choose None in the Select Certificate menu. Select Domain Name in the ID Type menu. In the box below ID Type, enter the user name that you configured in the FVM318 firewall. Select Disabled in the Virtual Adapter box.
  • Page 58 Expand the Authentication subheading by double clicking its name or clicking on the “+” symbol. Then select Proposal 1 below Authentication. Select Pre-Shared key in the Authentication Method menu. Select AES-256 in the Encrypt Alg menu. If your VPN client does not offer this selection, select Triple DES.

  • Page 59: Protecting Your Network

    This chapter describes how to use the basic firewall features of the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall to protect your network. Protecting Access to Your FVM318 firewall For security reasons, the firewall has its own user name and password to protect access to its configuration menus.
  • Page 60 From the main menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown below. Figure 4-1: Set Password menu To change the password, first enter the old password, and then enter the new password twice. Click Apply to save your changes.

  • Page 61: Configuring Basic Firewall Services

    Internet based content and communications services. Those basic options include: With its content filtering feature, the FVM318 firewall prevents objectionable content from reaching your PCs. The FVM318 allows you to control access to Internet with filtering options which include the following: •...

  • Page 62: Procedure 4-3: Blocking Functions, Keywords, And Sites

    Procedure 4-3: Blocking Functions, Keywords, and Sites The FVM318 firewall allows you to restrict access to Internet content based on functions such as Java or Cookies, Web addresses and Web address keywords. Log in to the firewall at its default LAN address of...

  • Page 63: Blocking Services

    In addition to the kind of blocking of sites discussed above, you can block services like Telnet or Instant Messenger. By default, the FVM318 regulates inbound and outbound traffic in these ways: • Inbound: Block all access from outside except responses to requests from the LAN side.

  • Page 64: Procedure 4-4: Configuring Services Blocking

    Procedure 4-4: Configuring Services Blocking Log in to the firewall at its default LAN address of name of , default password of admin you have chosen for the firewall. Click the Block Services link of the Security section of the main menu to display this screen. Figure 4-3: Block Services menu •...

  • Page 65: Setting Times And Scheduling Firewall Services

    Setting Times and Scheduling Firewall Services The FVM318 firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several time servers on the Internet. In order to localize the time for your log entries, you must select your time zone from the list.

  • Page 66: Procedure 4-5: Setting Your Time Zone

    Procedure 4-5: Setting Your Time Zone In order to localize the time for your log entries, you must specify your Time Zone: Log in to the firewall at its default LAN address of name of , default password of admin you have chosen for the firewall.

  • Page 67: Procedure 4-6: Scheduling Firewall Services

    Select your Time Zone. This setting will be used for the blocking schedule according to your local time zone and for time-stamping log entries. Check the Daylight Savings Time box if your time zone is currently in daylight savings time. Note: If your region uses Daylight Savings Time, you must manually check Adjust for Daylight Savings Time on the first day of Daylight Savings Time, and uncheck it at the end.
  • Page 68 Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 4-10 Protecting Your Network...

  • Page 69: Virtual Private Networking

    This chapter describes how to use the VPN features of the FVM318 firewall. VPN tunnels provide secure, encrypted communications between your local wireless and Ethernet network, and remote networks or computers. FVM318 VPN Overview Two common scenarios for configuring VPN tunnels are between two or more networks, and between a remote computer and a network.
  • Page 70 Internet. In this case, the remote workstation is one tunnel endpoint, running VPN client software. The FVM318 firewall router on your network is the other tunnel endpoint. In this configuration, all of the network resources connected to the FVM318 are visible to the user connected via the tunnel from the remote PC.

  • Page 71: Fvm318 Vpn Configuration Planning

    DES, 168 bit 3DES, AES (128, 192, or 256)? Longer keys are more secure but the throughput will be slower if the other endpoint encrypts via software rather than the hardware-based encryption in the FVM318 firewall. For instructions on configuring wireless VPN connections, please see “Configuring IPSec Wireless Connections”...

  • Page 72: Network To Network Vpn Tunnel Configuration Worksheet

    Procedure 5-1: Configuring a Network to Network VPN Tunnel Follow this procedure to configure a VPN tunnel between two LANs via a FVM318 at each end. LAN A FVM318 IN TER N ET W LA N LO CA L MODEL...

  • Page 73: Network Configuration Settings

    Worksheet” on page 5-22 Log in to the FVM318 on LAN A at its default LAN address of default user name of the main menu Advanced section to display the LAN TCP/IP Setup menu shown below.
  • Page 74 Configure the VPN settings on each FVM318. From Setup section of the main menu of the FVM318, click the VPN Settings link. Click Add. The VPN Settings - Main Mode window opens as shown below: LAN A Figure 5-4: VPN Settings - Main Mode IKE Edit menu Fill in the Connection Name VPN settings as illustrated.
  • Page 75 This is the WAN IP Address for the FVM318 on LAN B. You can look up the WAN IP Address of the FVM318 on LAN B by viewing the its WAN Status screen. When the FVM318 on LAN B is connected to the Internet, log in, go to its Maintenance menu Router Status link.

  • Page 76: Procedure 5-2: Configuring A Remote Pc To Network Vpn

    This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet using an FVM318 with a fixed IP address. The PC can be connected to the Internet through dialup, cable or DSL modem, or other means, and we will assume it has a dynamically assigned IP address.

  • Page 77: Pc To Network Vpn Tunnel Configuration Worksheet

    -- Disable -- IPSec (DES, 3DES, or AES 128, 192, or 256) -- WEP (64-bit or 128-bit) Key Life in seconds: IKE Life Time in seconds: FVM318 and PC IP Settings Local IPSec Identifier Network: LAN A LANAPCIPSEC 192.168.3.1 Computer: PC...
  • Page 78 1. Configure the VPN Tunnel on the FVM318 on LAN A. To configure the firewall, follow these steps: From the Setup Menu, click the VPN Settings link, then click Add to configure a new VPN tunnel. The VPN Settings - IKE window opens as shown below: Figure 5-8: VPN Edit menu for connecting with a VPN client Fill in the Connection Name VPN settings as illustrated.
  • Page 79 Note: Only one side can have a dynamic IP address, and that side must always initiate the connection. Under Secure Association, select Main Mode and fill in the settings below. • Enable Perfect Forward Secrecy. • For Encryption Protocol, select: DES •...
  • Page 80 Select IP Subnet in the ID Type menu. • In this example, type 192.168.3.0 in the Subnet field as the network address of the FVM318. The network address is the LAN IP Address of the FVM318 with 0 as the last number. •...
  • Page 81 Configure the Security Policy in the SafeNet VPN Client Software. • In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the “+” symbol. My Identity and Security Policy subheadings appear below the connection name. •...
  • Page 82 In this step, you will provide information about the remote VPN client PC. You will need to provide: – The PreShared Key that you configured in the FVM318. – Either a fixed IP address or a “fixed virtual” IP address of the VPN client PC.
  • Page 83 • Click the Pre-Shared Key button. In the Pre-Shared Key dialog box, click the Enter Key button. Enter the FVM318's Pre-Shared Key and click OK. In this example, r>T(h4&3@#kB would entered. Note that this field is case sensitive. Configure the VPN Client Authentication Proposal.
  • Page 84 Configure the VPN Client Key Exchange Proposal. In this step, you will provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the FVM318 configuration. • Expand the Key Exchange subheading by double clicking its name or clicking on the “+”...
  • Page 85 Figure 5-14: Ping test results Once the connection is established, you can open the browser of the remote PC and enter the LAN IP Address of the remote FVM318. After a short wait, you should see the login screen of the firewall.

  • Page 86: Monitoring The Pc Vpn Connection Using Safenet Tools

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Monitoring the PC VPN Connection Using SafeNet Tools Information on the progress and status of the VPN client connection can be viewed by opening the SafeNet Connection Monitor or Log Viewer. To launch these functions, click on the Windows Start button, then select Programs, then SafeNet SoftRemote, then either the Connection Monitor or Log Viewer.

  • Page 87: Manual Keying

    • The FVM318 has a public IP WAN address of 134.177.100.11 • The FVM318 has a LAN IP address of 192.168.0.1 • The VPN client PC has a dynamically assigned address of 12.236.5.184 • The VPN client PC is using a “virtual fixed” IP address of 192.168.100.100 While the connection is being established, the Connection Name field in this menu will say “SA”...
  • Page 88 Figure 5-17: VPN Edit menu for Manual Keying Incoming SPI - Enter a Security Parameter Index that the remote host will send to identify the Security Association (SA). This will be the remote host’s Outgoing SPI. Outgoing SPI - Enter a Security Parameter Index that this firewall will send to identify the Security Association (SA).
  • Page 89 For Encryption Protocol, select one: Figure 5-18: VPN encryption options Null - Fastest, but no security. DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. Faster but less secure than 3DES or AES. 3DES - (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys.

  • Page 90: Blank Vpn Tunnel Configuration Worksheets

    Wireless Encryption Protocol -- Disable -- IPSec (DES, 3DES, or AES 128, 192, or 256) -- WEP (64-bit or 128-bit) Key Life in seconds: IKE Life Time in seconds: FVM318 Network IP Settings Network Local IPSec Identifier 5-22 LAN IP...
  • Page 91 -- Disable -- IPSec (DES, 3DES, or AES 128, 192, or 256) -- WEP (64-bit or 128-bit) Key Life in seconds: IKE Life Time in seconds: FVM318 and PC IP Settings Local IPSec Identifier Network: Virtual Private Networking LAN IP...
  • Page 92 Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 5-24 Virtual Private Networking...

  • Page 93: Managing Your Network

    ProSafe Wireless VPN Security Firewall. Network Management Information The FVM318 firewall provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the main menu Maintenance section, select Router Status to view the screenbelow.
  • Page 94 The Router Status menu provides a limited amount of status and usage information. From the main menu of the browser interface, under Maintenance, select Router Status to view the status screen shown in Figure 6-1. This screen shows the following parameters: Table 6-1.
  • Page 95 Click on the “Show Statistics” button to display firewall usage statistics, as shown in below: Figure 6-2. Router Statistics screen This screen shows the following statistics:. Table 6-2. Router Statistics Fields Field Description WAN, LAN, or The statistics for the WAN (Internet), LAN (local), and Serial ports. For each port, the Serial Port screen displays: Status...

  • Page 96: Viewing Attached Devices

    Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the main menu of the browser interface, under the Maintenance heading, select Attached Devices to view the table, shown in Figure 6-3: Attached Devices menu For each device, the table shows the IP address, NetBIOS Host Name, if available, and the Ethernet MAC address.

  • Page 97: Viewing, Selecting, And Saving Logged Information

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Viewing, Selecting, and Saving Logged Information The firewall will log security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites menu, the Logs page shows you when someone on your network tried to access a blocked site.

  • Page 98: Selecting What Information To Include In The Log

    Log entries are described in Table 6-5: Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any. Action Source IP The IP address of the initiating device for this log entry.

  • Page 99: Enabling Syslog

    Following are examples of log messages. In all cases, the log entry shows the timestamp as: Day, Year-Month-Date Hour:Minute:Second Activation and Administration Tue, 2002-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2 Thu, 2002-05-21 18:56:58 - Administrator logout - IP:192.168.0.2...

  • Page 100: Enabling Security Event E-Mail Notification

    Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-Mail subheading: Figure 6-7: E-mail menu • Turn e-mail notification on Check this box if you wish to receive e-mail logs and alerts from the firewall. •...

  • Page 101: Backing Up, Restoring, Or Erasing Your Settings

    Backing Up, Restoring, or Erasing Your Settings The configuration settings of the FVM318 firewall are stored in a configuration file in the firewall. This file can be backed up to your computer, restored, or reverted to factory default settings. The procedures below explain how to do these tasks.

  • Page 102: Procedure 6-2: Restore A Configuration From A File

    From the Maintenance heading of the main menu, select Backup to view the menu seen below. Figure 6-8: Settings Backup menu Click Backup to save a copy of the current settings. Store the file on a computer on your network. .cfg Procedure 6-2: Restore a Configuration from a File Log in to the firewall at its default LAN address of...

  • Page 103: Running Diagnostic Utilities And Rebooting The Router

    Reset button“ on page 8-8. Running Diagnostic Utilities and Rebooting the Router The FVM318 firewall has a diagnostics feature. You can use the diagnostics menu to perform the following functions from the firewall: • Ping an IP Address to test connectivity to see if you can reach a remote host.

  • Page 104: Enabling Remote Management

    Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your NETGEAR Cable/DSL ProSafe VPN Firewall. Note: Be sure to change the router's default password to a very secure password. The ideal password should contain no dictionary words from any language, and should be a mixture of letters (both upper and lower case), numbers, and symbols.

  • Page 105: Upgrading The Router's Firmware

    Upgrading the Router’s Firmware The software of the FVM318 firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's website. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.BIN or .IMG) file before uploading it to the firewall.

  • Page 106: Procedure 6-5: Router Upgrade

    Procedure 6-5: Router Upgrade Download and unzip the new software file from NETGEAR. Log in to the firewall at its default LAN address of name of , default password of admin you have chosen for the firewall. From the main menu of the browser interface, under the Maintenance heading, click Router Upgrade to display the menu shown below.

  • Page 107: Advanced Configuration

    This chapter describes how to configure the advanced features of your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. Configuring Advanced Security The FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall provides a variety of advanced features, such as: • Setting up a Demilitarized Zone (DMZ) Server •...

  • Page 108: Respond To Ping On Internet Wan Port

    To assign a computer or server to be a Default DMZ server: Click Default DMZ Server. Type the IP address for that server. Click Apply. Respond to Ping on Internet WAN Port If you want the firewall to respond to a 'ping' from the Internet, click the ‘Respond to Ping on Internet WAN Port’...
  • Page 109 The LAN TCP/IP Setup parameters are: • IP Address This is the LAN IP address of the firewall. • IP Subnet Mask This is the LAN Subnet Mask of the firewall. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router.

  • Page 110: Mtu Size

    MTU Size The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs, particularly some using PPPoE, you may need to reduce the MTU. This is rarely required, and should not be done unless you are sure it is necessary for your ISP connection. Any packets sent through the firewall that are larger than the configured MTU size will be repackaged into smaller packets to meet the MTU requirement.

  • Page 111: Procedure 7-1: Using Reserved Ip Addresses

    • Primary DNS Server, if you entered a Primary DNS address in the Basic Settings menu; otherwise, the firewall’s LAN IP address • Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings menu hort for Windows Internet Naming Service Server, determines the IP •...

  • Page 112: Procedure 7-2: Configuring Lan Tcp/Ip Settings

    Procedure 7-2: Configuring LAN TCP/IP Settings Log in to the firewall at its default LAN address of name of , default password of admin you have chosen for the firewall. From the main menu, under Advanced, click the LAN IP Setup link to view the menu, shown below.

  • Page 113: Configuring Dynamic Dns

    Configuring Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently.

  • Page 114: Using Static Routes

    Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. Using Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes.

  • Page 115: Procedure 7-4: Configuring Static Routes

    • A Metric value of 1 will work since the ISDN router is on the LAN. This represents the number of routers between your network and the destination. This is a direct connection so it is set to 1. • Private is selected only as a precautionary security measure in case RIP is activated.
  • Page 116 Type a route name for this static route in the Route Name box under the table. This is for identification purpose only. Click the Active check box to make this route effective. Click the Private check box if you want to limit access to the LAN only. The static route will not be reported in RIP.

  • Page 117: Troubleshooting

    This chapter gives information about troubleshooting your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. For the common problems listed, go to the section indicated. • Is the firewall on? • Have I connected the firewall correctly? Go to “Basic Functions” on page •...

  • Page 118: Power Led Not On

    • Check that you are using the 12VDC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 119: Troubleshooting The Web Configuration Interface

    • Be sure you are using the correct cable: — When connecting the firewall’s Internet port to a cable or DSL modem, use the cable that was supplied with the cable or DSL modem. This cable could be a standard straight-through Ethernet cable or an Ethernet crossover cable.

  • Page 120: Troubleshooting The Isp Connection

    IP address from the ISP. You can determine whether the request was successful using the Web Configuration Manager. To check the WAN IP address: Launch your browser and select an external site such as www.netgear.com Access the main menu of the firewall’s configuration at Under the Maintenance heading, select Router Status Check that an IP address is shown for the WAN Port If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.

  • Page 121: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. If you entered a DNS address during the firewall’s configuration, reboot your PC and verify the DNS address as described in Configuration of TCP/IP in Windows 2000 ”...

  • Page 122: Procedure 8-5: Testing The Lan Path To Your Firewall

    Procedure 8-5: Testing the LAN Path to Your Firewall You can ping the firewall from your PC to verify that the LAN path to your firewall is set up correctly. To ping the firewall from a PC running Windows 95 or later: From the Windows toolbar, click on the Start button and select Run.

  • Page 123: Restoring The Default Configuration And Password

    Procedure 8-6: Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. From the Windows run menu, type: PING -n 10 <IP address> where <IP address>...

  • Page 124: Problems With Date And Time

    The E-Mail menu in the Content Filtering section displays the current date and time of day. The FVM318 firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is stamped with the date and time of day.
  • Page 125 This appendix provides technical specifications for the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output): Physical Specifications Dimensions: Weight: Environmental Specifications...
  • Page 126 Electromagnetic Emissions Meets requirements of: Interface Specifications Local: Internet: Wireless Radio Data Rate Frequency Data Encoding: 802.11b Operating Range Maximum Computers Per Wireless Network: 802.11b Operating Frequency Ranges 802.11b Encryption FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 10BASE-T, RJ-45 1, 2, 5.5, 11Mbps Auto Rate Sensing...

  • Page 127: Network, Routing, Firewall, And Wireless Basics

    Appendix B Network, Routing, Firewall, and Wireless Basics This chapter provides an overview of IP networks, routing, and wireless networking. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.

  • Page 128: What Is A Router

    Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. The FVM318 firewall supports both the older RIP-1 and the newer RIP-2 protocols. Among other improvements, RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications.
  • Page 129 195.34.12.7 The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifies the host node or station on the network. The dividing point may vary depending on the address range and the application.
  • Page 130 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node. They are in this range: 192.0.1.x to 223.255.254.x. •...

  • Page 131: Subnet Addressing

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash ( / ), as “/n.”...
  • Page 132 Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address to the network address. For instance, to partition a Class C network number (192.68.135.0) into two, you shift one bit from the host address to the network address.

  • Page 133: Private Ip Addresses

    172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Choose your private network number from this range. The DHCP server of the FVM318 firewall is preconfigured to automatically assign private addresses. Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines explained here.

  • Page 134: Single Ip Address Operation Using Nat

    The FVM318 firewall employs an address-sharing method called Network Address Translation (NAT). This method allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your ISP.

  • Page 135: Mac Addresses And Address Resolution Protocol

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall MAC Addresses and Address Resolution Protocol An IP address alone cannot be used to deliver data from one LAN device to another. To send data between LAN devices, you must convert the IP address of the destination device to its media access control (MAC) address.

  • Page 136: Internet Security And Firewalls

    IP addresses, along with other information (such as gateway and DNS addresses) that it may assign to the other devices on the network. The FVM318 firewall has the capacity to act as a DHCP server.

  • Page 137: What Is A Firewall

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack.

  • Page 138: Wireless Networking

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Wireless Networking The FVM318 firewall conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard for wireless LANs (WLANs). On an 802.11b wireless link, data is encoded using direct-sequence spread-spectrum (DSSS) technology and is transmitted in the unlicensed radio spectrum at 2.5GHz.

  • Page 139: Extended Service Set Identification (Essid

    The 802.11b standard defines several services that govern how two 802.11b devices communicate. The following events must occur before an 802.11b Station can communicate with an Ethernet network through an access point such as the one built in to the FVM318: Turn on the wireless station.
  • Page 140 The station listens for messages from any access points that are in range. The station finds a message from an access point that has a matching SSID. The station sends an authentication request to the access point. The access point authenticates the station. The station sends an association request to the access point.

  • Page 141: Shared Key Authentication

    802.11b network or Ethernet network. Network, Routing, Firewall, and Wireless Basics 2) AP authenticates ProSafeWirelessVPN Security Firewall Cable/DSL TEST Access Point MODEL FVM318 IN TER N ET W LA N LO CA L Enable LNK/ACT Cable or DLS modem...

  • Page 142: Overview Of Wep Parameters

    WEP Key. For authentication purposes, the 802.11b network uses Shared Key Authentication. Note: Some 802.11b access points also support Use WEP for Authentication Only (Shared Key Authentication without data encryption). The FVM318 does not support this option. B-16 MODEL...

  • Page 143: Key Size

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Key Size The IEEE 802.11b standard supports two types of WEP encryption: 40-bit and 128-bit. The 64-bit WEP data encryption method, allows for a five-character (40-bit) input. Additionally, 24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key.

  • Page 144: Wireless Channel Selection

    Note: The AP and the client adapters can have different default WEP Keys as long as the keys are in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a client adapter can use WEP key 3 as its default key to transmit.

  • Page 145: Ethernet Cabling

    Note: The available channels supported by the wireless products in various countries are different. The preferred channel separation between the channels in neighboring wireless networks is 25 MHz (5 channels). This means that you can apply up to three different channels within your wireless network.

  • Page 146: Cable Quality

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall When connecting a PC to a PC, or a hub port to another hub port, the transmit pair must be exchanged with the receive pair. This exchange is done by one of two mechanisms. Most hubs provide an Uplink switch which will exchange the pairs on one port, allowing that port to be connected to another hub using a normal Ethernet cable.

  • Page 147: How Does Vpn Work

    The tunnel endpoint device, which encodes or decodes the data, can either be a PC running VPN client software or a VPN-enabled router or server. Several software standards exist for VPN data encapsulation and encryption, such as PPTP and IPSec. Your FVM318 firewall uses both PPTP and IPSec.

  • Page 148: Negotiating The Sa - The Internet Key Exchange (Ike

    • Exchange keys • Keep track of the agreements Negotiating the SA - the Internet Key Exchange (IKE) IKE provides a way to: • Ensure that the key exchange and the IPSec communication occurs only between authenticated parties; • Negotiate the protocols, algorithms and keys to be used between the two IPSec hosts •...

  • Page 149: Key Exchange: Phase 2

    VPN client remote access allows a remote PC to connect to your network from any location on the Internet. In this case, the remote PC is one tunnel endpoint, running VPN client software. The NETGEAR VPN-enabled router on your network is the other tunnel endpoint, as shown below. CLIENT...

  • Page 150: Linking Two Networks Together

    Linking Two Networks Together A VPN between two NETGEAR VPN-enabled routers is a good way to connect branch offices and business partners over the Internet, offering an affordable, high-performance alternative to leased site-to-site lines. The VPN also provides access to remote network resources when NAT is enabled and remote computers have been assigned private IP addresses.
  • Page 151 Relevant RFCs listed numerically: • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. • [RFC 1483] Multiprotocol Encapsulation over ATM Adaptation Layer 5, Juha Heinanen, Telecom Finland, July 1993.
  • Page 152 Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall B-26 Network, Routing, Firewall, and Wireless Basics...

  • Page 153: Appendix C Preparing Your Network

    This appendix describes how to prepare your network to connect to the Internet through the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a...

  • Page 154: Configuring Windows 95, 98, And Me For Tcp/Ip Networking

    DHCP server during bootup. For a detailed explanation of the meaning and purpose of these configuration items, refer to Basics.” The FVM318 firewall is shipped configured as a DHCP server by default. The firewall assigns the following TCP/IP configuration information automatically when the PCs are rebooted: •...
  • Page 155 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
  • Page 156 Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect. Enabling DHCP in Windows 95B, 98, and Me After the TCP/IP protocol components are installed, each PC must be assigned specific information about itself and resources that are available on its network.
  • Page 157 Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The following TCP/IP Properties window will display.
  • Page 158 By default, the IP Address tab is open on this window. Verify the following: • Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is required to enable the DHCP server to automatically assign an IP address.

  • Page 159: Configuring Windows Nt4, 2000 Or Xp For Ip Networking

    From the drop-down box, select your Ethernet adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: •...
  • Page 160 DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process for each of these versions of Windows.
  • Page 161 Now the Network Connection window displays. The Connections List that shows all the network connections set up on the PC, located to the right of the window. • Right-click on the Connection with the wireless icon and choose Status. Now you should be at the Local Area Network Connection Status window.
  • Page 162 The TCP/IP details are presented on the Support tab page. • Select Internet Protocol, and click Properties to view the configuration information. C-10 Preparing Your Network...
  • Page 163 Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/IP in Windows XP. Repeat these steps for each PC with this version of Windows on your network.
  • Page 164 • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. The Local Area Connection Properties dialog box appears. •...
  • Page 165 • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. Verify that – Obtain an IP address automatically is selected. – Obtain DNS server address automatically is selected. • Click OK to return to Local Area Connection Properties.
  • Page 166 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Again, remember Cox only sets up TCP/IP dynamically (i.e., it uses DHCP to obtain TCP/IP settings). Following are the procedures you use to configure TCP/IP with DHCP in Windows NT 4.0.
  • Page 167 Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. Preparing Your Network C-15...
  • Page 168 Type ipconfig /all Your IP Configuration information will be listed, and should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: • The IP address is between 192.168.0.2 and 192.168.0.254 •...

  • Page 169: Configuring The Macintosh For Tcp/Ip Networking

    • The default gateway is 192.168.0.1 Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP. MacOS 8.6 or 9.x From the Apple menu, select Control Panels, then TCP/IP.
  • Page 170 TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: •...

  • Page 171: Verifying The Readiness Of Your Internet Account

    Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.

  • Page 172: Obtaining Isp Configuration Information For Windows Computers

    As mentioned above, you may need to collect configuration information from your PC so that you can use this information when you configure the FVM318 firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information.

  • Page 173: Obtaining Isp Configuration Information For Macintosh Computers

    As mentioned above, you may need to collect configuration information from your Macintosh so that you can use this information when you configure the FVM318 firewall. Following this procedure is only necessary when your ISP does not dynamically supply the account information.

  • Page 174: Restarting The Network

    Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your FVM318 firewall, you are ready to access and configure the firewall.
  • Page 175 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES 3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three different, unrelated keys. 802.11b IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed radio...
  • Page 176 Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
  • Page 177 Internet Protocol. The main internetworking protocol used in the Internet. Used in conjunction with the Transfer Control Protocol (TCP) to form TCP/IP. IP Address A four-position number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an organization formed for this purpose. Usually written in dotted-decimal notation with periods separating the bytes (for example, 134.177.244.57).
  • Page 178 netmask A number that explains which part of an IP address comprises the network address and which part is the host address on that network. It can be expressed in dotted-decimal notation or as a number appended to the IP address.
  • Page 179 subnet mask See netmask. UPnP See Universal Plug and Play. Universal Plug and UPnP. A networking architecture that provides compatibility among Play networking equipment, software and peripherals of the 400+ vendors that are part of the Universal Plug and Play Forum. UPnP compliant routers provide broadband users at home and small businesses with a seamless way to participate in online games, videoconferencing and other peer-to-peer services.
  • Page 180 Wireless Network Wireless Network Name (SSID). The name assigned to a wireless network. Name (SSID) This is the same as the SSID or ESSID configuration parameter. There can be multiple wireless networks in a given area. You can connect to only one wireless network at a time.
  • Page 181 Numerics 3DES 3-6 64 or 128 bit WEP 3-6 802.11b B-12 Account Name 2-10, 2-13 ActiveX 4-3 Address Resolution Protocol B-9 ad-hoc mode B-12, B-13 AES 3-6 Auto MDI/MDI-X B-20 Auto Uplink 1-3, B-20 backup configuration 6-9 Basic IPSec Wireless Connections 3-13 Basic Wireless Connectivity 3-7 BSSID B-13 cables, pinout B-19...
  • Page 182 EnterNet C-19 EPROM, for firmware upgrade 1-4 ESSID 3-8, B-13 Ethernet 1-2 Ethernet cable B-19 factory settings, restoring 6-10 features 1-1 firewall features 1-2 FLASH memory 6-13 front panel 1-5 gateway address C-21 host name 2-10, 2-13 IANA contacting B-2 IETF B-1 Web site address B-7 IKE 5-7...
  • Page 183 NAT C-19 NAT. See Network Address Translation netmask translation table B-6 Network Address Translation 1-3, B-8, C-19 Network Time Protocol 4-7, 8-8 NTP 4-7, 8-8 Open System authentication B-13 package contents 1-5 Passphrase 3-7, 3-11 password restoring 8-7 PC, using to configure C-22 Perfect Forward Secrecy 5-7, 5-11 ping 7-2 pinout, Ethernet cable B-19...
  • Page 184 verifying for Macintosh C-18 verifying for Windows C-6, C-16 time of day 8-8 time zone 4-9 timeout, administrator login 4-3 time-stamping 4-9 troubleshooting 8-1 Trusted Host 4-5 Trusted PCs Only 3-4 tunnel B-21 typographical conventions 1-xiii Uplink switch B-20 USB C-19 VPN 1-1 web proxy 4-3 WEP B-13...

Table of Contents