Netgear FWAG114 FWAG114 Reference Manual

Netgear FWAG114 - ProSafe Dual Band Wireless VPN Firewall Router Manual

Get Netgear FWAG114 - ProSafe Dual Band Wireless VPN Firewall Router PDF manuals and user guides
UPC - 606449026955
View all Netgear FWAG114 manuals
Add to My Manuals
Save this manual to your list of manuals

Netgear FWAG114 manual content summary:

  • Netgear FWAG114 | FWAG114 Reference Manual - Page 1
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA SM-FWAG114NA-0 Version 1.0 June 2003
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 2
    NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested ProSafe Dual Band Wireless VPN Firewall FWAG114
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 3
    /Importer It is hereby certified that the ProSafe Dual Band Wireless VPN Firewall FWAG114 has been suppressed in accordance with the test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 4
    iv
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 5
    of this Manual 1-2 Chapter 2 Introduction Key Features of the VPN Firewall 2-1 802.11g and 802.11b Wireless Networking 2-2 A Powerful, True Firewall with Content Filtering 2-2 Security ...2-3 Autosensing Ethernet Connections with Auto Uplink 2-3 Extensive Protocol Support 2-3 Easy Installation
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 6
    WEP ...4-7 Default Factory Settings 4-7 Before You Change the SSID and WEP Settings 4-8 How to Set Up and Test Basic Wireless Connectivity 4-9 How to Restrict Wireless Access by MAC Address 4-10 How to Configure WEP 4-12 Chapter 5 Firewall Protection and Content Filtering Firewall Protection
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 7
    Upgrading the Router Software 5-5 Configuration File Management 5-6 Restoring and Backing Up the Configuration 5-7 Erasing the Configuration 5-8 Changing the Administrator Password 5-8 Chapter 7 Virtual Private Networking Overview of FWAG114 Policy-Based VPN Configuration 6-1 Using Policies
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 8
    Default Configuration and Password 7-7 Problems with Date and Time 7-7 Appendix A Technical Specifications Appendix B Network, Routing, Firewall, and Basics Related Publications ...B-1 Basic Router Concepts B-1 What is a Router B-2 Routing Information Protocol B-2 IP Addresses and the Internet
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 9
    or 9.x C-16 MacOS X ...C-16 Verifying TCP/IP Properties for Macintosh Computers C-17 Verifying the Readiness of Your Internet Account C-18 Are Login Protocols Used C-18 What Is Your Configuration Information C-18 Obtaining ISP Configuration Information for Windows Computers C-19 Obtaining ISP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 10
    E-7 Network Interfaces and Addresses E-8 Interface Addressing E-8 Firewalls ...E-9 Setting Up a VPN Tunnel Between Gateways E-9 VPNC IKE Security Parameters E-11 VPNC IKE Phase I Parameters E-11 VPNC IKE Phase II Parameters E-12 Testing and Troubleshooting E-12 Additional Reading ...E-12
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 11
    Manual Congratulations on your purchase of the NETGEAR® ProSafe Dual Band Wireless VPN Firewall FWAG114. The FWAG114 wireless firewall provides connection for multiple personal computers (PCs) to the Internet names. Special Message Formats This guide uses the following formats to highlight
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 12
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Features of the HTML Version of this Manual The HTML version of this manual includes these features. 1 2 3 Figure Preface -2: HTML version of this manual 1. Left pane. Use the left pane to view the Contents, Index,
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 13
    simple Internet sharing routers that rely on Network Address Translation (NAT) for security, the FWAG114 uses Stateful Packet Inspection for Denial of Service attack (DoS) attack protection and intrusion detection. The FWAG114 allows Internet access for up to 253 users. The FWAG114 wireless firewall
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 14
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Flash memory for firmware upgrade. 802.11g and 802.11b Wireless Networking The FWAG114 wireless firewall includes an 802.11b-compliant wireless access point, providing continuous, high-speed 11 Mbps access between your wireless
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 15
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • With its content filtering feature, the FWAG114 prevents objectionable content from reaching your PCs. The router allows you to control access to Internet content by screening for keywords within Web addresses. You can configure
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 16
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • IP Address Sharing by NAT The FWAG114 wireless firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 17
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Remote management The firewall allows you to login to the Web Management Interface from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 18
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The FWAG114's Front Panel The front panel of the FWAG114 wireless firewall contains the status LEDs described below. Broadband ProSafe Dual-Band Wireless VPN Firewall PWR TEST 100 1 2 3 LINK/ACT 100 4 LINK/ACT 802.11a 802.11g
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 19
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The FWAG114's Rear Panel The rear panel of the FWAG114 wireless firewall contains the port connections listed below. 12VDC, 1.2A Reset Internet 4 3 2 1 Figure 1-2: FWAG114 Rear Panel Viewed from left to right, the rear
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 20
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 2-8 Introduction
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 21
    describes how to set up the router on your local area network (LAN) and connect to the Internet. You find out how to configure your ProSafe Dual Band Wireless VPN Firewall FWAG114 for Internet access using the Setup Wizard, or how to manually configure your Internet connection. What You Will Need
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 22
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Note: For help with DHCP configuration, please refer to Appendix C, "Preparing Your Network. The cable or DSL modem broadband access device must provide a standard 10 Mbps (10BASE-T) Ethernet interface. Internet Configuration
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 23
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 24
    Dual Band Wireless VPN Firewall FWAG114 Connecting the ProSafe Dual Band Wireless VPN Firewall FWAG114 to Your LAN This section provides instructions for connecting the FWAG114 wireless firewall. Also, the Resource CD for ProSafe Dual Band Wireless VPN Firewall included with your router contains an
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 25
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 c. Connect the Ethernet cable from your cable or DSL modem to the Internet port (A) on the FWAG114. FWAG114 ProSafe Wireless VPN Firewall 5 -1 2 V DC R ESET IN TER N ET LA N LA N LA N LA N A Broadband Modem Figure
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 26
    to it. • The router's Internet light is lit, indicating a link has been established to the cable or DSL modem. Note: For wireless placement and range guidelines, and wireless configuration instructions, please see Chapter 4, "Wireless Configuration." 2. Log in to the VPN firewall . Note: To connect
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 27
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 A login window shown below opens: Figure 3-5: Login window 3. Connect to the Internet Figure 3-6: Setup Wizard a. You are now connected to the router. If you do not see the menu above, click the Setup Wizard link on the upper
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 28
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 c. When the router successfully detects an active Internet service, the router's Internet LED goes on. The Setup Wizard reports which connection type it discovered, and displays the appropriate configuration menu. If the Setup
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 29
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Enter the Account Name, Domain Name, Login, and Password as provided by your ISP. These fields are case sensitive. The router will try to discover the domain automatically if you leave the Domain Name blank. Otherwise, you
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 30
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Dynamic IP Wizard-Detected Option If the Setup Wizard discovers that your ISP uses Dynamic IP assignment, you will see this menu: Figure 3-8: Setup Wizard menu for Dynamic IP address accounts • Enter your Account Name (may
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 31
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Fixed IP Account Wizard-Detected Option If the Setup Wizard discovers that your ISP uses Fixed IP assignment, you will see this menu: Figure 3-9: Setup Wizard menu for Fixed IP address accounts • Fixed IP is also called Static IP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 32
    for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Manually Configuring Your Internet Connection You can manually configure your router using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. ISP Does Not Require Login ISP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 33
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Procedure: Configuring the Internet Connection Manually You can manually configure the router using the Basic Settings menu shown in Figure 3-10 using these steps: 1. Click the Basic Settings link on the Setup menu. 2. If your Internet
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 34
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Note: After you finish setting up your router, you will no longer need to launch the ISP's login program on your PC in order to access the Internet. When you start an Internet application, your router will automatically log you
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 35
    the FWAG114 wireless firewall. The latency, data throughput performance, and notebook power consumption also vary depending on your configuration choices. Note: Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the VPN firewall
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 36
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Be aware that the time it takes to establish a wireless connection can vary on a notebook PC. Implement Appropriate Wireless Security Note: Indoors, computers can connect over 802.11 wireless networks at ranges of 300 feet or
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 37
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 There are several ways you can enhance the security of you wireless network. • Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the FWAG114.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 38
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Understanding Wireless Settings To configure the wireless settings of your FWAG114, click the Wireless 11a or Wireless 11b/g link in the Setup section of the main menu. The wireless settings menu will appear, as shown below.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 39
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Note: The 802.11b and 802.11g wireless networking protocols are configured in exactly the same fashion. The FWAG114 will automatically adjust to the 802.11g or 802.11b protocol as the device requires without compromising the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 40
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 - Beacon Interval. Specifies the Beacon Interval value. Enter a value in between 20 to 1000. Default: 100. - DTIM. The Delivery Traffic Indication Message. Specifies the data beacon rate between 1 and 255. Default: 1 - WEP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 41
    default factory settings are shown below. You can restore these defaults with the Factory Default Restore button on the rear panel. After you install the FWAG114 wireless firewall, use the procedures below to customize any of the settings to better meet your networking needs. Wireless Configuration
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 42
    Service Set Identification (SSID) identifies the wireless local area network. NETGEAR is the default FWAG114 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below. Note: The SSID in the VPN firewall is the SSID you configure in
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 43
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Note: If you select shared key, the other devices in the network will not connect unless they are set to Shared Key as well. • WEP Encryption 802.11a and 802.11b differ in their use of WEP encryption keys. See "Security Configuration
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 44
    the FWAG114's new settings. 8. Configure and test your PCs for wireless connectivity. Program the wireless adapter of your PCs to have the same SSID that you configured in the FWAG114. Check that they have a wireless link and are able to obtain an IP address by DHCP from the VPN firewall . Once
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 45
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 4. Click the Trusted PCs button to display the Wireless Access menu shown below. Figure 4-3. Wireless Access menu 5. Enter the MAC address of a wireless adapter and click the Add button to add a wireless device to the wireless
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 46
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 To remove a MAC address from the table, click on it to select it, then click the Delete button. How to Configure WEP To configure WEP data encryption, follow these steps: 1. Log in at the default LAN address of http://192.168
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 47
    Overview The ProSafe Dual Band Wireless VPN Firewall FWAG114 provides you with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail. Parents and network administrators can establish restricted access policies based on time-of-day, web addresses and web
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 48
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Block Sites The FWAG114 allows you to restrict access based on Web addresses and Web address keywords. Up to 255 entries are supported in the Keyword list. The Keyword Blocking menu is shown in Figure 5-1: Figure 5-1: Block
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 49
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 You may specify one Trusted User, which is a PC that will be exempt from blocking and logging. Since the Trusted User will be identified by an IP address, you should configure that PC with a fixed or reserved IP address. Using
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 50
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 You may define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 51
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Inbound Rules (Port Forwarding) Because the FWAG114 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 52
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Inbound Rule Example: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 53
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Outbound Rules (Service Blocking) The FWAG114 allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 54
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 5-6: Figure 5-6: Rules table with examples For any traffic attempting to pass through the firewall, the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 55
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The Default DMZ Server feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT. The router is programmed to recognize some of these applications and to work properly
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 56
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Services Services are functions Internet sends a request for service to a server computer, the requested service is identified by a service or port number. This number appears as the destination port number in the transmitted IP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 57
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 To define a new service, first you must determine which port number or range of numbers is used by the application. This information can usually be determined by contacting the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 58
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Using a Schedule to Block or is restricted. The router allows you to specify when blocking will be enforced by configuring the Schedule tab shown below: Figure 5-9: Schedule menu 5-12 Firewall Protection and Content Filtering
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 59
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 To block keywords or Internet domains configuring this menu. Time Zone The FWAG114 wireless firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 60
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Getting E-Mail Notifications of Event logs and alerts from the router. • Send alerts and logs by e-mail. If your enable e-mail notification, these boxes cannot be blank. Enter the name or IP address of your ISP's outgoing (SMTP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 61
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 - If a user on your LAN attempts to access a website that you blocked using Keyword blocking. • Send logs according to this schedule. You can specify that
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 62
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Viewing Logs of Web Access or Attempted Web Access The router will log security-related events such as denied incoming and outgoing service requests, hacker probes, and administrator logins. If you enable content filtering in
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 63
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Log entries are described in Table 5-1 Table 5-1. Log entry descriptions Field Date and Time Description or Action Source IP Source port and interface Destination Destination port and interface Description The date and
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 64
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 5-18 Firewall Protection and Content Filtering
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 65
    to use the maintenance features of your ProSafe Dual Band Wireless VPN Firewall FWAG114. These features can be found by clicking on the Maintenance heading in the Main Menu of the browser interface. Viewing VPN Firewall Status Information The Router Status menu provides status and usage information
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 66
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 This screen shows the following parameters: Table 6-1. Menu 3.2 - FWAG114 Status Fields Field System Name Firmware Version WAN Port MAC Address IP Address IP Subnet Mask DHCP LAN Port MAC Address IP Address IP Subnet Mask
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 67
    used to obtain an IP address from your Internet service provider. IP Address The WAN (Internet) IP Address assigned to the router. Network Mask The WAN (Internet) Subnet Mask assigned to the router. Default Gateway The WAN (Internet) default gateway the router communicates with. Log action
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 68
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Click "Show Statistics" to display router usage statistics. Figure 6-3: Router Statistics screen This screen shows the following statistics: Table 6-1. Router Statistics Fields Field interface Status TxPkts RxPkts
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 69
    , click the Refresh button. Upgrading the Router Software The routing software of the FWAG114 wireless firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from Netgear's website. If the upgrade file is compressed (.ZIP file
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 70
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Note: The Web browser used to upload new firmware into the FWAG114 wireless firewall must support HTTP uploads. NETGEAR recommends using Microsoft Internet Explorer or Netscape Navigator 3.0 or above. From the Main Menu of the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 71
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 From the Main Menu of the browser interface, , select the Backup tab. Click the Backup button. Your browser will extract the configuration file from the router and will prompt you for a location on your PC to store the file.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 72
    Band Wireless VPN Firewall FWAG114 Erasing the Configuration It is sometimes desirable to restore the router to a known blank condition. This can be done by using the Erase function, which will restore all factory settings. After an erase, the router's password will be password, the LAN IP address
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 73
    describes how to use the virtual private networking (VPN) features of the FWAG114 wireless firewall. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. Overview of FWAG114 Policy-Based VPN Configuration The FWAG114 uses state-of-the-art
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 74
    . In the case of manual key management there will not be any IKE policies. In order to establish secure communication over the Internet with the remote site you need to configure matching VPN policies on both the local and remote FWAG114 wireless firewalls. The outbound VPN policy on one end must
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 75
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 IKE Policies' Automatic Key and Authentication Management Click the IKE Policies link from the VPN section of the main menu, and then click the Add button of the IKE Policies screen to display the IKE Policy Configuration menu
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 76
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The IKE Policy Configuration fields are defined in the following table. Table 7-1. IKE Policy Configuration Fields Field General Policy Name Direction/Type Description These settings identify this policy and determine its
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 77
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 7-1. IKE Policy Configuration Fields Field Description Remote These parameters apply to the target remote FWAG114, VPN gateway, or VPN client. Remote Identity Type Use this field to identify the remote FWAG114.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 78
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 VPN Policy Configuration for Auto Key Negotiation An already defined IKE policy is required for VPN - Auto Policy configuration. From the VPN Policies section of the main menu, you can navigate to the VPN - Auto Policy configuration
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 79
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The VPN Auto Policy fields are defined in the following table. Table 7-1. VPN Auto Policy Configuration Fields Field Description General These settings identify this policy and determine its major characteristics. Policy
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 80
    the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 7-1. VPN Auto Policy Configuration Fields Field Description Traffic Selector These settings determine if and when a VPN tunnel will be established. If network traffic meets all criteria, then a VPN tunnel will be created. Local IP The
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 81
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 7-1. VPN Auto Policy Configuration Fields Field Description Enable Authentication Use this checkbox to enable or disable ESP transform for this VPN policy. You can select the ESP mode also with this menu. Two ESP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 82
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Figure 7-4: VPN - Manual Policy Menu 7-10 Virtual Private Networking
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 83
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The VPN Manual Policy fields are defined in the following table. Table 7-1. VPN Manual Policy Configuration Fields Field Description General These settings identify this policy and determine its major characteristics. Policy
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 84
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 7-1. VPN Manual Policy Configuration Fields Field Description SPI - Outgoing Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the remote VPN endpoint has the same value in its "Incoming SPI" field.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 85
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 7-1. VPN Manual Policy Configuration Fields Field disable ESP authentication for this VPN policy. Authentication Algorithm If you enable authentication, then use this menu to select the algorithm: • MD5 - the default
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 86
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Using Digital Certificates for IKE Auto-Policy Authentication these certificates by Policy Certification Authorities (PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The FWAG114 is able to
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 87
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Walk-Through of Configuration Scenarios on the FWAG114 There are a variety of configurations you might implement with the FWAG114. The scenarios listed below illustrate typical configurations you might use in your organization.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 88
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. 10.5.6.0/24 172.23.9.0/24 Gateway A Internet Gateway
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 89
    ProSafe Dual Band Wireless VPN Firewall FWAG114 FWAG114 Scenario 1: FWAG114 to Gateway B IKE and VPN Policies Note: This scenario assumes all ports are open on the FWAG114. You can verify this by reviewing the security settings as seen in the "Rules menu" on page 3-6. 10.5.6.1/24 LAN IP Scenario
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 90
    the ProSafe Dual Band Wireless VPN Firewall FWAG114 b. Configure the WAN Internet Address according to the settings above and click Apply to save your settings. For more information on configuring the WAN IP settings in the Basic Setup topics, please see "How to Complete a Manual Configuration" on
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 91
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 3. Set up the IKE Policy illustrated below on the FWAG114. a. From the main menu VPN section, click on the IKE Policies link, and then click the Add button to display the screen below. Figure 7-9: Scenario 1 IKE Policy b. Configure
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 92
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 4. Set up the FWAG114 VPN -Auto Policy illustrated below. a. From the main menu VPN section, click on the VPN Policies link, and then click on the Add Auto Policy button. WAN IP address LAN IP addresses Figure 7-10: Scenario 1 VPN
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 93
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 1. To test connectivity between the Gateway A FWAG114 LAN and the Gateway B LAN, follow these steps: a. Using our example, from a PC attached to the FWAG114 on LAN A, on a Windows PC click the Start button on the taskbar and
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 94
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 FWAG114 Scenario 2: FWAG114 to FWAG114 with RSA Certificates The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509 (PKIX) certificates for authentication. The network setup is identical to
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 95
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 b. Click the Generate Request button to display the screen illustrated in Figure 7-11 below. . FWAG114 or 2048. • Optional - IP Address. If you use "IP type" in the IKE policy, you should input the IP Address here. Otherwise, you should
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 96
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 d. Click the Next button to continue. The FWAG114 generates a Self Certificate Request as shown below. Highlight, copy and paste this data into a text file. Figure 7-12: Self Certificate Request data 4. Transmit the Self
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 97
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 c. When you have finished gathering the Self Certificate Request data, click the Done button. You will return to the Certificates screen where your pending "FWAG114" Self Certificate Request will be listed, as illustrated in
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 98
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 f. You will now see the "FWAG114" entry in the Active Self Certificates table and the pending "FWAG114 on the FWAG114. a. Create a new IKE policy called Scenario_2 with all the same properties of Scenario_1 (see "Scenario 1 IKE Policy" on
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 99
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Now, the traffic from devices within the range of the LAN subnet addresses on FWAG114 expired or revoked certificates will not be allowed to use the VPN tunnels managed by IKE policies which use this CA. Note: You must update the CRLs
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 100
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 7-28 Virtual Private Networking
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 101
    the advanced features of your ProSafe Dual Band Wireless VPN Firewall FWAG114. These features can be found under the Advanced heading in the Main Menu of the browser interface. How to Configure Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 102
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password and LAN address you have chosen for the router. 2. From the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 103
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Using the LAN IP Setup Options The second feature category under the Advanced heading is LAN IP Setup. This menu allows configuration of LAN IP services such as DHCP and RIP. From the Main Menu of the browser interface, under
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 104
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The LAN IP parameters are: • IP Address This is the LAN IP address of the router. • IP Subnet Mask This is the LAN Subnet Mask of the router. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 105
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 For most applications, the default DHCP and TCP/IP settings of the router are satisfactory. See "IP Configuration by DHCP" on page B-10 for an explanation of DHCP and information about how to assign IP addresses for your
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 106
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Note: The reserved address will not be assigned until the next time the PC contacts the router's DHCP server. Reboot the PC or access its IP configuration and force a DHCP release and renew. To edit or delete a reserved address
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 107
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Figure 8-3. Static Route Entry and the Gateway IP Address, which must be a router on the same LAN segment as the router. 8. Type a number between 1 and 15 as the Metric value. This represents the number of routers between your
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 108
    , you can allow a user or users on the Internet to configure, upgrade and check the status of your FWAG114 wireless firewall. Note: Be sure to change the router's default configuration password to a very secure password. The ideal password should contain no dictionary words from any language, and
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 109
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 a. To allow access from any IP address on the Internet, select Everyone. b. To allow access from a range of IP addresses on the Internet, select IP address range. Enter a beginning and ending IP address to define the allowed
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 110
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 8-10 Advanced Configuration
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 111
    This chapter gives information about troubleshooting your ProSafe Dual Band Wireless VPN Firewall FWAG114. After each problem description, instructions are provided to help you diagnose and solve the problem. Basic Functioning After you turn on power to the router, the following sequence of events
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 112
    's configuration to factory defaults. This will set the router's IP address to 192.168.0.1. This procedure is explained in "Restoring the Default Configuration and Password" on page 7-7. If the error persists, you might have a hardware problem and should contact technical support. LAN or Internet
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 113
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Troubleshooting the Web Configuration Interface If you are unable to access the router's Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the router
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 114
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Troubleshooting the ISP Connection If your router is unable to access the Internet, you should first determine whether the router is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 115
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 OR Configure your router to spoof your PC's MAC address. This can be done in the Basic Settings menu. Refer to "Manually Configuring Your Internet Connection" on page 3-12. If your router can obtain an IP address, but your PC
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 116
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 If the path is working, you see this message: Reply from < IP address >: : - Check that your PC has the IP address of your router listed as the default gateway. If the IP configuration of your PC is assigned by DHCP, this
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 117
    PC. Refer to "Manually Configuring Your Internet Connection" on page 3-12. Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the router's administration password to password and the IP address to 192.168
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 118
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 9-8 Troubleshooting
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 119
    Appendix A Technical Specifications This appendix provides technical specifications for the ProSafe Dual Band Wireless VPN Firewall FWAG114. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 120
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: Wireless Data Encoding: Maximum Computers Per Wireless Network: 802.11b and g Radio Data Rate 802.11b and g Operating Frequencies 802.11b and
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 121
    , Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 122
    vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The ProSafe Dual Band Wireless VPN Firewall FWAG114 is a small office router that routes the IP protocol over a single-user broadband connection. Routing Information Protocol
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 123
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 195.34.12.7 The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 124
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node. They are in this range: 192.0.1.x to 223.255.254.x. •
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 125
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash (/), as "/n." In the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 126
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 127
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 9-2. Netmask Formats 255.255.255 host address. • So that a local router or bridge recognizes which addresses are local and which are remote Private IP Addresses If your local network is isolated from the Internet (for
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 128
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 129
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 130
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Domain Name Server Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 131
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 132
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Ethernet Cabling Although Ethernet networks originally used thick or thin coaxial cable, most installations and blue pairs will be exchanged from one connector to the other. B-12 Network, Routing, Firewall, and Basics
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 133
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The FWAG114 wireless firewall incorporates Auto UplinkTM uplink connection (e.g. connecting to a router, switch, or hub). That port will then configure itself to the correct configuration. This feature also eliminates the need
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 134
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 B-14 Network, Routing, Firewall, and Basics
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 135
    the ProSafe Dual Band Wireless VPN Firewall FWAG114 and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 136
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 137
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP,
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 138
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 If you need Client for Microsoft Networks: a. Click the for the changes to take effect. Enabling DHCP to Automatically Configure TCP/IP Settings After the TCP/IP protocol components are installed, each PC must be assigned
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 139
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The following TCP/IP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 140
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 141
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter. The window is
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 142
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Enabling DHCP to Automatically Configure TCP/IP Settings You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 143
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Now you should be at the Local Area connection. • The TCP/IP details are presented on the Support tab page. • Select Internet Protocol, and click Properties to view the configuration information. Preparing Your Network
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 144
    ProSafe Dual Band Wireless VPN Firewall FWAG114 • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/ IP in Windows XP. Repeat
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 145
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Click on the My Network Places icon on the Windows desktop. This will bring checked are used by this connection:" • Client for Microsoft Networks and • Internet Protocol (TCP/IP) • Click OK. Preparing Your Network C-11
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 146
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. • Obtain DNS server address
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 147
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. •
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 148
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. C-14 Preparing Your Network
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 149
    ProSafe Dual Band Wireless VPN Firewall FWAG114 • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows NT. Restart the PC. Repeat these
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 150
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • The default gateway is 192.168.0.1 4. Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 151
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 2. If not already selected, select Built-in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab. 4. Click Save. Verifying TCP/IP Properties for Macintosh Computers After your
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 152
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem.
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 153
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • An IP address and subnet mask • A gateway IP address, which is the address of the ISP's router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account's full server names
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 154
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 If an IP address appears under Installed Gateways, write down the address. This is the ISP's gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration tab. If any
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 155
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Restarting the Network Once you've set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the FWAG114 wireless firewall
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 156
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 C-22 Preparing Your Network
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 157
    an overview of Wireless networking. Wireless Networking Overview The FWAG114 wireless firewall conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard for wireless LANs (WLANs) and a product update will bring the FWAG114 into conformance to the 802.11g standard when
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 158
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Infrastructure Mode With a wireless Access Point, you can operate the wireless LAN in the infrastructure mode. This mode provides wireless connectivity to multiple wireless network devices within a fixed range or area of
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 159
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The ESSID is usually broadcast in the air from an access point. The wireless station sometimes can be configured with the ESSID ANY. This means the wireless station will try to associate with whichever access point has the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 160
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 An access point must authenticate a station before the station can associate with the access point or communicate with the network. The IEEE 802 Point (AP) Cable/DSL ProSafeWirelessVPN Security Firewall PWR TEST IN TER N ET LNK W LA
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 161
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and sends the encrypted text to the access point. 4. The access point decrypts the encrypted text using its configured 802 Firewall PWR TEST
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 162
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 2. Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving device decrypts the data using the same WEP Key. For authentication purposes,
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 163
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 When configured for 128-bit encryption, 802.11 products typically support four WEP Keys but some manufacturers support . Note: The AP and the client adapters can have different default WEP Keys as long as the keys are in the same order. In
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 164
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 802/11b/g Wireless Channels IEEE 802.11b/g wireless nodes communicate MHz - 2484.5 MHz Note: The available channels supported by the wireless products in various countries are different. For example, Channels 1 to 11 are
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 165
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 The preferred channel separation between the channels in neighboring wireless networks is 25 MHz (5 channels). This means that you can apply up to three different channels within your wireless network. There are only 11 usable wireless
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 166
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Figure 4-6: IEEE 802.11a Channel Allocations The FWAG114 user can use thirteen channels in non-turbo mode. Table D-1: 802.11a Turbo Mode Off Radio Frequency Channels Turbo Mode OFF Channel 36 40 44 48 52 56 60 64 149 153
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 167
    which increases the network's resistance to data tampering or theft. IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive. VPNs are traditionally used for: Virtual Private Networking E-1
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 168
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Intranets: Intranets connect an organization's locations. These service costs. Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec-based VPN
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 169
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Provides authentication and integrity. • Internet Key Exchange (IKE): Provides key intended receiver. ESP also provides all encryption services in IPSec. Encryption translates a readable message IP header. Virtual Private Networking E-3
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 170
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Figure 4-7: Original packet and packet with IPSec Encapsulated Security Payload The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 171
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Figure 4-8: Original packet and packet with IPSec Authentication IP header is not changed. After the packet is processed with IPSec, the new IP packet contains the old IP header (with the source and destination IP addresses
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 172
    the ProSafe Dual Band Wireless VPN Firewall FWAG114 • Tunnel Mode: The tunnel mode IPSec implementation encapsulates the entire IP packet. The entire packet becomes the payload of the packet that is processed with IPSec. A new IP header is created that contains the two IPSec gateway addresses. The
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 173
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Understand the Process Before You Begin This TechNote provides case studies on how to configure a secure IPSec VPN tunnels. This document assumes the reader has a working knowledge of NETGEAR management systems. NETGEAR is a
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 174
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Network Interfaces and Addresses The VPN gateway is aptly named because it functions as a "gatekeeper" for each of the computers connected on the Local Area Network behind it. In most cases,
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 175
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 Table 4-1. Gateway Gateway B Gateway B WAN (Internet/Public) and LAN (Internal/Private) Addressing LAN or WAN LAN (Private) WAN (Public) VPNC Example Address 22.23.24.25 172.23.9.1 It will also be important to know the
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 176
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 VPN Gateway A VPN Tunnel VPN Gateway B Figure 4-11: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This communication is
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 177
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 2. IKE Phase I. a. The two parties created and exchanged, the IPSec SAs are ready to protect user data between the two VPN gateways. 4. Data transfer. Data is transferred between IPSec peers based on the IPSec parameters
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 178
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying • SA lifetime of 28800 seconds (one hour) Testing
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 179
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 • [RFC 791] Internet Protocol DARPA Internet Program Internet IP Security Domain of Interpretation for ISAKMP, November 1998. • [RFC 2474] K. Nichols, S. Blake, F. Baker, D. Black, Definition of the Differentiated Services
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 180
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 E-14 Virtual Private Networking
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 181
    passwords, certificates, and public key authentication. For details on EAP specifically, refer to IETF's RFC 2284. 802.11b IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed radio spectrum at 2.5GHz. 802.11g
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 182
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 ARP Address Resolution Protocol, a TCP/IP protocol used to convert an IP address into a physical address (called a DLC address), such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 183
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 DNS Short for Domain Name System (or Service), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 184
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 IP Internet Protocol is the main internetworking protocol used in the Internet. Used in conjunction with the Transfer Control Protocol (TCP) to form TCP/IP. IP Address A four-byte number uniquely defining each host on the Internet
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 185
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 NAT A technique by which several hosts share a single IP address for access to the Internet. NetBIOS Network Basic Input Output System. An application programming interface (API) for sharing services and information on local-
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 186
    Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 SSID A Service Set Identification is a thirty-two character (maximum) alphanumeric key identifying a wireless local area network. For the wireless devices in a network to communicate with each other, all devices must be configured
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 187
    WINS WINS. Windows Internet Naming Service is a server process for resolving Windows-based computer names to IP addresses. Wireless Network Name (SSID) Wireless Network Name (SSID) is the name assigned to a wireless network. This is the same as the SSID or ESSID configuration parameter. Glossary 7
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 188
    Reference Manual for the ProSafe Dual Band Wireless VPN Firewall FWAG114 8 Glossary
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 189
    64 or 128 bit WEP 4-7 802.11b D-1 A Account Name 3-10, 3-13 Address Resolution Protocol B-9 Addressing E-8 ad-hoc mode D-2 Authentication Header (AH) E-3, E-4 Auto MDI/MDI-X B-13, G-2 Auto Uplink 2-3, B-13, G-2 B backup configuration 5-7 Basic Wireless Connectivity 4-9 BSSID D-2 C CA 6-22 cables
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 190
    establishing C-18 Internet Key Exchange (IKE) E-3 Internet Protocol security E-1 Internet Service Provider 3-1 Intranets E-2 IP addresses C-19, C-20 and NAT B-8 and the Internet B-2 assigning B-2, B-9 auto-generated 7-3 private B-7 translating B-9 IP configuration by DHCP B-10 IP networking 2 for
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 191
    5-7 service numbers 5-10 Setup Wizard 3-1 Shared Key authentication D-3 SMTP 5-14 spoof MAC address 7-5 SSID 4-5, 4-9, 4-10, D-2 stateful packet inspection 2-2, 5-1, B-11 subnet addressing B-5 subnet mask B-6, C-19, C-20 syslog 5-17 T TCP/IP configuring C-1, E-1 network, troubleshooting 7-5 TCP/IP
  • Netgear FWAG114 | FWAG114 Reference Manual - Page 192
    Mode E-5 troubleshooting 7-1 Trusted Host 5-3 Tunnel Mode E-6 typographical conventions 1-1 U Uplink switch B-12 USB C-18 V VPN E-1 VPN Consortium E-7 VPN Process Overview E-7 VPNC IKE Phase I Parameters E-11 VPNC IKE Phase II Parameters E-12 W WEP D-3 Wi-Fi D-1 Windows, configuring for IP routing
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
SM-FWAG114NA-0
Version 1.0
June 2003
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Reference Manual for the
ProSafe Dual Band
Wireless VPN Firewall
FWAG114