Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FWG114Pv2 » Manual Viewer

Netgear FWG114Pv2 FWG114Pv2 Reference Manual - Page 89

Order of Precedence for Rules, Rules Menu Options, Enable VPN Passthrough IPSec, PPTP, L2TP

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu. For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order of the entries in the Rules Table, beginning at the top and proceeding to the default rules at the bottom. In some cases, the order of precedence of two or more rules may be important in determining the disposition of a packet. The Move button allows you to relocate a defined rule to a new position in the table. Rules Menu Options Use the Options checkboxes to enable the following: • Enable VPN Passthrough (IPSec, PPTP, L2TP) If LAN users need to use VPN (Virtual Private Networking) software on their computer, and connect to remote sites or servers, enable this checkbox. This will allow the VPN protocols (IPSec, PPTP, L2TP) to be used. If this checkbox is not checked, these protocols are blocked. • Drop fragmented IP packets If checked, all fragmented IP packets will be dropped (discarded). Normally, this should NOT be checked. • Block TCP flood If checked, when a TCP flood attack is detected, the port used will be closed, and no traffic will be able to use that port. • Block UDP flood If checked, when a UDP flood attack is detected, all traffic from that IP address will be blocked. • Block non-standard packets If checked, only known packet types will be accepted; other packets will be blocked. The known packet types are TCP, UDP, ICMP, ESP, and GRE. Note that these are packet types, not protocols. Firewall Protection and Content Filtering 201-10301-02, May 2005 6-11

Section	Page
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2	1
Product and Publication Details	3
Contents	5
Chapter 1 About This Manual	15
Audience, Scope, Conventions, and Formats	15
How to Use This Manual	16
How to Print this Manual	17
Chapter 2 Introduction	19
Key Features of the FWG114P v2	19
Full Routing on Both the Broadband and Serial Ports	20
802.11g and 802.11b Wireless Networking	20
Virtual Private Networking	21
Wireless Multimedia (WMM) Support	21
A Powerful, True Firewall with Content Filtering	21
Security	22
Autosensing Ethernet Connections with Auto Uplink	22
Extensive Protocol Support	23
Easy Installation and Management	24
NETGEAR Related Products	24
Package Contents	25
The FWG114P v2 Front Panel	25
The FWG114P v2 Rear Panel	26
Chapter 3 Connecting the FWG114P v2 to the Internet	29
What You Will Need Before You Begin	29
Cabling and Computer Hardware Requirements	29
Computer Network Configuration Requirements	29
Internet Configuration Requirements	30
Where Do I Get the Internet Configuration Parameters?	30
Record Your Internet Connection Information	31
Connecting the FWG114P v2 Wireless Firewall/Print Server	32
Verify That Basic Requirements Are Met	32
Basic Setup Troubleshooting Tips	38
FWG114P v2 Setup Wizard Auto Detection	38
Wizard-Detected Login Account Setup	39
Wizard-Detected Dynamic IP Account Setup	41
Wizard-Detected Fixed IP Account Setup	42
How to Configure the Serial Port as the Primary Internet Connection	43
Testing Your Internet Connection	45
Manually Configuring Your Internet Connection	46
How to Manually Configure the Primary Internet Connection	47
Chapter 4 Wireless Configuration	49
Observing Performance, Placement, and Range Guidelines	49
Implementing Appropriate Wireless Security	50
Understanding Wireless Settings	51
Default Factory Settings	54
Before You Change the SSID and WEP Settings	55
How to Set Up and Test Basic Wireless Connectivity	56
How to Restrict Wireless Access by MAC Address	57
How to Configure WEP	58
How to Configure WPA with Radius	60
How to Configure WPA2 with Radius	62
How to Configure WPA and WPA2 with Radius	64
How to Configure WPA-PSK	66
How to Configure WPA2-PSK	68
How to Configure WPA-PSK and WPA2-PSK	69
Chapter 5 Serial Port Configuration	71
Configuring a Serial Port Modem	72
Basic Requirements for Serial Port Modem Configuration	72
How to Configure a Serial Port Modem	72
Configuring Auto-Rollover	73
Basic Requirements for Auto-Rollover	73
How to Configure Auto-Rollover	73
Configuring Dial-in on the Serial Port	74
Basic Requirements for Dial-in	75
How to Configure Dial-in	75
Configuring LAN-to-LAN Settings	76
Basic Requirements for LAN-to-LAN Connections	76
How to Configure LAN-to-LAN Connections	76
Chapter 6 Firewall Protection and Content Filtering	79
Firewall Protection and Content Filtering Overview	79
Using the Block Sites Menu to Screen Content	79
Services and Rules Regulate Inbound and Outbound Traffic	81
Defining a Service	81
Using Inbound/Outbound Rules to Block or Allow Services	82
Examples of Using Services and Rules to Regulate Traffic	84
Inbound Rules (Port Forwarding)	84
Example: Port Forwarding to a Local Public Web Server	85
Example: Port Forwarding for Videoconferencing	86
Example: Port Forwarding for VPN Tunnels when NAT is Off	86
Outbound Rules (Service Blocking or Port Filtering)	87
Outbound Rule Example: Blocking Instant Messaging	88
Other Rules Considerations	88
Order of Precedence for Rules	89
Rules Menu Options	89
Using a Schedule to Block or Allow Content or Traffic	90
Setting the Time Zone	91
Getting E-Mail Notifications of Event Logs and Alerts	91
Viewing Logs of Web Access or Attempted Web Access	94
What to Include in the Event Log	95
Chapter 7 Print Server	97
Printing Options	97
For Windows XP and 2000, Use TCP/IP LPR Printing	98
For Windows 95/98/Me, Use the Netgear Printer Port Driver	102
Printing from the Macintosh	105
Windows Printer Port Management	106
Troubleshooting the Print Server	108
Chapter 8 Virtual Private Networking	113
Overview of FWG114P v2 Policy-Based VPN Configuration	113
Using Policies to Manage VPN Traffic	114
Using Automatic Key Management	114
IKE Policies’ Automatic Key and Authentication Management	115
VPN Policy Configuration for Auto Key Negotiation	118
VPN Policy Configuration for Manual Key Exchange	121
Using Digital Certificates for IKE Auto-Policy Authentication	126
Certificate Revocation List (CRL)	126
Walk-Through of Configuration Scenarios on the FWG114P v2	127
How to Use the VPN Wizard to Configure a VPN Tunnel	127
VPNC Scenario 1: Gateway to Gateway with Preshared Secrets	131
Scenario 1: FWG114P v2 to FWG114P v2 with Preshared Secrets	132
How to Check VPN Connections	136
VPNC Scenario 2: Gateway-to-Gateway with Certificates	137
Scenario 2: FWG114P v2 to FWG114P v2 with Certificates	138
Netgear VPN Client to FWG114P v2	144
Configuration Profile	144
Step-By-Step Configuration of FWG114P v2 Gateway	145
Step-By-Step Configuration of the Netgear VPN Client	150
Testing the VPN Connection	157
From the Client PC to the FWG114P v2	157
From the FWG114P v2 to the Client PC	158
Monitoring the PC VPN Connection	158
Viewing the FWG114P v2 VPN Status and Log Information	159
Chapter 9 Maintenance	161
Viewing Wireless Firewall/Print Server Status Information	161
Viewing a List of Attached Devices	166
Upgrading the Router Software	167
Configuration File Management	167
Restoring and Backing Up the Configuration	168
Erasing the Configuration	169
Changing the Administrator Password	169
Chapter 10 Advanced Configuration	171
Using the WAN Setup Options	171
How to Configure Dynamic DNS	173
Using the LAN IP Setup Options	175
Configuring LAN TCP/IP Setup Parameters	175
Using the Router as a DHCP server	177
Using Address Reservation	177
Configuring Static Routes	178
Enabling Remote Management Access	180
Using Universal Plug and Play (UPnP)	181
Advanced Wireless Settings	182
Chapter 11 Troubleshooting	185
Basic Functioning	185
Power LED Not On	185
LEDs Never Turn Off	186
LAN or Internet Port LEDs Not On	186
Troubleshooting the Web Configuration Interface	187
Troubleshooting the ISP Connection	188
Troubleshooting a TCP/IP Network Using a Ping Utility	189
Testing the LAN Path to Your Router	189
Testing the Path from Your Computer to a Remote Device	190
Restoring the Default Configuration and Password	191
Problems with Date and Time	191
Appendix A Technical Specifications	193
Appendix B Networks, Routing, and Firewall Basics	195
Related Publications	195
Basic Router Concepts	195
What is a Router?	195
Routing Information Protocol	196
IP Addresses and the Internet	196
Netmask	198
Subnet Addressing	198
Private IP Addresses	201
Single IP Address Operation Using NAT	201
MAC Addresses and Address Resolution Protocol	203
Related Documents	203
Domain Name Server	203
IP Configuration by DHCP	204
Internet Security and Firewalls	204
What is a Firewall?	205
Stateful Packet Inspection	205
Denial of Service Attack	205
Ethernet Cabling	205
Category 5 Cable Quality	206
Inside Twisted Pair Cables	207
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	208
Appendix C Preparing Your Network	211
Preparing Your Computers for TCP/IP Networking	211
Configuring Windows 95, 98, and Me for TCP/IP Networking	212
Install or Verify Windows Networking Components	212
Enabling DHCP to Automatically Configure TCP/IP Settings	214
Selecting Windows’ Internet Access Method	214
Verifying TCP/IP Properties	215
Configuring Windows NT, 2000 or XP for IP Networking	215
Installing or Verifying Windows Networking Components	215
Verifying TCP/IP Properties	216
Configuring the Macintosh for TCP/IP Networking	216
MacOS 8.6 or 9.x	216
MacOS X	217
Verifying TCP/IP Properties for Macintosh Computers	218
Verifying the Readiness of Your Internet Account	219
Are Login Protocols Used?	219
What Is Your Configuration Information?	219
Obtaining ISP Configuration Information for Windows Computers	220
Obtaining ISP Configuration Information for Macintosh Computers	221
Restarting the Network	222
Appendix D Firewall Log Formats	223
Action List	223
Field List	223
Outbound Log	223
Inbound Log	224
Other IP Traffic	224
Router Operation	225
Other Connections and Traffic to this Router	226
DoS Attack/Scan	226
Access Block Site	228
All Web Sites and News Groups Visited	228
System Admin Sessions	228
Policy Administration LOG	229
Appendix E Wireless Networking Basics	231
Wireless Networking Overview	231
Infrastructure Mode	231
Ad Hoc Mode (Peer-to-Peer Workgroup)	232
Network Name: Extended Service Set Identification (ESSID)	232
Authentication and WEP Data Encryption	232
802.11 Authentication	233
Open System Authentication	233
Shared Key Authentication	234
Overview of WEP Parameters	235
Key Size	236
WEP Configuration Options	237
Wireless Channels	237
WPA Wireless Security	238
How Does WPA Compare to WEP?	239
How Does WPA Compare to IEEE 802.11i?	240
What are the Key Features of WPA Security?	240
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	242
WPA Data Encryption Key Management	244
Is WPA Perfect?	246
Product Support for WPA	246
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged	246
Changes to Wireless Access Points	247
Changes to Wireless Network Adapters	247
Changes to Wireless Client Programs	248
Appendix F Virtual Private Networking	249
What is a VPN?	249
What is IPSec and How Does It Work?	250
IPSec Security Features	250
IPSec Components	250
Encapsulating Security Payload (ESP)	251
Authentication Header (AH)	252
IKE Security Association	252
Mode	253
Key Management	254
Understand the Process Before You Begin	254
VPN Process Overview	255
Network Interfaces and Addresses	255
Interface Addressing	255
Firewalls	256
Setting Up a VPN Tunnel Between Gateways	256
VPNC IKE Security Parameters	258
VPNC IKE Phase I Parameters	258
VPNC IKE Phase II Parameters	259
Testing and Troubleshooting	259
Additional Reading	259
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2	261
Configuration Template	261
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	262
Step-By-Step Configuration of FWG114P Gateway B	265
Test the VPN Connection	269
Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328	271
Configuration Template	271
Using DDNS and Fully Qualified Domain Names (FQDN)	272
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	273
Step-By-Step Configuration of FVS328 Gateway B	277
Test the VPN Connection	281

Match case Limit results 1 per page

Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2

Firewall Protection and Content Filtering

6-11

201-10301-02, May 2005

Order of Precedence for Rules

As you define new rules, they are added to the tables in the Rules menu. For any traffic attempting

to pass through the firewall, the packet information is subjected to the rules in the order of the

entries in the Rules Table, beginning at the top and proceeding to the default rules at the bottom. In

some cases, the order of precedence of two or more rules may be important in determining the

disposition of a packet. The Move button allows you to relocate a defined rule to a new position in

the table.

Rules Menu Options

Use the Options checkboxes to enable the following:

•

Enable VPN Passthrough (IPSec, PPTP, L2TP)

If LAN users need to use VPN (Virtual Private Networking) software on their computer, and

connect to remote sites or servers, enable this checkbox. This will allow the VPN protocols

(IPSec, PPTP, L2TP) to be used. If this checkbox is not checked, these protocols are blocked.

•

Drop fragmented IP packets

If checked, all fragmented IP packets will be dropped (discarded). Normally, this should NOT

be checked.

•

Block TCP flood

If checked, when a TCP flood attack is detected, the port used will be closed, and no traffic

will be able to use that port.

•

Block UDP flood

If checked, when a UDP flood attack is detected, all traffic from that IP address will be

blocked.

•

Block non-standard packets

If checked, only known packet types will be accepted; other packets will be blocked. The

known packet types are TCP, UDP, ICMP, ESP, and GRE. Note that these are packet types, not

protocols.