Home » Netgear Manuals » Modems » Netgear DG834Gv1 » Manual Viewer

Netgear DG834Gv1 DG834Gv2 Reference Manual - Page 178

Internet Security and Firewalls, What is a Firewall?, Stateful Packet Inspection

Add to My Manuals
Save this manual to your list of manuals

Page 178 highlights

Reference Manual for the Model Wireless ADSL Firewall Router DG834G The DG834G wireless router also functions as a DHCP client when connecting to the ISP. The router can automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway address if the ISP provides this information by DHCP. Internet Security and Firewalls When your LAN connects to the Internet through a router, an opportunity is created for outsiders to access or disrupt your network. A NAT router provides some protection because by the very nature of the Network Address Translation (NAT) process, the network behind the NAT router is shielded from access by outsiders on the Internet. However, there are methods by which a determined hacker can possibly obtain information about your network or at the least can disrupt your Internet access. A greater degree of protection is provided by a firewall router. What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be recognized when they occur. When an incident is detected, the firewall can log details of the attempt, and can optionally send email to an administrator notifying them of the incident. Using information from the log, the administrator can take action with the ISP of the hacker. In some types of intrusions, the firewall can fend off the hacker by discarding all further packets from the hacker's IP address for a period of time. Stateful Packet Inspection Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to ensure secure firewall filtering to protect your network from attacks and intrusions. Since user-level applications such as FTP and Web browsers can create complex patterns of network traffic, it is necessary for the firewall to analyze groups of network connection states. Using Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then analyzed for state-related information associated with all network connections. A central cache within the firewall keeps track of the state information associated with all network connections. All traffic passing through the firewall is analyzed against the state of these connections in order to determine whether or not it will be allowed to pass through or rejected. B-10 202-10006-05, June 2005 Network and Routing Basics

Section	Page
Reference Manual for the Model Wireless ADSL Firewall Router DG834G	1
Product and Publication Details	3
Contents	5
Chapter 1 About This Manual	15
Audience, Scope, Conventions, and Formats	15
How to Use This Manual	16
How to Print this Manual	17
Chapter 2 Introduction	19
About the Router	19
Key Features	19
A Powerful, True Firewall	20
802.11 Standards-based Wireless Networking	20
Easy Installation and Management	21
Protocol Support	21
Virtual Private Networking (VPN)	23
Content Filtering	23
Auto Sensing and Auto Uplink™ LAN Ethernet Connections	23
What’s in the Box?	23
The Router’s Front Panel	24
The Router’s Rear Panel	25
Chapter 3 Connecting the Router to the Internet	27
What You Need Before You Begin	27
ADSL Microfilter Requirements	27
ADSL Microfilter	27
ADSL Microfilter with Built-In Splitter	28
Ethernet Cabling Requirements	28
Computer Hardware Requirements	28
LAN Configuration Requirements	28
Internet Configuration Requirements	29
Where Do I Get the Internet Configuration Parameters?	29
Record Your Internet Connection Information	29
Connecting the DG834G to Your LAN	31
How to Connect the Router	31
Auto-Detecting Your Internet Connection Type	35
Wizard-Detected PPPoE Login Account Setup	36
Wizard-Detected PPPoA Login Account Setup	37
Wizard-Detected Dynamic IP Account Setup	37
Wizard-Detected IP Over ATM Account Setup	38
Wizard-Detected Fixed IP (Static) Account Setup	39
Testing Your Internet Connection	40
Manually Configuring Your Internet Connection	40
How to Perform Manual Configuration	41
Internet Connection Requires Login and Uses PPPoE	42
Internet Connection Requires Login and Uses PPPoA	43
Internet Connection Does Note Require A Login	44
ADSL Settings	45
Chapter 4 Wireless Configuration	47
Considerations for a Wireless Network	47
Observe Performance, Placement, and Range Guidelines	47
Implement Appropriate Wireless Security	48
Understanding Wireless Settings	49
How to Set Up and Test Basic Wireless Connectivity	53
How to Restricting Wireless Access to Your Network	54
Restricting Access to Your Network by Turning Off Wireless Connectivity	55
Restricting Wireless Access Based on the Wireless Network Name (SSID)	55
Restricting Wireless Access Based on the Wireless Station Access List	55
Choosing WEP Authentication and Security Encryption Methods	57
Authentication Type Selection	57
Encryption Choices	58
How to Configure WEP	59
How to Configure WPA-PSK	60
Chapter 5 Protecting Your Network	61
Protecting Access to Your DG834G Wireless ADSL Firewall Router	61
How to Change the Built-In Password	61
Changing the Administrator Login Timeout	62
Configuring Basic Firewall Services	62
Blocking Keywords, Sites, and Services	63
How to Block Keywords and Sites	63
Firewall Rules	65
Inbound Rules (Port Forwarding)	66
Inbound Rule Example: A Local Public Web Server	66
Inbound Rule Example: Allowing Videoconferencing	68
Considerations for Inbound Rules	68
Outbound Rules (Service Blocking)	69
Outbound Rule Example: Blocking Instant Messenger	69
Order of Precedence for Rules	71
Services	72
How to Define Services	72
Setting Times and Scheduling Firewall Services	73
How to Set Your Time Zone	73
How to Schedule Firewall Services	74
Chapter 6 Managing Your Network	77
Backing Up, Restoring, or Erasing Your Settings	77
How to Back Up the Configuration to a File	77
How to Restore the Configuration from a File	78
How to Erase the Configuration	78
Upgrading the Router’s Firmware	78
How to Upgrade the Router Firmware	79
Network Management Information	80
Viewing Router Status and Usage Statistics	80
Viewing Attached Devices	85
Viewing, Selecting, and Saving Logged Information	85
Selecting What Information to Log	87
Saving Log Files on a Server	88
Examples of Log Messages	88
Activation and Administration	88
Dropped Packets	88
Enabling Security Event E-mail Notification	89
Running Diagnostic Utilities and Rebooting the Router	90
Enabling Remote Management	91
Configuring Remote Management	91
Chapter 7 Advanced Configuration	93
Configuring Advanced Security	93
Setting Up A Default DMZ Server	93
How to Configure a Default DMZ Server	94
Connect Automatically, as Required	95
Disable Port Scan and DOS Protection	95
Respond to Ping on Internet WAN Port	95
MTU Size	95
Configuring LAN IP Settings	95
DHCP	97
Use Router as DHCP server	97
Reserved IP addresses	98
How to Configure LAN TCP/IP Settings	99
Configuring Dynamic DNS	99
How to Configure Dynamic DNS	100
Using Static Routes	101
Static Route Example	101
How to Configure Static Routes	102
Universal Plug and Play (UPnP)	104
Chapter 8 Virtual Private Networking (Advanced Feature)	107
Overview of VPN Configuration	108
Client-to-Gateway VPN Tunnels	108
Gateway-to-Gateway VPN Tunnels	108
Planning a VPN	109
VPN Tunnel Configuration	112
How to Set Up a Client-to-Gateway VPN Configuration	112
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834G	113
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC	118
How to Set Up a Gateway-to-Gateway VPN Configuration	126
VPN Tunnel Control	133
Activating a VPN Tunnel	133
Using the VPN Status Page to Activate a VPN Tunnel	133
Activate the VPN Tunnel by Pinging the Remote Endpoint	134
Start Using a VPN Tunnel to Active It	136
Verifying the Status of a VPN Tunnel	136
Deactivating a VPN Tunnel	138
Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel	138
Using the VPN Status Page to Deactivate a VPN Tunnel	139
Deleting a VPN Tunnel	141
How to Set Up VPN Tunnels in Special Circumstances	141
Using Auto Policy to Configure VPN Tunnels	142
Configuring VPN Network Connection Parameters	142
Example of Using Auto Policy	147
Using Manual Policy to Configure VPN Tunnels	154
Chapter 9 Troubleshooting	157
Basic Functioning	157
Power LED Not On	158
Test LED Never Turns On or Test LED Stays On	158
LAN or WAN Port LEDs Not On	158
Troubleshooting the Web Configuration Interface	159
Troubleshooting the ISP Connection	160
ADSL link	160
WAN LED Blinking Yellow	160
WAN LED Off	160
Obtaining a WAN IP Address	161
Troubleshooting PPPoE or PPPoA	162
Troubleshooting Internet Browsing	162
Troubleshooting a TCP/IP Network Using the Ping Utility	163
Testing the LAN Path to Your Router	163
Testing the Path from Your Computer to a Remote Device	164
Restoring the Default Configuration and Password	165
Using the Reset button	165
Problems with Date and Time	165
Appendix A Technical Specifications	167
Appendix B Network and Routing Basics	169
Related Publications	169
Basic Router Concepts	169
What is a Router?	169
Routing Information Protocol	170
IP Addresses and the Internet	170
Netmask	172
Subnet Addressing	172
Private IP Addresses	175
Single IP Address Operation Using NAT	175
MAC Addresses and Address Resolution Protocol	176
Related Documents	177
Domain Name Server	177
IP Configuration by DHCP	177
Internet Security and Firewalls	178
What is a Firewall?	178
Stateful Packet Inspection	178
Denial of Service Attack	179
Ethernet Cabling	179
Category 5 Cable Quality	179
Inside Twisted Pair Cables	180
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	181
Appendix C Preparing Your Network	183
Preparing Your Computers for TCP/IP Networking	183
Configuring Windows 95, 98, and Me for TCP/IP Networking	184
Installing or Verifying Windows Networking Components	184
Enabling DHCP to Automatically Configure TCP/IP Settings in Windows 95B, 98, and Me	186
Selecting the Windows’ Internet Access Method	188
Verifying TCP/IP Properties	188
Configuring Windows NT4, 2000 or XP for IP Networking	189
Installing or Verifying Windows Networking Components	189
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	190
DHCP Configuration of TCP/IP in Windows XP	190
DHCP Configuration of TCP/IP in Windows 2000	192
DHCP Configuration of TCP/IP in Windows NT4	195
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	197
Configuring the Macintosh for TCP/IP Networking	198
MacOS 8.6 or 9.x	198
MacOS X	198
Verifying TCP/IP Properties for Macintosh Computers	199
Verifying the Readiness of Your Internet Account	200
Are Login Protocols Used?	200
What Is Your Configuration Information?	200
Obtaining ISP Configuration Information for Windows Computers	201
Obtaining ISP Configuration Information for Macintosh Computers	202
Restarting the Network	203
Appendix D Wireless Networking Basics	205
Wireless Networking Overview	205
Infrastructure Mode	205
Ad Hoc Mode (Peer-to-Peer Workgroup)	206
Network Name: Extended Service Set Identification (ESSID)	206
Authentication and WEP Data Encryption	206
802.11 Authentication	207
Open System Authentication	207
Shared Key Authentication	208
Overview of WEP Parameters	209
Key Size	210
WEP Configuration Options	211
Wireless Channels	211
WPA Wireless Security	212
How Does WPA Compare to WEP?	213
How Does WPA Compare to IEEE 802.11i?	214
What are the Key Features of WPA Security?	214
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	216
WPA Data Encryption Key Management	218
Is WPA Perfect?	220
Product Support for WPA	220
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged	220
Changes to Wireless Access Points	220
Changes to Wireless Network Adapters	221
Changes to Wireless Client Programs	222
Appendix E Virtual Private Networking	223
What is a VPN?	223
What Is IPSec and How Does It Work?	224
IPSec Security Features	224
IPSec Components	224
Encapsulating Security Payload (ESP)	225
Authentication Header (AH)	226
IKE Security Association	226
Mode	227
Key Management	228
Understand the Process Before You Begin	228
VPN Process Overview	229
Network Interfaces and Addresses	229
Interface Addressing	229
Firewalls	230
Setting Up a VPN Tunnel Between Gateways	230
VPNC IKE Security Parameters	232
VPNC IKE Phase I Parameters	232
VPNC IKE Phase II Parameters	233
Testing and Troubleshooting	233
Additional Reading	233
Appendix F NETGEAR VPN Configuration	235
DG834G to FVL328	235
Configuration Profile	235
Step-By-Step Configuration	236
DG834G with FQDN to FVL328	240
Configuration Profile	240
The Use of a Fully Qualified Domain Name (FQDN)	241
Step-By-Step Configuration	242
Configuration Summary (Telecommuter Example)	247
Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example)	248
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office	248
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office	250
Monitoring the VPN Tunnel (Telecommuter Example)	259
Viewing the PC Client’s Connection Monitor and Log Viewer	259
Viewing the VPN Router’s VPN Status and Log Information	261

Match case Limit results 1 per page

Reference Manual for the Model Wireless ADSL Firewall Router DG834G

B-10

Network and Routing Basics

202-10006-05, June 2005

The DG834G wireless router also functions as a DHCP client when connecting to the ISP. The

router can automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway

address if the ISP provides this information by DHCP.

Internet Security and Firewalls

When your LAN connects to the Internet through a router, an opportunity is created for outsiders

to access or disrupt your network. A NAT router provides some protection because by the very

nature of the Network Address Translation (NAT) process, the network behind the NAT router is

shielded from access by outsiders on the Internet. However, there are methods by which a

determined hacker can possibly obtain information about your network or at the least can disrupt

your Internet access. A greater degree of protection is provided by a firewall router.

What is a Firewall?

A firewall is a device that protects one network from another, while allowing communication

between the two. A firewall incorporates the functions of the NAT router, while adding features for

dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be

recognized when they occur. When an incident is detected, the firewall can log details of the

attempt, and can optionally send email to an administrator notifying them of the incident. Using

information from the log, the administrator can take action with the ISP of the hacker. In some

types of intrusions, the firewall can fend off the hacker by discarding all further packets from the

hacker’s IP address for a period of time.

Stateful Packet Inspection

Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to

ensure secure firewall filtering to protect your network from attacks and intrusions. Since

user-level applications such as FTP and Web browsers can create complex patterns of network

traffic, it is necessary for the firewall to analyze groups of network connection states. Using

Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then

analyzed for state-related information associated with all network connections. A central cache

within the firewall keeps track of the state information associated with all network connections.

All traffic passing through the firewall is analyzed against the state of these connections in order to

determine whether or not it will be allowed to pass through or rejected.