Reference Manual for the Model FWAG114 Cable/ DSL Wireless ProSafe Firewall NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA SM-FWAG114NA-0 Version 1.
© 2002 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR is a trademark of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das Model FWAG114 Cable/DSL Wireless ProSafe Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
iv
Contents About This Manual Audience ....................................................................................................................... x. i Typographical Conventions .......................................................................................... x. i Special Message Formats ............................................................................................ xii Chapter 1 Introduction Key Features of the Firewall .......................................................
Fixed IP Account Wizard-Detected Option ............................................................. 2-11 Manually Configuring Your Internet Connection ...........................................................2-12 Chapter 3 Wireless Configuration Observe Performance, Placement, and Range Guidelines ............................................3-1 Implement Appropriate Wireless Security ......................................................................3-2 Understanding Wireless Settings ...............
Viewing Logs of Web Access or Attempted Web Access .............................................4-17 Examples of log messages ....................................................................................4-19 Activation and Administration ..........................................................................4-19 Dropped Packets .............................................................................................4-19 Syslog ...................................................................
Chapter 7 Troubleshooting Basic Functioning ...........................................................................................................7-1 Power LED Not On ...................................................................................................7-1 LEDs Never Turn Off ................................................................................................7-2 LAN or WAN Port LEDs Not On ...............................................................................
Uplink Switches, Crossover Cables, and MDI/MDIX Switching ............................ B-12 Cable Quality ......................................................................................................... B-13 Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking ....................................................... C-1 Configuring Windows 95, 98, and Me for TCP/IP Networking ....................................... C-2 Install or Verify Windows Networking Components .....
Open System Authentication ................................................................................... D-4 Shared Key Authentication ...................................................................................... D-4 Overview of WEP Parameters ................................................................................ D-5 Key Size .................................................................................................................. D-6 WEP Configuration Options ..............
About This Manual Congratulations on your purchase of the NETGEAR® Model FWAG114 Cable/DSL Wireless ProSafe Firewall . The FWAG114 wireless firewall provides connection for multiple personal computers (PCs) to the Internet through an external broadband access device (such as a cable modem or DSL modem) that is normally intended for use by a single PC. Audience This reference manual assumes that the reader has basic to intermediate computer and Internet skills.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest.
Chapter 1 Introduction This chapter describes the features of the NETGEAR Model FWAG114 Cable/DSL Wireless ProSafe Firewall . Key Features of the Firewall The Model FWAG114 Cable/DSL Wireless ProSafe Firewall with 4-port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. The FWAG114 is a complete security solution that protects your network from attacks and intrusions.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • • • • • Ethernet connection to a wide area network (WAN) device, such as a cable modem or DSL modem. Extensive Protocol Support. Login capability. Front panel LEDs for easy monitoring of status and activity. Flash memory for firmware upgrade. 802.11g and 802.11b Wireless Networking The FWAG114 wireless firewall includes an 802.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The FWAG114 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the router to email the log to you at specified intervals. You can also configure the router to send immediate alert messages to your email address or email pager whenever a significant event occurs.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Extensive Protocol Support The FWAG114 wireless firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to Appendix B, “Network, Routing, Firewall, and Basics.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Diagnostic functions The firewall incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot. • Remote management The firewall allows you to login to the Web Management Interface from a remote location on the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The Firewall’s Front Panel The front panel of the FWAG114 wireless firewall contains the status LEDs described below. need product front panel photo Figure 1-1: FWAG114 Front Panel You can use some of the LEDs to verify connections. Viewed from left to right, Table 1-1 describes the LEDs on the front panel of the router. These LEDs are green when lit. Table 1-1.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall need product back panel photo Figure 1-2: FWAG114 Rear Panel Viewed from left to right, the rear panel contains the following features: • • • • • AC power adapter outlet Four Local (LAN) Ethernet ports for connecting the router to the local PCs Internet (WAN) Ethernet port for connecting the router to a cable or DSL modem Factory Default Reset push button Wireless antenna Introduction 1-7
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 1-8 Introduction
Chapter 2 Connecting the Firewall to the Internet This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You find out how to configure your Model FWAG114 Cable/DSL Wireless ProSafe Firewall for Internet access using the Setup Wizard, or how to manually configure your Internet connection. What You Will Need Before You Begin You need to prepare these three things before you begin: 1.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall For the initial connection to the Internet and configuration of your router, you will need to connect a computer to the router which is set to automatically get its TCP/IP configuration from the router via DHCP. Note: For help with DHCP configuration, please refer to Appendix C, “Preparing Your Network”. The cable or DSL modem broadband access device must provide a standard 10 Mbps (10BASE-T) Ethernet interface.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. For AOL customers, the login name is their primary screen name. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Connecting the Model FWAG114 Cable/DSL Wireless ProSafe Firewall to Your LAN This section provides instructions for connecting the FWAG114 wireless firewall. Also, the Model FWAG114 Resource CD included with your router contains an animated Installation Assistant to help you through this procedure. Procedure: Connecting the Firewall There are three steps to connecting your router: 1. 2. 3.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall c. Connect the Ethernet cable from your cable or DSL modem to the Internet port (A) on the FWAG114. Cable or DSL modem A need product back panel photo Figure 2-2: Connect the cable or DSL Modem to the router d. Connect the Ethernet cable which came with the router from a Local port on the router (B) to your computer.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall f. Verify the following: • When your turn the router on, the power light goes on. • The router’s local lights are lit for any computers that are connected to it. • The router’s Internet light is lit, indicating a link has been established to the cable or DSL modem. Note: For wireless placement and range guidelines, and wireless configuration instructions, please see Chapter 3, “Wireless Configuration.” 2.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 3. Connect to the Internet Figure 2-6: Setup Wizard a. You are now connected to the router. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu. b. Click Next and follow the steps in the Setup Wizard for inputting the configuration parameters from your ISP to connect to the Internet.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall PPPoE Wizard-Detected Option If the Setup Wizard discovers that your ISP uses PPPoE, you will see this menu: Figure 2-7: Setup Wizard menu for PPPoE accounts • • • • • 2-8 Enter the Account Name, Domain Name, Login, and Password as provided by your ISP. These fields are case sensitive. The router will try to discover the domain automatically if you leave the Domain Name blank. Otherwise, you may need to enter it manually.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Telstra Bigpond Cable Wizard-Detected Option If the Setup Wizard discovers Telstra Bigpond Cable is your ISP, you will see this menu: Figure 2-8: Setup Wizard menu for Telstra Bigpond Cable accounts • Enter your Login, Password and Authentication Server. These fields are case sensitive. Note: You will no longer need to launch the ISP’s login program on your PC in order to access the Internet.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall To change the MAC address, select “Use this Computer’s MAC address.” The router will then capture and use the MAC address of the PC that you are now using. You must be using the one PC that is allowed by the ISP. Or, select “Use this MAC address” and enter it. • • Click Apply to save your settings. Click Test to test your Internet connection.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Fixed IP Account Wizard-Detected Option If the Setup Wizard discovers that your ISP uses Fixed IP assignment, you will see this menu: Figure 2-10: Setup Wizard menu for Fixed IP address accounts • • Fixed IP is also called Static IP. Enter your assigned IP Address, Subnet Mask, and the IP Address of your ISP’s gateway router. This information should have been provided to you by your ISP.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Manually Configuring Your Internet Connection You can manually configure your router using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Procedure: Configuring the Internet Connection Manually You can manually configure the router using the Basic Settings menu shown in Figure 2-11 using these steps: 1. Click the Basic Settings link on the Setup menu. 2. If your Internet connection does not require a login, click No at the top of the Basic Settings menu and fill in the settings according to the instructions below.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 3. If your Internet connection does require a login, fill in the settings according to the instructions below. Select Yes if you normally must launch a login program such as Enternet or WinPOET in order to access the Internet. Note: After you finish setting up your router, you will no longer need to launch the ISP’s login program on your PC in order to access the Internet.
Chapter 3 Wireless Configuration This chapter describes how to configure the wireless features of your FWAG114 wireless firewall. Observe Performance, Placement, and Range Guidelines In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your firewall in order to maximize the network speed. For further information on wireless networking, refer to in Appendix D, “Wireless Networking Basics.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Away from large metal surfaces. Be aware that the time it takes to establish a wireless connection can vary depending on both your security settings and placement. WEP connections can take slightly longer to establish. Also, WEP encryption can consume more battery power on a notebook PC. Implement Appropriate Wireless Security Note: Indoors, computers can connect over 802.11 wireless networks at ranges of 500 feet or more.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the FWAG114. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed. • Turn Off the Broadcast of the Wireless Network Name SSID.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Figure 3-2: Wireless 11a and 11b/g Settings menus Note: The 802.11b and 802.11g wireless networking protocols are configured in exactly the same fashion. The FWAG114 will automatically adjust to the 802.11g or 802.11b protocol as the device requires without compromising the speed of the other connected devices.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Common Wireless Settings The 802.11a and the 802.11b/g wireless network identification settings are configured separately. However, some types of items you configure in each network are the same. The Wireless Settings menu items which are the same for either type of wireless network are discussed below. • Station Name. The station name of the FWAG114. • Regulatory Domain.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Understanding WEP Authentication and Encryption Restricting wireless access to your network prevents intruders from connecting to your network. However, the wireless data transmissions are still vulnerable to snooping. Using the WEB data encryption settings described below will prevent a determined intruder from eavesdropping on your wireless data communications.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall If WEP is enabled, you can manually or automatically program the four data encryption keys. These values must be identical on all PCs and access points in your network. There are two methods for creating WEP encryption keys: • Passphrase. Enter a word or group of printable characters in the Passphrase box and click the Generate button. • Manual. 64-bit WEP: Enter 10 hexadecimal digits (any combination of 0-9, a-f, or A-F).
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall For a new wireless network, print or copy this form and fill in the configuration parameters. For an existing wireless network, print or copy this form and fill in the configuration parameters. The person who set up or is responsible for the network will be able to provide this information. • SSID: The Service Set Identification (SSID) identifies the wireless local area network. NETGEAR is the default FWAG114 SSID.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Key 3: ___________________________________ Key 4: ___________________________________ Use the procedures described in the following sections to configure the FWAG114. Store this information in a safe place. How to Set Up and Test Basic Wireless Connectivity Follow the instructions below to set up and test basic wireless connectivity.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Note: If you are configuring the firewall from a wireless PC and you change the firewall’s SSID, channel, or security settings, you will lose your wireless connection when you click on Apply. You must then change the wireless settings of your PC to match the firewall’s new settings. 7. Configure and test your PCs for wireless connectivity.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 4. Click the Trusted PCs button to display the Wireless Access menu shown below. Figure 3-3. 5. Wireless Access menu Enter the MAC address of a wireless adapter and click the Add button to add a wireless device to the wireless access control list. The Trusted PCs list updates with the new entry. Note: You can copy and paste the MAC addresses from the firewall’s Attached Devices menu into the MAC Address box of this menu.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall How to Configure WEP To configure WEP data encryption, follow these steps: 1. Log in to the FWAG114 firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up. 2. Click the Wireless 11a or 11b link in the main menu of the FWAG114 firewall. 3. Click the Configure WEP butto. 4.
Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the Model FWAG114 Cable/ DSL Wireless ProSafe Firewall to protect your network. These features can be found by clicking on the Content Filtering heading in the Main Menu of the browser interface.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Block Sites The FWAG114 allows you to restrict access based on Web addresses and Web address keywords. Up to 255 entries are supported in the Keyword list. The Keyword Blocking menu is shown in Figure 4-1: Figure 4-1: Block Sites menu To enable keyword blocking, check “Turn keyword blocking on”, then click Apply. To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall You may specify one Trusted User, which is a PC that will be exempt from blocking and logging. Since the Trusted User will be identified by an IP address, you should configure that PC with a fixed or reserved IP address. Using Rules to Block or Allow Specific Kinds of Traffic Firewall rules are used to block or allow specific traffic passing through from one side to the other.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall You may define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. You can also choose to log traffic that matches or does not match the rule you have defined. To create a new rule, click the Add button.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • • Match - traffic of this type which matches the parameters and action will be logged. Not match - traffic of this type which does not match the parameters and action will be logged. Inbound Rules (Port Forwarding) Because the FWAG114 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Inbound Rule Example: A Local Public Web Server If you host a public web server on your local network, you can define a rule to allow inbound web (HTTP) requests from any outside IP address to the IP address of your web server at any time of day.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Inbound Rule Example: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown in Figure 4-4, CU-SeeMe connections are allowed only from a specified range of external IP addresses.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Outbound Rules (Service Blocking) The FWAG114 allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 4-6: Figure 4-6: Rules table with examples For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules at the bottom.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The Default DMZ Server feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT. The router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC’s IP address is entered as the Default DMZ Server.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Services Services are functions performed by server computers at the request of client computers. For example, Web servers serve web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall To define a new service, first you must determine which port number or range of numbers is used by the application. This information can usually be determined by contacting the publisher of the application or from user groups of newsgroups. When you have the port number information, go the Services menu and click on the Add Custom Service button.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Using a Schedule to Block or Allow Specific Traffic If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall To block keywords or Internet domains based on a schedule, select Every Day or select one or more days. If you want to limit access completely for the selected days, select All Day. Otherwise, If you want to limit access during certain times for the selected days, type a Start Blocking time and an End Blocking time. Note: Note: Enter the values as 24-hour time.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Getting E-Mail Notifications of Event Logs and Alerts In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-Mail subheading: Figure 4-10: E-mail menu • Turn e-mail notification on. Check this box if you wish to receive e-mail logs and alerts from the router. • Your outgoing mail server. Enter the name or IP address of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com).
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • If a Port Scan is detected. • If a user on your LAN attempts to access a website that you blocked using Keyword blocking. You can specify that logs are sent to you according to a schedule. Select whether you would like to receive the logs Hourly, Daily, Weekly, or When Full. Depending on your selection, you may also need to specify: – Day for sending log Relevant when the log is sent weekly or daily.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Viewing Logs of Web Access or Attempted Web Access The router will log security-related events such as denied incoming and outgoing service requests, hacker probes, and administrator logins. If you enable content filtering in the Block Sites menu, the Log page will also show you when someone on your network tried to access a blocked site. If you enabled e-mail notification, you'll receive these logs in an e-mail message.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Log entries are described in Table 5 Table 5. Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address of the initiating device for this log entry.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Examples of log messages Following are examples of log messages. In all cases, the log entry shows the timestamp as: Day, Year-Month-Date Hour:Minute:Second Activation and Administration Tue, 2002-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2002-05-21 18:53:28 - Administrator login failed - IP:192.168.0.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Syslog You can configure the router to send system logs to an external PC that is running a syslog logging program. Enter the IP address of the logging PC and click the Enable Syslog checkbox. Logging programs are available for Windows, Macintosh, and Linux computers.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Your outgoing mail server. Enter the name of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com). You may be able to find this information in the configuration menu of your e-mail program. If you leave this box blank, log and alert messages will not be sent via e-mail. • Send to this e-mail address. Enter the e-mail address to which logs and alerts are sent. This e-mail address will also be used as the From address.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 4-22 Firewall Protection and Content Filtering
Chapter 5 Maintenance This chapter describes how to use the maintenance features of your Model FWAG114 Cable/DSL Wireless ProSafe Firewall . These features can be found by clicking on the Maintenance heading in the Main Menu of the browser interface. Viewing Firewall Status Information The Router Status menu provides a limited amount of status and usage information. From the Main Menu of the browser interface, click on Maintenance, then select System Status to view the System Status screen, shown below.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall This screen shows the following parameters: Table 6. Menu 3.2 - Firewall Status Fields Field Description Account Name This field displays the Host Name assigned to the router. Firmware Version This field displays the router firmware version. Internet Port These parameters apply to the Internet (WAN) port of the router.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Click on the “Show Statistics” button to display the connection status, as shown below. Figure 6-1: Connection Status screen This screen shows the following statistics:. Table 7. Connection Status Fields Field Description Connection Time The length of time the router has been connected to your Internet service provider’s network. Connection Method The method used to obtain an IP address from your Internet service provider.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Click on the “Show WAN Status” button to display router usage statistics, as shown below. Figure 8-1: Router Statistics screen This screen shows the following statistics: Table 9. Router Statistics Fields Field Description Port The statistics for the WAN (Internet) and LAN (local) ports. For each port, the screen displays: Status The link status of the port.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Viewing a List of Attached Devices The Attached Devices menu contains a table of all IP devices that the router has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select Attached Devices to view the table, shown below. Figure 10-1: Attached Devices menu For each device, the table shows the IP address, NetBIOS Host Name (if available), and Ethernet MAC address.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall From the Main Menu of the browser interface, under the Maintenance heading, select the Router Upgrade heading to display the menu shown below. Figure 10-2: Router Upgrade menu To upload new firmware: 1. Download and unzip the new software file from NETGEAR. 2. In the Router Upgrade menu, click the Browse button and browse to the location of the binary (.BIN) upgrade file 3. Click Upload.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall From the Main Menu of the browser interface, under the Maintenance heading, select the Settings Backup heading to bring up the menu shown below. Figure 10-3: Settings Backup menu Three options are available, and are described in the following sections.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Erasing the Configuration It is sometimes desirable to restore the router to a known blank condition. This can be done by using the Erase function, which will restore all factory settings. After an erase, the router's password will be password, the LAN IP address will be 192.168.0.1, and the router's DHCP client will be enabled. To erase the configuration, click the Erase button.
Chapter 6 Advanced Configuration This chapter describes how to configure the advanced features of your Model FWAG114 Cable/ DSL Wireless ProSafe Firewall . These features can be found under the Advanced heading in the Main Menu of the browser interface.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall . Note: If you are unfamiliar with networking and routing, refer to Appendix B, “Network, Routing, Firewall, and Basics,” to become more familiar with the terms and procedures used in this manual. Use the Port Forwarding menu to configure the router to forward incoming protocols to computers on your local network.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Editing or Deleting a Port Forwarding Entry To edit or delete a Port Forwarding entry, follow these steps. 1. In the table, select the button next to the service name. 2. Click Edit or Delete. Local Web and FTP Server Example If a local PC with a private IP address of 192.168.0.33 acts as a Web and FTP server, configure the Ports menu to forward HTTP (port 80) and FTP (port 21) to local address 192.168.0.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 4. Type the same port number in the End Port box that you typed in the Start Port box. 5. Type the IP address of the additional computer in the Server IP Address box. 6. Click Apply. Some online games and videoconferencing applications are incompatible with NAT.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The WAN Setup menu, shown below lets you configure a Default DMZ Server. Figure 6-2: WAN Setup menu. To assign a computer or server to be a Default DMZ server, follow these steps: Click WAN Setup link on the Advanced section of the main menu. Type the IP address for that server. To remove the default DMZ server, replace the IP address numbers with all zeros. 3. Click Apply. 1. 2.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Using the LAN IP Setup Options The second feature category under the Advanced heading is LAN IP Setup. This menu allows configuration of LAN IP services such as DHCP and RIP. From the Main Menu of the browser interface, under Advanced, click on LAN IP Setup to view the LAN IP Setup menu, shown below.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The LAN IP parameters are: • IP Address This is the LAN IP address of the router. • IP Subnet Mask This is the LAN Subnet Mask of the router. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router. • RIP Direction RIP (Router Information Protocol) allows a router to exchange routing information with other routers.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall For most applications, the default DHCP and TCP/IP settings of the router are satisfactory. See “IP Configuration by DHCP” on page B-10 for an explanation of DHCP and information about how to assign IP addresses for your network. If another device on your network will be the DHCP server, or if you will manually configure the network settings of all of your computers, clear the ‘Use router as DHCP server’ check box.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Note: The reserved address will not be assigned until the next time the PC contacts the router's DHCP server. Reboot the PC or access its IP configuration and force a DHCP release and renew. To edit or delete a reserved address entry: 1. Click the button next to the reserved address you want to edit or delete. 2. Click Edit or Delete.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 7. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org 8. Click Apply to save your configuration. Configuring Static Routes Static Routes provide additional routing information to your router.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 1. Click the Add button to open the Add/Edit Menu, shown below. Figure 6-5. Static Route Entry and Edit Menu 2. Type a route name for this static route in the Route Name box under the table. (This is for identification purpose only.) 3. Select Private if you want to limit access to the LAN only. The static route will not be reported in RIP. 4. Select Active to make this route effective. 5.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall When you first configured your router, two implicit static routes were created. A default route was created with your ISP as the gateway, and a second static route was created to your local network for all 192.168.0.x addresses. With this configuration, if you attempt to access a device on the 134.177.0.0 network, your router will forward your request to the ISP.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall c. 3. To allow access from a single IP address on the Internet, select Only this PC. Enter the IP address that will be allowed access. Specify the Port Number that will be used for accessing the management interface. Web browser access normally uses the standard HTTP service port 80. For greater security, you can change the remote management web interface to a custom port by entering that number in the box provided.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Using Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network. Figure 6-6. UPnP Menu From the Main Menu of the browser interface, under Advanced, click on UPnP. Set up UPnP according to the guidelines below.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Advertisement Time To Live: The time to live for the advertisement is measured in hops (steps) for each UPnP packet sent. The time to live hop count is the number of steps a broadcast packet is allowed to propagate for each UPnP advertisement before it disappears. The number of hops can range from 1 to 255. The default value for the advertisement time to live is 4 hops, which should be fine for most home networks.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 6-16 Advanced Configuration
Chapter 7 Troubleshooting This chapter gives information about troubleshooting your Model FWAG114 Cable/DSL Wireless ProSafe Firewall . After each problem description, instructions are provided to help you diagnose and solve the problem. Basic Functioning After you turn on power to the router, the following sequence of events should occur: 1. When power is first applied, verify that the Power LED 2. After approximately 10 seconds, verify that: is on. a. The Test LED is not lit. b.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall If the error persists, you have a hardware problem and should contact technical support. LEDs Never Turn Off When the router is turned on, the LEDs turns on for about 10 seconds and then turn off. If all the LEDs stay on, there is a fault within the router. If all LEDs are still on one minute after power up: • Cycle the power to see if the router recovers. • Clear the router’s configuration to factory defaults.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Troubleshooting the Web Configuration Interface If you are unable to access the router’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the router as described in the previous section. • Make sure your PC’s IP address is on the same subnet as the router.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Troubleshooting the ISP Connection If your router is unable to access the Internet, you should first determine whether the router is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address, your router must request an IP address from the ISP. You can determine whether the request was successful using the Web Configuration Manager. To check the WAN IP address: 1.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall OR Configure your router to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring Your Internet Connection” on page 2-12. If your router can obtain an IP address, but your PC is unable to load any web pages from the Internet: • Your PC may not recognize any DNS server addresses.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall If the path is working, you see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: • Wrong physical connections — Make sure the LAN port LED is on. If the LED is off, follow the instructions in “LAN or WAN Port LEDs Not On” on page 7-2.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall — If your ISP assigned a host name to your PC, enter that host name as the Account Name in the Basic Settings menu. — Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 7-8 Troubleshooting
Appendix A Technical Specifications This appendix provides technical specifications for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall . Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz, input United Kingdom, Australia: 240V, 50 Hz, input Europe: 230V, 50 Hz, input Japan: 100V, 50/60 Hz, input All regions (output): 7.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Environmental Specifications Operating temperature: 0° to 40° C (32º to 104º F) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B Interface Specifications LAN: 10BASE-T or 100BASE-Tx, RJ-45 WAN: 10BASE-T, RJ-45 Wireless Radio Data Rates 1, 2, 5.
Appendix B Network, Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall What is a Router? A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network. Using this information, the router chooses the best path for forwarding network traffic.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 195.34.12.7 The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifies the host node or station on the network. The dividing point may vary depending on the address range and the application. There are five standard classes of IP addresses.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 128.1.x.x to 191.254.x.x. • Class C Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the network address and eight bits for the node. They are in this range: 192.0.1.x to 223.255.254.x. • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. • Class E Class E addresses are for experimental use.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash ( / ), as “/n.” In the example, the address could be written as 192.168.170.237/24, indicating that the netmask is 24 ones followed by 8 zeros.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Although the preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more network numbers, you need only shift some bits from the host address to the network address. For instance, to partition a Class C network number (192.68.135.0) into two, you shift one bit from the host address to the network address.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Table 9. Netmask Formats 255.255.255.0 /24 255.255.255.128 /25 255.255.255.192 /26 255.255.255.224 /27 255.255.255.240 /28 255.255.255.248 /29 255.255.255.252 /30 255.255.255.254 /31 255.255.255.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router. The FWAG114 wireless firewall employs an address-sharing method called Network Address Translation (NAT).
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router. This filtering can prevent intruders from probing your system. However, using port forwarding, you can allow one PC (for example, a Web server) on your local network to be accessible to outside users.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Domain Name Server Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be recognized when they occur.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Ethernet Cabling Although Ethernet networks originally used thick or thin coaxial cable, most installations currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and terminated with an RJ45 type connector. A normal straight-through UTP Ethernet cable follows the EIA568B standard wiring and pinout as described in Table 10. Table 10.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The FWAG114 wireless firewall incorporates Auto UplinkTM technology (also called MDI/ MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g. connecting to a router, switch, or hub). That port will then configure itself to the correct configuration.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall B-14 Network, Routing, Firewall, and Basics
Appendix C Preparing Your Network This appendix describes how to prepare your network to connect to the Internet through the Model FWAG114 Cable/DSL Wireless ProSafe Firewall and how to verify the readiness of broadband Internet service from an Internet service provider (ISP).
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address. In most cases, you should install TCP/IP so that the PC obtains its specific network configuration information automatically from a DHCP server during bootup.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks. If you need to install a new adapter, follow these steps: a. Click the Add button. b. Select Adapter, and then click Add. c.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall If you need Client for Microsoft Networks: 3. a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The following TCP/IP Properties window will display.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is required to enable the DHCP server to automatically assign an IP address. • Click OK to continue. Restart the PC. Repeat these steps for each PC with this version of Windows on your network.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process for each of these versions of Windows. DHCP Configuration of TCP/IP in Windows XP Locate your Network Neighborhood icon. • Select Control Panel from the Windows XP new Start Menu.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window. • Click the Properties button to view details about the connection. • The TCP/IP details are presented on the Support tab page.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/ IP in Windows XP. Repeat these steps for each PC with this version of Windows on your network.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. • The Local Area Connection Properties dialog box appears. • Verify that you have the correct Ethernet card selected in the Connect using: box.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. • Obtain DNS server address automatically is selected. • Click OK to return to Local Area Connection Properties. • Click OK again to complete the configuration process for Windows 2000. Restart the PC.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. • Choose Settings from the Start Menu, and then select Control Panel. This will display Control Panel window. • Double-click the Network icon in the Control Panel window. The Network panel will display.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows NT. Restart the PC. Repeat these steps for each PC with this version of Windows on your network. Verifying TCP/IP Properties for Windows XP, 2000, and NT4 To check your PC’s TCP/IP configuration: 1.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • 4. The default gateway is 192.168.0.1 Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP. MacOS 8.6 or 9.x 1. From the Apple menu, select Control Panels, then TCP/IP. The TCP/IP Control Panel opens: 2.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 2. If not already selected, select Built-in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab. 4. Click Save. Verifying TCP/IP Properties for Macintosh Computers After your Macintosh is configured and has rebooted, you can check the TCP/IP configuration by returning to the TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account’s full server names may look like this: mail.xxx.yyy.com In this example, the domain suffix is xxx.yyy.com. If any of these items are dynamically supplied by the ISP, your firewall automatically acquires them.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration tab. If any DNS server addresses are shown, write down the addresses. If any information appears in the Host or Domain information box, write it down. Click Disable DNS. 7.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Restarting the Network Once you’ve set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your FWAG114 wireless firewall, you are ready to access and configure the firewall.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall C-22 Preparing Your Network
Appendix D Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWAG114 wireless firewall conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard for wireless LANs (WLANs) and a product update will bring the FWAG114 into conformance to the 802.11g standard when it is ratified. On an 802.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Infrastructure Mode With a wireless Access Point, you can operate the wireless LAN in the infrastructure mode. This mode provides wireless connectivity to multiple wireless network devices within a fixed range or area of coverage, interacting with wireless nodes via an antenna.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall The ESSID is usually broadcast in the air from an access point. The wireless station sometimes can be configured with the ESSID ANY. This means the wireless station will try to associate with whichever access point has the stronger radio frequency (RF) signal, providing that both the access point and wireless station use Open System authentication.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall An access point must authenticate a station before the station can associate with the access point or communicate with the network. The IEEE 802.11 standard defines two types of authentication: Open System and Shared Key. • Open System Authentication allows any device to join the network, assuming that the device SSID matches the access point SSID.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and sends the encrypted text to the access point. 4. The access point decrypts the encrypted text using its configured WEP Key that corresponds to the station’s default key. The access point compares the decrypted text with the original challenge text.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 2. Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving device decrypts the data using the same WEP Key. For authentication purposes, the network uses Open System Authentication. 3. Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall When configured for 128-bit encryption, 802.11 products typically support four WEP Keys but some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90” is a 128-bit WEP Key.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 802/11b/g Wireless Channels IEEE 802.11b/g wireless nodes communicate with each other using radio frequency signals in the ISM (Industrial, Scientific, and Medical) band between 2.4 GHz and 2.5 GHz. Neighboring channels are 5 MHz apart. However, due to spread spectrum effect of the signals, a node sending signals using a particular channel will utilize frequency spectrum 12.5 MHz above and below the center channel frequency.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Note: The available channels supported by the wireless products in various countries are different. For example, Channels 1 to 11 are supported in the U.S. and Canada, and Channels 1 to 13 are supported in Europe and Australia. The preferred channel separation between the channels in neighboring wireless networks is 25 MHz (5 channels). This means that you can apply up to three different channels within your wireless network.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Figure 4-3: IEEE 802.11a Channel Allocations The FWAG114 user can use thirteen channels in non-turbo mode.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall Table D-1: 802.11a Turbo Mode Off Radio Frequency Channels Turbo mode: OFF Channel Channel 36 36 40 40 44 44 48 48 52 52 56 56 60 60 64 64 149 5.745 GHz 153 5.765 GHz 157 5.785 GHz 161 5.805 GHz 165 5.825 GHz The FWAG114 user can use five channels in turbo mode. Turbo mode: ON Channel Frequency 42 50 58 152 160 5.21 GHz 5.25 GHz 5.29 GHz 5.76 GHz 5.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall D-12 Wireless Networking Basics
Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 802.11b IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed radio spectrum at 2.5GHz. 802.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 2 Gateway A local device, usually a router, that connects hosts on a local network to other networks. IP See Internet Protocol. IP Address A four-byte number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an organization formed for this purpose. Usually written in dotted-decimal notation with periods separating the bytes (for example, 134.177.244.57). ISP Internet service provider.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall packet A block of information sent over a network. A packet typically contains a source and destination network address, some protocol and length information, a block of data, and a checksum. PPP See Point-to-Point Protocol. PPP over Ethernet PPPoE. PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection.
Reference Manual for the Model FWAG114 Cable/DSL Wireless ProSafe Firewall 4 WEP Wired Equivalent Privacy. WEP is a data encryption protocol for 802.11b wireless networks. All wireless nodes and access points on the network are configured with a 64-bit or 128-bit Shared Key for data encryption. wide area network WAN. A long distance link used to extend or connect remotely located local area networks. The Internet is a large WAN. Windows Internet Naming Service WINS.
Index Numerics D 64 or 128 bit WEP 3-6 date and time 7-7 802.
F K factory settings, restoring 5-8 KALI 6-3 firewall features 1-2 Flash memory, for firmware upgrade 1-2 L front panel 1-6, 1-7 LAN IP Setup Menu 6-6 fully qualified domain name (FQDN) 3-5 LEDs description 1-6 troubleshooting 7-2 G gateway address C-20 H Half Life 6-3 host name 2-10, 2-13 I IANA contacting B-2 IETF B-1 Web site address B-7 log sending 4-15, 4-20 Login 2-9 M MAC address 7-7, B-9 spoofing 2-9, 2-13, 7-5 Macintosh C-19 configuring for IP networking C-16 DHCP Client ID C-16 Obtai
P package contents 1-5 Passphrase 3-7, 3-12 passphrase 1-2 Password 2-9 password restoring 7-7 restore factory settings 5-8 Restrict Wireless Access by MAC Address 3-10 RFC 1466 B-7, B-9 1597 B-7, B-9 1631 B-8, B-9 finding B-7 RIP (Router Information Protocol) 6-7 PC, using to configure C-21 router concepts B-1 ping 4-10, 6-5 Router Status 5-1 pinout, Ethernet cable B-12 Routing Information Protocol 1-4, B-2 port filtering 4-8 rules inbound 4-5 order of precedence 4-9 outbound 4-8 Port Forwarding
time of day 7-7 time zone 4-14 time-stamping 4-14 troubleshooting 7-1 Trusted Host 4-3 typographical conventions 1-xi U Uplink switch B-12 USB C-18 W WAN 6-5 WEP D-3 WEP encryption 1-2 Wi-Fi D-1 Windows, configuring for IP routing C-2, C-7 winipcfg utility C-6 WinPOET C-18 Wired Equivalent Privacy.
