Page 16 / 176 Scroll up to view Page 11 - 15
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
xvi
About This Manual
v1.0, September 2007
Page 17 / 176
1-1
v1.0, September 2007
Chapter 1
Introduction
This chapter describes the features of the NETGEAR® ProSafe 802.11g Wireless VPN Firewall,
Model FVG318.
Key Features of the VPN Firewall Router
The ProSafe 802.11g Wireless VPN Firewall with eight-port switch connects your local area
network (LAN) to the Internet through an external access device such as a cable modem or DSL
modem and provides 802.11b/g wireless LAN connectivity.
The FVG318 is a complete security solution that protects your network from attacks and
intrusions. Unlike simple Internet sharing firewalls that rely on Network Address Translation
(NAT) for security, the FVG318 uses stateful packet inspection for Denial of Service attack (DoS)
protection and intrusion detection. The FVG318 allows Internet access for up to 253 users. The
VPN firewall provides you with multiple Web content filtering options, plus browsing activity
reporting and instant alerts—both via e-mail. Parents and network administrators can establish
restricted access policies based on time-of-day, Web site addresses and address keywords, and
share high-speed cable/DSL Internet access for up to 253 personal computers. In addition to NAT,
the built-in firewall protects you from hackers.
With minimum setup, you can install and use the firewall within minutes.
The VPN firewall provides the following features:
802.11g and 802.11b standards-based wireless networking.
Wireless Multimedia (WMM) support.
Easy, Web-based setup for installation and management.
Front panel LEDs for easy monitoring of status and activity.
Content filtering and site blocking security.
Built-in eight-port 10/100 Mbps switch.
Ethernet connection to a WAN device, such as a cable modem or DSL modem.
Extensive protocol support.
Flash memory for firmware upgrade.
Page 18 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
1-2
Introduction
v1.0, September 2007
802.11g and 802.11b Wireless Networking
The VPN firewall includes an 802.11g-compliant wireless access point. The access point provides:
802.11b standards-based wireless networking at up to 11 Mbps.
802.11g wireless networking at up to 54 Mbps, which conforms to the 802.11g standard.
WPA and WPA2 enterprise class strong security with RADIUS and certificate authentication
as well as dynamic encryption key generation.
WPA-PSK and WPA2-PSK pre-shared key authentication without the overhead of RADIUS
servers but with all of the strong security of WPA and WPA2.
64-bit and 128-bit WEP encryption security.
WEP keys can be generated manually or by passphrase.
Wireless access can be restricted by MAC Address.
Wireless network name broadcast can be turned off so that only devices that have the network
name (SSID) can connect.
Wireless Multimedia (WMM) Support
WMM is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of
priorities, depending on the kind of data. Time-dependent information such as video or audio will
have a higher priority than normal traffic. For WMM to function correctly, wireless clients must
also support WMM.
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT firewalls, the FVG318 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
DoS protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
Blocks unwanted traffic from the Internet to your LAN.
Blocks access from your LAN to Internet locations or services that you specify as off-limits.
Logs security incidents.
Page 19 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
Introduction
1-3
v1.0, September 2007
The FVG318 logs security events such as blocked incoming traffic, port scans, attacks, and
administrator logins. You can configure the firewall to email the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your e-mail
address or email pager whenever a significant event occurs.
With its content filtering feature, the FVG318 prevents objectionable content from reaching
your PCs. The firewall allows you to control access to Internet content by screening for
keywords within Web addresses. You can configure the firewall to log and report attempts to
access objectionable Internet sites.
Security
The VPN firewall is equipped with several features designed to maintain security, as described in
this section.
PCs Hidden by NAT.
NAT opens a temporary path to the Internet for requests originating
from the local network. Requests originating from outside the LAN are discarded, preventing
users outside the LAN from finding and directly accessing the PCs on the LAN.
Port Forwarding with NAT.
Although NAT prevents Internet locations from directly
accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific
PCs based on the service port number of the incoming request, or to one designated DNS host
computer. You can specify forwarding of single ports or ranges of ports.
Autosensing Ethernet Connections with Auto Uplink
With its internal eight-port 10/100 switch, the FVG318 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are
autosensing and capable of full-duplex or half-duplex operation.
The firewall incorporates Auto Uplink
TM
technology. Each Ethernet port automatically senses
whether the Ethernet cable plugged into the port should have a normal connection such as to a PC
or an uplink connection such as to a switch or hub. That port then configures itself to the correct
configuration. This feature also eliminates the need to worry about crossover cables, as Auto
Uplink will accommodate either type of cable to make the right connection.
Extensive Protocol Support
The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and
Routing Information Protocol
(RIP). For further information about TCP/IP, refer to
Appendix B,
“Related Documents
.”
Page 20 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
1-4
Introduction
v1.0, September 2007
IP Address Sharing by NAT.
The VPN firewall allows several networked PCs to share an
Internet account using only a single IP address, which may be statically or dynamically
assigned by your Internet service provider (ISP). This technique, known as NAT, allows the
use of an inexpensive single-user ISP account.
Automatic Configuration of Attached PCs by DHCP.
The VPN firewall dynamically
assigns network configuration information, including IP, gateway, and Domain Name Server
(DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol
(DHCP). This feature greatly simplifies configuration of PCs on your local network.
DNS Proxy.
When DHCP is enabled and no DNS addresses are specified, the firewall
provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS
addresses from the ISP during connection setup and forwards DNS requests from the LAN.
Point-to-Point Protocol over Ethernet (PPPoE).
PPPoE is a protocol for connecting remote
hosts to the Internet over a DSL connection by simulating a dial-up connection. This feature
eliminates the need to run a login program such as Entersys or WinPOET on your PC.
Easy Installation and Management
You can install, configure, and operate the ProSafe 802.11g Wireless VPN Firewall within minutes
after connecting it to the network. The following features simplify installation and management
tasks:
Browser-based management.
Browser-based configuration allows you to easily configure
your firewall from almost any type of personal computer, such as Windows, Macintosh, or
Linux. A user-friendly Setup Wizard is provided and online help documentation is built into
the browser-based Web Management Interface.
Smart Wizard.
The VPN firewall automatically senses the type of Internet connection, asking
you only for the information required for your type of ISP account.
Diagnostic functions.
The firewall incorporates built-in diagnostic functions such as Ping,
DNS lookup, and remote reboot.
Remote management.
The firewall allows you to login to the Web Management Interface
from a remote location on the Internet. For security, you can limit remote management access
to a specified remote IP address or range of addresses, and you can choose a nonstandard port
number.
Visual monitoring.
The VPN firewall’s front panel LEDs provide an easy way to monitor its
status and activity.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top