Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2

Introduction

2-3

201-10301-02, May 2005

•

Wireless network name broadcast can be turned off so that only devices that have the network

name (SSID) can connect.

Virtual Private Networking

The FWG114P v2 Wireless Firewall/Print Server provides a secure encrypted connection between

your local network and remote networks or clients. Its VPN features include:

•

Support for up to 2 simultaneous VPN connections.

•

Support for industry standard VPN protocols.

The ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2 supports standard

keying methods (Manual or IKE), standard authentication methods (MD5 and SHA-1), and

standard encryption methods (DES, 3DES). It is compatible with many other VPN products.

•

Support for up to 168 bit encryption (3DES) for maximum security.

•

Support for VPN Main Mode, Aggressive mode, or Manual Keying.

•

Support for Fully Qualified Domain Name (FQDN) configuration when the Dynamic DNS

feature is enabled with one of the supported service providers.

Wireless Multimedia (WMM) Support

WMM is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of

priorities, depending on the kind of data. Time-dependent information such as video or audio will

have a higher priority than normal traffic. For WMM to function correctly, wireless clients must

also support WMM.

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT routers, the FWG114P v2 is a true firewall, using stateful

packet inspection to defend against hacker attacks. Its firewall features include:

•

DoS protection.

Automatically detects and thwarts DoS attacks, such as Ping of Death, SYN Flood, LAND

Attack, and IP Spoofing.

•

Blocks unwanted traffic from the Internet to your LAN.

•

Blocks access from your LAN to Internet locations or services that you specify as off-limits.

Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2

2-4

Introduction

201-10301-02, May 2005

•

Logs security incidents.

The FWG114P v2 will log security events, such as blocked incoming traffic, port scans,

attacks, and administrator logins. You can configure the router to e-mail the log to you at

specified intervals. You can also configure the router to send immediate alert messages to your

e-mail address or e-mail pager whenever a significant event occurs.

•

With its content filtering feature, the FWG114P v2 prevents objectionable content from

reaching your PCs. The router allows you to control access to Internet content by screening for

keywords within Web addresses. You can configure the router to log and report attempts to

access objectionable Internet sites.

Security

The FWG114P v2 Wireless Firewall/Print Server is equipped with several features designed to

maintain security, as described in this section:

•

PCs hidden by NAT.

NAT opens a temporary path to the Internet for requests originating from the local network.

Requests originating from outside the LAN are discarded, preventing users outside the LAN

from finding and directly accessing the PCs on the LAN.

•

Port forwarding with NAT.

Although NAT prevents Internet locations from directly accessing the PCs on the LAN, the

router allows you to direct incoming traffic to specific PCs based on the service port number

of the incoming request, or to one designated “DNS” host computer. You can specify

forwarding of single ports or ranges of ports.

Autosensing Ethernet Connections with Auto Uplink

With its internal 8-port 10/100 switch, the FWG114P v2 can connect to either a 10 Mbps standard

Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are

autosensing and capable of full-duplex or half-duplex operation.

The router incorporates Auto Uplink

TM

technology. Each Ethernet port will automatically sense

whether the Ethernet cable plugged into the port should have a ‘normal’ connection, such as to a

computer, or an ‘uplink’ connection, such as to a switch or hub. That port will then configure itself

to the correct configuration. This feature also eliminates the need to worry about crossover cables,

as Auto Uplink will accommodate either type of cable to make the right connection.

Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2

Introduction

2-5

201-10301-02, May 2005

Extensive Protocol Support

The FWG114P v2 Wireless Firewall/Print Server supports the Transmission Control Protocol/

Internet Protocol (TCP/IP) and Routing Information Protocol (RIP).

•

The ability to enable or disable IP address sharing by NAT.

The FWG114P v2 allows several networked PCs to share an Internet account using only a

single IP address, which may be statically or dynamically assigned by your Internet service

provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user

ISP account. This feature can also be turned off completely for using the FWG114P v2 in

settings where you want to manage the IP address scheme of your organization.

•

Automatic configuration of attached PCs by DHCP.

The FWG114P v2 Wireless Firewall/Print Server dynamically assigns network configuration

information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs

on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly

simplifies configuration of PCs on your local network.

•

DNS Proxy.

When DHCP is enabled and no DNS addresses are specified, the router provides its own

address as a DNS server to the attached PCs. The router obtains actual DNS addresses from

the ISP during connection setup and forwards DNS requests from the LAN.

•

PPP over Ethernet (PPPoE).

PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by

simulating a dial-up connection. This feature eliminates the need to run a login program, such

as Entersys or WinPOET on your computer.

•

PPTP login support for European ISPs, BigPond login for Telstra cable in Australia.

•

Classical IP (RFC 1577).

Some Internet service providers, in Europe for example, use Classical IP in their ADSL

services. In such cases, the firewall is able to use the Classical IP address from the ISP.

Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2

2-6

Introduction

201-10301-02, May 2005

Easy Installation and Management

You can install, configure, and operate the ProSafe Wireless 802.11g

Firewall/Print Server Model

FWG114P v2 within minutes after connecting it to the network. The following features simplify

installation and management tasks:

•

Automatic fail-over connectivity through an analog or ISDN modem connected to the serial

port. If the broadband modem Internet connection fails, after waiting for an amount of time

you specify, the FWG114P v2 can automatically establish a backup ISDN or dial-up Internet

connection via the serial port on the firewall.

•

Browser-based management.

Browser-based configuration allows you to easily configure your router from almost any type

of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is

provided and online help documentation is built into the browser-based Web Management

Interface.

•

Smart Wizard.

The FWG114P v2 Wireless Firewall/Print Server automatically senses the type of Internet

connection, asking you only for the information required for your type of ISP account.

•

Diagnostic functions.

The firewall incorporates built-in diagnostic functions, such as Ping, DNS lookup, and remote

reboot.

•

Remote management.

The firewall allows you to log in to the Web Management Interface from a remote location on

the Internet. For security, you can limit remote management access to a specified remote IP

address or range of addresses, and you can choose a nonstandard port number.

•

Visual monitoring.

The FWG114P v2 Wireless Firewall/Print Server’s front panel LEDs provide an easy way to

monitor its status and activity.

•

Regional support, including ISPs like Telstra DSL and BigPond, or Deutsche Telekom.

•

Flash memory for firmware upgrades.

NETGEAR Related Products

The following NETGEAR products are related to the ProSafe Wireless 802.11g

Firewall/Print

Server Model FWG114P v2:

•

ProSafe™ Dual Band Wireless PC Card Model WAG511

•

ProSafe™ Dual Band Wireless PCI Adapter Model WAG311

Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2

Introduction

2-7

201-10301-02, May 2005

•

54 Mbps Wireless PC Card Model WG511

•

54 Mbps Wireless PCI Card Model WG311

•

54 Mbps Wireless USB 2.0 Adapter Model WG121

•

ProSafe™ Indoor 5 dBi Omni-directional Antenna Model ANT24O5

•

ProSafe™ Indoor/Outdoor 18 dBi Patch Panel Directional Antenna Model ANT24D18

•

ProSafe™ Indoor/Outdoor 9 dBi Omni-directional Antenna Model ANT2409

•

Low-loss Antenna Cables

Package Contents

The product package should contain the following items:

•

ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P v2.

•

AC power adapter.

•

Category 5 (Cat 5) Ethernet cable.

•

FWG114P Installation Guide (201-10301-01).

•

Resource CD for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P

(SW-10023-03)

, including:

—

This manual.

—

Application Notes and other helpful information.

•

Registration and Warranty Card.

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the

carton, including the original packing materials, in case you need to return the router for repair.

The FWG114P v2 Front Panel

The front panel of the FWG114P v2 contains the status LEDs. Use the LEDs to verify various

operations. Viewed from left to right,

Table 2-1

describes the LEDs on the front of the router.

Figure 2-1:

FWG114P v2 Front Panel

ProSafe 802.11g Wireless Firewall/Print Server

Broadband

MODEL

FWG114P

PWR

P R IN TER

M O DEM

IN TER N ET

LO CA L

W LA N

TEST

ACT

ALERT

ACT

LINK

100

1

2

3

4

LNK/ACT

100

LNK/ACT