background image

ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual

5-4

Router and Network Management

v1.0, November 2007

Schedule. 

If you have set firewall rules on the Rules screen, you can configure three different 

schedules (schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a 
schedule is configured, it affects all Rules that use this schedule. You specify the days of the week 
and time of day for each schedule.

See 

“Setting a Schedule to Block or Allow Specific Traffic” on page 4-26

 for the procedure on 

how to use this feature.

Block Sites

If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the 
quad WAN gigabit firewall's filtering feature. By default, this feature is disabled; all requested 
traffic from any Web site is allowed. 

Keyword (and Domain Name) Blocking 

– You can specify up to 32 words that, should they 

appear in the Web site name (i.e., URL) or in a newsgroup name, will cause that site or 
newsgroup to be blocked by the quad WAN gigabit firewall.

You can apply the keywords to one or more groups. Requests from the PCs in the groups for 
which keyword blocking has been enabled will be blocked. Blocking does not occur for the 
PCs that are in the groups for which keyword blocking has not been enabled.

You can bypass keyword blocking for trusted domains by adding the exact matching domain 
to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for 
which keyword blocking has been enabled will still be allowed without any blocking. 

Web Component blocking

 – You can block the following Web component types: Proxy, Java, 

ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component 
blocking when the blocking of a particular Web component has been enabled.

See 

“Setting Block Sites (Content Filtering)” on page 4-27

 for the procedure on how to use this 

feature.

IP/MAC Binding

If you want to reduce outgoing traffic by preventing Internet access by certain unauthorized PCs 
on the LAN, you can use the IP/MAC binding feature to drop the traffic received from the PCs 
with the specified MAC addresses. By default, this feature is disabled; all traffic received from 
PCs with any MAC address is allowed. 

See 

“Enabling IP/MAC Binding” on page 4-29

 for the procedure on how to use this feature.

Quad WAN gigabit Firewall Features That Increase Traffic

Features that tend to increase WAN-side loading are as follows:

Содержание ProSafe Quad WAN FR538G

Страница 1: ...November 2007 202 10289 01 v1 0 NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual...

Страница 2: ...uipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equ...

Страница 3: ...ed subject to the following conditions 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form mus...

Страница 4: ...s derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retai...

Страница 5: ...ndorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATI...

Страница 6: ...perate correctly when you follow the operating instructions Keep your system away from radiators and heat sources Also do not block cooling vents Do not spill food or liquids on your system components...

Страница 7: ...thernet Connections with Auto Uplink 1 3 Extensive Protocol Support 1 3 Easy Installation and Management 1 4 Maintenance and Support 1 4 Package Contents 1 5 Router Front Panel 1 5 Router Rear Panel 1...

Страница 8: ...3 6 Port Management 3 7 Managing Groups and Hosts LAN Groups 3 8 Creating the Network Database 3 9 Setting Up Address Reservation 3 12 Configuring and Enabling the DMZ Port 3 12 Static Routes 3 15 Co...

Страница 9: ...P2P Software Prevention 4 22 Adding Customized Services 4 24 Setting a Schedule to Block or Allow Specific Traffic 4 26 Setting Block Sites Content Filtering 4 27 Enabling IP MAC Binding 4 29 Setting...

Страница 10: ...uter Configuration and System Status 5 24 Monitoring WAN Ports Status 5 25 DHCP Log 5 26 Configuring QoS Quality of Service 5 27 Maximum Bandwidth for WAN Ports 5 32 Performing Diagnostics 5 33 Chapte...

Страница 11: ...Network Configuration Requirements D 3 Internet Configuration Requirements D 4 Where Do I Get the Internet Configuration Parameters D 4 Internet Connection Information Form D 5 Overview of the Plannin...

Страница 12: ...xii Contents v1 0 November 2007...

Страница 13: ...ng paragraphs Typographical Conventions This manual uses the following typographical conventions Formats This manual uses the following formats to highlight special messages Italics Emphasis books CDs...

Страница 14: ...or index to navigate directly to where the topic is described in the manual A button to access the full NETGEAR Inc online knowledge base for the product model Links to PDF versions of the full manual...

Страница 15: ...he chapter you were viewing opens in a browser window Click the print icon in the upper left of your browser window Printing a PDF version of the Complete Manual Use the Complete PDF Manual link at th...

Страница 16: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual xvi v1 0 November 2007...

Страница 17: ...of day Website addresses and address keywords The FR538G is a plug and play device that can be installed and configured within minutes Key Features The quad WAN gigabit firewall provides the followin...

Страница 18: ...l packet inspection to defend against hacker attacks Its firewall features include DoS protection Automatically detects and thwarts DoS attacks such as Ping of Death SYN Flood LAND Attack and IP Spoof...

Страница 19: ...l duplex or half duplex operation The firewall incorporates Auto UplinkTM technology Each Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal c...

Страница 20: ...tup Wizard is provided and online help documentation is built into the browser based Web Management Interface Auto Detect The quad WAN gigabit firewall automatically senses the type of Internet connec...

Страница 21: ...er feet Category 5 Cat5 Ethernet cable Installation Guide FR538G ProSafe Quad WAN Gigabit Firewall Resource CD including Reference Manual Warranty and Support Information Card If any of the parts are...

Страница 22: ...rt has a valid Internet connection The Internet connection is down or not being used because the port is available for failover in case the connection on other WAN port fails The WAN port is either no...

Страница 23: ...contains the On Off switch and AC power connection Viewed from left to right the rear panel contains the following elements 1 Fan vent 2 AC power in 3 On Off switch Rack Mounting Hardware The FR538G...

Страница 24: ...om of the FR538G s enclosure if you forget the following factory default information IP Address http 192 168 1 1 to reach the Web based GUI from the LAN User name admin Password password Default Log I...

Страница 25: ...e Quad WAN Gigabit Firewall FR538G Reference Manual Introduction 1 9 v1 0 November 2007 3 Once the login screen displays Figure 1 5 enter the following information admin for User Name password for Pas...

Страница 26: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1 10 Introduction v1 0 November 2007...

Страница 27: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Introduction 1 11 v1 0 November 2007...

Страница 28: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1 12 Introduction v1 0 November 2007...

Страница 29: ...to the quad WAN gigabit firewall 1 Connect to the firewall by typing http 192 168 1 1 in the address field of Internet Explorer Mozilla Firefox or Netscape Navigator 2 When prompted enter admin for t...

Страница 30: ...WAN mode required for quad WAN operation Select either auto rollover mode or load balancing mode on a mutually exclusive basis For load balancing you can also select the protocol bindings 5 Configure...

Страница 31: ...your ISP Auto Detect will probe for different connection methods and suggest one that your ISP will most likely support When Auto Detect successfully detects an active Internet service it reports whi...

Страница 32: ...the traffic meter for WAN1 Settings if desired See Programming the Traffic Meter if Desired on page 2 9 PPTP Login Username Password Account Name Local IP address and PPTP Server IP address BigPond Ca...

Страница 33: ...ettings WAN3 ISP Settings and WAN4 ISP Settings screen see Configuring the Advanced WAN Options If Needed on page 2 20 Manually Configuring Your Internet Connection If you know your ISP connection typ...

Страница 34: ...talled login software such as WinPoET or Enternet then your connection type is PPPoE Select this connection and configure the following fields Account Name Valid account name for the PPPoE connection...

Страница 35: ...SP settings 1 Select the WAN ISP Settings tab to configure each WAN ISP port The WAN ISP screen for the port you selected will display 2 Repeat steps 1 through 7 above to set each WAN ISP WAN2 ISP WAN...

Страница 36: ...he Subnet Mask of the server c Gateway IP Address Enter the default Gateway Address of the network server 5 Check the Use These DNS Servers radio box in the Domain Name Server DNS Servers section and...

Страница 37: ...olume over a given period of time or if you want to look at traffic types over a period of time To enable the traffic meter 1 From the primary menu select Monitoring and then select Traffic Meter from...

Страница 38: ...in the limit Increase this month s limit Use this to temporarily increase the Traffic Limit if you have reached the monthly limit but need to continue accessing the Internet Check the checkbox and ent...

Страница 39: ...ancing Mode In this mode the router distributes the outbound traffic equally among the WAN interfaces that are functional For both alternatives you must also set up Network Address Translation NAT NAT...

Страница 40: ...o use a redundant ISP link for backup purposes ensure that the backup WAN port has already been configured Then you select the WAN port that will act as the primary link for this mode and configure th...

Страница 41: ...t will not reject the Ping request or will not consider the traffic abuse Queries are sent to this server through the WAN interface being monitored 5 Enter a Test Period in seconds DNS query is sent p...

Страница 42: ...em For example if the HTTP protocol is bound to WAN1 and the FTP protocol is bound to WAN2 then the router will automatically channel FTP data from and to the computers on the LAN through the WAN2 por...

Страница 43: ...2 b Destination Network These settings determine which Internet locations are covered by the rule based on their IP address Select the desired option Any All Internet IP address are covered by this ru...

Страница 44: ...ocol bindings for all of the WAN ports To Edit or Add additional Protocol Binding settings 1 Select Network Configuration from the main menu and Protocol Binding from the submenu The WAN1 Protocol Bin...

Страница 45: ...TZO and Iego are provided for your convenience on the Dynamic DNS Configuration screen The quad WAN gigabit firewall firmware includes software that notifies dynamic DNS servers of changes in the WAN...

Страница 46: ...g mode you may still need a fully qualified domain name FQDN either for convenience or if you have a dynamic IP address To configure Dynamic DNS 1 Select Network Configuration from the primary menu an...

Страница 47: ...fter setting up your account return to the Dynamic DNS Configuration screen and fill in the required fields for the DDNS service you selected a In the Host and Domain Name field enter the entire FQDN...

Страница 48: ...d feature will cause yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org 5 Click Apply to save your configuration 6 Click Reset to return to the previous settings Configuri...

Страница 49: ...links continuously you may need to set the port speed manually This could occur with some older broadband modems If you know that the Ethernet port on your broadband modem supports 100BaseT select 100...

Страница 50: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 2 22 Connecting the FR538G v1 0 November 2007...

Страница 51: ...a Computer for Network Access in Appendix C Related Documents for an explanation of DHCP and information about how to assign IP addresses for your network If another device on your network will be the...

Страница 52: ...nistrator To modify your LAN setup 1 Select Network Configuration from the primary menu and LAN Setup from the submenu The LAN Setup screen will display 2 Enter the IP Address of your router factory d...

Страница 53: ...sses in the IP address pool Any new DHCP client joining the LAN will be assigned an IP address between the Starting IP address and this IP address The IP address 192 168 1 100 is the default ending ad...

Страница 54: ...router The IP Address is the alias added to the LAN port of the router This will be the gateway for computers that need to access the Internet The Subnet Mask is the IPv4 Subnet Mask To add a seconda...

Страница 55: ...he Action column adjacent to the selected entry The Edit Secondary LAN IP Setup screen will display 2 Modify the IP Address and Subnet Mask fields and click Apply Figure 3 2 Note Additional IP address...

Страница 56: ...he Port Mirror tab The Port Mirror screen will display 2 Select the Yes radio box to enable Port Mirror 3 Select the LAN radio box for the port you want to enable as the mirror port 4 Check Egress Ing...

Страница 57: ...ndaries so only stations whose ports are members of the same VLAN can see those frames To enable Port Management 1 Select Network Configuration LAN Setup from the main menu and then click the Port Man...

Страница 58: ...assigned dynamic IP addresses by this router Collectively these entries make up the Network Database The Network Database is created in two ways DHCP Client Requests By default the DHCP server in thi...

Страница 59: ...identify each PC or device So changing a PC s IP address does not affect any restrictions on that PC Group and individual control over PCs You can assign PCs to Groups and apply restrictions to each...

Страница 60: ...n will display 2 In the Add Known PCs and Devices table enter the name of the PC or device 3 From the IP Address Type pull down menu select Reserved DHCP Client to direct the router to reserve the IP...

Страница 61: ...on this screen 3 Click Reset to cancel your settings and return to the previous settings 4 Click Apply to save your new settings The modified record will appear in the Know PCs and Devices table To e...

Страница 62: ...nt IP settings The Reserved IP address that you select must be outside of the DHCP Server pool To reserve an IP address use the Groups and Hosts screen under the Network Configuration menu LAN Groups...

Страница 63: ...run the application properly if those PCs are used on the DMZ port The DMZ Setup screen allows you to set up the DMZ port It permits you to enable or disable the hardware DMZ port LAN port 4 see Route...

Страница 64: ...the IP address pool c WINS Server This box specifies the Windows Internet Naming Service Server IP d Lease Time This box specifies the Lease time to be given to the DHCP Clients e Enable DNS Proxy If...

Страница 65: ...te routing information after it has been configured for Internet access and you do not need to configure additional static routes You should configure static routes only for unusual cases such as mult...

Страница 66: ...physical network interface WAN1 WAN2 WAN3 WAN4 or LAN through which this route is accessible 9 Enter the Gateway IP Address through which the destination host or network can be reached must be a fire...

Страница 67: ...ting from the main menu When the Routing screen displays click the RIP Configuration link The RIP Configuration screen will display 2 From the RIP Direction pull down menu select the direction in whic...

Страница 68: ...M send the routing data in RIP 2 format RIP 2B Sends the routing data in RIP 2 format and uses subnet broadcasting RIP 2M Sends the routing data in RIP 2 format and uses multicasting 4 Authentication...

Страница 69: ...the company s firewall In this case you must define a static route telling your firewall that 134 177 0 0 should be accessed through the ISDN firewall at 192 168 1 100 In this example The Destination...

Страница 70: ...using the following symtax rules 1 The file content must be a text file 2 You must use the following syntax rules to compose your file network xxx xxx xxx xxx mask yyy yyy yyy yyy or host zzz zzz zzz...

Страница 71: ...Manual LAN Configuration 3 21 v1 0 November 2007 For example network 60 12 32 0 mask 255 255 240 0 network 60 12 48 0 mask 255 255 248 0 host 60 12 56 0 host 60 12 56 1 network 60 12 56 2 mask 255 25...

Страница 72: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 3 22 LAN Configuration v1 0 November 2007...

Страница 73: ...Internet while allowing communication between the two You can further segment keyword blocking to certain known groups see Configuring Port Mirror on page 3 6 to set up LAN Groups A firewall incorpora...

Страница 74: ...the firewall unless the traffic is in response to a request from the LAN side The firewall can be configured to allow this otherwise blocked traffic Customized Services Additional services can be adde...

Страница 75: ...hedule3 that will be used by this rule This drop down menu gets activated only when BLOCK by schedule otherwise Allow or ALLOW by schedule otherwise Block is selected as Action Use schedule page to co...

Страница 76: ...e local server PC is assigned by DHCP it may change when the PC is rebooted To avoid this you can implement one of the following methods Use the Reserved IP address feature in the LAN Groups menu unde...

Страница 77: ...ault rule Action Select Schedule Select the desired time schedule i e Schedule1 Schedule2 or Schedule3 that will be used by this rule see Setting a Schedule to Block or Allow Specific Traffic on page...

Страница 78: ...ress applicable to incoming traffic This is the public IP address that will map to the internal LAN server it can either be the address of the WAN1 WAN2 WAN3 or WAN4 ports or another public IP address...

Страница 79: ...more rules may be important in determining the disposition of a packet For example you should place the most strict rules at the top those with the most specific services or addresses The Up and Down...

Страница 80: ...make any changes to the rule definition of an existing rule The Outbound Service screen will display containing the data for the selected rule see Figure 4 3 on page 4 9 Up to move the rule up one pos...

Страница 81: ...Administrator Tips on page 4 38 To create a new outbound service rule 1 Click Add under the Outbound Services Table The Add LAN WAN Outbound Service screen will display 2 Complete the Outbound Servic...

Страница 82: ...le 4 2 on page 4 5 3 Click Reset to cancel your settings and return to the previous settings 4 Click Apply to save your changes and reset the fields on this screen The new rule will be listed on the I...

Страница 83: ...Default Outbound Policy 1 Select Security from the main menu Firewall Rules from the submenu and then select the DMZ WAN Rules tab The DMZ WAN Rules screen will display 2 Click Add under the Outbound...

Страница 84: ...block specific types of traffic from either going out from the LAN to the DMZ Outbound or coming in from the DMZ to the LAN Inbound To access the LAN DMZ Rules screen 1 Select Security on the main me...

Страница 85: ...bound Services Rules To create a new outbound LAN DMZ service rule 1 Click Add under the Outbound Services Table The Add LAN DMZ Outbound Service screen will display 2 Complete the Outbound Service sc...

Страница 86: ...ound Rule Hosting A Local Public Web Server If you host a public Web server on your local network you can define a rule to allow inbound Web HTTP requests from any outside IP address to the IP address...

Страница 87: ...e public IP address for your use you can use the additional public IP addresses to map to servers on your LAN or DMZ One of these public IP addresses will be used as the primary IP address of the rout...

Страница 88: ...will display 4 From the Service pull down menu select the HTTP service for a Web server 5 From the Action pull down menu select Allow Always 6 In the Send to LAN Server field enter the local IP addre...

Страница 89: ...is the public IP address you have mapped to your Web server You should see the home page of your Web server LAN WAN or DMZ WAN Inbound Rule Specifying an Exposed Host Specifying an exposed host allows...

Страница 90: ...le Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours you can create an outbound rule to block that application from any internal IP address to a...

Страница 91: ...firewall will reject all ping packets to avoid an ICMP Sweep or Ping Sweep attack DDoS Protection Block Fragmenting Attacks Fragmentation attack is a form of attack that is initiated when one machine...

Страница 92: ...e excessive ICMP return packets do not reach him thus making the attacker s network location anonymous Block Non standard Packets Abnormal packets are often used by hackers especially for DoS attacks...

Страница 93: ...the Session Limit tab The Session Limit screen will display 2 Select one of the session limit options by clicking the corresponding radio button a If no session limit is desired for any client click...

Страница 94: ...the specific P2P applications to protect your computer You can also add custom P2P applications P2P software prevention is disabled by default To enable P2P Software Prevention 1 Select Security Firew...

Страница 95: ...o indicate that the service has been enabled To add a new custom service 1 Add the following information in the Add Custom P2P Application Service table a In the Name column enter the name of the serv...

Страница 96: ...The service numbers for many common protocols are defined by the Internet Engineering Task Force IETF and published in RFC1700 Assigned Numbers Service numbers for other applications are typically cho...

Страница 97: ...venience 3 Select the Layer 4 Protocol that the service uses as its transport protocol It can be TCP UDP TCP UDP or ICMP 4 Enter the first TCP or UDP port of the range that the service uses If the ser...

Страница 98: ...ted The firewall allows you to specify when blocking will be enforced by configuring one of the Schedules Schedule 1 Schedule 2 or Schedule 3 To invoke rules and block keywords or Internet domains bas...

Страница 99: ...ll see a Blocked by NETGEAR message Several types of blocking are available Web Components blocking You can block the following Web component types Proxy Java ActiveX and Cookies Even sites on the Tru...

Страница 100: ...k all Internet browsing access enter the keyword To enable Content Filtering 1 Select Security Block Sites from the sub menu The Block Sites screen will display 2 Check the Yes radio button to enable...

Страница 101: ...ring 4 29 v1 0 November 2007 Enabling IP MAC Binding IP MAC binding allows you to assign a fixed IP address to a client This IP address does not change over time even after the router is rebooted Once...

Страница 102: ...Repeat this step until all desired IP MAC address bindings are entered 4 Click Apply to save your settings otherwise click Reset to return to the previous settings To delete existing IP MAC binding 1...

Страница 103: ...ts for a timeout interval and then closes the port or range of ports making them available to other computers on the private network Port triggering allows some applications running on a LAN network t...

Страница 104: ...fter which the Port Trigger will timeout 4 In the Add Port Triggering Rule section enter a user defined name for this rule in the Name field 5 In the Service User section select the Any radio box or s...

Страница 105: ...Reference Manual Firewall Protection and Content Filtering 4 33 v1 0 November 2007 To edit or modify a rule 1 Click Edit in the Action column opposite the rule you wish to edit The Edit Port Triggeri...

Страница 106: ...other information to a specified e mail address For example your quad WAN gigabit firewall will log security related events such as accepted and dropped packets on different segments of your LAN or DM...

Страница 107: ...so it is good practice to select only those events which are required To set up Firewall Logs and E mail alerts 1 Select Monitoring Firewall Logs E mail from the main menu The Firewall Logs E mail sc...

Страница 108: ...rver requirements Then enter the user name and password to be used for authentication 7 If you want to respond to IDENT protocol check the Respond to Identd from SMTP Server radio box The Ident Protoc...

Страница 109: ...the E mail Logs options as been enabled you can send a copy of the log by clicking send log 3 Click refresh log to retrieve the latest update and click clear log to delete all entries Log entries are...

Страница 110: ...ased Rules on page 4 2 Schedules see Setting a Schedule to Block or Allow Specific Traffic on page 4 26 Block sites see Setting Block Sites Content Filtering on page 4 27 IP Mac Binding see Enabling I...

Страница 111: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Firewall Protection and Content Filtering 4 39 v1 0 November 2007...

Страница 112: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 4 40 Firewall Protection and Content Filtering v1 0 November 2007...

Страница 113: ...ets through when there is a bottleneck and either reducing unnecessary traffic or rescheduling some traffic to low peak times to prevent bottlenecks from occurring in the first place The quad WAN giga...

Страница 114: ...Service blocking Block sites Source MAC filtering Service Blocking You can control specific outbound traffic for example from LAN to WAN and from DMZ to WAN Outbound Services lists all existing rules...

Страница 115: ...ffic on page 4 1 for the procedure on how to use this feature Services The Rules menu contains a list of predefined Services for creating firewall rules If a service does not appear in the predefined...

Страница 116: ...word blocking has been enabled will be blocked Blocking does not occur for the PCs that are in the groups for which keyword blocking has not been enabled You can bypass keyword blocking for trusted do...

Страница 117: ...default rule blocks all inbound traffic Each rule lets you specify the desired action for the connections covered by the rule BLOCK always BLOCK by schedule otherwise Allow ALLOW always ALLOW by sched...

Страница 118: ...ou can specify whether the rule is to be applied on the Schedule 1 Schedule 2 or Schedule 3 time schedule see Setting a Schedule to Block or Allow Specific Traffic on page 4 26 See Using Rules to Bloc...

Страница 119: ...nabled see Router Front Panel on page 1 5 See Configuring and Enabling the DMZ Port on page 3 12 and Setting DMZ WAN Rules on page 4 10 for the procedure on how to use this feature Using QoS to Shift...

Страница 120: ...tion Manager is password Netgear recommends that you change this password to a more secure password You can also configure a separate password for guests To modify User or Admin settings 1 Select Admi...

Страница 121: ...ing Remote Management Access on page 5 9 Figure 5 1 Note The password and time out value you enter will be changed back to password and 5 minutes respectively after a factory defaults reset Note Be su...

Страница 122: ...select IP address range Enter a beginning and ending IP address to define the allowed range c To allow access from a single IP address on the Internet select Only this PC Enter the IP address that wi...

Страница 123: ...rt The trap port of the configuration Community The trap community string of the configuration To create a new SNMP configuration entry 1 Select Administration SNMP from the main menu The SNMP screen...

Страница 124: ...configuration in the Community field 5 Click Add to create the new configuration The entry will display in the SNMP Configuration table 6 Click Edit in the Action column adjacent to the entry to modi...

Страница 125: ...UPnP screen will display 2 Check the Enable radio box under Do you want to enable UPnP service 3 Click Apply to save the settings otherwise click Reset to return to previous settings Settings Backup...

Страница 126: ...the file click restore An Alert page will appear indicating the status of the restore operation You must manually restart the quad WAN gigabit firewall for the restored settings to take effect To res...

Страница 127: ...e your firmware the Firmware Version will change to reflect the new version To download a firmware version 1 Click Check to go to the NETGEAR website and then click on Downloads You can also select th...

Страница 128: ...e computer clock times in a network of computers Select Administration from the main menu and Time Zone from the submenu The Time Zone screen will display To set Time Date and NTP servers 1 Select Adm...

Страница 129: ...ver 1 or Server 2 fields empty they will be set to the Default Netgear NTP servers 5 Click Apply to save your settings or click Cancel to revert to your previous settings Monitoring the Router You can...

Страница 130: ...d the Traffic Meter these statistics are not available Traffic by Protocol Click this button to display Internet Traffic details The volume of traffic for each protocol will be displayed in a sub wind...

Страница 131: ...the Firewall Logs E mail screen that is invoked by selecting Monitoring from the main menu and selecting Firewall Logs E mail from the submenu You can send a System log of firewall activities to an em...

Страница 132: ...enu contains a table of all IP devices that the quad WAN gigabit firewall has discovered on the local network Select Monitoring Attached Devices from the main menu The Attached Devices screen will dis...

Страница 133: ...lients However sometimes the name of the PC or device cannot be accurately determined and will be shown as Unknown You can set the polling interval in seconds The Attached Devices table lists all curr...

Страница 134: ...rebooted the table data is lost until the quad WAN gigabit firewall rediscovers the devices Figure 5 11 Table 5 2 Port Triggering Status data Item Description Rule The name of the Rule LAN IP Address...

Страница 135: ...work Management 5 23 v1 0 November 2007 Viewing Router Configuration and System Status The Router Status screen provides status and usage information Select Monitoring from the main menu and Router St...

Страница 136: ...he router is using This will change if you upgrade your router LAN Port Displays the current settings for MAC address IP address DHCP role and IP Subnet Mask that you set in the LAN IP Setup page DHCP...

Страница 137: ...ter and Network Management 5 25 v1 0 November 2007 DHCP Log You can view the DHCP log from the LAN Setup screen Select Network Configuration from the main menu and LAN Setup from the submenu When the...

Страница 138: ...traffic Bandwidth allocation or priority can be assigned for individual traffic to ensure service quality The following table provides an explanation of the configuration parameters available for QoS...

Страница 139: ...ic that exceeds the traffic profile which is defined by local policy is discarded DiffServ EF Assured Forwarding AF Has four classes AF1 AF2 AF3 AF4 and three drop precedences within each class for a...

Страница 140: ...creen will display 2 From the Interface pull down menu select the WAN interface where QoS will be implemented 3 From the Service pull down menu select the protocol service that will be controlled by Q...

Страница 141: ...ct the class of QoS see Table 5 4 on page 5 26 for a description of the values 6 For the Hosts to be controlled by QoS select either The IP Address checkbox and then enter an IP range or The Group che...

Страница 142: ...dd at the bottom of the screen The Add QoS screen for Priority will display 2 From the Interface pull down menu select the WAN port that will control the QoS 3 From the Service pull down menu select t...

Страница 143: ...our ISP To enter the maximum bandwidth provided by your ISP 1 Select Monitoring QoS from the main menu and then click the Maximum Bandwidth tab The Maximum Bandwidth screen will display 2 Enter the ma...

Страница 144: ...nostics You can perform diagnostics such as pinging an IP address performing a DNS lookup displaying the routing table rebooting the firewall and capturing packets Select Monitoring Diagnostics from t...

Страница 145: ...screen click Back on the Windows menu bar to return to the Diagnostics screen Perform a DNS Lookup A DNS Domain Name Server converts the Internet name e g www netgear com to an IP address If you need...

Страница 146: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 5 34 Router and Network Management v1 0 November 2007...

Страница 147: ...hat are connected c The Internet port LED is lit If a port s LED is lit a link has been established to the connected device If a LAN port is connected to a 100 Mbps device verify that the port s LED i...

Страница 148: ...pport LAN or Internet Port LEDs Not On If either the LAN LEDs or Internet LED do not light when the Ethernet connection is made check the following Make sure that the Ethernet cable connections are se...

Страница 149: ...in and the password is password Make sure that CAPS LOCK is off when entering this information If the firewall does not save changes you have made in the Web Configuration Interface check the followin...

Страница 150: ...P address from the ISP you may need to force your cable or DSL modem to recognize your new firewall by performing the following procedure 1 Turn off power to the cable or DSL modem 2 Turn off power to...

Страница 151: ...etwork Using a Ping Utility Most TCP IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device The device then responds with an echo reply Tro...

Страница 152: ...SP s DNS server If the path is functioning correctly replies as in the previous section are displayed If you do not receive replies Check that your PC has the IP address of your firewall listed as the...

Страница 153: ...defaults 1 Press and hold the reset button until the Test LED turns on and begins to blink about 10 seconds 2 Release the reset button and wait for the firewall to reboot Problems with Date and Time...

Страница 154: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 6 8 Troubleshooting v1 0 November 2007...

Страница 155: ...utton for a shorter period of time will simply cause your device to reboot Table A 1 quad WAN gigabit firewall Default Configuration Settings Feature Default Behavior Router Login User Login URL http...

Страница 156: ...the http port Outbound communications going out to the Internet Enabled all Source MAC filtering Disabled Table A 2 quad WAN gigabit firewall Technical Specifications Feature Specifications Network Pr...

Страница 157: ...e 0 to 50 C 32 to 122 F Operating humidity 90 maximum relative humidity noncondensing Electromagnetic Emissions Meets requirements of FCC Part 15 Class B EN 55 022 CISPR 22 Class B Interface Specifica...

Страница 158: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual A 4 Default Settings and Technical Specifications v1 0 November 2007...

Страница 159: ...ewall Network Configuration Diagnostic Monitor When preparing to use the CLI engine make sure that your serial port parameters are set as follows To activate the CLI engine 1 Configure the serial port...

Страница 160: ...d cmd Arguments cmd name of CLI command which will be called help Command Description Presents detailed description and arguments for the CLI command Synopsis help cmd Arguments cmd CLI help command t...

Страница 161: ...ommand Description Show current completer system configuration Synopsis admin showConfig admin crashDump Command Description Code dump when system crashes Synopsis admin crashDump Firewall fw mac stat...

Страница 162: ...n Show port trigger web status Synopsis fw ptrgr status fw rules attackChecks status Command Description Show Defense Against DDoS Attack status firewall dos Synopsis fw rules attackChecks status fw r...

Страница 163: ...anDmz outbound show Command Description Show landmz outbound rules Synopsis fw rules dmzLan outbound show fw rules lanWan inbound show Command Description Show firewall lanwan inbound rules Synopsis f...

Страница 164: ...sis fw svc customsvcshow fw svc defaultsvcshow Command Description Show default firewall service Synopsis fw svc defaultsvcshow fw web keyword show Command Description Show block site keyword Synopsis...

Страница 165: ...escription Display all known and discovered hosts on the LAN Synopsis netConf lanGrps list netConf lanSetup dhcpd show Command Description Display DHCP daemon status enabled or disabled If DHCP daemon...

Страница 166: ...254 mask 255 255 255 0 netConf lanSetup lanStatic ifConf 2 192 168 10 254 mask 255 255 255 0 netConf lanSetup lanStatic ifDel Command Description Disable LAN interfaces including LAN and DMZ Synopsis...

Страница 167: ...ALShow netConf lanSetup lanStatic ipAShow Command Description Display a single LAN IP and its alias Synopsis netConf lanSetup lanStatic ipAShow id netConf lanSetup lanStatic ipAConf Command Descriptio...

Страница 168: ...dresses total netConf routing rip show Command Description Show current RIP configuration Synopsis netConf routing rip show netConf routing static get Command Description Show all list entries of rout...

Страница 169: ...ption Show current configuration of WAN port Synopsis netConf wan wanSetup show WANID Arguments WANID WAN port number Results 0 All 1 WAN 1 2 WAN 2 3 WAN 3 4 WAN 4 netConf wan wanSetup status Command...

Страница 170: ...table Synopsis monitor diag arpDel d IP monitor diag arpShow Command Description Show all arp address mapping entries Synopsis monitor diag arpShow IP monitor diag nsLookup Command Description Show th...

Страница 171: ...eboot monitor diag routeDisplay Command Description show IP routing table Synopsis monitor diag routeDisplay monitor diag tcpdumpStart Command Description Capture the network packets on a specified in...

Страница 172: ...Destination IP address DomainName Destination domain name monitor firewallLogs logger viewLog Command Description Browses the log messages Synopsis monitor firewallLogs logger viewLog monitor firewall...

Страница 173: ...irewall FR538G Reference Manual Command Line Interface Guide B 15 v1 0 November 2007 Arguments WANID WAN port number Results 0 All 1 WAN 1 2 WAN 2 3 WAN 3 4 WAN 4 Examples monitor trafficMtr show 1 or...

Страница 174: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual B 16 Command Line Interface Guide v1 0 November 2007...

Страница 175: ...etworking and TCP IP Addressing http documentation netgear com reference enu tcpip index htm Wireless Communications http documentation netgear com reference enu wireless index htm Preparing a Compute...

Страница 176: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual C 2 Related Documents v1 0 November 2007...

Страница 177: ...c IP address b If you are going to use all WAN ports determine whether you are going to use them in rollover mode for increased system reliability or load balancing mode for maximum bandwidth efficien...

Страница 178: ...ng a separate ISP for each WAN port or are having the traffic of both WAN ports routed through the same ISP You will need your ISP information for Configuring the WAN Port Internet Connections on page...

Страница 179: ...igabit Firewall Cabling and Computer Hardware Requirements To use the quad WAN gigabit firewall on your network each computer must have an installed Ethernet Network Interface Card NIC and an Ethernet...

Страница 180: ...you can ask your ISPs to provide it or you can try one of the options below If you have a computer already connected using the active Internet access account you can gather the configuration informati...

Страница 181: ...atic Internet IP Address ______ ______ ______ ______ Gateway IP Address ______ ______ ______ ______ Subnet Mask ______ ______ ______ ______ ISP DNS Server Addresses If you were given DNS server addres...

Страница 182: ...rather than being discarded The mechanism for making the IP address public depends on whether the quad WAN ports are configured to either roll over or balance the loads See Inbound Traffic on page D...

Страница 183: ...you have configured in the Inbound Rules menu Instead of discarding this traffic you can have it forwarded to one or more LAN hosts on your network The addressing of the firewall s quad WAN port depen...

Страница 184: ...ems The IP address range of the firewall s WAN port must be both fixed and public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled...

Страница 185: ...cing Figure D 6 the Internet address of each WAN port is either fixed if the IP address is fixed or a fully qualified domain name if the IP address is dynamic Note Load balancing is implemented for ou...

Страница 186: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual D 10 Network Planning for Quad WAN Ports v1 0 November 2007...

Страница 187: ...2 11 restoring WAN interface 2 14 use with DDNS 2 18 Using WAN port 2 12 B Back up settings 5 14 backup and restore settings 5 14 bandwidth capacity 5 1 LAN side 5 1 Load balancing mode 5 1 Rollover...

Страница 188: ...3 1 configuring secondary IP addresses 3 5 diagnostics DNS lookup 5 33 packet capture 5 33 ping 5 33 rebooting 5 33 routing table 5 33 Diagnostics screen 5 33 Disable DHCP Server 3 1 3 3 DMZ about 3 1...

Страница 189: ...wall Protection Content Filtering about 4 1 firewall protection 4 1 firmware downloading 5 16 upgrade 5 15 Fixed IP 2 4 Fixed IP Address 3 10 FQDN 2 18 fully qualified domain name See FQDN FR538G8 fea...

Страница 190: ...3 9 L LAN configuration 3 1 using LAN IP setup options 3 2 LAN DMZ Inbound Services adding rule 4 13 LAN DMZ Outbound Services adding rule 4 13 LAN DMZ Rules 4 12 LAN DMZ Rules screen 4 12 LAN DMZ se...

Страница 191: ...7 NTP Servers custom 5 17 default 5 17 NTP servers setting 5 17 O Outbound Rules default definition 4 2 field descriptions 4 3 order of precedence 4 7 service blocking 4 2 outbound rules 4 2 Outbound...

Страница 192: ...7 reducing traffic 5 2 Block Sites 5 4 Service Blocking 5 2 Source MAC Filtering 5 5 remote management 5 10 access 5 10 configuration 5 10 requirements hardware D 3 Reserved IP Address 3 10 Reserved...

Страница 193: ...raffic D 7 sniffer 6 3 SNMP about 5 11 configuring 5 11 global access 5 12 host only access 5 12 subnet access 5 12 SNMP screen 5 12 Source MAC Filtering reducing traffic 5 5 Source Network Add Protoc...

Страница 194: ...cing 2 14 viewing logs 5 20 W WAN configuring Advanced options 2 20 configuring WAN Mode 2 11 WAN Failure Detection Method 2 11 2 12 WAN Mode 2 12 WAN Port 1 status 2 4 WAN Ports monitoring status 5 2...

Отзывы: