WER-401
Wireless SOHO Firewall Gateway



       User’s Guide
             Version 1.01
            November 2001
WER-401 Wireless SOHO Firewall Gateway



                                                                                ...
5.5   Status.................................................................................................................
WER-401 Wireless SOHO Firewall Gateway



                                                                                ...
Figure 6-10 Restore Previously Saved Configurations .........................................................................
WER-401 Wireless SOHO Firewall Gateway



                                                                                ...
WER-401 Wireless SOHO Firewall Gateway




                                        Chapter 1
                             ...
WER-401 Wireless SOHO Firewall Gateway


       • MAC address filter for wireless LAN access control
      Embedded FTP Se...
WER-401 Wireless SOHO Firewall Gateway


           • PPTP support


1.3     Features in Detail

1.3.1 NAT Implementation
...
WER-401 Wireless SOHO Firewall Gateway


1.3.4 Security
The WER-401 wireless SOHO Firewall gateway is equipped with severa...
WER-401 Wireless SOHO Firewall Gateway


           Trusted Host
           The WER-401 allows the user to specify one Tru...
WER-401 Wireless SOHO Firewall Gateway


The WER-401 wireless SOHO Firewall gateway provides a Normal/Uplink button. By sw...
WER-401 Wireless SOHO Firewall Gateway


         The WER-401 wireless SOHO Firewall gateway front panel LEDs provide an e...
WER-401 Wireless SOHO Firewall Gateway




                                    Chapter 2
                                 ...
WER-401 Wireless SOHO Firewall Gateway


2.3      WER-401 Wireless SOHO Firewall gateway Front Panel
The WER-401 wireless ...
WER-401 Wireless SOHO Firewall Gateway


Cascade Uplink Switches               One uplink switch to set LAN port #4 as nor...
WER-401 Wireless SOHO Firewall Gateway


computer, hub, or switch. For any connection that will operate at 100 Mbps, you m...
WER-401 Wireless SOHO Firewall Gateway


                  The Test LED is steady green on. If this LED is still blinking ...
WER-401 Wireless SOHO Firewall Gateway




                            Chapter 3
                     Preparing Your Netwo...
WER-401 Wireless SOHO Firewall Gateway


           Computer IP addresses - 192.168.1.2 through 192.168.1.32
           Su...
WER-401 Wireless SOHO Firewall Gateway


             b.   Select Adapter, and then click Add.
             c.   Select th...
WER-401 Wireless SOHO Firewall Gateway


      3.    Connect your Ethernet-interfaced computers to the wireless SOHO Firew...
WER-401 Wireless SOHO Firewall Gateway




                                    Figure 3-2 Macintosh TCP/IP

 2.   From the...
WER-401 Wireless SOHO Firewall Gateway


If you do not see these values, you may need to restart your Macintosh or you may...
WER-401 Wireless SOHO Firewall Gateway


         An IP address and subnet mask
         A gateway IP address, which is th...
WER-401 Wireless SOHO Firewall Gateway


           If any DNS server addresses are shown, write down the addresses. If an...
WER-401 Wireless SOHO Firewall Gateway




                     Chapter 4
         Introducing The Web Configurator
This c...
WER-401 Wireless SOHO Firewall Gateway




                                           WER-401




                        ...
WER-401 Wireless SOHO Firewall Gateway




                    Figure 4-2 Embedded Web Configurator Home – SiteMap

The re...
WER-401 Wireless SOHO Firewall Gateway


      3.   Click Advanced to configure dynamic DNS, port forwarding, static route...
WER-401 Wireless SOHO Firewall Gateway


4.3.1 DSL User
Follows the Step 1 to Step 3 sequentially, and you can setup the D...
WER-401 Wireless SOHO Firewall Gateway


4.3.2 Cable User
Follows the Step 1 to Step 4 sequentially, and you can setup the...
WER-401 Wireless SOHO Firewall Gateway




                            Chapter 5
                     The Basic Setup Scre...
WER-401 Wireless SOHO Firewall Gateway




                              Figure 5-1 Internet Setup



5-2                 ...
WER-401 Wireless SOHO Firewall Gateway


                                          Table 5-1 WAN Setup
          FIELD    ...
WER-401 Wireless SOHO Firewall Gateway


            FIELD                                                 DESCRIPTION
   ...
WER-401 Wireless SOHO Firewall Gateway


5.2     System
Click the System tab to display the next screen. Use this screen t...
WER-401 Wireless SOHO Firewall Gateway


                                               Table 5-2 System
            FIELD...
WER-401 Wireless SOHO Firewall Gateway




                                         Figure 5-3 LAN

                      ...
WER-401 Wireless SOHO Firewall Gateway


          FIELD                                               DESCRIPTION
Enable ...
WER-401 Wireless SOHO Firewall Gateway


The DHCP Table shows all IP address assignments that have been made by the wirele...
WER-401 Wireless SOHO Firewall Gateway




                           Figure 5-5 Wireless LAN Setup



5-10               ...
WER-401 Wireless SOHO Firewall Gateway


                                     Table 5-5 Wireless LAN Setup
FIELD          ...
WER-401 Wireless SOHO Firewall Gateway


FIELD                                DESCRIPTION
                                ...
WER-401 Wireless SOHO Firewall Gateway




                                     Figure 5-6 Status Screen

                ...
WER-401 Wireless SOHO Firewall Gateway


           FIELD                                                DESCRIPTION
     ...
WER-401 Wireless SOHO Firewall Gateway




                                  Figure 5-7 Statistics Screen

               ...
WER-401 Wireless SOHO Firewall Gateway




                         Chapter 6
                The Advanced Setup Screens
T...
WER-401 Wireless SOHO Firewall Gateway




                                     Figure 6-1 Dynamic DNS Setup

            ...
WER-401 Wireless SOHO Firewall Gateway


         FIELD                                               DESCRIPTION
        ...
WER-401 Wireless SOHO Firewall Gateway


(also called DMZ) to which all other incoming protocols are forwarded. To configu...
WER-401 Wireless SOHO Firewall Gateway


Local Game Host or Videoconference Example
Some online games and videoconferencin...
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
zyxel manual - swg14
Upcoming SlideShare
Loading in...5
×

zyxel manual - swg14

626

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
626
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

zyxel manual - swg14

  1. 1. WER-401 Wireless SOHO Firewall Gateway User’s Guide Version 1.01 November 2001
  2. 2. WER-401 Wireless SOHO Firewall Gateway Table of Contents List of Figures............................................................................................................................................ iv List of Tables ............................................................................................................................................. vi 1.1 About the WER-401 Wireless SOHO Firewall Gateway ............................................................1-1 1.2 Key Features ................................................................................................................................1-1 1.3 Features in Detail .........................................................................................................................1-3 1.4 Application ..................................................................................................................................1-7 2.1 Package Contents.........................................................................................................................2-1 2.2 System Requirements ..................................................................................................................2-1 2.3 WER-401 Wireless SOHO Firewall gateway Front Panel...........................................................2-2 2.4 WER-401 Wireless SOHO Firewall gateway Back Panel ...........................................................2-2 2.5 Connecting the Wireless SOHO Firewall Gateway .....................................................................2-3 2.6 Back to Factory Defaults .............................................................................................................2-5 3.1 Introduction..................................................................................................................................3-1 3.2 Preparing Your Personal Computers for IP Networking .............................................................3-1 3.3 Configuring Windows 95 or later for IP Networking ..................................................................3-2 3.4 Configuring the Macintosh for IP Networking ............................................................................3-4 3.5 Your Internet Account .................................................................................................................3-6 3.6 Ready For WER-401 Wireless SOHO Firewall gateway Configuration .....................................3-8 4.1 Web Configurator And Browsers ................................................................................................4-1 4.2 Introducing The Embedded Web Configurator............................................................................4-2 4.3 Wizard .........................................................................................................................................4-4 5.1 Internet Setup...............................................................................................................................5-1 5.2 System .........................................................................................................................................5-5 5.3 LAN Setup ...................................................................................................................................5-6 5.4 Wireless LAN Setup ....................................................................................................................5-9 ii Table Of Contents
  3. 3. 5.5 Status..........................................................................................................................................5-13 6.1 Dynamic DNS ..............................................................................................................................6-1 6.2 Port Forwarding ...........................................................................................................................6-3 6.3 Static Route..................................................................................................................................6-7 6.4 Dynamic Route ..........................................................................................................................6-11 6.5 Upgrade and Backup..................................................................................................................6-13 6.6 Remote Management .................................................................................................................6-17 6.7 Diagnostic ..................................................................................................................................6-21 7.1 Security Management ..................................................................................................................7-1 7.2 Web Patrol ...................................................................................................................................7-3 7.3 Services ........................................................................................................................................7-6 7.4 Log ...............................................................................................................................................7-8 8.1 Problem Scenarios........................................................................................................................8-1 8.2 FAQ .............................................................................................................................................8-3 Table Of Contents iii
  4. 4. WER-401 Wireless SOHO Firewall Gateway List of Figures Figure 1-1 Wireless SOHO Firewall gateway Application..........................................................................1-7 Figure 3-1 Configuring Windows for IP Networking..................................................................................3-2 Figure 3-2 Macintosh TCP/IP......................................................................................................................3-5 Figure 3-3 Verifying Macintosh TCP/IP .....................................................................................................3-5 Figure 4-1 Login Window ...........................................................................................................................4-2 Figure 4-2 Embedded Web Configurator Home – SiteMap ........................................................................4-3 Figure 4-3 Embedded Web Configurator Home – Wizard ..........................................................................4-3 Figure 4-4 Wizard for DSL User Setup .......................................................................................................4-3 Figure 4-5 Wizard for Cable User Setup .....................................................................................................4-3 Figure 5-1 Internet Setup .............................................................................................................................5-2 Figure 5-2 System Setup..............................................................................................................................5-5 Figure 5-3 LAN Setup .................................................................................................................................5-7 Figure 5-4 DHCP Client Table ....................................................................................................................5-8 Figure 5-5 Wireless LAN Setup ................................................................................................................5-10 Figure 5-6 Status Screen............................................................................................................................5-13 Figure 5-7 Statistics Screen .......................................................................................................................5-15 Figure 6-1 Dynamic DNS Setup..................................................................................................................6-2 Figure 6-2 Port Forwarding .........................................................................................................................6-5 Figure 6-3 Static Route................................................................................................................................6-8 Figure 6-4 Show Routing Table.................................................................................................................6-10 Figure 6-5 Dynamic Route ........................................................................................................................6-12 Figure 6-6 Upgrade and Backup................................................................................................................6-14 Figure 6-7 Upgrade System Software........................................................................................................6-15 Figure 6-8 Restore Factory Default Configurations ..................................................................................6-15 Figure 6-9 Backup Current Configurations ...............................................................................................6-16 iv List of Figures
  5. 5. Figure 6-10 Restore Previously Saved Configurations ..............................................................................6-16 Figure 6-11 Remote Management..............................................................................................................6-18 Figure 6-12 Diagnostic ..............................................................................................................................6-18 Figure 7-1 Security Management.................................................................................................................7-1 Figure 7-2 Web Patrol..................................................................................................................................7-4 Figure 7-3 Services ....................................................................................................................................7-47 Figure 7-4 Security/Services Event Log ....................................................................................................7-49 Figure 7-5 Web Patrol Log ......................................................................................................................7-411 List of Figures v
  6. 6. WER-401 Wireless SOHO Firewall Gateway List of Tables Table 2-1 Front Panel LEDs ........................................................................................................................2-2 Table 2-2 Back Panel Connectors................................................................................................................2-2 Table 5-1 Internet Setup ..............................................................................................................................5-3 Table 5-2 System Setup ...............................................................................................................................5-6 Table 5-3 LAN Setup...................................................................................................................................5-7 Table 5-4 DHCP Client Table .....................................................................................................................5-9 Table 5-5 Wireless LAN Setup..................................................................................................................5-11 Table 5-6 Status Screen .............................................................................................................................5-13 Table 5-7 Statistics Screen.........................................................................................................................5-15 Table 6-1 Dynamic DNS Setup ...................................................................................................................6-2 Table 6-2 Port Table Entries (Example) ......................................................................................................6-4 Table 6-3 Port Forwarding...........................................................................................................................6-6 Table 6-4 Static Route .................................................................................................................................6-8 Table 6-5 Show Static Routing Table........................................................................................................6-10 Table 6-6 Dynamic Route..........................................................................................................................6-12 Table 6-7 Upgrade and Backup .................................................................................................................6-14 Table 6-8 Remote Management.................................................................................................................6-19 Table 6-9 Diagnostic..............................................................................................................................6-1920 Table 7-1 Security Management..................................................................................................................7-2 Table 7-2 Web Patrol...................................................................................................................................7-5 Table 7-3 Services .....................................................................................................................................7-59 Table 7-4 Security/Services Event Log ...................................................................................................7-511 Table 7-5 Web Patrol Log .......................................................................................................................7-512 vi List of Tables
  7. 7. WER-401 Wireless SOHO Firewall Gateway Chapter 1 Introduction 1.1 About the WER-401 Wireless SOHO Firewall Gateway The WER-401 wireless SOHO Firewall gateway provides continuous, high-speed 11 Mbps access between your wireless and Ethernet devices. In addition, it connects your entire network to the Internet through an external broadband access device (such as a cable modem or DSL modem) that is normally intended for use by a single computer. The WER-401 wireless SOHO Firewall gateway provides you with multiple Web Patrol options, plus browsing activity reporting and instant alerts - both via e-mail. Parents and network administrators can establish restricted access policies based on time-of-day, Website addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal computers. Network Address Translation (NAT) protects you from hackers, and wireless LAN access control by MAC address filter enhances the security of wireless applications. With minimum setup, you can install and use the wireless SOHO Firewall gateway within minutes. 1.2 Key Features Built in 4-port LAN 10/100 Mbps Ethernet UTP Switch • Half-duplex or full-duplex operation • Allows LAN connections at 10 megabits per second (Mbps) or 100 Mbps • Auto sensing Ethernet (10BASE-T) or Fast Ethernet (100BASE-Tx) transmissions • Normal/uplink selective switch at the 4th LAN port One 10M Ethernet UTP port for WAN connection • Ethernet connection to a wide area network (WAN) device, such as a cable modem or DSL modem • RJ-45 interface allowing connection to a 10BASE-T device One internal PCMCIA wireless card with external antenna for 802.11b Wireless LAN access point • 802.11b Standards-based wireless networking • Wireless connectivity at 11 Mbps • Built-in access point • 64-bit and 128-bit WEP encryption security Introduction 1-1
  8. 8. WER-401 Wireless SOHO Firewall Gateway • MAC address filter for wireless LAN access control Embedded FTP Server for firmware upgrade Embedded FTP Server configuration backup and restore Scripting and spoofing for major cable providers Restore Factory Defaults Button to reset to factory default IP address, password, and other configurations Embedded Web Configurator for easy setup and management Security • DoS (Denial of Service) prevention • SPI (Stateful Packet Inspection) • Applications Services Management • Login capability • Web browsing Patrol by using URL keyword blocking • Auditing and e-mail reporting of web browsing activities • Network Address Translation (NAT) hides local computers from the Internet • Powerful packet filtering capabilities • Incoming port forwarding and DMZ for specific services • MAC address filtering on the wireless LAN connection Protocol Support • IP routing • Dynamic extended Network Address Translation (NAT+) with port forwarding for operation with a single static or dynamic IP address • Dynamic Host Configuration Protocol (DHCP) server for dynamically assigning network configuration information to computers on the LAN • DHCP client for dynamically obtaining configuration information from the Internet Service Provider (ISP) • DNS Proxy for simplified configuration • PPP over Ethernet (PPPoE) support 1-2 Introduction
  9. 9. WER-401 Wireless SOHO Firewall Gateway • PPTP support 1.3 Features in Detail 1.3.1 NAT Implementation The implementation of NAT allows for specific ports redirection, and provides support for the following “NAT-unfriendly” applications: • NetMeeting • CuSeeMe • Microsoft PPTP client • Microsoft Traceroute • RealAudio • VDOlive • IRC • ICQ • Quake, Quake variants, and other popular games • Port Forwarding The wireless SOHO Firewall gateway also allows VPN (IPSec & PPTP) packets to pass though NAT. 1.3.2 Scripting Requirements The WER-401 wireless SOHO Firewall gateway supports login scripting and monitoring requirements for major cable modem deployments such as RoadRunner. 1.3.3 802.11b Standards-based Wireless Networking The WER-401 wireless SOHO Firewall gateway provides 11 Mbps wireless connectivity within a range of several hundred feet, and acts as a bridge between your wired LAN and wireless computers. The WER-401 wireless SOHO Firewall gateway supports 64-bit (sometimes referred to as 40-bit) and 128-bit WEP encryption security, and works with any standards-based IEEE 802.11b products. The two kinds of ports of the WER-401 on the LAN side (Ethernet LAN and Wireless LAN ports) can transparently communicate with each other since there is bridging function between the two kinds of ports. Introduction 1-3
  10. 10. WER-401 Wireless SOHO Firewall Gateway 1.3.4 Security The WER-401 wireless SOHO Firewall gateway is equipped with several features designed to maintain security, as described in this section. Password Security PAP and CHAP support (RFC 1334 plus major vendor variations) if required in login script. Computers Hidden By NAT Network address translation (NAT) opens a temporary path to the Internet for requests originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the computers on the LAN. Port Forwarding With NAT Although NAT prevents Internet locations from directly accessing the computers on the LAN, the wireless SOHO Firewall gateway allows you to direct incoming traffic to specific computers based on the service port number of the incoming request, or to one designated “DMZ” host computer. Encryption Of The Wireless Link For security against eavesdropping of the wireless signal, the wireless SOHO Firewall gateway supports IEEE 802.11b standard 64-bit (sometimes referred to as 40-bit) and 128-bit Wired Equivalent Privacy (WEP) data encryption with Shared Key authentication. MAC Address Filter Of The Wireless Access For security against illegal access to the internal wireless network, the wireless SOHO Firewall gateway supports MAC address filter on the assigned accessible computers in wireless LAN. 1.3.5 Firewall Access Control (Application Services Management) Block selected application services, such as ICQ, MSN messenger, on-line games, and so on. DoS (Denial Of Service) Prevention Protect the devices in the LAN/WLAN from hacker attacks. Real Time Alert While services are to access, or hacker attempt to attack, a real time alert via email will be sent to the assigned administrator. Schedule The WER-401 allows the user to specify the day and time to blocking. 1-4 Introduction
  11. 11. WER-401 Wireless SOHO Firewall Gateway Trusted Host The WER-401 allows the user to specify one Trusted host from blocking by the fixed IP address. Periodical Reports And Logs • The Security events and services activities will be recorded sequentially. The log will always keep the latest 128 entries. • The log can be sent to the assigned administrator via email by weekly, daily, or every periodical report page. 1.3.6 Web Patrol With its Web Patrol features, the WER-401 wireless SOHO Firewall gateway prevents objectionable web contents from reaching your computers. Its Web Patrol features include: Web Patrol By Domain Or Keyword The WER-401 uses Web Patrol to enforce your network’s Internet access policies. The wireless SOHO Firewall gateway allows you to control access to Internet content by screening for keywords within Web URLs. Alert Of Inappropriate Use You can configure the wireless SOHO Firewall gateway to send an immediate alert e-mail message to you whenever a local user attempts to access a blocked Web site. Schedule The WER-401 allows the user to specify the day and time to blocking. Trusted Host The WER-401 allows the user to specify one Trusted host from blocking by the fixed IP address. Periodical Reports And Logs • The URL of websites visited will be recorded sequentially. The log will always keep the latest 128 websites entries. The string of each entry should be no more than 128 bytes. • The log of websites visited can be sent to the assigned administrator via email by weekly, daily, or every periodical report page included the latest 128 websites visited list. 1.3.7 Auto-sensing 10/100 Ethernet With its internal, 4-port 10/100 switch, The WER-401 wireless SOHO Firewall gateway can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN interface is auto-sensing and is capable of full-duplex or half-duplex operation. Introduction 1-5
  12. 12. WER-401 Wireless SOHO Firewall Gateway The WER-401 wireless SOHO Firewall gateway provides a Normal/Uplink button. By switching the button, the 4th Local Ethernet port can have either a 'normal' connection (e.g. connecting to a computer) or an 'uplink' connection (e.g. connecting to a wireless SOHO Firewall gateway, switch, or hub). 1.3.8 TCP/IP The WER-401 wireless SOHO Firewall gateway supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). IP Address Masquerading By Dynamic NAT+ The WER-401 wireless SOHO Firewall gateway allows several networked computers to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, an extension of Network Address Translation (NAT), is also known as IP address masquerading and allows the use of an inexpensive single-user ISP account. Automatic Configuration Of Attached Computers By DHCP The WER-401 wireless SOHO Firewall gateway dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached computers on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of LAN-attached computers. DNS Proxy When DHCP is enabled and no DNS addresses are specified, the wireless SOHO Firewall gateway provides its own address as a DNS server to the attached computers. The wireless SOHO Firewall gateway obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN. PPP Over Ethernet (PPPoE) And PPTP PPP over Ethernet and PPTP are protocols for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection. 1.3.9 Easy Installation and Management You can install, configure, and operate the WER-401 wireless SOHO Firewall gateway within minutes after connecting it to the network. The following features simplify installation and management tasks: Web Configurator The Web Configurator allows you to easily configure your wireless SOHO Firewall gateway from almost any type of personal computer, such as Windows, Macintosh, or Linux. Visual Monitoring 1-6 Introduction
  13. 13. WER-401 Wireless SOHO Firewall Gateway The WER-401 wireless SOHO Firewall gateway front panel LEDs provide an easy way to monitor its status and activity. 1.4 Application The WER-401 wireless SOHO Firewall gateway is a small-office or home-office device that allows a small LAN to access the Internet or a remote office through an external single-host device such as a cable modem or xDSL modem. By integrating NAT, and wireless LAN access, WER-401 provides not only the ease of installation and Internet access, but also the most completed security solution to protect your intranet and efficient network management for data traffic. The WER-401 has an internal PCMCIA wireless card with external antenna for 802.11b Wireless LAN connectivity, four single auto-sensing 10/100BASE-T Ethernet ports for connection to the user’s local network, and a single 10BASE-T port for connection to an external WAN-access device. Figure 1-1 Wireless SOHO Firewall gateway Application Introduction 1-7
  14. 14. WER-401 Wireless SOHO Firewall Gateway Chapter 2 Hardware Setup 2.1 Package Contents The product package should contain the following items: The Wireless SOHO Firewall gateway WER-401 User’s Guide on the CD Quick Installation Guide (in print) Registration and warranty card (in print) 5VDC, 2.4A power adaptor One straight-through category 5 Ethernet cable If any of the parts are incorrect, missing, or damaged, contact your dealer. Keep the color box, including the original packing materials, in case you need to return the wireless SOHO Firewall gateway for repair. 2.2 System Requirements The WER-401 wireless SOHO Firewall gateway is intended for use in a network of personal computers that are interconnected by 802.11b-compliant wireless adapters or twisted-pair Ethernet cables. 2.2.1 Computer Requirements To install and run the WER-401 wireless SOHO Firewall gateway over your network of computers, each computer must have the following: An installed 802.11b-compliant wireless adapter OR An Ethernet Network Interface Card (NIC). For interconnecting your wired Ethernet devices, the WER-401 wireless SOHO Firewall gateway provides a 4-port switch capable of either 10 Mbps or 100 Mbps operation. Links operating at 100 Mbps must be connected with Category 5 cable. 2.2.2 Access Device Requirement The shared broadband access device (cable modem or DSL modem) must provide a standard 10BASE-T Ethernet interface. Hardware Setup 2-1
  15. 15. WER-401 Wireless SOHO Firewall Gateway 2.3 WER-401 Wireless SOHO Firewall gateway Front Panel The WER-401 wireless SOHO Firewall gateway front panel LEDs provide an easy way to monitor its status and activity. Table 2-1 Front Panel LEDs LED LABEL Power Test Internet Local Wireless 1 2 3 4 LED COLOR Green Green Green Green Green LED STATUS Yellow Yellow Green steady Power On Test OK Link 10 Mbps Link Power on Green blink N/A - Diagnostic: G/Y blinking Transmitting/ 10 Mbps Transmitting/Receiving Transmitting/ reciprocally within 1 min Receiving Receiving Yellow steady N/A - Error: G/Y blinking N/A 100 Mbps Link N/A reciprocally after 1 min Yellow blink N/A N/A 100 Mbps N/A Transmitting/Receiving OFF Power Off Off No No Connection Off Connection 2.4 WER-401 Wireless SOHO Firewall gateway Back Panel The WER-401 wireless SOHO Firewall gateway contains port connections, power connection, and an antenna. The rear panel contains the following features: Antenna 5 VDC power adapter outlet Internet Ethernet port for connecting the wireless SOHO Firewall gateway to a cable or DSL modem Four Local Ethernet ports for connecting the wireless SOHO Firewall gateway to local computers Restore Factory Defaults button Table 2-2 Back Panel Connectors BACK PANEL CONNECTOR DESCRIPTION LAN Ethernet Port Four 10/100M BASE-T RJ-45 connectors WAN Ethernet Port One RJ-45 10BASE-T connector 2-2 Hardware Setup
  16. 16. WER-401 Wireless SOHO Firewall Gateway Cascade Uplink Switches One uplink switch to set LAN port #4 as normal port or uplink port One uplink switch to set WAN port as normal/uplink External Antenna of Wireless LAN One internal PCMCIA Wireless LAN IEEE802.11b card with external Access Point antenna Restore Factory Defaults Button Capable of restoring the factory default settings. The switch is accessible by inserting a pin through an unlabeled hole in the rear panel. Power Supply 5 VDC at 2.4 Amp Max. 2.5 Connecting the Wireless SOHO Firewall Gateway Before using your wireless SOHO Firewall gateway, you need to do the followings: Prepare your wireless devices. Connect your local Ethernet network to the LAN port(s) of the wireless SOHO Firewall gateway. Connect your cable or DSL modem to the WAN port of the wireless SOHO Firewall gateway. Connect the power adapter. 2.5.1 Preparing your Wireless Devices Unclip the antenna from its holding clip on the rear panel of your wireless SOHO Firewall gateway, and rotate it to a vertical position. Detailed instructions on configuring your wireless devices for TCP/IP networking are provided in the next chapter. However, if you already have a functioning wireless network and you wish to use a wireless computer to initially configure the wireless SOHO Firewall gateway, you will need to change the settings of that computer to match the default settings of the wireless SOHO Firewall gateway: The ESSID should be Wireless (note the capitalization). WEP encryption is disabled. Your IP address must be in the range of 192.168.1.2 to 192.168.1.254, with a netmask of 255.255.255.0. 2.5.2 Connecting to your Local Ethernet Network The WER-401 wireless SOHO Firewall gateway incorporates a four-port switch for connection to your local Ethernet network. The Ethernet ports are marked LAN, and are capable of operation at either 10 Mbps (10BASE-T) or 100 Mbps (100BASE-Tx), depending on the Ethernet interface of the attached Hardware Setup 2-3
  17. 17. WER-401 Wireless SOHO Firewall Gateway computer, hub, or switch. For any connection that will operate at 100 Mbps, you must use a Category 5 (Cat 5) rated cable, such as the Ethernet cable included with the wireless SOHO Firewall gateway. Connect up to four computers directly to any of the four LAN ports of the wireless SOHO Firewall gateway using standard Ethernet cables. If your local network consists of more than four hosts, you will need to connect your wireless SOHO Firewall gateway to another hub or switch: Connect any LAN port of your WER-401 wireless SOHO Firewall gateway to any port of an Ethernet hub or switch using a standard or crossover Ethernet cable. 2.5.3 Connecting to Your Internet Access Device To connect the wireless SOHO Firewall gateway to the WAN use the Ethernet cable provided with your cable modem or DSL modem, connect the wireless SOHO Firewall gateway’s WAN port to the 10BASE-T Ethernet port on your modem. The attached modem device must provide a standard 10BASE-T Ethernet connection. The WER-401 wireless SOHO Firewall gateway does not include a cable for this connection. Instead, use the Ethernet cable provided with your access device or any other standard 10BASE-T Ethernet cable. If you are using a DSL modem, the modem’s connection to the phone line remains unchanged. The Ethernet cable supplied by your ISP for connecting to your cable or DSL modem may be an Ethernet crossover cable or a straight-through cable. You can push the normal/uplink button in the wireless SOHO Firewall gateway to connect the modem well. 2.5.4 Connecting the Power Adapter To connect the wireless SOHO Firewall gateway to the power adapter: 1. Plug the connector of the power adapter into the 5 VDC adapter outlet on the rear panel of the wireless SOHO Firewall gateway. 2. Plug the other end of the adapter into a standard wall outlet. 3. Verify that the POWER LED on the wireless SOHO Firewall gateway is light. 2.5.5 Verifying Power and Connections After applying power to the wireless SOHO Firewall gateway, complete the following steps to verify that power is correctly applied and that you have the proper connections: 1. When power is first applied, verify that the Power LED is steady on (green and not blinking). 2. After approximately 30~60 seconds, verify that: 2-4 Hardware Setup
  18. 18. WER-401 Wireless SOHO Firewall Gateway The Test LED is steady green on. If this LED is still blinking after one minute, then an error has occurred. If it is reciprocally blinking with yellow and green within one minute, the wireless SOHO Firewall gateway is performing self-diagnostic tests. The Wireless LED is steady green on. This LED blinks when there is traffic. The Local LEDs are lit green for any local ports that are connected to a 10 Mbps device and are lit yellow when connected to a 100 Mbps device. These LEDs blink when there is traffic. The Internet LED is lit steady green when a link has been established to a connected device. This LED blinks when there is traffic. 2.6 Back to Factory Defaults The factory default configuration settings are: • Web Configurator password is 1234 • The IP address to 192.168.1.1 You can erase the current configuration and restore factory defaults in two ways: 1. Use the Restore Factory Default Configurations function of the Web Configurator. 2. Use the Restore Factory Defaults button on the rear panel of the wireless SOHO Firewall gateway. Use this method for cases when the Web Configurator password or IP address is not known. 2.6.1 Procedure To Use the Restore Factory Defaults Button 1. Press the Restore Factory Defaults button for 10 seconds, and then release it. If the TEST LED begins to blink, the defaults have been restored and the router is now rebooting. Otherwise, go to step 2. 2. Disconnect the power from the router. 3. While depressing the Restore Factory Defaults button, reconnect power to the router. 4. Continue to hold the Restore Factory Defaults button. The TEST LED will begin to blink, then will flicker very quickly after about 10 or 15 seconds. This indicates that the defaults have been restored and the device is now rebooting. 5. Release the Restore Factory Defaults button and wait for the device to reboot. You are now ready to begin configuration of your network, as described in the following chapter. Hardware Setup 2-5
  19. 19. WER-401 Wireless SOHO Firewall Gateway Chapter 3 Preparing Your Network 3.1 Introduction This chapter describes how to prepare your computer network to connect to the Internet through the WER- 401 wireless SOHO Firewall gateway and how to order broadband Internet service from an Internet service provider (ISP). 3.2 Preparing Your Personal Computers for IP Networking The WER-401 wireless SOHO Firewall gateway uses the Transmission Control Protocol/Internet Protocol (TCP/IP). In order to access the Internet through the wireless SOHO Firewall gateway, each computer on your network must have TCP/IP installed and selected as the networking protocol. Most operating systems include the software components you need to install and use TCP/IP on your computer: Windows 95 or later (including Windows NT) includes the software components for establishing a TCP/IP network. Windows 3.1 does not include a TCP/IP component. You need to purchase a third-party TCP/IP application. Macintosh Operating System 7 or later includes the software components for establishing a TCP/IP network. All versions of UNIX or Linux include TCP/IP components. Follow the instructions provided with your operating system or networking software to install TCP/IP on your computer. Although TCP/IP is built into the Windows operating system (starting with Windows 95), you need to enable and configure it (see later). In your IP network, all computers and the wireless SOHO Firewall gateway must be assigned IP addresses. Each computer must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address. In most cases, you should install TCP/IP so that the computer obtains its specific network configuration information from a DHCP server during bootup. The WER-401 wireless SOHO Firewall gateway is shipped pre-configured as a DHCP server. The gateway assigns the following TCP/IP configuration information automatically when the computers are rebooted: Preparing Your Network 3-1
  20. 20. WER-401 Wireless SOHO Firewall Gateway Computer IP addresses - 192.168.1.2 through 192.168.1.32 Subnet mask - 255.255.255.0 Gateway address - 192.168.1.1 These addresses are part of the IETF-designated private address range for use in private networks. 3.3 Configuring Windows 95 or later for IP Networking As part of the computer preparation process, you need to manually install and configure TCP/IP on each networked computer. Before starting, locate your Windows CD; you may need to insert it during the TCP/IP installation process. Figure 3-1 Configuring Windows for IP Networking 3.3.1 To configure Microsoft Windows 95 or later for IP networking: 1. On the Windows taskbar, click the Start button, point to Settings, and then click Control Panel. 2. Double-click the Network icon. The Network window opens, which displays a list of installed components: You must have a network adapter, the TCP/IP protocol, and Client for Microsoft Networks. If you need the adapter: a. Click the Add button. 3-2 Preparing Your Network
  21. 21. WER-401 Wireless SOHO Firewall Gateway b. Select Adapter, and then click Add. c. Select the manufacturer and model of your network adapter, and then click OK. If you need TCP/IP: a. Click the Add button. b. Select Protocol, and then click Add. c. Select Microsoft. It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks. d. Select TCP/IP, and then click OK. If you need Client for Microsoft Networks: a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. 3. Restart your computer for the changes to take effect. 3.3.2 Configuring TCP/IP Properties After the TCP/IP protocol components are installed, each computer must be assigned specific information about itself and resources that are available on its network. The simplest way to configure this information is to allow the computer to obtain the information from the internal DHCP server of the WER-401 wireless SOHO Firewall gateway. If you are using DHCP with the recommended default addresses, you can configure your computers by following these steps: 1. Install TCP/IP on each computer, leaving the computer configured to obtain configuration settings automatically (by DHCP). 2. In the wireless adapter configuration of your wireless-interfaced computers, set the ESSID to the WER-401 wireless SOHO Firewall gateway’s default ESSID: Wireless (note the capitalization). Disable WEP encryption. Preparing Your Network 3-3
  22. 22. WER-401 Wireless SOHO Firewall Gateway 3. Connect your Ethernet-interfaced computers to the wireless SOHO Firewall gateway. 4. Restart the WER-401 wireless SOHO Firewall gateway and allow it to boot. 5. Restart each computer. If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of your WER-401 wireless SOHO Firewall gateway. 3.3.3 Verifying TCP/IP Properties (Windows) After your computer is configured and has rebooted, you can check the TCP/IP configuration using: winipcfg.exe for Windows 95, 98, and Millennium utility ipconfig.exe for Windows NT and Win 2000 Professional systems To check your computer’s TCP/IP configuration: 1. On the Windows taskbar, click the Start button, and then click Run. The Run window opens. 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. Select your network adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings: The IP address is between 192.168.1.2 and 192.168.1.32 The subnet mask is 255.255.255.0 The default gateway is 192.168.1.1 3.4 Configuring the Macintosh for IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP by following these steps: 1. From the Apple menu, select Control Panels, then TCP/IP. The TCP/IP Control Panel opens: 3-4 Preparing Your Network
  23. 23. WER-401 Wireless SOHO Firewall Gateway Figure 3-2 Macintosh TCP/IP 2. From the Connect via box, select your Macintosh’s Ethernet interface. 3. From the Configure box, select Using DHCP Server. You can leave the DHCP Client ID box empty. 4. Close the TCP/IP Control Panel. 5. Repeat this for each Macintosh on your network. 3.4.1 Verifying TCP/IP Properties (Macintosh) After your Macintosh is configured and has rebooted, you can check the TCP/IP configuration by returning to the TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP. Figure 3-3 Verifying Macintosh TCP/IP The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings: The IP Address is between 192.168.1.2 and 192.168.1.32 The Subnet mask is 255.255.255.0 The Wireless SOHO Firewall gateway address is 192.168.1.1 Preparing Your Network 3-5
  24. 24. WER-401 Wireless SOHO Firewall Gateway If you do not see these values, you may need to restart your Macintosh or you may need to switch the Configure setting to a different option, then back again to Using DHCP Server. 3.5 Your Internet Account For access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using an external broadband access device such as a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer. For a single-user Internet account, your ISP supplies TCP/IP configuration information for one computer. With a typical account, much of the configuration information is dynamically assigned when your computer is first booted up while connected to the ISP, and you will not need to know that dynamic information. In order to share the Internet connection among several computers, your wireless SOHO Firewall gateway takes the place of the single computer, and you need to configure it with the TCP/IP information that the single computer would normally use. When the wireless SOHO Firewall gateway’s WAN port is connected to the broadband modem, the wireless SOHO Firewall gateway appears to be a single computer to the ISP. The wireless SOHO Firewall gateway then allows the computers on the local network to masquerade as the single computer to access the Internet through the broadband modem. The method used by the wireless SOHO Firewall gateway to accomplish this is called Network Address Translation (NAT) or IP masquerading. 3.5.1 Login Protocols Some ISPs require a special login protocol. In this case, you will need to know what type of protocol is used, and you will need a login name and password. The two common protocols are: PPP over Ethernet (PPPoE) Two common PPPoE clients are WinPOET and EntreNet. RoadRunner Not all RoadRunner service areas require a login protocol. If your ISP is RoadRunner, you should ask whether your computer must run a RoadRunner login program. After your network and wireless SOHO Firewall gateway are configured, the wireless SOHO Firewall gateway will perform the login task when needed, and you will no longer need to login from your computer. 3.5.2 Account Information Unless the ISP dynamically assigns these items, your ISP should give you the following basic information for your account: 3-6 Preparing Your Network
  25. 25. WER-401 Wireless SOHO Firewall Gateway An IP address and subnet mask A gateway IP address, which is the address of the ISP’s wireless SOHO Firewall gateway One or more domain name server (DNS) IP addresses Host name and domain suffix For example, your account’s full server names may look like this: mail.xxx.yyy.com. In this example, the domain suffix is xxx.yyy.com. If the ISP dynamically supplies any of these items, your wireless SOHO Firewall gateway automatically acquires them. If an ISP technician configured your computer during the installation of the broadband modem, or if you configured it using instructions provided by your ISP, you need to copy configuration information from your computer’s Network TCP/IP Properties window (or Macintosh TCP/IP Control Panel) before reconfiguring your computer for use with the wireless SOHO Firewall gateway. These procedures are described next. 3.5.3 Obtaining ISP Configuration Information (Windows) As mentioned above, you may need to collect configuration information from your computer so that you can use this information when you configure the WER-401 wireless SOHO Firewall gateway. Following this procedure is only necessary when your ISP does not dynamically supply the account information. To get the information you need to configure the wireless SOHO Firewall gateway for Internet access: 1. On the Windows taskbar, click the Start button, point to Settings, and then click Control Panel. 2. Double-click the Network icon. 3. The Network window opens, which displays a list of installed components. 4. Select TCP/IP, and then click Properties. 5. The TCP/IP Properties dialog box opens. 6. Select the IP Address tab. If an IP address and subnet mask are shown, write down the information. If an address is present, your account uses a fixed (static) IP address. If no address is present, your account uses a dynamically-assigned IP address. Click Obtain an IP address automatically. 7. Select the Gateway tab. If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. 8. Select the DNS Configuration tab. Preparing Your Network 3-7
  26. 26. WER-401 Wireless SOHO Firewall Gateway If any DNS server addresses are shown, write down the addresses. If any information appears in the Host or Domain information box, write it down. Click Disable DNS. 9. Click OK to save your changes and close the TCP/IP Properties dialog box. 10. You are returned to the Network window. 11. Click OK. 12. Reboot your computer at the prompt. You may also be prompted to insert your Windows CD. 3.5.4 Obtaining ISP Configuration Information (Macintosh) As mentioned above, you may need to collect configuration information from your Macintosh so that you can use this information when you configure the WER-401 wireless SOHO Firewall gateway. Following this procedure is only necessary when your ISP does not dynamically supply the account information. To get the information you need to configure the wireless SOHO Firewall gateway for Internet access: 1. From the Apple menu, select Control Panels, then TCP/IP. 2. The TCP/IP Control Panel opens, which displays a list of configuration settings. If the Configure setting is Using DHCP Server, your account uses a dynamically assigned IP address. In this case, close the Control Panel and skip the rest of this section. 3. If an IP address and subnet mask are shown, write down the information. 4. If an IP address appears under Wireless SOHO Firewall gateway address, write down the address. This is the ISP’s gateway address. 5. If any Name Server addresses are shown, write down the addresses. These are your ISP’s DNS addresses. 6. If any information appears in the Search domains information box, write it down. 7. Change the Configure setting to Using DHCP Server. 8. Close the TCP/IP Control Panel. 3.6 Ready For WER-401 Wireless SOHO Firewall gateway Configuration After configuring all of your computers for TCP/IP networking and connecting them to the LAN network of your WER-401, you are ready to access and configure the wireless SOHO Firewall gateway. 3-8 Preparing Your Network
  27. 27. WER-401 Wireless SOHO Firewall Gateway Chapter 4 Introducing The Web Configurator This chapter introduces the embedded Web configurator and shows you how to log in and perform basic configuration of your WER-401 wireless SOHO Firewall gateway. The Web configurator was designed with ease-of-use paramount yet still allow fine-tuning of the powerful advanced features of the WER-401 wireless SOHO Firewall gateway. 4.1 Web Configurator And Browsers In order to use the Web Configurator, your computer must have a web browser program installed such as Microsoft Internet Explorer or Netscape Navigator. Because the embedded Web Configurator uses Java, your Web browser must be Java-enabled and support HTTP uploads. Free browser programs are readily available for Windows, Macintosh, or UNIX/Linux. If you will be using a wireless-connected computer to initially configure the wireless SOHO Firewall gateway, you must access the computer’s wireless adapter configuration and set the ESSID to the wireless SOHO Firewall gateway’s default ESSID: Wireless (note the capitalization). Also, you must disable WEP encryption. 4.1.1 Logging Into The Web Configurator 1. Turn on the wireless SOHO Firewall gateway and wait for initialization to complete. Allow at least one minute and verify that the TEST LED is off. 2. Reboot your computer to obtain DHCP configuration from the wireless SOHO Firewall gateway. 3. Launch your web browser. 4. In the Address box of your browser, type http://192.168.1.1 and press ENTER. 5. A login window opens as shown next. This screen may have a different appearance in other browsers. Introducing The Web Configurator 4-1
  28. 28. WER-401 Wireless SOHO Firewall Gateway WER-401 Figure 4-1 Login Window 6. Type ‘admin’ (not case sensitive) in the User Name box, ‘1234’ in the Password box, and then click OK. If your wireless SOHO Firewall gateway password was previously changed, enter the current password. 4.2 Introducing The Embedded Web Configurator After a successful login you will see the following screen. This SiteMap page contains hyperlinks to its related setup page. 4-2 Introducing The Web Configurator
  29. 29. WER-401 Wireless SOHO Firewall Gateway Figure 4-2 Embedded Web Configurator Home – SiteMap The recommended screen resolution is 800 by 600 pixels using small fonts; however you may have to scroll in some pages where the convenience of having all information displayed in one page outweighs the inconvenience of scrolling. The top of the screen has four “buttons”. Click a “button” to see a range of related configuration screens. 1. Home consists of SiteMap and Wizard screens. 2. Click Basic to set up your WAN, LAN, wireless LAN, system information such as name, password and time/date and display system information and statistics. Introducing The Web Configurator 4-3
  30. 30. WER-401 Wireless SOHO Firewall Gateway 3. Click Advanced to configure dynamic DNS, port forwarding, static routes, dynamic routes, remote management, upload firmware/configuration files and restore/backup configuration files, and Diagnostic. 4. Click Firewall to configure the firewall including DoS, content filtering, enable/disable services, scheduling, and display logs. Click the HELP button to see embedded HTML help on the screen. Click the LOGOUT button to logout this configuration web pages. The next three chapters discuss the setup screens under Basic, Advanced and Firewall. 4.3 Wizard This Wizard helps you configure your system in easy-to-follow step. Choose one service type below to setup the WAN connection: DSL user, Cable user, or other. “Other” is the same as the Internet Setup page in Basic. Figure 4-3 Embedded Web Configurator Home – Wizard 4-4 Introducing The Web Configurator
  31. 31. WER-401 Wireless SOHO Firewall Gateway 4.3.1 DSL User Follows the Step 1 to Step 3 sequentially, and you can setup the DSL service connection. Figure 4-4 Wizard for DSL user setup Introducing The Web Configurator 4-5
  32. 32. WER-401 Wireless SOHO Firewall Gateway 4.3.2 Cable User Follows the Step 1 to Step 4 sequentially, and you can setup the Cable service connection. Figure 4-5 Wizard for Cable user setup 4-6 Introducing The Web Configurator
  33. 33. WER-401 Wireless SOHO Firewall Gateway Chapter 5 The Basic Setup Screens This chapter discusses how to set up your WAN (Internet), LAN (Local), wireless LAN, system information such as name, password and time/date and display system information and statistics. 5.1 Internet Setup Click the Internet Setup tab to display the next screen. Use this screen to configure Internet access related setup options. You may have to scroll down to see the whole screen. The table following the screen describes the fields displayed in the screen. The Basic Setup Screens 5-1
  34. 34. WER-401 Wireless SOHO Firewall Gateway Figure 5-1 Internet Setup 5-2 The Basic Setup Screens
  35. 35. WER-401 Wireless SOHO Firewall Gateway Table 5-1 WAN Setup FIELD DESCRIPTION Obtain an IP Address Select this option if the assigns a dynamic IP address to the WER-401. Automatically Specify an IP Address Select this option if the assigns a static IP address to the WER-401 and fill in the next four fields. IP Address Enter the IP address of this device in dotted decimal notation. IP Subnet Mask Your WER-401 will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the computed subnet mask. Default Gateway IP Enter the IP address of default gateway in dotted decimal notation. This should Address be given to you by your ISP. DNS 1, 2 Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you the DNS server addresses, enter them in these fields. The second is to leave them blank, i.e., 0.0.0.0 — in this case, the WER-401 acts as a DNS proxy. Disable Login Select this option if you don’t have to login to access the Internet. Enable Login Select this option if you have to login to access the Internet then choose which service fill in its related login service details in the following fields PPPoE PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (computer) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc.) connection. PPPoE provides a login & authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users. PPTP Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks PPTP supports on-demand, multi-protocol, and virtual private networking over The Basic Setup Screens 5-3
  36. 36. WER-401 Wireless SOHO Firewall Gateway FIELD DESCRIPTION public networks, such as the Internet. RR-Toshiba Choose RoadRunner if your ISP is Time Warner's RoadRunner. Select RR- Toshiba (RoadRunner Toshiba authentication method) or RR-Manager RR-Manager (RoadRunner Manager authentication method). Username Enter the login name given to you by your ISP. Password Enter the password associated with the login name above. Service Name (PPPoE If you need a PPPoE service name to identify and reach the PPPoE server, Only, Optional) enter the PPPoE service name provided to you in the this field. Login Server IP (RR Login The WER-401 will find the RoadRunner Server IP if this field is left blank. If it Only) does not, then you must enter the authentication server IP address. Idle Timeout (Seconds) This value specifies the idle time (i.e., the length of time there is no traffic from the WER-401 to the remote node) in seconds that can elapse before the WER- 401 automatically disconnects the login connection. This option only applies when the WER-401 initiates the call. PPTP Specific Enter the following information for PPTP login service. Configuration My IP Address Enter the IP address of the WAN Ethernet port. Server IP Address Enter the IP address of the ANT (ADSL Network Termination) modem. Connection ID/Name Enter the connection ID or connection name in the ANT (ADSL Network Termination). It must follow the “c:id” and “n:name” format. This field is optional and depends on the requirements of your xDSL Modem. MAC Address Clone The following MAC address field allows users to configure the WAN port's MAC (Optional) address by cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the configuration file. It will not change unless you change the setting here or upload a different configuration file. User-defined WAN MAC Enter the MAC Address of the workstation on the LAN whose MAC you are Address cloning here. Help Click this button for HTML help on this screen. Apply Click this button to save your changes back to the wireless SOHO Firewall gateway. Cancel Click this button to cancel any configuration changes you made in this screen. 5-4 The Basic Setup Screens
  37. 37. WER-401 Wireless SOHO Firewall Gateway 5.2 System Click the System tab to display the next screen. Use this screen to configure system name, password and time/date. You may have to scroll down to see the whole screen. The table following the screen describes the fields displayed in the screen. Figure 5-2 System The Basic Setup Screens 5-5
  38. 38. WER-401 Wireless SOHO Firewall Gateway Table 5-2 System FIELD DESCRIPTION Name System Name System Name is for identification purposes. We recommend you enter your computer’s “Computer name”. Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this field blank, the domain name obtained by DHCP from the ISP is used. While you must enter the System Name on each individual computer, the domain name can be assigned from this device via DHCP. Password For your first login, enter the default password 1234. As you type the password, the screen displays an (X) for each character you type. Please note that if there is no activity for longer than five minutes after you log in, you will automatically be logged you out and you will see a blank screen. New Password Enter your new system password in this field. Re-enter To Confirm Re-type your new system password for confirmation. Time / Date Time Zone Select the time zone you are in from the drop down list box. This setting will be used for the blocking schedule and also for time-stamping log entries. The wireless SOHO Firewall gateway uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. This menu displays the current time. Disable Daylight Savings If you are not using daylight savings time, select this option. Enable Daylight Savings If you use daylight savings time, select this option. Start Date (month, day) If using daylight savings time, enter the month and day that it starts on. End Date (month, day) If using daylight savings time, enter the month and day that it ends on Help Click this button for HTML help on this screen. Apply Click this button to save your changes back to the wireless SOHO Firewall gateway. Cancel Click this button to cancel any configuration changes you made in this screen. 5.3 LAN Setup Click the LAN tab to display the next screen. Use this screen to configure the DHCP server and system TCP/IP settings. The table following the screen describes the fields displayed in the screen. 5-6 The Basic Setup Screens
  39. 39. WER-401 Wireless SOHO Firewall Gateway Figure 5-3 LAN Table 5-3 LAN FIELD DESCRIPTION Disable DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the wireless SOHO Firewall gateway as a DHCP server or disable it. Select this field to disable DHCP service. Make sure you have another DHCP server on your LAN, or else the workstation must be manually configured. The Basic Setup Screens 5-7
  40. 40. WER-401 Wireless SOHO Firewall Gateway FIELD DESCRIPTION Enable DHCP Server Select this option to configure your wireless SOHO Firewall gateway as a DHCP server so it will provide the TCP/IP configuration for the clients. IP Pool Starting Address The wireless SOHO Firewall gateway is pre-configured with a pool of 32 IP addresses. It allocates 31 IP addresses (excluding the device itself) in the lower range for other server machines, e.g., server for mail, FTP, telnet, web, etc., that you may have. IP Pool Size This field specifies the size, or count of the IP address pool. LAN Setup IP Address Enter the IP address of your wireless SOHO Firewall gateway in dotted decimal notation IP Subnet Mask Your wireless SOHO Firewall gateway will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the wireless SOHO Firewall gateway. Help Click this button for HTML help on this screen. Apply Click this button to save your changes back to the wireless SOHO Firewall gateway. Cancel Click this button to cancel any configuration changes you made in this screen. 5.3.1 Display DHCP Client Table Click the Display DHCP Client Table button to pop up the next screen. Figure 5-4 DHCP Client Table 5-8 The Basic Setup Screens
  41. 41. WER-401 Wireless SOHO Firewall Gateway The DHCP Table shows all IP address assignments that have been made by the wireless SOHO Firewall gateway’s DHCP server. For each computer client, the table shows the IP address, NetBIOS Host Name, and Ethernet MAC address. If the wireless SOHO Firewall gateway is rebooted, the table data is lost until each PC renews its DHCP lease. Table 5-4 DHCP Client Table FIELD DESCRIPTION # This is the client index number. IP Address This is the IP address of the client specified above. Host Name This is the host name of said client. MAC Address This is the MAC (Media Access Control) address of said client. Refresh Click this button to reload the above information. 5.4 Wireless LAN Setup Click the Wireless LAN tab to display the next screen. Use this page to configure wireless LAN settings. You have to assign an ESSID and select a Channel ID for your wireless LAN. RTS/CTS and Fragmentation are disabled by default. WEP is also disabled by default. When WEP is enabled, data packet is encrypted before transmitted to prevent data packets are eavesdropped by unrelated people. As a minimum security precaution, we recommend that you change the ESSID setting of all devices on your network to a unique value, not the default value. A further improvement in security can be obtained by using Wired Equivalent Privacy (WEP) data encryption. However, there may be a significant degradation of the data throughput on the wireless link when WEP is enabled. If you are configuring the wireless SOHO Firewall gateway from a wireless computer and you change the wireless SOHO Firewall gateway’s ESSID or WEP settings, you will lose your wireless connection when you click on Apply. You must then change the wireless settings of your computer to match the wireless SOHO Firewall gateway’s new settings. The table following the screen describes the fields displayed in the screen. The Basic Setup Screens 5-9
  42. 42. WER-401 Wireless SOHO Firewall Gateway Figure 5-5 Wireless LAN Setup 5-10 The Basic Setup Screens
  43. 43. WER-401 Wireless SOHO Firewall Gateway Table 5-5 Wireless LAN Setup FIELD DESCRIPTION Wireless LAN Setup ESSID (Extended Service Set IDentification) The ESSID identifies the Service Set the station is to connect to. Wireless clients associating to the Access Point must have the same ESSID. Enter a descriptive name for the wireless LAN. This field can be up to 32 characters. Channel ID This field determines which operating frequency will be used. It should not be necessary to change the wireless channel unless you notice interference problems with another nearby access point. The default wireless Channel is 1. Choose the operating frequency/channel for your particular region from the drop down list. • CH01 2412 MHz / CH02 2417 MHz ~ CH11 2462 MHz (North America/FCC) • CH01 2412 MHz / CH02 2417 MHz ~ CH13 2472 MHz (Europe CE/ ETSI) • CH01 2412 MHz / CH02 2417 MHz ~ Ch14 2484 MHz (Japan) • CH10 2457 MHz / CH11 2462 MHz (Spain) • CH10 2457 MHz / CH11 2462 MHz ~ CH13 2472 MHz (France) RTS/CTS (Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size shall have the effect of turning off the RTS/CTS handshake. Setting this attribute to zero shall have the effect of turning on the RTS/CTS handshake. Enter a value between 0 and 2432 in the Threshold field or select Disable. 2432 is the default. Disable Select this option to disable RTS/CTS. Threshold Select this option to set the RTS/CTS threshold. Fragmentation The threshold (number of bytes) for the fragmentation boundary for directed messages. Data will be transmitted in fragments with its size not exceeding this value. Enter a value between 256 and 2432. The value of this attribute shall never be less than 256. 2432 is the default. Disable Select this option to disable Fragmentation. Threshold Select this option to set the Fragmentation threshold. WEP-Based Security (Wired Equivalent Privacy) To prevent unauthorized wireless stations from accessing data transmitted over the network, the wireless SOHO Firewall gateway offers a data encryption, known as WEP to help encrypt wireless data transmitted via wireless medium. Select this option to allow data encryption. You may then choose 64-bit WEP or 128-bit WEP. Although WEP is functional at 5.5 and 11 Mb/s, The Basic Setup Screens 5-11
  44. 44. WER-401 Wireless SOHO Firewall Gateway FIELD DESCRIPTION there is significant performance degradation when using WEP at these rates. Disable Select this option (Disable) to allow wireless adapters to communicate with the Access Points without any data encryption (Open System). 64-bit WEP1 Enter 5 characters or 10 digits ("0-9", "A-F") for each Key (1-4). 128-bit WEP Enter 13 characters or 26 digits ("0-9", "A-F") for each Key (1-4). Select one WEP key as an active key to encrypt wireless data transmission. Key 1 There are four data encryption keys to secure your data from being eavesdropped by unauthorized wireless users. Key 2 The values must be set up exactly the same on the Access Points as they are on Key 3 the wireless client stations. The same value must be assigned to Key 1 on both the Key 4 Access Point and the client adapters, the same value must be assigned to Key 2 on both the Access Point and the client stations and so on, for all four WEP keys. Enter ten hexadecimal digits (any combination of 0-9, a-f, or A-F) preceded by the characters “0x” (e.g., 0x11aa22bb33). Or you may enter a five ASCII string key (e.g., MyKey). Allow All Allow all users to connect the WLAN without enabling MAC addresses filtering. Allow User List (MAC Allow some specific users to access the WLAN. Address Filter) User Enter the User Name of some computer in WLAN. MAC Address The MAC address related to the specific User of the computer in WLAN. Help Click this button for HTML help on this screen. Apply Click this button to save your changes back to the wireless SOHO Firewall gateway. Cancel Click this button to cancel any configuration changes you made in this screen. 5.5 Status Click the Status tab to display the next screen. Use this screen to display system information and statistics. The table following the screen describes the fields displayed in the screen. 1 The 64-bit WEP data encryption method, allows for a five-character (40-bit) input. Additionally, 24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. (The 24 factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits wide. 5-12 The Basic Setup Screens
  45. 45. WER-401 Wireless SOHO Firewall Gateway Figure 5-6 Status Screen Table 5-6 Status Screen FIELD DESCRIPTION System Information The next five fields display general information about the wireless SOHO Firewall gateway system. System Name This is the wireless SOHO Firewall gateway’s system name + domain name assigned in the System screen. For example, System Name= xxx; Domain Name= baboo.mickey.com; Name= xxx.baboo.mickey.com F/W Version: This is the Networking Operating System firmware version and the date created, for example, V3.50(CL.0) The Basic Setup Screens 5-13
  46. 46. WER-401 Wireless SOHO Firewall Gateway FIELD DESCRIPTION System Time This displays the current time as set in the System screen. System Date This displays the current date as set in the System screen. System Up Time The total time the wireless SOHO Firewall gateway has been on. WAN Port The next four fields display general information about the Internet Port. MAC The Internet port Ethernet address. IP The Internet port IP address. Subnet Mask The Internet port IP mask. DHCP The Internet port DHCP role (client or none). If set to None, the wireless SOHO Firewall gateway is configured to use a fixed IP address on the WAN or to use PPPoE. If set to Client, the wireless SOHO Firewall gateway is configured to obtain an IP address dynamically from the ISP. LAN Port The next four fields display general information about the Local Port. MAC The Local port Ethernet address. IP The Local port IP address. Subnet Mask The Local port IP mask. DHCP The Local port DHCP role (server or none). If set to None, the wireless SOHO Firewall gateway will not assign IP addresses to local computers on the LAN. If set to Server, the wireless SOHO Firewall gateway is configured to assign IP addresses to local computers on the LAN. Show Statistics Click this button to bring up the screen shown next. Help Click this button for HTML help on this screen. 5.5.1 Statistics Click the Show Statistics button to bring up the next screen. 5-14 The Basic Setup Screens
  47. 47. WER-401 Wireless SOHO Firewall Gateway Figure 5-7 Statistics Screen Table 5-7 Statistics Screen FIELD DESCRIPTION WAN/LAN The following statistics are displayed for both LAN and WAN respectively. Port The statistics for the WAN (Internet), LAN (local) Ethernet, and WLAN (wireless) ports. For each port, the screen displays the following information. Status Shows the port speed and duplex setting if you’re using Ethernet Encapsulation and Down (line is down), idle (line (ppp) idle), dial (starting to trigger a call) and drop (dropping a call) if you’re using PPPoE Encapsulation. TxPkts The number of transmitted packets on this port since reset or manual clear. RxPkts The number of received packets on this port since reset or manual clear. Cols The number of collisions on this port since reset or manual clear. Tx B/s Shows the transmission speed in Bytes per second on this port. Rx B/s Shows the reception speed in Bytes per second on this port. Up Time The time elapsed since the last power cycle or reset. Refresh Click this button to update the screen data. The Basic Setup Screens 5-15
  48. 48. WER-401 Wireless SOHO Firewall Gateway Chapter 6 The Advanced Setup Screens This chapter discusses how to configure dynamic DNS, port forwarding, static routes, dynamic routes, backing up/restoring the configuration file, uploading new software and remote management. 6.1 Dynamic DNS Click the Dynamic DNS tab to display the next screen. Use this screen to configure dynamic Domain Name Server Your router supports Dynamic Domain Name Service (DDNS). In a Dynamic DNS service, an IP registry server provides a public central database where dynamically-assigned IP addresses can be stored and retrieved by hostname lookup. The Dynamic DNS server also stores password-protected e-mail addresses along with IP addresses and hostnames and accepts queries based on e-mail addresses. You can update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a DNS-like address (e.g. myhost.dhs.org, where myhost is a name of your choice) which will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don’t know your IP address. First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name. The wireless SOHO Firewall gateway, at the time of writing, supports the www.dyndns.org client. You can apply to this client for Dynamic DNS service. 6.1.1 DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use for example www.yourhost.dyndns.org and still reach your hostname. The table following the figure describes the fields contained within. The Advanced Setup Screens 6-1
  49. 49. WER-401 Wireless SOHO Firewall Gateway Figure 6-1 Dynamic DNS Setup Table 6-1 Dynamic DNS Setup FIELD DESCRIPTION Disable Dynamic DNS Select this option to disable Dynamic DNS Service. Service Enable Dynamic DNS Select this option to enable Dynamic DNS Service and then fill in the following fields. Service Service Provider This is the name of your Dynamic DNS client. This field is read-only. Registered Host Enter the domain name assigned to your wireless SOHO Firewall gateway by your Name Dynamic DNS provider. Enable Wildcard Your wireless SOHO Firewall gateway supports DYNDNS Wildcard. Select this ti t bl DYNDNS Wild d 6-2 The Advanced Setup Screens
  50. 50. WER-401 Wireless SOHO Firewall Gateway FIELD DESCRIPTION option to enable DYNDNS Wildcard. E-mail Address Enter your e-mail address. User Enter your user name. Password Enter the password assigned to you. Help Click this button for HTML help on this screen. Apply Click this button to save your changes back to the wireless SOHO Firewall gateway. Cancel Click this button to cancel any configuration changes you made in this screen. 6.2 Port Forwarding Click the Port Forwarding tab to display the next screen. 6.2.1 Configuring for Port Forwarding to Local Servers Although the router causes your entire local network to appear as a single machine to the Internet, you can make local servers for different services (for example, FTP or HTTP) visible and available to the Internet. This is done using this screen. Requested services are identified by port numbers in an incoming IP packet. For example, a packet that is sent to the external IP address of your router and destined for port number 80 is an HTTP (Web server) request, and port 21 is an FTP request. Examples of port numbers are shown at the top of the PORTS menu, although you are not limited to these choices. See IETF RFC1700, “Assigned Numbers,” for port numbers for common protocols. Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP. Use this screen to configure the router to forward incoming protocols to IP addresses on your local network based on the port number. In addition to servers for specific protocols, you can also specify a Default Server The Advanced Setup Screens 6-3
  51. 51. WER-401 Wireless SOHO Firewall Gateway (also called DMZ) to which all other incoming protocols are forwarded. To configure port forwarding to a local server: 1. Enter a port number in an unused Service Port Range. 2. To forward only one port, enter it again in the Service Port Range after the “~”. 3. To specify a range of ports, enter the last port to be forwarded in this box. 4. Enter the IP address of the local server in the corresponding Server IP Address box. 5. Click Apply at the bottom of the menu. Local Web and FTP Server Example If a local computer, with a private address of 192.168.1.33, acts as a Web and FTP server, configure the Port Forwarding menu to forward ports 80 (HTTP) and 21 (FTP) to local address 192.168.1.33 as shown in the next table. In order for a remote user to access this server from the Internet, the remote user must know the IP address that has been assigned by your ISP. If this address is 172.16.1.23, for example, an Internet user can access your Web server by directing the browser to http://172.16.1.23. The assigned IP address can be found in the Status Screen, where it is shown as the WAN IP Address. Some considerations for this application are: • If your account’s IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. • If the IP address of the local computer is assigned by DHCP, it may change when the computer is rebooted. To avoid this, change the configuration of your computers to use fixed private addresses rather than DHCP-assigned addresses. Table 6-2 Port Table Entries (Example) PORT # SERVER IP ADDRESS Default 0.0.0.0 80 (HTTP) 192.168.1.33 21 (FTP) 192.168.1.33 Local computers must access the local server using the computers’ local LAN address (192.168.1.33 in this example). Attempts by local computers to access the server using the external IP address (172.16.1.23 in this example) will fail. 6-4 The Advanced Setup Screens
  52. 52. WER-401 Wireless SOHO Firewall Gateway Local Game Host or Videoconference Example Some online games and videoconferencing applications are incompatible with NAT. The wireless SOHO Firewall gateway is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local computer can run the application properly if that computer’s IP address is entered as the default in the Port Forwarding Menu. If one local computer acts as a game or videoconference host, enter its IP address as the default. The table following the figure describes the fields contained within. Figure 6-2 Port Forwarding The Advanced Setup Screens 6-5

×