Page 1 ProSecure Unified Threat Management (UTM) Appliance Reference M anua l 350 East Plumeria Drive San Jose, CA 95134 April 2012 202-10780-02...
Page 2: Technical Support
NETGEAR, Inc. © 2009–2012 All rights reserved. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at visit us at http://support.netgear.com.
Page 3: Revision History
ProSecure Unified Threat Management (UTM) Appliance Revision History Publication Version Publish Date Comments Part Number 202-10780-02 1.0 April 2012 • Added new features for all UTM models: Application control (see Configure Application Control) Traffic metering for LAN usage (see Create Traffic Meter Profiles) The use of custom user groups in firewall rules (see Rules to Block or Allow Specific Kinds of Traffic...
Page 4 Addition of the UTM150. • Removal of platform-specific chapters and sections because the UTM5, UTM10, and UTM25 now support the same web management interface menu layout that was already supported on the UTM50. The major changes for the UTM5, UTM10, and UTM25 are documented in...
Page 5: Table Of Contents
Hardware Features......... . . 23 Front Panel UTM5 and UTM10 ....... 24 Front Panel UTM25 .
Page 6 Test HTTP Scanning ........61 Register the UTM with NETGEAR ....... 61 Electronic Licensing .
Page 7 ProSecure Unified Threat Management (UTM) Appliance Set Up Address Reservation ....... . 110 Configure and Enable the DMZ Port .
Page 8 Test the Connection and View Connection and Status Information ..270 Test the NETGEAR VPN Client Connection ....270 NETGEAR VPN Client Status and Log Information .
Page 9 ProSecure Unified Threat Management (UTM) Appliance Chapter 8 Virtual Private Networking Using SSL Connections SSL VPN Portal Options........319 Use the SSL VPN Wizard for Client Configurations .
Page 10 ProSecure Unified Threat Management (UTM) Appliance Features That Increase Traffic ....... 409 Use QoS and Bandwidth Assignments to Shift the Traffic Mix.
Page 11 Enable Remote Troubleshooting ......516 Send Suspicious Files to NETGEAR for Analysis ....517 Access the Knowledge Base and Documentation .
Page 12 What Is Two-Factor Authentication? ......594 NETGEAR Two-Factor Authentication Solutions ....594 Appendix F System Logs and Error Messages System Log Messages .
Page 13 ProSecure Unified Threat Management (UTM) Appliance Service Logs ..........598 NTP.
Page 14: What Is The Prosecure Unified Threat Management (Utm) Appliance
Introduction This chapter provides an overview of the features and capabilities of the NETGEAR ProSecure® Unified Threat Management (UTM) Appliance. This chapter contains the following sections: • What Is the ProSecure Unified Threat Management (UTM) Appliance? • Key Features and Capabilities •...
Page 15: Key Features And Capabilities
(UTM9S only) for ADSL and VDSL. • Advanced IPSec VPN and SSL VPN support. • Depending on the model, bundled with a one-user license of the NETGEAR ProSafe VPN Client software (VPN01L). • Advanced Stateful Packet Inspection (SPI) firewall with multi-NAT support.
Page 16: Multiple Wan Port Models For Increased Reliability Or Outbound Load Balancing
ProSecure Unified Threat Management (UTM) Appliance Multiple WAN Port Models for Increased Reliability or Outbound Load Balancing The UTM product line offers models with two broadband WAN ports. The second WAN port allows you to connect a second broadband Internet line that can be configured on a mutually exclusive basis to: •...
Page 17: Advanced Vpn Support For Both Ipsec And Ssl
VPN client software on the remote computer. IPSec VPN with broad protocol support for secure connection to other IPSec gateways and clients. Depending on the model, bundled with a one-user license of the NETGEAR ProSafe VPN Client software (VPN01L). •...
Page 18: Security Features
ProSecure Unified Threat Management (UTM) Appliance file scanning is up to five times faster than with traditional antivirus solutions—a performance advantage that you will notice. Stream Scanning also enables organizations to withstand massive spikes in traffic, as in the event of a malware outbreak. The scan engine has the following capabilities: •...
Page 19: Autosensing Ethernet Connections With Auto Uplink
ProSecure Unified Threat Management (UTM) Appliance Autosensing Ethernet Connections with Auto Uplink With its internal four- or six-port 10/100/1000 Mbps switch and single or dual (model-dependant) 10/100/1000 WAN ports, the UTM can connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast Ethernet network, or a 1000 Mbps Gigabit Ethernet network.
Page 20: Easy Installation And Management
VPNC-compliant VPN routers and clients. • SSL VPN Wizard. The UTM includes the NETGEAR SSL VPN Wizard so you can easily configure SSL connections over VPN according to the recommendations of the VPNC. This ensures that the SSL connections are interoperable with other VPNC-compliant VPN routers and clients.
Page 21: Model Comparison
ProSecure Unified Threat Management (UTM) Appliance Model Comparison The following table compares the UTM models to show the differences. For performance specifications and sizing guidelines, see NETGEAR’s marketing documentation at http://prosecure.netgear.com. Table 1. Differences between the UTM models Feature UTM5...
Page 22 UTM are no longer displayed on the Registration screen. However, after you have reconfigured the UTM to connect to the Internet and to the NETGEAR registration server, the UTM retrieves and restores all registration information based on its MAC address and hardware serial number.
Page 23: Package Contents
ProSafe VPN Client software (VPN01L) (depends on the UTM model) • Service Registration Card with license key(s) If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.
Page 24: Front Panel Utm5 And Utm10
ProSecure Unified Threat Management (UTM) Appliance Front Panel UTM5 and UTM10 Viewed from left to right, the UTM5 and UTM10 front panel contains the following ports: • One nonfunctioning USB port. This port is included for future management enhancements. The port is currently not operable on the UTM.
Page 25: Front Panel Utm50
ProSecure Unified Threat Management (UTM) Appliance Power LED DMZ LED USB port Left LAN LEDs Left WAN LEDs Active LEDs Right WAN LEDs Right LAN LEDs Test LED Figure 3. Front panel UTM25 Front Panel UTM50 Viewed from left to right, the UTM front panel contains the following ports (see the following figure, which shows a multiple WAN port model, the UTM25): •...
Page 26: Front Panel Utm150
ProSecure Unified Threat Management (UTM) Appliance Front Panel UTM150 Viewed from left to right, the UTM150 front panel contains the following ports: • One nonfunctioning USB port. This port is included for future management enhancements. The port is currently not operable on the UTM. •...
Page 27 ProSecure Unified Threat Management (UTM) Appliance Slot 1 Slot 2 Left WAN LEDs Power LED Left LAN LEDs USB port DMZ LED Test LED Right LAN LEDs Active WAN LEDs Right WAN LEDs USB LED Figure 6. Front panel UTM9S UTM9SDSL xDSL Module The following xDSL modules are available for insertion in one of the UTM9S slots: •...
Page 28: Led Descriptions, Utm5, Utm10, Utm25, Utm50, And Utm150
ProSecure Unified Threat Management (UTM) Appliance Figure 8. UTM9SWLSN wireless module LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 The following table describes the function of each LED. Table 2. LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150 Activity Description Power LED On (green) Power is supplied to the UTM.
Page 29: Led Descriptions, Utm9S And Modules
On (green) The LAN port is operating at 1000 Mbps. DMZ LED Port 4 (UTM5, UTM9S, UTM10, UTM25, and UTM150) or port 6 (UTM50) is operating as a normal LAN port. On (green) Port 4 (UTM5, UTM9S, UTM10, UTM25, and UTM150) or port 6 (UTM50) is operating as a dedicated hardware DMZ port.
Page 30 ProSecure Unified Threat Management (UTM) Appliance Table 3. LED descriptions UTM9S (continued) Activity Description Test LED On (amber) during Test mode. The UTM is initializing. After approximately 2 minutes, when the startup UTM has completed its initialization, the Test LED goes off. On (amber) during The initialization has failed, or a hardware failure has occurred.
Page 31: Rear Panel Utm5, Utm10, And Utm25
Figure 9. Rear panel of the UTM5, UTM10, and UTM25 Viewed from left to right, the rear panel of the UTM5, UTM10, and UTM25 contains the following components: Cable security lock receptacle. Console port. Port for connecting to an optional console terminal. The port has a DB9 male connector.
Page 32: Rear Panel Utm50 And Utm150
ProSecure Unified Threat Management (UTM) Appliance Rear Panel UTM50 and UTM150 The rear panel of the UTM includes a cable lock receptacle, a console port, a factory default Reset button, and an AC power connection. Console port AC power receptacle Factory Defaults Security lock reset button...
Page 33: Bottom Panels With Product Labels
Power On/Off switch. Bottom Panels with Product Labels The product label on the bottom of the UTM’s enclosure displays factory defaults settings, regulatory compliance, and other information. The following figure shows the product label for the UTM5: Figure 12. Introduction...
Page 34 ProSecure Unified Threat Management (UTM) Appliance The following figure shows the product label for the UTM10: Figure 13. The following figure shows the product label for the UTM25: Figure 14. Introduction...
Page 35 ProSecure Unified Threat Management (UTM) Appliance The following figure shows the product label for the UTM50: Figure 15. The following figure shows the product label for the UTM150: Figure 16. Introduction...
Page 36: Choose A Location For The Utm
ProSecure Unified Threat Management (UTM) Appliance The following figure shows the product label for the UTM9S: Figure 17. Choose a Location for the UTM The UTM is suitable for use in an office environment where it can be freestanding (on its runner feet) or mounted into a standard 19-inch equipment rack.
Page 37: Use The Rack-Mounting Kit
ProSecure Unified Threat Management (UTM) Appliance Use the Rack-Mounting Kit Use the mounting kit for the UTM to install the appliance in a rack. (A mounting kit is provided in the package for the multiple WAN port models.) Attach the mounting brackets using the hardware that is supplied with the mounting kit.
Page 38: Steps For Initial Connection
Installation Guide. See the ProSecure Unified Threat Management UTM Installation Guide for complete steps. A PDF of the Installation Guide is on the NETGEAR website at http://www.prosecure.netgear.com/resources/document-library.php. Log in to the UTM. After logging in, you are ready to set up and configure your UTM. See Log In to the UTM on page 39.
Page 39: Qualified Web Browsers
Qualified Browsers. In the address field, enter https://192.168.1.1. The NETGEAR Configuration Manager Login screen displays in the browser. (The following figure shows the screen for the UTM50.) This screen also provides the User Portal Login Link. For general information about the User...
Page 40 ProSecure Unified Threat Management (UTM) Appliance Figure 19. In the User Name field, type admin. Use lowercase letters. In the Password / Passcode field, type password. Here, too, use lowercase letters. Note: The UTM user name and password are not the same as any user name or password you might use to log in to your Internet connection.
Page 41: Web Management Interface Menu Layout
ProSecure Unified Threat Management (UTM) Appliance Figure 20. Web Management Interface Menu Layout The following figure shows the menu at the top the UTM50 web management interface as an example. 3rd level: Submenu tab (blue) Option arrow: Additional screen for submenu item 2nd level: Configuration menu link (gray) 1st level: Main navigation menu link (orange) Figure 21.
Page 42 ProSecure Unified Threat Management (UTM) Appliance The web management interface menu consists of the following components: • 1st level: Main navigation menu links. The main navigation menu in the orange bar across the top of the web management interface provides access to all the configuration functions of the UTM, and remains constant.
Page 43: Use The Setup Wizard To Perform The Initial Configuration
Chapter 3, Manually Configuring Internet and WAN Settings.  To start the Setup Wizard: Select Wizards from the main navigation menu. The Welcome to the Netgear Configuration Wizard screen displays: Figure 24. Select the Setup Wizard radio button. Click Next. The first Setup Wizard screen displays.
Page 44: Setup Wizard Step 1 Of 10: Lan Settings
ProSecure Unified Threat Management (UTM) Appliance Setup Wizard Step 1 of 10: LAN Settings Figure 25. Enter the settings as explained in the following table, and then click Next to go the following screen. Note: In this first step, you are actually configuring the LAN settings for the UTM’s default VLAN.
Page 45 ProSecure Unified Threat Management (UTM) Appliance Table 4. Setup Wizard Step 1: LAN Settings screen settings Setting Description LAN TCP/IP Setup IP Address Enter the IP address of the UTM’s default VLAN (the factory default address is 192.168.1.1). Note: Always make sure that the LAN port IP address and DMZ port IP address are in different subnets.
Page 46 O (for organization) • C (for country) • DC (for domain) For example, to search the Netgear.net domain for all last names of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for the LDAP server. The default setting is 0 (zero).
Page 47: Setup Wizard Step 2 Of 10: Wan Settings
ProSecure Unified Threat Management (UTM) Appliance Table 4. Setup Wizard Step 1: LAN Settings screen settings (continued) Setting Description Inter VLAN Routing Enable Inter VLAN This setting is optional. To ensure that traffic is routed only to VLANs for which Routing inter-VLAN routing is enabled, select the Enable Inter VLAN Routing check box.
Page 48 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table, and then click Next to go the following screen. Note: Instead of manually entering the settings, you can also click the Auto Detect action button at the bottom of the screen. The autodetect process probes the WAN port for a range of connection methods and suggests one that your ISP is most likely to support.
Page 49 ProSecure Unified Threat Management (UTM) Appliance Table 5. Setup Wizard Step 2: WAN Settings screen settings (continued) Setting Description Other (PPPoE) If you have installed login software such as WinPoET or Enternet, then your connection type is PPPoE. Select this radio button and enter the following settings: Account Name The valid account name for the PPPoE connection.
Page 50: Setup Wizard Step 3 Of 10: System Date And Time
ProSecure Unified Threat Management (UTM) Appliance Table 5. Setup Wizard Step 2: WAN Settings screen settings (continued) Setting Description Use Static IP Address If your ISP has assigned you a fixed (static or permanent) IP address, select the Use Static IP Address radio button and enter the following settings. IP Address The static IP address assigned to you.
Page 51: Setup Wizard Step 4 Of 10: Services
Note: If you select this option but leave either the Server 1 or Server 2 field blank, both fields are set to the default NETGEAR NTP servers. Note: A list of public NTP servers is available at http://support.ntp.org/bin/view/Servers/WebHome.
Page 52 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table, and then click Next to go the following screen. Table 7. Setup Wizard Step 4: Services screen settings Setting Description Email SMTP SMTP scanning is enabled by default on standard service port 25.
Page 53: Setup Wizard Step 5 Of 10: Email Security
ProSecure Unified Threat Management (UTM) Appliance Setup Wizard Step 5 of 10: Email Security Figure 29. Enter the settings as explained in the following table, and then click Next to go the following screen. Table 8. Setup Wizard Step 5: Email Security screen settings Setting Description Action...
Page 54: Setup Wizard Step 6 Of 10: Web Security
ProSecure Unified Threat Management (UTM) Appliance Table 8. Setup Wizard Step 5: Email Security screen settings (continued) Setting Description IMAP From the IMAP drop-down list, select one of the following actions to be taken when an infected email is detected: •...
Page 55 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table, and then click Next to go the following screen. Table 9. Setup Wizard Step 6: Web Security screen settings Setting Description Action HTTP From the HTTP drop-down list, select one of the following actions to be taken when an infected web file or object is detected: •...
Page 56: Setup Wizard Step 7 Of 10: Web Categories To Be Blocked
ProSecure Unified Threat Management (UTM) Appliance Setup Wizard Step 7 of 10: Web Categories to Be Blocked Figure 31. Using the Setup Wizard to Provision the UTM in Your Network...
Page 57 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table, and then click Next to go the following screen. Table 10. Setup Wizard Step 7: Web Categories to be blocked screen settings Setting Description Blocked Web Categories Select the Enable Blocking check box to enable blocking of web categories.
Page 58: Setup Wizard Step 8 Of 10: Email Notification
Administrator Email Notification Settings Show as mail sender A descriptive name of the sender for email identification purposes. For example, enter UTM_Notifications@netgear.com. SMTP server The IP address and port number or Internet name and port number of your ISP’s outgoing email SMTP server. The default port number is 25.
Page 59: Setup Wizard Step 9 Of 10: Signatures & Engine
Update From Set the update source server by selecting one of the following radio buttons: • Default update server. Files are updated from the default NETGEAR update server. • Server address. Files are updated from the server that you specify. Enter the IP address or host name of the update server in the Server address field.
Page 60: Setup Wizard Step 10 Of 10: Saving The Configuration
ProSecure Unified Threat Management (UTM) Appliance Table 12. Setup Wizard Step 9: Signatures & Engine screen settings (continued) Setting Description Update Frequency Specify the frequency with which the UTM checks for file updates: • Weekly. From the drop-down lists, select the weekday, hour, and minutes that the updates occur. •...
Page 61: Test Connectivity
Check the downloaded eicar.com test file, and note the attached malware information file. Register the UTM with NETGEAR To receive threat management component updates and technical support, you need to register your UTM with NETGEAR. The UTM is bundled with four 30-day trial licenses: • Web protection •...
Page 62 ProSecure Unified Threat Management (UTM) Appliance  If your UTM is connected to the Internet, you can activate the service licenses: Select Support > Registration. The Registration screen displays: Figure 35. Enter the license key in the Registration Key field. Fill out the customer and value-added reseller (VAR) fields.
Page 63: Electronic Licensing
Registration screen. However, after you have reconfigured the UTM to connect to the Internet and to the NETGEAR registration server, the UTM retrieves and restores all registration information based on its MAC address and hardware serial number. You do not need to reenter the license keys and reactivate the UTM.
Page 64: What To Do Next
ProSecure Unified Threat Management (UTM) Appliance What to Do Next You have completed setting up the UTM to the network. The UTM is now ready to scan the protocols and services that you specified and perform automatic updates based on the update source and frequency that you specified.
Page 65: Chapter 3 Manually Configuring Internet And Wan Settings
Manually Configuring Internet and WAN Settings This chapter contains the following sections: • Internet and WAN Configuration Tasks • Automatically Detecting and Connecting the Internet Connections • Manually Configure the Internet Connection • Configure the WAN Mode • Configure Secondary WAN Addresses •...
Page 66: Automatically Detecting And Connecting The Internet Connections
ProSecure Unified Threat Management (UTM) Appliance Generally, five steps are required to complete the WAN Internet connection of your UTM.  Complete these steps: Configure the Internet connections to your ISPs. During this phase, you connect to your ISPs. See Automatically Detecting and Connecting the Internet Connections page 66 or Manually Configure the Internet Connection...
Page 67 ProSecure Unified Threat Management (UTM) Appliance Figure 36. The UTM5 and UTM10 screens show one WAN interface; the UTM25 and UTM50 screens show two WAN interfaces; the UTM150 screen shows four WAN interfaces; the UTM9S screen shows two WAN interfaces and a slot (SLOT-1 or SLOT-2), in which the xDSL module is installed.
Page 68 ProSecure Unified Threat Management (UTM) Appliance Figure 37. Click the Auto Detect button at the bottom of the screen. The autodetect process probes the WAN port for a range of connection methods and suggests one that your ISP is most likely to support.
Page 69 ProSecure Unified Threat Management (UTM) Appliance Table 13. Internet connection methods Connection method Manual data input required DHCP (Dynamic IP) No data is required. PPPoE Login, password, account name, and domain name. PPTP Login, password, account name, your IP address, and the server IP address. Fixed (Static) IP IP address, subnet mask, and gateway IP address, and related data supplied by your ISP.
Page 70: Set The Utm's Mac Address
ProSecure Unified Threat Management (UTM) Appliance Note: If the configuration process was successful, you are connected to the Internet through the WAN that you just configured. For the multiple WAN port models, continue with the configuration process for the other WAN interfaces. Note: For more information about the WAN Connection Status screen, see View the WAN Ports Status...
Page 71 ProSecure Unified Threat Management (UTM) Appliance Figure 39. In the ISP Login section, select one of the following options: • If your ISP requires an initial login to establish an Internet connection, select Yes. (The default is No.) • If a login is not required, select No, and ignore the Login and Password fields. If you selected Yes, enter the login name in the Login field and the password in the Password field.
Page 72 ProSecure Unified Threat Management (UTM) Appliance If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter the settings as explained in the following table: Table 14. PPTP and PPPoE settings Setting Description Austria (PPTP) If your ISP is Austria Telecom or any other ISP that uses PPTP for login, select this radio button, and enter the following settings: Account Name The account name is also known as the host name or system name.
Page 73 ProSecure Unified Threat Management (UTM) Appliance Table 14. PPTP and PPPoE settings (continued) Setting Description Other (PPPoE) Connection Select the Connection Reset check box to specify a time when the (continued) Reset PPPoE WAN connection is reset, that is, the connection is disconnected momentarily and then reestablished.
Page 74: Configure The Wan Mode
ProSecure Unified Threat Management (UTM) Appliance In the Domain Name Server (DNS) Servers section of the screen (see the following figure), specify the DNS settings as explained in the following table. Figure 42. Table 16. DNS server settings Setting Description Get Automatically If your ISP has not assigned any Domain Name Server (DNS) addresses, select the from ISP...
Page 75 ProSecure Unified Threat Management (UTM) Appliance Note: For the UTM9S only, you can also use a DSL interface for any of the following modes (see Appendix A, xDSL Module for the UTM9S). • Load balancing mode. The UTM distributes the outbound traffic equally among the WAN interfaces that are functional.
Page 76: Configure Network Address Translation (All Models)
ProSecure Unified Threat Management (UTM) Appliance Configure Network Address Translation (All Models) Network Address Translation (NAT) allows all PCs on your LAN to share a single public Internet IP address. From the Internet, there is only a single device (the UTM) and a single IP address.
Page 77: Configure Auto-Rollover Mode And The Failure Detection Method (Multiple Wan Port Models)
ProSecure Unified Threat Management (UTM) Appliance  To configure classical routing: Select Network Config > WAN Settings > WAN Mode. The WAN Mode screen displays (see Figure 43 on page 78). In the NAT (Network Address Translation) section of the screen, select the Classical Routing radio button.
Page 78 ProSecure Unified Threat Management (UTM) Appliance Figure 43. In the Load Balancing Settings section of the screen, configure the following settings: a. Select the Primary WAN Mode radio button. b. From the corresponding drop-down list on the right, select a WAN interface to function as the primary WAN interface.
Page 79 ProSecure Unified Threat Management (UTM) Appliance Locate the Failure Detection Method section onscreen (see the following figure). Enter the settings as explained in the following table. Figure 44. Table 17. Failure detection method settings Setting Description WAN Failure Detection Method Select a failure detection method from the drop-down list.
Page 80: Configure Load Balancing And Optional Protocol Binding
ProSecure Unified Threat Management (UTM) Appliance Note: You can configure the UTM to generate a WAN status log and email this log to a specified address (see Configure Logging, Alerts, and Event Notifications on page 438). Configure Load Balancing and Optional Protocol Binding To use multiple ISP links simultaneously, configure load balancing.
Page 81 ProSecure Unified Threat Management (UTM) Appliance Note: You cannot configure load balancing when you use a PPPoE connection and have selected the Idle Timeout radio button on the WAN ISP Settings screen (single WAN port models) or on one of the WAN ISP Settings screens (multiple WAN port models);...
Page 82 ProSecure Unified Threat Management (UTM) Appliance The Protocol Bindings table displays the following fields: • Check box. Allows you to select the protocol binding rule in the table. • Status icon. Indicates the status of the protocol binding rule: Green circle. The protocol binding rule is enabled. Gray circle.
Page 83 ProSecure Unified Threat Management (UTM) Appliance Table 18. Add Protocol Binding screen settings (continued) Setting Description Source Network The source network settings determine which computers on your network are affected by this rule. Select one of the following options from the drop-down list: All devices on your LAN.
Page 84: Configure Secondary Wan Addresses
ProSecure Unified Threat Management (UTM) Appliance • Disable. Disables the binding or bindings. The ! status icon changes from a green circle to a gray circle, indicating that the selected binding or bindings are disabled. • Delete. Deletes the binding or bindings. Configure Secondary WAN Addresses You can set up a single WAN port to be accessed through multiple IP addresses by adding aliases to the port.
Page 85: Configure Dynamic Dns
ProSecure Unified Threat Management (UTM) Appliance Click the Secondary Addresses option arrow at the upper right of the screen. The WAN Secondary Addresses screen displays for the WAN interface that you selected (see the following figure, which shows the WAN1 Secondary Addresses screen as an example, and which includes one entry in the List of Secondary WAN addresses table).
Page 86 ProSecure Unified Threat Management (UTM) Appliance If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently—hence, the need for a commercial DDNS service, which allows you to register an extension to its domain, and restores DNS requests for the resulting fully qualified domain name (FQDN) to...
Page 87 ProSecure Unified Threat Management (UTM) Appliance Figure 49. Click the Information option arrow in the upper right of a DNS screen for registration information. Figure 50. Access the website of the DDNS service provider, and register for an account (for example, for DynDNS.org, go to http://www.dyndns.com/).
Page 88 ProSecure Unified Threat Management (UTM) Appliance Configure the DDNS service settings as explained in the following table: Table 19. DNS service settings Setting Description WAN (Dynamic DNS Status: ...) WAN1 (Dynamic DNS Status: ...) Change DNS to Select the Yes radio button to enable the DDNS service. The fields that display onscreen (DynDNS, TZO, depend on the DDNS service provider that you have selected.
Page 89: Configure Advanced Wan Options
ProSecure Unified Threat Management (UTM) Appliance Configure Advanced WAN Options The advanced options include configuring the maximum transmission unit (MTU) size, the port speed, and the UTM’s MAC address, and setting a rate limit on the traffic that is being forwarded by the UTM.
Page 90 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 20. Advanced WAN settings Setting Description MTU Size Make one of the following selections: Default Select the Default radio button for the normal maximum transmit unit (MTU) value.
Page 91: Additional Wan-Related Configuration Tasks
If you want the ability to manage the UTM remotely, enable remote management (see Configure Remote Management Access on page 415). If you enable remote management, NETGEAR strongly recommend that you change your password (see Change Passwords and Administrator and Guest Settings on page 413).
Page 92: Chapter 4 Lan Configuration
LAN Configuration This chapter describes how to configure the advanced LAN features of your UTM. This chapter contains the following sections: • Manage Virtual LANs and DHCP Options • Configure Multihome LAN IPs on the Default VLAN • Manage Groups and Hosts (LAN Groups) •...
Page 93: Port-Based Vlans
ProSecure Unified Threat Management (UTM) Appliance single VLAN, they can share resources and bandwidth as if they were connected to the same segment. The resources of other departments can be invisible to the marketing VLAN members, accessible to all, or accessible only to specified individuals, depending on how the IT manager has set up the VLANs.
Page 94: Assign And Manage Vlan Profiles
ProSecure Unified Threat Management (UTM) Appliance packets that leave these LAN ports with the same default PVID 1 are untagged. All other packets are tagged according to the VLAN ID that you assigned to the VLAN when you created the VLAN profile. This is a typical scenario for a configuration with an IP phone that has two Ethernet ports, one of which is connected to the UTM, the other one to another device: Packets coming from the IP phone to the UTM LAN port are tagged.
Page 95: Vlan Dhcp Options
Action. The Edit table button, which provides access to the Edit VLAN Profile screen. Assign a VLAN profile to a LAN port (For the UTM5, UTM10, UTM25, and UTM150: Port 1, Port 2, Port 3, or Port 4/DMZ; for the UTM50: Port 1, Port 2, Port 3, Port 4, Port 5, or Port 6/DMZ) by selecting a VLAN profile from the drop-down list.
Page 96: Configure A Vlan Profile
ProSecure Unified Threat Management (UTM) Appliance • WINS server (if you entered a WINS server address in the DHCP Setup screen) • Lease time (the date obtained and the duration of the lease). DHCP Relay DHCP relay options allow you to make the UTM a DHCP relay agent for a VLAN. The DHCP relay agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages.
Page 97 ProSecure Unified Threat Management (UTM) Appliance  To add or edit a VLAN profile: Select Network Config > LAN Settings. The LAN submenu tabs display, with the LAN Setup screen in view. The following figure shows the LAN Setup screen for the UTM50 with six LAN ports, and the default VLAN profile and another VLAN profile as examples.
Page 98 ProSecure Unified Threat Management (UTM) Appliance Figure 54. Enter the settings as explained in the following table: Table 21. Edit VLAN Profile screen settings Setting Description VLAN Profile Profile Name Enter a unique name for the VLAN profile. Note: You can also change the profile name of the default VLAN. LAN Configuration...
Page 99 You can enter VLAN IDs from 2 to 4093. VLAN ID 1 is reserved for the default VLAN; VLAN ID 4094 is reserved for the DMZ interface. Port Membership UTM5, UTM9S, UTM10, UTM25, and UTM150: Select one, several, or all port check boxes to make the ports members of this Port 1, Port 2, Port 3, VLAN.
Page 100 ProSecure Unified Threat Management (UTM) Appliance Table 21. Edit VLAN Profile screen settings (continued) Setting Description Enable DHCP Server Select the Enable DHCP Server radio button to enable the UTM to function as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP configuration for all computers connected to the VLAN.
Page 101 O (for organization) • C (for country) • DC (for domain) For example, to search the Netgear.net domain for all last names of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for the LDAP server. The default setting is 0 (zero).
Page 102: Configure Vlan Mac Addresses And Advanced Lan Settings
ProSecure Unified Threat Management (UTM) Appliance Note: When you have completed the LAN setup, all outbound traffic is allowed and all inbound traffic is discarded except responses to requests from the LAN side. For information about how to change these default traffic rules, see Chapter 5, Firewall Protection.
Page 103: Configure Multihome Lan Ips On The Default Vlan
ProSecure Unified Threat Management (UTM) Appliance Figure 55. From the MAC Address for VLANs drop-down list, select Unique. (The default is Same.) As an option, you can disable the broadcast of ARP packets for the default VLAN by clearing the Enable ARP Broadcast check box. (The broadcast of ARP packets is enabled by default for the default VLAN.) If you choose to keep the broadcast of ARP enabled, you can enter an ARP refresh rate in the Set Refresh Rate field.
Page 104 ProSecure Unified Threat Management (UTM) Appliance The following is an example of correctly configured IP addresses on a multiple WAN port model: • WAN1 IP address. 10.0.0.1 with subnet 255.0.0.0 • WAN2 IP address. 20.0.0.1 with subnet 255.0.0.0 • DMZ IP address. 192.168.10.1 with subnet 255.255.255.0 •...
Page 105: Manage Groups And Hosts (Lan Groups)
ProSecure Unified Threat Management (UTM) Appliance  To edit a secondary LAN IP address: On the LAN Multi-homing screen (see the previous screen), click the Edit button in the Action column for the secondary IP address that you want to modify. The Edit Secondary LAN IP address screen displays.
Page 106: Manage The Network Database
ProSecure Unified Threat Management (UTM) Appliance These are some advantages of the network database: • Generally, you do not need to enter an IP address or a MAC address. Instead, you can just select the name of the desired PC or device. •...
Page 107 ProSecure Unified Threat Management (UTM) Appliance Figure 57. The Known PCs and Devices table lists the entries in the network database. For each PC or device, the following fields display: • Check box. Allows you to select the PC or device in the table. •...
Page 108 ProSecure Unified Threat Management (UTM) Appliance Add PCs or Devices to the Network Database  To add PCs or devices manually to the network database: In the Add Known PCs and Devices section of the LAN Groups screen (see the previous figure), enter the settings as explained in the following table: Table 22.
Page 109: Change Group Names In The Network Database
ProSecure Unified Threat Management (UTM) Appliance Figure 58. Modify the settings as explained in Table 22 on page 108. Click Apply to save your settings in the Known PCs and Devices table. Deleting PCs or Devices from the Network Database ...
Page 110: Set Up Address Reservation
ProSecure Unified Threat Management (UTM) Appliance Figure 59. Select the radio button next to the group name that you want to edit. Type a new name in the field. The maximum number of characters is 15; spaces and double quotes (") are not allowed. Repeat Step 3 Step 4...
Page 111: Configure And Enable The Dmz Port
The rightmost LAN port on the UTM can be dedicated as a hardware DMZ port to safely provide services to the Internet without compromising security on your LAN. On the UTM5, UTM10, UTM25, and UTM150, this is LAN port 4; on the UTM50, this is LAN port 6.
Page 112 ProSecure Unified Threat Management (UTM) Appliance Figure 60. Enter the settings as explained in the following table: Table 23. DMZ Setup screen settings Setting Description DMZ Port Setup Do you want to Select one of the following radio buttons: enable DMZ Port? •...
Page 113 ProSecure Unified Threat Management (UTM) Appliance Table 23. DMZ Setup screen settings (continued) Setting Description DHCP Disable DHCP Server If another device on your network is the DHCP server for the VLAN, or if you will manually configure the network settings of all of your computers, select the Disable DHCP Server radio button to disable the DHCP server.
Page 114 O (for organization) • C (for country) • DC (for domain) For example, to search the Netgear.net domain for all last names of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for the LDAP server. The default setting is 0 (zero).
Page 115: Manage Routing
ProSecure Unified Threat Management (UTM) Appliance Manage Routing Static routes provide additional routing information to your UTM. Under normal circumstances, the UTM has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You should configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on your network.
Page 116 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 24. Add Static Route screen settings Setting Description Route Name The route name for the static route (for purposes of identification and management). Active To make the static route effective, select the Active check box.
Page 117: Configure Routing Information Protocol
ProSecure Unified Threat Management (UTM) Appliance Configure Routing Information Protocol Routing Information Protocol (RIP), RFC 2453, is an Interior Gateway Protocol (IGP) that is commonly used in internal networks (LANs). RIP enables a router to exchange its routing information automatically with other routers, to dynamically adjust its routing tables, and to adapt to changes in the network.
Page 118 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 25. RIP Configuration screen settings Setting Description RIP Direction From the RIP Direction drop-down list, select the direction in which the UTM sends and receives RIP packets: •...
Page 119: Static Route Example
ProSecure Unified Threat Management (UTM) Appliance Table 25. RIP Configuration screen settings (continued) Setting Description Authentication for Not Valid Before The beginning of the lifetime of the MD5 key. Enter the month, RIP-2B/2M required? date, year, hour, minute, and second. Before this date and (continued) time, the MD5 key is not valid.
Page 120: Chapter 5 Firewall Protection
Firewall Protection This chapter describes how to use the firewall features of the UTM to protect your network. This chapter contains the following sections: • About Firewall Protection • Use Rules to Block or Allow Specific Kinds of Traffic • Configure Other Firewall Features •...
Page 121: Administrator Tips
ProSecure Unified Threat Management (UTM) Appliance Administrator Tips Consider the following operational items: As an option, you can enable remote management if you have to manage distant sites from a central location (see Configure Authentication Domains, Groups, and Users page 358 and Configure Remote Management Access on page 415).
Page 122: Service-Based Rules
ProSecure Unified Threat Management (UTM) Appliance The firewall rules for blocking and allowing traffic on the UTM can be applied to LAN WAN traffic, DMZ WAN traffic, and LAN DMZ traffic. Table 26. Number of supported firewall rule configurations Traffic rule Maximum number of Maximum number of Maximum number of...
Page 123 ProSecure Unified Threat Management (UTM) Appliance The following table describes the fields that define the rules for outbound traffic and that are common to most Outbound Service screens (see Figure 66 on page 132, Figure 69 page 135, and Figure 72 on page 138).
Page 124 ProSecure Unified Threat Management (UTM) Appliance Table 27. Outbound rules overview (continued) Setting Description WAN Users The settings that determine which Internet locations are covered by the rule, based on their IP address. The options are: • Any. All Internet IP address are covered by this rule. •...
Page 125 ProSecure Unified Threat Management (UTM) Appliance Table 27. Outbound rules overview (continued) Setting Description Bandwidth Profile Bandwidth limiting determines the way in which the data is sent to and from your host. The purpose of bandwidth limiting is to provide a solution for limiting the outgoing and incoming traffic, thus preventing the LAN users from consuming all the bandwidth of the Internet link.
Page 126 ProSecure Unified Threat Management (UTM) Appliance Whether or not DHCP is enabled, how the PC accesses the server’s LAN address impacts the inbound rules. For example: • If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP address might change periodically as the DHCP lease expires.
Page 127 ProSecure Unified Threat Management (UTM) Appliance The steps to configure inbound rules are described in the following sections: • Set LAN WAN Rules • Set DMZ WAN Rules • Set LAN DMZ Rules Table 28. Inbound rules overview Setting Description Service The service or application to be covered by this rule.
Page 128 ProSecure Unified Threat Management (UTM) Appliance Table 28. Inbound rules overview (continued) Setting Description LAN Users The settings that determine which computers on your network are affected by this rule. The options are: • Any. All PCs and devices on your LAN. •...
Page 129 ProSecure Unified Threat Management (UTM) Appliance Table 28. Inbound rules overview (continued) Setting Description QoS Profile The priority assigned to IP packets of this service. The priorities are defined by Type of Service (ToS) in the Internet Protocol Suite standards, RFC 1349. The QoS profile determines the priority of a service which, in turn, determines the quality of that service for the traffic passing through the firewall.
Page 130: Order Of Precedence For Rules
ProSecure Unified Threat Management (UTM) Appliance Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a web or FTP server) from your location. Your ISP might periodically check for servers and might suspend your account if it discovers any active servers at your location.
Page 131 ProSecure Unified Threat Management (UTM) Appliance  To change the default outbound policy: Select Network Security > Firewall. The Firewall submenu tabs display, with the LAN WAN Rules screen in view. Next to Default Outbound Policy, select Block Always from the drop-down list. Figure 65.
Page 132 ProSecure Unified Threat Management (UTM) Appliance LAN WAN Outbound Service Rules You can define rules that specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day.
Page 133 ProSecure Unified Threat Management (UTM) Appliance LAN WAN Inbound Service Rules The Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules are listed. By default, all inbound traffic (from the Internet to the LAN) is blocked.
Page 134: Set Dmz Wan Rules
ProSecure Unified Threat Management (UTM) Appliance Set DMZ WAN Rules The firewall rules for traffic between the DMZ and the Internet are configured on the DMZ WAN Rules screen. The default outbound policy is to block all traffic from and to the Internet. You can then apply firewall rules to allow specific types of traffic either going out from the DMZ to the Internet (outbound) or coming in from the Internet to the DMZ (inbound).
Page 135 ProSecure Unified Threat Management (UTM) Appliance  To delete or disable one or more rules: Select the check box to the left of each rule that you want to delete or disable, or click the Select All table button to select all rules. Click one of the following table buttons: •...
Page 136 ProSecure Unified Threat Management (UTM) Appliance DMZ WAN Inbound Service Rules The Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules are listed. By default, all inbound traffic (from the Internet to the DMZ) is blocked.
Page 137: Set Lan Dmz Rules
ProSecure Unified Threat Management (UTM) Appliance Set LAN DMZ Rules The LAN DMZ Rules screen allows you to create rules that define the movement of traffic between the LAN and the DMZ. The default outbound and inbound policies are to block all traffic between the local LAN and DMZ network.
Page 138 ProSecure Unified Threat Management (UTM) Appliance LAN DMZ Outbound Service Rules You can change the default outbound policy or define rules that specify exceptions to the default outbound policy. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day.
Page 139 ProSecure Unified Threat Management (UTM) Appliance LAN DMZ Inbound Service Rules The Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules are listed. By default, all inbound traffic (from the LAN to the DMZ) is blocked.
Page 140: Inbound Rule Examples
ProSecure Unified Threat Management (UTM) Appliance Inbound Rule Examples LAN WAN Inbound Rule: Host a Local Public Web Server If you host a public web server on your local network, you can define a rule to allow inbound web (HTTP) requests from any outside IP address to the IP address of your web server at any time of the day.
Page 141 Configure Secondary WAN Addresses on page 84.) The following addressing scheme is used to illustrate this procedure: • NETGEAR UTM: WAN IP address. 10.1.0.118 LAN IP address subnet. 192.168.1.1 with subnet 255.255.255.0 DMZ IP address subnet. 192.168.10.1 with subnet 255.255.255.0 •...
Page 142 ProSecure Unified Threat Management (UTM) Appliance Tip: If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ. One of these public IP addresses is used as the primary IP address of the router that provides Internet access to your LAN PCs through NAT.
Page 143 ProSecure Unified Threat Management (UTM) Appliance In the Send to LAN Server field, enter the local IP address of your web server PC (192.168.1.2 in this example). For the multiple WAN port models only: From the WAN Destination IP Address drop-down list, select the web server (the simulated 10.1.0.52 address in this example) that you have defined on a WAN Secondary Addresses screen (see Configure Secondary WAN...
Page 144: Outbound Rule Example
ProSecure Unified Threat Management (UTM) Appliance WARNING: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet. If compromised, the computer can be used to attack your network.
Page 145: Configure Other Firewall Features
ProSecure Unified Threat Management (UTM) Appliance Configure Other Firewall Features You can configure global VLAN rules, configure attack checks, set session limits, and manage the application level gateway (ALG) for SIP sessions. VLAN Rules The VLAN Rules screen allows you to specify inter-VLAN firewall rules (that is, firewall rules for VLANs that are created on the UTM) when inter-VLAN routing is not enabled (see Configure a VLAN Profile on page 96).
Page 146 ProSecure Unified Threat Management (UTM) Appliance Figure 80. Enter the settings as explained in the following table. Table 29. Add VLAN-VLAN Service screen settings Setting Description Service The service or application to be covered by this rule. If the service or application does not display in the list, you need to define it using the Services screen (see Add Customized Services on page 154).
Page 147 ProSecure Unified Threat Management (UTM) Appliance Table 29. Add VLAN-VLAN Service screen settings (continued) Setting Description User Allowed The settings that determine which user or group on the network is affected by this rule. You can select a local user, local group, or customer group. To create a new custom group, select + Create New from the Users Allowed drop-down list.
Page 148: Attack Checks, Vpn Pass-Through, And Multicast Pass-Through
ProSecure Unified Threat Management (UTM) Appliance Attack Checks, VPN Pass-through, and Multicast Pass-through The Attack Checks screen allows you to specify whether or not the UTM should be protected against common attacks in the DMZ, LAN, and WAN networks, and lets you configure VPN pass-through and multicast pass-through.
Page 149 ProSecure Unified Threat Management (UTM) Appliance Table 30. Attack Checks screen settings (continued) Setting Description Block TCP flood Select the Block TCP flood check box to enable the UTM to drop all invalid TCP packets and to protect the UTM from a SYN flood attack. A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN (synchronize) requests to a target system.
Page 150 ProSecure Unified Threat Management (UTM) Appliance Configure Multicast Pass-through  To configure multicast pass-through: Select Network Security > Firewall > IGMP. The IGMP screen displays. (The following figure shows one alternate network as an example.) Figure 82. In the Multicast Pass through section of the screen, select the Yes radio button to enable multicast pass-through.
Page 151: Set Session Limits
ProSecure Unified Threat Management (UTM) Appliance If the interface to which multicast traffic is bound is configured for PPPoE, PPPoA (UTM9S only), or PPTP, you need to add the multicast source address to the Alternate Networks table: a. In the Alternate Networks section of the screen, below the table, enter the following settings: •...
Page 152: Manage The Application Level Gateway For Sip Sessions
ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 31. Session Limit screen settings Setting Description Session Limit User Limit Parameter From the User Limit Parameter drop-down list, select one of the following options: •...
Page 153: Create Services, Qos Profiles, And Bandwidth Profiles
ProSecure Unified Threat Management (UTM) Appliance Figure 84. Select the Enable SIP ALG check box. Click Apply to save your settings. Create Services, QoS Profiles, and Bandwidth Profiles When you create inbound and outbound firewall rules, you use firewall objects such as services, service groups, IP groups (LAN and WAN groups), QoS profiles, bandwidth profiles, traffic meter profiles, and schedules to narrow down the firewall rules: •...
Page 154: Add Customized Services
ProSecure Unified Threat Management (UTM) Appliance Add Customized Services Services are functions performed by server computers at the request of client computers. You can configure up to 125 custom services. For example, web servers serve web pages, time servers serve time and date information, and game hosts serve data about other players’...
Page 155 ProSecure Unified Threat Management (UTM) Appliance Figure 85. In the Add Customer Service section of the screen, enter the settings as explained in the following table: Table 32. Services screen settings Setting Description Name A descriptive name of the service for identification and management purposes. Type From the Type drop-down list, select the Layer 3 protocol that the service uses as its transport protocol:...
Page 156: Create Service Groups
ProSecure Unified Threat Management (UTM) Appliance  To edit a service: In the Custom Services table, click the Edit table button to the right of the service that you want to edit. The Edit Service screen displays: Figure 86. Modify the settings that you wish to change (see the previous table). Click Apply to save your changes.
Page 157 ProSecure Unified Threat Management (UTM) Appliance Figure 87. Under the Custom Service Group table, click the Add table button. The Add Service Group screen displays: Figure 88. In the Name field, enter a name for the service. Use the move buttons (<< and >>) to move services between the Available Services field and the List of Selected Services field to specify the services that you want to be part of the group.
Page 158: Create Ip Groups
ProSecure Unified Threat Management (UTM) Appliance Create IP Groups An IP group contains a collection of individual IP addresses that do not need to be within the same IP address range. You specify an IP group as either a LAN group or WAN group. You use the group as a firewall object to which you apply a firewall rule, that is, you select the group from the LAN Users or WAN Users drop-down list on a screen on which you add or edit a firewall rule.
Page 159 ProSecure Unified Threat Management (UTM) Appliance Figure 90. In the IP Address fields, type an IP address. Click the Add table button to add the IP address to the IP Addresses Grouped table. Repeat the previous two steps to add more IP addresses to the IP Addresses Grouped table.
Page 160: Create Quality Of Service Profiles
ProSecure Unified Threat Management (UTM) Appliance Create Quality of Service Profiles A Quality of Service (QoS) profile defines the relative priority of an IP packet when multiple connections are scheduled for simultaneous transmission on the UTM. A QoS profile becomes active only when it is associated with a nonblocking inbound or outbound firewall rule, and traffic matching the firewall rule is processed by the UTM.
Page 161 ProSecure Unified Threat Management (UTM) Appliance Figure 91. The screen displays the List of QoS Profiles table with the user-defined profiles. Under the List of QoS Profiles table, click the Add table button. The Add QoS Profile screen displays: Figure 92. Enter the settings as explained in the following table.
Page 162: Create Bandwidth Profiles
ProSecure Unified Threat Management (UTM) Appliance Table 33. Add QoS Profile screen settings (continued) Setting Description From the QoS drop-down list, select one of the following traffic classification methods: • IP Precedence. A legacy method that sets the priority in the ToS byte of an IP header.
Page 163 ProSecure Unified Threat Management (UTM) Appliance interface that you specify. For inbound traffic, you can apply bandwidth profiles to a LAN interface for all WAN modes. Bandwidth profiles do not apply to the DMZ interface. When a new connection is established by a device, the device locates the firewall rule corresponding to the connection.
Page 164 ProSecure Unified Threat Management (UTM) Appliance Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays: Figure 94. Enter the settings as explained in the following table: Table 34. Add Bandwidth Profile screen settings Setting Description Profile Name...
Page 165 ProSecure Unified Threat Management (UTM) Appliance Table 34. Add Bandwidth Profile screen settings (continued) Setting Description Policy Type From the Policy Type drop-down list, select how the policy is applied when it is assigned to multiple firewall rules: • Per Policy. The policy limits apply to each firewall rule separately. For example, an outbound maximum bandwidth of 25,000 kbps would apply to each firewall rule to which the policy is assigned.
Page 166: Create Traffic Meter Profiles
ProSecure Unified Threat Management (UTM) Appliance Create Traffic Meter Profiles Traffic meter profiles allow you to measure and control traffic that is downloaded and uploaded by users to whom a firewall rule is assigned. When traffic for a profile has reached its configured limit, you can either log or block the traffic.
Page 167 ProSecure Unified Threat Management (UTM) Appliance Figure 96. Enter the settings as explained in the following table: Table 35. Add Traffic Meter Profile screen settings Setting Description Profile Name A descriptive name of the traffic meter profile for identification and management purposes.
Page 168: Set A Schedule To Block Or Allow Specific Traffic
ProSecure Unified Threat Management (UTM) Appliance Click Apply to save your settings. The new traffic meter profile is added to the List of Traffic Meter Profiles table. You now can select the profile when you create or change a firewall rule.
Page 169 ProSecure Unified Threat Management (UTM) Appliance Figure 98. Enter the settings as explained in the following table: Table 36. Add Schedule screen settings Setting Description Profile Name A name of the schedule for identification and management purposes. Description A description to further help identification for management purposes. Scheduled Days Select one of the following radio buttons: •...
Page 170: Enable Source Mac Filtering
ProSecure Unified Threat Management (UTM) Appliance Table 36. Add Schedule screen settings (continued) Setting Description Scheduled Time of Day Select one of the following radio buttons: • All Day. The schedule is in effect all hours of the selected day or days. •...
Page 171 ProSecure Unified Threat Management (UTM) Appliance  To enable MAC filtering and add MAC addresses to be permitted or blocked: Select Network Security > Address Filter. The Address Filter submenu tabs display, with the Source MAC Filter screen in view. (The following figure shows one address in the MAC Addresses table as an example.) Figure 99.
Page 172: Set Up Ip/Mac Bindings
ProSecure Unified Threat Management (UTM) Appliance Set Up IP/MAC Bindings IP/MAC binding allows you to bind an IP address to a MAC address and the other way around. Some PCs or devices are configured with static addresses. To prevent users from changing their static IP addresses, the IP/MAC binding feature needs to be enabled on the UTM.
Page 173 ProSecure Unified Threat Management (UTM) Appliance Figure 100. Enter the settings as explained in the following table: Table 37. IP/MAC Binding screen settings Setting Description Email IP/MAC Violations Do you want to Select one of the following radio buttons: enable E-mail Logs •...
Page 174: Configure Port Triggering
ProSecure Unified Threat Management (UTM) Appliance  To edit an IP/MAC binding: In the IP/MAC Bindings table, click the Edit table button to the right of the IP/MAC binding that you want to edit. The Edit IP/MAC Binding screen displays. Modify the settings that you wish to change (see the previous table).
Page 175 ProSecure Unified Threat Management (UTM) Appliance  To add a port-triggering rule: Select Network Security > Port Triggering. The Port Triggering screen displays. (The following figure shows a rule in the Port Triggering Rule table as an example.) Figure 101. In the Add Port Triggering Rule section, enter the settings as explained in the following table: Table 38.
Page 176 ProSecure Unified Threat Management (UTM) Appliance  To edit a port-triggering rule: In the Port Triggering Rules table, click the Edit table button to the right of the port-triggering rule that you want to edit. The Edit Port Triggering Rule screen displays. Modify the settings that you wish to change (see the previous table).
Page 177: Configure Universal Plug And Play
ProSecure Unified Threat Management (UTM) Appliance Configure Universal Plug and Play The Universal Plug and Play (UPnP) feature enables the UTM to automatically discover and configure devices when it searches the LAN and WAN. Select Security > UPnP. The UPnP screen displays: Figure 103.
Page 178: Use The Intrusion Prevention System
ProSecure Unified Threat Management (UTM) Appliance Use the Intrusion Prevention System The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in real time, distributed denial-of-service (DDoS) attacks, network attacks, and port scans, and to protect your network from such intrusions. You can set up alerts, block source IP addresses from which port scans are initiated, and drop traffic that carries attacks.
Page 179 ProSecure Unified Threat Management (UTM) Appliance Table 39. IPS screen settings (continued) Setting Description Detect DDoS Detect the action that is taken when the UTM detects a DDoS attack: • Alert. An alert is emailed to the administrator that is specified on the Email Notification screen.
Page 180 ProSecure Unified Threat Management (UTM) Appliance Figure 104. IPS, screen 1 of 2 Firewall Protection...
Page 181 ProSecure Unified Threat Management (UTM) Appliance Figure 105. IPS, screen 2 of 2 Click Apply to save your settings. The following table explains some of the less familiar attack names in the IPS: Table 40. IPS: uncommon attack names Attack Name Description Web-Misc Detects some specific web attack tools, such as the fingerprinting tool and the...
Page 182 ProSecure Unified Threat Management (UTM) Appliance Table 40. IPS: uncommon attack names (continued) Attack Name Description Web-Attacks Detects the web attacks that cannot be placed under other web categories, such as DoS and overflow attacks against specific web services. These web services include IMail Web Calendaring, ZixForum, ScozNet, ScozNews, and other services.
Page 183: Chapter 6 Content Filtering And Optimizing Scans
Content Filtering and Optimizing Scans This chapter describes how to apply the content-filtering features of the UTM and how to optimize scans to protect your network. This chapter contains the following sections: • About Content Filtering and Scans • Configure Email Protection •...
Page 184: Default Email And Web Scan Settings
ProSecure Unified Threat Management (UTM) Appliance Note: For information about how to monitor blocked content and malware threats in real time, see Monitor Real-Time Traffic, Security, and Statistics on page 449. For information about how to view blocked content and malware threats in the logs, see Query the Logs page 478.
Page 185: Configure Email Protection
ProSecure Unified Threat Management (UTM) Appliance Table 41. Default email and web scan settings (continued) Scan type Default scan setting Default action (if applicable) Web content categories Commerce Allowed Drugs and Violence Blocked Education Allowed with the exception of School Cheating Gaming Blocked Inactive Sites...
Page 186: Customize Email Antivirus And Notification Settings
ProSecure Unified Threat Management (UTM) Appliance Figure 106. In the Email section of the screen, select the protocols to scan by selecting the Enable check boxes, and enter the port numbers if different from the default port numbers: • SMTP. Simple Mail Transfer Protocol (SMTP) scanning is enabled by default on port 25.
Page 187 ProSecure Unified Threat Management (UTM) Appliance  To configure the email antivirus settings: Select Application Security > Email Anti-Virus. The Email Anti-Virus screen displays: Figure 107. Content Filtering and Optimizing Scans...
Page 188 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 42. Email Anti-Virus screen settings Setting Description Action SMTP From the SMTP drop-down list, select one of the following actions to be taken when an infected email is detected: •...
Page 189 ProSecure Unified Threat Management (UTM) Appliance Table 42. Email Anti-Virus screen settings (continued) Setting Description Notification Settings Insert Warning into For SMTP email messages, select this check box to insert a warning into the email Email Subject (SMTP) subject line: •...
Page 190: Email Content Filtering
ProSecure Unified Threat Management (UTM) Appliance Table 42. Email Anti-Virus screen settings (continued) Setting Description Subject The default subject line for the notification email is Malware detected! You can change this subject line. Message The warning message informs the sender, the recipient, or both about the name of the malware threat.
Page 191 ProSecure Unified Threat Management (UTM) Appliance  To configure email content filtering: Select Application Security > Email Filters. The Email Filters screen displays: Figure 108. Content Filtering and Optimizing Scans...
Page 192 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 43. Email Filters screen settings Setting Description Filter by Subject Keywords Keywords Enter keywords that should be detected in the email subject line. Use commas to separate different keywords.
Page 193: Protect Against Email Spam
Real-time blacklist. Emails from known spam sources that are collected by blacklist providers are blocked. Distributed spam analysis. Emails that are detected as spam by the NETGEAR Spam Classification Center are either tagged or blocked. Content Filtering and Optimizing Scans...
Page 194 ProSecure Unified Threat Management (UTM) Appliance This order of implementation ensures the optimum balance between spam prevention and system performance. For example, if an email originates from a whitelisted source, the UTM delivers the email immediately to its destination inbox without implementing the other spam-prevention technologies, thereby speeding up mail delivery and conserving the UTM system resources.
Page 195 ProSecure Unified Threat Management (UTM) Appliance  To configure the whitelist and blacklist: Select Application Security > Anti-Spam. The Anti-Spam submenu tabs display, with the Whitelist/Blacklist screen in view. Figure 109. Content Filtering and Optimizing Scans...
Page 196 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 44. Whitelist/Blacklist screen settings Setting Description Sender IP Address (SMTP Only) Whitelist Enter the source IP addresses from which emails can be trusted. Blacklist Enter the source IP addresses from which emails are blocked.
Page 197 ProSecure Unified Threat Management (UTM) Appliance By default, the UTM comes with three pre-defined blacklist providers: Dsbl, Spamhaus, and Spamcop. There is no limit to the number of blacklist providers that you can add to the RBL sources.  To enable the real-time blacklist: Select Application Security >...
Page 198 Note: Unlike other scans, you do not need to configure the spam score because the NETGEAR Spam Classification Center performs the scoring automatically as long as the UTM is connected to the Internet. However, this does mean that the UTM needs to be connected to the Internet for the spam analysis to be performed correctly.
Page 199 ProSecure Unified Threat Management (UTM) Appliance Figure 111. Enter the settings as explained in the following table: Table 45. Distributed Spam Analysis screen settings Setting Description Distributed Spam Analysis SMTP Select the SMTP check box to enable distributed spam analysis for the SMTP protocol. (You can enable distributed spam analysis for both SMTP and POP3.) POP3 Select the POP3 check box to enable distributed spam analysis for the POP3 protocol.
Page 200 Anti-Spam Engine Settings Use a proxy Select this check box if the UTM connects to the Netgear Spam Classification Center (also server to referred to as the Detection Center) over a proxy server. Then specify the following connect to information.
Page 201: Configure Web And Services Protection
ProSecure Unified Threat Management (UTM) Appliance Table 45. Distributed Spam Analysis screen settings (continued) Setting Description Send Quarantine Spam Report Enable To enable the to automatically email a spam report, select the Enable check box, and specify when the reports should be sent. Specify when the reports should be sent by selecting one of the following radio buttons: •...
Page 202: Configure Web Malware Scans
ProSecure Unified Threat Management (UTM) Appliance  To configure the web protocols and ports to scan: Select Application Security > Services. The Services submenu tabs display with the Services screen in view.: Figure 112. In the Web section of the screen, select the protocols to scan by selecting the Enable check boxes, and enter the port numbers if different from the default port numbers: •...
Page 203 ProSecure Unified Threat Management (UTM) Appliance  To configure the web-based malware settings: Select Application Security > HTTP/HTTPS. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view: Figure 113. Enter the settings as explained in the following table: Table 46.
Page 204: Configure Web Content Filtering
184, all requested traffic from any website is allowed. You can specify a message such as Blocked by NETGEAR that is displayed onscreen if a LAN user attempts to access a blocked site (see the Notification Settings section that is described at the bottom of Table 47 on page 208).
Page 205 ProSecure Unified Threat Management (UTM) Appliance The following are keyword blocking examples: If the keyword XXX is specified, the URL www.zzyyqq.com/xxx.html is blocked, as is the newsgroup alt.pictures.XXX. If the keyword .com is specified, only websites with other domain suffixes (such as .edu or .gov) can be viewed.
Page 206 ProSecure Unified Threat Management (UTM) Appliance Note: You can bypass any type of web blocking for trusted URLs by adding the URLs to the whitelist (see Configure Web URL Filtering page 211). Access to the URLs on the whitelist is allowed for PCs in the groups for which file extension, keyword, object, or category blocking, or a combination of these types of web blocking has been enabled.
Page 207 ProSecure Unified Threat Management (UTM) Appliance Figure 115. Content filtering, screen 2 of 3 Content Filtering and Optimizing Scans...
Page 208 ProSecure Unified Threat Management (UTM) Appliance Figure 116. Content filtering, screen 3 of 3 Enter the settings as explained in the following table: Table 47. Content Filtering screen settings Setting Description Content Filtering Log HTTP Traffic Select this check box to log HTTP traffic. For information about how to view the logged traffic, see Query the Logs on page 478.
Page 209 ProSecure Unified Threat Management (UTM) Appliance Table 47. Content Filtering screen settings (continued) Setting Description Block Files with By default, the File Extension field lists the most common file extensions. You can the Following manually add or delete extensions. Use commas to separate different extensions. You Extensions can enter a maximum of 40 file extensions.
Page 210 Lookup Results. If the URL appears to be uncategorized, you can submit it to NETGEAR for analysis. Submit to To submit an uncategorized URL to NETGEAR for analysis, select the category in NETGEAR which you think that the URL needs to be categorized from the drop-down list. Then click the Submit button.
Page 211: Configure Web Url Filtering
UTM displays an HTML warning screen that includes a link to submit a URL misclassifiation. To submit a misclassified or uncategorized URL to NETGEAR for analysis, click the Click here to Report a URL Misclassification link. A second screen opens that allows you to select (from drop-down lists) up to two categories in which you think that the URL could be categorized.
Page 212 ProSecure Unified Threat Management (UTM) Appliance  To configure web URL filtering: Select Application Security > HTTP/HTTPS > URL Filtering. The URL Filtering screen displays. The following figure shows some URLs as examples: Figure 117. Content Filtering and Optimizing Scans...
Page 213 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 48. URL Filtering screen settings Setting Description Whitelist Enable Select this check box to bypass scanning of the URLs that are listed in the URL field.
Page 214 ProSecure Unified Threat Management (UTM) Appliance Table 48. URL Filtering screen settings (continued) Setting Description Delete To delete one or more URLs, highlight the URLs, and click the Delete (continued) table button. Export To export the URLs, click the Export table button, and follow the instructions of your browser.
Page 215: Configure Https (Ssl) Scanning
ProSecure Unified Threat Management (UTM) Appliance Configure HTTPS (SSL) Scanning HTTPS traffic is encrypted traffic that cannot be scanned or the data stream would not be secure. However, the UTM can scan HTTPS traffic that is transmitted through an HTTP proxy.
Page 216 ProSecure Unified Threat Management (UTM) Appliance Figure 119. However, even when a certificate is trusted or still valid, or when the name of a certificate does match the name of the website, a security alert message still displays when a user who is connected to the UTM visits an HTTPS site.
Page 217 ProSecure Unified Threat Management (UTM) Appliance Figure 120. Enter the settings as explained in the following table: Table 49. SSL Settings screen settings Setting Description HTTP Tunneling Select this check box to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default.
Page 218: Manage Digital Certificates For Https Scans
ProSecure Unified Threat Management (UTM) Appliance Table 49. SSL Settings screen settings (continued) Setting Description SSL Settings Select the Allow the UTM to handle SSL connections using SSLv2 check box to allow HTTPS connections using SSLv2, SSLv3, or TLSv1. If this check box is cleared, the UTM allows HTTPS connections using SSLv3 or TLSv1, but not using SSLv2.
Page 219 ProSecure Unified Threat Management (UTM) Appliance Figure 121. The UTM contains a self-signed certificate from NETGEAR. This certificate can be downloaded from the UTM login screen or from the Certificate Management screen for browser import. However, before you deploy the UTM in your network, NETGEAR...
Page 220 Follow the instructions of your browser to save the RootCA.crt file on your computer.  To reload the default NETGEAR certificate: Select the Use NETGEAR default certificate radio button. Click Apply to save your settings.  To import a new certificate: Select the Use imported certificate (PKCS12 format) radio button.
Page 221 ProSecure Unified Threat Management (UTM) Appliance Click the Upload button. Note: If the certificate file is not in the pkcs12 format, the upload fails. Importing a new certificate overwrites any previously imported certificates. Click Apply to save your settings. Manage Trusted HTTPS Certificates To manage trusted certificates, select Web Security >...
Page 222 ProSecure Unified Threat Management (UTM) Appliance  To view details of a trusted certificate: From the Trusted Certificates table, select the certificate. Click View Details. A new screen opens that displays the details of the certificate.  To delete a trusted certificate: From the Trusted Certificates table, select the certificate.
Page 223: Specify Trusted Hosts
ProSecure Unified Threat Management (UTM) Appliance Specify Trusted Hosts You can specify trusted hosts for which the UTM bypasses HTTPS traffic scanning and security certificate authentication. The security certificate is sent directly to the client for authentication, which means that the user does not receive a security alert for trusted hosts. For more information about security alerts, see Manage Self-Signed Certificates page 400.
Page 224: Configure Ftp Scanning
ProSecure Unified Threat Management (UTM) Appliance Table 50. Trusted Hosts screen settings (continued) Setting Description Hosts This field contains the trusted hosts for which scanning is bypassed. To add a host to this field, use the Add Host field or the Import from File tool (see the explanation later in this table). You can add a maximum of 200 URLs.
Page 225 ProSecure Unified Threat Management (UTM) Appliance Figure 126. Enter the settings as explained in the following table: Table 51. FTP screen settings Setting Description Action Action From the FTP drop-down list, select one of the following actions to be taken when an infected FTP file or object is detected: •...
Page 226: Configure Application Control
ProSecure Unified Threat Management (UTM) Appliance Table 51. FTP screen settings (continued) Setting Description Block Files with the Following Extensions By default, the File Extension field lists the most common file extensions. You can manually add or delete extensions. Use commas to separate different extensions. You can enter a maximum of 40 file extensions. The maximum total length of this field, excluding the delimiter commas, is 160 characters.
Page 227 ProSecure Unified Threat Management (UTM) Appliance • Private protocols • Social networks Control is set for entire categories of applications (for example, to block gaming during business hours), for individual applications (for example, to allow Skype but block some other applications), or for a combination of both.
Page 228 ProSecure Unified Threat Management (UTM) Appliance  To configure an application control profile and enable application control: Select Application Security > Application Control. The Application Control screen displays. (The following figure contains an example in the Application Control Profiles table). Figure 127.
Page 229 ProSecure Unified Threat Management (UTM) Appliance Figure 128. Configure the common settings in the upper part of the screen as explained in the following table: Table 52. Common settings on the Add or Edit Application Control Profile screen Setting Description Name A name of the profile for identification and management purposes.
Page 230 ProSecure Unified Threat Management (UTM) Appliance Table 52. Common settings on the Add or Edit Application Control Profile screen Setting Description All Other Known Known applications are the applications that you can select in the lower part of the Applications screen.
Page 231 ProSecure Unified Threat Management (UTM) Appliance In the Active Categories and Individual Applications table, set the policy for each selected category of applications and individual application by clicking the Edit table button to the right of each selection. The Application Control Policy pop-up screen displays. This screen differs for a category of applications (see the next figure) and for an individual application (see and example in Figure 130...
Page 232 ProSecure Unified Threat Management (UTM) Appliance Configure the policy as explained in the following table: Table 53. Application Control Policy pop-up screen settings Setting Description Policy for a category of applications Application Policy From the drop-down list, select the action for the policy of the selected category of applications: •...
Page 233 ProSecure Unified Threat Management (UTM) Appliance Table 53. Application Control Policy pop-up screen settings (continued) Setting Description Bandwidth Profile From the drop-down list, select the bandwidth profile that is assigned to the selected application, or leave the default selection (None). By default, no profile is assigned. For information about bandwidth profiles, see Create Bandwidth Profiles page 162.
Page 234: Set Exception Rules For Web And Application Access
ProSecure Unified Threat Management (UTM) Appliance  To make changes to an existing application control profile: In the Action column to the right of the application control profile, click the Edit table button. The Add or Edit Application Control Profile screen displays (see Figure 128 page 229).
Page 235: Create Custom Categories For Exceptions For Web And
ProSecure Unified Threat Management (UTM) Appliance If you have not created a custom category, an exception rule can apply to either one of the following components: • One built-in application group or built-in individual application • A combination of file extensions and protocols •...
Page 236 ProSecure Unified Threat Management (UTM) Appliance Under the Exceptions table, click the Add table button to specify an exception rule. The Add or Edit Exceptions screen displays. The content of the lower part of the screen depends on the selection of the Category drop-down list, which is by default set to Application. From the Category drop-down list, select the exception category.
Page 237 ProSecure Unified Threat Management (UTM) Appliance • File Extension. Figure 133. • URL FIltering. Figure 134. Content Filtering and Optimizing Scans...
Page 238 ProSecure Unified Threat Management (UTM) Appliance • Web Category. Figure 135. Complete the fields and make your selections from the drop-down lists as explained in the following table: Table 54. Add or Edit Exceptions screen settings Setting Description Action From the drop-down list, select the action that the UTM applies: •...
Page 239 ProSecure Unified Threat Management (UTM) Appliance Table 54. Add or Edit Exceptions screen settings (continued) Setting Description Domain User/Group (continued) All Users Click the Apply button to apply the exception to all users, both authenticated and unauthenticated. Authenticated Click the Apply button to apply the exception to all authenticated users. These are users who have actively logged in to the UTM and who have been authenticated.
Page 240 ProSecure Unified Threat Management (UTM) Appliance Table 54. Add or Edit Exceptions screen settings (continued) Setting Description Domain Local User Do the following: User/Group Search 1. In the Name field, enter a user name. (continued) 2. Click the Lookup button. If the user is found, he or she is listed to the left of the Apply button.
Page 241 ProSecure Unified Threat Management (UTM) Appliance Table 54. Add or Edit Exceptions screen settings (continued) Setting Description Category From the Category drop-down list, select the category to which the action applies. Your (and related selection determines which drop-down lists, fields, radio buttons, and check boxes display information) onscreen.
Page 242 ProSecure Unified Threat Management (UTM) Appliance Table 54. Add or Edit Exceptions screen settings (continued) Setting Description Category URL Filtering The action applies to a URL. The following radio buttons, field, and (and related drop-down list display onscreen. Select a radio button to either enter a information) URL expression or select a custom URL list: (continued)
Page 243: Create Custom Categories For Exceptions For Web And Application Access
ProSecure Unified Threat Management (UTM) Appliance Click one of the following table buttons: • Disable. Disables the rule or rules. The ! status icon changes from a green circle to a gray circle, indicating that the rule is or rules are disabled. (By default, when a rule is added to the table, it is automatically enabled.) •...
Page 244 ProSecure Unified Threat Management (UTM) Appliance From the Category drop-down list, select the exception category. The following three screens display the different options that can be shown onscreen. The content of the upper part of the screen (that is above the Category drop-down list) is the same on all screens. •...
Page 245 ProSecure Unified Threat Management (UTM) Appliance • URL Filtering. Figure 138. Custom categories: URL filtering • Web Category. Figure 139. Custom categories: web categories Complete the fields and make your selections from the drop-down lists as explained in the following table: Table 55.
Page 246 ProSecure Unified Threat Management (UTM) Appliance Table 55. Custom Categories screen settings (continued) Setting Description Category Type From the Category Type drop-down list, select the type of category that you want to create. Your selection determines the content that is displayed onscreen. Application Select the categories of applications and individual applications that you want to include in the custom category by using the following methods:...
Page 247: Set Scanning Exclusions For Ip Addresses And Ports
ProSecure Unified Threat Management (UTM) Appliance Table 55. Custom Categories screen settings (continued) Setting Description Category Type URL Filtering Import from To import a list with URLs into the URLs in this (continued) (continued) File Category field: 1. Click the Browse button and navigate to a file in .txt format that contains line-delimited URLs (that is, one URL per line).
Page 248 ProSecure Unified Threat Management (UTM) Appliance To save resources, you can configure scanning exclusions for IP addresses and ports that you know are secure. For example, if your network includes a web server that hosts web pages that are accessible by anyone on the Internet, the files that are hosted by your web server do not need to be scanned.
Page 249: Chapter 7 Virtual Private Networking Using Ipsec Connections
Virtual Private Networking Using IPSec Connections This chapter describes how to use the IP security (IPSec) virtual private networking (VPN) features of the UTM to provide secure, encrypted communications between your local network and a remote network or computer. This chapter contains the following sections: •...
Page 250 ProSecure Unified Threat Management (UTM) Appliance balancing mode if the IP addresses are static, but mandatory if the WAN IP addresses are dynamic. Virtual Private Networks on page 578 for more information about the IP addressing requirements for VPNs in the dual WAN modes. For information about how to select and configure a Dynamic DNS service for resolving FQDNs, see Configure Dynamic DNS...
Page 251: Use The Ipsec Vpn Wizard For Client And Gateway Configurations
Configurations You can use the IPSec VPN Wizard to configure multiple gateway or client VPN tunnel policies. The following section provides wizard and NETGEAR ProSafe VPN Client software configuration procedures for the following scenarios: • Using the wizard to configure a VPN tunnel between two VPN gateways •...
Page 252 ProSecure Unified Threat Management (UTM) Appliance The Connection Name and Remote IP Type section of the VPN Wizard screen shows the following minor differences for the various UTM models: • Single WAN port models. No WAN selection drop-down list. • Multiple WAN port models.
Page 253 ProSecure Unified Threat Management (UTM) Appliance Figure 145. Select the radio buttons and complete the fields and as explained in the following table: Table 58. IPSec VPN Wizard settings for a gateway-to-gateway tunnel Setting Description About VPN Wizard This VPN tunnel will connect Select the Gateway radio button.
Page 254 ProSecure Unified Threat Management (UTM) Appliance Table 58. IPSec VPN Wizard settings for a gateway-to-gateway tunnel (continued) Setting Description End Point Information What is the Remote WAN’s IP Enter the IP address or Internet name (FQDN) of the WAN interface on the Address or Internet Name? remote VPN tunnel endpoint.
Page 255: Create A Client-To-Gateway Vpn Tunnel
Use the VPN Wizard to Configure the Gateway for a Client Tunnel on page 256. • Use the NETGEAR VPN Client Wizard to Create a Secure Connection on page 258 or Manually Create a Secure Connection Using the NETGEAR VPN Client on page 263.
Page 256 ProSecure Unified Threat Management (UTM) Appliance Use the VPN Wizard to Configure the Gateway for a Client Tunnel  To set up a client-to-gateway VPN tunnel using the VPN Wizard: Select VPN > IPSec VPN > VPN Wizard. The VPN Wizard screen displays (see the following figure, which contains an example for a multiple WAN port model).
Page 257 ProSecure Unified Threat Management (UTM) Appliance Select the radio buttons and complete the fields and as explained in the following table: Table 59. IPSec VPN Wizard settings for a client-to-gateway tunnel Setting Description About VPN Wizard This VPN tunnel will connect Select the VPN Client radio button.
Page 258 Router’s LAN network mask 255.255.255.0 Router’s WAN IP address 10.34.116.22 Use the NETGEAR VPN Client Wizard to Create a Secure Connection The VPN client lets you set up the VPN connection manually (see Manually Create a Secure Connection Using the NETGEAR VPN Client on page 263) or with the integrated Configuration Wizard, which is the easier and preferred method.
Page 259 ProSecure Unified Threat Management (UTM) Appliance Note: Perform these tasks from a PC that has the NETGEAR ProSafe VPN Client installed.  To use the Configuration Wizard to set up a VPN connection between the VPN client and the UTM: Right-click the VPN client icon in your Windows system tray, and select Configuration Panel.
Page 260 ProSecure Unified Threat Management (UTM) Appliance Figure 152. Select the A router or a VPN gateway radio button, and click Next. The VPN tunnel parameters wizard screen (screen 2 of 3) displays. Figure 153. Specify the following VPN tunnel parameters: •...
Page 261 ProSecure Unified Threat Management (UTM) Appliance Click Next. The Configuration Summary wizard screen (screen 3 of 3) displays. Figure 154. This screen is a summary screen of the new VPN configuration. Click Finish. Specify the local and remote IDs: a. In the tree list pane of the Configuration Panel screen, click Gateway (the default name given to the authentication phase).
Page 262 ProSecure Unified Threat Management (UTM) Appliance c. Specify the settings that are explained in the following table. Table 61. VPN client advanced authentication settings Setting Description Advanced features Aggressive Mode Select this check box to enable aggressive mode as the mode of negotiation with the UTM.
Page 263 Manually Create a Secure Connection Using the NETGEAR VPN Client Note: Perform these tasks from a PC that has the NETGEAR ProSafe VPN Client installed. To manually configure a VPN connection between the VPN client and the UTM, create authentication settings (phase 1 settings), create an associated IPSec configuration (phase 2 settings), and then specify the global parameters.
Page 264 ProSecure Unified Threat Management (UTM) Appliance Configure the Authentication Settings (Phase 1 Settings)  To create new authentication settings: Right-click the VPN client icon in your Windows system tray, and select Configuration Panel. The Configuration Panel screen displays. Figure 157. In the tree list pane of the Configuration Panel screen, right-click VPN Configuration, and select New Phase 1.
Page 265 ProSecure Unified Threat Management (UTM) Appliance Note: This is the name for the authentication phase that is used only for the VPN client, not during IKE negotiation. You can view and change this name in the tree list pane. This name needs to be a unique name. The Authentication pane displays in the Configuration Panel screen, with the Authentication tab selected by default.
Page 266 ProSecure Unified Threat Management (UTM) Appliance Click Apply to use the new settings immediately, and click Save to keep the settings for future use. Click the Advanced tab in the Authentication pane. The Advanced pane displays. Figure 160. Specify the settings that are explained in the following table. Table 63.
Page 267 ProSecure Unified Threat Management (UTM) Appliance Table 63. VPN client advanced authentication settings (continued) Setting Description Local and Remote ID Local ID As the type of ID, select DNS from the Local ID drop-down list because you specified FQDN in the UTM configuration. As the value of the ID, enter utm_remote.com as the local ID for the VPN client.
Page 268 ProSecure Unified Threat Management (UTM) Appliance Figure 161. Specify the settings that are explained in the following table. Table 64. VPN client IPSec configuration settings Setting Description VPN Client address Either enter 0.0.0.0 as the IP address, or enter a virtual IP address that is used by the VPN client in the UTM’s LAN;...
Page 269 ProSecure Unified Threat Management (UTM) Appliance Table 64. VPN client IPSec configuration settings (continued) Setting Description Encryption Select 3DES as the encryption algorithm from the drop-down list. Authentication Select SHA-1 as the authentication algorithm from the drop-down list. Mode Select Tunnel as the encapsulation mode from the drop-down list. PFS and Group Select the PFS check box, and then select the DH2 (1024) key group from the drop-down list.
Page 270: Test The Connection And View Connection And Status Information
Test the Connection and View Connection and Status Information Both the NETGEAR ProSafe VPN Client and the UTM provide VPN connection and status information. This information is useful for verifying the status of a connection and troubleshooting problems with a connection.
Page 271 ProSecure Unified Threat Management (UTM) Appliance Perform one of the following tasks: Double-click Gateway-Tunnel. Right-click Gateway-Tunnel, and select Open tunnel. Click Gateway-Tunnel, and press Ctrl+O. Figure 164. • Use the system-tray icon. Right-click the system tray icon, and select Open tunnel ‘Tunnel’.
Page 272: Netgear Vpn Client Status And Log Information
ProSecure Unified Threat Management (UTM) Appliance NETGEAR VPN Client Status and Log Information  To view detailed negotiation and error information on the NETGEAR VPN client: Right-click the VPN client icon in the system tray, and select Console. The VPN Client Console Active screen displays.
Page 273: View The Utm Ipsec Vpn Log
ProSecure Unified Threat Management (UTM) Appliance The Active IPSec SA(s) table lists each active connection with the information that is described in the following table. The default poll interval is 5 seconds. To change the poll interval period, enter a new value in the Poll Interval field, and then click the Set Interval button.
Page 274: Manage Ipsec Vpn Policies
ProSecure Unified Threat Management (UTM) Appliance Manage IPSec VPN Policies After you have used the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name that you selected as the VPN tunnel connection name during the VPN Wizard setup identifies both the VPN policy and IKE policy.
Page 275 ProSecure Unified Threat Management (UTM) Appliance IKE Policies Screen  To access the IKE Policies screen: Select VPN > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies screen in view. (The following figure shows some examples.) Figure 171.
Page 276 ProSecure Unified Threat Management (UTM) Appliance  To delete one or more IKE polices: Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all IKE policies. Click the Delete table button.
Page 277 ProSecure Unified Threat Management (UTM) Appliance Figure 172. Virtual Private Networking Using IPSec Connections...
Page 278 ProSecure Unified Threat Management (UTM) Appliance Complete the fields, select the radio buttons, and make your selections from the drop-down lists as explained in the following table: Table 67. Add IKE Policy screen settings Setting Description Mode Config Record Do you want to use Specify whether or not the IKE policy uses a Mode Config record.
Page 279 ProSecure Unified Threat Management (UTM) Appliance Table 67. Add IKE Policy screen settings (continued) Setting Description Identifier Type From the drop-down list, select one of the following ISAKMP identifiers to be used by the UTM, and then specify the identifier in the Identifier field: •...
Page 280 ProSecure Unified Threat Management (UTM) Appliance Table 67. Add IKE Policy screen settings (continued) Setting Description Authentication Method Select one of the following radio buttons to specify the authentication method: • Pre-shared key. A secret that is shared between the UTM and the remote endpoint.
Page 281 ProSecure Unified Threat Management (UTM) Appliance Table 67. Add IKE Policy screen settings (continued) Setting Description Extended Authentication XAUTH Configuration Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify user account information: Note: For more...
Page 282: Manage Vpn Policies
ProSecure Unified Threat Management (UTM) Appliance Manage VPN Policies You can create two types of VPN policies. When you use the VPN Wizard to create a VPN policy, only the Auto method is available. • Manual. You manually enter all settings (including the keys) for the VPN tunnel on the UTM and on the remote VPN endpoint.
Page 283 ProSecure Unified Threat Management (UTM) Appliance Figure 173. Each policy contains the data that are explained in the following table. These fields are explained in more detail in Table 69 on page 286. Table 68. List of VPN Policies table information Setting Description ! (Status)
Page 284 ProSecure Unified Threat Management (UTM) Appliance  To delete one or more VPN polices: Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all VPN policies. Click the Delete table button.
Page 285 ProSecure Unified Threat Management (UTM) Appliance Figure 174. Virtual Private Networking Using IPSec Connections...
Page 286 ProSecure Unified Threat Management (UTM) Appliance Complete the fields, select the radio buttons and check boxes, and make your selections from the drop-down lists as explained in the following table: Table 69. Add New VPN Policy screen settings Setting Description General Policy Name A descriptive name of the VPN policy for identification and management...
Page 287 ProSecure Unified Threat Management (UTM) Appliance Table 69. Add New VPN Policy screen settings (continued) Setting Description Enable Keepalive Select a radio button to specify if keep-alive is enabled: • Yes. This feature is enabled: Periodically, the UTM sends keep-alive requests (ping packets) to the remote endpoint to keep the tunnel alive.
Page 288 ProSecure Unified Threat Management (UTM) Appliance Table 69. Add New VPN Policy screen settings (continued) Setting Description Encryption Algorithm From the drop-down list, select one of the following five algorithms to negotiate the security association (SA): • DES. Data Encryption Standard (DES). •...
Page 289 ProSecure Unified Threat Management (UTM) Appliance Table 69. Add New VPN Policy screen settings (continued) Setting Description Auto Policy Parameters Note: These fields apply only when you select Auto Policy as the policy type. SA Lifetime The lifetime of the security association (SA) is the period or the amount of transmitted data after which the SA becomes invalid and needs to be renegotiated.
Page 290: Configure Extended Authentication (Xauth)
ProSecure Unified Threat Management (UTM) Appliance  To edit a VPN policy: Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays (see Figure 173 on page 283). In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that you want to edit.
Page 291: Configure Xauth For Vpn Clients
ProSecure Unified Threat Management (UTM) Appliance Configure XAUTH for VPN Clients Once the XAUTH has been enabled, you need to establish user accounts in the user database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or RADIUS-PAP server.
Page 292: User Database Configuration
ProSecure Unified Threat Management (UTM) Appliance User Database Configuration When XAUTH is enabled in an Edge Device configuration, users need to be authenticated either by a local user database account or by an external RADIUS server. Whether or not you use a RADIUS server, you might want some users to be authenticated locally.
Page 293 ProSecure Unified Threat Management (UTM) Appliance Complete the fields and select the radio buttons as explained in the following table: Table 71. RADIUS Client screen settings Setting Description Primary RADIUS Server To enable and configure the primary RADIUS server, select the Yes radio button, and then enter the settings for the three fields to the right.
Page 294: Assign Ip Addresses To Remote Users (Mode Config)
ProSecure Unified Threat Management (UTM) Appliance Assign IP Addresses to Remote Users (Mode Config) To simplify the process of connecting remote VPN clients to the UTM, use the Mode Config feature to automatically assign IP addresses to remote users, including a network access IP address, subnet mask, WINS server, and DNS address.
Page 295: Configure Mode Config Operation On The Utm
ProSecure Unified Threat Management (UTM) Appliance Configure Mode Config Operation on the UTM To configure Mode Config on the UTM, first create a Mode Config record, and then select the Mode Config record for an IKE policy.  To configure Mode Config on the UTM: Select VPN >...
Page 296 ProSecure Unified Threat Management (UTM) Appliance Figure 177. Complete the fields, select the check box, and make your selections from the drop-down lists as explained in the following table: Table 72. Add Mode Config Record screen settings Setting Description Client Pool Record Name A descriptive name of the Mode Config record for identification and management purposes.
Page 297 ProSecure Unified Threat Management (UTM) Appliance Table 72. Add Mode Config Record screen settings (continued) Setting Description WINS Server If there is a WINS server on the local network, enter its IP address in the Primary field. You can enter the IP address of a second WINS server in the Secondary field. DNS Server Enter the IP address of the DNS server that is used by remote VPN clients in the Primary field.
Page 298 ProSecure Unified Threat Management (UTM) Appliance Select VPN > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies screen in view (see Figure 171 on page 275). Under the List of IKE Policies table, click the Add table button. The Add IKE Policy screen displays.
Page 299 ProSecure Unified Threat Management (UTM) Appliance Note: The IKE policy settings that are explained in the following table are specifically for a Mode Config configuration. Table 67 on page 278 explains the general IKE policy settings. Table 73. IKE policy settings for a Mode Config configuration Setting Description Mode Config Record...
Page 300 The period in seconds for which the IKE SA is valid. When the period times out, the next rekeying occurs. The default setting is 28800 seconds (8 hours). However, for a Mode Config configuration, NETGEAR recommends 3600 seconds (1 hour). Enable Dead Peer...
Page 301: Configure The Prosafe Vpn Client For Mode Config Operation
ProSecure Unified Threat Management (UTM) Appliance Table 73. IKE policy settings for a Mode Config configuration (continued) Setting Description Extended Authentication XAUTH Configuration Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify user account information: Note: For more...
Page 302 ProSecure Unified Threat Management (UTM) Appliance Note: Perform these tasks from a PC that has the NETGEAR ProSafe VPN Client installed. To configure the VPN client for Mode Config operation, create authentication settings (phase 1 settings), create an associated IPSec configuration (phase 2 settings), and then specify the global parameters.
Page 303 ProSecure Unified Threat Management (UTM) Appliance Figure 180. Change the name of the authentication phase (the default is Gateway): a. Right-click the authentication phase name. b. Select Rename. c. Type GW_ModeConfig. d. Click anywhere in the tree list pane. Note: This is the name for the authentication phase that is used only for the VPN client, not during IKE negotiation.
Page 304 ProSecure Unified Threat Management (UTM) Appliance Specify the settings that are explained in the following table. Table 74. VPN client authentication settings (Mode Config) Setting Description Interface Select Any from the drop-down list. Remote Gateway Enter the remote IP address or DNS name of the UTM. For example, enter 10.34.116.22.
Page 305 ProSecure Unified Threat Management (UTM) Appliance Specify the settings that are explained in the following table. Table 75. VPN client advanced authentication settings (Mode Config) Setting Description Advanced features Mode Config Select this check box to enable Mode Config. Aggressive Mode Select this check box to enable aggressive mode as the mode of negotiation with the UTM.
Page 306 ProSecure Unified Threat Management (UTM) Appliance Note: This is the name for the IPSec configuration that is used only for the VPN client, not during IPSec negotiation. You can view and change this name in the tree list pane. This name needs to be a unique name. The IPSec pane displays in the Configuration Panel screen, with the IPSec tab selected by default.
Page 307 ProSecure Unified Threat Management (UTM) Appliance Table 76. VPN client IPSec configuration settings (Mode Config) (continued) Setting Description Subnet mask Enter 255.255.255.0 as the remote subnet mask of the UTM that opens the VPN tunnel. This is the LAN IP subnet mask that you specified in the Local Subnet Mask field on the Add Mode Config Record screen of the UTM.
Page 308: Test The Mode Config Connection
ProSecure Unified Threat Management (UTM) Appliance Specify the following default lifetimes in seconds to match the configuration on the UTM: • Authentication (IKE), Default. Enter 3600 seconds. • Encryption (IPSec), Default. Enter 3600 seconds. Select the Dead Peer Detection (DPD) check box, and configure the following DPD settings to match the configuration on the UTM: •...
Page 309: Modify Or Delete A Mode Config Record
ProSecure Unified Threat Management (UTM) Appliance Figure 187. From the client PC, ping a computer on the UTM LAN. Modify or Delete a Mode Config Record Note: Before you modify or delete a Mode Config record, make sure it is not used in an IKE policy.
Page 310: Configure Keep-Alives And Dead Peer Detection
ProSecure Unified Threat Management (UTM) Appliance Configure Keep-Alives and Dead Peer Detection In some cases, you might not want a VPN tunnel to be disconnected when traffic is idle, for example, when client-server applications over the tunnel cannot tolerate the tunnel establishment time.
Page 311: Configure Dead Peer Detection
ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 77. Keep-alive settings Setting Description General Enable Keepalive Select the Yes radio button to enable the keep-alive feature. Periodically, the UTM sends keep-alive requests (ping packets) to the remote endpoint to keep the tunnel alive.
Page 312: Configure Netbios Bridging With Ipsec Vpn
ProSecure Unified Threat Management (UTM) Appliance In the IKE SA Parameters section of the screen, locate the DPD fields, and complete the fields as explained the following table: Table 78. Dead peer Detection settings Setting Description IKE SA Parameters Enable Dead Peer Select the Yes radio button to enable DPD.
Page 313: Configure The Pptp Server
ProSecure Unified Threat Management (UTM) Appliance Figure 190. Select the Enable NetBIOS check box. Click Apply to save your settings. Configure the PPTP Server As an alternate solution to IPSec VPN and L2TP tunnels, you can configure a Point-to-Point Tunnel Protocol (PPTP) server on the UTM to allow users to access PPTP clients over PPTP tunnels.
Page 314 ProSecure Unified Threat Management (UTM) Appliance  To enable the PPTP server and configure the PPTP server pool, authentication, and encryption: Select VPN > PPTP Server. The PPTP Server screen displays: Figure 191. Enter the settings as explained in the following table: Table 79.
Page 315: View The Active Pptp Users
ProSecure Unified Threat Management (UTM) Appliance Table 79. PPTP Server screen settings (continued) Setting Description Authentication Select one or more of the following authentication methods to authenticate PPTP users: • PAP. RADIUS-Password Authentication Protocol (PAP). • CHAP. RADIUS-Challenge Handshake Authentication Protocol (CHAP). •...
Page 316: Configure The L2Tp Server
ProSecure Unified Threat Management (UTM) Appliance The List of PPTP Active Users table lists each active connection with the information that is described in the following table. Table 80. PPTP Active Users screen information Item Description Username The name of the PPTP user that you have defined (see Configure User Accounts page 378).
Page 317 ProSecure Unified Threat Management (UTM) Appliance Figure 193. Enter the settings as explained in the following table: Table 81. L2TP Server screen settings Setting Description L2TP Server Enable L2TP Server To enable the L2TP server, select the Enable check box. Complete the following fields: Start IP Address Type the first IP address of the address pool.
Page 318: View The Active L2Tp Users
ProSecure Unified Threat Management (UTM) Appliance View the Active L2TP Users  To view the active L2TP tunnel users: Select Monitoring > Active Users & VPNs > L2TP Active Users. The L2TP Active Users screen displays: Figure 194. The List of L2TP Active Users table lists each active connection with the information that is described in the following table.
Page 319: Chapter 8 Virtual Private Networking Using Ssl Connections
Virtual Private Networking Using SSL Connections The UTM provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for a preinstalled VPN client on their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, the UTM can authenticate itself to an SSL-enabled client, such as a standard web browser.
Page 320: Use The Ssl Vpn Wizard For Client Configurations
Configure and Edit SSL Connections on page 336.  To start the SSL VPN Wizard: Select Wizards from the main navigation menu. The Welcome to the Netgear Configuration Wizard screen displays: Figure 195. Select the SSL VPN Wizard radio button.
Page 321: Ssl Vpn Wizard Step 1 Of 6 (Portal Settings)
ProSecure Unified Threat Management (UTM) Appliance SSL VPN Wizard Step 1 of 6 (Portal Settings) Figure 196. Note that the previous figure contains a layout example. Enter the settings as explained in the following table, and then click Next to go the following screen. Note: If you leave the Portal Layout Name field blank, the SSL VPN Wizard uses the default portal layout.
Page 322 <meta http-equiv=”pragma” content=”no-cache”> <meta http-equiv=”cache-control” content=”no-cache”> <meta http-equiv=”cache-control” content=”must-revalidate”> Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-date web pages, themes, and data being stored in a user’s web browser cache. ActiveX web Select this check box to enable ActiveX cache control to be loaded when users log in to the cache cleaner SSL VPN portal.
Page 323: Ssl Vpn Wizard Step 2 Of 6 (Domain Settings)
ProSecure Unified Threat Management (UTM) Appliance Table 83. SSL VPN Wizard Step 1 of 6 screen settings (portal settings) (continued) Setting Description SSL VPN Portal Pages to Display VPN Tunnel page To provide full network connectivity, select this check box. Port Forwarding To provide access to specific defined network services, select this check box.
Page 324 ProSecure Unified Threat Management (UTM) Appliance Note: If you leave the Domain Name field blank, the SSL VPN Wizard uses the default domain name geardomain. You need to enter a name other than geardomain in the Domain Name field to enable the SSL VPN Wizard to create a new domain.
Page 325 ProSecure Unified Threat Management (UTM) Appliance Table 84. SSL VPN Wizard Step 2 of 6 screen settings (domain settings) (continued) Setting Description Authentication Type • WIKID-CHAP. WiKID Systems CHAP. Complete the following fields: (continued) Authentication Server Authentication Secret Radius Port Repeat Timeout •...
Page 326 ProSecure Unified Threat Management (UTM) Appliance Table 84. SSL VPN Wizard Step 2 of 6 screen settings (domain settings) (continued) Setting Description Portal The portal that you selected on the first SSL VPN Wizard screen. You cannot change the portal on this screen; the portal is displayed for information only. Authentication Server The server IP address or server name of the authentication server for any type of authentication other than authentication through the local user database.
Page 327 ProSecure Unified Threat Management (UTM) Appliance Table 84. SSL VPN Wizard Step 2 of 6 screen settings (domain settings) (continued) Setting Description Group Members This field is optional. The attribute that is used to identify the members of a group. Attribute For an Active Directory, enter member.
Page 328: Ssl Vpn Wizard Step 3 Of 6 (User Settings)
ProSecure Unified Threat Management (UTM) Appliance SSL VPN Wizard Step 3 of 6 (User Settings) Figure 198. Note that the previous figure contains an example. Enter the settings as explained in the following table, and then click Next to go the following screen. Note: Do not enter an existing user name in the User Name field;...
Page 329: Ssl Vpn Wizard Step 4 Of 6 (Client Addresses And Routes)
ProSecure Unified Threat Management (UTM) Appliance SSL VPN Wizard Step 4 of 6 (Client Addresses and Routes) Figure 199. Note that the previous figure contains an example. Enter the settings as explained in the following table, and then click Next to go the following screen. Note: Do not enter an existing route for a VPN tunnel client in the Destination Network and Subnet Mask fields;...
Page 330: Ssl Vpn Wizard Step 5 Of 6 (Port Forwarding)
ProSecure Unified Threat Management (UTM) Appliance Table 86. SSL VPN Wizard Step 4 of 6 screen settings (client addresses and routes) (continued) Setting Description Primary DNS Server The IP address of the primary DNS server that is assigned to the VPN tunnel clients.
Page 331 ProSecure Unified Threat Management (UTM) Appliance Note: Do not enter an IP address that is already in use in the upper Local Server IP Address field or a port number that is already in use in the TCP Port Number field; otherwise, the SSL VPN Wizard will fail and the UTM will reboot to recover its configuration.
Page 332: Ssl Vpn Wizard Step 6 Of 6 (Verify And Save Your Settings)
ProSecure Unified Threat Management (UTM) Appliance For more information about port-forwarding settings, see Configure Applications for Port Forwarding on page 341. SSL VPN Wizard Step 6 of 6 (Verify and Save Your Settings) Verify your settings; if you need to make any changes, click the Back action button (if necessary several times) to return to the screen on which you want to make changes.
Page 333: Access The New Ssl Portal Login Screen
ProSecure Unified Threat Management (UTM) Appliance Click Apply to save your settings. If the settings are accepted by the UTM, a message Operation Succeeded displays at the top of the screen, and the Welcome to the Netgear Configuration Wizard screen displays again (see Figure 195 on page 320).
Page 334 ProSecure Unified Threat Management (UTM) Appliance Click Login. The default User Portal screen displays. The format of the User Portal screen depends on the settings that you selected on the first screen of the SSL VPN Wizard (see SSL VPN Wizard Step 1 of 6 (Portal Settings) on page 321): •...
Page 335: View The Utm Ssl Vpn Connection Status
Note: The first time that a user attempts to connect through the VPN tunnel, the NETGEAR SSL VPN tunnel adapter is installed; the first time that a user attempts to connect through the port-forwarding tunnel, the NETGEAR port-forwarding engine is installed.
Page 336: Manually Configure And Edit Ssl Connections
ProSecure Unified Threat Management (UTM) Appliance Figure 206. Manually Configure and Edit SSL Connections To manually configure and activate SSL connections, perform the following six basic steps in the order that they are presented: Edit the existing SSL portal or create a new one (see Create the Portal Layout page 337).
Page 337: Create The Portal Layout
ProSecure Unified Threat Management (UTM) Appliance Create a list of servers and services that can be made available through user, group, or global policies. You can also associate fully qualified domain names (FQDNs) with these servers. The UTM resolves the names to the servers using the list you have created. For SSL VPN tunnel service, configure the virtual network adapter (see Configure the SSL VPN Client...
Page 338 ProSecure Unified Threat Management (UTM) Appliance  To create a new SSL VPN portal layout: Select VPN > SSL VPN > Portal Layouts. The Portal Layouts screen displays. (The following figure shows layouts in the List of Layouts table as an example. The IP addresses that are shown in this figure do not relate to other figures and examples in this manual.
Page 339 ProSecure Unified Threat Management (UTM) Appliance Figure 208. Complete the fields and select the check boxes as explained in the following table: Table 88. Add Portal Layout screen settings Setting Description Portal Layout and Theme Name Portal Layout Name A descriptive name for the portal layout. This name is part of the path of the SSL VPN portal URL.
Page 340 <meta http-equiv=”pragma” content=”no-cache”> <meta http-equiv=”cache-control” content=”no-cache”> <meta http-equiv=”cache-control” content=”must-revalidate”> Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-date web pages, themes, and data being stored in a user’s web browser cache. ActiveX web cache...
Page 341: Configure Domains, Groups, And Users
ProSecure Unified Threat Management (UTM) Appliance  To edit a portal layout: On the Portal Layouts screen (see Figure 207 on page 338), click the Edit button in the Action column for the portal layout that you want to modify. The Edit Portal Layout screen displays.
Page 342 ProSecure Unified Threat Management (UTM) Appliance Figure 209. In the Add New Application for Port Forwarding section of the screen, specify information in the following fields: • IP Address. The IP address of an internal server or host computer that a remote user has access to.
Page 343 ProSecure Unified Threat Management (UTM) Appliance Table 89. Port-forwarding applications/TCP port numbers (continued) TCP application Port number Terminal Services 3389 VNC (virtual network computing) 5900 or 5800 a. Users can specify the port number together with the host name or IP address.
Page 344: Configure The Ssl Vpn Client
ProSecure Unified Threat Management (UTM) Appliance  To delete a name from the List of Configured Host Names for Port Forwarding table: Select the check box to the left of the name that you want to delete. Click the Delete table button in the Action column. Configure the SSL VPN Client The SSL VPN client on the UTM assigns IP addresses to remote VPN tunnel clients.
Page 345 ProSecure Unified Threat Management (UTM) Appliance  To define the client IP address range: Select VPN > SSL VPN > SSL VPN Client. The SSL VPN Client screen displays: Figure 210. Select the check box and complete the fields as explained in the following table: Table 90.
Page 346 ProSecure Unified Threat Management (UTM) Appliance Table 90. SSL VPN Client screen settings (continued) Setting Description Client Address Range Begin The first IP address of the IP address range that you want to assign to the VPN tunnel clients. Client Address Range End The last IP address of the IP address range that you want to assign to the VPN tunnel clients.
Page 347: Use Network Resource Objects To Simplify Policies
Defining network resources is optional; smaller organizations can choose to create access policies using individual IP addresses or IP networks rather than predefined network resources. But for most organizations, NETGEAR recommends that you use network resources. If your server or network configuration changes, you can perform an update quickly by using network resources instead of individually updating all of the user and group policies.
Page 348 ProSecure Unified Threat Management (UTM) Appliance  To delete one or more network resources: Select the check box to the left of each network resource that you want to delete, or click the Select All table button to select all network resources. Click the Delete table button.
Page 349: Configure User, Group, And Global Policies
ProSecure Unified Threat Management (UTM) Appliance Table 91. Resources screen settings to edit a resource (continued) Setting Description Service The SSL service that is assigned to the resource. You cannot modify the service after you have assigned it to the resource on the first Resources screen.
Page 350 ProSecure Unified Threat Management (UTM) Appliance Network resources are prioritized just like other address ranges. However, the prioritization is based on the individual address or address range, not the entire network resource. For example, assume the following global policy configuration: •...
Page 351: View Policies
ProSecure Unified Threat Management (UTM) Appliance View Policies  To view the existing policies: Select VPN > SSL VPN. The SSL VPN submenu tabs display, with the Policies screen in view. (The following figure shows some examples.) Figure 213. Make your selection from the following Query options: •...
Page 352 ProSecure Unified Threat Management (UTM) Appliance Figure 214. Select the radio buttons, complete the fields, and make your selection from the drop-down lists as explained in the following table: Table 92. Add SSL VPN Policy screen settings Setting Description Policy For Select one of the following radio buttons to specify the type of SSL VPN policy: •...
Page 353 ProSecure Unified Threat Management (UTM) Appliance Table 92. Add SSL VPN Policy screen settings (continued) Setting Description Apply Network Policy Name A descriptive name of the SSL VPN policy for identification and Policy For Resource management purposes. (continued) Defined From the drop-down list, select a network resource that you Resources have defined on the Resources screen (see Use Network...
Page 354 ProSecure Unified Threat Management (UTM) Appliance Table 92. Add SSL VPN Policy screen settings (continued) Setting Description Apply IP Network Service From the drop-down list, select the service to which the SSL Policy For (continued) VPN policy is applied: (continued) •...
Page 355 ProSecure Unified Threat Management (UTM) Appliance  To delete one or more SSL VPN policies: On the Policies screen (see Figure 213 on page 351), select the check box to the left of each SSL VPN policy that you want to delete, or click the Select All table button to select all policies.
Page 356: Chapter 9 Managing Users, Authentication, And Vpn Certificates
Managing Users, Authentication, and VPN Certificates This chapter describes how to manage users, authentication, and security certificates for IPSec VPN and SSL VPN. This chapter contains the following sections: • Authentication Process and Options • Configure Authentication Domains, Groups, and Users •...
Page 357 ProSecure Unified Threat Management (UTM) Appliance Except in the case of IPSec VPN users, when you create a user account, you need to specify a group. When you create a group, you need to specify a domain. The UTM support security policies that are based on an Active Directory with single sign-on (SSO) through the use of the DC agent and additional Lightweight Directory Access Protocol (LDAP) configuration options (see Configure Authentication Domains, Groups, and Users...
Page 358: Configure Authentication Domains, Groups, And Users
Users with administrative and guest privileges on the UTM need to log in through the NETGEAR Configuration Manager Login screen (see the following figure), where they are authenticated through the UTM’s local user database. These users need to provide their user...
Page 359 The lower part of the NETGEAR Configuration Manager Login screen (see the previous figure) provides a User Portal Login Link, but you would typically provide users a direct link to the User Portal Login screen instead of letting them pass through the NETGEAR Configuration Manager Login screen.
Page 360 ProSecure Unified Threat Management (UTM) Appliance Figure 216. Note: The first time that a user remotely connects to a UTM with a browser through an SSL connection, he or she might get a warning message about the SSL certificate. The user can follow the directions of his or her browser to accept the SSL certificate, or import the UTM’s root certificate by selecting the link at the bottom of the User Portal Login screen.
Page 361 The user needs to know how to return to the User Portal Login screen. The administrator needs to provide the User Portal Login URL: https://<IP_address>/~common/cgi-bin/user_login.pl or https://<FullyQualifiedDomainName>/~common/cgi-bin/user_login.pl Alternately, the administrator can provide the NETGEAR Configuration Manager Login screen, from which the user can access the User Portal Login screen: https://<IP_address> or https://<FullyQualifiedDomainName>...
Page 362: Active Directories And Ldap Configurations
ProSecure Unified Threat Management (UTM) Appliance Active Directories and LDAP Configurations Note: For an overview of the authentication options that the UTM supports, Authentication Process and Options on page 356. The UTM supports security policies that are based on an Active Directory with single sign-on (SSO) through the use of the DC agent (see DC Agent on page 387) and additional LDAP...
Page 363 ProSecure Unified Threat Management (UTM) Appliance Another workaround is to use a specific search name or a name with a wildcard in the lookup process, so that the subset of the entire list is returned in the lookup result. How to Bind a DN in an Active Directory Configuration Understanding how to bind a distinguished name (DN) in an Active Directory (AD) configuration might be of help when you are specifying the settings for the AD domains on the UTM.
Page 364 Select a previously configured portal from the Select Portal drop-down list. Enter 192.168.35.115 in the Authentication Server field. Enter the company information (for example, dc=netgear,dc=com) in the Active Directory Domain field. To bind the user Jamie Hanson to the AD server for authentication on the UTM, use one of the following two formats in the Bind DN field of the Add Domain screen: •...
Page 365: Configure Domains
ProSecure Unified Threat Management (UTM) Appliance Figure 220. • The Windows account name in email format such as jhanson@testAD.com. (The following figure shows only the Bind DN field.) Figure 221. Complete the remaining fields and drop-down list as needed. Click Apply to save your settings. Configure Domains The domain determines the authentication method to be used for associated users.
Page 366 ProSecure Unified Threat Management (UTM) Appliance Create and Delete Domains  To create a domain: Select Users > Domains. The Domains screen displays. (The following figure shows the UTM’s default domain—geardomain—and, as an example, other domains in the List of Domains table.) Figure 222.
Page 367 ProSecure Unified Threat Management (UTM) Appliance Figure 223. Enter the settings as explained in the following table: Table 94. Add Domain screen settings Setting Description Domain Name A descriptive (alphanumeric) name of the domain for identification and management purposes. Authentication Type From the drop-down list, select the authentication method that the UTM applies: •...
Page 368 ProSecure Unified Threat Management (UTM) Appliance Table 94. Add Domain screen settings (continued) Setting Description Authentication Type • Radius-CHAP. RADIUS Challenge Handshake Authentication Protocol (continued) (CHAP). Complete the following fields: Authentication Server Note: If you select Authentication Secret any type of RADIUS Radius Port authentication, make Repeat...
Page 369 ProSecure Unified Threat Management (UTM) Appliance Table 94. Add Domain screen settings (continued) Setting Description Authentication Type • NT Domain. Microsoft Windows NT Domain. Complete the following fields: (continued) Authentication Server Workgroup • Active Directory. Microsoft Active Directory. Complete the following fields, and make a selection from the LDAP Encryption drop-down list: Authentication Server Active Directory Domain...
Page 370 ProSecure Unified Threat Management (UTM) Appliance Table 94. Add Domain screen settings (continued) Setting Description Bind DN The LDAP or Active Directory DN that is required to access the LDAP or Active Directory authentication server. This should be a user in the LDAP or Active Directory directory who has read access to all the users that you would like to import into the UTM.
Page 371 ProSecure Unified Threat Management (UTM) Appliance Table 94. Add Domain screen settings (continued) Setting Description Repeat The period in seconds that the UTM waits for a response from a RADIUS server. Timeout The maximum number of times that the UTM attempts to connect to a RADIUS server.
Page 372: Configure Groups
ProSecure Unified Threat Management (UTM) Appliance Configure Groups The use of groups simplifies the configuration of VPN policies when different sets of users have different restrictions and access controls. It also simplifies the configuration of web access exception rules. Like the default domain of the UTM, the default group is also named geardomain.
Page 373 ProSecure Unified Threat Management (UTM) Appliance Figure 224. In the Add New Group section of the screen, enter the settings as explained in the following table: Table 95. Groups screen settings Setting Description Name A descriptive (alphanumeric) name of the group for identification and management purposes.
Page 374 ProSecure Unified Threat Management (UTM) Appliance Note: You cannot delete a default group such as one that was automatically created when you specified a new domain on the second SSL VPN Wizard screen (see SSL VPN Wizard Step 2 of 6 (Domain Settings) on page 323).
Page 375: Configure Custom Groups
ProSecure Unified Threat Management (UTM) Appliance Configure Custom Groups After you have specified groups and users (see Configure Authentication Domains, Groups, and Users on page 358), you can create up to 200 custom groups, each of which can include a combination of local groups and local users, groups and users that are defined by their IP addresses, LDAP groups and users, and RADIUS groups and users.
Page 376 ProSecure Unified Threat Management (UTM) Appliance Figure 227. Complete the fields and make your selections from the drop-down lists as explained in the following table: Table 96. Custom Groups screen settings Setting Description Name A name of the custom group for identification and management purposes. Brief A description of the custom group for identification and management purposes.
Page 377 ProSecure Unified Threat Management (UTM) Appliance Table 96. Custom Groups screen settings (continued) Setting Description Local Groups Do the following: Users/Groups 1. From the Name drop-down list, select a local group. to this group 2. Click the Add button to add the selected local group to the custom group.
Page 378: Configure User Accounts
ProSecure Unified Threat Management (UTM) Appliance Table 96. Custom Groups screen settings (continued) Setting Description RADIUS User Do the following: Users/Groups 1. From the Domain drop-down list, select a RADIUS domain. to this group 2. From the VLAN ID/Name drop-down list, select a VLAN ID or VLAN (continued) name.
Page 379 SSL VPN User. A user who can log in only to the SSL VPN portal. • IPSEC VPN User. A user who can make an IPSec VPN connection only through a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see Configure Extended Authentication (XAUTH) on page 290).
Page 380 SSL VPN User. User who can log in only to the SSL VPN portal. • IPSEC VPN User. User who can make an IPSec VPN connection only through a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see Configure Extended Authentication (XAUTH) on page 290).
Page 381: Set User Login Policies
ProSecure Unified Threat Management (UTM) Appliance Table 97. Add User screen settings (continued) Setting Description Select Group The drop-down list shows the groups that are listed on the Group screen. From the drop-down list, select the group to which the user is assigned. For information about how to configure groups, see Configure Groups on page 372.
Page 382 ProSecure Unified Threat Management (UTM) Appliance Configure Login Policies  To configure user login policies: Select Users > Users. The Users screen displays (see Figure 228 on page 379). In the Action column of the List of Users table, click the Policies table button for the user for which you want to set login policies.
Page 383 ProSecure Unified Threat Management (UTM) Appliance Figure 231. In the Defined Addresses Status section of the screen, select one of the following radio buttons: • Deny Login from Defined Addresses. Deny logging in from the IP addresses in the Defined Addresses table. •...
Page 384 ProSecure Unified Threat Management (UTM) Appliance Repeat Step 6 Step 7 for any other addresses that you want to add to the Defined Addresses table.  To delete one or more addresses: In the Defined Addresses table, select the check box to the left of each address that you want to delete, or click the Select All table button to select all addresses.
Page 385: Change Passwords And Other User Settings
All other users have read-only access. Note: The default administrator and default guest passwords for the web management interface are both password. NETGEAR recommends that you change the password for the administrator account to a more secure password, and that you configure a separate secure password for the guest account.
Page 386 SSL VPN User. User who can log in only to the SSL VPN portal. • IPSEC VPN User. User who can make an IPSec VPN connection only through a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see Configure Extended Authentication (XAUTH) on page 290).
Page 387: Dc Agent
ProSecure Unified Threat Management (UTM) Appliance Table 99. Edit User screen settings (continued) Setting Description Check to Edit Select this check box to make the password fields accessible to modify the password. Password Enter Your Password Enter the old password. New Password Enter the new password.
Page 388 ProSecure Unified Threat Management (UTM) Appliance Requirements for the ProSecure DC Agent Software and DC Agent Server Note the following requirements for the ProSecure DC agent software and domain controller (DC) servers: • If the DC server is located behind a firewall or there is a firewall on the DC server, ensure that the firewall does not block the server’s listening port.
Page 389 ProSecure Unified Threat Management (UTM) Appliance  To download ProSecure DC Agent software and add a DC agent: Select Users > DC Agent. The DC Agent screen displays: Figure 234. Under the List of DC Agents table, click the Download/Install link to download the ProSecure DC Agent software (that is, the dc_agent.mis file).
Page 390 ProSecure Unified Threat Management (UTM) Appliance On the DC Agent screen (see Figure 234 on page 389), complete the fields and make your selections from the drop-down lists as explained in the following table: Table 100. DC Agent screen settings Setting Description Domain...
Page 391 ProSecure Unified Threat Management (UTM) Appliance b. Click the Add table button to add a new domain. The Add Domain screen displays: Figure 236. c. Enter the following settings: • In the Domain Name field, enter Test_Domain. • From the Authentication Type drop-down list, select Active Directory. •...
Page 392 ProSecure Unified Threat Management (UTM) Appliance Add a new DC agent on the UTM50: a. Select Users > DC Agent. The DC Agent screen displays: Figure 237. b. In the Domain field, enter Test_Domain. c. In the Action column, click Add. Add the IP address of the UTM50 on the ProSecure DC Agent control panel: a.
Page 393: Configure Radius Vlans
ProSecure Unified Threat Management (UTM) Appliance Configure RADIUS VLANs You can use a RADIUS virtual LAN (VLAN) to set web access exceptions and provide an added layer of security.  To do so, follow this procedure: Specify a RADIUS server (see RADIUS Client Configuration on page 292).
Page 394: Configure Global User Settings
ProSecure Unified Threat Management (UTM) Appliance Click the Add table button. The new VLAN is added to the List of VLAN table. To delete a user from the List of VLAN table, click the Delete table button in the Action column for the VLAN that you want to delete.
Page 395: View And Log Out Active Users
ProSecure Unified Threat Management (UTM) Appliance Click Apply to save the session settings. Locate the Users Portal Login Settings section on screen. Specify the default domain settings: • From the Default Domain drop-down list, select a domain that you previously configured on the Domain screen (see Configure Domains on page 365).
Page 396 ProSecure Unified Threat Management (UTM) Appliance  To view all or selected users: On the Active Users screen (see the previous figure), select one of the following radio buttons: • View All. This selection returns all active users after you click the Search button. •...
Page 397: Manage Digital Certificates For Vpn Connections
ProSecure Unified Threat Management (UTM) Appliance The List of Users table displays the following fields: • IP Address. The IP address that is associated with the user. • Domain. The domain to which the user belongs. • User. The user name. •...
Page 398: Vpn Certificates Screen
The UTM contains a self-signed certificate from NETGEAR. This certificate can be downloaded from the UTM login screen for browser import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA prior to deploying the UTM in your network.
Page 399: Manage Ca Certificates
ProSecure Unified Threat Management (UTM) Appliance • Certificate Revocation Lists (CRL) table. Contains the lists with certificates that have been revoked and are no longer valid, that were issued by CAs, and that you uploaded. Note, however, that the table displays only the active CAs and their critical release dates. (see Manage the Certificate Revocation List on page 404).
Page 400: Manage Self-Signed Certificates
ProSecure Unified Threat Management (UTM) Appliance  To delete one or more digital certificates: In the Trusted Certificates (CA Certificate) table, select the check box to the left of each digital certificate that you want to delete, or click the Select All table button to select all digital certificates.
Page 401 ProSecure Unified Threat Management (UTM) Appliance  To generate a new CSR file, obtain a digital certificate from a CA, and upload it to the UTM: Select VPN > Certificates. The Certificates screen displays. The following figure shows the middle section of the screen with the Active Self Certificates section, Generate Self Certificate Request section, and Self Certificate Requests section.
Page 402 ProSecure Unified Threat Management (UTM) Appliance Table 102. Generate self-signed certificate request settings (continued) Setting Description Hash Algorithm From the drop-down list, select one of the following hash algorithms: • MD5. A 128-bit (16-byte) message digest, slightly faster than SHA-1. •...
Page 403 ProSecure Unified Threat Management (UTM) Appliance Copy the contents of the Data to supply to CA text field into a text file, including all of the data contained from “-----BEGIN CERTIFICATE REQUEST-----” to “-----END CERTIFICATE REQUEST-----.” Submit your SCR to a CA: a.
Page 404: Manage The Certificate Revocation List
ProSecure Unified Threat Management (UTM) Appliance Manage the Certificate Revocation List A Certificate Revocation List (CRL) file shows digital certificates that have been revoked and are no longer valid. Each CA issues its own CRLs. It is important that you keep your CRLs up-to-date.
Page 405: Chapter 10 Network And System Management
Network and System Management This chapter describes the tools for managing the network traffic to optimize its performance and the system management features of the UTM. This chapter contains the following sections: • Performance Management • System Management • Connect to a ReadyNAS and Configure Quarantine Settings Performance Management Performance management consists of controlling the traffic through the UTM so that the necessary traffic gets through when there is a bottleneck.
Page 406: Features That Reduce Traffic
ProSecure Unified Threat Management (UTM) Appliance In practice, the WAN-side bandwidth capacity is much lower when DSL or cable modems are used to connect to the Internet. At 1.5 Mbps, the WAN ports support the following traffic rates: • Load balancing mode (multiple WAN port models only). 3 Mbps (two WAN ports at 1.5 Mbps each), except for the UTM150, which has four WAN ports and therefore supports up to 6 Mbps.
Page 407 ProSecure Unified Threat Management (UTM) Appliance When you define outbound firewall rules, you can further refine their application according to the following criteria: • Services. You can specify the services or applications, or groups of services or applications to be covered by an outbound rule. If the desired service or application does not display in the list, you need to define it using the Services screen (see Service-Based Rules...
Page 408: Content Filtering
ProSecure Unified Threat Management (UTM) Appliance Content Filtering If you want to reduce traffic by preventing undesired emails from reaching their destinations or by preventing access to certain sites on the Internet, you can use the UTM’s content-filtering feature. By default, this feature is disabled; all requested traffic from any website is allowed with the exception of web content categories that are mentioned in Default Email and Web Scan Settings...
Page 409: Features That Increase Traffic
ProSecure Unified Threat Management (UTM) Appliance For these features (with the exception of web object blocking and setting the size of files to be scanned), you can set schedules to specify when web content is filtered (see Configure Web Content Filtering on page 204), and configure exceptions for groups (see Set Exception Rules for Web and Application Access on page 234).
Page 410 ProSecure Unified Threat Management (UTM) Appliance • WAN destination IP address. For the multiple WAN port models only, you can specify the destination IP address for incoming traffic. Traffic is directed to the specified address only when the destination IP address of the incoming packet matches the IP address of the selected WAN interface.
Page 411: Port Triggering
LAN. The DMZ can be used to host servers (such as a web server, FTP server, or email server) and provide public access to them. On the UTM5, UTM10, UTM25, and UTM150, LAN port 4 can be dedicated as a hardware DMZ port to safely provide services to the Internet without compromising security on your LAN.
Page 412: Use Qos And Bandwidth Assignments To Shift The Traffic Mix
ProSecure Unified Threat Management (UTM) Appliance Use QoS and Bandwidth Assignments to Shift the Traffic Mix By specifying QoS and bandwidth profiles and assigning these profiles to outbound and inbound firewall rules, you can shift the traffic mix to aim for optimum performance of the UTM.
Page 413: Change Passwords And Administrator And Guest Settings
The default administrator and default guest passwords for the web management interface are both password. NETGEAR recommends that you change the password for the administrator account to a more secure password, and that you configure a separate secure password for the guest account.
Page 414 ProSecure Unified Threat Management (UTM) Appliance Select the Check to Edit Password check box. The password fields become available. Enter the old password, enter the new password, and then confirm the new password. Note: The ideal password should contain no dictionary words from any language, and should be a mixture of letters (both uppercase and lowercase), numbers, and symbols.
Page 415: Configure Remote Management Access
IP address and default password. Because a malicious WAN user can reconfigure the UTM and misuse it in many ways, NETGEAR highly recommends that you change the admin and guest default passwords before continuing (see Change Passwords and Administrator and Guest Settings on page 413).
Page 416 ProSecure Unified Threat Management (UTM) Appliance When remote management is enabled, you need to use an SSL connection to access the UTM from the Internet. You need to enter https:// (not http://) and type the UTM’s WAN IP address in your browser. For example, if the UTM’s WAN IP address is 10.16.0.123, type the following in your browser: https://10.16.0.123.
Page 417: Use A Simple Network Management Protocol Manager
ProSecure Unified Threat Management (UTM) Appliance Use a Simple Network Management Protocol Manager Simple Network Management Protocol (SNMP) forms part of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
Page 418: Manage The Configuration File
ProSecure Unified Threat Management (UTM) Appliance Table 103. SNMP screen settings Setting Description Settings Do You Want to Select one of the following radio buttons: Enable SNMP? • Yes. Enable SNMP. • No. Disable SNMP. This is the default setting. Read Community The community string to allow an SNMP manager access to the MIB objects of the UTM for the purpose of reading only.
Page 419 ProSecure Unified Threat Management (UTM) Appliance To display the Backup & Restore Settings screen, select Administration > Backup & Restore Settings. Figure 252. Back Up Settings The backup feature saves all UTM settings to a file. These settings include: • Network settings.
Page 420 ProSecure Unified Threat Management (UTM) Appliance Restore Settings WARNING: Restore only settings that were backed up from the same software version. Restoring settings from a different software version can corrupt your backup file or the UTM system software.  To restore settings from a backup file: On the Backup &...
Page 421: Update The Firmware
LAN IP address is 192.168.1.1. Update the Firmware The UTM can automatically detect a new firmware version from a NETGEAR update server. The firmware upgrade process for the UTM consists of the following four stages: Querying the available firmware versions from the NETGEAR update server.
Page 422 Status. The status of the firmware (ok or corrupted). To see which other firmware versions are available, click Query under the Firmware Download section to allow the UTM to connect to the NETGEAR update server. The Firmware Download section shows the available firmware versions, including any new versions, and the date when the current firmware version was downloaded to the UTM.
Page 423 ProSecure Unified Threat Management (UTM) Appliance  To upgrade the UTM’s firmware directly from an update server and reboot the UTM: In the Firmware Download section of the Firmware screen, click Query to display the available firmware versions. Select the radio button that corresponds to the firmware version that you want to download onto the UTM.
Page 424 Upgrade the Firmware from a Downloaded File and Reboot the UTM Instead of downloading the UTM firmware directly from a NETGEAR update server, you can download the UTM firmware from a NETGEAR website to a computer in your network and then upgrade the firmware on the UTM.
Page 425 ProSecure Unified Threat Management (UTM) Appliance WARNING: Uploading firmware to the UTM stops any firmware downloading process that might be occurring and removes any downloaded and uploaded firmware files from the UTM. While the upload is occurring, do not leave or refresh the Firmware screen. When the firmware upload process is complete, the new firmware version is displayed in the Firmware Upload section of the screen;...
Page 426: Update The Scan Signatures And Scan Engine Firmware
Note: In some cases, such as a major upgrade, it might be necessary to erase the configuration and manually reconfigure your UTM after upgrading it. Refer to the firmware release notes that NETGEAR makes available. Reboot without Changing the Firmware ...
Page 427 ProSecure Unified Threat Management (UTM) Appliance Figure 256. The Info section onscreen shows the following information fields for the scan engine firmware and pattern file: • Current Version. The version of the files. • Last Updated. The date of the most recent update. To immediately update the scan engine firmware and pattern file, click the Update Now button at the bottom of the screen.
Page 428: Configure Date And Time Service
Update From Set the update source server by selecting one of the following radio buttons: • Default update server. Files are updated from the default NETGEAR update server. • Server address. Files are updated from the server that you specify. Enter the IP address or host name of the update server in the Server address field.
Page 429 Note: If you select the Use Custom NTP Servers option but leave either the Server 1 or Server 2 field blank, both fields are set to the default NETGEAR NTP servers. Note: A list of public NTP servers is available at http://support.ntp.org/bin/view/Servers/WebHome.
Page 430: Connect To A Readynas And Configure Quarantine Settings
This requires an increasing amount of storage space, which is not available on the UTM. To accommodate these storage requirements, you need to connect the UTM to a NETGEAR ReadyNAS and configure the quarantine settings. Without integration with a ReadyNAS, you cannot use the quarantine options of the UTM.
Page 431: Connect To A Readynas
ProSecure Unified Threat Management (UTM) Appliance on the Log Query screen and view onscreen (see Query the Quarantine Logs on page 485) are stored on the ReadyNAS. However, after you have integrated a ReadyNAS with the UTM, logs can no longer be sent to an email address (see the Email Logs to Administrator section on the Email and Syslog screen).
Page 432: Configure The Quarantine Settings
ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 106. ReadyNAS Integration screen settings Setting Description ReadyNAS Server The IP address of the ReadyNAS server. ReadyNAS Username The user name to access the ReadyNAS. By default, the user name is admin. ReadyNAS Password The password to access the ReadyNAS.
Page 433 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 107. Quarantine settings Setting Description Allow anonymous users to Select this check box to allow anonymous users to view their quarantined check quarantined mails emails.
Page 434: Chapter 11 Monitoring System Access And Performance
Monitoring System Access and Performance This chapter describes the system-monitoring features of the UTM. You can be alerted to important events such as a WAN port rollover, WAN traffic limits reached, login failures, and attacks. You can also view status information about the firewall, WAN ports, LAN ports, active VPN users and tunnels, and more.
Page 435 ProSecure Unified Threat Management (UTM) Appliance  To monitor traffic limits on each of the WAN ports: Select Network Config > WAN Metering. On the multiple WAN port models, the WAN Metering tabs display, with the WAN1 Traffic Meter screen (or, for the UTM9S, the WAN1) screen in view (the following figure shows the WAN1 Traffic Meter screen of the UTM50).
Page 436 ProSecure Unified Threat Management (UTM) Appliance Table 108. WAN traffic meter settings Setting Description Enable Traffic Meter Do you want to Select one of the following radio buttons to configure traffic metering: enable Traffic • Yes. Traffic metering is enabled, and the traffic meter records the volume of Metering on WAN1? Internet traffic passing through the WAN1 interface (multiple WAN port models) (multiple WAN port...
Page 437 ProSecure Unified Threat Management (UTM) Appliance Table 108. WAN traffic meter settings (continued) Setting Description When Limit is reached Block Traffic Select one of the following radio buttons to specify which action the UTM performs when the traffic limit has been reached: •...
Page 438: Configure Logging, Alerts, And Event Notifications
ProSecure Unified Threat Management (UTM) Appliance Configure Logging, Alerts, and Event Notifications By default, the UTM logs security-related events such as accepted and dropped packets on different segments of your LAN, denied incoming and outgoing service requests, hacker probes and login attempts, content-filtering events such as attempts to access blocked sites and URLs, unwanted email content, spam attempts, and many other types of events.
Page 439: Configure And Activate System, Email, And Syslog Logs
Description Show as Mail Sender A descriptive name of the sender for email identification purposes. For example, enter UTMnotification@netgear.com. SMTP Server The IP address and port number or Internet name and port number of your ISP’s outgoing email SMTP server. The default port number is 25.
Page 440 ProSecure Unified Threat Management (UTM) Appliance or schedule logs to be sent to the administrator or to a syslog server on the network. In addition, the Email and Syslog screen provides the option to selectively clear logs.  To configure and activate logs: Select Monitoring >...
Page 441 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 110. Email and Syslog screen settings Setting Description System Logs Option Select the check boxes to specify which system events are logged: • Change of Time by NTP. Logs a message when the system time changes after a request from an NTP server.
Page 442 ProSecure Unified Threat Management (UTM) Appliance Table 110. Email and Syslog screen settings (continued) Setting Description Enable Select Logs to • IPS Logs. All IPS events. (continued) Send • SSL VPN Logs. All SSL VPN events. (continued) • IPSEC VPN Logs. All IPSec VPN events. •...
Page 443: How To Send Syslogs Over A Vpn Tunnel Between Sites
ProSecure Unified Threat Management (UTM) Appliance Click Apply to save your settings, or click Clear Log Information to clear the selected logs. How to Send Syslogs over a VPN Tunnel between Sites  To send syslogs from one site to another over a gateway-to-gateway VPN tunnel: At Site 1, set up a syslog server that is connected to Gateway 1.
Page 444 ProSecure Unified Threat Management (UTM) Appliance In the General section of the screen, clear the Enable NetBIOS check box. In the Traffic Selector section of the screen, make the following changes: • From the Remote IP drop-down list, select Single. •...
Page 445: Configure And Activate Update Failure And Attack Alerts
ProSecure Unified Threat Management (UTM) Appliance Note: The VPN tunnel should be established automatically, and the syslogs should be sent to the syslog server at Site 1. You can use the IPSec VPN Connection Status screen to verify the connection. Configure and Activate Update Failure and Attack Alerts You can configure the UTM to send an email alert when a failure, malware attack, malware outbreak attack, Intrusion Prevention System (IPS) attack, or IPS outbreak attack occurs.
Page 446 ProSecure Unified Threat Management (UTM) Appliance Figure 264. Enter the settings as explained in the following table: Table 111. Alerts screen settings Setting Description Enable Traffic Select this check box to enable traffic meter limit alerts. This check box is cleared by Meter Limit Alerts default.
Page 447 ProSecure Unified Threat Management (UTM) Appliance Table 111. Alerts screen settings (continued) Setting Description Enable Malware Select this check box to enable malware alerts, and fill in the Subject and Message Alerts fields. This check box is cleared by default. Subject Enter the subject line for the email alert.
Page 448: Configure And Activate Firewall Logs
Create Bandwidth Profiles on page 162), or both, have been exceeded. Note: Enabling firewall logs might generate a significant volume of log messages. NETGEAR recommends that you enable firewall logs for debugging purposes only.  To configure and activate firewall logs: Select Monitoring >...
Page 449: Monitor Real-Time Traffic, Security, And Statistics
ProSecure Unified Threat Management (UTM) Appliance Table 112. Firewall Logs screen settings Setting Description Routing Logs In the Accepted Packets and Dropped Packets columns, select check boxes to specify which traffic is logged: • LAN to WAN • LAN to DMZ •...
Page 450 ProSecure Unified Threat Management (UTM) Appliance Figure 266. Dashboard, screen 1 of 3 To clear the statistics, click Clear Statistics. Monitoring System Access and Performance...
Page 451 ProSecure Unified Threat Management (UTM) Appliance  To set the poll interval: Click the Stop button. From the Poll Interval drop-down list, select a new interval. The minimum is 5 seconds; the maximum is 5 minutes. Click the Set Interval button. The following table explains the fields of the Total Threats, Threats (Counts), and Total Traffic (Bytes) sections of the Dashboard screen: Table 113.
Page 452 ProSecure Unified Threat Management (UTM) Appliance Table 113. Dashboard screen: threats and traffic information (continued) Item Description Threats (Counts) This is a graphic that shows the relative number of threats and access violations over the last week, using different colors for the various components, most of which are self-explanatory: Email Filter, Spam, IPS Sig Match (which stands for IPS signatures matched), Web Malware, Email Virus, Application Block, Web URL Block, and Web Content Block.
Page 453 ProSecure Unified Threat Management (UTM) Appliance The following table explains the fields of the Most Recent 5 and Top 5 sections of the Dashboard screen: Table 114. Dashboard screen: most recent 5 threats and top 5 threats information Category Most recent 5 threats description Top 5 threats description Threats •...
Page 454 ProSecure Unified Threat Management (UTM) Appliance Figure 268. Dashboard, screen 3 of 3 The following table explains the fields of the Service Statistics section of the Dashboard screen: Table 115. Dashboard screen: service statistics information Item Description For each of the six supported protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP), this section provides the following statistics: Total Scanned Traffic (MB) The total quantity of scanned traffic in MB.
Page 455: Monitor Application Use In Real-Time
ProSecure Unified Threat Management (UTM) Appliance Table 115. Dashboard screen: service statistics information (continued) Item Description Total Spam Emails The total number of spam messages that were blocked. These statistics are applicable only to SMTP and POP3. Blacklist The total number of emails that were detected from sources on the spam blacklist (see Set Up the Whitelist and Blacklist page 194).
Page 456 ProSecure Unified Threat Management (UTM) Appliance Figure 269. Monitoring System Access and Performance...
Page 457 ProSecure Unified Threat Management (UTM) Appliance  To set the poll interval: Click the Stop button. From the Poll Interval drop-down list, select a new interval. The minimum is 30 seconds; the maximum is 20 minutes. Click the Set Interval button. ...
Page 458: View Status Screens
ProSecure Unified Threat Management (UTM) Appliance View Status Screens The UTM provides real-time information in a variety of status screens that are described in the following sections: • View the System Status • View the Active VPN Users • View the VPN Tunnel Connection Status •...
Page 459 ProSecure Unified Threat Management (UTM) Appliance View the System Status Screen To view the System Status screen, select Monitoring > System Status. The System Status tabs display, with the System Status screen in view: Figure 270. The following table explains the fields of the System Status screen: Table 117.
Page 460 ProSecure Unified Threat Management (UTM) Appliance Table 117. System Status screen fields (continued) Item Description ReadyNAS Status The status of the ReadyNAS connection: • OFF. The ReadyNAS is not connected. • NORMAL. The ReadyNAS is connected and functions normally. • FAILED.
Page 461 ProSecure Unified Threat Management (UTM) Appliance Figure 271. The following table explains the fields of the Network Status screen: Table 118. Network Status screen fields Item Description LAN (VLAN) Information For each of the LAN ports, the screen shows the IP address and subnet mask. For more detailed information, Table 121 on page 465.
Page 462 ProSecure Unified Threat Management (UTM) Appliance Figure 272. The following table explains the fields of the Router Statistics screen. To change the poll interval period, enter a new value in the Poll Interval field, and then click Set interval. To stop polling, click Stop. Table 119.
Page 463 ProSecure Unified Threat Management (UTM) Appliance Figure 273. The following table explains the fields of the Wireless Statistics screen. To change the poll interval period, enter a new value in the Poll Interval field, and then click Set interval. To stop polling, click Stop. Table 120.
Page 464 ProSecure Unified Threat Management (UTM) Appliance Table 120. Wireless Statistics screen fields (continued) Item Description Multicast The number of received (Rx) and transmitted (Tx) multicast packets on the access point. Collisions The number of signal collisions that have occurred on the access point. A collision occurs when the access point attempts to send data at the same time as a wireless station that is connected to the access point.
Page 465 The MAC address of this port. All LAN ports share the same MAC address if they are part of the default VLAN. However, if LAN port 4 (UTM5, UTM10, UTM25, and UTM150) or LAN port 6 (UTM50) is enabled as the DMZ port, its MAC address is changed to the MAC address of the WAN2 interface plus 1.
Page 466 ProSecure Unified Threat Management (UTM) Appliance Table 121. Detailed Status screen fields (continued) Item Description Subnet Mask The subnet mask for this port. If the VLAN is not enabled on this port, the subnet mask is the default LAN IP subnet mask (255.255.255.0). For information about configuring VLAN profiles, see Configure a VLAN Profile on page 96.
Page 467 ProSecure Unified Threat Management (UTM) Appliance Table 121. Detailed Status screen fields (continued) Item Description IP Address The IP address of the WAN port. These settings are either obtained Subnet Mask The subnet mask of the WAN port. dynamically from your ISP or specified by you on the WAN ISP Gateway The IP address of the gateway.
Page 468 ProSecure Unified Threat Management (UTM) Appliance View the VLAN Status Screen The VLAN Status screen displays information about the VLANs (both enabled and disabled) that are configured on the UTM. For information about configuring VLAN profiles, see Configure a VLAN Profile on page For information about enabling and disabling VLAN profiles, see...
Page 469: View The Active Vpn Users
ProSecure Unified Threat Management (UTM) Appliance View the xDSL Statistics Screen (UTM9S Only) To view the xDSL Statistics screen, select Monitoring > System Status > xDSL Statistics. The xDSL Statistics screen displays: Figure 277. View the Active VPN Users The Active Users screen displays a list of administrators, IPSec VPN users, and SSL VPN users that are currently logged in to the UTM.
Page 470: View The Vpn Tunnel Connection Status
ProSecure Unified Threat Management (UTM) Appliance View the VPN Tunnel Connection Status To review the status of current IPSec VPN tunnels, select Monitoring > Active Users & VPNs > IPSec VPN Connection Status. The IPSec VPN Connection Status screen displays: Figure 279.
Page 471: View The Pptp And L2Tp Server Status
ProSecure Unified Threat Management (UTM) Appliance Figure 280. The active user’s user name, group, and IP address are listed in the table with a time stamp indicating the time and date that the user connected. To disconnect an active user, click the Disconnect table button to the right of the user’s table entry.
Page 472: View The Port Triggering Status
ProSecure Unified Threat Management (UTM) Appliance To view the active L2TP tunnel users, select Monitoring > Active Users & VPNs > L2TP Active Users. The L2TP Active Users screen displays: Figure 281. The List of L2TP Active Users table lists each active connection with the information that is described in the following table.
Page 473 ProSecure Unified Threat Management (UTM) Appliance Figure 282. Select the Status option arrow in the upper right of the Port Triggering screen. The Port Triggering Status screen displays in a pop-up screen. Figure 283. The Port Triggering Status screen displays the information that is described in the following table: Table 126.
Page 474: View The Wan Ports Status
ProSecure Unified Threat Management (UTM) Appliance View the WAN Ports Status You can view the status of both of the WAN connections, the DNS servers, and the DHCP servers.  To view the status of the WAN1 port (multiple WAN port models) or WAN port (single WAN port models): Select Network Config >...
Page 475: View Attached Devices And The Dhcp Leases
ProSecure Unified Threat Management (UTM) Appliance Table 127. Connection Status pop-up screen information (continued) Item Description DHCP Server The DHCP server that was automatically detected. This field displays only if your ISP does not require a login and the IP address is acquired dynamically from your ISP.
Page 476 ProSecure Unified Threat Management (UTM) Appliance Figure 285. Select the LAN Groups submenu tab. The LAN Groups screen displays. (The following figure shows some examples in the Known PCs and Devices table.) Figure 286. The Known PCs and Devices table contains a list of all known PCs and network devices that are assigned dynamic IP addresses by the UTM, or have been discovered by other means.
Page 477 ProSecure Unified Threat Management (UTM) Appliance meaningful name). If the PC or device was assigned an IP address by the DHCP server, then the name is appended by an asterisk. • IP Address. The current IP address of the PC or device. For DHCP clients of the UTM, this IP address does not change.
Page 478: Query The Logs
ProSecure Unified Threat Management (UTM) Appliance Query the Logs The UTM generates logs that provide detailed information about malware threats and traffic activities on the network. You can view these logs through the web management interface or save the log records in CSV or HTML format and download them to a computer (the downloading option is not available for all logs).
Page 479: Query And Download Logs
ProSecure Unified Threat Management (UTM) Appliance You can query and generate each type of log separately and filter the information based on a number of criteria. For example, you can filter the malware logs using the following criteria (other log types have similar filtering criteria): •...
Page 480 ProSecure Unified Threat Management (UTM) Appliance Figure 288. Enter the settings as explained in the following table: Table 128. Logs Query screen settings Setting Description Log Type Select one of the following log types from the drop-down list: • Traffic. All scanned incoming and outgoing traffic. •...
Page 481 ProSecure Unified Threat Management (UTM) Appliance Table 128. Logs Query screen settings (continued) Setting Description Log Type • Anomaly Behavior. All port scan and DDoS events. (continued) • Application. All instant messaging, peer-to-peer and media application, and tools access violations. •...
Page 482 ProSecure Unified Threat Management (UTM) Appliance Table 128. Logs Query screen settings (continued) Setting Description Search Criteria User The user name that is queried. (continued) This field is available for the following logs: Traffic, Spam, Malware, Email filters, Content filters, and Application.
Page 483 ProSecure Unified Threat Management (UTM) Appliance Table 128. Logs Query screen settings (continued) Setting Description Search Criteria Recipient Email The recipient’s email address that is queried. (continued) This field is available for the following logs: Traffic, Spam, Malware, and Email filters. Message The email message text that is queried.
Page 484: Example: Use The Logs To Identify Infected Clients
UTM logs and ensures that the latest malware threats and traffic activities are always recorded. Note: After the UTM reboots, traffic logs are lost. Therefore, NETGEAR recommends that you connect the UTM to a syslog server to save the traffic logs externally. Other logs (that is, nontraffic logs) are automatically backed up on the UTM every 15 minutes.
Page 485: Query The Quarantine Logs
ProSecure Unified Threat Management (UTM) Appliance Query the Quarantine Logs The UTM can quarantine spam and malware files. Before you can query the Spam and Malware logs, you need to have done the following: You have integrated a ReadyNAS (see Connect to a ReadyNAS on page 431).
Page 486 ProSecure Unified Threat Management (UTM) Appliance Figure 289. Enter the settings as explained in the following table: Table 129. Quarantine screen settings Setting Description File Type Select one of the following file types from the drop-down list: • Spam. All intercepted spam. •...
Page 487 ProSecure Unified Threat Management (UTM) Appliance Table 129. Quarantine screen settings (continued) Setting Description Search Criteria Protocols For the Malware log only, select one or more check boxes to (continued) specify the protocols that are queried: SMTP, POP3, IMAP, HTTP, FTP, and HTTPS. Domain The domain name that is queried.
Page 488: View And Manage The Quarantined Spam Table
ProSecure Unified Threat Management (UTM) Appliance View and Manage the Quarantined Spam Table When you query the spam quarantine file, the Quarantine screen with the Quarantined Spam table displays: Figure 290. The Quarantined Spam table has the following columns (not all columns are shown in the previous figure): •...
Page 489: View And Manage The Quarantined Infected Files Table
ProSecure Unified Threat Management (UTM) Appliance After you have selected one or more table entries, take one of the following actions (or click the return link to return to the previous screen): • Send as Spam. The selected spam email files are tagged as spam for distributed spam analysis, and are sent to the intended recipients.
Page 490: Spam Reports For End Users
ProSecure Unified Threat Management (UTM) Appliance • Client IP. The client IP address from which the spyware or virus originated. • Server IP. The server IP address from which the spyware or virus originated. • From. The email address of the sender. •...
Page 491: View, Schedule, And Generate Reports
ProSecure Unified Threat Management (UTM) Appliance Click the here link in the Check your quarantined mail here section. The following screen displays: Figure 293. From the drop-down lists, specify the start date, start time, end date, and end time for the spam report.
Page 492: Enable Application Session Monitoring
ProSecure Unified Threat Management (UTM) Appliance The UTM provides preconfigured report templates. As an option, you can apply filtering options to narrow down and specify the following options: • The period that is covered in the report • The categories and domains to be included in the report •...
Page 493: Report Filtering Options
ProSecure Unified Threat Management (UTM) Appliance Report Filtering Options Before you generate reports to view onscreen or schedule reports to be emailed, you might want to configure filtering options. If you do not configure filtering options, the default settings apply. The report default settings are: •...
Page 494 ProSecure Unified Threat Management (UTM) Appliance Table 130. Report screen: filtering options settings (continued) Setting Description Destination You can narrow down the reports to a single domain (wildcards are not applicable), a single IP address, a single category, or a selection of categories. Specifying a destination affects the following reports in the Web Activity section: •...
Page 495: Use Report Templates And View Reports Onscreen
ProSecure Unified Threat Management (UTM) Appliance Note: Even if you click Apply to save the filtering options, when you leave the Report screen and then return to it, the From and To drop-down lists are reset to their defaults. You cannot save these settings. The other filtering options are saved when you click Apply.
Page 496 ProSecure Unified Threat Management (UTM) Appliance Figure 296. Report, screen 2 of 4 Note: For information about setting a time range and other filtering options for a report, see the previous section. Select a report by clicking View next to the report to display the selected report onscreen. The following table explains the contents of the reports.
Page 497 ProSecure Unified Threat Management (UTM) Appliance Table 131. Report screen: report template information (continued) Report template Information reported for the specified time range URL Filtering by Time For the HTTPS and HTTP protocols separately, a chart and a table with the number of blocked attempts to access URLs that are on the blacklist.
Page 498 ProSecure Unified Threat Management (UTM) Appliance Table 131. Report screen: report template information (continued) Report template Information reported for the specified time range Top n Categories By Request For all web server protocols combined, a chart and a table with the web categories that were requested most often, including the number of times that they were requested, and drill-down links to the users who requested them.
Page 499 ProSecure Unified Threat Management (UTM) Appliance Table 131. Report screen: report template information (continued) Report template Information reported for the specified time range Top n Applications by A chart and a table with the applications for which most bandwidth was Bandwidth consumed and the size of the bandwidth consumed (expressed in bytes), and drill-down links to the users who accessed the applications.
Page 500: Schedule, Email, And Manage Reports
ProSecure Unified Threat Management (UTM) Appliance Table 131. Report screen: report template information (continued) Report template Information reported for the specified time range Blacklist By Time For the POP3 and SMTP protocols separately, a chart and a table with the number of blocked emails from email addresses that are on the blacklist, and for the SMTP protocol only, a chart and a table with the number of blocked emails from email addresses that are on the real-time blacklist...
Page 501 ProSecure Unified Threat Management (UTM) Appliance Enter the settings in the Schedule Reports section as explained in the following table: Table 132. Report screen: schedule report settings Setting Description Schedule Reports Email Recipients Specify the email addresses of the report recipients, using commas to separate the email addresses.
Page 502: Use Diagnostics Utilities
ProSecure Unified Threat Management (UTM) Appliance Figure 298. Report, screen 4 of 4 The Report History section shows the generated and emailed reports with their report date and lets you perform the following actions. • Specify the number of reports to keep. To manage the number of reports that you can keep, enter a number from 1 to 12 in the Number of reports to keep field.
Page 503: Use The Network Diagnostic Tools
ProSecure Unified Threat Management (UTM) Appliance Use the Network Diagnostic Tools This section discusses the Network Diagnostics section and the Perform a DNS Lookup section of the Diagnostics screen. Figure 299. Diagnostics, screen 1 of 3 Send a Ping Packet Use the ping utility to send a ping packet request in order to check the connection between the UTM and a specific IP address.
Page 504: Use The Real-Time Traffic Diagnostics Tool
Diagnostics screen, click Back on the browser menu bar. Display the Routing Table Displaying the internal routing table can assist NETGEAR technical support in diagnosing routing problems. To display the routing table, locate the Network Diagnostics section on the Diagnostics screen.
Page 505 The default file name is diagnostics.result.dat. The file is downloaded to the location that you specify. When the download is complete, browse to the download location that you specified, and verify that the file has been downloaded successfully. Optional: Send the file to NETGEAR technical support for analysis. Monitoring System Access and Performance...
Page 506: Gather Important Log Information And Generate A Network Statistics Report
Gather Important Log Information and Generate a Network Statistics Report When you request support, NETGEAR technical support might ask you to collect the debug logs and other information from your UTM. This section discusses the Gather Important Log Information section, Network Statistics Report section, and Reboot the System section of the Diagnostics screen.
Page 507 ProSecure Unified Threat Management (UTM) Appliance Reboot and Shut Down the UTM You can perform a remote reboot (restart), for example, when the UTM seems to have become unstable or is not operating normally. Note: Rebooting breaks any existing connections either to the UTM (such as your management session) or through the UTM (for example, LAN users accessing the Internet).
Page 508: Chapter 12 Troubleshooting And Using Online Support
• The date or time is not correct. Go to Problems with Date and Time on page 515. • I need help from NETGEAR. Go to Use Online Support on page 516. Note: The UTM’s diagnostic tools are explained in...
Page 509: Basic Functioning
UTM and that the power supply adapter is correctly connected to a functioning power outlet. If the error persists, you have a hardware problem and should contact NETGEAR technical support. Test LED Never Turns Off When the UTM is powered on, the Test LED turns on for approximately 2 minutes and then turns off when the UTM has completed its initialization.
Page 510: Lan Or Wan Port Leds Not On
ProSecure Unified Threat Management (UTM) Appliance LAN or WAN Port LEDs Not On  If either the LAN LEDs or WAN LEDs do not light when the Ethernet connection is made, check the following: • Make sure that the Ethernet cable connections are secure at the UTM and at the hub, router, or workstation.
Page 511: When You Enter A Url Or Ip Address, A Time-Out Error Occurs
 To check the WAN IP address: Launch your browser and navigate to an external site such as www.netgear.com. Access the web management interface of the UTM’s configuration at https://192.168.1.1. Select Network Config > WAN Settings. The WAN Settings screen displays.
Page 512 A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP provides the addresses of one or two DNS servers for your use. You can configure your PC manually with DNS addresses, as explained in your operating system documentation.
Page 513: Troubleshoot A Tcp/Ip Network Using A Ping Utility
ProSecure Unified Threat Management (UTM) Appliance Troubleshoot a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. You can easily troubleshoot a TCP/IP network by using the ping utility in your PC or workstation.
Page 514: Test The Path From Your Pc To A Remote Device
To reset the UTM to the original factory default settings, you can use one of the following two methods: • Press the factory default reset button on the rear panel of the UTM (see Rear Panel UTM5, UTM10, and UTM25 on page 31, Rear Panel UTM50 and UTM150 on page 32, or Rear Panel UTM9S on page 32) and hold the button for about 8 seconds until the Test LED turns on and begins to blink (about 30 seconds).
Page 515: Problems With Date And Time
ProSecure Unified Threat Management (UTM) Appliance a. To display the Backup & Restore Settings screen, select Administration > Backup & Restore Settings. The Backup & Restore Settings screen displays: Figure 302. b. Click the Default button. The UTM reboots. During the reboot process, the Backup & Restore Settings screen remains visible.
Page 516: Use Online Support
Select Support > Online Support. The Online Support screen displays: Figure 303. In the Support Key field, enter the support key that was given to you by NETGEAR. Click Connect. When the tunnel is established, the tunnel status field displays ON.
Page 517: Send Suspicious Files To Netgear For Analysis
ProSecure Unified Threat Management (UTM) Appliance If NETGEAR technical support cannot access the UTM remotely, they might ask you to save a log file to your computer and then email it to NETGEAR for analysis (see Gather Important Log Information on page 506).
Page 518: Appendix A Xdsl Module For The Utm9S
xDSL Module for the UTM9S This appendix describes how to configure the DSL interface of the UTM9SDSL xDSL module that installs in an UTM9S. This appendix includes the following sections: • xDSL Module Configuration Tasks • Configure the xDSL Settings •...
Page 519: Configure The Xdsl Settings
ProSecure Unified Threat Management (UTM) Appliance Configure secondary WAN addresses on the WAN port (optional). Configure aliases for the WAN port. See Configure Secondary WAN Addresses on page 537. Configure Dynamic DNS on the WAN port (optional). Configure your fully qualified domain names during this phase (if required).
Page 520 ProSecure Unified Threat Management (UTM) Appliance Figure 305. Either click Auto Detect or, if you have the correct settings, enter the settings as explained in the following table: Table 134. xDSL settings Setting Description DSL Transfer Mode Select one of the following DSL transfer methods: •...
Page 521: Automatically Detecting And Connecting The Internet Connection
ProSecure Unified Threat Management (UTM) Appliance Automatically Detecting and Connecting the Internet Connection To set up your UTM9S for secure Internet connections, the web management interface provides the option to automatically detect the network connection and configure the xDSL port. You can also manually configure the Internet connection and port (see Manually Configure the Internet Connection on page 524).
Page 522 ProSecure Unified Threat Management (UTM) Appliance Click the Edit button in the Action column of the SLOT-x entry to automatically configure the connection to the Internet. The SLOT-x ISP Settings screen displays. (The following figure shows the SLOT-2 ISP Settings screen.) Figure 307.
Page 523 ProSecure Unified Threat Management (UTM) Appliance • If the autodetect process senses a connection method that requires input from you, it prompts you for the information. All methods with their required settings are explained in the following table: Table 135. Internet connection methods Connection method Manual data input required DHCP (Dynamic IP) No data is required.
Page 524: Set The Utm's Mac Address
ProSecure Unified Threat Management (UTM) Appliance Note: If the configuration process was successful, you are connected to the Internet through the DSL interface that you just configured. Note: For more information about the WAN Connection Status screen, see View the WAN Ports Status on page 474.
Page 525 ProSecure Unified Threat Management (UTM) Appliance Figure 309. Click the Edit button in the Action column of the SLOT-x interface. The SLOT-x ISP Settings screen displays (see Figure 307 on page 522). Locate the ISP Login section onscreen: Figure 310. In the ISP Login section, select one of the following options: •...
Page 526 ProSecure Unified Threat Management (UTM) Appliance If your connection is Point-to-Point Protocol over Ethernet (PPPoE) or Point-to-Point Protocol over ATM (PPPoA), your ISP requires an initial login. Enter the settings as explained in the following table: Table 136. PPPoE and PPPoA settings Setting Description PPPoE...
Page 527 ProSecure Unified Threat Management (UTM) Appliance Table 137. Internet IP address settings Setting Description Get Dynamically If your ISP has not assigned you a static IP address, select the Get Dynamically from from ISP ISP radio button. The ISP automatically assigns an IP address to the UTM9S using DHCP network protocol.
Page 528: Configure The Wan Mode
ProSecure Unified Threat Management (UTM) Appliance Table 138. DNS server settings Setting Description Get Automatically If your ISP has not assigned any Domain Name Server (DNS) addresses, select the from ISP Get Automatically from ISP radio button. Use These DNS If your ISP has assigned DNS addresses, select the Use These DNS Servers radio Servers button.
Page 529: Configure Network Address Translation
ProSecure Unified Threat Management (UTM) Appliance • Primary WAN mode. The DSL interface (or a WAN interface) is made the primary interface. The other interfaces are disabled. • Auto-rollover mode. The selected DSL or WAN interface is defined as the primary link, and another interface needs to be defined as the rollover link.
Page 530: Configure Classical Routing
ProSecure Unified Threat Management (UTM) Appliance WARNING: Changing the WAN mode from classical routing to NAT causes all LAN WAN and DMZ WAN inbound rules to revert to default settings.  To configure NAT: Select Network Config > WAN Settings > WAN Mode. The WAN Mode screen displays (see Figure 313 on page 531).
Page 531 ProSecure Unified Threat Management (UTM) Appliance When the UTM9S is configured in auto-rollover mode, it uses the selected WAN failure detection method to detect the status of the primary link connection at regular intervals. Link failure is detected in one of the following ways: •...
Page 532 ProSecure Unified Threat Management (UTM) Appliance Note: Ensure that the backup interface is configured before enabling auto-rollover mode. Click Apply to save your settings. Configure the Failure Detection Method  To configure the failure detection method: Select Network Config > WAN Settings. The WAN screen displays (see Figure 306 page 521).
Page 533: Configure Load Balancing And Optional Protocol Binding
ProSecure Unified Threat Management (UTM) Appliance Table 139. Failure detection method settings (continued) Setting Description Ping Pings are sent to a server with a public IP address. This server should not reject the ping request and should not consider ping traffic to be abusive. IP Address The IP address of the ping server.
Page 534 ProSecure Unified Threat Management (UTM) Appliance Configure Load Balancing  To configure load balancing: Select Network Config > WAN Settings > WAN Mode. The WAN Mode screen displays: Figure 315. Note: You cannot configure load balancing when you use a PPPoE or PPPoA connection and have selected the Idle Timeout radio button on the WAN ISP Settings screen (single WAN port models) or on one of the WAN ISP Settings screens (multiple WAN port models);...
Page 535 ProSecure Unified Threat Management (UTM) Appliance then a new FTP session could start on the WAN1 interface, and then any new connection to the Internet could be made on the WAN2 interface. This load-balancing method ensures that a single interface does not carry a disproportionate distribution of sessions.
Page 536 ProSecure Unified Threat Management (UTM) Appliance Figure 317. Configure the protocol binding settings as explained in the following table: Table 140. Add Protocol Binding screen settings Setting Description Service From the drop-down list, select a service or application to be covered by this rule. If the service or application does not appear in the list, you need to define it using the Services screen (see Service-Based Rules...
Page 537: Configure Secondary Wan Addresses
ProSecure Unified Threat Management (UTM) Appliance Click Apply to save your settings. The protocol binding rule is added to the Protocol Bindings table. The rule is automatically enabled, which is indicated by the ! status icon, a green circle.  To edit a protocol binding: On the Protocol Bindings screen (see Figure 316...
Page 538 ProSecure Unified Threat Management (UTM) Appliance It is important that you ensure that any secondary DSL addresses are different from the primary DSL, WAN, LAN, and DMZ IP addresses that are already configured on the UTM9S. However, primary and secondary DSL addresses can be in the same subnet. The following is an example of correctly configured IP addresses: •...
Page 539: Configure Dynamic Dns
ProSecure Unified Threat Management (UTM) Appliance Click the Add table button in the rightmost column to add the secondary IP address to the List of Secondary WAN addresses table. Repeat step 4 step 5 for each secondary IP address that you want to add to the List of Secondary WAN addresses table.
Page 540 ProSecure Unified Threat Management (UTM) Appliance  To configure DDNS: Select Network Config > Dynamic DNS. The Dynamic DNS screen displays (see the following figure). The WAN Mode section onscreen reports the currently configured WAN mode (for example, Single Port WAN1, Load Balancing, or Auto Rollover). Only those options that match the configured WAN mode are accessible onscreen.
Page 541: Configure Advanced Wan Options
ProSecure Unified Threat Management (UTM) Appliance Click the Information option arrow in the upper right of a DNS screen for registration information. Figure 320. Access the website of the DDNS service provider, and register for an account (for example, for DynDNS.org, go to http://www.dyndns.com/). Configure the DDNS service settings for the DSL interface as explained in the following table: Table 141.
Page 542 ProSecure Unified Threat Management (UTM) Appliance Note: You can also configure the failure detection method for the auto-rollover mode on the Advanced screen. This procedure is discussed in Configure the Failure Detection Method on page 532.  To configure advanced WAN options: Select Network Config >...
Page 543: Additional Wan-Related Configuration Tasks
If you want the ability to manage the UTM9S remotely, enable remote management (see Configure Remote Management Access on page 415). If you enable remote management, NETGEAR strongly recommend that you change your password (see Change Passwords and Administrator and Guest Settings on page 413).
Page 544: Appendix B Wireless Module For The Utm9S
Wireless Module for the UTM9S This appendix describes how to configure the wireless features of the UTM9SWLSN wireless module that is installed in a UTM9S. This appendix includes the following sections: • Overview of the Wireless Module • Configure the Basic Radio Settings •...
Page 545: Configuration Order
For complete performance specifications, see the data sheet on the ProSecure UTM series home page at http://prosecure.netgear.com/products/prosecure-utm-series/index.php. For best results, place your UTM9S according to the following general guidelines: • Near the center of the area in which your wireless devices will operate.
Page 546: Configure The Basic Radio Settings
ProSecure Unified Threat Management (UTM) Appliance • Away from large metal surfaces or water. • Placing the antennas in a vertical position provides the best side-to-side coverage. Placing the antennas in a horizontal position provides the best up-and-down coverage. • If you are using multiple wireless access points, it is better if the wireless module and an adjacent wireless access point use different radio frequency channels to reduce interference.
Page 547 ProSecure Unified Threat Management (UTM) Appliance Specify the settings as explained the following table: Table 143. Radio Settings screen settings Field Descriptions Region This is a preconfigured field that you cannot change. Country Specify a country by making a selection from the drop-down list. Operating Frequency Specify the radio’s operating frequency by making a selection from the drop-down list:...
Page 548 ProSecure Unified Threat Management (UTM) Appliance Table 143. Radio Settings screen settings (continued) Field Descriptions Channel Spacing For the na, ng, and Greenfield modes only, specify the channel spacing by making a selection from the drop-down list: Note: na, ng, and •...
Page 549: Operating Frequency (Channel) Guidelines
ProSecure Unified Threat Management (UTM) Appliance WARNING: When you have changed the country settings, the wireless module (not the UTM9S) will reboot when you click Apply. Click Apply to save your settings. Operating Frequency (Channel) Guidelines You should not need to change the operating frequency (channel) unless you notice interference problems, or are setting up the UTM9S near another wireless access point.
Page 550 ProSecure Unified Threat Management (UTM) Appliance Figure 323. There are several ways you can enhance the security of your wireless network: • Restrict access based by MAC address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the wireless module. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.
Page 551: Wireless Security Profile
Configure and Enable Wireless Security Profiles on page 553. Note: TKIP provides only legacy (slower) rates of operation. NETGEAR recommends WPA2 with AES to make use of 802.11n rates and speed. Wireless Security Profile The security profile lets you configure the security settings for the SSID on the wireless module.
Page 552: Before You Change The Ssid, Wep, And Wpa Settings
ProSecure Unified Threat Management (UTM) Appliance encryption settings are explained in Configure and Enable Wireless Security Profiles page 553. Here are some concepts and guidelines regarding the SSID: • A basic service set (BSS) is a group of wireless devices and a single wireless access point, all using the same security profile or service set identifier (BSSID).
Page 553: Configure And Enable Wireless Security Profiles
ProSecure Unified Threat Management (UTM) Appliance Record the WPA2-PSK passphrase: WPA2-PSK passphrase: ________________________________ • WPA RADIUS settings For WPA, record the following settings for the primary and secondary RADIUS servers: Server name/IP address: Primary ________________ Secondary _________________ Port: ___________________________________ Shared secret: ___________________________________ •...
Page 554 ProSecure Unified Threat Management (UTM) Appliance Table 144. Profiles screen settings (continued) Field Description Broadcast Indicates whether or not the SSID is broadcast. A green circle indicates that the SSID is broadcast; a gray circle indicates that it is not. Security The configured security method for the security profile.
Page 555 ProSecure Unified Threat Management (UTM) Appliance Specify the settings as explained in the following table: Table 145. Edit Profile screen settings Field Description Profile Configuration Profile Name The name for the wireless security profile is UTM9S. You cannot change this name.
Page 556 ProSecure Unified Threat Management (UTM) Appliance Table 145. Edit Profile screen settings (continued) Field Description Security • WPA+WPA2. To configure WPA, select the encryption and (continued) authentication. The remaining configuration depends on the selected authentication: For WPA+WPA2 with PSK, select a password. For WPA+WPA2 with RADIUS, configure the RADIUS server settings.
Page 557: Configure The Access Point
ProSecure Unified Threat Management (UTM) Appliance Table 145. Edit Profile screen settings (continued) Field Description WEP Index and Keys Authentication Specify the authentication by making a selection from the drop-down list: • Open System. Select this option to use WEP encryption without authentication.
Page 558 ProSecure Unified Threat Management (UTM) Appliance  To configure the wireless access point: Select Network Config > Wireless Settings > Access Point. The Access Point screen displays. (The following figure shows some examples.) Figure 326. The following table explains the fields of the Access Point screen: Table 146.
Page 559 ProSecure Unified Threat Management (UTM) Appliance Figure 327. Specify the settings as explained in the following table: Table 147. Edit Access Point screen settings Settings Description AP Name The name for the access point is ap1. You cannot change this name. Profile Name The name for the profile is UTM9S.
Page 560: Restrict Wireless Access By Mac Address
ProSecure Unified Threat Management (UTM) Appliance Click one of the following table buttons: • Enable. Enables the access point and allows wireless clients to make a connection. • Disable. Disables the access point and prevents wireless clients from making a connection.
Page 561: View The Access Point Status And Connected Clients
ProSecure Unified Threat Management (UTM) Appliance Enter a MAC address in the MAC Address field. Click Apply to add the MAC address to the MAC Address table on the MAC Address Filtering screen. Repeat step 4 step 5 for any other MAC addresses that you want to add to the MAC Address table.
Page 562 ProSecure Unified Threat Management (UTM) Appliance Figure 329. The following table explains the fields of the Access Point Status screen. To change the poll interval period, enter a new value in the Poll Interval field, and then click Set interval. To stop polling, click Stop. Table 148.
Page 563: Configure A Wireless Distribution System
ProSecure Unified Threat Management (UTM) Appliance Table 148. Access Point Status screen fields (continued) Item Description Authentication The type of encryption that the client is using (Open, PSK, RADIUS, or PSK+RADIUS). Time The period in minutes since the connection was established between the access point and Connected the client..
Page 564: Configure Advanced Radio Settings
ProSecure Unified Threat Management (UTM) Appliance Select the Enable WDS check box. In the WPA Password field, enter a password between 8 and 63 characters. Click Apply to save your settings. Enter a MAC address of a peer in the MAC Address field. Click Apply to add the MAC address to the WDS Peers table.
Page 565 ProSecure Unified Threat Management (UTM) Appliance Figure 331. Specify the settings as explained in the following table: Table 149. Advanced Wireless screen settings Setting Description Beacon Interval Enter an interval between 40 ms and 3500 ms for each beacon transmission, which allows the wireless module to synchronize the wireless network.
Page 566: Configure Advanced Profile And Wmm Qos Priority Settings
ProSecure Unified Threat Management (UTM) Appliance Table 149. Advanced Wireless screen settings (continued) Setting Description Preamble Mode Specify the preamble mode by making a selection from the drop-down list: • Long. A long transmit preamble might provide a more reliable connection or a slightly longer range.
Page 567 ProSecure Unified Threat Management (UTM) Appliance Figure 332. Specify the advanced profile settings as explained the following table: Table 150. Advanced profile settings Field Descriptions Profile Name The name for the wireless security profile is UTM9S. You cannot change this name.
Page 568: Wmm Qos Priority Settings
ProSecure Unified Threat Management (UTM) Appliance WMM QoS Priority Settings Wi-Fi Multimedia (WMM) is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of priorities, depending on the type of data. Time-dependent information, such as video or audio, has a higher priority than normal traffic. For WMM to function correctly, wireless clients also need to support WMM.
Page 569 ProSecure Unified Threat Management (UTM) Appliance Figure 333. Select the Enable WMM check box. Click Apply to save your settings. In the DSCP to Queue table, from the drop-down lists, select a WMM queue for each DSCP value that you want to use in a QoS profile. Click Apply to save your settings.
Page 570: Test Basic Wireless Connectivity
ProSecure Unified Threat Management (UTM) Appliance Test Basic Wireless Connectivity After you have configured the wireless module as explained in the previous sections, test your wireless clients for connectivity before you place the UTM9S at its permanent position.  To test for wireless connectivity: Configure the 802.11b/g/n or 802.11a/n wireless clients so that they all have the same SSID that you have configured on the wireless access point.
Page 571: Appendix C Network Planning For Dual Wan Ports
Network Planning for Dual WAN Ports (Multiple WAN Port Models Only) This appendix describes the factors to consider when planning a network using a firewall that has dual WAN ports. This appendix does not apply to single WAN port models. This appendix contains the following sections: •...
Page 572: Cabling And Computer Hardware Requirements
The UTM is capable of being managed remotely, but this feature needs to be enabled locally after each factory default reset. NETGEAR strongly advises you to change the default management password to a strong password before enabling remote management. •...
Page 573: Computer Network Configuration Requirements
ProSecure Unified Threat Management (UTM) Appliance computer will connect to your network at 100 Mbps or higher speeds, you need to use a Category 5 (Cat 5) cable. Computer Network Configuration Requirements The UTM integrates a web management interface. To access the configuration screens on the UTM, you need to use a Java-enabled web browser that supports HTTP uploads such as Microsoft Internet Explorer 6 or later, Mozilla Firefox 3 or later, or Apple Safari 3 or later with JavaScript and cookies, and you need to have SSL enabled.
Page 574 ProSecure Unified Threat Management (UTM) Appliance Internet Connection Information Print these pages with the Internet connection information. Fill in the configuration settings that are provided to you by ISP. _________________________________________________________________________ • ISP login name: The login name and password are case-sensitive and need to be entered exactly as given by your ISP.
Page 575: Overview Of The Planning Process
ProSecure Unified Threat Management (UTM) Appliance Overview of the Planning Process The areas that require planning when you use a firewall that has dual WAN ports such as the UTM include the following: • Inbound traffic (port forwarding, port triggering) •...
Page 576: Inbound Traffic
ProSecure Unified Threat Management (UTM) Appliance Features such as multiple exposed hosts are not supported in auto-rollover mode because the IP address of each WAN port needs to be in the identical range of fixed addresses. • Dual WAN ports in load balancing mode. Load balancing for a UTM with dual WAN ports is similar to a single WAN gateway configuration when you specify the IP address.
Page 577: Inbound Traffic To A Dual Wan Port System
ProSecure Unified Threat Management (UTM) Appliance Figure 337. Inbound Traffic to a Dual WAN Port System The IP address range of the UTM’s WAN port needs to be both fixed and public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.
Page 578: Virtual Private Networks
ProSecure Unified Threat Management (UTM) Appliance Figure 339. Virtual Private Networks When implementing virtual private network (VPN) tunnels, you need to use a mechanism for determining the IP addresses of the tunnel endpoints. The addressing of the firewall’s dual WAN port depends on the configuration being implemented. Table 152.
Page 579: Vpn Road Warrior (Client-To-Gateway)
ProSecure Unified Threat Management (UTM) Appliance Note: When the UTM’s WAN port rolls over, the VPN tunnel collapses and need to be reestablished using the new WAN IP address. However, you can configure automatic IPSec VPN rollover to ensure that an IPSec VPN tunnel is reestablished.
Page 580 ProSecure Unified Threat Management (UTM) Appliance Figure 342. The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is dynamic, an FQDN needs to be used. If the IP address is fixed, an FQDN is optional. VPN Road Warrior: Dual-Gateway WAN Ports for Improved Reliability In a dual WAN port auto-rollover gateway configuration, the remote PC client initiates the VPN tunnel with the active WAN port (port WAN1 in the following figure) because the IP...
Page 581 ProSecure Unified Threat Management (UTM) Appliance Figure 344. The purpose of the FQDN in this case is to toggle the domain name of the gateway firewall between the IP addresses of the active WAN port (that is, WAN1 and WAN2) so that the remote PC client can determine the gateway IP address to establish or reestablish a VPN tunnel.
Page 582: Vpn Gateway-To-Gateway
ProSecure Unified Threat Management (UTM) Appliance VPN Gateway-to-Gateway The following situations exemplify the requirements for a gateway VPN firewall such as an UTM to establish a VPN tunnel with another gateway VPN firewall: • Single-gateway WAN ports • Redundant dual-gateway WAN ports for increased reliability (before and after rollover) •...
Page 583 ProSecure Unified Threat Management (UTM) Appliance Figure 347. The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you always need to use an FQDN because the active WAN ports could be either WAN_A1, WAN_A2, WAN_B1, or WAN_B2 (that is, the IP address of the active WAN ports is not known in advance).
Page 584: Vpn Telecommuter (Client-To-Gateway Through A Nat Router)
ProSecure Unified Threat Management (UTM) Appliance Figure 349. The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional. VPN Telecommuter (Client-to-Gateway through a NAT Router) Note: The telecommuter case assumes that the home office has a...
Page 585 ProSecure Unified Threat Management (UTM) Appliance The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is dynamic, you need to use an FQDN. If the IP address is fixed, an FQDN is optional. VPN Telecommuter: Dual-Gateway WAN Ports for Improved Reliability In a dual WAN port auto-rollover gateway configuration, the remote PC client initiates the VPN tunnel with the active gateway WAN port (port WAN1 in the following figure) because...
Page 586 ProSecure Unified Threat Management (UTM) Appliance VPN Telecommuter: Dual-Gateway WAN Ports for Load Balancing In a dual WAN port load balancing gateway configuration, the remote PC client initiates the VPN tunnel with the appropriate gateway WAN port (that is, port WAN1 or WAN2 as necessary to balance the loads of the two gateway WAN ports) because the IP address of the remote NAT router is not known in advance.
Page 587: Appendix D Readynas Integration
ReadyNAS Integration This appendix describes how to set up a UTM with a NETGEAR ReadyNAS. This appendix includes the following sections: • Supported ReadyNAS Models • Install the UTM Add-On on the ReadyNAS • Connect to the ReadyNAS on the UTM...
Page 588: Install The Utm Add-On On The Readynas
ProSecure Unified Threat Management (UTM) Appliance Install the UTM Add-On on the ReadyNAS  To install the UTM add-on on the ReadyNAS: Start a web browser. In the address field, enter the IP address of the ReadyNAS, for example, enter https://192.168.168.168.
Page 589 ProSecure Unified Threat Management (UTM) Appliance Figure 355. Click Install. Select Add-ons > Installed. Figure 356. Select the UTM Connector check box to enable the UTM connection. Click Save. The status indicator shows green. ReadyNAS Integration...
Page 590: Connect To The Readynas On The Utm
ProSecure Unified Threat Management (UTM) Appliance Figure 357. Connect to the ReadyNAS on the UTM  To connect to the ReadyNAS on the UTM: Select Administration > ReadyNAS Integration. The ReadyNAS Integration screen displays: Figure 358. To connect to the ReadyNAS, click the Yes radio button. ReadyNAS Integration...
Page 591 ProSecure Unified Threat Management (UTM) Appliance Enter the settings as explained in the following table: Table 153. ReadyNAS Integration screen settings Setting Description ReadyNAS Server The IP address of the ReadyNAS server. ReadyNAS Username The user name to access the ReadyNAS. By default, the user name is admin. ReadyNAS Password The password to access the ReadyNAS.
Page 592 ProSecure Unified Threat Management (UTM) Appliance Figure 360. ReadyNAS Integration...
Page 593: Appendix E Two-Factor Authentication
NETGEAR has also recognized the need to provide more than just a firewall to protect the networks. NETGEAR has implemented a more robust authentication system known as two-factor authentication (2FA or T-FA) to help address the fast-growing network security issues.
Page 594: What Is Two-Factor Authentication
NETGEAR Two-Factor Authentication Solutions NETGEAR has implemented 2 two-factor authentication solutions from WiKID. WiKID is the software-based token solution. So instead of using only Windows Active Directory or LDAP as the authentication server, administrators now have the option to use WiKID to perform two-factor authentication on NETGEAR SSL and VPN firewall products.
Page 595 ProSecure Unified Threat Management (UTM) Appliance Figure 361. A one-time passcode (something the user has) is generated. Figure 362. Note: The one-time passcode is time-synchronized to the authentication server so that the OTP can be used only once and needs to be used before the expiration time.
Page 596 ProSecure Unified Threat Management (UTM) Appliance Figure 363. Two-Factor Authentication...
Page 597: Appendix F System Logs And Error Messages
System Logs and Error Messages This appendix provides examples and explanations of system logs and error message. When applicable, a recommended action is provided. This appendix contains the following sections: • System Log Messages • Content-Filtering and Security Logs • Routing Logs This appendix uses the log message terms that are described in the following table: Table 154.
Page 598: System Log Messages
ProSecure Unified Threat Management (UTM) Appliance System Log Messages This section describes log messages that belong to one of the following categories: • Logs that are generated by traffic that is meant for the UTM. • Logs that are generated by traffic that is routed or forwarded through the UTM. •...
Page 599: Ntp
Table 158. System logs: NTP Message 1 Nov 28 12:31:13 [UTM] [ntpdate] Looking Up time-f.netgear.com Message 2 Nov 28 12:31:13 [UTM] [ntpdate] Requesting time from time-f.netgear.com Message 3 Nov 28 12:31:14 [UTM] [ntpdate] adjust time server 69.25.106.19 offset 0.140254 Message 4 Nov 28 12:31:14 [UTM] [ntpdate] Synchronized time with time-f.netgear.com...
Page 600: Firewall Restart
ProSecure Unified Threat Management (UTM) Appliance Firewall Restart This section describes logs that are generated when the firewall restarts. Table 160. System logs: firewall restart Message Jan 23 16:20:44 [UTM] [wand] [FW] Firewall Restarted Explanation Logs that are generated when the firewall is restarted. This message is logged when the VPN firewall restarts after any changes in the configuration are applied.
Page 601 ProSecure Unified Threat Management (UTM) Appliance This section describes the logs that are generated when the WAN mode is set to auto-rollover. Table 162. System logs: WAN status, auto rollover Message Nov 17 09:59:09 [UTM] [wand] [LBFO] WAN1 Test Failed 1 of 3 times_ Nov 17 09:59:39 [UTM] [wand] [LBFO] WAN1 Test Failed 2 of 3 times_ Nov 17 10:00:09 [UTM] [wand] [LBFO] WAN1 Test Failed 3 of 3 times_ Nov 17 10:01:01 [UTM] [wand] [LBFO] WAN1 Test Failed 4 of 3 times_...
Page 602 ProSecure Unified Threat Management (UTM) Appliance This section describes the logs that are generated when the WAN mode is set to load balancing. Table 163. System logs: WAN status, load balancing Message 1 Dec 1 12:11:27 [UTM] [wand] [LBFO] Restarting WAN1_ Message 2 Dec 1 12:11:31 [UTM] [wand] [LBFO] Restarting WAN2_ Message 3...
Page 603 ProSecure Unified Threat Management (UTM) Appliance Table 164. System logs: WAN status, PPPoE idle timeout (continued) Explanation Message 1: Establishment of the PPPoE connection starts. Message 2: A message from the PPPoE server indicating a correct login. Message 3: The authentication for PPP succeeds. Message 4: The local IP address that is assigned by the server.
Page 604: Traffic Metering Logs
ProSecure Unified Threat Management (UTM) Appliance • PPP Authentication logs Table 166. System logs: WAN status, PPP authentication Message 1 Nov 29 11:29:26 [UTM] [pppd] Starting link Message 2 Nov 29 11:29:29 [UTM] [pppd] Remote message: Login incorrect Message 3 Nov 29 11:29:29 [UTM] [pppd] PAP authentication failed Message 4 Nov 29 11:29:29 [UTM] [pppd] Connection terminated.
Page 605: Invalid Packet Logging
ProSecure Unified Threat Management (UTM) Appliance ICMP Redirect Logs This section describes logs that are generated when the UTM processes ICMP redirect messages. Table 169. System logs: unicast, redirect Message Feb 2007 22 14:36:07 [UTM] [kernel] [LOG_PACKET] SRC=192.168.1.49 DST= 192.168.1.124 PROTO=ICMP TYPE=5 CODE=1 Explanation •...
Page 606 ProSecure Unified Threat Management (UTM) Appliance Table 171. System logs: invalid packets (continued) Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][ICMP_TYPE][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=ICMP TYPE=19 CODE=0 Explanation Invalid ICMP type. Recommended Action None. Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][TCP_FLAG_COMBINATION][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Explanation...
Page 607: Content-Filtering And Security Logs
ProSecure Unified Threat Management (UTM) Appliance Table 171. System logs: invalid packets (continued) Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][REOPEN_CLOSE_CONN][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Explanation Attempt to reopen or close a session. Recommended Action None. Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][OUT_OF_WINDOW][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Explanation...
Page 608 ProSecure Unified Threat Management (UTM) Appliance Table 172. Content-filtering and security logs: web filtering and content filtering (continued) Message 2009-08-01 00:00:01 HTTP ldap_domain ldap_user 192.168.1.3 192.168.35.165 http://192.168.35.165/testcases/files/virus/normal/%b4%f3%d3%da2048.rar URL Block Explanation Logs that are generated when web content is blocked because an access violation of a blocked web category occurs.
Page 609: Spam Logs
ProSecure Unified Threat Management (UTM) Appliance Spam Logs This section describes logs that are generated when the UTM filters spam email messages. Table 173. Content-filtering and security logs: spam Message 2009-02-28 23:59:59 SMTP radius_domain radius_user1 192.168.1.2 192.168.35.165 xlzimap@test.com xlzpop3@test.com Blocked by list.dsbl.org 0 RBL Block Explanation Logs that are generated when spam messages are blocked by the RBL.
Page 610: Virus Logs
ProSecure Unified Threat Management (UTM) Appliance Table 174. Content-filtering and security logs: traffic (continued) Explanation Web and email traffic logs for HTTP, SMTP, POP3, IMAP, HTTPS, and FTP traffic. In this sample message, a malware threat was cleaned from the traffic. The message shows the date and time, protocol, size of the web file or email, domain, user, client IP address, server IP address, sender, recipient, and web URL or email subject line.
Page 611: Ips Logs
ProSecure Unified Threat Management (UTM) Appliance IPS Logs This section describes logs that are generated when traffic matches IPS rules. Table 177. Content-filtering and security logs: IPS Message 2008-12-31 23:59:37 drop TCP 192.168.1.2 3496 192.168.35.165 8081 WEB-CGI Trend Micro OfficeScan CGI password decryption buffer overflow attempt Explanation Logs that are generated when traffic matches IPS rules.
Page 612: Routing Logs
ProSecure Unified Threat Management (UTM) Appliance Routing Logs This section explains the logging messages for each network segment such as LAN-to-WAN for debugging purposes. These logs might generate a significant volume of messages. LAN-to-WAN Logs This section describes logs that are generated when the UTM processes LAN-to-WAN traffic. Table 180.
Page 613: Wan-To-Lan Logs
ProSecure Unified Threat Management (UTM) Appliance WAN-to-LAN Logs This section describes logs that are generated when the UTM processes WAN-to-LAN traffic. Table 183. Routing logs: WAN to LAN Message Nov 29 10:05:15 [UTM] [kernel] WAN2LAN[ACCEPT] IN=WAN OUT=LAN SRC= 192.168.1.214 DST=192.168.10.10 PROTO=ICMP TYPE=8 CODE=0 Explanation •...
Page 614: Appendix G Default Settings And Technical Specifications
Default Settings and Technical Specifications This appendix provides the default settings and the physical and technical specifications of the UTM in the following sections: • Default Settings • Physical and Technical Specifications Default Settings You can use the factory default reset button located on the rear panel to reset all settings to their factory defaults.
Page 615 ProSecure Unified Threat Management (UTM) Appliance Table 186. UTM default configuration settings (continued) Feature Default behavior Internet connection WAN MAC address Use default address WAN MTU size 1500 Port speed AutoSense Local network (LAN) LAN IP address 192.168.1.1 Subnet mask 255.255.255.0 RIP direction None...
Page 616: Physical And Technical Specifications
Data and Routing Protocols TCP/IP, RIP-1, RIP-2, DHCP, PPPoA (UTM9S only), PPPoE, PPTP Power adapter UTM5, UTM10, and UTM25 100–240V, AC/50–60 Hz, Universal Input, 1.2 Amp Max UTM9S, UTM50, and UTM150 100–240V, AC/50–60 Hz, Universal Input, 1.0 Amp Max Dimensions and weight...
Page 617 Major regulatory compliance Meets requirements of FCC Class A WEEE RoHS Interface specifications UTM5, UTM9S, UTM10, 4 LAN autosensing 10/100/1000BASE-T, RJ-45, one of UTM25, and UTM150 which is a configurable DMZ interface UTM50 6 LAN autosensing 10/100/1000BASE-T, RJ-45, one of...
Page 618 Specification Network Management Web-based configuration and status monitoring Number of concurrent users supported The number of supported dedicated SSL VPN tunnels depends on the model (see NETGEAR’s documentation at http://prosecure.netgear.com). SSL versions SSLv3, TLS1.0 SSL encryption algorithm DES, 3DES, ARC4, AES-128, AES-192, AES-256...
Page 619 ProSecure Unified Threat Management (UTM) Appliance Table 190. Wireless specifications UTM9S wireless module (continued) Feature Description 802.11a/na wireless specifications 802.11a data rates 6, 9, 12, 18, 24, 36, 48, 54 Mbps, and autorate capable 802.11na data rates Channels with data rates for a 20-MHz channel spacing (width): (includes Greenfield) 0 / 7.2 Mbps, 1 / 14.4 Mbps, 2 / 21.7 Mbps, 3 / 28.9 Mbps, 4 / 43.3 Mbps, 5 / 57.8 Mbps, 6 / 65 Mbps, 7 / 72.2 Mbps, 8 / 14.44 Mbps, 9 / 28.88 Mbps,...
Page 620: Appendix H Notification Of Compliance (Wired)
FCC Declaration Of Conformity We, NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the ProSecure Unified Threat Management (UTM) Appliance complies with Part 15 of FCC Rules.
Page 621 • Consult the dealer or an experienced radio/TV technician for help. Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment. Canadian Department of Communications Radio Interference Regulations...
Page 622 ProSecure Unified Threat Management (UTM) Appliance Additional Copyrights Copyright (c) 2001, Dr. Brian Gladman, brg@gladman.uk.net, Worcester, UK. All rights reserved. TERMS Redistribution and use in source and binary forms, with or without modification, are permitted subject to the following conditions: 1.
Page 623 ProSecure Unified Threat Management (UTM) Appliance Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the “RSA Data Security, Inc. MD5 Message-Digest Algorithm” in all material mentioning or referencing this software or this function.
Page 624 EDOC in Languages of the European Community Language Statement Cesky [Czech] NETGEAR Inc. tímto prohlašuje, že tento Radiolan je ve shode se základními požadavky a dalšími príslušnými ustanoveními smernice 1999/5/ES. Dansk [Danish] Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Page 625: Appendix I Notification Of Compliance (Wireless)
ProSecure Unified Threat Management (UTM) Appliance Español [Spanish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE. Ελληνική [Greek] ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ NETGEAR Inc. ΔΗΛΩΝΕΙ ΟΤΙ Radiolan ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ...
Page 626 This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. FCC Declaration of Conformity We, NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the ProSecure Unified Threat Management (UTM) Appliance complies with Part 15 Subpart B of FCC CFR47 Rules.
Page 627 For GNU General Public License (GPL) related information, please visit http://support.netgear.com/app/answers/detail/a_id/2649. Interference Reduction Table The table below shows the Recommended Minimum Distance between NETGEAR equipment and household appliances to reduce interference (in feet and meters). Household Appliance Recommended Minimum Distance...
Page 628 ProSecure Unified Threat Management (UTM) Appliance Household Appliance Recommended Minimum Distance (in feet and meters) Cordless phone - Digital 30 feet / 9 meters Bluetooth devices 20 feet / 6 meters ZigBee 20 feet / 6 meters Notification of Compliance (Wireless)
Page 629: Index
Index Numerics user account ADSL (asymmetric digital subscriber line) 10BASE-T, 100BASE-T, and 1000BASE-T speeds advertisement, UPnP information 2.4- and 5-GHz operating frequency, radio AES (Advanced Encryption Standard) 20- and 40-MHz channel spacing, radio IKE policy settings – – 3322.org Mode Config settings –...
Page 630 WMM QoS commercial CAs backing up configuration file – bandwidth capacity exchange bandwidth limits, logging dropped packets NETGEAR default bandwidth profiles overview – creating PKCS12 format shifting traffic mix self-signed basic service set (BSS)
Page 631 Setup Wizard IPSec VPN Wizard – configuration file, managing login time-out configuration manager (web management interface) NETGEAR certificate login password menu PVID connection requirements ReadyNAS user name and password connection reset, WAN connection user name...
Page 632 ProSecure Unified Threat Management (UTM) Appliance DES (Data Encryption Standard) and 3DES domain name – PPPoE and PPPoA, DSL settings – PPPoE and PPTP, WAN settings DH (Diffie-Hellman) groups Domain Name Server, See DNS. DHCP automatic configuration of devices domains DNS servers, IP addresses default domain name...
Page 633 ProSecure Unified Threat Management (UTM) Appliance dynamically assigned IP addresses factory default settings DSL settings reverting to WAN settings service licenses, automatic retrieval – – DynDNS.org failover attempts, configuring number of failover protection. See auto-rollover mode. – – failure detection method file extensions e-commerce blocking...
Page 634 ProSecure Unified Threat Management (UTM) Appliance trusted hosts HTTPS g mode, wireless action, infected web file or object gateway IP address, ISP default port DSL settings enabling scanning WAN settings managing certificates generating keys, WEP scanning process trusted hosts GPO (global policy object), Active Directory humidity, operating and storage Greenfield mode, wireless group policies, precedence...
Page 635 ProSecure Unified Threat Management (UTM) Appliance instant messaging applications secondary addresses blocked applications, recent 5 and top 5 blocking applications – logs traffic statistics static or permanent addresses inter VLAN routing DSL settings interface specifications requirements interference, wireless WAN settings Interior Gateway Protocol (IGP) subnet mask default...
Page 636 ProSecure Unified Threat Management (UTM) Appliance key generation, WEP LLC (Logical Link Control) encapsulation keywords load balancing mode blocking multiple WAN port models using wildcards bandwidth capacity – kit, rack-mounting configuring DDNS knowledge base description VPN IPSec UTM9S with DSL –...
Page 637 – logs status, viewing outbreak alert NetBIOS, VPN tunnels outbreak, defining protection NETGEAR registration server quarantine storage space network recent 5 and top 5 authentication, wireless access management default settings configuration requirements – database maximum transmission unit (MTU), default...
Page 638 ProSecure Unified Threat Management (UTM) Appliance reducing traffic Point-to-Point Tunneling Protocol (PPTP) service blocking requirements settings server settings – user accounts outbound traffic WAN settings bandwidth traffic meter policies outbreak alerts exchange mode outbreaks, defining IPS and defining malware ISAKMP identifier managing ModeConfig XAUTH...
Page 639 ProSecure Unified Threat Management (UTM) Appliance – front panel emails – LAN and WAN and their LEDs listening port, DC agent service numbers – rear panel setting access exceptions speed supported – USB, nonfunctioning traffic volume by protocol viewing VLAN membership Post Office Protocol 3.
Page 640 – rear panel, components See outbound rules. rebooting – reducing traffic refresh rate, ARP region, radio SA (security association) registering with NETGEAR IKE policies IPSec VPN Wizard registration information ModeConfig regulatory compliance VPN connection status major requirements VPN policies –...
Page 641 ProSecure Unified Threat Management (UTM) Appliance automatic retrieval source MAC filtering – expiration alerts configuring MAC addresses expiration dates logging matched packets keys reducing traffic ProSafe VPN Client software spacing, channels, radio – service logs spam service numbers, common protocols blocked messages, recent 5 and top 5 –...
Page 642 (web management interface) outbound rules, QoS profile support QoS profile settings online tracert, using with DDNS technical tracing a route (traceroute) suspicious files, sending to NETGEAR trademarks SYN flood traffic synchronization interval, DC agent action when reaching limit syslog server –...
Page 643 ProSecure Unified Threat Management (UTM) Appliance transfer mode, DSL settings user name default Transmission Control Protocol (TCP) ReadyNAS server transmit power, radio user policies, precedence Transport Layer Security (TLS) user portal traps, SNMP User Portal Login link trial period, service licenses user types troubleshooting users...
Page 644 ProSecure Unified Threat Management (UTM) Appliance default IPSec VPN – description logs DHCP specifications address pool – user account – options IPSec VPN policies inter VLAN routing automatically generated MAC addresses groups, configuring port membership, viewing managing port-based manually generated –...
Page 645 ProSecure Unified Threat Management (UTM) Appliance WAN settings wired equivalent privacy (WEP) – autodetecting configuring using the Setup Wizard types of encryption WAN status wireless access points configuring WAN traffic meter (or counter) statistics warning, SSL certificate wireless clients, viewing WDS (Wireless Distribution System), configuring wireless connection, losing web access exceptions...

This manual is also suitable for:

Utm9s Utm10 Utm150 Utm25 Utm50

NETGEAR UTM5 Reference Manual

Chapter 1 Introduction

Chapter 2 Using the Setup Wizard to Provision the UTM in Your

Chapter 3 Manually Configuring Internet and WAN Settings

Chapter 4 LAN Configuration

Chapter 5 Firewall Protection

Chapter 6 Content Filtering and Optimizing Scans

Chapter 7 Virtual Private Networking Using Ipsec Connections

Chapter 8 Virtual Private Networking Using SSL Connections

Chapter 9 Managing Users, Authentication, and VPN Certificates

Chapter 10 Network and System Management

Chapter 11 Monitoring System Access and Performance

Chapter 12 Troubleshooting and Using Online Support

Appendix A Xdsl Module for the UTM9S

Quick Links

Troubleshooting

Related Manuals for NETGEAR UTM5

Summary of Contents for NETGEAR UTM5