Main
Page
iii
Voluntary Control Council for Interference (VCCI) Statement
Additional Copyrights
iv
Product and Publication Details
v
Page
Contents
ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Page
Page
Page
Page
Page
Page
Page
Page
Page
About This Manual
Conventions, Formats, and Scope
How to Print This Manual
Revision History
Chapter 1 Introduction
What Is the ProSecure Unified Threat Management Appliance UTM10 or UTM25?
Key Features and Capabilities
Dual WAN Ports for Increased Reliability or Outbound Load Balancing (UTM25 Only)
Advanced VPN Support for Both IPsec and SSL
A Powerful, True Firewall
Stream Scanning for Content Filtering
Security Features
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
Service Registration Card with License Keys
Package Contents
Hardware Features
Front Panel
LEDs
Introduction 1-11
Table1-1. LED Descriptions (continued)
Rear Panel
Bottom Panel With Product Label
Page
Choosing a Location for the UTM
Using the Rack-Mounting Kit
Chapter 2 Using the Setup Wizard to Provision the UTM in Your Network
Understanding the Steps for Initial Connection
Qualified Web Browsers
Logging In to the UTM
Page
Page
Understanding the Web Management Interface Menu Layout
Page
Using the Setup Wizard to Perform the Initial Configuration
Setup Wizard Step 1 of 10: LAN Settings
Using the Setup Wizard to Provision the UTM in Your Network 2-9
Table2-1. Setup Wizard Step 1: LAN Settings
2-10 Using the Setup Wizard to Provision the UTM in Your Network
Table2-1. Setup Wizard Step 1: LAN Settings (continued)
Setup Wizard Step 2 of 10: WAN Settings
Enter the settings as explained in Table2-2 on page 2-12, then click Next to go the following
Page
Using the Setup Wizard to Provision the UTM in Your Network 2-13
Table2-2. Setup Wizard Step 2: WAN Settings (continued)
Setup Wizard Step 3 of 10: System Date and Time
Using the Setup Wizard to Provision the UTM in Your Network 2-15
Table2-3. Setup Wizard Step 3: System Date and Time Settings
http://ntp.isc.org/bin/view/Servers/WebHome.
Setup Wizard Step 4 of 10: Security Services
Using the Setup Wizard to Provision the UTM in Your Network 2-17
Table2-4. Setup Wizard Step 4: Security Services Settings
Setup Wizard Step 5 of 10: Email Security
Setup Wizard Step 6 of 10: Web Security
Enter the settings as explained in Table2-6 on page 2-20, then click Next to go the following
2-20 Using the Setup Wizard to Provision the UTM in Your Network
Table2-6. Setup Wizard Step 6: Web Security Settings
Page
Page
Setup Wizard Step 8 of 10: Administrator Email Notification Settings
Setup Wizard Step 9 of 10: Security Subscription Update Settings
Enter the settings as explained in Table2-9 on page 2-25, then click Next to go the following
Using the Setup Wizard to Provision the UTM in Your Network 2-25
Table2-9. Setup Wizard Step 9: Security Subscription Update Settings
Update Settings
Setup Wizard Step 10 of 10: Saving the Configuration
Verifying Proper Installation
Testing Connectivity
Testing HTTP Scanning
Registering the UTM with NETGEAR
Page
What to Do Next
Page
Chapter 3 Manually Configuring Internet and WAN Settings
Understanding the Internet and WAN Configuration Tasks
Configuring the Internet Connections
Automatically Detecting and Connecting
Page
Page
Setting the UTMs MAC Address
Manually Configuring the Internet Connection
Page
Manually Configuring Internet and WAN Settings 3-7
Table3-2. PPTP and PPPoE Settings
Page
Configuring the WAN Mode (Required for the UTM25s Dual WAN M o de)
Network Address Translation (UTM10 and UTM25)
Classical Routing (UTM10 and UTM25)
Configuring Auto-Rollover Mode (UTM25 Only)
Page
Manually Configuring Internet and WAN Settings 3-13
Table3-5. Auto-Rollover Mode Settings (UTM25 Only) (continued)
Configuring Load Balancing and Optional Protocol Binding (UTM25 Only)
Page
Page
Configuring Secondary WAN Addresses
Page
Configuring Dynamic DNS
Page
Page
Configuring Advanced WAN Options
Manually Configuring Internet and WAN Settings 3-23
3. Enter the default information settings as explained in Table 3 -8.
Table3-8. Advanced WAN Settings
Additional WAN-Related Configuration Tasks
Chapter 4 LAN Configuration
Managing Virtual LANs and DHCP Options
Managing the UTMs Port-Based VLANs
Page
VLAN DHCP Options
Page
Configuring a VLAN Profile
Page
4-8 LAN Configuration
Table4-1. VLAN Profile Settings
LAN Configuration 4-9
Table4-1. VLAN Profile Settings (continued)
4-10 LAN Configuration
Table4-1. VLAN Profile Settings (continued)
Configuring Multi-Home LAN IPs on the Default VLAN
Managing Groups and Hosts (LAN Groups)
Managing the Network Database
Page
Page
Changing Group Names in the Network Database
Setting Up Address Reservation
Configuring and Enabling the DMZ Port
Page
4-20 LAN Configuration
Table4-3. DMZ Setup Settings
LAN Configuration 4-21
Table4-3. DMZ Setup Settings (continued)
Managing Routing
Configuring Static Routes
Configuring Routing Information Protocol (RIP)
Page
4-26 LAN Configuration
Table4-5. RIP Configuration Settings
Static Route Example
Page
Chapter 5 Firewall Protection
About Firewall Protection
Administrator Tips
Using Rules to Block or Allow Specific Kinds of Traffic
Services-Based Rules
Page
Firewall Protection 5-5
Table5-2. Outbound Rules Overview
5-6 Firewall Protection
Table5-2. Outbound Rules Overview (continued)
Page
5-8 Firewall Protection
Table5-3. Inbound Rules Overview
Firewall Protection 5-9
Table5-3. Inbound Rules Overview (continued)
Order of Precedence for Rules
Setting LAN WAN Rules
Page
Page
Setting DMZ WAN Rules
Page
Page
Page
Setting LAN DMZ Rules
Page
Attack Checks
2. Click the Attack Checks submenu tab. The Attack Checks screen displays.
3. Enter the settings as explained in Table 5 -4.
5-22 Firewall Protection
Table5-4. Attack Checks Settings (continued)
Setting Session Limits
Managing the Application Level Gateway for SIP Sessions
Inbound Rules Examples
Page
Page
Page
Outbound Rules Example
Creating Services, QoS Profiles, and Bandwidth Profiles
Adding Customized Services
Page
Page
Creating Quality of Service (QoS) Profiles
Page
Page
Creating Bandwidth Profiles
Page
Page
Setting a Schedule to Block or Allow Specific Traffic
Enabling Source MAC Filtering
Page
Setting up IP/MAC Bindings
3. Enter the settings as explained in Table 5 -9.
Configuring Port Triggering
Page
Page
Using the Intrusion Prevention System
Page
Page
Page
Chapter 6 Content Filtering and Optimizing Scans
About Content Filtering and Scans
6-2 Content Filtering and Optimizing Scans
Default E-mail and Web Scan Settings
Table6-1. Default E-mail and Web Scan Settings
Configuring E-mail Protection
Customizing E-mail Protocol Scan Settings
Customizing E-mail Anti-Virus and Notification Settings
6-6 Content Filtering and Optimizing Scans
2. Enter the settings as explained in Table 6 -2.
Table6-2. E-mail Anti-Virus and Notification Settings
Content Filtering and Optimizing Scans 6-7
Table6-2. E-mail Anti-Virus and Notification Settings (continued)
E-mail Content Filtering
Page
6-10 Content Filtering and Optimizing Scans
2. Enter the settings as explained in Table 6 -3.
Table6-3. E-mail Filter Settings
Content Filtering and Optimizing Scans 6-11
3. Click Apply to save your settings.
Protecting Against E-mail Spam
Table6-3. E-mail Filter Settings (continued)
Page
Page
Page
Page
Page
3. Enter the settings as explained in Table 6 -5.
6-18 Content Filtering and Optimizing Scans
Table6-5. Distributed Spam Analysis Settings (continued)
Configuring Web and Services Protection
Customizing Web Protocol Scan Settings and Services
2. Enter the settings as explained in Table 6 -5.
Configuring Web Malware Scans
2. Enter the settings as explained in Table 6 -2.
Configuring Web Content Filtering
Page
Page
Page
Page
6-28 Content Filtering and Optimizing Scans
Table6-8. Content Filtering Settings
Content Filtering and Optimizing Scans 6-29
Table6-8. Content Filtering Settings (continued)
Configuring Web URL Filtering
Page
6-32 Content Filtering and Optimizing Scans
3. Enter the settings as explained in Table 6 -9.
Table6-9. URL Filtering Settings
Content Filtering and Optimizing Scans 6-33
Table6-9. URL Filtering Settings (continued)
HTTPS Scan Settings
Page
Page
Specifying Trusted Hosts
Page
Configuring FTP Scans
Page
Setting Web Access Exceptions and Scanning Exclusions
Setting Web Access Exception Rules
Page
Page
Setting Scanning Exclusions
Page
Page
Chapter 7 Virtual Private Networking Using IPsec Connections
Considerations for Dual WAN Port Systems (UTM25 Only)
The diagrams and table below show how the WAN mode selection relates to VPN configuration.
Using the IPsec VPN Wizard for Client and Gateway Configurations
Creating Gateway-to-Gateway VPN Tunnels with the Wizard
Page
3. Select the radio buttons and complete the fields and as explained Table 7- 2.
7-6 Virtual Private Networking Using IPsec Connections
Table7-2. (IPsec) VPN Wizard Settings for a Gateway-to-Gateway Tunnel (continued)
Page
Creating a Client to Gateway VPN Tunnel
Page
7-10 Virtual Private Networking Using IPsec Connections
3. Select the radio buttons and complete the fields and as explained Table 7- 3.
Table7-3. (IPsec) VPN Wizard Settings for a Client-to-Gateway Tunnel
Page
Page
Virtual Private Networking Using IPsec Connections 7-13
3. Enter the settings as explained in Table 7 -4.
Table7-4. Security Policy Editor: Remote Party Settings
Page
Page
Testing the Connections and Viewing Status Information
Testing the VPN Connection
NETGEAR VPN Client Status and Log Information
Page
Viewing the UTM IPsec VPN Connection Status
Viewing the UTM IPsec VPN Log
Page
Managing IKE Policies
Page
Page
Page
7-26 Virtual Private Networking Using IPsec Connections
Table7-10. Add IKE Policy Settings
Virtual Private Networking Using IPsec Connections 7-27
7-28 Virtual Private Networking Using IPsec Connections
Virtual Private Networking Using IPsec Connections 7-29
Managing VPN Policies
Page
Page
Page
7-34 Virtual Private Networking Using IPsec Connections
Table7-12. Add VPN Policy Settings
Virtual Private Networking Using IPsec Connections 7-35
Table7-12. Add VPN Policy Settings (continued)
7-36 Virtual Private Networking Using IPsec Connections
Table7-12. Add VPN Policy Settings (continued)
Configuring Extended Authentication (XAUTH)
Configuring XAUTH for VPN Clients
User Database Configuration
RADIUS Client Configuration
Page
Virtual Private Networking Using IPsec Connections 7-41
3. Complete the fields and select the radio buttons as explained Table 7 -14.
Table 7-14 . RADIUS Client Settings
Assigning IP Addresses to Remote Users (Mode Config)
Mode Config Operation
Configuring Mode Config Operation on the UTM
Page
Page
Virtual Private Networking Using IPsec Connections 7-45
Table7-15. Add Mode Config Record Settings (continued)
Page
Virtual Private Networking Using IPsec Connections 7-47
Table7-16. Add IKE Policy Settings for a Mode Config Configuration
7-48 Virtual Private Networking Using IPsec Connections
Table7-16. Add IKE Policy Settings for a Mode Config Configuration (continued)
Virtual Private Networking Using IPsec Connections 7-49
9. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table.
Configuring the ProSafe VPN Client for Mode Config Operation
Table7-16. Add IKE Policy Settings for a Mode Config Configuration (continued)
Page
Page
Page
Page
Testing the Mode Config Connection
Configuring Keepalives and Dead Peer Detection
Configuring Keepalives
Configuring Dead Peer Connection
3. In the IKE SA Parameters section of the screen, locate the DPD fields.
4. Select the radio button and complete the fields as explained Table 7 -21.
5. Click Apply to save your settings.
Configuring NetBIOS Bridging with IPsec VPN
Chapter 8 Virtual Private Networking Using SSL Connections
Understanding the SSL VPN Portal Options
Using the SSL VPN Wizard for Client Configurations
SSL VPN Wizard Step 1 of 6: Portal Settings
8-4 Virtual Private Networking Using SSL Connections
Table8-1. SSL VPN Wizard Step 1: Portal Settings
SSL VPN Wizard Step 2 of 6: Domain Settings
8-6 Virtual Private Networking Using SSL Connections
Table8-2. SSL VPN Wizard Step 2: Domain Settings
SSL VPN Wizard Step 3 of 6: User Settings
Page
SSL VPN Wizard Step 4 of 6: Client IP Address Range and Routes
8-10 Virtual Private Networking Using SSL Connections
Table8-4. SSL VPN Wizard Step 4:
SSL VPN Wizard Step 5 of 6: Port Forwarding
8-12 Virtual Private Networking Using SSL Connections
Table8-5. SSL VPN Wizard Step 5: Port Forwarding Settings (continued)
Page
Accessing the New SSL Portal Login Screen
Page
Viewing the UTM SSL VPN Connection Status
Viewing the UTM SSL VPN Log
Manually Configuring and Editing SSL Connections
Creating the Portal Layout
Page
Page
Virtual Private Networking Using SSL Connections 8-21
4. Complete the fields and select the checkboxes as explained Table 8 -6.
Table 8-6. Add Portal Layout Settings
https://vpn.company.com/portal/CustomerSupport
Configuring Domains, Groups, and Users
Configuring Applications for Port Forwarding
Page
Page
Configuring the SSL VPN Client
Page
Page
Using Network Resource Objects to Simplify Policies
Page
Page
Configuring User, Group, and Global Policies
Page
Page
Page
Virtual Private Networking Using SSL Connections 8-35
Table 8-10 . Add Policy Settings (continued)
8-36 Virtual Private Networking Using SSL Connections
Table 8-10 . Add Policy Settings (continued)
Page
Page
Chapter 9 Managing Users, Authentication, and Certificates
Configuring VPN Authentication Domains, Groups, and Users
9-2 Managing Users, Authentication, and Certificates
Configuring Domains
Table9-1.Authentication Protocols and Methods
Page
9-4 Managing Users, Authentication, and Certificates
2. Under the List of Domains table, click the add table button. The Add Domain screen displays.
3. Enter the settings as explained in Table 9 -2.
Figure 9-2 Table9-2. Add Domain Settings
Managing Users, Authentication, and Certificates 9-5
Table9-2. Add Domain Settings (continued)
Configuring Groups for VPN Policies
Page
Page
Configuring User Accounts
Page
3. Enter the settings as explained in Table 9 -4.
Managing Users, Authentication, and Certificates 9-11
Figure 9-6 Table9-4. Add User Settings
Setting User Login Policies
Page
Page
Page
Changing Passwords and Other User Settings
Managing Digital Certificates
Page
Managing CA Certificates
Managing Self Certificates
Page
Page
Page
Page
Managing the Certificate Revocation List
Page
Chapter 10 Network and System Management
Performance Management
Bandwidth Capacity
Features That Reduce Traffic
Page
Page
Features That Increase Traffic
Page
Page
Using QoS and Bandwidth Assignment to Shift the Traffic Mix
Monitoring Tools for Traffic Management
System Management
Changing Passwords and Administrator Settings
Page
Page
Configuring Remote Management Access
Page
Using an SNMP Manager
Managing the Configuration File
Page
Page
Updating the Firmware
Page
Page
Updating the Scan Signatures and Scan Engine Firmware
Page
Page
Configuring Date and Time Service
Page
Page
Chapter 11 Monitoring System Access and Performance
Enabling the WAN Traffic Meter
Page
Monitoring System Access and Performance 11-3
Table11-1. WAN Traffic Meter Settings
Page
Configuring Logging, Alerts, and Event Notifications
Configuring the E-mail Notification Server
Configuring and Activating System, E-mail, and Syslog Logs
Page
11-8 Monitoring System Access and Performance
2. Enter the settings as explained in Table 1 1-2.
Table11-3. E-mail and Syslog Settings
Monitoring System Access and Performance 11-9
Table11-3. E-mail and Syslog Settings (continued)
Configuring and Activating Update Failure and Attack Alerts
3. Enter the settings as explained in Table 1 1-4.
11-12 Monitoring System Access and Performance
Table11-4. Alerts Settings (continued)
Configuring and Activating Firewall Logs
Monitoring Real-Time Traffic, Security, and Statistics
Page
Page
Page
11-18 Monitoring System Access and Performance
Table11-7 explains the fields of the Most Recent 5 and Top 5 sections of the Dashboard screen.
Table11-7. Dashboard: Most Recent 5 and Top 5 Information
Table11-8 explains the fields of the Service Statistics section of the Dashboard screen.
Viewing Status Screens
Viewing System Status
Page
Page
Table11-11 on page 11-24 explains the Interface Statistics section of the System Status screen.
Viewing Active VPN Users
Viewing VPN Tunnel Connection Status
Page
Viewing Port Triggering Status
Viewing the WAN Ports Status
Page
Viewing Attached Devices and the DHCP Log
Page
Page
Querying Logs and Generating Reports
Querying the Logs
Page
3. Enter the settings as explained in Table11-15.
Monitoring System Access and Performance 11-35
Table11-15. Logs Query Settings (continued)
11-36 Monitoring System Access and Performance
Table11-15. Logs Query Settings (continued)
Page
Page
Scheduling and Generating Reports
Page
Page
Page
Using Diagnostics Utilities
Using the Network Diagnostic Tools
Page
Using the Realtime Traffic Diagnostics Tool
Gathering Important Log Information and Generating a Network Statistics Report
Rebooting and Shutting Down the UTM
Chapter 12 Troubleshooting and Using Online Support
Basic Functioning
Power LED Not On
Test LED Never Turns Off
LAN or WAN Port LEDs Not On
Troubleshooting the Web Management Interface
When You Enter a URL or IP Address a Time-out Error Occurs
Troubleshooting the ISP Connection
Troubleshooting a TCP/IP Network Using a Ping Utility
Testing the LAN Path to Your UTM
Testing the Path from Your PC to a Remote Device
Restoring the Default Configuration and Password
Problems with Date and Time
Using Online Support
Enabling Remote Troubleshooting
Sending Suspicious Files to NETGEAR for Analysis
Page
Appendix A Default Settings and Technical Specifications
Table A -2 shows the physical and technical specifications for the UTM.
A-2 Default Settings and Technical Specifications
TableA-2. UTM Physical and Technical Specifications
TableA-1. UTM Default Configuration Settings (continued)
Table A -3 shows the IPsec VPN specifications for the UTM.
Default Settings and Technical Specifications A-3
TableA-3. UTM IPsec VPN Specifications
TableA-2. UTM Physical and Technical Specifications (continued)
Table A -4 shows the SSL VPN specifications for the UTM.
Note: For default e-mail and Web scan settings, see Table6-1 on page 6-2.
Appendix B Network Planning for Dual WAN Ports (UTM25 Only)
What to Consider Before You Begin
Page
Cabling and Computer Hardware Requirements
Computer Network Configuration Requirements
Internet Configuration Requirements
Page
Overview of the Planning Process
Page
Inbound Traffic
Inbound Traffic to a Single WAN Port System
Inbound Traffic to a Dual WAN Port System
Network Planning for Dual WAN Ports (UTM25 Only) B-9
Virtual Private Networks (VPNs)
Figure B-6
TableB-2. IP addressing requirements for VPNs in dual WAN port systems
Page
VPN Road Warrior (Client-to-Gateway)
Page
VPN Gateway-to-Gateway
Page
Page
VPN Telecommuter (Client-to-Gateway Through a NAT Router)
Page
Page
Appendix C System Logs and Error Messages
System Log Messages
System Startup
Reboot
System Logs and Error Messages C-3
Service Logs
NTP
TableC-4. System Logs: Service
TableC-5. System Logs: NTP
Login/Logout
This section describes logs that are generated by the administrative interfaces of the device.
This section describes logs that are generated when the IPsec restarts.
Firewall Restart
This section describes logs that are generated when the firewall restarts.
WAN Status
C-6 System Logs and Error Messages
System Logs: WAN Status, Auto Rollover (continued)
TableC-9. System Logs: WAN Status, Load Balancing
System Logs and Error Messages C-7
TableC-10. System Logs: WAN Status, PPPoE Idle-Timeout
C-8 System Logs and Error Messages
PPTP Idle-Timeout Logs
PPP Authentication Logs
TableC-11. System Logs: WAN Status, PPTP Idle-Timeout
TableC-12. System Logs: WAN Status, PPP Authentication
Traffic Metering Logs
This section describes logs that are generated when the traffic meter has reached a limit.
Unicast Logs
This section describes logs that are generated when the UTM processes unicast packets.
C-10 System Logs and Error Messages
Invalid Packet Logging
This section describes logs that are generated when the UTM processes invalid packets.
TableC-16. System Logs: Multicast/Broadcast
TableC-17. System Logs: Invalid Packets
System Logs and Error Messages C-11
TableC-17. System Logs: Invalid Packets (continued)
C-12 System Logs and Error Messages
TableC-17. System Logs: Invalid Packets (continued)
Content Filtering and Security Logs
This section describes logs that are generated when the UTM filters Web content.
Web Filtering and Content Filtering Logs
TableC-18. Content Filtering and Security Logs: Web Filtering and Content Filtering
System Logs and Error Messages C-13
Spam Logs
This section describes logs that are generated when the UTM filters spam e-mail messages.
TableC-19. Content Filtering and Security Logs: Spam
C-14 System Logs and Error Messages
Traffic Logs
This section describes logs that are generated when the UTM processes Web and e-mail traffic.
This section describes logs that are generated when the UTM filters e-mail content.
Virus Logs
This section describes logs that are generated when the UTM detects viruses.
IPS Logs
This section describes logs that are generated when traffic matches IPS rules.
Port Scan Logs
This section describes logs that are generated when ports are scanned.
Instant Messaging/Peer-to-Peer Logs
Routing Logs
This section describes logs that are generated when the UTM processes DMZ to WAN traffic.
LAN to WAN Logs
This section describes logs that are generated when the UTM processes LAN to WAN traffic.
LAN to DMZ Logs
WAN to LAN Logs
This section describes logs that are generated when the UTM processes WAN to LAN traffic.
This section describes logs that are generated when the UTM processes WAN to DMZ traffic.
DMZ to LAN Logs
This section describes logs that are generated when the UTM processes DMZ to LAN traffic.
Page
Appendix D Two Factor Authentication
Why do I need Two-Factor Authentication?
What are the benefits of Two-Factor Authentication?
What is Two-Factor Authentication
NETGEAR Two-Factor Authentication Solutions
Page
Page
Appendix E Related Documents
Page
Index-1
Index
Numerics
A
Index-2
B
C
Index-3
D
Index-4
E
Index-5
F
G
H
Index-6
I
Index-7
J
K
L
Index-8
M
N
Index-9
O
P
Index-10
Q
Index-11
R
S
Index-12
Index-13
T
Index-14
U
V
Index-15
W
Index-16
X
Y