Outbound Rules Service Blocking, 129 | NETGEAR STM150EW-100NAS

ProSecure Unified Threat Management (UTM) Appliance

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the UTM are:

•Inbound. Block all access from outside except responses to requests from the LAN side.

•Outbound. Allow all access from the LAN side to the outside.

The firewall rules for blocking and allowing traffic on the UTM can be applied to LAN WAN traffic, DMZ WAN traffic, and LAN DMZ traffic.

Table 26. Number of supported firewall rule configurations

Traffic rule	Maximum number of	Maximum number of	Maximum number of
	outbound rules	inbound rules	supported rules

LAN WAN	300	300	600

DMZ WAN	50	50	100

LAN DMZ	50	50	100

Total Rules	400	400	800

The rules to block traffic are based on the traffic’s category of service:

•Outbound rules (service blocking). Outbound traffic is usually allowed unless the firewall is configured to disallow it.

•Inbound rules (port forwarding). Inbound traffic is usually blocked by the firewall unless the traffic is in response to a request from the LAN side. The firewall can be configured to allow this otherwise blocked traffic.

•Customized services. Additional services can be added to the list of services in the factory defaults list. These added services can then have rules defined for them to either allow or block that traffic (see Add Customized Services on page 163).

•Quality of Service (QoS) priorities. Each service has its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change the QoS priority, which changes the traffic mix through the system (see Create Quality of Service Profiles on page 169).

Outbound Rules (Service Blocking)

The UTM allows you to block the use of certain Internet services by computers on your network. This is called service blocking or port filtering.

Note: See Enable Source MAC Filtering on page 179 for yet another way

to block outbound traffic from selected computers that would otherwise be allowed by the firewall.

Firewall Protection

129

Page 129

Image 129

NETGEAR STM150EW-100NAS manual Outbound Rules Service Blocking, Number of supported firewall rule configurations, 129

Contents

ProSecure Unified Threat Management UTM Appliance Support ProSecure Product Updates ProSecure Forum Revision HistoryTrademarks ProSecure Unified Threat Management UTM Appliance Updated Features That Reduce Traffic and Features That Settings and Technical SpecificationsApplication control see Configure Application Control Configure Quarantine Settings, Query and Manage Appendix B, Wireless Network Module for the UTM9S UTM25S Configure Distributed Spam Analysis sectionAdded the Requirements for Entering IP Addresses Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Introduction Key Features and Capabilities Single or multiple exposed hosts Virtual private networks Wireless Features DSL FeaturesAdvanced VPN Support for Both IPSec and SSL Stream Scanning for Content Filtering Powerful, True Firewall Autosensing Ethernet Connections with Auto Uplink Security Features Extensive Protocol Support Easy Installation and Management Maintenance and Support Model ComparisonUTM model comparison Network Modules and Broadband Adapters Service Registration Card with License Keys Hardware Features Package Contents Front Panel UTM5 and UTM10 Power LEDUSB port Left LAN LEDs Test LED Right WAN LED Right LAN LEDs Front Panel UTM50 Front Panel UTM25USB port Left LAN LEDs Left WAN LEDs Active Test LED Right LAN LEDs Right WAN LEDs LEDs Front Panel UTM150 Power LED Left LAN LEDs Left WAN LEDs USB portLEDs Right WAN LEDs Test LED Right LAN LEDs Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDs Front Panel UTM9S and UTM25S and Network Modules Power LED Left WAN LEDs Slot Left LAN LEDs USB portActive WAN LEDs Test LED Right LAN LEDs XDSL Network Modules Wireless Network Modules LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150Activity Description Activity Description LAN ports DMZ LEDWAN ports LED Descriptions, UTM9S, UTM25S, and their Network Modules LED descriptions UTM9S and UTM25SUSB LED Rear Panel UTM5, UTM10, and UTM25 Wireless network moduleReceptacle XDSL network modules Reset button Receptacle Factory Defaults Security lockRear Panel UTM50 and UTM150 Port Reset button Console switch Security lock AC power Receptacle Factory DefaultsPower Switch Bottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Steps for Initial Connection Use the Setup Wizard to Provision UTM in Your Network Log In to the UTM Use the Setup Wizard to Provision the UTM in Your NetworkQualified Web Browsers Requirements for Entering IP Addresses ProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance  To start the Setup Wizard Use the Setup Wizard to Perform the Initial Configuration Setup Wizard of 10 LAN Settings Dhcp Setting Description LAN TCP/IP Setup DNS Proxy Setting Description Setting Description Inter Vlan Routing Setup Wizard of 10 WAN Settings Setup Wizard WAN Settings screen settings Setting Description ISP LoginISP Type Internet IP Address See Configure Load Balancing Multiple WAN Port ModelsISP Dhcp Setup Wizard of 10 System Date and Time Domain Name Server DNS ServersGet Automatically from ISP radio button Setup Wizard System Date and Time screen settings Setup Wizard of 10 ServicesSetting Description Set Time, Date, and NTP Servers For Daylight Savings Time check box Web Setup Wizard Services screen settings Setup Wizard of 10 Email Security Setup Wizard Email Security screen settingsSetting Description Action Scan Exceptions Setup Wizard of 10 Web Security Http Setup Wizard of 10 Web Categories to Be Blocked Setting Description Blocked Web Categories Setup Wizard Web Categories to be blocked screen settingsBlocked Categories Scheduled Days Blocked Categories Time of Day Setup Wizard Email Notification screen settings Setup Wizard of 10 Email Notification Setup Wizard of 10 Signatures & Engine Setup Wizard Signatures & Engine screen settingsSetting Description Update Settings Setup Wizard of 10 Saving the Configuration Setting Description Update FrequencyHttps Proxy Settings Use the Web Management Interface to Activate Licenses Register the UTM with Netgear ProSecure Unified Threat Management UTM Appliance Electronic Licensing  To retrieve and display the registered informationClick Retrieve Info What to Do Next Verify Correct InstallationTest Connectivity Test Http Scanning ProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings Internet and WAN Configuration Tasks Manually Configure Internet and WAN Settings Complete these steps ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Pptp Connection method Manual data input required Manually Configure the Internet Connection If the automatic ISP configuration is successfulIf the automatic ISP configuration fails Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load Identifier check box DNS server settings If the manual ISP configuration fails If the manual ISP configuration is successful Overview of the WAN Modes Configure the WAN Mode Configure Network Address Translation All Models Configure Classical Routing All Models  To configure auto-rollover mode Configure Auto-Rollover Mode  To configure the failure detection method Configure the Failure Detection MethodFailure detection method settings Setting Description WAN Failure Detection Method Ping  To configure load balancing Configure Load Balancing Multiple WAN Port Models Configure Protocol Binding Optional Add Protocol Binding screen settings Screen see Outbound Rules Service Blocking onChange Group Names in the Network Database on  To edit a protocol binding Configure Secondary WAN Addresses  To add a secondary WAN address to a WAN interface  To delete one or more secondary addresses Configure Dynamic DNS  To configure Ddns DNS service settings Click Apply to save your configuration Set the UTM’s MAC Address and Configure Advanced WAN Options Setting Description MTU Size Advanced WAN settings Upload/Download Settings Setting Speed Description1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address Failure Detection Method Additional WAN-Related Configuration Tasks Manage Virtual LANs and Dhcp Options LAN Configuration Port-Based VLANs LAN Configuration 100 Assign and Manage Vlan Profiles 101 Vlan Dhcp Options Dhcp Relay Dhcp ServerDNS Proxy 102 Ldap Server Configure a Vlan Profile To add or edit a Vlan profile 103 104 Setting Description Vlan Profile Edit Vlan Profile screen settings105 Port Membership 106 107  To enable, disable, or delete one or more Vlan profiles Configure Vlan MAC Addresses and Advanced LAN Settings To configure a Vlan to have a unique MAC address  To edit a Vlan profile 109 Configure Multihome LAN IP Addresses on the Default 110  To add a secondary LAN IP address  To edit a secondary LAN IP address Manage Groups and Hosts LAN Groups To delete one or more secondary LAN IP addresses 111 112 Manage the Network Database 113 Setting Description Name Known PCs and devices settingsAdd Computers or Devices to the Network Database Modify Computers or Devices in the Network Database Delete Computers or Devices from the Network Database Change Group Names in the Network Database To edit the names of any of the eight available groups 115 116 Set Up Address Reservation Configure and Enable the DMZ Port  To enable and configure the DMZ port117 DMZ Setup screen settings Setting Description DMZ Port Setup118 119 120 Manage Routing Configure Static Routes To add a static route to the Static Route table 121 122 Add Static Route screen settings  To enable and configure RIP Select Network Config Routing Configure Routing Information Protocol To edit a static route that is in the Static Routes table  To delete one or more routes 124 RIP Configuration screen settings 125 Authentication for RIP-2B/2M 126 Static Route Example 127 About Firewall Protection Administrator Tips Firewall Protection128 Outbound Rules Service Blocking Number of supported firewall rule configurations129 Outbound rules overview Setting Description Outbound Rules130 Block always Groups and Hosts LAN Groups on 131 132 Service Profiles on Inbound Rules Port Forwarding 133NAT IP 134 135 Setting Description Inbound Rules 136 137 Quality of Service Profiles on 138 Order of Precedence for Rules Configure LAN WAN Rules  To change the default outbound policy139  To change an existing outbound or inbound service rule Create LAN WAN Outbound Service Rules To enable, disable, or delete one or more rules 140 Create LAN WAN Inbound Service Rules  To create an inbound LAN WAN service rule141 142 Configure DMZ WAN Rules 143  To delete or disable one or more rules Create DMZ WAN Outbound Service Rules Create DMZ WAN Inbound Service Rules144 Configure LAN DMZ Rules  To create an inbound DMZ WAN service rule145 146 Create LAN DMZ Inbound Service Rules Create LAN DMZ Outbound Service Rules To create an outbound LAN DMZ service rule  To create an inbound LAN DMZ service rule Inbound Rule Examples Examples of Firewall RulesLAN WAN Inbound Rule Host a Local Public Web Server 148 149 150 Netgear UTM 151  To configure the UTM for additional IP addresses 152 LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host Outbound Rule Example LAN WAN Outbound Rule Block Instant Messenger153 Vlan Rules Configure Other Firewall Features To create a Vlan rule 154 Add VLAN-VLAN Service screen settings Add Customized Services on155  To delete or disable one or more Vlan rules  To edit a Vlan rule156 Setting Description WAN Security Checks Attack Checks screen settingsAttack Checks, VPN Pass-through, and Multicast Pass-through 157  To configure multicast pass-through Configure Multicast Pass-ThroughSetting Description LAN Security Checks 158 159 Session Limit screen settings  To enable and configure session limitsSet Session Limits  To delete one or more multicast source addresses  To enable ALG for SIP and VPN scanning Session Timeout161 162 163 Add Customized Services  To add a customized service Services screen settings164  To edit a service Create Service Groups To delete one or more services  To create a service group 166  To edit a service group Create IP Groups  To create an IP group167 168  To delete an IP group Create Quality of Service Profiles  To create a QoS profile169 170 Add QoS Profile screen settings Create Bandwidth Profiles Default High Medium High Low To edit a QoS profile  To delete one ore more QoS profiles 172  To add and enable a bandwidth profile 173 Add Bandwidth Profile screen settings  To edit a bandwidth profile Create Traffic Meter Profiles To delete one or more bandwidth profiles 174 175  To add a traffic meter profile 176 Add Traffic Meter Profile screen settings  To edit a traffic meter profile Set a Schedule to Block or Allow Specific Traffic To delete one or more traffic meter profiles  To add a schedule Add Schedule screen settings 178Scheduled Days Setting Description Scheduled Time of Day Enable Source MAC Filtering To edit a schedule  To delete one or more schedules 180  To remove one or more entries from the table Set Up IP/MAC Bindings  To set up IP/MAC bindings181 Setting Description Email IP/MAC Violations IP/MAC Binding screen settings182 IP/MAC Bindings  To edit an IP/MAC binding Configure Port Triggering To remove one or more IP/MAC bindings from the table 183 Port Triggering screen settings  To add a port-triggering rule184  To edit a port-triggering rule  To display the status of the port-triggering rules185 186 Configure Universal Plug and Play  To enable intrusion prevention Enable and Configure the Intrusion Prevention System To configure intrusion prevention IPS screen settings 188 Security Category Settings 189 IPS, screen 1 Firewall Protection IPS uncommon attack names 190Attack Name Description Web 191 Attack Name DescriptionMisc 192 About Content Filtering and Scans Default email and web scan settings Default Email and Web Scan SettingsContent Filtering and Optimizing Scans 193 Customize Email Protocol Scan Settings Configure Email Protection To configure the email protocols and ports to scan Scan type Default scan setting Default action if applicable 195 Protocol Scan Settings on Customize Email Antivirus and Notification Settings  To configure the antivirus settings for email traffic196 197 Anti-Virus screen settings for email traffic Setting Description Scan Exceptions Notification Settings198 Setting Description Email Alert Settings Email Content Filtering199 SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME% 200 Setting Description Email Filters Email Filters screen settingsFilter by Password-Protected Attachments ZIP, RAR, etc 201 Protect Against Email Spam Setting Description Filter by File Type202 Filter by File Name 203 Set Up the Whitelist and Blacklist 204  To configure the whitelist and blacklist 205 Whitelist/Blacklist screen settings  To enable the real-time blacklist Configure the Real-Time Blacklist To add a blacklist provider to the real-time blacklist 206 207 Configure Distributed Spam Analysis Distributed Spam Analysis screen settings Setting Description Distributed Spam Analysis208 Anti-Spam Engine Settings 209Low Medium-Low Customize Web Protocol Scan Settings Configure Web and Services ProtectionSetting Description Send Quarantine Spam Report 210 211  To configure the web protocols and ports to scan 212 Configure Https Smart Block 213 Add or Edit Https Smart Block Profile settings 214 215  To change a profile 216 Configure Web Malware or Antivirus Scans 217 Anti-Virus screen settings for HTTP/HTTPS trafficScan Exception Html Scan 218 Configure Web Content Filtering 219  To configure web content filtering 220 Content Filtering screen settings Setting Description Content Filtering221 Full-Text Search 222Performance Management on Block Web Objects 223 Setting Description Web Category Lookup Configure Web URL Filtering224 URL 225  To configure web URL filtering Setting Description Whitelist URL Filtering screen settings226 Blacklist URL% 227 Configure Https Scanning and SSL Certificates How Https Scanning Works228 229  To configure the Https scan settings Configure the Https Scan SettingsHttps Settings screen settings 230 231 Manage SSL Certificates for Https Scanning 232 Manage the Active Https Certificate 233 Manage Trusted Https Certificates Manage Untrusted Https Certificates  To delete an untrusted certificate Specify Trusted Hosts for Https Scanning To specify trusted hosts 235 236 Trusted Hosts screen settings  To configure the SSL settings for Https scanning Configure the SSL Settings for Https ScanningSSL Settings screen settings 237 Customize FTP Antivirus Settings Configure FTP Scanning To configure the antivirus settings for FTP traffic Anti-Virus screen settings for FTP  To configure the FTP filters Configure FTP Content FilteringSetting Description Scan Exception 239 240 Configure Application Control 241 242 243 To select one or more individual applications To select one or more categories of applicationsTo search for an application 244 245 Setting Description Policy for a category of applications Application Control Policy pop-up screen settings246 Meter Profiles on 247  To change an existing application control profile Set Exception Rules for Web and Application Access  To delete one or more application control profiles248 249  To set web access exception rules 250 Application File Extension Https Smart Block251 URL Filtering Add or Edit Exceptions screen settingsWeb Category 252 253 254 See Configure Radius VLANs onDelete Groups on Ldap To select a category of applications 255To select a single application To search for an application 256 For Exceptions for Web and Application Access on  To disable, enable, or delete one or more exception rules  To change an existing exception rule257 258  To create and manage custom categories 259 Custom categories applications 260 Custom Categories screen settingsTo select one or more categories of applications To select one or more individual applications To remove one or more categories or applications from 261Applications in this Category table To add a URL Set Scanning Exclusions for IP Addresses and Ports  To configure scanning exclusion rules To change an existing custom category  To delete one or more custom categories 263 Scanning Exclusion screen settings 264 Virtual Private Networking 265 IP addressing for VPNs in dual WAN port systems 266 Create Gateway-to-Gateway VPN Tunnels with the Wizard 267 268 Setting Default Value IKE policy3DES SHA-1 269 IPSec VPN Wizard settings for a gateway-to-gateway tunnel 270 Setting Description Secure Connection Remote Accessibility 271 Create a Client-to-Gateway VPN Tunnel 272 Select the VPN Client radio button. The default remote Fqdn IPSec VPN Wizard settings for a client-to-gateway tunnel273 Fqdn 274 Information required to configure the VPN client 275Component Example Information to be collected 276 277 278 Setting Description Advanced features VPN client advanced authentication settings279 NAT-T 280  To create new authentication settings Type vpnclient281 282 VPN client authentication settings10.34.116.22 IKE 283 Setting Description Local and Remote ID  To create an IPSec configurationType netgearplatform 284 VPN client IPSec configuration settings 285ESP 286  To specify the global parameters 287 Test the Netgear VPN Client Connection 288 Click Gateway-Tunnel, and press Ctrl+O Netgear VPN Client Status and Log Information View the UTM IPSec VPN Connection Status289  To query the IPSec VPN log View the UTM IPSec VPN LogIPSec VPN Connection Status screen information 290 291 Manage IPSec VPN and IKE Policies Manage IKE Policies  To access the IKE Policies screenIKE Policies Screen 292 293 List of IKE Policies table information  To delete one or more IKE polices Manually Add or Edit an IKE Policy To add an IKE policy manually 294 295 Setting Description Mode Config Record Add IKE Policy screen settings296 General 297 RemoteIKE SA Parameters 298 Setting Description Extended Authentication  To edit an IKE policy299 Manage VPN Policies VPN Policies Screen300 301 List of VPN Policies table information Manually Add or Edit a VPN Policy  To enable or disable one or more VPN policies To delete one or more VPN polices  To add a VPN policy manually 303 Add New VPN Policy screen settings Setting Description General304 305 Configure Keep-AlivesTraffic Selection Manual Policy Parameters 306 307 Setting Description Auto Policy Parameters Configure Extended Authentication Xauth  To edit a VPN policy308  To enable and configure Xauth Configure Xauth for VPN ClientsExtended authentication settings 309 Radius Client and Server Configuration User Database Configuration To configure primary and backup Radius servers 310 Setting Description Primary Radius Server Radius Client screen settingsBackup Radius Server Connection Configuration Mode Config Operation Assign IP Addresses to Remote Users Mode ConfigConfigure Mode Config Operation on the UTM 312 313  To configure Mode Config on the UTM Add Mode Config Record screen settings Setting Description Client Pool314 Traffic Tunnel Security Level 315 316 317 Setting Description IKE SA Parameters 318Select Group 2 1024 bit Configure the ProSafe VPN Client for Mode Config Operation User Database Configuration on319 320 321 Type GWModeConfig 322 VPN client authentication settings Mode Config Type TunnelModeConfig VPN client advanced authentication settings Mode Config323 VPN client IPSec configuration settings Mode Config 324Enter 325 Configure the Mode Config Global Parameters 326 Test the Mode Config Connection  To edit a Mode Config record Modify or Delete a Mode Config Record To delete one or more Mode Config records 327 Configure Keep-Alives and Dead Peer Detection Configure Keep-Alives328  To configure DPD on a configured IKE policy Configure Dead Peer DetectionKeep-alive settings 329  To enable NetBIOS bridging on a configured VPN tunnel Configure NetBIOS Bridging with IPSec VPNDead Peer Detection settings 330 331 Configure the Pptp Server Pptp Server screen settings Setting Description Pptp Server332 View the Active Pptp Users Setting Description Authentication To view the active Pptp tunnel users 333 Pptp Active Users screen information Configure the L2TP Server334 Pptp IP L2TP Server screen settings Setting Description L2TP Server335 View the Active L2TP Users For More IPSec VPN Information To view the active L2TP tunnel users L2TP Active Users screen information 337 SSL VPN Portal Options Virtual Private Networking Using SSL Connections Build a Portal Using the SSL VPN Wizard To start the SSL VPN Wizard 338 339 SSL VPN Wizard of 6 Portal Settings SSL VPN Wizard of 6 screen settings portal settings Setting Description Portal Layout and Theme Name340 SSL VPN Portal Pages to Display 341Wizard of 6 Client IP Addresses and Routes on 6 Port Forwarding on 342 SSL VPN Wizard of 6 Domain Settings Server Configuration SSL VPN Wizard of 6 screen settings domain settings343 Radius Client 344 Windows login account name in email format. For 345Display name in the dn format. For example 346 SSL VPN Wizard of 6 User Settings SSL VPN Wizard of 6 screen settings user settings347 348 SSL VPN Wizard of 6 Client IP Addresses and Routes Setting Description Client IP Address Range 349Add Routes for VPN Tunnel Clients Setting Description Add New Application for Port Forwarding SSL VPN Wizard of 6 Port Forwarding350 351 SSL VPN Wizard of 6 Verify and Save Your SettingsSSH Add New Host Name for Port Forwarding 352 353 Access the New SSL VPN Portal 354 355 356 View the UTM SSL VPN Connection Status View the UTM SSL VPN Log Manually Configure and Modify SSL Portals To query the SSL VPN log 357 358 Manually Create or Modify the Portal Layout  To create an SSL VPN portal layout359 360 361 Add Portal Layout screen settings Setting Description SSL VPN Portal Pages to Display Configure Domains, Groups, and Users To edit a portal layout  To delete one or more portal layouts Add Servers and Port Numbers Configure Applications for Port Forwarding To add a server and a port number 363 Add a Host Name  To add servers and host names for client name resolution364 TCP application Port number Configure the SSL VPN Client Fully Qualified Domain Name. The full server name365 SSL VPN Client screen settings Configure the Client IP Address Range To define the client IP address range 366 Add Routes for VPN Tunnel Clients  To add an SSL VPN tunnel client route367 Configure the Advanced SSL VPN Client Settings  To change the LCP time-out368 Add New Network Resources Use Network Resource Objects to Simplify Policies To define a network resource 369 Edit Network Resources to Specify Addresses Resources screen settings to edit a resource To delete one or more network resources  To edit network resources 371 Configure User, Group, and Global Policies 372 Global Default Policy Add a Policy View Policies To view the existing policies  To add an SSL VPN policy Setting Description Policy For Add SSL VPN Policy screen settings374 Add SSL VPN Policies Resource Objects to Simplify Policies on 375 376  To edit an SSL VPN policy For More SSL VPN Information  To delete one or more SSL VPN policies377 378 Authentication Process and Options Manage Users, Authentication, and VPN Certificates External authentication protocols and methodsAuthentication Description Protocol or method 379 Login Portals Configure Authentication Domains, Groups, and UsersAdministrative Users and Users with Guest Privileges 380 381 Users with Special Access Privileges 382 383 Unauthenticated or Anonymous Users Active Directories and Ldap ConfigurationsHow an Active Directory Works 384 385 How to Bind a DN in an Active Directory Configuration 386 387 Select Users Domains Create and Delete Domains Configure Domains To create a domain 388 389 390 Add Domain screen settings 391 392 393 Edit Domains Configure Groups To delete one or more domains  To edit a domain Create and Delete Groups  To create a VPN group395 Edit Groups Groups screen settings To delete one or more groups  To edit a VPN group Configure Custom Groups  To create and manage custom groups397 398 399 Add Custom Group screen settings  To change an existing custom group  To delete one or more custom groups400 Configure User Accounts  To create an individual user account401 402 See Configure Extended Authentication Xauth on Add User screen settings To delete one or more user accounts 403 Configure Login Policies Set User Login Policies To configure user login policies 404 Configure Login Restrictions Based on IP Address  To restrict logging in based on IP address405 By Source IP Address screen settings Configure Login Restrictions Based on Web Browser To delete one or more addresses  To restrict logging in based on the user’s browser Internet Explorer Opera Netscape Navigator  To delete one or more browsers407 Change Passwords and Other User Settings  To modify user settings, including passwords408 Configure Extended Authentication Xauth on Edit User screen settingsDC Agent 409 410 411  To download ProSecure DC Agent software and add a DC agent DC Agent screen settings  To configure AD SSO with a DC agent To edit a DC agent 412 413 414  To do so, follow this procedure Configure Radius VLANs To configure a Radius Vlan 415 416 Configure Global User Settings View and Log Out Active Users  To log out all active users417 Active Users screen settings  To view all or selected users418 419 Manage Digital Certificates for VPN Connections 420 VPN Certificates Screen Manage CA Certificates  To view and upload trusted certificates421 Manage Self-Signed Certificates  To delete one or more digital certificates422 423 Generate self-signed certificate request settings 424512 1024 2048 425 View and Manage Self-Signed Certificates Manage the Certificate Revocation List To delete one or more SCRs  To delete one or more self-signed certificates 427  To delete one or more CRLs Performance Management Bandwidth Capacity428 Features That Reduce Traffic Network and System Management429 430 431 Content Filtering Features That Increase Traffic Source MAC Filtering432 433 Configure the DMZ Port Port Triggering434 Configure VPN Tunnels Configure Exposed HostsUse QoS and Bandwidth Assignments to Shift the Traffic Mix Assign QoS Profiles System Management Change Passwords and Administrator and Guest SettingsMonitoring Tools for Traffic Management 436 437 Configure Remote Management Access  To configure the UTM for remote management438 439 Https//IPaddress or https//FullyQualifiedDomainName 440 Use a Simple Network Management Protocol Manager 441 Setting Description Snmp Global Settings Global Snmp settings and SNMPv1/v2c settingsSNMPv1/v2c Settings 442 SNMPv3 settings  To configure the SNMPv3 settingsSetting Description SNMPv3 Settings 443 444 Restore Settings Manage the Configuration File To edit an SNMPv3 user profile  To delete one or more SNMPv3 user profiles Back Up Settings  To back up settings446 Restore Settings Revert to Factory Default Settings447 Update the Firmware View the Available Firmware Versions448 449 Firmware screen, available versions 450 Click Install Downloaded Firmware 451  To download the latest firmware for your UTM 452 453 Reboot without Changing the Firmware Update the Scan Signatures and Scan Engine Firmware To reboot the UTM without changing the firmware 454 455 Configure Automatic Update and Frequency Settings Configure Date and Time ServiceSignatures & Engine screen settings 456 Adjust for Daylight Savings Time check box System Date & Time screen settings To set time, date, and NTP servers 457 458 Connect to a ReadyNAS and Configure Quarantine Settings Connect to a ReadyNAS Log Storage To connect to the ReadyNAS on the UTM 459  To configure the quarantine settings Configure the Quarantine SettingsReadyNAS Integration screen settings 460 Quarantine settings Unauthenticated or Anonymous Users on461 462 Enable the WAN Traffic Meter 463 Monitor System Access and Performance 464 Setting Description Enable Traffic MeterTraffic Counter Event Notifications on 465 Setting Description When Limit is reached Configure the Email Notification Server Configure Logging, Alerts, and Event Notifications To configure the email notification server 466 Configure and Activate System, Email, and Syslog Logs Email Notification screen settings467 468  To configure and activate logs Setting Description System Logs Option Email and Syslog screen settingsEmail Logs to Administrator 469 Logs screen see Configure and Activate Firewall Logs on 470Send Logs via Syslog Configure Gateway 1 at Site How to Send Syslogs over a VPN Tunnel between SitesSetting Description Clear the Following Logs Information 471  To change the remote IP address in the VPN policy Configure Gateway 2 at Site To change the local IP address in the VPN policy 472  To configure and activate the email alerts Configure and Activate Update Failure and Attack Alerts To specify the syslog server that is connected to Gateway 473 474 Alerts screen settings 475 TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%FILENAME%, %ACTION%, %VIRUSNAME% Configure and Activate Firewall Logs  To configure and activate firewall logs476 Setting Description Routing Logs Monitor Real-Time Traffic, Security, and Statistics477 478 Dashboard, screen 1 Dashboard screen threats and traffic information  To set the poll interval479 Total Threats 480 Threats CountsTotal Traffic Bytes 481 Enable and Configure the Intrusion 482 Dashboard screen service statistics information Monitor Application Use in Real Time Spam blacklist see Set Up the Whitelist and Blacklist on483 RBL 484  To filter the information that is displayed onscreen  To set the monitoring periodApplication Dashboard screen 485 View Status Screens View the System Status486 System Status screen fields View the System Status Screen487 Status Description View the Network Status Screen Scan Settings on488 System Information Network Status screen fields Available Access Points Table489 LAN Vlan Information  To view the Router Statistics screen View the Router Statistics Screen490 Ssid  To view the Wireless Statistics screen View the Wireless Statistics Screen UTM9S and UTM25S OnlyRouter Statistics screen fields 491 492 Wireless Statistics screen fieldsRadio Statistics Details AP Statistics 493 View the Detailed Status Screen 494 Configure and Enable the DMZ Port on LAN Port ConfigurationDetailed Status screen fields 495 MAC Address and Configure SettingsManually Configure the Internet 496 Wireless information in SLOT-1 Info or SLOT-2 Info Access Points Information497 Configure a Vlan Profile on See Configure a Vlan Profile onView the Vlan Status Screen Vlan Status screen fields View the Active VPN Users View the xDSL Statistics Screen UTM9S and UTM25S Only499 500 View the VPN Tunnel Connection Status 501 View the Active Pptp and L2TP Users  To view the status of the port-triggering feature View the Port Triggering Status502 503 Port Triggering Status pop-up screen information  To view the status of a WAN, xDSL, or USB port View the WAN, xDSL, or USB Port StatusConnection Status pop-up screen information 504 View Attached Devices View Attached Devices and the Dhcp Leases To view the attached devices in the LAN Groups screen 505 506 View the Dhcp Leases Query and Manage the Logs To view the Dhcp leases 507 508 Overview of the Logs Query and Download Logs  To query and download logs509 510 Logs Query screen settings 511 512 Example Use the Logs to Identify Infected Clients EMERG, ALERT, CRITICAL, ERROR, WARNING, Notice To identify infected clients 513 Query and Manage the Quarantine Logs Log Management514 Query the Quarantined Logs  To query the quarantine logs515 516 Quarantine screen settings 517 View and Manage the Quarantined Spam Table 518 View and Manage the Quarantined Infected Files Table Spam Reports for End Users  For an end user to send a spam report519 View, Schedule, and Generate Reports Click Send Report520 521 Enable Application Session Monitoring  To configure filtering options Report Filtering Options522 523 Report screen filtering options settingsHorizontal Bar Pie Use Report Templates and View Reports Onscreen  To display the report templates and view reports onscreen524 525 Report screen report template information 526 IPS & Application 527 Email Activity 528  To schedule automatic generation and emailing of reports Schedule, Email, and Manage Reports529 System Setting Description Schedule Reports Report screen schedule report settingsManaging Saved Reports 530 531 Use Diagnostics Utilities Send a Ping Packet Use the Network Diagnostic Tools To send a ping 532 Trace a Route Use the Real-Time Traffic Diagnostics ToolDisplay the Routing Table Look Up a DNS Address 534  To use the real-time traffic diagnostics tool Generate Network Statistics Gather Important Log Information To gather log information about your UTM 535 Perform Maintenance on the USB Device Reboot and Shut Down the UTM536 537 538 Troubleshoot and Use Online Support Basic Functioning Power LED Not OnVerify the Correct Sequence of Events at Startup Test LED Never Turns Off Troubleshoot the Web Management Interface LAN or WAN Port LEDs Not On540 When You Enter a URL or IP Address, a Time-Out Error Occurs Troubleshoot the ISP Connection541 542  To check the WAN IP address Test the LAN Path to Your UTM Troubleshoot a TCP/IP Network Using a Ping UtilityPing 543 Test the Path from Your Computer to a Remote Device Ping -n 10 IP address544 545 Restore the Default Configuration and Password Enable Remote Troubleshooting Problems with Date and TimeUse Online Support  To initiate the support tunnel Send Suspicious Files to Netgear for Analysis  To submit a file to Netgear for analysis547 Access the Knowledge Base and Documentation Malware Analysis screen settings548 549 XDSL Network Module for the UTM9S UTM25S Configure the xDSL Settings XDSL Network Module Configuration TasksXDSL Network Module for the UTM9S and UTM25S 550 551  To configure the xDSL settings XDSL settings Setting Description XDSL Settings552 553 VPIVCI 554 555 561, and Troubleshoot the ISP Connection on 556 Manually Configure the xDSL Internet Connection 557 558 PPPoE and PPPoA settings ATM Ipoa 559 560 561 562 Configure Network Address Translation 563 Configure Classical Routing 564 565 566 Configure Load Balancing and Optional Protocol Binding 567 Configure Load Balancing 568 569 570 571  To add a secondary WAN address to the DSL interface 572 573 574 Setting Description SLOT-x Dynamic DNS Status 575 Advanced DSL settings Default Address radio button576 577 578 Wireless Network Module for UTM9S and UTM25S Configuration Order Overview of the Wireless Network ModuleWireless Equipment Placement and Range Guidelines Wireless Network Module for the UTM9S and UTM25S Configure the Basic Radio Settings  To configure the basic radio settings580 Radio Settings screen settings 581Field Descriptions 582 583 Operating Frequency Channel Guidelines 584 Wireless Data Security Options 585 Wireless Security Profiles Network authentication Data encryption586 WPA Radius settings Before You Change the SSID, WEP, and WPA SettingsWPA2 Radius settings 587  To add a wireless profile Configure and Enable Wireless ProfilesWireless Profiles screen settings 588 Add Wireless Profiles screen settings Field Description Profile Configuration589 Security Options on 590 591 Tkip TKIP+AESWEP Index and Keys 592  To edit a wireless profile Restrict Wireless Access by MAC Address To delete one or more wireless profiles  To enable or disable one or more wireless profiles 594 595 Access Point Status screen fields Configure a Wireless Distribution System596 Connected Clients 597  To enable and configure WDS  To configure WDS on a peer Configure Advanced Radio Settings To configure advanced radio settings 598 599 Advanced Wireless screen settings 600 Configure WMM QoS Priority Settings 601 For More Information About Wireless Configurations Test Basic Wireless Connectivity To test for wireless connectivity 602 603 3G/4G Dongle Configuration Tasks Manually Configure the USB Internet Connection 3G/4G Dongles for the UTM9S and UTM25S604 605  To configure the WAN ISP settings for the USB interface Setting Description 3G Dongle Details USB ISP settingsConnection Settings 606 607 XDSL, or USB Port Status on Configure the 3G/4G Settings  To configure the 3G/4G settings608 Setting Description 3GStatus 4G settingsConnection Setting 609 APN 610 611 612 613 614 615 616 617 618 619 620 Setting Description USB Dynamic DNS Status 621 622 What to Consider Before You Begin WAN port Physical facility Internet623 Internet Configuration Requirements Computer Network Configuration RequirementsWhere Do I Get the Internet Configuration Information? Cabling and Computer Hardware Requirements 625 Internet Connection Information 626 Overview of the Planning Process 627 Inbound Traffic Inbound Traffic to a Dual WAN Port System Inbound Traffic to a Single WAN Port SystemInbound Traffic Dual WAN Ports for Improved Reliability Inbound Traffic Dual WAN Ports for Load Balancing 629 Virtual Private Networks 630 VPN Road Warrior Client-to-Gateway 631 VPN Road Warrior Single-Gateway WAN Port Reference Case 632 VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing 633 VPN Gateway-to-Gateway 634 VPN Telecommuter Client-to-Gateway through a NAT Router VPN Telecommuter Single-Gateway WAN Port Reference Case635 636 637 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing 638 Supported ReadyNAS Models  To install the UTM add-on on the ReadyNAS Install the UTM Add-On on the ReadyNASSelect Add-ons Add New ReadyNAS Integration 640 Select Add-ons Installed 641 Connect to the ReadyNAS on the UTM 642 643 Why Do I Need Two-Factor Authentication? What Are the Benefits of Two-Factor Authentication?644 What Is Two-Factor Authentication? Netgear Two-Factor Authentication SolutionsTwo-Factor Authentication  To use WiKID for end users 646 647 Log message terms 648Term Description System Log Messages RebootSystem Startup 649 System logs login/logout Login/LogoutSystem logs NTP 650 Firewall Restart Auto-Rollover ModeIPSec Restart WAN Status System logs WAN status, auto rollover Load Balancing Mode652 ACTIVEWAN2 PPP Logs System logs WAN status, PPPoE idle timeoutSystem logs WAN status, load balancing 653 654 System logs WAN status, Pptp idle timeout Traffic Metering Logs Unicast, Multicast, and Broadcast Logs655 Icmp Redirect Logs Invalid Packet LoggingMulticast/Broadcast Logs 656 657 Content-Filtering and Security Logs Service LogsService logs 658 659 Web Filtering and Content-Filtering Logs Content-filtering and security logs spam Spam Logs660 Malware Logs Traffic LogsEmail Filter Logs 661 Content-filtering and security logs anomaly behavior Content-filtering and security logs IPSIPS Logs Anomaly Behavior Logs Application Logs Routing LogsLAN-to-WAN Logs 663 DMZ-to-WAN Logs LAN-to-DMZ LogsWAN-to-LAN Logs 664 WAN-to-DMZ Logs DMZ-to-LAN LogsRouting logs WAN to DMZ 665 UTM default configuration settings Default SettingsFeature Login settings Default behavior 666 Feature Default behavior WAN connections Default Settings and Technical SpecificationsAdministrative and monitoring settings 667 668 Feature Default behavior Firewall and network securitySIP ALG IPS 669 Feature Application security Default behavior 670 Feature Default behavior SSL VPN settings Radius settingsUser, group, and domain settings 671 672 Physical and Technical Specifications UTM physical and technical specifications673 Feature Specification Major regulatory compliance UTM IPSec VPN specificationsInterface specifications Setting Specification Feature Description 802.11b/bg/ng wireless specifications UTM SSL VPN specifications675 Http//prosecure.netgear.com Feature Description 802.11a/na wireless specifications 676AES Regulatory Compliance Information FCC Requirements for Operation in the United States677 Notification of Compliance Wired European Union678 Additional Copyrights 679Terms MD5 680 Edoc in Languages of the European Community Europe EU Declaration of Conformity681 Language Statement 682 Notification of Compliance Wireless 683 FCC Caution Important Note Radiation Exposure Statement Industry CanadaAvertissement 684 685 Interference Reduction Table 686 Index 687 See also 688 DMZ 689 690 691 Blocking 202, 218, 222 setting access exceptions Logs 469, 508-510traffic statistics 692 LAN 693 694 695 696 697 698 SSL VPN 699 TCP/IP 700 701 Logs 290, 470 702 703 Dhcp 50, 106, 119 ModeConfig 704

NETGEAR STM150EW-100NAS, UTM5EW-100NAS manual Outbound Rules Service Blocking, 129

Models: UTM5EW-100NAS STM150EW-100NAS

ProSecure Unified Threat Management (UTM) Appliance

Table 26. Number of supported firewall rule configurations

Outbound Rules (Service Blocking)

Firewall Protection

129