Virtual Private Networking, 264 | NETGEAR UTM5EW-100NAS guide

7. Virtual Private Networking	7
Using IPSec, PPTP, or L2TP Connections

This chapter describes how to use the IP security (IPSec) virtual private networking (VPN) features of the UTM to provide secure, encrypted communications between your local network and a remote network or computer. This chapter contains the following sections:

•Use the IPSec VPN Wizard for Client and Gateway Configurations

•Test the Connection and View Connection and Status Information

•Manage IPSec VPN and IKE Policies

•Configure Extended Authentication (XAUTH)

•Assign IP Addresses to Remote Users (Mode Config)

•Configure Keep-Alives and Dead Peer Detection

•Configure NetBIOS Bridging with IPSec VPN

•Configure the PPTP Server

•Configure the L2TP Server

•For More IPSec VPN Information

Considerations for Dual WAN Port Systems (Multiple WAN Port Models Only)

On the multiple WAN port models only, if two WAN ports are configured, you can enable either auto-rollover mode for increased system reliability or load balancing mode for optimum bandwidth efficiency. Your WAN mode selection impacts how the VPN features need to be configured.

Note: For the UTM9S and UTM25S only, you can also use a DSL interface in combination with a WAN interface for VPN tunnel failover.

The use of fully qualified domain names (FQDNs) in VPN policies is mandatory when the WAN ports function in auto-rollover mode or load balancing mode, and is also required for VPN tunnel failover. When the WAN ports function in load balancing mode, you cannot configure VPN tunnel failover. An FQDN is optional when the WAN ports function in load

264

Image 264

NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual Virtual Private Networking, 264

Contents

ProSecure Unified Threat Management UTM Appliance ProSecure Product Updates ProSecure Forum Revision History SupportTrademarks ProSecure Unified Threat Management UTM Appliance Settings and Technical Specifications Updated Features That Reduce Traffic and Features ThatApplication control see Configure Application Control Configure Quarantine Settings, Query and Manage Appendix B, Wireless Network Module for the UTM9S UTM25S Configure Distributed Spam Analysis sectionAdded the Requirements for Entering IP Addresses Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Key Features and Capabilities Introduction Single or multiple exposed hosts Virtual private networks Wireless Features DSL FeaturesAdvanced VPN Support for Both IPSec and SSL Powerful, True Firewall Stream Scanning for Content Filtering Security Features Autosensing Ethernet Connections with Auto Uplink Easy Installation and Management Extensive Protocol Support Maintenance and Support Model ComparisonUTM model comparison Service Registration Card with License Keys Network Modules and Broadband Adapters Package Contents Hardware Features Power LED Front Panel UTM5 and UTM10USB port Left LAN LEDs Test LED Right WAN LED Right LAN LEDs Front Panel UTM25 Front Panel UTM50USB port Left LAN LEDs Left WAN LEDs Active Test LED Right LAN LEDs Right WAN LEDs LEDs Power LED Left LAN LEDs Left WAN LEDs USB port Front Panel UTM150LEDs Right WAN LEDs Test LED Right LAN LEDs Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDs Power LED Left WAN LEDs Slot Left LAN LEDs USB port Front Panel UTM9S and UTM25S and Network ModulesActive WAN LEDs Test LED Right LAN LEDs Wireless Network Modules XDSL Network Modules LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150Activity Description Activity Description LAN ports DMZ LEDWAN ports LED Descriptions, UTM9S, UTM25S, and their Network Modules LED descriptions UTM9S and UTM25SUSB LED Wireless network module Rear Panel UTM5, UTM10, and UTM25Receptacle XDSL network modules Factory Defaults Security lock Reset button ReceptacleRear Panel UTM50 and UTM150 Port Security lock AC power Receptacle Factory Defaults Reset button Console switchPower Switch Bottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Use the Setup Wizard to Provision UTM in Your Network Steps for Initial Connection Use the Setup Wizard to Provision the UTM in Your Network Log In to the UTMQualified Web Browsers Requirements for Entering IP Addresses ProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Use the Setup Wizard to Perform the Initial Configuration  To start the Setup Wizard Setup Wizard of 10 LAN Settings Setting Description LAN TCP/IP Setup Dhcp Setting Description DNS Proxy Setup Wizard of 10 WAN Settings Setting Description Inter Vlan Routing Setup Wizard WAN Settings screen settings Setting Description ISP LoginISP Type See Configure Load Balancing Multiple WAN Port Models Internet IP AddressISP Dhcp Setup Wizard of 10 System Date and Time Domain Name Server DNS ServersGet Automatically from ISP radio button Setup Wizard of 10 Services Setup Wizard System Date and Time screen settingsSetting Description Set Time, Date, and NTP Servers For Daylight Savings Time check box Setup Wizard Services screen settings Web Setup Wizard of 10 Email Security Setup Wizard Email Security screen settingsSetting Description Action Setup Wizard of 10 Web Security Scan Exceptions Http Setup Wizard of 10 Web Categories to Be Blocked Setup Wizard Web Categories to be blocked screen settings Setting Description Blocked Web CategoriesBlocked Categories Scheduled Days Blocked Categories Time of Day Setup Wizard of 10 Email Notification Setup Wizard Email Notification screen settings Setup Wizard of 10 Signatures & Engine Setup Wizard Signatures & Engine screen settingsSetting Description Update Settings Setup Wizard of 10 Saving the Configuration Setting Description Update FrequencyHttps Proxy Settings Register the UTM with Netgear Use the Web Management Interface to Activate Licenses ProSecure Unified Threat Management UTM Appliance Electronic Licensing  To retrieve and display the registered informationClick Retrieve Info Verify Correct Installation What to Do NextTest Connectivity Test Http Scanning ProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings Internet and WAN Configuration Tasks Manually Configure Internet and WAN Settings Complete these steps ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Connection method Manual data input required Pptp Manually Configure the Internet Connection If the automatic ISP configuration is successfulIf the automatic ISP configuration fails Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load DNS server settings Identifier check box If the manual ISP configuration is successful If the manual ISP configuration fails Configure the WAN Mode Overview of the WAN Modes Configure Network Address Translation All Models Configure Classical Routing All Models Configure Auto-Rollover Mode  To configure auto-rollover mode Configure the Failure Detection Method  To configure the failure detection methodFailure detection method settings Setting Description WAN Failure Detection Method Ping Configure Load Balancing Multiple WAN Port Models  To configure load balancing Configure Protocol Binding Optional Add Protocol Binding screen settings Screen see Outbound Rules Service Blocking onChange Group Names in the Network Database on Configure Secondary WAN Addresses  To edit a protocol binding  To add a secondary WAN address to a WAN interface Configure Dynamic DNS  To delete one or more secondary addresses  To configure Ddns Click Apply to save your configuration DNS service settings Set the UTM’s MAC Address and Configure Advanced WAN Options Advanced WAN settings Setting Description MTU Size Setting Speed Description Upload/Download Settings1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address Failure Detection Method Additional WAN-Related Configuration Tasks LAN Configuration Manage Virtual LANs and Dhcp Options LAN Configuration Port-Based VLANs Assign and Manage Vlan Profiles 100 Vlan Dhcp Options 101 Dhcp Server Dhcp RelayDNS Proxy 102 Configure a Vlan Profile Ldap Server To add or edit a Vlan profile 103 104 Edit Vlan Profile screen settings Setting Description Vlan Profile105 Port Membership 106 107 Configure Vlan MAC Addresses and Advanced LAN Settings  To enable, disable, or delete one or more Vlan profiles To configure a Vlan to have a unique MAC address  To edit a Vlan profile Configure Multihome LAN IP Addresses on the Default 109  To add a secondary LAN IP address 110 Manage Groups and Hosts LAN Groups  To edit a secondary LAN IP address To delete one or more secondary LAN IP addresses 111 Manage the Network Database 112 113 Known PCs and devices settings Setting Description NameAdd Computers or Devices to the Network Database Modify Computers or Devices in the Network Database Change Group Names in the Network Database Delete Computers or Devices from the Network Database To edit the names of any of the eight available groups 115 Set Up Address Reservation 116 Configure and Enable the DMZ Port  To enable and configure the DMZ port117 DMZ Setup screen settings Setting Description DMZ Port Setup118 119 120 Configure Static Routes Manage Routing To add a static route to the Static Route table 121 Add Static Route screen settings 122 Configure Routing Information Protocol  To enable and configure RIP Select Network Config Routing To edit a static route that is in the Static Routes table  To delete one or more routes RIP Configuration screen settings 124 Authentication for RIP-2B/2M 125 Static Route Example 126 About Firewall Protection 127 Administrator Tips Firewall Protection128 Outbound Rules Service Blocking Number of supported firewall rule configurations129 Setting Description Outbound Rules Outbound rules overview130 Block always 131 Groups and Hosts LAN Groups on Service Profiles on 132 Inbound Rules Port Forwarding 133NAT IP 134 Setting Description Inbound Rules 135 136 Quality of Service Profiles on 137 Order of Precedence for Rules 138 Configure LAN WAN Rules  To change the default outbound policy139 Create LAN WAN Outbound Service Rules  To change an existing outbound or inbound service rule To enable, disable, or delete one or more rules 140 Create LAN WAN Inbound Service Rules  To create an inbound LAN WAN service rule141 Configure DMZ WAN Rules 142  To delete or disable one or more rules 143 Create DMZ WAN Outbound Service Rules Create DMZ WAN Inbound Service Rules144 Configure LAN DMZ Rules  To create an inbound DMZ WAN service rule145 146 Create LAN DMZ Outbound Service Rules Create LAN DMZ Inbound Service Rules To create an outbound LAN DMZ service rule  To create an inbound LAN DMZ service rule Examples of Firewall Rules Inbound Rule ExamplesLAN WAN Inbound Rule Host a Local Public Web Server 148 149 Netgear UTM 150  To configure the UTM for additional IP addresses 151 LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host 152 Outbound Rule Example LAN WAN Outbound Rule Block Instant Messenger153 Configure Other Firewall Features Vlan Rules To create a Vlan rule 154 Add VLAN-VLAN Service screen settings Add Customized Services on155  To delete or disable one or more Vlan rules  To edit a Vlan rule156 Attack Checks screen settings Setting Description WAN Security ChecksAttack Checks, VPN Pass-through, and Multicast Pass-through 157 Configure Multicast Pass-Through  To configure multicast pass-throughSetting Description LAN Security Checks 158 159  To enable and configure session limits Session Limit screen settingsSet Session Limits  To delete one or more multicast source addresses  To enable ALG for SIP and VPN scanning Session Timeout161 162 Add Customized Services 163  To add a customized service Services screen settings164 Create Service Groups  To edit a service To delete one or more services  To create a service group  To edit a service group 166 Create IP Groups  To create an IP group167  To delete an IP group 168 Create Quality of Service Profiles  To create a QoS profile169 Add QoS Profile screen settings 170 Default High Medium High Low Create Bandwidth Profiles To edit a QoS profile  To delete one ore more QoS profiles  To add and enable a bandwidth profile 172 Add Bandwidth Profile screen settings 173 Create Traffic Meter Profiles  To edit a bandwidth profile To delete one or more bandwidth profiles 174  To add a traffic meter profile 175 Add Traffic Meter Profile screen settings 176 Set a Schedule to Block or Allow Specific Traffic  To edit a traffic meter profile To delete one or more traffic meter profiles  To add a schedule Add Schedule screen settings 178Scheduled Days Enable Source MAC Filtering Setting Description Scheduled Time of Day To edit a schedule  To delete one or more schedules  To remove one or more entries from the table 180 Set Up IP/MAC Bindings  To set up IP/MAC bindings181 IP/MAC Binding screen settings Setting Description Email IP/MAC Violations182 IP/MAC Bindings Configure Port Triggering  To edit an IP/MAC binding To remove one or more IP/MAC bindings from the table 183 Port Triggering screen settings  To add a port-triggering rule184  To edit a port-triggering rule  To display the status of the port-triggering rules185 Configure Universal Plug and Play 186 Enable and Configure the Intrusion Prevention System  To enable intrusion prevention To configure intrusion prevention IPS screen settings Security Category Settings 188 IPS, screen 1 Firewall Protection 189 IPS uncommon attack names 190Attack Name Description Web 191 Attack Name DescriptionMisc About Content Filtering and Scans 192 Default Email and Web Scan Settings Default email and web scan settingsContent Filtering and Optimizing Scans 193 Configure Email Protection Customize Email Protocol Scan Settings To configure the email protocols and ports to scan Scan type Default scan setting Default action if applicable Protocol Scan Settings on 195 Customize Email Antivirus and Notification Settings  To configure the antivirus settings for email traffic196 Anti-Virus screen settings for email traffic 197 Setting Description Scan Exceptions Notification Settings198 Email Content Filtering Setting Description Email Alert Settings199 SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME% 200 Email Filters screen settings Setting Description Email FiltersFilter by Password-Protected Attachments ZIP, RAR, etc 201 Setting Description Filter by File Type Protect Against Email Spam202 Filter by File Name Set Up the Whitelist and Blacklist 203  To configure the whitelist and blacklist 204 Whitelist/Blacklist screen settings 205 Configure the Real-Time Blacklist  To enable the real-time blacklist To add a blacklist provider to the real-time blacklist 206 Configure Distributed Spam Analysis 207 Distributed Spam Analysis screen settings Setting Description Distributed Spam Analysis208 Anti-Spam Engine Settings 209Low Medium-Low Configure Web and Services Protection Customize Web Protocol Scan SettingsSetting Description Send Quarantine Spam Report 210  To configure the web protocols and ports to scan 211 Configure Https Smart Block 212 Add or Edit Https Smart Block Profile settings 213 214  To change a profile 215 Configure Web Malware or Antivirus Scans 216 Anti-Virus screen settings for HTTP/HTTPS traffic 217Scan Exception Html Scan Configure Web Content Filtering 218  To configure web content filtering 219 220 Content Filtering screen settings Setting Description Content Filtering221 222 Full-Text SearchPerformance Management on Block Web Objects 223 Configure Web URL Filtering Setting Description Web Category Lookup224 URL  To configure web URL filtering 225 URL Filtering screen settings Setting Description Whitelist226 Blacklist 227 URL% Configure Https Scanning and SSL Certificates How Https Scanning Works228 229 Configure the Https Scan Settings  To configure the Https scan settingsHttps Settings screen settings 230 Manage SSL Certificates for Https Scanning 231 Manage the Active Https Certificate 232 Manage Trusted Https Certificates 233 Manage Untrusted Https Certificates Specify Trusted Hosts for Https Scanning  To delete an untrusted certificate To specify trusted hosts 235 Trusted Hosts screen settings 236 Configure the SSL Settings for Https Scanning  To configure the SSL settings for Https scanningSSL Settings screen settings 237 Configure FTP Scanning Customize FTP Antivirus Settings To configure the antivirus settings for FTP traffic Anti-Virus screen settings for FTP Configure FTP Content Filtering  To configure the FTP filtersSetting Description Scan Exception 239 Configure Application Control 240 241 242 243 To select one or more categories of applications To select one or more individual applicationsTo search for an application 244 245 Application Control Policy pop-up screen settings Setting Description Policy for a category of applications246 Meter Profiles on  To change an existing application control profile 247 Set Exception Rules for Web and Application Access  To delete one or more application control profiles248  To set web access exception rules 249 Application 250 File Extension Https Smart Block251 Add or Edit Exceptions screen settings URL FilteringWeb Category 252 253 See Configure Radius VLANs on 254Delete Groups on Ldap 255 To select a category of applicationsTo select a single application To search for an application For Exceptions for Web and Application Access on 256  To disable, enable, or delete one or more exception rules  To change an existing exception rule257  To create and manage custom categories 258 Custom categories applications 259 Custom Categories screen settings 260To select one or more categories of applications To select one or more individual applications 261 To remove one or more categories or applications fromApplications in this Category table To add a URL  To configure scanning exclusion rules Set Scanning Exclusions for IP Addresses and Ports To change an existing custom category  To delete one or more custom categories Scanning Exclusion screen settings 263 Virtual Private Networking 264 IP addressing for VPNs in dual WAN port systems 265 Create Gateway-to-Gateway VPN Tunnels with the Wizard 266 267 Setting Default Value IKE policy 2683DES SHA-1 IPSec VPN Wizard settings for a gateway-to-gateway tunnel 269 Setting Description Secure Connection Remote Accessibility 270 Create a Client-to-Gateway VPN Tunnel 271 272 IPSec VPN Wizard settings for a client-to-gateway tunnel Select the VPN Client radio button. The default remote Fqdn273 Fqdn 274 Information required to configure the VPN client 275Component Example Information to be collected 276 277 278 VPN client advanced authentication settings Setting Description Advanced features279 NAT-T 280  To create new authentication settings Type vpnclient281 VPN client authentication settings 28210.34.116.22 IKE 283  To create an IPSec configuration Setting Description Local and Remote IDType netgearplatform 284 VPN client IPSec configuration settings 285ESP  To specify the global parameters 286 Test the Netgear VPN Client Connection 287 Click Gateway-Tunnel, and press Ctrl+O 288 Netgear VPN Client Status and Log Information View the UTM IPSec VPN Connection Status289 View the UTM IPSec VPN Log  To query the IPSec VPN logIPSec VPN Connection Status screen information 290 Manage IPSec VPN and IKE Policies 291  To access the IKE Policies screen Manage IKE PoliciesIKE Policies Screen 292 List of IKE Policies table information 293 Manually Add or Edit an IKE Policy  To delete one or more IKE polices To add an IKE policy manually 294 295 Add IKE Policy screen settings Setting Description Mode Config Record296 General 297 RemoteIKE SA Parameters 298 Setting Description Extended Authentication  To edit an IKE policy299 Manage VPN Policies VPN Policies Screen300 List of VPN Policies table information 301  To enable or disable one or more VPN policies Manually Add or Edit a VPN Policy To delete one or more VPN polices  To add a VPN policy manually 303 Add New VPN Policy screen settings Setting Description General304 Configure Keep-Alives 305Traffic Selection Manual Policy Parameters 306 Setting Description Auto Policy Parameters 307 Configure Extended Authentication Xauth  To edit a VPN policy308 Configure Xauth for VPN Clients  To enable and configure XauthExtended authentication settings 309 User Database Configuration Radius Client and Server Configuration To configure primary and backup Radius servers 310 Radius Client screen settings Setting Description Primary Radius ServerBackup Radius Server Connection Configuration Assign IP Addresses to Remote Users Mode Config Mode Config OperationConfigure Mode Config Operation on the UTM 312  To configure Mode Config on the UTM 313 Add Mode Config Record screen settings Setting Description Client Pool314 315 Traffic Tunnel Security Level 316 317 Setting Description IKE SA Parameters 318Select Group 2 1024 bit Configure the ProSafe VPN Client for Mode Config Operation User Database Configuration on319 320 Type GWModeConfig 321 VPN client authentication settings Mode Config 322 Type TunnelModeConfig VPN client advanced authentication settings Mode Config323 VPN client IPSec configuration settings Mode Config 324Enter Configure the Mode Config Global Parameters 325 Test the Mode Config Connection 326 Modify or Delete a Mode Config Record  To edit a Mode Config record To delete one or more Mode Config records 327 Configure Keep-Alives and Dead Peer Detection Configure Keep-Alives328 Configure Dead Peer Detection  To configure DPD on a configured IKE policyKeep-alive settings 329 Configure NetBIOS Bridging with IPSec VPN  To enable NetBIOS bridging on a configured VPN tunnelDead Peer Detection settings 330 Configure the Pptp Server 331 Pptp Server screen settings Setting Description Pptp Server332 Setting Description Authentication View the Active Pptp Users To view the active Pptp tunnel users 333 Configure the L2TP Server Pptp Active Users screen information334 Pptp IP L2TP Server screen settings Setting Description L2TP Server335 For More IPSec VPN Information View the Active L2TP Users To view the active L2TP tunnel users L2TP Active Users screen information SSL VPN Portal Options 337 Build a Portal Using the SSL VPN Wizard Virtual Private Networking Using SSL Connections To start the SSL VPN Wizard 338 SSL VPN Wizard of 6 Portal Settings 339 SSL VPN Wizard of 6 screen settings portal settings Setting Description Portal Layout and Theme Name340 341 SSL VPN Portal Pages to DisplayWizard of 6 Client IP Addresses and Routes on 6 Port Forwarding on SSL VPN Wizard of 6 Domain Settings 342 SSL VPN Wizard of 6 screen settings domain settings Server Configuration343 Radius Client 344 Windows login account name in email format. For 345Display name in the dn format. For example 346 SSL VPN Wizard of 6 User Settings SSL VPN Wizard of 6 screen settings user settings347 SSL VPN Wizard of 6 Client IP Addresses and Routes 348 Setting Description Client IP Address Range 349Add Routes for VPN Tunnel Clients Setting Description Add New Application for Port Forwarding SSL VPN Wizard of 6 Port Forwarding350 SSL VPN Wizard of 6 Verify and Save Your Settings 351SSH Add New Host Name for Port Forwarding 352 Access the New SSL VPN Portal 353 354 355 View the UTM SSL VPN Connection Status 356 Manually Configure and Modify SSL Portals View the UTM SSL VPN Log To query the SSL VPN log 357 358 Manually Create or Modify the Portal Layout  To create an SSL VPN portal layout359 360 Add Portal Layout screen settings 361 Configure Domains, Groups, and Users Setting Description SSL VPN Portal Pages to Display To edit a portal layout  To delete one or more portal layouts Configure Applications for Port Forwarding Add Servers and Port Numbers To add a server and a port number 363  To add servers and host names for client name resolution Add a Host Name364 TCP application Port number Configure the SSL VPN Client Fully Qualified Domain Name. The full server name365 Configure the Client IP Address Range SSL VPN Client screen settings To define the client IP address range 366 Add Routes for VPN Tunnel Clients  To add an SSL VPN tunnel client route367 Configure the Advanced SSL VPN Client Settings  To change the LCP time-out368 Use Network Resource Objects to Simplify Policies Add New Network Resources To define a network resource 369 Resources screen settings to edit a resource Edit Network Resources to Specify Addresses To delete one or more network resources  To edit network resources Configure User, Group, and Global Policies 371 Global Default Policy 372 View Policies Add a Policy To view the existing policies  To add an SSL VPN policy Add SSL VPN Policy screen settings Setting Description Policy For374 Add SSL VPN Policies 375 Resource Objects to Simplify Policies on  To edit an SSL VPN policy 376 For More SSL VPN Information  To delete one or more SSL VPN policies377 Authentication Process and Options 378 External authentication protocols and methods Manage Users, Authentication, and VPN CertificatesAuthentication Description Protocol or method 379 Configure Authentication Domains, Groups, and Users Login PortalsAdministrative Users and Users with Guest Privileges 380 Users with Special Access Privileges 381 382 383 Active Directories and Ldap Configurations Unauthenticated or Anonymous UsersHow an Active Directory Works 384 How to Bind a DN in an Active Directory Configuration 385 386 Select Users Domains 387 Configure Domains Create and Delete Domains To create a domain 388 389 Add Domain screen settings 390 391 392 393 Configure Groups Edit Domains To delete one or more domains  To edit a domain Create and Delete Groups  To create a VPN group395 Groups screen settings Edit Groups To delete one or more groups  To edit a VPN group Configure Custom Groups  To create and manage custom groups397 398 Add Custom Group screen settings 399  To change an existing custom group  To delete one or more custom groups400 Configure User Accounts  To create an individual user account401 402 Add User screen settings See Configure Extended Authentication Xauth on To delete one or more user accounts 403 Set User Login Policies Configure Login Policies To configure user login policies 404 Configure Login Restrictions Based on IP Address  To restrict logging in based on IP address405 Configure Login Restrictions Based on Web Browser By Source IP Address screen settings To delete one or more addresses  To restrict logging in based on the user’s browser Internet Explorer Opera Netscape Navigator  To delete one or more browsers407 Change Passwords and Other User Settings  To modify user settings, including passwords408 Edit User screen settings Configure Extended Authentication Xauth onDC Agent 409 410  To download ProSecure DC Agent software and add a DC agent 411  To configure AD SSO with a DC agent DC Agent screen settings To edit a DC agent 412 413 414 Configure Radius VLANs  To do so, follow this procedure To configure a Radius Vlan 415 Configure Global User Settings 416 View and Log Out Active Users  To log out all active users417 Active Users screen settings  To view all or selected users418 Manage Digital Certificates for VPN Connections 419 VPN Certificates Screen 420 Manage CA Certificates  To view and upload trusted certificates421 Manage Self-Signed Certificates  To delete one or more digital certificates422 423 Generate self-signed certificate request settings 424512 1024 2048 425 Manage the Certificate Revocation List View and Manage Self-Signed Certificates To delete one or more SCRs  To delete one or more self-signed certificates  To delete one or more CRLs 427 Performance Management Bandwidth Capacity428 Features That Reduce Traffic Network and System Management429 430 Content Filtering 431 Features That Increase Traffic Source MAC Filtering432 433 Configure the DMZ Port Port Triggering434 Configure Exposed Hosts Configure VPN TunnelsUse QoS and Bandwidth Assignments to Shift the Traffic Mix Assign QoS Profiles Change Passwords and Administrator and Guest Settings System ManagementMonitoring Tools for Traffic Management 436 437 Configure Remote Management Access  To configure the UTM for remote management438 Https//IPaddress or https//FullyQualifiedDomainName 439 Use a Simple Network Management Protocol Manager 440 441 Global Snmp settings and SNMPv1/v2c settings Setting Description Snmp Global SettingsSNMPv1/v2c Settings 442  To configure the SNMPv3 settings SNMPv3 settingsSetting Description SNMPv3 Settings 443 444 Manage the Configuration File Restore Settings To edit an SNMPv3 user profile  To delete one or more SNMPv3 user profiles Back Up Settings  To back up settings446 Restore Settings Revert to Factory Default Settings447 Update the Firmware View the Available Firmware Versions448 Firmware screen, available versions 449 Click Install Downloaded Firmware 450  To download the latest firmware for your UTM 451 452 453 Update the Scan Signatures and Scan Engine Firmware Reboot without Changing the Firmware To reboot the UTM without changing the firmware 454 455 Configure Date and Time Service Configure Automatic Update and Frequency SettingsSignatures & Engine screen settings 456 System Date & Time screen settings Adjust for Daylight Savings Time check box To set time, date, and NTP servers 457 Connect to a ReadyNAS and Configure Quarantine Settings 458 Log Storage Connect to a ReadyNAS To connect to the ReadyNAS on the UTM 459 Configure the Quarantine Settings  To configure the quarantine settingsReadyNAS Integration screen settings 460 Quarantine settings Unauthenticated or Anonymous Users on461 Enable the WAN Traffic Meter 462 Monitor System Access and Performance 463 Setting Description Enable Traffic Meter 464Traffic Counter Event Notifications on Setting Description When Limit is reached 465 Configure Logging, Alerts, and Event Notifications Configure the Email Notification Server To configure the email notification server 466 Configure and Activate System, Email, and Syslog Logs Email Notification screen settings467  To configure and activate logs 468 Email and Syslog screen settings Setting Description System Logs OptionEmail Logs to Administrator 469 Logs screen see Configure and Activate Firewall Logs on 470Send Logs via Syslog How to Send Syslogs over a VPN Tunnel between Sites Configure Gateway 1 at SiteSetting Description Clear the Following Logs Information 471 Configure Gateway 2 at Site  To change the remote IP address in the VPN policy To change the local IP address in the VPN policy 472 Configure and Activate Update Failure and Attack Alerts  To configure and activate the email alerts To specify the syslog server that is connected to Gateway 473 Alerts screen settings 474 475 TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%FILENAME%, %ACTION%, %VIRUSNAME% Configure and Activate Firewall Logs  To configure and activate firewall logs476 Setting Description Routing Logs Monitor Real-Time Traffic, Security, and Statistics477 Dashboard, screen 1 478  To set the poll interval Dashboard screen threats and traffic information479 Total Threats 480 Threats CountsTotal Traffic Bytes Enable and Configure the Intrusion 481 Dashboard screen service statistics information 482 Spam blacklist see Set Up the Whitelist and Blacklist on Monitor Application Use in Real Time483 RBL 484  To set the monitoring period  To filter the information that is displayed onscreenApplication Dashboard screen 485 View Status Screens View the System Status486 View the System Status Screen System Status screen fields487 Status Description Scan Settings on View the Network Status Screen488 System Information Available Access Points Table Network Status screen fields489 LAN Vlan Information View the Router Statistics Screen  To view the Router Statistics screen490 Ssid View the Wireless Statistics Screen UTM9S and UTM25S Only  To view the Wireless Statistics screenRouter Statistics screen fields 491 Wireless Statistics screen fields 492Radio Statistics Details AP Statistics View the Detailed Status Screen 493 494 LAN Port Configuration Configure and Enable the DMZ Port onDetailed Status screen fields 495 Settings MAC Address and ConfigureManually Configure the Internet 496 Wireless information in SLOT-1 Info or SLOT-2 Info Access Points Information497 See Configure a Vlan Profile on Configure a Vlan Profile onView the Vlan Status Screen Vlan Status screen fields View the Active VPN Users View the xDSL Statistics Screen UTM9S and UTM25S Only499 View the VPN Tunnel Connection Status 500 View the Active Pptp and L2TP Users 501  To view the status of the port-triggering feature View the Port Triggering Status502 Port Triggering Status pop-up screen information 503 View the WAN, xDSL, or USB Port Status  To view the status of a WAN, xDSL, or USB portConnection Status pop-up screen information 504 View Attached Devices and the Dhcp Leases View Attached Devices To view the attached devices in the LAN Groups screen 505 506 Query and Manage the Logs View the Dhcp Leases To view the Dhcp leases 507 Overview of the Logs 508 Query and Download Logs  To query and download logs509 Logs Query screen settings 510 511 512 EMERG, ALERT, CRITICAL, ERROR, WARNING, Notice Example Use the Logs to Identify Infected Clients To identify infected clients 513 Query and Manage the Quarantine Logs Log Management514 Query the Quarantined Logs  To query the quarantine logs515 Quarantine screen settings 516 View and Manage the Quarantined Spam Table 517 View and Manage the Quarantined Infected Files Table 518 Spam Reports for End Users  For an end user to send a spam report519 View, Schedule, and Generate Reports Click Send Report520 Enable Application Session Monitoring 521  To configure filtering options Report Filtering Options522 Report screen filtering options settings 523Horizontal Bar Pie Use Report Templates and View Reports Onscreen  To display the report templates and view reports onscreen524 Report screen report template information 525 526 527 IPS & Application 528 Email Activity Schedule, Email, and Manage Reports  To schedule automatic generation and emailing of reports529 System Report screen schedule report settings Setting Description Schedule ReportsManaging Saved Reports 530 Use Diagnostics Utilities 531 Use the Network Diagnostic Tools Send a Ping Packet To send a ping 532 Use the Real-Time Traffic Diagnostics Tool Trace a RouteDisplay the Routing Table Look Up a DNS Address  To use the real-time traffic diagnostics tool 534 Gather Important Log Information Generate Network Statistics To gather log information about your UTM 535 Perform Maintenance on the USB Device Reboot and Shut Down the UTM536 537 Troubleshoot and Use Online Support 538 Power LED Not On Basic FunctioningVerify the Correct Sequence of Events at Startup Test LED Never Turns Off Troubleshoot the Web Management Interface LAN or WAN Port LEDs Not On540 When You Enter a URL or IP Address, a Time-Out Error Occurs Troubleshoot the ISP Connection541  To check the WAN IP address 542 Troubleshoot a TCP/IP Network Using a Ping Utility Test the LAN Path to Your UTMPing 543 Test the Path from Your Computer to a Remote Device Ping -n 10 IP address544 Restore the Default Configuration and Password 545 Problems with Date and Time Enable Remote TroubleshootingUse Online Support  To initiate the support tunnel Send Suspicious Files to Netgear for Analysis  To submit a file to Netgear for analysis547 Access the Knowledge Base and Documentation Malware Analysis screen settings548 XDSL Network Module for the UTM9S UTM25S 549 XDSL Network Module Configuration Tasks Configure the xDSL SettingsXDSL Network Module for the UTM9S and UTM25S 550  To configure the xDSL settings 551 XDSL settings Setting Description XDSL Settings552 553 VPIVCI 554 561, and Troubleshoot the ISP Connection on 555 Manually Configure the xDSL Internet Connection 556 557 PPPoE and PPPoA settings 558 559 ATM Ipoa 560 561 Configure Network Address Translation 562 Configure Classical Routing 563 564 565 Configure Load Balancing and Optional Protocol Binding 566 Configure Load Balancing 567 568 569 570  To add a secondary WAN address to the DSL interface 571 572 573 Setting Description SLOT-x Dynamic DNS Status 574 575 Advanced DSL settings Default Address radio button576 577 Wireless Network Module for UTM9S and UTM25S 578 Overview of the Wireless Network Module Configuration OrderWireless Equipment Placement and Range Guidelines Wireless Network Module for the UTM9S and UTM25S Configure the Basic Radio Settings  To configure the basic radio settings580 Radio Settings screen settings 581Field Descriptions 582 Operating Frequency Channel Guidelines 583 Wireless Data Security Options 584 Wireless Security Profiles 585 Network authentication Data encryption586 Before You Change the SSID, WEP, and WPA Settings WPA Radius settingsWPA2 Radius settings 587 Configure and Enable Wireless Profiles  To add a wireless profileWireless Profiles screen settings 588 Add Wireless Profiles screen settings Field Description Profile Configuration589 590 Security Options on 591 Tkip TKIP+AESWEP Index and Keys 592 Restrict Wireless Access by MAC Address  To edit a wireless profile To delete one or more wireless profiles  To enable or disable one or more wireless profiles 594 595 Configure a Wireless Distribution System Access Point Status screen fields596 Connected Clients  To enable and configure WDS 597 Configure Advanced Radio Settings  To configure WDS on a peer To configure advanced radio settings 598 Advanced Wireless screen settings 599 Configure WMM QoS Priority Settings 600 601 Test Basic Wireless Connectivity For More Information About Wireless Configurations To test for wireless connectivity 602 3G/4G Dongle Configuration Tasks 603 Manually Configure the USB Internet Connection 3G/4G Dongles for the UTM9S and UTM25S604  To configure the WAN ISP settings for the USB interface 605 USB ISP settings Setting Description 3G Dongle DetailsConnection Settings 606 XDSL, or USB Port Status on 607 Configure the 3G/4G Settings  To configure the 3G/4G settings608 4G settings Setting Description 3GStatusConnection Setting 609 610 APN 611 612 613 614 615 616 617 618 619 Setting Description USB Dynamic DNS Status 620 621 What to Consider Before You Begin 622 WAN port Physical facility Internet623 Computer Network Configuration Requirements Internet Configuration RequirementsWhere Do I Get the Internet Configuration Information? Cabling and Computer Hardware Requirements Internet Connection Information 625 Overview of the Planning Process 626 Inbound Traffic 627 Inbound Traffic to a Single WAN Port System Inbound Traffic to a Dual WAN Port SystemInbound Traffic Dual WAN Ports for Improved Reliability Inbound Traffic Dual WAN Ports for Load Balancing Virtual Private Networks 629 VPN Road Warrior Client-to-Gateway 630 VPN Road Warrior Single-Gateway WAN Port Reference Case 631 VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing 632 VPN Gateway-to-Gateway 633 634 VPN Telecommuter Client-to-Gateway through a NAT Router VPN Telecommuter Single-Gateway WAN Port Reference Case635 636 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing 637 Supported ReadyNAS Models 638 Install the UTM Add-On on the ReadyNAS  To install the UTM add-on on the ReadyNASSelect Add-ons Add New ReadyNAS Integration Select Add-ons Installed 640 Connect to the ReadyNAS on the UTM 641 642 643 Why Do I Need Two-Factor Authentication? What Are the Benefits of Two-Factor Authentication?644 Netgear Two-Factor Authentication Solutions What Is Two-Factor Authentication?Two-Factor Authentication  To use WiKID for end users 646 647 Log message terms 648Term Description Reboot System Log MessagesSystem Startup 649 Login/Logout System logs login/logoutSystem logs NTP 650 Auto-Rollover Mode Firewall RestartIPSec Restart WAN Status Load Balancing Mode System logs WAN status, auto rollover652 ACTIVEWAN2 System logs WAN status, PPPoE idle timeout PPP LogsSystem logs WAN status, load balancing 653 System logs WAN status, Pptp idle timeout 654 Traffic Metering Logs Unicast, Multicast, and Broadcast Logs655 Invalid Packet Logging Icmp Redirect LogsMulticast/Broadcast Logs 656 657 Service Logs Content-Filtering and Security LogsService logs 658 Web Filtering and Content-Filtering Logs 659 Content-filtering and security logs spam Spam Logs660 Traffic Logs Malware LogsEmail Filter Logs 661 Content-filtering and security logs IPS Content-filtering and security logs anomaly behaviorIPS Logs Anomaly Behavior Logs Routing Logs Application LogsLAN-to-WAN Logs 663 LAN-to-DMZ Logs DMZ-to-WAN LogsWAN-to-LAN Logs 664 DMZ-to-LAN Logs WAN-to-DMZ LogsRouting logs WAN to DMZ 665 Default Settings UTM default configuration settingsFeature Login settings Default behavior 666 Default Settings and Technical Specifications Feature Default behavior WAN connectionsAdministrative and monitoring settings 667 Feature Default behavior Firewall and network security 668SIP ALG IPS Feature Application security Default behavior 669 Feature Default behavior 670 Radius settings SSL VPN settingsUser, group, and domain settings 671 672 Physical and Technical Specifications UTM physical and technical specifications673 UTM IPSec VPN specifications Feature Specification Major regulatory complianceInterface specifications Setting Specification UTM SSL VPN specifications Feature Description 802.11b/bg/ng wireless specifications675 Http//prosecure.netgear.com Feature Description 802.11a/na wireless specifications 676AES Regulatory Compliance Information FCC Requirements for Operation in the United States677 Notification of Compliance Wired European Union678 Additional Copyrights 679Terms 680 MD5 Europe EU Declaration of Conformity Edoc in Languages of the European Community681 Language Statement Notification of Compliance Wireless 682 FCC Caution 683 Industry Canada Important Note Radiation Exposure StatementAvertissement 684 Interference Reduction Table 685 Index 686 687 688 See also 689 DMZ 690 Blocking 202, 218, 222 setting access exceptions 691 692 Logs 469, 508-510traffic statistics 693 LAN 694 695 696 697 698 699 SSL VPN 700 TCP/IP 701 702 Logs 290, 470 Dhcp 50, 106, 119 ModeConfig 703 704