266

ProSecure Unified Threat Management (UTM) Appliance

Use the IPSec VPN Wizard for Client and Gateway Configurations

•Create Gateway-to-Gateway VPN Tunnels with the Wizard

•Create a Client-to-Gateway VPN Tunnel

You can use the IPSec VPN Wizard to configure multiple gateway or client VPN tunnel policies.

The following section provides wizard and NETGEAR ProSafe VPN Client software configuration procedures for the following scenarios:

•Using the wizard to configure a VPN tunnel between two VPN gateways

•Using the wizard to configure a VPN tunnel between a VPN gateway and a VPN client

Configuring a VPN tunnel connection requires that you specify all settings on both sides of the VPN tunnel to match or mirror each other precisely, which can be a daunting task. The VPN Wizard efficiently guides you through the setup procedure with a series of questions that determine the IPSec keys and VPN policies it sets up. The VPN Wizard also configures the settings for the network connection: security association (SA), traffic selectors, authentication algorithm, and encryption. The settings that are used by the VPN Wizard are based on the recommendations of the VPN Consortium (VPNC), an organization that promotes multivendor VPN interoperability.

Create Gateway-to-Gateway VPN Tunnels with the Wizard

Figure 151.

To set up a gateway-to-gateway VPN tunnel using the VPN Wizard:

1.Select VPN > IPSec VPN > VPN Wizard. The VPN Wizard screen displays (see the following figure, which shows the VPN Wizard screen for the UTM50, and contains an example).

The About VPN Wizard section of the VPN Wizard screen shows the following minor differences for the various UTM models:

•Single WAN port models. No WAN selection drop-down lists and no Enable RollOver check box.

Virtual Private Networking Using IPSec, PPTP, or L2TP Connections

Page 266

Image 266

NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual Create Gateway-to-Gateway VPN Tunnels with the Wizard, 266

Contents

ProSecure Unified Threat Management UTM Appliance Trademarks ProSecure Product Updates ProSecure Forum Revision HistorySupport ProSecure Unified Threat Management UTM Appliance Application control see Configure Application Control Settings and Technical SpecificationsUpdated Features That Reduce Traffic and Features That Configure Quarantine Settings, Query and Manage Added the Requirements for Entering IP Addresses Appendix B, Wireless Network Module for the UTM9S UTM25SConfigure Distributed Spam Analysis section Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Key Features and Capabilities Introduction Single or multiple exposed hosts Virtual private networks Advanced VPN Support for Both IPSec and SSL Wireless FeaturesDSL Features Powerful, True Firewall Stream Scanning for Content Filtering Security Features Autosensing Ethernet Connections with Auto Uplink Easy Installation and Management Extensive Protocol Support UTM model comparison Maintenance and SupportModel Comparison Service Registration Card with License Keys Network Modules and Broadband Adapters Package Contents Hardware Features USB port Left LAN LEDs Power LEDFront Panel UTM5 and UTM10 Test LED Right WAN LED Right LAN LEDs USB port Left LAN LEDs Left WAN LEDs Active Front Panel UTM25Front Panel UTM50 Test LED Right LAN LEDs Right WAN LEDs LEDs LEDs Right WAN LEDs Test LED Right LAN LEDs Power LED Left LAN LEDs Left WAN LEDs USB portFront Panel UTM150 Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDs Active WAN LEDs Power LED Left WAN LEDs Slot Left LAN LEDs USB portFront Panel UTM9S and UTM25S and Network Modules Test LED Right LAN LEDs Wireless Network Modules XDSL Network Modules Activity Description LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150 WAN ports Activity Description LAN portsDMZ LED USB LED LED Descriptions, UTM9S, UTM25S, and their Network ModulesLED descriptions UTM9S and UTM25S Receptacle Wireless network moduleRear Panel UTM5, UTM10, and UTM25 XDSL network modules Rear Panel UTM50 and UTM150 Factory Defaults Security lockReset button Receptacle Port Power Security lock AC power Receptacle Factory DefaultsReset button Console switch Switch Bottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Use the Setup Wizard to Provision UTM in Your Network Steps for Initial Connection Qualified Web Browsers Use the Setup Wizard to Provision the UTM in Your NetworkLog In to the UTM Requirements for Entering IP Addresses ProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Use the Setup Wizard to Perform the Initial Configuration  To start the Setup Wizard Setup Wizard of 10 LAN Settings Setting Description LAN TCP/IP Setup Dhcp Setting Description DNS Proxy Setup Wizard of 10 WAN Settings Setting Description Inter Vlan Routing ISP Type Setup Wizard WAN Settings screen settingsSetting Description ISP Login ISP See Configure Load Balancing Multiple WAN Port ModelsInternet IP Address Dhcp Get Automatically from ISP radio button Setup Wizard of 10 System Date and TimeDomain Name Server DNS Servers Setting Description Set Time, Date, and NTP Servers Setup Wizard of 10 ServicesSetup Wizard System Date and Time screen settings For Daylight Savings Time check box Setup Wizard Services screen settings Web Setting Description Action Setup Wizard of 10 Email SecuritySetup Wizard Email Security screen settings Setup Wizard of 10 Web Security Scan Exceptions Http Setup Wizard of 10 Web Categories to Be Blocked Blocked Categories Scheduled Days Setup Wizard Web Categories to be blocked screen settingsSetting Description Blocked Web Categories Blocked Categories Time of Day Setup Wizard of 10 Email Notification Setup Wizard Email Notification screen settings Setting Description Update Settings Setup Wizard of 10 Signatures & EngineSetup Wizard Signatures & Engine screen settings Https Proxy Settings Setup Wizard of 10 Saving the ConfigurationSetting Description Update Frequency Register the UTM with Netgear Use the Web Management Interface to Activate Licenses ProSecure Unified Threat Management UTM Appliance Click Retrieve Info Electronic Licensing To retrieve and display the registered information Test Connectivity Verify Correct InstallationWhat to Do Next Test Http Scanning ProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings  Complete these steps Internet and WAN Configuration TasksManually Configure Internet and WAN Settings ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Connection method Manual data input required Pptp If the automatic ISP configuration fails Manually Configure the Internet ConnectionIf the automatic ISP configuration is successful Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load DNS server settings Identifier check box If the manual ISP configuration is successful If the manual ISP configuration fails Configure the WAN Mode Overview of the WAN Modes Configure Network Address Translation All Models Configure Classical Routing All Models Configure Auto-Rollover Mode  To configure auto-rollover mode Failure detection method settings Configure the Failure Detection Method To configure the failure detection method Setting Description WAN Failure Detection Method Ping Configure Load Balancing Multiple WAN Port Models  To configure load balancing Configure Protocol Binding Optional Change Group Names in the Network Database on Add Protocol Binding screen settingsScreen see Outbound Rules Service Blocking on Configure Secondary WAN Addresses  To edit a protocol binding  To add a secondary WAN address to a WAN interface Configure Dynamic DNS  To delete one or more secondary addresses  To configure Ddns Click Apply to save your configuration DNS service settings Set the UTM’s MAC Address and Configure Advanced WAN Options Advanced WAN settings Setting Description MTU Size 1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address Setting Speed DescriptionUpload/Download Settings Failure Detection Method Additional WAN-Related Configuration Tasks LAN Configuration Manage Virtual LANs and Dhcp Options LAN Configuration Port-Based VLANs Assign and Manage Vlan Profiles 100 Vlan Dhcp Options 101 DNS Proxy Dhcp ServerDhcp Relay 102  To add or edit a Vlan profile Configure a Vlan ProfileLdap Server 103 104 105 Edit Vlan Profile screen settingsSetting Description Vlan Profile Port Membership 106 107  To configure a Vlan to have a unique MAC address Configure Vlan MAC Addresses and Advanced LAN Settings To enable, disable, or delete one or more Vlan profiles  To edit a Vlan profile Configure Multihome LAN IP Addresses on the Default 109  To add a secondary LAN IP address 110  To delete one or more secondary LAN IP addresses Manage Groups and Hosts LAN Groups To edit a secondary LAN IP address 111 Manage the Network Database 112 113 Add Computers or Devices to the Network Database Known PCs and devices settingsSetting Description Name Modify Computers or Devices in the Network Database  To edit the names of any of the eight available groups Change Group Names in the Network DatabaseDelete Computers or Devices from the Network Database 115 Set Up Address Reservation 116 117 Configure and Enable the DMZ Port To enable and configure the DMZ port 118 DMZ Setup screen settingsSetting Description DMZ Port Setup 119 120  To add a static route to the Static Route table Configure Static RoutesManage Routing 121 Add Static Route screen settings 122  To edit a static route that is in the Static Routes table Configure Routing Information Protocol To enable and configure RIP Select Network Config Routing  To delete one or more routes RIP Configuration screen settings 124 Authentication for RIP-2B/2M 125 Static Route Example 126 About Firewall Protection 127 128 Administrator TipsFirewall Protection 129 Outbound Rules Service BlockingNumber of supported firewall rule configurations 130 Setting Description Outbound RulesOutbound rules overview Block always 131 Groups and Hosts LAN Groups on Service Profiles on 132 NAT IP Inbound Rules Port Forwarding133 134 Setting Description Inbound Rules 135 136 Quality of Service Profiles on 137 Order of Precedence for Rules 138 139 Configure LAN WAN Rules To change the default outbound policy  To enable, disable, or delete one or more rules Create LAN WAN Outbound Service Rules To change an existing outbound or inbound service rule 140 141 Create LAN WAN Inbound Service Rules To create an inbound LAN WAN service rule Configure DMZ WAN Rules 142  To delete or disable one or more rules 143 144 Create DMZ WAN Outbound Service RulesCreate DMZ WAN Inbound Service Rules 145 Configure LAN DMZ Rules To create an inbound DMZ WAN service rule 146  To create an outbound LAN DMZ service rule Create LAN DMZ Outbound Service RulesCreate LAN DMZ Inbound Service Rules  To create an inbound LAN DMZ service rule LAN WAN Inbound Rule Host a Local Public Web Server Examples of Firewall RulesInbound Rule Examples 148 149 Netgear UTM 150  To configure the UTM for additional IP addresses 151 LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host 152 153 Outbound Rule ExampleLAN WAN Outbound Rule Block Instant Messenger  To create a Vlan rule Configure Other Firewall FeaturesVlan Rules 154 155 Add VLAN-VLAN Service screen settingsAdd Customized Services on 156  To delete or disable one or more Vlan rules To edit a Vlan rule Attack Checks, VPN Pass-through, and Multicast Pass-through Attack Checks screen settingsSetting Description WAN Security Checks 157 Setting Description LAN Security Checks Configure Multicast Pass-Through To configure multicast pass-through 158 159 Set Session Limits  To enable and configure session limitsSession Limit screen settings  To delete one or more multicast source addresses 161  To enable ALG for SIP and VPN scanningSession Timeout 162 Add Customized Services 163 164  To add a customized serviceServices screen settings  To delete one or more services Create Service Groups To edit a service  To create a service group  To edit a service group 166 167 Create IP Groups To create an IP group  To delete an IP group 168 169 Create Quality of Service Profiles To create a QoS profile Add QoS Profile screen settings 170  To edit a QoS profile Default High Medium High LowCreate Bandwidth Profiles  To delete one ore more QoS profiles  To add and enable a bandwidth profile 172 Add Bandwidth Profile screen settings 173  To delete one or more bandwidth profiles Create Traffic Meter Profiles To edit a bandwidth profile 174  To add a traffic meter profile 175 Add Traffic Meter Profile screen settings 176  To delete one or more traffic meter profiles Set a Schedule to Block or Allow Specific Traffic To edit a traffic meter profile  To add a schedule Scheduled Days Add Schedule screen settings178  To edit a schedule Enable Source MAC FilteringSetting Description Scheduled Time of Day  To delete one or more schedules  To remove one or more entries from the table 180 181 Set Up IP/MAC Bindings To set up IP/MAC bindings 182 IP/MAC Binding screen settingsSetting Description Email IP/MAC Violations IP/MAC Bindings  To remove one or more IP/MAC bindings from the table Configure Port Triggering To edit an IP/MAC binding 183 184 Port Triggering screen settings To add a port-triggering rule 185  To edit a port-triggering rule To display the status of the port-triggering rules Configure Universal Plug and Play 186  To configure intrusion prevention Enable and Configure the Intrusion Prevention System To enable intrusion prevention IPS screen settings Security Category Settings 188 IPS, screen 1 Firewall Protection 189 Attack Name Description Web IPS uncommon attack names190 Misc 191Attack Name Description About Content Filtering and Scans 192 Content Filtering and Optimizing Scans Default Email and Web Scan SettingsDefault email and web scan settings 193  To configure the email protocols and ports to scan Configure Email ProtectionCustomize Email Protocol Scan Settings Scan type Default scan setting Default action if applicable Protocol Scan Settings on 195 196 Customize Email Antivirus and Notification Settings To configure the antivirus settings for email traffic Anti-Virus screen settings for email traffic 197 198 Setting Description Scan ExceptionsNotification Settings 199 Email Content FilteringSetting Description Email Alert Settings SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME% 200 Filter by Password-Protected Attachments ZIP, RAR, etc Email Filters screen settingsSetting Description Email Filters 201 202 Setting Description Filter by File TypeProtect Against Email Spam Filter by File Name Set Up the Whitelist and Blacklist 203  To configure the whitelist and blacklist 204 Whitelist/Blacklist screen settings 205  To add a blacklist provider to the real-time blacklist Configure the Real-Time Blacklist To enable the real-time blacklist 206 Configure Distributed Spam Analysis 207 208 Distributed Spam Analysis screen settingsSetting Description Distributed Spam Analysis Low Medium-Low Anti-Spam Engine Settings209 Setting Description Send Quarantine Spam Report Configure Web and Services ProtectionCustomize Web Protocol Scan Settings 210  To configure the web protocols and ports to scan 211 Configure Https Smart Block 212 Add or Edit Https Smart Block Profile settings 213 214  To change a profile 215 Configure Web Malware or Antivirus Scans 216 Scan Exception Anti-Virus screen settings for HTTP/HTTPS traffic217 Html Scan Configure Web Content Filtering 218  To configure web content filtering 219 220 221 Content Filtering screen settingsSetting Description Content Filtering Performance Management on 222Full-Text Search Block Web Objects 223 224 Configure Web URL FilteringSetting Description Web Category Lookup URL  To configure web URL filtering 225 226 URL Filtering screen settingsSetting Description Whitelist Blacklist 227 URL% 228 Configure Https Scanning and SSL CertificatesHow Https Scanning Works 229 Https Settings screen settings Configure the Https Scan Settings To configure the Https scan settings 230 Manage SSL Certificates for Https Scanning 231 Manage the Active Https Certificate 232 Manage Trusted Https Certificates 233 Manage Untrusted Https Certificates  To specify trusted hosts Specify Trusted Hosts for Https Scanning To delete an untrusted certificate 235 Trusted Hosts screen settings 236 SSL Settings screen settings Configure the SSL Settings for Https Scanning To configure the SSL settings for Https scanning 237  To configure the antivirus settings for FTP traffic Configure FTP ScanningCustomize FTP Antivirus Settings Anti-Virus screen settings for FTP Setting Description Scan Exception Configure FTP Content Filtering To configure the FTP filters 239 Configure Application Control 240 241 242 243 To search for an application To select one or more categories of applicationsTo select one or more individual applications 244 245 246 Application Control Policy pop-up screen settingsSetting Description Policy for a category of applications Meter Profiles on  To change an existing application control profile 247 248 Set Exception Rules for Web and Application Access To delete one or more application control profiles  To set web access exception rules 249 Application 250 251 File ExtensionHttps Smart Block Web Category Add or Edit Exceptions screen settingsURL Filtering 252 253 Delete Groups on See Configure Radius VLANs on254 Ldap To select a single application 255To select a category of applications To search for an application For Exceptions for Web and Application Access on 256 257  To disable, enable, or delete one or more exception rules To change an existing exception rule  To create and manage custom categories 258 Custom categories applications 259 To select one or more categories of applications Custom Categories screen settings260 To select one or more individual applications Applications in this Category table 261To remove one or more categories or applications from To add a URL  To change an existing custom category  To configure scanning exclusion rulesSet Scanning Exclusions for IP Addresses and Ports  To delete one or more custom categories Scanning Exclusion screen settings 263 Virtual Private Networking 264 IP addressing for VPNs in dual WAN port systems 265 Create Gateway-to-Gateway VPN Tunnels with the Wizard 266 267 3DES Setting Default Value IKE policy268 SHA-1 IPSec VPN Wizard settings for a gateway-to-gateway tunnel 269 Setting Description Secure Connection Remote Accessibility 270 Create a Client-to-Gateway VPN Tunnel 271 272 273 IPSec VPN Wizard settings for a client-to-gateway tunnelSelect the VPN Client radio button. The default remote Fqdn Fqdn 274 Component Example Information to be collected Information required to configure the VPN client275 276 277 278 279 VPN client advanced authentication settingsSetting Description Advanced features NAT-T 280 281  To create new authentication settingsType vpnclient 10.34.116.22 VPN client authentication settings282 IKE 283 Type netgearplatform  To create an IPSec configurationSetting Description Local and Remote ID 284 ESP VPN client IPSec configuration settings285  To specify the global parameters 286 Test the Netgear VPN Client Connection 287 Click Gateway-Tunnel, and press Ctrl+O 288 289 Netgear VPN Client Status and Log InformationView the UTM IPSec VPN Connection Status IPSec VPN Connection Status screen information View the UTM IPSec VPN Log To query the IPSec VPN log 290 Manage IPSec VPN and IKE Policies 291 IKE Policies Screen  To access the IKE Policies screenManage IKE Policies 292 List of IKE Policies table information 293  To add an IKE policy manually Manually Add or Edit an IKE Policy To delete one or more IKE polices 294 295 296 Add IKE Policy screen settingsSetting Description Mode Config Record General IKE SA Parameters 297Remote 298 299 Setting Description Extended Authentication To edit an IKE policy 300 Manage VPN PoliciesVPN Policies Screen List of VPN Policies table information 301  To delete one or more VPN polices  To enable or disable one or more VPN policiesManually Add or Edit a VPN Policy  To add a VPN policy manually 303 304 Add New VPN Policy screen settingsSetting Description General Traffic Selection Configure Keep-Alives305 Manual Policy Parameters 306 Setting Description Auto Policy Parameters 307 308 Configure Extended Authentication Xauth To edit a VPN policy Extended authentication settings Configure Xauth for VPN Clients To enable and configure Xauth 309  To configure primary and backup Radius servers User Database ConfigurationRadius Client and Server Configuration 310 Backup Radius Server Radius Client screen settingsSetting Description Primary Radius Server Connection Configuration Configure Mode Config Operation on the UTM Assign IP Addresses to Remote Users Mode ConfigMode Config Operation 312  To configure Mode Config on the UTM 313 314 Add Mode Config Record screen settingsSetting Description Client Pool 315 Traffic Tunnel Security Level 316 317 Select Group 2 1024 bit Setting Description IKE SA Parameters318 319 Configure the ProSafe VPN Client for Mode Config OperationUser Database Configuration on 320 Type GWModeConfig 321 VPN client authentication settings Mode Config 322 323 Type TunnelModeConfigVPN client advanced authentication settings Mode Config Enter VPN client IPSec configuration settings Mode Config324 Configure the Mode Config Global Parameters 325 Test the Mode Config Connection 326  To delete one or more Mode Config records Modify or Delete a Mode Config Record To edit a Mode Config record 327 328 Configure Keep-Alives and Dead Peer DetectionConfigure Keep-Alives Keep-alive settings Configure Dead Peer Detection To configure DPD on a configured IKE policy 329 Dead Peer Detection settings Configure NetBIOS Bridging with IPSec VPN To enable NetBIOS bridging on a configured VPN tunnel 330 Configure the Pptp Server 331 332 Pptp Server screen settingsSetting Description Pptp Server  To view the active Pptp tunnel users Setting Description AuthenticationView the Active Pptp Users 333 334 Configure the L2TP ServerPptp Active Users screen information Pptp IP 335 L2TP Server screen settingsSetting Description L2TP Server  To view the active L2TP tunnel users For More IPSec VPN InformationView the Active L2TP Users L2TP Active Users screen information SSL VPN Portal Options 337  To start the SSL VPN Wizard Build a Portal Using the SSL VPN WizardVirtual Private Networking Using SSL Connections 338 SSL VPN Wizard of 6 Portal Settings 339 340 SSL VPN Wizard of 6 screen settings portal settingsSetting Description Portal Layout and Theme Name Wizard of 6 Client IP Addresses and Routes on 341SSL VPN Portal Pages to Display 6 Port Forwarding on SSL VPN Wizard of 6 Domain Settings 342 343 SSL VPN Wizard of 6 screen settings domain settingsServer Configuration Radius Client 344 Display name in the dn format. For example Windows login account name in email format. For345 346 347 SSL VPN Wizard of 6 User SettingsSSL VPN Wizard of 6 screen settings user settings SSL VPN Wizard of 6 Client IP Addresses and Routes 348 Add Routes for VPN Tunnel Clients Setting Description Client IP Address Range349 350 Setting Description Add New Application for Port ForwardingSSL VPN Wizard of 6 Port Forwarding SSH SSL VPN Wizard of 6 Verify and Save Your Settings351 Add New Host Name for Port Forwarding 352 Access the New SSL VPN Portal 353 354 355 View the UTM SSL VPN Connection Status 356  To query the SSL VPN log Manually Configure and Modify SSL PortalsView the UTM SSL VPN Log 357 358 359 Manually Create or Modify the Portal Layout To create an SSL VPN portal layout 360 Add Portal Layout screen settings 361  To edit a portal layout Configure Domains, Groups, and UsersSetting Description SSL VPN Portal Pages to Display  To delete one or more portal layouts  To add a server and a port number Configure Applications for Port ForwardingAdd Servers and Port Numbers 363 364  To add servers and host names for client name resolutionAdd a Host Name TCP application Port number 365 Configure the SSL VPN ClientFully Qualified Domain Name. The full server name  To define the client IP address range Configure the Client IP Address RangeSSL VPN Client screen settings 366 367 Add Routes for VPN Tunnel Clients To add an SSL VPN tunnel client route 368 Configure the Advanced SSL VPN Client Settings To change the LCP time-out  To define a network resource Use Network Resource Objects to Simplify PoliciesAdd New Network Resources 369  To delete one or more network resources Resources screen settings to edit a resourceEdit Network Resources to Specify Addresses  To edit network resources Configure User, Group, and Global Policies 371 Global Default Policy 372  To view the existing policies View PoliciesAdd a Policy  To add an SSL VPN policy 374 Add SSL VPN Policy screen settingsSetting Description Policy For Add SSL VPN Policies 375 Resource Objects to Simplify Policies on  To edit an SSL VPN policy 376 377 For More SSL VPN Information To delete one or more SSL VPN policies Authentication Process and Options 378 Authentication Description Protocol or method External authentication protocols and methodsManage Users, Authentication, and VPN Certificates 379 Administrative Users and Users with Guest Privileges Configure Authentication Domains, Groups, and UsersLogin Portals 380 Users with Special Access Privileges 381 382 383 How an Active Directory Works Active Directories and Ldap ConfigurationsUnauthenticated or Anonymous Users 384 How to Bind a DN in an Active Directory Configuration 385 386 Select Users Domains 387  To create a domain Configure DomainsCreate and Delete Domains 388 389 Add Domain screen settings 390 391 392 393  To delete one or more domains Configure GroupsEdit Domains  To edit a domain 395 Create and Delete Groups To create a VPN group  To delete one or more groups Groups screen settingsEdit Groups  To edit a VPN group 397 Configure Custom Groups To create and manage custom groups 398 Add Custom Group screen settings 399 400  To change an existing custom group To delete one or more custom groups 401 Configure User Accounts To create an individual user account 402  To delete one or more user accounts Add User screen settingsSee Configure Extended Authentication Xauth on 403  To configure user login policies Set User Login PoliciesConfigure Login Policies 404 405 Configure Login Restrictions Based on IP Address To restrict logging in based on IP address  To delete one or more addresses Configure Login Restrictions Based on Web BrowserBy Source IP Address screen settings  To restrict logging in based on the user’s browser 407 Internet Explorer Opera Netscape Navigator To delete one or more browsers 408 Change Passwords and Other User Settings To modify user settings, including passwords DC Agent Edit User screen settingsConfigure Extended Authentication Xauth on 409 410  To download ProSecure DC Agent software and add a DC agent 411  To edit a DC agent  To configure AD SSO with a DC agentDC Agent screen settings 412 413 414  To configure a Radius Vlan Configure Radius VLANs To do so, follow this procedure 415 Configure Global User Settings 416 417 View and Log Out Active Users To log out all active users 418 Active Users screen settings To view all or selected users Manage Digital Certificates for VPN Connections 419 VPN Certificates Screen 420 421 Manage CA Certificates To view and upload trusted certificates 422 Manage Self-Signed Certificates To delete one or more digital certificates 423 512 1024 2048 Generate self-signed certificate request settings424 425  To delete one or more SCRs Manage the Certificate Revocation ListView and Manage Self-Signed Certificates  To delete one or more self-signed certificates  To delete one or more CRLs 427 428 Performance ManagementBandwidth Capacity 429 Features That Reduce TrafficNetwork and System Management 430 Content Filtering 431 432 Features That Increase TrafficSource MAC Filtering 433 434 Configure the DMZ PortPort Triggering Use QoS and Bandwidth Assignments to Shift the Traffic Mix Configure Exposed HostsConfigure VPN Tunnels Assign QoS Profiles Monitoring Tools for Traffic Management Change Passwords and Administrator and Guest SettingsSystem Management 436 437 438 Configure Remote Management Access To configure the UTM for remote management Https//IPaddress or https//FullyQualifiedDomainName 439 Use a Simple Network Management Protocol Manager 440 441 SNMPv1/v2c Settings Global Snmp settings and SNMPv1/v2c settingsSetting Description Snmp Global Settings 442 Setting Description SNMPv3 Settings  To configure the SNMPv3 settingsSNMPv3 settings 443 444  To edit an SNMPv3 user profile Manage the Configuration FileRestore Settings  To delete one or more SNMPv3 user profiles 446 Back Up Settings To back up settings 447 Restore SettingsRevert to Factory Default Settings 448 Update the FirmwareView the Available Firmware Versions Firmware screen, available versions 449 Click Install Downloaded Firmware 450  To download the latest firmware for your UTM 451 452 453  To reboot the UTM without changing the firmware Update the Scan Signatures and Scan Engine FirmwareReboot without Changing the Firmware 454 455 Signatures & Engine screen settings Configure Date and Time ServiceConfigure Automatic Update and Frequency Settings 456  To set time, date, and NTP servers System Date & Time screen settingsAdjust for Daylight Savings Time check box 457 Connect to a ReadyNAS and Configure Quarantine Settings 458  To connect to the ReadyNAS on the UTM Log StorageConnect to a ReadyNAS 459 ReadyNAS Integration screen settings Configure the Quarantine Settings To configure the quarantine settings 460 461 Quarantine settingsUnauthenticated or Anonymous Users on Enable the WAN Traffic Meter 462 Monitor System Access and Performance 463 Traffic Counter Setting Description Enable Traffic Meter464 Event Notifications on Setting Description When Limit is reached 465  To configure the email notification server Configure Logging, Alerts, and Event NotificationsConfigure the Email Notification Server 466 467 Configure and Activate System, Email, and Syslog LogsEmail Notification screen settings  To configure and activate logs 468 Email Logs to Administrator Email and Syslog screen settingsSetting Description System Logs Option 469 Send Logs via Syslog Logs screen see Configure and Activate Firewall Logs on470 Setting Description Clear the Following Logs Information How to Send Syslogs over a VPN Tunnel between SitesConfigure Gateway 1 at Site 471  To change the local IP address in the VPN policy Configure Gateway 2 at Site To change the remote IP address in the VPN policy 472  To specify the syslog server that is connected to Gateway Configure and Activate Update Failure and Attack Alerts To configure and activate the email alerts 473 Alerts screen settings 474 FILENAME%, %ACTION%, %VIRUSNAME% 475TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT% 476 Configure and Activate Firewall Logs To configure and activate firewall logs 477 Setting Description Routing LogsMonitor Real-Time Traffic, Security, and Statistics Dashboard, screen 1 478 479  To set the poll intervalDashboard screen threats and traffic information Total Threats Total Traffic Bytes 480Threats Counts Enable and Configure the Intrusion 481 Dashboard screen service statistics information 482 483 Spam blacklist see Set Up the Whitelist and Blacklist onMonitor Application Use in Real Time RBL 484 Application Dashboard screen  To set the monitoring period To filter the information that is displayed onscreen 485 486 View Status ScreensView the System Status 487 View the System Status ScreenSystem Status screen fields Status Description 488 Scan Settings onView the Network Status Screen System Information 489 Available Access Points TableNetwork Status screen fields LAN Vlan Information 490 View the Router Statistics Screen To view the Router Statistics screen Ssid Router Statistics screen fields View the Wireless Statistics Screen UTM9S and UTM25S Only To view the Wireless Statistics screen 491 Radio Statistics Details Wireless Statistics screen fields492 AP Statistics View the Detailed Status Screen 493 494 Detailed Status screen fields LAN Port ConfigurationConfigure and Enable the DMZ Port on 495 Manually Configure the Internet SettingsMAC Address and Configure 496 497 Wireless information in SLOT-1 Info or SLOT-2 InfoAccess Points Information View the Vlan Status Screen See Configure a Vlan Profile onConfigure a Vlan Profile on Vlan Status screen fields 499 View the Active VPN UsersView the xDSL Statistics Screen UTM9S and UTM25S Only View the VPN Tunnel Connection Status 500 View the Active Pptp and L2TP Users 501 502  To view the status of the port-triggering featureView the Port Triggering Status Port Triggering Status pop-up screen information 503 Connection Status pop-up screen information View the WAN, xDSL, or USB Port Status To view the status of a WAN, xDSL, or USB port 504  To view the attached devices in the LAN Groups screen View Attached Devices and the Dhcp LeasesView Attached Devices 505 506  To view the Dhcp leases Query and Manage the LogsView the Dhcp Leases 507 Overview of the Logs 508 509 Query and Download Logs To query and download logs Logs Query screen settings 510 511 512  To identify infected clients EMERG, ALERT, CRITICAL, ERROR, WARNING, NoticeExample Use the Logs to Identify Infected Clients 513 514 Query and Manage the Quarantine LogsLog Management 515 Query the Quarantined Logs To query the quarantine logs Quarantine screen settings 516 View and Manage the Quarantined Spam Table 517 View and Manage the Quarantined Infected Files Table 518 519 Spam Reports for End Users For an end user to send a spam report 520 View, Schedule, and Generate ReportsClick Send Report Enable Application Session Monitoring 521 522  To configure filtering optionsReport Filtering Options Horizontal Bar Report screen filtering options settings523 Pie 524 Use Report Templates and View Reports Onscreen To display the report templates and view reports onscreen Report screen report template information 525 526 527 IPS & Application 528 Email Activity 529 Schedule, Email, and Manage Reports To schedule automatic generation and emailing of reports System Managing Saved Reports Report screen schedule report settingsSetting Description Schedule Reports 530 Use Diagnostics Utilities 531  To send a ping Use the Network Diagnostic ToolsSend a Ping Packet 532 Display the Routing Table Use the Real-Time Traffic Diagnostics ToolTrace a Route Look Up a DNS Address  To use the real-time traffic diagnostics tool 534  To gather log information about your UTM Gather Important Log InformationGenerate Network Statistics 535 536 Perform Maintenance on the USB DeviceReboot and Shut Down the UTM 537 Troubleshoot and Use Online Support 538 Verify the Correct Sequence of Events at Startup Power LED Not OnBasic Functioning Test LED Never Turns Off 540 Troubleshoot the Web Management InterfaceLAN or WAN Port LEDs Not On 541 When You Enter a URL or IP Address, a Time-Out Error OccursTroubleshoot the ISP Connection  To check the WAN IP address 542 Ping Troubleshoot a TCP/IP Network Using a Ping UtilityTest the LAN Path to Your UTM 543 544 Test the Path from Your Computer to a Remote DevicePing -n 10 IP address Restore the Default Configuration and Password 545 Use Online Support Problems with Date and TimeEnable Remote Troubleshooting  To initiate the support tunnel 547 Send Suspicious Files to Netgear for Analysis To submit a file to Netgear for analysis 548 Access the Knowledge Base and DocumentationMalware Analysis screen settings XDSL Network Module for the UTM9S UTM25S 549 XDSL Network Module for the UTM9S and UTM25S XDSL Network Module Configuration TasksConfigure the xDSL Settings 550  To configure the xDSL settings 551 552 XDSL settingsSetting Description XDSL Settings VCI 553VPI 554 561, and Troubleshoot the ISP Connection on 555 Manually Configure the xDSL Internet Connection 556 557 PPPoE and PPPoA settings 558 559 ATM Ipoa 560 561 Configure Network Address Translation 562 Configure Classical Routing 563 564 565 Configure Load Balancing and Optional Protocol Binding 566 Configure Load Balancing 567 568 569 570  To add a secondary WAN address to the DSL interface 571 572 573 Setting Description SLOT-x Dynamic DNS Status 574 575 576 Advanced DSL settingsDefault Address radio button 577 Wireless Network Module for UTM9S and UTM25S 578 Wireless Equipment Placement and Range Guidelines Overview of the Wireless Network ModuleConfiguration Order Wireless Network Module for the UTM9S and UTM25S 580 Configure the Basic Radio Settings To configure the basic radio settings Field Descriptions Radio Settings screen settings581 582 Operating Frequency Channel Guidelines 583 Wireless Data Security Options 584 Wireless Security Profiles 585 586 Network authenticationData encryption WPA2 Radius settings Before You Change the SSID, WEP, and WPA SettingsWPA Radius settings 587 Wireless Profiles screen settings Configure and Enable Wireless Profiles To add a wireless profile 588 589 Add Wireless Profiles screen settingsField Description Profile Configuration 590 Security Options on WEP Index and Keys 591Tkip TKIP+AES 592  To delete one or more wireless profiles Restrict Wireless Access by MAC Address To edit a wireless profile  To enable or disable one or more wireless profiles 594 595 596 Configure a Wireless Distribution SystemAccess Point Status screen fields Connected Clients  To enable and configure WDS 597  To configure advanced radio settings Configure Advanced Radio Settings To configure WDS on a peer 598 Advanced Wireless screen settings 599 Configure WMM QoS Priority Settings 600 601  To test for wireless connectivity Test Basic Wireless ConnectivityFor More Information About Wireless Configurations 602 3G/4G Dongle Configuration Tasks 603 604 Manually Configure the USB Internet Connection3G/4G Dongles for the UTM9S and UTM25S  To configure the WAN ISP settings for the USB interface 605 Connection Settings USB ISP settingsSetting Description 3G Dongle Details 606 XDSL, or USB Port Status on 607 608 Configure the 3G/4G Settings To configure the 3G/4G settings Connection Setting 4G settingsSetting Description 3GStatus 609 610 APN 611 612 613 614 615 616 617 618 619 Setting Description USB Dynamic DNS Status 620 621 What to Consider Before You Begin 622 623 WAN port Physical facilityInternet Where Do I Get the Internet Configuration Information? Computer Network Configuration RequirementsInternet Configuration Requirements Cabling and Computer Hardware Requirements Internet Connection Information 625 Overview of the Planning Process 626 Inbound Traffic 627 Inbound Traffic Dual WAN Ports for Improved Reliability Inbound Traffic to a Single WAN Port SystemInbound Traffic to a Dual WAN Port System Inbound Traffic Dual WAN Ports for Load Balancing Virtual Private Networks 629 VPN Road Warrior Client-to-Gateway 630 VPN Road Warrior Single-Gateway WAN Port Reference Case 631 VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing 632 VPN Gateway-to-Gateway 633 634 635 VPN Telecommuter Client-to-Gateway through a NAT RouterVPN Telecommuter Single-Gateway WAN Port Reference Case 636 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing 637 Supported ReadyNAS Models 638 Select Add-ons Add New Install the UTM Add-On on the ReadyNAS To install the UTM add-on on the ReadyNAS ReadyNAS Integration Select Add-ons Installed 640 Connect to the ReadyNAS on the UTM 641 642 643 644 Why Do I Need Two-Factor Authentication?What Are the Benefits of Two-Factor Authentication? Two-Factor Authentication Netgear Two-Factor Authentication SolutionsWhat Is Two-Factor Authentication?  To use WiKID for end users 646 647 Term Description Log message terms648 System Startup RebootSystem Log Messages 649 System logs NTP Login/LogoutSystem logs login/logout 650 IPSec Restart Auto-Rollover ModeFirewall Restart WAN Status 652 Load Balancing ModeSystem logs WAN status, auto rollover ACTIVEWAN2 System logs WAN status, load balancing System logs WAN status, PPPoE idle timeoutPPP Logs 653 System logs WAN status, Pptp idle timeout 654 655 Traffic Metering LogsUnicast, Multicast, and Broadcast Logs Multicast/Broadcast Logs Invalid Packet LoggingIcmp Redirect Logs 656 657 Service logs Service LogsContent-Filtering and Security Logs 658 Web Filtering and Content-Filtering Logs 659 660 Content-filtering and security logs spamSpam Logs Email Filter Logs Traffic LogsMalware Logs 661 IPS Logs Content-filtering and security logs IPSContent-filtering and security logs anomaly behavior Anomaly Behavior Logs LAN-to-WAN Logs Routing LogsApplication Logs 663 WAN-to-LAN Logs LAN-to-DMZ LogsDMZ-to-WAN Logs 664 Routing logs WAN to DMZ DMZ-to-LAN LogsWAN-to-DMZ Logs 665 Feature Login settings Default behavior Default SettingsUTM default configuration settings 666 Administrative and monitoring settings Default Settings and Technical SpecificationsFeature Default behavior WAN connections 667 SIP ALG Feature Default behavior Firewall and network security668 IPS Feature Application security Default behavior 669 Feature Default behavior 670 User, group, and domain settings Radius settingsSSL VPN settings 671 672 673 Physical and Technical SpecificationsUTM physical and technical specifications Interface specifications UTM IPSec VPN specificationsFeature Specification Major regulatory compliance Setting Specification 675 UTM SSL VPN specificationsFeature Description 802.11b/bg/ng wireless specifications Http//prosecure.netgear.com AES Feature Description 802.11a/na wireless specifications676 677 Regulatory Compliance InformationFCC Requirements for Operation in the United States 678 Notification of Compliance WiredEuropean Union Terms Additional Copyrights679 680 MD5 681 Europe EU Declaration of ConformityEdoc in Languages of the European Community Language Statement Notification of Compliance Wireless 682 FCC Caution 683 Avertissement Industry CanadaImportant Note Radiation Exposure Statement 684 Interference Reduction Table 685 Index 686 687 688 See also 689 DMZ 690 Blocking 202, 218, 222 setting access exceptions 691 692 Logs 469, 508-510traffic statistics 693 LAN 694 695 696 697 698 699 SSL VPN 700 TCP/IP 701 702 Logs 290, 470 Dhcp 50, 106, 119 ModeConfig 703 704

NETGEAR UTM5EW-100NAS, STM150EW-100NAS Create Gateway-to-Gateway VPN Tunnels with the Wizard, 266

Models: UTM5EW-100NAS STM150EW-100NAS

ProSecure Unified Threat Management (UTM) Appliance

Create Gateway-to-Gateway VPN Tunnels with the Wizard

266