Manuals / NETGEAR / Power Tools / Router

NETGEAR UTM5EW-100NAS manual 270, Setting Description Secure Connection Remote Accessibility

Models: UTM5EW-100NAS STM150EW-100NAS

1 704

Download 704 pages 22.95 Kb

Page 270

ProSecure Unified Threat Management (UTM) Appliance

Table 62. IPSec VPN Wizard settings for a gateway-to-gateway tunnel (continued)

Setting

Description

Secure Connection Remote Accessibility

What is the remote LAN IP	Enter the LAN IP address of the remote gateway.
Address?	Note: The remote LAN IP address needs to be in a different subnet than

	the local LAN IP address. For example, if the local subnet is 192.168.1.x,
	then the remote subnet could be 192.168.10.x. but could not be
	192.168.1.x. If this information is incorrect, the tunnel fails to connect.

What is the remote LAN	Enter the LAN subnet mask of the remote gateway.
Subnet Mask?

a. Both local and remote endpoints should be defined as either FQDNs or IP addresses. A combination of an IP address and an FQDN is not supported.

Tip: To ensure that tunnels stay active, after completing the wizard, manually edit the VPN policy to enable keep-alives, which periodically sends ping packets to the host on the peer side of the network to keep the tunnel alive. For more information, see Configure Keep-Aliveson page 328.

Tip: For DHCP WAN configurations, first set up the tunnel with IP addresses. After you have validated the connection, you can use the wizard to create new policies using the FQDN for the WAN addresses.

3.Click Apply to save your settings. The IPSec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen. By default, the VPN policy is enabled.

Figure 154.

4.Configure a VPN policy on the remote gateway that allows connection to the UTM.

5.Activate the IPSec VPN connection:

a.Select Monitoring > Active Users & VPNs > IPSec VPN Connection Status. The IPSec VPN Connection Status screen displays.

Virtual Private Networking Using IPSec, PPTP, or L2TP Connections

270

Image 270

NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual 270, Setting Description Secure Connection Remote Accessibility

Contents

ProSecure Unified Threat Management UTM Appliance Trademarks ProSecure Product Updates ProSecure Forum Revision HistorySupport ProSecure Unified Threat Management UTM ApplianceApplication control see Configure Application Control Settings and Technical SpecificationsUpdated Features That Reduce Traffic and Features That Configure Quarantine Settings, Query and ManageAppendix B, Wireless Network Module for the UTM9S UTM25S Configure Distributed Spam Analysis sectionAdded the Requirements for Entering IP Addresses Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Key Features and Capabilities IntroductionSingle or multiple exposed hosts Virtual private networks Wireless Features DSL FeaturesAdvanced VPN Support for Both IPSec and SSL Powerful, True Firewall Stream Scanning for Content FilteringSecurity Features Autosensing Ethernet Connections with Auto UplinkEasy Installation and Management Extensive Protocol SupportMaintenance and Support Model ComparisonUTM model comparison Service Registration Card with License Keys Network Modules and Broadband AdaptersPackage Contents Hardware FeaturesUSB port Left LAN LEDs Power LEDFront Panel UTM5 and UTM10 Test LED Right WAN LED Right LAN LEDsUSB port Left LAN LEDs Left WAN LEDs Active Front Panel UTM25Front Panel UTM50 Test LED Right LAN LEDs Right WAN LEDs LEDsLEDs Right WAN LEDs Test LED Right LAN LEDs Power LED Left LAN LEDs Left WAN LEDs USB portFront Panel UTM150 Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDsActive WAN LEDs Power LED Left WAN LEDs Slot Left LAN LEDs USB portFront Panel UTM9S and UTM25S and Network Modules Test LED Right LAN LEDsWireless Network Modules XDSL Network ModulesLED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150Activity Description Activity Description LAN ports DMZ LEDWAN ports LED Descriptions, UTM9S, UTM25S, and their Network Modules LED descriptions UTM9S and UTM25SUSB LED Receptacle Wireless network moduleRear Panel UTM5, UTM10, and UTM25 XDSL network modulesRear Panel UTM50 and UTM150 Factory Defaults Security lockReset button Receptacle PortPower Security lock AC power Receptacle Factory DefaultsReset button Console switch SwitchBottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Use the Setup Wizard to Provision UTM in Your Network Steps for Initial ConnectionQualified Web Browsers Use the Setup Wizard to Provision the UTM in Your NetworkLog In to the UTM Requirements for Entering IP AddressesProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Use the Setup Wizard to Perform the Initial Configuration  To start the Setup WizardSetup Wizard of 10 LAN Settings Setting Description LAN TCP/IP Setup DhcpSetting Description DNS ProxySetup Wizard of 10 WAN Settings Setting Description Inter Vlan RoutingSetup Wizard WAN Settings screen settings Setting Description ISP LoginISP Type ISP See Configure Load Balancing Multiple WAN Port ModelsInternet IP Address DhcpSetup Wizard of 10 System Date and Time Domain Name Server DNS ServersGet Automatically from ISP radio button Setting Description Set Time, Date, and NTP Servers Setup Wizard of 10 ServicesSetup Wizard System Date and Time screen settings For Daylight Savings Time check boxSetup Wizard Services screen settings WebSetup Wizard of 10 Email Security Setup Wizard Email Security screen settingsSetting Description Action Setup Wizard of 10 Web Security Scan ExceptionsHttp Setup Wizard of 10 Web Categories to Be Blocked Blocked Categories Scheduled Days Setup Wizard Web Categories to be blocked screen settingsSetting Description Blocked Web Categories Blocked Categories Time of DaySetup Wizard of 10 Email Notification Setup Wizard Email Notification screen settingsSetup Wizard of 10 Signatures & Engine Setup Wizard Signatures & Engine screen settingsSetting Description Update Settings Setup Wizard of 10 Saving the Configuration Setting Description Update FrequencyHttps Proxy Settings Register the UTM with Netgear Use the Web Management Interface to Activate LicensesProSecure Unified Threat Management UTM Appliance Electronic Licensing  To retrieve and display the registered informationClick Retrieve Info Test Connectivity Verify Correct InstallationWhat to Do Next Test Http ScanningProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings Internet and WAN Configuration Tasks Manually Configure Internet and WAN Settings Complete these steps ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Connection method Manual data input required PptpManually Configure the Internet Connection If the automatic ISP configuration is successfulIf the automatic ISP configuration fails Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load DNS server settings Identifier check boxIf the manual ISP configuration is successful If the manual ISP configuration failsConfigure the WAN Mode Overview of the WAN ModesConfigure Network Address Translation All Models Configure Classical Routing All Models Configure Auto-Rollover Mode  To configure auto-rollover modeFailure detection method settings Configure the Failure Detection Method To configure the failure detection method Setting Description WAN Failure Detection MethodPing Configure Load Balancing Multiple WAN Port Models  To configure load balancingConfigure Protocol Binding Optional Add Protocol Binding screen settings Screen see Outbound Rules Service Blocking onChange Group Names in the Network Database on Configure Secondary WAN Addresses  To edit a protocol binding To add a secondary WAN address to a WAN interface Configure Dynamic DNS  To delete one or more secondary addresses To configure Ddns Click Apply to save your configuration DNS service settingsSet the UTM’s MAC Address and Configure Advanced WAN Options Advanced WAN settings Setting Description MTU Size1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address Setting Speed DescriptionUpload/Download Settings Failure Detection MethodAdditional WAN-Related Configuration Tasks LAN Configuration Manage Virtual LANs and Dhcp OptionsLAN Configuration Port-Based VLANsAssign and Manage Vlan Profiles 100Vlan Dhcp Options 101DNS Proxy Dhcp ServerDhcp Relay 102 To add or edit a Vlan profile Configure a Vlan ProfileLdap Server 103104 105 Edit Vlan Profile screen settingsSetting Description Vlan Profile Port Membership106 107  To configure a Vlan to have a unique MAC address Configure Vlan MAC Addresses and Advanced LAN Settings To enable, disable, or delete one or more Vlan profiles  To edit a Vlan profileConfigure Multihome LAN IP Addresses on the Default 109 To add a secondary LAN IP address 110 To delete one or more secondary LAN IP addresses Manage Groups and Hosts LAN Groups To edit a secondary LAN IP address 111Manage the Network Database 112113 Add Computers or Devices to the Network Database Known PCs and devices settingsSetting Description Name Modify Computers or Devices in the Network Database To edit the names of any of the eight available groups Change Group Names in the Network DatabaseDelete Computers or Devices from the Network Database 115Set Up Address Reservation 116Configure and Enable the DMZ Port  To enable and configure the DMZ port117 DMZ Setup screen settings Setting Description DMZ Port Setup118 119 120  To add a static route to the Static Route table Configure Static RoutesManage Routing 121Add Static Route screen settings 122 To edit a static route that is in the Static Routes table Configure Routing Information Protocol To enable and configure RIP Select Network Config Routing  To delete one or more routesRIP Configuration screen settings 124Authentication for RIP-2B/2M 125Static Route Example 126About Firewall Protection 127Administrator Tips Firewall Protection128 Outbound Rules Service Blocking Number of supported firewall rule configurations129 130 Setting Description Outbound RulesOutbound rules overview Block always131 Groups and Hosts LAN Groups onService Profiles on 132Inbound Rules Port Forwarding 133NAT IP 134 Setting Description Inbound Rules 135136 Quality of Service Profiles on 137Order of Precedence for Rules 138Configure LAN WAN Rules  To change the default outbound policy139  To enable, disable, or delete one or more rules Create LAN WAN Outbound Service Rules To change an existing outbound or inbound service rule 140Create LAN WAN Inbound Service Rules  To create an inbound LAN WAN service rule141 Configure DMZ WAN Rules 142 To delete or disable one or more rules 143Create DMZ WAN Outbound Service Rules Create DMZ WAN Inbound Service Rules144 Configure LAN DMZ Rules  To create an inbound DMZ WAN service rule145 146  To create an outbound LAN DMZ service rule Create LAN DMZ Outbound Service RulesCreate LAN DMZ Inbound Service Rules  To create an inbound LAN DMZ service ruleLAN WAN Inbound Rule Host a Local Public Web Server Examples of Firewall RulesInbound Rule Examples 148149 Netgear UTM 150 To configure the UTM for additional IP addresses 151LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host 152Outbound Rule Example LAN WAN Outbound Rule Block Instant Messenger153  To create a Vlan rule Configure Other Firewall FeaturesVlan Rules 154Add VLAN-VLAN Service screen settings Add Customized Services on155  To delete or disable one or more Vlan rules  To edit a Vlan rule156 Attack Checks, VPN Pass-through, and Multicast Pass-through Attack Checks screen settingsSetting Description WAN Security Checks 157Setting Description LAN Security Checks Configure Multicast Pass-Through To configure multicast pass-through 158159 Set Session Limits  To enable and configure session limitsSession Limit screen settings  To delete one or more multicast source addresses To enable ALG for SIP and VPN scanning Session Timeout161 162 Add Customized Services 163 To add a customized service Services screen settings164  To delete one or more services Create Service Groups To edit a service  To create a service group To edit a service group 166Create IP Groups  To create an IP group167  To delete an IP group 168Create Quality of Service Profiles  To create a QoS profile169 Add QoS Profile screen settings 170 To edit a QoS profile Default High Medium High LowCreate Bandwidth Profiles  To delete one ore more QoS profiles To add and enable a bandwidth profile 172Add Bandwidth Profile screen settings 173 To delete one or more bandwidth profiles Create Traffic Meter Profiles To edit a bandwidth profile 174 To add a traffic meter profile 175Add Traffic Meter Profile screen settings 176 To delete one or more traffic meter profiles Set a Schedule to Block or Allow Specific Traffic To edit a traffic meter profile  To add a scheduleAdd Schedule screen settings 178Scheduled Days  To edit a schedule Enable Source MAC FilteringSetting Description Scheduled Time of Day  To delete one or more schedules To remove one or more entries from the table 180Set Up IP/MAC Bindings  To set up IP/MAC bindings181 182 IP/MAC Binding screen settingsSetting Description Email IP/MAC Violations IP/MAC Bindings To remove one or more IP/MAC bindings from the table Configure Port Triggering To edit an IP/MAC binding 183Port Triggering screen settings  To add a port-triggering rule184  To edit a port-triggering rule  To display the status of the port-triggering rules185 Configure Universal Plug and Play 186 To configure intrusion prevention Enable and Configure the Intrusion Prevention System To enable intrusion prevention IPS screen settingsSecurity Category Settings 188IPS, screen 1 Firewall Protection 189IPS uncommon attack names 190Attack Name Description Web 191 Attack Name DescriptionMisc About Content Filtering and Scans 192Content Filtering and Optimizing Scans Default Email and Web Scan SettingsDefault email and web scan settings 193 To configure the email protocols and ports to scan Configure Email ProtectionCustomize Email Protocol Scan Settings Scan type Default scan setting Default action if applicableProtocol Scan Settings on 195Customize Email Antivirus and Notification Settings  To configure the antivirus settings for email traffic196 Anti-Virus screen settings for email traffic 197Setting Description Scan Exceptions Notification Settings198 199 Email Content FilteringSetting Description Email Alert Settings SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%200 Filter by Password-Protected Attachments ZIP, RAR, etc Email Filters screen settingsSetting Description Email Filters 201202 Setting Description Filter by File TypeProtect Against Email Spam Filter by File NameSet Up the Whitelist and Blacklist 203 To configure the whitelist and blacklist 204Whitelist/Blacklist screen settings 205 To add a blacklist provider to the real-time blacklist Configure the Real-Time Blacklist To enable the real-time blacklist 206Configure Distributed Spam Analysis 207Distributed Spam Analysis screen settings Setting Description Distributed Spam Analysis208 Anti-Spam Engine Settings 209Low Medium-Low Setting Description Send Quarantine Spam Report Configure Web and Services ProtectionCustomize Web Protocol Scan Settings 210 To configure the web protocols and ports to scan 211Configure Https Smart Block 212Add or Edit Https Smart Block Profile settings 213214  To change a profile 215Configure Web Malware or Antivirus Scans 216Scan Exception Anti-Virus screen settings for HTTP/HTTPS traffic217 Html ScanConfigure Web Content Filtering 218 To configure web content filtering 219220 Content Filtering screen settings Setting Description Content Filtering221 Performance Management on 222Full-Text Search Block Web Objects223 224 Configure Web URL FilteringSetting Description Web Category Lookup URL To configure web URL filtering 225226 URL Filtering screen settingsSetting Description Whitelist Blacklist227 URL%Configure Https Scanning and SSL Certificates How Https Scanning Works228 229 Https Settings screen settings Configure the Https Scan Settings To configure the Https scan settings 230Manage SSL Certificates for Https Scanning 231Manage the Active Https Certificate 232Manage Trusted Https Certificates 233Manage Untrusted Https Certificates  To specify trusted hosts Specify Trusted Hosts for Https Scanning To delete an untrusted certificate 235Trusted Hosts screen settings 236SSL Settings screen settings Configure the SSL Settings for Https Scanning To configure the SSL settings for Https scanning 237 To configure the antivirus settings for FTP traffic Configure FTP ScanningCustomize FTP Antivirus Settings Anti-Virus screen settings for FTPSetting Description Scan Exception Configure FTP Content Filtering To configure the FTP filters 239Configure Application Control 240241 242 243 To search for an application To select one or more categories of applicationsTo select one or more individual applications 244245 246 Application Control Policy pop-up screen settingsSetting Description Policy for a category of applications Meter Profiles on To change an existing application control profile 247Set Exception Rules for Web and Application Access  To delete one or more application control profiles248  To set web access exception rules 249Application 250File Extension Https Smart Block251 Web Category Add or Edit Exceptions screen settingsURL Filtering 252253 Delete Groups on See Configure Radius VLANs on254 LdapTo select a single application 255To select a category of applications To search for an applicationFor Exceptions for Web and Application Access on 256 To disable, enable, or delete one or more exception rules  To change an existing exception rule257  To create and manage custom categories 258Custom categories applications 259To select one or more categories of applications Custom Categories screen settings260 To select one or more individual applicationsApplications in this Category table 261To remove one or more categories or applications from To add a URL To change an existing custom category  To configure scanning exclusion rulesSet Scanning Exclusions for IP Addresses and Ports  To delete one or more custom categoriesScanning Exclusion screen settings 263Virtual Private Networking 264IP addressing for VPNs in dual WAN port systems 265Create Gateway-to-Gateway VPN Tunnels with the Wizard 266267 3DES Setting Default Value IKE policy268 SHA-1IPSec VPN Wizard settings for a gateway-to-gateway tunnel 269Setting Description Secure Connection Remote Accessibility 270Create a Client-to-Gateway VPN Tunnel 271272 273 IPSec VPN Wizard settings for a client-to-gateway tunnelSelect the VPN Client radio button. The default remote Fqdn Fqdn274 Information required to configure the VPN client 275Component Example Information to be collected 276 277 278 279 VPN client advanced authentication settingsSetting Description Advanced features NAT-T280  To create new authentication settings Type vpnclient281 10.34.116.22 VPN client authentication settings282 IKE283 Type netgearplatform  To create an IPSec configurationSetting Description Local and Remote ID 284VPN client IPSec configuration settings 285ESP  To specify the global parameters 286Test the Netgear VPN Client Connection 287Click Gateway-Tunnel, and press Ctrl+O 288Netgear VPN Client Status and Log Information View the UTM IPSec VPN Connection Status289 IPSec VPN Connection Status screen information View the UTM IPSec VPN Log To query the IPSec VPN log 290Manage IPSec VPN and IKE Policies 291IKE Policies Screen  To access the IKE Policies screenManage IKE Policies 292List of IKE Policies table information 293 To add an IKE policy manually Manually Add or Edit an IKE Policy To delete one or more IKE polices 294295 296 Add IKE Policy screen settingsSetting Description Mode Config Record General297 RemoteIKE SA Parameters 298 Setting Description Extended Authentication  To edit an IKE policy299 Manage VPN Policies VPN Policies Screen300 List of VPN Policies table information 301 To delete one or more VPN polices  To enable or disable one or more VPN policiesManually Add or Edit a VPN Policy  To add a VPN policy manually303 Add New VPN Policy screen settings Setting Description General304 Traffic Selection Configure Keep-Alives305 Manual Policy Parameters306 Setting Description Auto Policy Parameters 307Configure Extended Authentication Xauth  To edit a VPN policy308 Extended authentication settings Configure Xauth for VPN Clients To enable and configure Xauth 309 To configure primary and backup Radius servers User Database ConfigurationRadius Client and Server Configuration 310Backup Radius Server Radius Client screen settingsSetting Description Primary Radius Server Connection ConfigurationConfigure Mode Config Operation on the UTM Assign IP Addresses to Remote Users Mode ConfigMode Config Operation 312 To configure Mode Config on the UTM 313Add Mode Config Record screen settings Setting Description Client Pool314 315 Traffic Tunnel Security Level316 317 Setting Description IKE SA Parameters 318Select Group 2 1024 bit Configure the ProSafe VPN Client for Mode Config Operation User Database Configuration on319 320 Type GWModeConfig 321VPN client authentication settings Mode Config 322Type TunnelModeConfig VPN client advanced authentication settings Mode Config323 VPN client IPSec configuration settings Mode Config 324Enter Configure the Mode Config Global Parameters 325Test the Mode Config Connection 326 To delete one or more Mode Config records Modify or Delete a Mode Config Record To edit a Mode Config record 327Configure Keep-Alives and Dead Peer Detection Configure Keep-Alives328 Keep-alive settings Configure Dead Peer Detection To configure DPD on a configured IKE policy 329Dead Peer Detection settings Configure NetBIOS Bridging with IPSec VPN To enable NetBIOS bridging on a configured VPN tunnel 330Configure the Pptp Server 331Pptp Server screen settings Setting Description Pptp Server332  To view the active Pptp tunnel users Setting Description AuthenticationView the Active Pptp Users 333334 Configure the L2TP ServerPptp Active Users screen information Pptp IPL2TP Server screen settings Setting Description L2TP Server335  To view the active L2TP tunnel users For More IPSec VPN InformationView the Active L2TP Users L2TP Active Users screen informationSSL VPN Portal Options 337 To start the SSL VPN Wizard Build a Portal Using the SSL VPN WizardVirtual Private Networking Using SSL Connections 338SSL VPN Wizard of 6 Portal Settings 339SSL VPN Wizard of 6 screen settings portal settings Setting Description Portal Layout and Theme Name340 Wizard of 6 Client IP Addresses and Routes on 341SSL VPN Portal Pages to Display 6 Port Forwarding onSSL VPN Wizard of 6 Domain Settings 342343 SSL VPN Wizard of 6 screen settings domain settingsServer Configuration Radius Client344 Windows login account name in email format. For 345Display name in the dn format. For example 346 SSL VPN Wizard of 6 User Settings SSL VPN Wizard of 6 screen settings user settings347 SSL VPN Wizard of 6 Client IP Addresses and Routes 348Setting Description Client IP Address Range 349Add Routes for VPN Tunnel Clients Setting Description Add New Application for Port Forwarding SSL VPN Wizard of 6 Port Forwarding350 SSH SSL VPN Wizard of 6 Verify and Save Your Settings351 Add New Host Name for Port Forwarding352 Access the New SSL VPN Portal 353354 355 View the UTM SSL VPN Connection Status 356 To query the SSL VPN log Manually Configure and Modify SSL PortalsView the UTM SSL VPN Log 357358 Manually Create or Modify the Portal Layout  To create an SSL VPN portal layout359 360 Add Portal Layout screen settings 361 To edit a portal layout Configure Domains, Groups, and UsersSetting Description SSL VPN Portal Pages to Display  To delete one or more portal layouts To add a server and a port number Configure Applications for Port ForwardingAdd Servers and Port Numbers 363364  To add servers and host names for client name resolutionAdd a Host Name TCP application Port numberConfigure the SSL VPN Client Fully Qualified Domain Name. The full server name365  To define the client IP address range Configure the Client IP Address RangeSSL VPN Client screen settings 366Add Routes for VPN Tunnel Clients  To add an SSL VPN tunnel client route367 Configure the Advanced SSL VPN Client Settings  To change the LCP time-out368  To define a network resource Use Network Resource Objects to Simplify PoliciesAdd New Network Resources 369 To delete one or more network resources Resources screen settings to edit a resourceEdit Network Resources to Specify Addresses  To edit network resourcesConfigure User, Group, and Global Policies 371Global Default Policy 372 To view the existing policies View PoliciesAdd a Policy  To add an SSL VPN policy374 Add SSL VPN Policy screen settingsSetting Description Policy For Add SSL VPN Policies375 Resource Objects to Simplify Policies on To edit an SSL VPN policy 376For More SSL VPN Information  To delete one or more SSL VPN policies377 Authentication Process and Options 378Authentication Description Protocol or method External authentication protocols and methodsManage Users, Authentication, and VPN Certificates 379Administrative Users and Users with Guest Privileges Configure Authentication Domains, Groups, and UsersLogin Portals 380Users with Special Access Privileges 381382 383 How an Active Directory Works Active Directories and Ldap ConfigurationsUnauthenticated or Anonymous Users 384How to Bind a DN in an Active Directory Configuration 385386 Select Users Domains 387 To create a domain Configure DomainsCreate and Delete Domains 388389 Add Domain screen settings 390391 392 393  To delete one or more domains Configure GroupsEdit Domains  To edit a domainCreate and Delete Groups  To create a VPN group395  To delete one or more groups Groups screen settingsEdit Groups  To edit a VPN groupConfigure Custom Groups  To create and manage custom groups397 398 Add Custom Group screen settings 399 To change an existing custom group  To delete one or more custom groups400 Configure User Accounts  To create an individual user account401 402  To delete one or more user accounts Add User screen settingsSee Configure Extended Authentication Xauth on 403 To configure user login policies Set User Login PoliciesConfigure Login Policies 404Configure Login Restrictions Based on IP Address  To restrict logging in based on IP address405  To delete one or more addresses Configure Login Restrictions Based on Web BrowserBy Source IP Address screen settings  To restrict logging in based on the user’s browserInternet Explorer Opera Netscape Navigator  To delete one or more browsers407 Change Passwords and Other User Settings  To modify user settings, including passwords408 DC Agent Edit User screen settingsConfigure Extended Authentication Xauth on 409410  To download ProSecure DC Agent software and add a DC agent 411 To edit a DC agent  To configure AD SSO with a DC agentDC Agent screen settings 412413 414  To configure a Radius Vlan Configure Radius VLANs To do so, follow this procedure 415Configure Global User Settings 416View and Log Out Active Users  To log out all active users417 Active Users screen settings  To view all or selected users418 Manage Digital Certificates for VPN Connections 419VPN Certificates Screen 420Manage CA Certificates  To view and upload trusted certificates421 Manage Self-Signed Certificates  To delete one or more digital certificates422 423 Generate self-signed certificate request settings 424512 1024 2048 425  To delete one or more SCRs Manage the Certificate Revocation ListView and Manage Self-Signed Certificates  To delete one or more self-signed certificates To delete one or more CRLs 427Performance Management Bandwidth Capacity428 Features That Reduce Traffic Network and System Management429 430 Content Filtering 431Features That Increase Traffic Source MAC Filtering432 433 Configure the DMZ Port Port Triggering434 Use QoS and Bandwidth Assignments to Shift the Traffic Mix Configure Exposed HostsConfigure VPN Tunnels Assign QoS ProfilesMonitoring Tools for Traffic Management Change Passwords and Administrator and Guest SettingsSystem Management 436437 Configure Remote Management Access  To configure the UTM for remote management438 Https//IPaddress or https//FullyQualifiedDomainName 439Use a Simple Network Management Protocol Manager 440441 SNMPv1/v2c Settings Global Snmp settings and SNMPv1/v2c settingsSetting Description Snmp Global Settings 442Setting Description SNMPv3 Settings  To configure the SNMPv3 settingsSNMPv3 settings 443444  To edit an SNMPv3 user profile Manage the Configuration FileRestore Settings  To delete one or more SNMPv3 user profilesBack Up Settings  To back up settings446 Restore Settings Revert to Factory Default Settings447 Update the Firmware View the Available Firmware Versions448 Firmware screen, available versions 449Click Install Downloaded Firmware 450 To download the latest firmware for your UTM 451452 453  To reboot the UTM without changing the firmware Update the Scan Signatures and Scan Engine FirmwareReboot without Changing the Firmware 454455 Signatures & Engine screen settings Configure Date and Time ServiceConfigure Automatic Update and Frequency Settings 456 To set time, date, and NTP servers System Date & Time screen settingsAdjust for Daylight Savings Time check box 457Connect to a ReadyNAS and Configure Quarantine Settings 458 To connect to the ReadyNAS on the UTM Log StorageConnect to a ReadyNAS 459ReadyNAS Integration screen settings Configure the Quarantine Settings To configure the quarantine settings 460Quarantine settings Unauthenticated or Anonymous Users on461 Enable the WAN Traffic Meter 462Monitor System Access and Performance 463Traffic Counter Setting Description Enable Traffic Meter464 Event Notifications onSetting Description When Limit is reached 465 To configure the email notification server Configure Logging, Alerts, and Event NotificationsConfigure the Email Notification Server 466Configure and Activate System, Email, and Syslog Logs Email Notification screen settings467  To configure and activate logs 468Email Logs to Administrator Email and Syslog screen settingsSetting Description System Logs Option 469Logs screen see Configure and Activate Firewall Logs on 470Send Logs via Syslog Setting Description Clear the Following Logs Information How to Send Syslogs over a VPN Tunnel between SitesConfigure Gateway 1 at Site 471 To change the local IP address in the VPN policy Configure Gateway 2 at Site To change the remote IP address in the VPN policy 472 To specify the syslog server that is connected to Gateway Configure and Activate Update Failure and Attack Alerts To configure and activate the email alerts 473Alerts screen settings 474475 TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%FILENAME%, %ACTION%, %VIRUSNAME% Configure and Activate Firewall Logs  To configure and activate firewall logs476 Setting Description Routing Logs Monitor Real-Time Traffic, Security, and Statistics477 Dashboard, screen 1 478479  To set the poll intervalDashboard screen threats and traffic information Total Threats480 Threats CountsTotal Traffic Bytes Enable and Configure the Intrusion 481Dashboard screen service statistics information 482483 Spam blacklist see Set Up the Whitelist and Blacklist onMonitor Application Use in Real Time RBL484 Application Dashboard screen  To set the monitoring period To filter the information that is displayed onscreen 485View Status Screens View the System Status486 487 View the System Status ScreenSystem Status screen fields Status Description488 Scan Settings onView the Network Status Screen System Information489 Available Access Points TableNetwork Status screen fields LAN Vlan Information490 View the Router Statistics Screen To view the Router Statistics screen SsidRouter Statistics screen fields View the Wireless Statistics Screen UTM9S and UTM25S Only To view the Wireless Statistics screen 491Radio Statistics Details Wireless Statistics screen fields492 AP StatisticsView the Detailed Status Screen 493494 Detailed Status screen fields LAN Port ConfigurationConfigure and Enable the DMZ Port on 495Manually Configure the Internet SettingsMAC Address and Configure 496Wireless information in SLOT-1 Info or SLOT-2 Info Access Points Information497 View the Vlan Status Screen See Configure a Vlan Profile onConfigure a Vlan Profile on Vlan Status screen fieldsView the Active VPN Users View the xDSL Statistics Screen UTM9S and UTM25S Only499 View the VPN Tunnel Connection Status 500View the Active Pptp and L2TP Users 501 To view the status of the port-triggering feature View the Port Triggering Status502 Port Triggering Status pop-up screen information 503Connection Status pop-up screen information View the WAN, xDSL, or USB Port Status To view the status of a WAN, xDSL, or USB port 504 To view the attached devices in the LAN Groups screen View Attached Devices and the Dhcp LeasesView Attached Devices 505506  To view the Dhcp leases Query and Manage the LogsView the Dhcp Leases 507Overview of the Logs 508Query and Download Logs  To query and download logs509 Logs Query screen settings 510511 512  To identify infected clients EMERG, ALERT, CRITICAL, ERROR, WARNING, NoticeExample Use the Logs to Identify Infected Clients 513Query and Manage the Quarantine Logs Log Management514 Query the Quarantined Logs  To query the quarantine logs515 Quarantine screen settings 516View and Manage the Quarantined Spam Table 517View and Manage the Quarantined Infected Files Table 518Spam Reports for End Users  For an end user to send a spam report519 View, Schedule, and Generate Reports Click Send Report520 Enable Application Session Monitoring 521 To configure filtering options Report Filtering Options522 Horizontal Bar Report screen filtering options settings523 PieUse Report Templates and View Reports Onscreen  To display the report templates and view reports onscreen524 Report screen report template information 525526 527 IPS & Application528 Email Activity529 Schedule, Email, and Manage Reports To schedule automatic generation and emailing of reports SystemManaging Saved Reports Report screen schedule report settingsSetting Description Schedule Reports 530Use Diagnostics Utilities 531 To send a ping Use the Network Diagnostic ToolsSend a Ping Packet 532Display the Routing Table Use the Real-Time Traffic Diagnostics ToolTrace a Route Look Up a DNS Address To use the real-time traffic diagnostics tool 534 To gather log information about your UTM Gather Important Log InformationGenerate Network Statistics 535Perform Maintenance on the USB Device Reboot and Shut Down the UTM536 537 Troubleshoot and Use Online Support 538Verify the Correct Sequence of Events at Startup Power LED Not OnBasic Functioning Test LED Never Turns OffTroubleshoot the Web Management Interface LAN or WAN Port LEDs Not On540 When You Enter a URL or IP Address, a Time-Out Error Occurs Troubleshoot the ISP Connection541  To check the WAN IP address 542Ping Troubleshoot a TCP/IP Network Using a Ping UtilityTest the LAN Path to Your UTM 543Test the Path from Your Computer to a Remote Device Ping -n 10 IP address544 Restore the Default Configuration and Password 545Use Online Support Problems with Date and TimeEnable Remote Troubleshooting  To initiate the support tunnelSend Suspicious Files to Netgear for Analysis  To submit a file to Netgear for analysis547 Access the Knowledge Base and Documentation Malware Analysis screen settings548 XDSL Network Module for the UTM9S UTM25S 549XDSL Network Module for the UTM9S and UTM25S XDSL Network Module Configuration TasksConfigure the xDSL Settings 550 To configure the xDSL settings 551XDSL settings Setting Description XDSL Settings552 553 VPIVCI 554 561, and Troubleshoot the ISP Connection on 555Manually Configure the xDSL Internet Connection 556557 PPPoE and PPPoA settings 558559 ATM Ipoa560 561 Configure Network Address Translation 562Configure Classical Routing 563564 565 Configure Load Balancing and Optional Protocol Binding 566Configure Load Balancing 567568 569 570  To add a secondary WAN address to the DSL interface 571572 573 Setting Description SLOT-x Dynamic DNS Status 574575 Advanced DSL settings Default Address radio button576 577 Wireless Network Module for UTM9S and UTM25S 578Wireless Equipment Placement and Range Guidelines Overview of the Wireless Network ModuleConfiguration Order Wireless Network Module for the UTM9S and UTM25SConfigure the Basic Radio Settings  To configure the basic radio settings580 Radio Settings screen settings 581Field Descriptions 582 Operating Frequency Channel Guidelines 583Wireless Data Security Options 584Wireless Security Profiles 585Network authentication Data encryption586 WPA2 Radius settings Before You Change the SSID, WEP, and WPA SettingsWPA Radius settings 587Wireless Profiles screen settings Configure and Enable Wireless Profiles To add a wireless profile 588Add Wireless Profiles screen settings Field Description Profile Configuration589 590 Security Options on591 Tkip TKIP+AESWEP Index and Keys 592  To delete one or more wireless profiles Restrict Wireless Access by MAC Address To edit a wireless profile  To enable or disable one or more wireless profiles594 595 596 Configure a Wireless Distribution SystemAccess Point Status screen fields Connected Clients To enable and configure WDS 597 To configure advanced radio settings Configure Advanced Radio Settings To configure WDS on a peer 598Advanced Wireless screen settings 599Configure WMM QoS Priority Settings 600601  To test for wireless connectivity Test Basic Wireless ConnectivityFor More Information About Wireless Configurations 6023G/4G Dongle Configuration Tasks 603Manually Configure the USB Internet Connection 3G/4G Dongles for the UTM9S and UTM25S604  To configure the WAN ISP settings for the USB interface 605Connection Settings USB ISP settingsSetting Description 3G Dongle Details 606XDSL, or USB Port Status on 607Configure the 3G/4G Settings  To configure the 3G/4G settings608 Connection Setting 4G settingsSetting Description 3GStatus 609610 APN611 612 613 614 615 616 617 618 619 Setting Description USB Dynamic DNS Status 620621 What to Consider Before You Begin 622WAN port Physical facility Internet623 Where Do I Get the Internet Configuration Information? Computer Network Configuration RequirementsInternet Configuration Requirements Cabling and Computer Hardware RequirementsInternet Connection Information 625Overview of the Planning Process 626Inbound Traffic 627Inbound Traffic Dual WAN Ports for Improved Reliability Inbound Traffic to a Single WAN Port SystemInbound Traffic to a Dual WAN Port System Inbound Traffic Dual WAN Ports for Load BalancingVirtual Private Networks 629VPN Road Warrior Client-to-Gateway 630VPN Road Warrior Single-Gateway WAN Port Reference Case 631VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing 632VPN Gateway-to-Gateway 633634 VPN Telecommuter Client-to-Gateway through a NAT Router VPN Telecommuter Single-Gateway WAN Port Reference Case635 636 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing 637Supported ReadyNAS Models 638Select Add-ons Add New Install the UTM Add-On on the ReadyNAS To install the UTM add-on on the ReadyNAS ReadyNAS IntegrationSelect Add-ons Installed 640Connect to the ReadyNAS on the UTM 641642 643 Why Do I Need Two-Factor Authentication? What Are the Benefits of Two-Factor Authentication?644 Two-Factor Authentication Netgear Two-Factor Authentication SolutionsWhat Is Two-Factor Authentication?  To use WiKID for end users646 647 Log message terms 648Term Description System Startup RebootSystem Log Messages 649System logs NTP Login/LogoutSystem logs login/logout 650IPSec Restart Auto-Rollover ModeFirewall Restart WAN Status652 Load Balancing ModeSystem logs WAN status, auto rollover ACTIVEWAN2System logs WAN status, load balancing System logs WAN status, PPPoE idle timeoutPPP Logs 653System logs WAN status, Pptp idle timeout 654Traffic Metering Logs Unicast, Multicast, and Broadcast Logs655 Multicast/Broadcast Logs Invalid Packet LoggingIcmp Redirect Logs 656657 Service logs Service LogsContent-Filtering and Security Logs 658Web Filtering and Content-Filtering Logs 659Content-filtering and security logs spam Spam Logs660 Email Filter Logs Traffic LogsMalware Logs 661IPS Logs Content-filtering and security logs IPSContent-filtering and security logs anomaly behavior Anomaly Behavior LogsLAN-to-WAN Logs Routing LogsApplication Logs 663WAN-to-LAN Logs LAN-to-DMZ LogsDMZ-to-WAN Logs 664Routing logs WAN to DMZ DMZ-to-LAN LogsWAN-to-DMZ Logs 665Feature Login settings Default behavior Default SettingsUTM default configuration settings 666Administrative and monitoring settings Default Settings and Technical SpecificationsFeature Default behavior WAN connections 667SIP ALG Feature Default behavior Firewall and network security668 IPSFeature Application security Default behavior 669Feature Default behavior 670User, group, and domain settings Radius settingsSSL VPN settings 671672 Physical and Technical Specifications UTM physical and technical specifications673 Interface specifications UTM IPSec VPN specificationsFeature Specification Major regulatory compliance Setting Specification675 UTM SSL VPN specificationsFeature Description 802.11b/bg/ng wireless specifications Http//prosecure.netgear.comFeature Description 802.11a/na wireless specifications 676AES Regulatory Compliance Information FCC Requirements for Operation in the United States677 Notification of Compliance Wired European Union678 Additional Copyrights 679Terms 680 MD5681 Europe EU Declaration of ConformityEdoc in Languages of the European Community Language StatementNotification of Compliance Wireless 682FCC Caution 683Avertissement Industry CanadaImportant Note Radiation Exposure Statement 684Interference Reduction Table 685Index 686687 688 See also689 DMZ690 Blocking 202, 218, 222 setting access exceptions 691692 Logs 469, 508-510traffic statistics693 LAN694 695 696 697 698 699 SSL VPN700 TCP/IP701 702 Logs 290, 470Dhcp 50, 106, 119 ModeConfig 703704