ProSecure Unified Threat Management UTM Appliance
Trademarks
ProSecure Product Updates ProSecure Forum Revision History
Support
ProSecure Unified Threat Management UTM Appliance
Application control see Configure Application Control
Settings and Technical Specifications
Updated Features That Reduce Traffic and Features That
Configure Quarantine Settings, Query and Manage
Added the Requirements for Entering IP Addresses
Appendix B, Wireless Network Module for the UTM9S UTM25S
Configure Distributed Spam Analysis section
Contents
Manually Configure Internet and WAN Settings
Firewall Protection
Content Filtering and Optimizing Scans
Virtual Private Networking Using SSL Connections
Network and System Management
Troubleshoot and Use Online Support
Appendix a xDSL Network Module for the UTM9S and UTM25S
Appendix E ReadyNAS Integration
Appendix H Default Settings and Technical Specifications
Introduction
Key Features and Capabilities
Introduction
Single or multiple exposed hosts Virtual private networks
Advanced VPN Support for Both IPSec and SSL
Wireless Features
DSL Features
Powerful, True Firewall
Stream Scanning for Content Filtering
Security Features
Autosensing Ethernet Connections with Auto Uplink
Easy Installation and Management
Extensive Protocol Support
UTM model comparison
Maintenance and Support
Model Comparison
Service Registration Card with License Keys
Network Modules and Broadband Adapters
Package Contents
Hardware Features
USB port Left LAN LEDs
Power LED
Front Panel UTM5 and UTM10
Test LED Right WAN LED Right LAN LEDs
USB port Left LAN LEDs Left WAN LEDs Active
Front Panel UTM25
Front Panel UTM50
Test LED Right LAN LEDs Right WAN LEDs LEDs
LEDs Right WAN LEDs Test LED Right LAN LEDs
Power LED Left LAN LEDs Left WAN LEDs USB port
Front Panel UTM150
Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDs
Active WAN LEDs
Power LED Left WAN LEDs Slot Left LAN LEDs USB port
Front Panel UTM9S and UTM25S and Network Modules
Test LED Right LAN LEDs
Wireless Network Modules
XDSL Network Modules
Activity Description
LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150
LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150
WAN ports
Activity Description LAN ports
DMZ LED
USB LED
LED Descriptions, UTM9S, UTM25S, and their Network Modules
LED descriptions UTM9S and UTM25S
Receptacle
Wireless network module
Rear Panel UTM5, UTM10, and UTM25
XDSL network modules
Rear Panel UTM50 and UTM150
Factory Defaults Security lock
Reset button Receptacle
Port
Power
Security lock AC power Receptacle Factory Defaults
Reset button Console switch
Switch
Bottom Panels with Product Labels
ProSecure Unified Threat Management UTM Appliance
ProSecure Unified Threat Management UTM Appliance
Choose a Location for the UTM
Use the Rack-Mounting Kit
Use the Setup Wizard to Provision UTM in Your Network
Steps for Initial Connection
Qualified Web Browsers
Use the Setup Wizard to Provision the UTM in Your Network
Log In to the UTM
Requirements for Entering IP Addresses
ProSecure Unified Threat Management UTM Appliance
Web Management Interface Menu Layout
ProSecure Unified Threat Management UTM Appliance
ProSecure Unified Threat Management UTM Appliance
Use the Setup Wizard to Perform the Initial Configuration
To start the Setup Wizard
Setup Wizard of 10 LAN Settings
Setting Description LAN TCP/IP Setup
Dhcp
Setting Description
DNS Proxy
Setup Wizard of 10 WAN Settings
Setting Description Inter Vlan Routing
ISP Type
Setup Wizard WAN Settings screen settings
Setting Description ISP Login
ISP
See Configure Load Balancing Multiple WAN Port Models
Internet IP Address
Dhcp
Get Automatically from ISP radio button
Setup Wizard of 10 System Date and Time
Domain Name Server DNS Servers
Setting Description Set Time, Date, and NTP Servers
Setup Wizard of 10 Services
Setup Wizard System Date and Time screen settings
For Daylight Savings Time check box
Setup Wizard Services screen settings
Web
Setting Description Action
Setup Wizard of 10 Email Security
Setup Wizard Email Security screen settings
Setup Wizard of 10 Web Security
Scan Exceptions
Http
Setup Wizard of 10 Web Categories to Be Blocked
Blocked Categories Scheduled Days
Setup Wizard Web Categories to be blocked screen settings
Setting Description Blocked Web Categories
Blocked Categories Time of Day
Setup Wizard of 10 Email Notification
Setup Wizard Email Notification screen settings
Setting Description Update Settings
Setup Wizard of 10 Signatures & Engine
Setup Wizard Signatures & Engine screen settings
Https Proxy Settings
Setup Wizard of 10 Saving the Configuration
Setting Description Update Frequency
Register the UTM with Netgear
Use the Web Management Interface to Activate Licenses
ProSecure Unified Threat Management UTM Appliance
Click Retrieve Info
Electronic Licensing
To retrieve and display the registered information
Test Connectivity
Verify Correct Installation
What to Do Next
Test Http Scanning
ProSecure Unified Threat Management UTM Appliance
Manually Configure Internet and WAN Settings
Complete these steps
Internet and WAN Configuration Tasks
Manually Configure Internet and WAN Settings
ProSecure Unified Threat Management UTM Appliance
ProSecure Unified Threat Management UTM Appliance
Connection method Manual data input required
Pptp
If the automatic ISP configuration fails
Manually Configure the Internet Connection
If the automatic ISP configuration is successful
Pptp and PPPoE settings
Balancing Multiple WAN Port Models on page 86 . To use load
DNS server settings
Identifier check box
If the manual ISP configuration is successful
If the manual ISP configuration fails
Configure the WAN Mode
Overview of the WAN Modes
Configure Network Address Translation All Models
Configure Classical Routing All Models
Configure Auto-Rollover Mode
To configure auto-rollover mode
Failure detection method settings
Configure the Failure Detection Method
To configure the failure detection method
Setting Description WAN Failure Detection Method
Ping
Configure Load Balancing Multiple WAN Port Models
To configure load balancing
Configure Protocol Binding Optional
Change Group Names in the Network Database on
Add Protocol Binding screen settings
Screen see Outbound Rules Service Blocking on
Configure Secondary WAN Addresses
To edit a protocol binding
To add a secondary WAN address to a WAN interface
Configure Dynamic DNS
To delete one or more secondary addresses
To configure Ddns
Click Apply to save your configuration
DNS service settings
Set the UTM’s MAC Address and Configure Advanced WAN Options
Advanced WAN settings
Setting Description MTU Size
1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address
Setting Speed Description
Upload/Download Settings
Failure Detection Method
Additional WAN-Related Configuration Tasks
LAN Configuration
Manage Virtual LANs and Dhcp Options
LAN Configuration
Port-Based VLANs
Assign and Manage Vlan Profiles
100
Vlan Dhcp Options
101
DNS Proxy
Dhcp Server
Dhcp Relay
102
To add or edit a Vlan profile
Configure a Vlan Profile
Ldap Server
103
104
105
Edit Vlan Profile screen settings
Setting Description Vlan Profile
Port Membership
106
107
To configure a Vlan to have a unique MAC address
Configure Vlan MAC Addresses and Advanced LAN Settings
To enable, disable, or delete one or more Vlan profiles
To edit a Vlan profile
Configure Multihome LAN IP Addresses on the Default
109
To add a secondary LAN IP address
110
To delete one or more secondary LAN IP addresses
Manage Groups and Hosts LAN Groups
To edit a secondary LAN IP address
111
Manage the Network Database
112
113
Add Computers or Devices to the Network Database
Known PCs and devices settings
Setting Description Name
Modify Computers or Devices in the Network Database
To edit the names of any of the eight available groups
Change Group Names in the Network Database
Delete Computers or Devices from the Network Database
115
Set Up Address Reservation
116
117
Configure and Enable the DMZ Port
To enable and configure the DMZ port
118
DMZ Setup screen settings
Setting Description DMZ Port Setup
119
120
To add a static route to the Static Route table
Configure Static Routes
Manage Routing
121
Add Static Route screen settings
122
To edit a static route that is in the Static Routes table
Configure Routing Information Protocol
To enable and configure RIP Select Network Config Routing
To delete one or more routes
RIP Configuration screen settings
124
Authentication for RIP-2B/2M
125
Static Route Example
126
About Firewall Protection
127
128
Administrator Tips
Firewall Protection
129
Outbound Rules Service Blocking
Number of supported firewall rule configurations
130
Setting Description Outbound Rules
Outbound rules overview
Block always
131
Groups and Hosts LAN Groups on
Service Profiles on
132
NAT IP
Inbound Rules Port Forwarding
133
134
Setting Description Inbound Rules
135
136
Quality of Service Profiles on
137
Order of Precedence for Rules
138
139
Configure LAN WAN Rules
To change the default outbound policy
To enable, disable, or delete one or more rules
Create LAN WAN Outbound Service Rules
To change an existing outbound or inbound service rule
140
141
Create LAN WAN Inbound Service Rules
To create an inbound LAN WAN service rule
Configure DMZ WAN Rules
142
To delete or disable one or more rules
143
144
Create DMZ WAN Outbound Service Rules
Create DMZ WAN Inbound Service Rules
145
Configure LAN DMZ Rules
To create an inbound DMZ WAN service rule
146
To create an outbound LAN DMZ service rule
Create LAN DMZ Outbound Service Rules
Create LAN DMZ Inbound Service Rules
To create an inbound LAN DMZ service rule
LAN WAN Inbound Rule Host a Local Public Web Server
Examples of Firewall Rules
Inbound Rule Examples
148
149
Netgear UTM
150
To configure the UTM for additional IP addresses
151
LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host
152
153
Outbound Rule Example
LAN WAN Outbound Rule Block Instant Messenger
To create a Vlan rule
Configure Other Firewall Features
Vlan Rules
154
155
Add VLAN-VLAN Service screen settings
Add Customized Services on
156
To delete or disable one or more Vlan rules
To edit a Vlan rule
Attack Checks, VPN Pass-through, and Multicast Pass-through
Attack Checks screen settings
Setting Description WAN Security Checks
157
Setting Description LAN Security Checks
Configure Multicast Pass-Through
To configure multicast pass-through
158
159
Set Session Limits
To enable and configure session limits
Session Limit screen settings
To delete one or more multicast source addresses
161
To enable ALG for SIP and VPN scanning
Session Timeout
162
Add Customized Services
163
164
To add a customized service
Services screen settings
To delete one or more services
Create Service Groups
To edit a service
To create a service group
To edit a service group
166
167
Create IP Groups
To create an IP group
To delete an IP group
168
169
Create Quality of Service Profiles
To create a QoS profile
Add QoS Profile screen settings
170
To edit a QoS profile
Default High Medium High Low
Create Bandwidth Profiles
To delete one ore more QoS profiles
To add and enable a bandwidth profile
172
Add Bandwidth Profile screen settings
173
To delete one or more bandwidth profiles
Create Traffic Meter Profiles
To edit a bandwidth profile
174
To add a traffic meter profile
175
Add Traffic Meter Profile screen settings
176
To delete one or more traffic meter profiles
Set a Schedule to Block or Allow Specific Traffic
To edit a traffic meter profile
To add a schedule
Scheduled Days
Add Schedule screen settings
178
To edit a schedule
Enable Source MAC Filtering
Setting Description Scheduled Time of Day
To delete one or more schedules
To remove one or more entries from the table
180
181
Set Up IP/MAC Bindings
To set up IP/MAC bindings
182
IP/MAC Binding screen settings
Setting Description Email IP/MAC Violations
IP/MAC Bindings
To remove one or more IP/MAC bindings from the table
Configure Port Triggering
To edit an IP/MAC binding
183
184
Port Triggering screen settings
To add a port-triggering rule
185
To edit a port-triggering rule
To display the status of the port-triggering rules
Configure Universal Plug and Play
186
To configure intrusion prevention
Enable and Configure the Intrusion Prevention System
To enable intrusion prevention
IPS screen settings
Security Category Settings
188
IPS, screen 1 Firewall Protection
189
Attack Name Description Web
IPS uncommon attack names
190
Misc
191
Attack Name Description
About Content Filtering and Scans
192
Content Filtering and Optimizing Scans
Default Email and Web Scan Settings
Default email and web scan settings
193
To configure the email protocols and ports to scan
Configure Email Protection
Customize Email Protocol Scan Settings
Scan type Default scan setting Default action if applicable
Protocol Scan Settings on
195
196
Customize Email Antivirus and Notification Settings
To configure the antivirus settings for email traffic
Anti-Virus screen settings for email traffic
197
198
Setting Description Scan Exceptions
Notification Settings
199
Email Content Filtering
Setting Description Email Alert Settings
SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%
200
Filter by Password-Protected Attachments ZIP, RAR, etc
Email Filters screen settings
Setting Description Email Filters
201
202
Setting Description Filter by File Type
Protect Against Email Spam
Filter by File Name
Set Up the Whitelist and Blacklist
203
To configure the whitelist and blacklist
204
Whitelist/Blacklist screen settings
205
To add a blacklist provider to the real-time blacklist
Configure the Real-Time Blacklist
To enable the real-time blacklist
206
Configure Distributed Spam Analysis
207
208
Distributed Spam Analysis screen settings
Setting Description Distributed Spam Analysis
Low Medium-Low
Anti-Spam Engine Settings
209
Setting Description Send Quarantine Spam Report
Configure Web and Services Protection
Customize Web Protocol Scan Settings
210
To configure the web protocols and ports to scan
211
Configure Https Smart Block
212
Add or Edit Https Smart Block Profile settings
213
214
To change a profile
215
Configure Web Malware or Antivirus Scans
216
Scan Exception
Anti-Virus screen settings for HTTP/HTTPS traffic
217
Html Scan
Configure Web Content Filtering
218
To configure web content filtering
219
220
221
Content Filtering screen settings
Setting Description Content Filtering
Performance Management on
222
Full-Text Search
Block Web Objects
223
224
Configure Web URL Filtering
Setting Description Web Category Lookup
URL
To configure web URL filtering
225
226
URL Filtering screen settings
Setting Description Whitelist
Blacklist
227
URL%
228
Configure Https Scanning and SSL Certificates
How Https Scanning Works
229
Https Settings screen settings
Configure the Https Scan Settings
To configure the Https scan settings
230
Manage SSL Certificates for Https Scanning
231
Manage the Active Https Certificate
232
Manage Trusted Https Certificates
233
Manage Untrusted Https Certificates
To specify trusted hosts
Specify Trusted Hosts for Https Scanning
To delete an untrusted certificate
235
Trusted Hosts screen settings
236
SSL Settings screen settings
Configure the SSL Settings for Https Scanning
To configure the SSL settings for Https scanning
237
To configure the antivirus settings for FTP traffic
Configure FTP Scanning
Customize FTP Antivirus Settings
Anti-Virus screen settings for FTP
Setting Description Scan Exception
Configure FTP Content Filtering
To configure the FTP filters
239
Configure Application Control
240
241
242
243
To search for an application
To select one or more categories of applications
To select one or more individual applications
244
245
246
Application Control Policy pop-up screen settings
Setting Description Policy for a category of applications
Meter Profiles on
To change an existing application control profile
247
248
Set Exception Rules for Web and Application Access
To delete one or more application control profiles
To set web access exception rules
249
Application
250
251
File Extension
Https Smart Block
Web Category
Add or Edit Exceptions screen settings
URL Filtering
252
253
Delete Groups on
See Configure Radius VLANs on
254
Ldap
To select a single application
255
To select a category of applications
To search for an application
For Exceptions for Web and Application Access on
256
257
To disable, enable, or delete one or more exception rules
To change an existing exception rule
To create and manage custom categories
258
Custom categories applications
259
To select one or more categories of applications
Custom Categories screen settings
260
To select one or more individual applications
Applications in this Category table
261
To remove one or more categories or applications from
To add a URL
To change an existing custom category
To configure scanning exclusion rules
Set Scanning Exclusions for IP Addresses and Ports
To delete one or more custom categories
Scanning Exclusion screen settings
263
Virtual Private Networking
264
IP addressing for VPNs in dual WAN port systems
265
Create Gateway-to-Gateway VPN Tunnels with the Wizard
266
267
3DES
Setting Default Value IKE policy
268
SHA-1
IPSec VPN Wizard settings for a gateway-to-gateway tunnel
269
Setting Description Secure Connection Remote Accessibility
270
Create a Client-to-Gateway VPN Tunnel
271
272
273
IPSec VPN Wizard settings for a client-to-gateway tunnel
Select the VPN Client radio button. The default remote Fqdn
Fqdn
274
Component Example Information to be collected
Information required to configure the VPN client
275
276
277
278
279
VPN client advanced authentication settings
Setting Description Advanced features
NAT-T
280
281
To create new authentication settings
Type vpnclient
10.34.116.22
VPN client authentication settings
282
IKE
283
Type netgearplatform
To create an IPSec configuration
Setting Description Local and Remote ID
284
ESP
VPN client IPSec configuration settings
285
To specify the global parameters
286
Test the Netgear VPN Client Connection
287
Click Gateway-Tunnel, and press Ctrl+O
288
289
Netgear VPN Client Status and Log Information
View the UTM IPSec VPN Connection Status
IPSec VPN Connection Status screen information
View the UTM IPSec VPN Log
To query the IPSec VPN log
290
Manage IPSec VPN and IKE Policies
291
IKE Policies Screen
To access the IKE Policies screen
Manage IKE Policies
292
List of IKE Policies table information
293
To add an IKE policy manually
Manually Add or Edit an IKE Policy
To delete one or more IKE polices
294
295
296
Add IKE Policy screen settings
Setting Description Mode Config Record
General
IKE SA Parameters
297
Remote
298
299
Setting Description Extended Authentication
To edit an IKE policy
300
Manage VPN Policies
VPN Policies Screen
List of VPN Policies table information
301
To delete one or more VPN polices
To enable or disable one or more VPN policies
Manually Add or Edit a VPN Policy
To add a VPN policy manually
303
304
Add New VPN Policy screen settings
Setting Description General
Traffic Selection
Configure Keep-Alives
305
Manual Policy Parameters
306
Setting Description Auto Policy Parameters
307
308
Configure Extended Authentication Xauth
To edit a VPN policy
Extended authentication settings
Configure Xauth for VPN Clients
To enable and configure Xauth
309
To configure primary and backup Radius servers
User Database Configuration
Radius Client and Server Configuration
310
Backup Radius Server
Radius Client screen settings
Setting Description Primary Radius Server
Connection Configuration
Configure Mode Config Operation on the UTM
Assign IP Addresses to Remote Users Mode Config
Mode Config Operation
312
To configure Mode Config on the UTM
313
314
Add Mode Config Record screen settings
Setting Description Client Pool
315
Traffic Tunnel Security Level
316
317
Select Group 2 1024 bit
Setting Description IKE SA Parameters
318
319
Configure the ProSafe VPN Client for Mode Config Operation
User Database Configuration on
320
Type GWModeConfig
321
VPN client authentication settings Mode Config
322
323
Type TunnelModeConfig
VPN client advanced authentication settings Mode Config
Enter
VPN client IPSec configuration settings Mode Config
324
Configure the Mode Config Global Parameters
325
Test the Mode Config Connection
326
To delete one or more Mode Config records
Modify or Delete a Mode Config Record
To edit a Mode Config record
327
328
Configure Keep-Alives and Dead Peer Detection
Configure Keep-Alives
Keep-alive settings
Configure Dead Peer Detection
To configure DPD on a configured IKE policy
329
Dead Peer Detection settings
Configure NetBIOS Bridging with IPSec VPN
To enable NetBIOS bridging on a configured VPN tunnel
330
Configure the Pptp Server
331
332
Pptp Server screen settings
Setting Description Pptp Server
To view the active Pptp tunnel users
Setting Description Authentication
View the Active Pptp Users
333
334
Configure the L2TP Server
Pptp Active Users screen information
Pptp IP
335
L2TP Server screen settings
Setting Description L2TP Server
To view the active L2TP tunnel users
For More IPSec VPN Information
View the Active L2TP Users
L2TP Active Users screen information
SSL VPN Portal Options
337
To start the SSL VPN Wizard
Build a Portal Using the SSL VPN Wizard
Virtual Private Networking Using SSL Connections
338
SSL VPN Wizard of 6 Portal Settings
339
340
SSL VPN Wizard of 6 screen settings portal settings
Setting Description Portal Layout and Theme Name
Wizard of 6 Client IP Addresses and Routes on
341
SSL VPN Portal Pages to Display
6 Port Forwarding on
SSL VPN Wizard of 6 Domain Settings
342
343
SSL VPN Wizard of 6 screen settings domain settings
Server Configuration
Radius Client
344
Display name in the dn format. For example
Windows login account name in email format. For
345
346
347
SSL VPN Wizard of 6 User Settings
SSL VPN Wizard of 6 screen settings user settings
SSL VPN Wizard of 6 Client IP Addresses and Routes
348
Add Routes for VPN Tunnel Clients
Setting Description Client IP Address Range
349
350
Setting Description Add New Application for Port Forwarding
SSL VPN Wizard of 6 Port Forwarding
SSH
SSL VPN Wizard of 6 Verify and Save Your Settings
351
Add New Host Name for Port Forwarding
352
Access the New SSL VPN Portal
353
354
355
View the UTM SSL VPN Connection Status
356
To query the SSL VPN log
Manually Configure and Modify SSL Portals
View the UTM SSL VPN Log
357
358
359
Manually Create or Modify the Portal Layout
To create an SSL VPN portal layout
360
Add Portal Layout screen settings
361
To edit a portal layout
Configure Domains, Groups, and Users
Setting Description SSL VPN Portal Pages to Display
To delete one or more portal layouts
To add a server and a port number
Configure Applications for Port Forwarding
Add Servers and Port Numbers
363
364
To add servers and host names for client name resolution
Add a Host Name
TCP application Port number
365
Configure the SSL VPN Client
Fully Qualified Domain Name. The full server name
To define the client IP address range
Configure the Client IP Address Range
SSL VPN Client screen settings
366
367
Add Routes for VPN Tunnel Clients
To add an SSL VPN tunnel client route
368
Configure the Advanced SSL VPN Client Settings
To change the LCP time-out
To define a network resource
Use Network Resource Objects to Simplify Policies
Add New Network Resources
369
To delete one or more network resources
Resources screen settings to edit a resource
Edit Network Resources to Specify Addresses
To edit network resources
Configure User, Group, and Global Policies
371
Global Default Policy
372
To view the existing policies
View Policies
Add a Policy
To add an SSL VPN policy
374
Add SSL VPN Policy screen settings
Setting Description Policy For
Add SSL VPN Policies
375
Resource Objects to Simplify Policies on
To edit an SSL VPN policy
376
377
For More SSL VPN Information
To delete one or more SSL VPN policies
Authentication Process and Options
378
Authentication Description Protocol or method
External authentication protocols and methods
Manage Users, Authentication, and VPN Certificates
379
Administrative Users and Users with Guest Privileges
Configure Authentication Domains, Groups, and Users
Login Portals
380
Users with Special Access Privileges
381
382
383
How an Active Directory Works
Active Directories and Ldap Configurations
Unauthenticated or Anonymous Users
384
How to Bind a DN in an Active Directory Configuration
385
386
Select Users Domains
387
To create a domain
Configure Domains
Create and Delete Domains
388
389
Add Domain screen settings
390
391
392
393
To delete one or more domains
Configure Groups
Edit Domains
To edit a domain
395
Create and Delete Groups
To create a VPN group
To delete one or more groups
Groups screen settings
Edit Groups
To edit a VPN group
397
Configure Custom Groups
To create and manage custom groups
398
Add Custom Group screen settings
399
400
To change an existing custom group
To delete one or more custom groups
401
Configure User Accounts
To create an individual user account
402
To delete one or more user accounts
Add User screen settings
See Configure Extended Authentication Xauth on
403
To configure user login policies
Set User Login Policies
Configure Login Policies
404
405
Configure Login Restrictions Based on IP Address
To restrict logging in based on IP address
To delete one or more addresses
Configure Login Restrictions Based on Web Browser
By Source IP Address screen settings
To restrict logging in based on the user’s browser
407
Internet Explorer Opera Netscape Navigator
To delete one or more browsers
408
Change Passwords and Other User Settings
To modify user settings, including passwords
DC Agent
Edit User screen settings
Configure Extended Authentication Xauth on
409
410
To download ProSecure DC Agent software and add a DC agent
411
To edit a DC agent
To configure AD SSO with a DC agent
DC Agent screen settings
412
413
414
To configure a Radius Vlan
Configure Radius VLANs
To do so, follow this procedure
415
Configure Global User Settings
416
417
View and Log Out Active Users
To log out all active users
418
Active Users screen settings
To view all or selected users
Manage Digital Certificates for VPN Connections
419
VPN Certificates Screen
420
421
Manage CA Certificates
To view and upload trusted certificates
422
Manage Self-Signed Certificates
To delete one or more digital certificates
423
512 1024 2048
Generate self-signed certificate request settings
424
425
To delete one or more SCRs
Manage the Certificate Revocation List
View and Manage Self-Signed Certificates
To delete one or more self-signed certificates
To delete one or more CRLs
427
428
Performance Management
Bandwidth Capacity
429
Features That Reduce Traffic
Network and System Management
430
Content Filtering
431
432
Features That Increase Traffic
Source MAC Filtering
433
434
Configure the DMZ Port
Port Triggering
Use QoS and Bandwidth Assignments to Shift the Traffic Mix
Configure Exposed Hosts
Configure VPN Tunnels
Assign QoS Profiles
Monitoring Tools for Traffic Management
Change Passwords and Administrator and Guest Settings
System Management
436
437
438
Configure Remote Management Access
To configure the UTM for remote management
Https//IPaddress or https//FullyQualifiedDomainName
439
Use a Simple Network Management Protocol Manager
440
441
SNMPv1/v2c Settings
Global Snmp settings and SNMPv1/v2c settings
Setting Description Snmp Global Settings
442
Setting Description SNMPv3 Settings
To configure the SNMPv3 settings
SNMPv3 settings
443
444
To edit an SNMPv3 user profile
Manage the Configuration File
Restore Settings
To delete one or more SNMPv3 user profiles
446
Back Up Settings
To back up settings
447
Restore Settings
Revert to Factory Default Settings
448
Update the Firmware
View the Available Firmware Versions
Firmware screen, available versions
449
Click Install Downloaded Firmware
450
To download the latest firmware for your UTM
451
452
453
To reboot the UTM without changing the firmware
Update the Scan Signatures and Scan Engine Firmware
Reboot without Changing the Firmware
454
455
Signatures & Engine screen settings
Configure Date and Time Service
Configure Automatic Update and Frequency Settings
456
To set time, date, and NTP servers
System Date & Time screen settings
Adjust for Daylight Savings Time check box
457
Connect to a ReadyNAS and Configure Quarantine Settings
458
To connect to the ReadyNAS on the UTM
Log Storage
Connect to a ReadyNAS
459
ReadyNAS Integration screen settings
Configure the Quarantine Settings
To configure the quarantine settings
460
461
Quarantine settings
Unauthenticated or Anonymous Users on
Enable the WAN Traffic Meter
462
Monitor System Access and Performance
463
Traffic Counter
Setting Description Enable Traffic Meter
464
Event Notifications on
Setting Description When Limit is reached
465
To configure the email notification server
Configure Logging, Alerts, and Event Notifications
Configure the Email Notification Server
466
467
Configure and Activate System, Email, and Syslog Logs
Email Notification screen settings
To configure and activate logs
468
Email Logs to Administrator
Email and Syslog screen settings
Setting Description System Logs Option
469
Send Logs via Syslog
Logs screen see Configure and Activate Firewall Logs on
470
Setting Description Clear the Following Logs Information
How to Send Syslogs over a VPN Tunnel between Sites
Configure Gateway 1 at Site
471
To change the local IP address in the VPN policy
Configure Gateway 2 at Site
To change the remote IP address in the VPN policy
472
To specify the syslog server that is connected to Gateway
Configure and Activate Update Failure and Attack Alerts
To configure and activate the email alerts
473
Alerts screen settings
474
FILENAME%, %ACTION%, %VIRUSNAME%
475
TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%
476
Configure and Activate Firewall Logs
To configure and activate firewall logs
477
Setting Description Routing Logs
Monitor Real-Time Traffic, Security, and Statistics
Dashboard, screen 1
478
479
To set the poll interval
Dashboard screen threats and traffic information
Total Threats
Total Traffic Bytes
480
Threats Counts
Enable and Configure the Intrusion
481
Dashboard screen service statistics information
482
483
Spam blacklist see Set Up the Whitelist and Blacklist on
Monitor Application Use in Real Time
RBL
484
Application Dashboard screen
To set the monitoring period
To filter the information that is displayed onscreen
485
486
View Status Screens
View the System Status
487
View the System Status Screen
System Status screen fields
Status Description
488
Scan Settings on
View the Network Status Screen
System Information
489
Available Access Points Table
Network Status screen fields
LAN Vlan Information
490
View the Router Statistics Screen
To view the Router Statistics screen
Ssid
Router Statistics screen fields
View the Wireless Statistics Screen UTM9S and UTM25S Only
To view the Wireless Statistics screen
491
Radio Statistics Details
Wireless Statistics screen fields
492
AP Statistics
View the Detailed Status Screen
493
494
Detailed Status screen fields
LAN Port Configuration
Configure and Enable the DMZ Port on
495
Manually Configure the Internet
Settings
MAC Address and Configure
496
497
Wireless information in SLOT-1 Info or SLOT-2 Info
Access Points Information
View the Vlan Status Screen
See Configure a Vlan Profile on
Configure a Vlan Profile on
Vlan Status screen fields
499
View the Active VPN Users
View the xDSL Statistics Screen UTM9S and UTM25S Only
View the VPN Tunnel Connection Status
500
View the Active Pptp and L2TP Users
501
502
To view the status of the port-triggering feature
View the Port Triggering Status
Port Triggering Status pop-up screen information
503
Connection Status pop-up screen information
View the WAN, xDSL, or USB Port Status
To view the status of a WAN, xDSL, or USB port
504
To view the attached devices in the LAN Groups screen
View Attached Devices and the Dhcp Leases
View Attached Devices
505
506
To view the Dhcp leases
Query and Manage the Logs
View the Dhcp Leases
507
Overview of the Logs
508
509
Query and Download Logs
To query and download logs
Logs Query screen settings
510
511
512
To identify infected clients
EMERG, ALERT, CRITICAL, ERROR, WARNING, Notice
Example Use the Logs to Identify Infected Clients
513
514
Query and Manage the Quarantine Logs
Log Management
515
Query the Quarantined Logs
To query the quarantine logs
Quarantine screen settings
516
View and Manage the Quarantined Spam Table
517
View and Manage the Quarantined Infected Files Table
518
519
Spam Reports for End Users
For an end user to send a spam report
520
View, Schedule, and Generate Reports
Click Send Report
Enable Application Session Monitoring
521
522
To configure filtering options
Report Filtering Options
Horizontal Bar
Report screen filtering options settings
523
Pie
524
Use Report Templates and View Reports Onscreen
To display the report templates and view reports onscreen
Report screen report template information
525
526
527
IPS & Application
528
Email Activity
529
Schedule, Email, and Manage Reports
To schedule automatic generation and emailing of reports
System
Managing Saved Reports
Report screen schedule report settings
Setting Description Schedule Reports
530
Use Diagnostics Utilities
531
To send a ping
Use the Network Diagnostic Tools
Send a Ping Packet
532
Display the Routing Table
Use the Real-Time Traffic Diagnostics Tool
Trace a Route
Look Up a DNS Address
To use the real-time traffic diagnostics tool
534
To gather log information about your UTM
Gather Important Log Information
Generate Network Statistics
535
536
Perform Maintenance on the USB Device
Reboot and Shut Down the UTM
537
Troubleshoot and Use Online Support
538
Verify the Correct Sequence of Events at Startup
Power LED Not On
Basic Functioning
Test LED Never Turns Off
540
Troubleshoot the Web Management Interface
LAN or WAN Port LEDs Not On
541
When You Enter a URL or IP Address, a Time-Out Error Occurs
Troubleshoot the ISP Connection
To check the WAN IP address
542
Ping
Troubleshoot a TCP/IP Network Using a Ping Utility
Test the LAN Path to Your UTM
543
544
Test the Path from Your Computer to a Remote Device
Ping -n 10 IP address
Restore the Default Configuration and Password
545
Use Online Support
Problems with Date and Time
Enable Remote Troubleshooting
To initiate the support tunnel
547
Send Suspicious Files to Netgear for Analysis
To submit a file to Netgear for analysis
548
Access the Knowledge Base and Documentation
Malware Analysis screen settings
XDSL Network Module for the UTM9S UTM25S
549
XDSL Network Module for the UTM9S and UTM25S
XDSL Network Module Configuration Tasks
Configure the xDSL Settings
550
To configure the xDSL settings
551
552
XDSL settings
Setting Description XDSL Settings
VCI
553
VPI
554
561, and Troubleshoot the ISP Connection on
555
Manually Configure the xDSL Internet Connection
556
557
PPPoE and PPPoA settings
558
559
ATM Ipoa
560
561
Configure Network Address Translation
562
Configure Classical Routing
563
564
565
Configure Load Balancing and Optional Protocol Binding
566
Configure Load Balancing
567
568
569
570
To add a secondary WAN address to the DSL interface
571
572
573
Setting Description SLOT-x Dynamic DNS Status
574
575
576
Advanced DSL settings
Default Address radio button
577
Wireless Network Module for UTM9S and UTM25S
578
Wireless Equipment Placement and Range Guidelines
Overview of the Wireless Network Module
Configuration Order
Wireless Network Module for the UTM9S and UTM25S
580
Configure the Basic Radio Settings
To configure the basic radio settings
Field Descriptions
Radio Settings screen settings
581
582
Operating Frequency Channel Guidelines
583
Wireless Data Security Options
584
Wireless Security Profiles
585
586
Network authentication
Data encryption
WPA2 Radius settings
Before You Change the SSID, WEP, and WPA Settings
WPA Radius settings
587
Wireless Profiles screen settings
Configure and Enable Wireless Profiles
To add a wireless profile
588
589
Add Wireless Profiles screen settings
Field Description Profile Configuration
590
Security Options on
WEP Index and Keys
591
Tkip TKIP+AES
592
To delete one or more wireless profiles
Restrict Wireless Access by MAC Address
To edit a wireless profile
To enable or disable one or more wireless profiles
594
595
596
Configure a Wireless Distribution System
Access Point Status screen fields
Connected Clients
To enable and configure WDS
597
To configure advanced radio settings
Configure Advanced Radio Settings
To configure WDS on a peer
598
Advanced Wireless screen settings
599
Configure WMM QoS Priority Settings
600
601
To test for wireless connectivity
Test Basic Wireless Connectivity
For More Information About Wireless Configurations
602
3G/4G Dongle Configuration Tasks
603
604
Manually Configure the USB Internet Connection
3G/4G Dongles for the UTM9S and UTM25S
To configure the WAN ISP settings for the USB interface
605
Connection Settings
USB ISP settings
Setting Description 3G Dongle Details
606
XDSL, or USB Port Status on
607
608
Configure the 3G/4G Settings
To configure the 3G/4G settings
Connection Setting
4G settings
Setting Description 3GStatus
609
610
APN
611
612
613
614
615
616
617
618
619
Setting Description USB Dynamic DNS Status
620
621
What to Consider Before You Begin
622
623
WAN port Physical facility
Internet
Where Do I Get the Internet Configuration Information?
Computer Network Configuration Requirements
Internet Configuration Requirements
Cabling and Computer Hardware Requirements
Internet Connection Information
625
Overview of the Planning Process
626
Inbound Traffic
627
Inbound Traffic Dual WAN Ports for Improved Reliability
Inbound Traffic to a Single WAN Port System
Inbound Traffic to a Dual WAN Port System
Inbound Traffic Dual WAN Ports for Load Balancing
Virtual Private Networks
629
VPN Road Warrior Client-to-Gateway
630
VPN Road Warrior Single-Gateway WAN Port Reference Case
631
VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing
632
VPN Gateway-to-Gateway
633
634
635
VPN Telecommuter Client-to-Gateway through a NAT Router
VPN Telecommuter Single-Gateway WAN Port Reference Case
636
VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing
637
Supported ReadyNAS Models
638
Select Add-ons Add New
Install the UTM Add-On on the ReadyNAS
To install the UTM add-on on the ReadyNAS
ReadyNAS Integration
Select Add-ons Installed
640
Connect to the ReadyNAS on the UTM
641
642
643
644
Why Do I Need Two-Factor Authentication?
What Are the Benefits of Two-Factor Authentication?
Two-Factor Authentication
Netgear Two-Factor Authentication Solutions
What Is Two-Factor Authentication?
To use WiKID for end users
646
647
Term Description
Log message terms
648
System Startup
Reboot
System Log Messages
649
System logs NTP
Login/Logout
System logs login/logout
650
IPSec Restart
Auto-Rollover Mode
Firewall Restart
WAN Status
652
Load Balancing Mode
System logs WAN status, auto rollover
ACTIVEWAN2
System logs WAN status, load balancing
System logs WAN status, PPPoE idle timeout
PPP Logs
653
System logs WAN status, Pptp idle timeout
654
655
Traffic Metering Logs
Unicast, Multicast, and Broadcast Logs
Multicast/Broadcast Logs
Invalid Packet Logging
Icmp Redirect Logs
656
657
Service logs
Service Logs
Content-Filtering and Security Logs
658
Web Filtering and Content-Filtering Logs
659
660
Content-filtering and security logs spam
Spam Logs
Email Filter Logs
Traffic Logs
Malware Logs
661
IPS Logs
Content-filtering and security logs IPS
Content-filtering and security logs anomaly behavior
Anomaly Behavior Logs
LAN-to-WAN Logs
Routing Logs
Application Logs
663
WAN-to-LAN Logs
LAN-to-DMZ Logs
DMZ-to-WAN Logs
664
Routing logs WAN to DMZ
DMZ-to-LAN Logs
WAN-to-DMZ Logs
665
Feature Login settings Default behavior
Default Settings
UTM default configuration settings
666
Administrative and monitoring settings
Default Settings and Technical Specifications
Feature Default behavior WAN connections
667
SIP ALG
Feature Default behavior Firewall and network security
668
IPS
Feature Application security Default behavior
669
Feature Default behavior
670
User, group, and domain settings
Radius settings
SSL VPN settings
671
672
673
Physical and Technical Specifications
UTM physical and technical specifications
Interface specifications
UTM IPSec VPN specifications
Feature Specification Major regulatory compliance
Setting Specification
675
UTM SSL VPN specifications
Feature Description 802.11b/bg/ng wireless specifications
Http//prosecure.netgear.com
AES
Feature Description 802.11a/na wireless specifications
676
677
Regulatory Compliance Information
FCC Requirements for Operation in the United States
678
Notification of Compliance Wired
European Union
Terms
Additional Copyrights
679
680
MD5
681
Europe EU Declaration of Conformity
Edoc in Languages of the European Community
Language Statement
Notification of Compliance Wireless
682
FCC Caution
683
Avertissement
Industry Canada
Important Note Radiation Exposure Statement
684
Interference Reduction Table
685
Index
686
687
688
See also
689
DMZ
690
Blocking 202, 218, 222 setting access exceptions
691
692
Logs 469, 508-510traffic statistics
693
LAN
694
695
696
697
698
699
SSL VPN
700
TCP/IP
701
702
Logs 290, 470
Dhcp 50, 106, 119 ModeConfig
703
704
