Manuals / NETGEAR / Power Tools / Router

NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual 512

Models: UTM5EW-100NAS STM150EW-100NAS

1 704

Download 704 pages 22.95 Kb

Page 512

Image 512

ProSecure Unified Threat Management (UTM) Appliance

Table 134. Logs Query screen settings (continued)

Setting	Description

Search Criteria	Category or	From the drop-down list, select a category that is queried.
(continued)	Categories	You can select the following from the drop-down list:
		• For the IPS log: an attack.
		• For the Application log: an instant messaging, peer-to-peer,
		media, or tool application.

	Reason	Select one or more check boxes to specify the reasons that are
		queried:
		You can select one or more of the following check boxes:
		• For the Email filters log: Keyword, FileType, Filename,
		Password, and SizeLimit.
		• For the Content filters log: URL, FileType, SizeLimit, Proxy,
		and Keyword.

	Spam Found By	This field is available only for the Spam log.
		Select one of the following check boxes to specify the method
		by which spam is detected: Blacklist or Distributed Spam
		Analysis.

	Malware Name	The name of the malware threat that is queried.
		This field is available only for the Malware log.

	Action	The spam or malware detection action that is queried.
		The following actions can be selected:
		• For the Spam log: Select the Block or Tag check box.
		• For the Malware log: Select the Delete, Block email, or
		Log check box.
	Email Subject	The email subject that is queried:
		This field is available for the following logs:
		Spam and Email filters.

	Sender Email	The sender’s email address that is queried.
		This field is available only for the Traffic log.

	Recipient Email	The recipient’s email address that is queried.
		This field is available for the following logs:
		Traffic, Spam, Malware, and Email filters.

	Message	The email message text that is queried.
		This field is available for the following logs:
		IPS, Anomaly Behavior, and Application.

	Subject	The email subject line that is queried.
		This field is available only for the Traffic log.

	Size	The minimum and maximum size (in bytes) of the file that is
		queried.
		This field is available only for the Traffic log.

Monitor System Access and Performance

512

Page 512

Image 512

NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual 512

Contents

ProSecure Unified Threat Management UTM Appliance ProSecure Product Updates ProSecure Forum Revision History SupportTrademarks ProSecure Unified Threat Management UTM ApplianceSettings and Technical Specifications Updated Features That Reduce Traffic and Features ThatApplication control see Configure Application Control Configure Quarantine Settings, Query and ManageAdded the Requirements for Entering IP Addresses Appendix B, Wireless Network Module for the UTM9S UTM25SConfigure Distributed Spam Analysis section Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Key Features and Capabilities IntroductionSingle or multiple exposed hosts Virtual private networks Advanced VPN Support for Both IPSec and SSL Wireless FeaturesDSL Features Powerful, True Firewall Stream Scanning for Content FilteringSecurity Features Autosensing Ethernet Connections with Auto UplinkEasy Installation and Management Extensive Protocol SupportUTM model comparison Maintenance and SupportModel Comparison Service Registration Card with License Keys Network Modules and Broadband AdaptersPackage Contents Hardware FeaturesPower LED Front Panel UTM5 and UTM10USB port Left LAN LEDs Test LED Right WAN LED Right LAN LEDsFront Panel UTM25 Front Panel UTM50USB port Left LAN LEDs Left WAN LEDs Active Test LED Right LAN LEDs Right WAN LEDs LEDsPower LED Left LAN LEDs Left WAN LEDs USB port Front Panel UTM150LEDs Right WAN LEDs Test LED Right LAN LEDs Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDsPower LED Left WAN LEDs Slot Left LAN LEDs USB port Front Panel UTM9S and UTM25S and Network ModulesActive WAN LEDs Test LED Right LAN LEDsWireless Network Modules XDSL Network ModulesActivity Description LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150 WAN ports Activity Description LAN portsDMZ LED USB LED LED Descriptions, UTM9S, UTM25S, and their Network ModulesLED descriptions UTM9S and UTM25S Wireless network module Rear Panel UTM5, UTM10, and UTM25Receptacle XDSL network modulesFactory Defaults Security lock Reset button ReceptacleRear Panel UTM50 and UTM150 PortSecurity lock AC power Receptacle Factory Defaults Reset button Console switchPower SwitchBottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Use the Setup Wizard to Provision UTM in Your Network Steps for Initial ConnectionUse the Setup Wizard to Provision the UTM in Your Network Log In to the UTMQualified Web Browsers Requirements for Entering IP AddressesProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Use the Setup Wizard to Perform the Initial Configuration  To start the Setup WizardSetup Wizard of 10 LAN Settings Setting Description LAN TCP/IP Setup DhcpSetting Description DNS ProxySetup Wizard of 10 WAN Settings Setting Description Inter Vlan RoutingISP Type Setup Wizard WAN Settings screen settingsSetting Description ISP Login See Configure Load Balancing Multiple WAN Port Models Internet IP AddressISP DhcpGet Automatically from ISP radio button Setup Wizard of 10 System Date and TimeDomain Name Server DNS Servers Setup Wizard of 10 Services Setup Wizard System Date and Time screen settingsSetting Description Set Time, Date, and NTP Servers For Daylight Savings Time check boxSetup Wizard Services screen settings WebSetting Description Action Setup Wizard of 10 Email SecuritySetup Wizard Email Security screen settings Setup Wizard of 10 Web Security Scan ExceptionsHttp Setup Wizard of 10 Web Categories to Be Blocked Setup Wizard Web Categories to be blocked screen settings Setting Description Blocked Web CategoriesBlocked Categories Scheduled Days Blocked Categories Time of DaySetup Wizard of 10 Email Notification Setup Wizard Email Notification screen settingsSetting Description Update Settings Setup Wizard of 10 Signatures & EngineSetup Wizard Signatures & Engine screen settings Https Proxy Settings Setup Wizard of 10 Saving the ConfigurationSetting Description Update Frequency Register the UTM with Netgear Use the Web Management Interface to Activate LicensesProSecure Unified Threat Management UTM Appliance Click Retrieve Info Electronic Licensing To retrieve and display the registered information Verify Correct Installation What to Do NextTest Connectivity Test Http ScanningProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings  Complete these steps Internet and WAN Configuration TasksManually Configure Internet and WAN Settings ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Connection method Manual data input required PptpIf the automatic ISP configuration fails Manually Configure the Internet ConnectionIf the automatic ISP configuration is successful Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load DNS server settings Identifier check boxIf the manual ISP configuration is successful If the manual ISP configuration failsConfigure the WAN Mode Overview of the WAN ModesConfigure Network Address Translation All Models Configure Classical Routing All Models Configure Auto-Rollover Mode  To configure auto-rollover modeConfigure the Failure Detection Method  To configure the failure detection methodFailure detection method settings Setting Description WAN Failure Detection MethodPing Configure Load Balancing Multiple WAN Port Models  To configure load balancingConfigure Protocol Binding Optional Change Group Names in the Network Database on Add Protocol Binding screen settingsScreen see Outbound Rules Service Blocking on Configure Secondary WAN Addresses  To edit a protocol binding To add a secondary WAN address to a WAN interface Configure Dynamic DNS  To delete one or more secondary addresses To configure Ddns Click Apply to save your configuration DNS service settingsSet the UTM’s MAC Address and Configure Advanced WAN Options Advanced WAN settings Setting Description MTU SizeSetting Speed Description Upload/Download Settings1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address Failure Detection MethodAdditional WAN-Related Configuration Tasks LAN Configuration Manage Virtual LANs and Dhcp OptionsLAN Configuration Port-Based VLANsAssign and Manage Vlan Profiles 100Vlan Dhcp Options 101Dhcp Server Dhcp RelayDNS Proxy 102Configure a Vlan Profile Ldap Server To add or edit a Vlan profile 103104 Edit Vlan Profile screen settings Setting Description Vlan Profile105 Port Membership106 107 Configure Vlan MAC Addresses and Advanced LAN Settings  To enable, disable, or delete one or more Vlan profiles To configure a Vlan to have a unique MAC address  To edit a Vlan profileConfigure Multihome LAN IP Addresses on the Default 109 To add a secondary LAN IP address 110Manage Groups and Hosts LAN Groups  To edit a secondary LAN IP address To delete one or more secondary LAN IP addresses 111Manage the Network Database 112113 Known PCs and devices settings Setting Description NameAdd Computers or Devices to the Network Database Modify Computers or Devices in the Network DatabaseChange Group Names in the Network Database Delete Computers or Devices from the Network Database To edit the names of any of the eight available groups 115Set Up Address Reservation 116117 Configure and Enable the DMZ Port To enable and configure the DMZ port 118 DMZ Setup screen settingsSetting Description DMZ Port Setup 119 120 Configure Static Routes Manage Routing To add a static route to the Static Route table 121Add Static Route screen settings 122Configure Routing Information Protocol  To enable and configure RIP Select Network Config Routing To edit a static route that is in the Static Routes table  To delete one or more routesRIP Configuration screen settings 124Authentication for RIP-2B/2M 125Static Route Example 126About Firewall Protection 127128 Administrator TipsFirewall Protection 129 Outbound Rules Service BlockingNumber of supported firewall rule configurations Setting Description Outbound Rules Outbound rules overview130 Block always131 Groups and Hosts LAN Groups onService Profiles on 132NAT IP Inbound Rules Port Forwarding133 134 Setting Description Inbound Rules 135136 Quality of Service Profiles on 137Order of Precedence for Rules 138139 Configure LAN WAN Rules To change the default outbound policy Create LAN WAN Outbound Service Rules  To change an existing outbound or inbound service rule To enable, disable, or delete one or more rules 140141 Create LAN WAN Inbound Service Rules To create an inbound LAN WAN service rule Configure DMZ WAN Rules 142 To delete or disable one or more rules 143144 Create DMZ WAN Outbound Service RulesCreate DMZ WAN Inbound Service Rules 145 Configure LAN DMZ Rules To create an inbound DMZ WAN service rule 146 Create LAN DMZ Outbound Service Rules Create LAN DMZ Inbound Service Rules To create an outbound LAN DMZ service rule  To create an inbound LAN DMZ service ruleExamples of Firewall Rules Inbound Rule ExamplesLAN WAN Inbound Rule Host a Local Public Web Server 148149 Netgear UTM 150 To configure the UTM for additional IP addresses 151LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host 152153 Outbound Rule ExampleLAN WAN Outbound Rule Block Instant Messenger Configure Other Firewall Features Vlan Rules To create a Vlan rule 154155 Add VLAN-VLAN Service screen settingsAdd Customized Services on 156  To delete or disable one or more Vlan rules To edit a Vlan rule Attack Checks screen settings Setting Description WAN Security ChecksAttack Checks, VPN Pass-through, and Multicast Pass-through 157Configure Multicast Pass-Through  To configure multicast pass-throughSetting Description LAN Security Checks 158159  To enable and configure session limits Session Limit screen settingsSet Session Limits  To delete one or more multicast source addresses161  To enable ALG for SIP and VPN scanningSession Timeout 162 Add Customized Services 163164  To add a customized serviceServices screen settings Create Service Groups  To edit a service To delete one or more services  To create a service group To edit a service group 166167 Create IP Groups To create an IP group  To delete an IP group 168169 Create Quality of Service Profiles To create a QoS profile Add QoS Profile screen settings 170Default High Medium High Low Create Bandwidth Profiles To edit a QoS profile  To delete one ore more QoS profiles To add and enable a bandwidth profile 172Add Bandwidth Profile screen settings 173Create Traffic Meter Profiles  To edit a bandwidth profile To delete one or more bandwidth profiles 174 To add a traffic meter profile 175Add Traffic Meter Profile screen settings 176Set a Schedule to Block or Allow Specific Traffic  To edit a traffic meter profile To delete one or more traffic meter profiles  To add a scheduleScheduled Days Add Schedule screen settings178 Enable Source MAC Filtering Setting Description Scheduled Time of Day To edit a schedule  To delete one or more schedules To remove one or more entries from the table 180181 Set Up IP/MAC Bindings To set up IP/MAC bindings IP/MAC Binding screen settings Setting Description Email IP/MAC Violations182 IP/MAC BindingsConfigure Port Triggering  To edit an IP/MAC binding To remove one or more IP/MAC bindings from the table 183184 Port Triggering screen settings To add a port-triggering rule 185  To edit a port-triggering rule To display the status of the port-triggering rules Configure Universal Plug and Play 186Enable and Configure the Intrusion Prevention System  To enable intrusion prevention To configure intrusion prevention IPS screen settingsSecurity Category Settings 188IPS, screen 1 Firewall Protection 189Attack Name Description Web IPS uncommon attack names190 Misc 191Attack Name Description About Content Filtering and Scans 192Default Email and Web Scan Settings Default email and web scan settingsContent Filtering and Optimizing Scans 193Configure Email Protection Customize Email Protocol Scan Settings To configure the email protocols and ports to scan Scan type Default scan setting Default action if applicableProtocol Scan Settings on 195196 Customize Email Antivirus and Notification Settings To configure the antivirus settings for email traffic Anti-Virus screen settings for email traffic 197198 Setting Description Scan ExceptionsNotification Settings Email Content Filtering Setting Description Email Alert Settings199 SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%200 Email Filters screen settings Setting Description Email FiltersFilter by Password-Protected Attachments ZIP, RAR, etc 201Setting Description Filter by File Type Protect Against Email Spam202 Filter by File NameSet Up the Whitelist and Blacklist 203 To configure the whitelist and blacklist 204Whitelist/Blacklist screen settings 205Configure the Real-Time Blacklist  To enable the real-time blacklist To add a blacklist provider to the real-time blacklist 206Configure Distributed Spam Analysis 207208 Distributed Spam Analysis screen settingsSetting Description Distributed Spam Analysis Low Medium-Low Anti-Spam Engine Settings209 Configure Web and Services Protection Customize Web Protocol Scan SettingsSetting Description Send Quarantine Spam Report 210 To configure the web protocols and ports to scan 211Configure Https Smart Block 212Add or Edit Https Smart Block Profile settings 213214  To change a profile 215Configure Web Malware or Antivirus Scans 216Anti-Virus screen settings for HTTP/HTTPS traffic 217Scan Exception Html ScanConfigure Web Content Filtering 218 To configure web content filtering 219220 221 Content Filtering screen settingsSetting Description Content Filtering 222 Full-Text SearchPerformance Management on Block Web Objects223 Configure Web URL Filtering Setting Description Web Category Lookup224 URL To configure web URL filtering 225URL Filtering screen settings Setting Description Whitelist226 Blacklist227 URL%228 Configure Https Scanning and SSL CertificatesHow Https Scanning Works 229 Configure the Https Scan Settings  To configure the Https scan settingsHttps Settings screen settings 230Manage SSL Certificates for Https Scanning 231Manage the Active Https Certificate 232Manage Trusted Https Certificates 233Manage Untrusted Https Certificates Specify Trusted Hosts for Https Scanning  To delete an untrusted certificate To specify trusted hosts 235Trusted Hosts screen settings 236Configure the SSL Settings for Https Scanning  To configure the SSL settings for Https scanningSSL Settings screen settings 237Configure FTP Scanning Customize FTP Antivirus Settings To configure the antivirus settings for FTP traffic Anti-Virus screen settings for FTPConfigure FTP Content Filtering  To configure the FTP filtersSetting Description Scan Exception 239Configure Application Control 240241 242 243 To select one or more categories of applications To select one or more individual applicationsTo search for an application 244245 Application Control Policy pop-up screen settings Setting Description Policy for a category of applications246 Meter Profiles on To change an existing application control profile 247248 Set Exception Rules for Web and Application Access To delete one or more application control profiles  To set web access exception rules 249Application 250251 File ExtensionHttps Smart Block Add or Edit Exceptions screen settings URL FilteringWeb Category 252253 See Configure Radius VLANs on 254Delete Groups on Ldap255 To select a category of applicationsTo select a single application To search for an applicationFor Exceptions for Web and Application Access on 256257  To disable, enable, or delete one or more exception rules To change an existing exception rule  To create and manage custom categories 258Custom categories applications 259Custom Categories screen settings 260To select one or more categories of applications To select one or more individual applications261 To remove one or more categories or applications fromApplications in this Category table To add a URL To configure scanning exclusion rules Set Scanning Exclusions for IP Addresses and Ports To change an existing custom category  To delete one or more custom categoriesScanning Exclusion screen settings 263Virtual Private Networking 264IP addressing for VPNs in dual WAN port systems 265Create Gateway-to-Gateway VPN Tunnels with the Wizard 266267 Setting Default Value IKE policy 2683DES SHA-1IPSec VPN Wizard settings for a gateway-to-gateway tunnel 269Setting Description Secure Connection Remote Accessibility 270Create a Client-to-Gateway VPN Tunnel 271272 IPSec VPN Wizard settings for a client-to-gateway tunnel Select the VPN Client radio button. The default remote Fqdn273 Fqdn274 Component Example Information to be collected Information required to configure the VPN client275 276 277 278 VPN client advanced authentication settings Setting Description Advanced features279 NAT-T280 281  To create new authentication settingsType vpnclient VPN client authentication settings 28210.34.116.22 IKE283  To create an IPSec configuration Setting Description Local and Remote IDType netgearplatform 284ESP VPN client IPSec configuration settings285  To specify the global parameters 286Test the Netgear VPN Client Connection 287Click Gateway-Tunnel, and press Ctrl+O 288289 Netgear VPN Client Status and Log InformationView the UTM IPSec VPN Connection Status View the UTM IPSec VPN Log  To query the IPSec VPN logIPSec VPN Connection Status screen information 290Manage IPSec VPN and IKE Policies 291 To access the IKE Policies screen Manage IKE PoliciesIKE Policies Screen 292List of IKE Policies table information 293Manually Add or Edit an IKE Policy  To delete one or more IKE polices To add an IKE policy manually 294295 Add IKE Policy screen settings Setting Description Mode Config Record296 GeneralIKE SA Parameters 297Remote 298 299 Setting Description Extended Authentication To edit an IKE policy 300 Manage VPN PoliciesVPN Policies Screen List of VPN Policies table information 301 To enable or disable one or more VPN policies Manually Add or Edit a VPN Policy To delete one or more VPN polices  To add a VPN policy manually303 304 Add New VPN Policy screen settingsSetting Description General Configure Keep-Alives 305Traffic Selection Manual Policy Parameters306 Setting Description Auto Policy Parameters 307308 Configure Extended Authentication Xauth To edit a VPN policy Configure Xauth for VPN Clients  To enable and configure XauthExtended authentication settings 309User Database Configuration Radius Client and Server Configuration To configure primary and backup Radius servers 310Radius Client screen settings Setting Description Primary Radius ServerBackup Radius Server Connection ConfigurationAssign IP Addresses to Remote Users Mode Config Mode Config OperationConfigure Mode Config Operation on the UTM 312 To configure Mode Config on the UTM 313314 Add Mode Config Record screen settingsSetting Description Client Pool 315 Traffic Tunnel Security Level316 317 Select Group 2 1024 bit Setting Description IKE SA Parameters318 319 Configure the ProSafe VPN Client for Mode Config OperationUser Database Configuration on 320 Type GWModeConfig 321VPN client authentication settings Mode Config 322323 Type TunnelModeConfigVPN client advanced authentication settings Mode Config Enter VPN client IPSec configuration settings Mode Config324 Configure the Mode Config Global Parameters 325Test the Mode Config Connection 326Modify or Delete a Mode Config Record  To edit a Mode Config record To delete one or more Mode Config records 327328 Configure Keep-Alives and Dead Peer DetectionConfigure Keep-Alives Configure Dead Peer Detection  To configure DPD on a configured IKE policyKeep-alive settings 329Configure NetBIOS Bridging with IPSec VPN  To enable NetBIOS bridging on a configured VPN tunnelDead Peer Detection settings 330Configure the Pptp Server 331332 Pptp Server screen settingsSetting Description Pptp Server Setting Description Authentication View the Active Pptp Users To view the active Pptp tunnel users 333Configure the L2TP Server Pptp Active Users screen information334 Pptp IP335 L2TP Server screen settingsSetting Description L2TP Server For More IPSec VPN Information View the Active L2TP Users To view the active L2TP tunnel users L2TP Active Users screen informationSSL VPN Portal Options 337Build a Portal Using the SSL VPN Wizard Virtual Private Networking Using SSL Connections To start the SSL VPN Wizard 338SSL VPN Wizard of 6 Portal Settings 339340 SSL VPN Wizard of 6 screen settings portal settingsSetting Description Portal Layout and Theme Name 341 SSL VPN Portal Pages to DisplayWizard of 6 Client IP Addresses and Routes on 6 Port Forwarding onSSL VPN Wizard of 6 Domain Settings 342SSL VPN Wizard of 6 screen settings domain settings Server Configuration343 Radius Client344 Display name in the dn format. For example Windows login account name in email format. For345 346 347 SSL VPN Wizard of 6 User SettingsSSL VPN Wizard of 6 screen settings user settings SSL VPN Wizard of 6 Client IP Addresses and Routes 348Add Routes for VPN Tunnel Clients Setting Description Client IP Address Range349 350 Setting Description Add New Application for Port ForwardingSSL VPN Wizard of 6 Port Forwarding SSL VPN Wizard of 6 Verify and Save Your Settings 351SSH Add New Host Name for Port Forwarding352 Access the New SSL VPN Portal 353354 355 View the UTM SSL VPN Connection Status 356Manually Configure and Modify SSL Portals View the UTM SSL VPN Log To query the SSL VPN log 357358 359 Manually Create or Modify the Portal Layout To create an SSL VPN portal layout 360 Add Portal Layout screen settings 361Configure Domains, Groups, and Users Setting Description SSL VPN Portal Pages to Display To edit a portal layout  To delete one or more portal layoutsConfigure Applications for Port Forwarding Add Servers and Port Numbers To add a server and a port number 363 To add servers and host names for client name resolution Add a Host Name364 TCP application Port number365 Configure the SSL VPN ClientFully Qualified Domain Name. The full server name Configure the Client IP Address Range SSL VPN Client screen settings To define the client IP address range 366367 Add Routes for VPN Tunnel Clients To add an SSL VPN tunnel client route 368 Configure the Advanced SSL VPN Client Settings To change the LCP time-out Use Network Resource Objects to Simplify Policies Add New Network Resources To define a network resource 369Resources screen settings to edit a resource Edit Network Resources to Specify Addresses To delete one or more network resources  To edit network resourcesConfigure User, Group, and Global Policies 371Global Default Policy 372View Policies Add a Policy To view the existing policies  To add an SSL VPN policyAdd SSL VPN Policy screen settings Setting Description Policy For374 Add SSL VPN Policies375 Resource Objects to Simplify Policies on To edit an SSL VPN policy 376377 For More SSL VPN Information To delete one or more SSL VPN policies Authentication Process and Options 378External authentication protocols and methods Manage Users, Authentication, and VPN CertificatesAuthentication Description Protocol or method 379Configure Authentication Domains, Groups, and Users Login PortalsAdministrative Users and Users with Guest Privileges 380Users with Special Access Privileges 381382 383 Active Directories and Ldap Configurations Unauthenticated or Anonymous UsersHow an Active Directory Works 384How to Bind a DN in an Active Directory Configuration 385386 Select Users Domains 387Configure Domains Create and Delete Domains To create a domain 388389 Add Domain screen settings 390391 392 393 Configure Groups Edit Domains To delete one or more domains  To edit a domain395 Create and Delete Groups To create a VPN group Groups screen settings Edit Groups To delete one or more groups  To edit a VPN group397 Configure Custom Groups To create and manage custom groups 398 Add Custom Group screen settings 399400  To change an existing custom group To delete one or more custom groups 401 Configure User Accounts To create an individual user account 402 Add User screen settings See Configure Extended Authentication Xauth on To delete one or more user accounts 403Set User Login Policies Configure Login Policies To configure user login policies 404405 Configure Login Restrictions Based on IP Address To restrict logging in based on IP address Configure Login Restrictions Based on Web Browser By Source IP Address screen settings To delete one or more addresses  To restrict logging in based on the user’s browser407 Internet Explorer Opera Netscape Navigator To delete one or more browsers 408 Change Passwords and Other User Settings To modify user settings, including passwords Edit User screen settings Configure Extended Authentication Xauth onDC Agent 409410  To download ProSecure DC Agent software and add a DC agent 411 To configure AD SSO with a DC agent DC Agent screen settings To edit a DC agent 412413 414 Configure Radius VLANs  To do so, follow this procedure To configure a Radius Vlan 415Configure Global User Settings 416417 View and Log Out Active Users To log out all active users 418 Active Users screen settings To view all or selected users Manage Digital Certificates for VPN Connections 419VPN Certificates Screen 420421 Manage CA Certificates To view and upload trusted certificates 422 Manage Self-Signed Certificates To delete one or more digital certificates 423 512 1024 2048 Generate self-signed certificate request settings424 425 Manage the Certificate Revocation List View and Manage Self-Signed Certificates To delete one or more SCRs  To delete one or more self-signed certificates To delete one or more CRLs 427428 Performance ManagementBandwidth Capacity 429 Features That Reduce TrafficNetwork and System Management 430 Content Filtering 431432 Features That Increase TrafficSource MAC Filtering 433 434 Configure the DMZ PortPort Triggering Configure Exposed Hosts Configure VPN TunnelsUse QoS and Bandwidth Assignments to Shift the Traffic Mix Assign QoS ProfilesChange Passwords and Administrator and Guest Settings System ManagementMonitoring Tools for Traffic Management 436437 438 Configure Remote Management Access To configure the UTM for remote management Https//IPaddress or https//FullyQualifiedDomainName 439Use a Simple Network Management Protocol Manager 440441 Global Snmp settings and SNMPv1/v2c settings Setting Description Snmp Global SettingsSNMPv1/v2c Settings 442 To configure the SNMPv3 settings SNMPv3 settingsSetting Description SNMPv3 Settings 443444 Manage the Configuration File Restore Settings To edit an SNMPv3 user profile  To delete one or more SNMPv3 user profiles446 Back Up Settings To back up settings 447 Restore SettingsRevert to Factory Default Settings 448 Update the FirmwareView the Available Firmware Versions Firmware screen, available versions 449Click Install Downloaded Firmware 450 To download the latest firmware for your UTM 451452 453 Update the Scan Signatures and Scan Engine Firmware Reboot without Changing the Firmware To reboot the UTM without changing the firmware 454455 Configure Date and Time Service Configure Automatic Update and Frequency SettingsSignatures & Engine screen settings 456System Date & Time screen settings Adjust for Daylight Savings Time check box To set time, date, and NTP servers 457Connect to a ReadyNAS and Configure Quarantine Settings 458Log Storage Connect to a ReadyNAS To connect to the ReadyNAS on the UTM 459Configure the Quarantine Settings  To configure the quarantine settingsReadyNAS Integration screen settings 460461 Quarantine settingsUnauthenticated or Anonymous Users on Enable the WAN Traffic Meter 462Monitor System Access and Performance 463Setting Description Enable Traffic Meter 464Traffic Counter Event Notifications onSetting Description When Limit is reached 465Configure Logging, Alerts, and Event Notifications Configure the Email Notification Server To configure the email notification server 466467 Configure and Activate System, Email, and Syslog LogsEmail Notification screen settings  To configure and activate logs 468Email and Syslog screen settings Setting Description System Logs OptionEmail Logs to Administrator 469Send Logs via Syslog Logs screen see Configure and Activate Firewall Logs on470 How to Send Syslogs over a VPN Tunnel between Sites Configure Gateway 1 at SiteSetting Description Clear the Following Logs Information 471Configure Gateway 2 at Site  To change the remote IP address in the VPN policy To change the local IP address in the VPN policy 472Configure and Activate Update Failure and Attack Alerts  To configure and activate the email alerts To specify the syslog server that is connected to Gateway 473Alerts screen settings 474FILENAME%, %ACTION%, %VIRUSNAME% 475TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT% 476 Configure and Activate Firewall Logs To configure and activate firewall logs 477 Setting Description Routing LogsMonitor Real-Time Traffic, Security, and Statistics Dashboard, screen 1 478 To set the poll interval Dashboard screen threats and traffic information479 Total ThreatsTotal Traffic Bytes 480Threats Counts Enable and Configure the Intrusion 481Dashboard screen service statistics information 482Spam blacklist see Set Up the Whitelist and Blacklist on Monitor Application Use in Real Time483 RBL484  To set the monitoring period  To filter the information that is displayed onscreenApplication Dashboard screen 485486 View Status ScreensView the System Status View the System Status Screen System Status screen fields487 Status DescriptionScan Settings on View the Network Status Screen488 System InformationAvailable Access Points Table Network Status screen fields489 LAN Vlan InformationView the Router Statistics Screen  To view the Router Statistics screen490 SsidView the Wireless Statistics Screen UTM9S and UTM25S Only  To view the Wireless Statistics screenRouter Statistics screen fields 491Wireless Statistics screen fields 492Radio Statistics Details AP StatisticsView the Detailed Status Screen 493494 LAN Port Configuration Configure and Enable the DMZ Port onDetailed Status screen fields 495Settings MAC Address and ConfigureManually Configure the Internet 496497 Wireless information in SLOT-1 Info or SLOT-2 InfoAccess Points Information See Configure a Vlan Profile on Configure a Vlan Profile onView the Vlan Status Screen Vlan Status screen fields499 View the Active VPN UsersView the xDSL Statistics Screen UTM9S and UTM25S Only View the VPN Tunnel Connection Status 500View the Active Pptp and L2TP Users 501502  To view the status of the port-triggering featureView the Port Triggering Status Port Triggering Status pop-up screen information 503View the WAN, xDSL, or USB Port Status  To view the status of a WAN, xDSL, or USB portConnection Status pop-up screen information 504View Attached Devices and the Dhcp Leases View Attached Devices To view the attached devices in the LAN Groups screen 505506 Query and Manage the Logs View the Dhcp Leases To view the Dhcp leases 507Overview of the Logs 508509 Query and Download Logs To query and download logs Logs Query screen settings 510511 512 EMERG, ALERT, CRITICAL, ERROR, WARNING, Notice Example Use the Logs to Identify Infected Clients To identify infected clients 513514 Query and Manage the Quarantine LogsLog Management 515 Query the Quarantined Logs To query the quarantine logs Quarantine screen settings 516View and Manage the Quarantined Spam Table 517View and Manage the Quarantined Infected Files Table 518519 Spam Reports for End Users For an end user to send a spam report 520 View, Schedule, and Generate ReportsClick Send Report Enable Application Session Monitoring 521522  To configure filtering optionsReport Filtering Options Report screen filtering options settings 523Horizontal Bar Pie524 Use Report Templates and View Reports Onscreen To display the report templates and view reports onscreen Report screen report template information 525526 527 IPS & Application528 Email ActivitySchedule, Email, and Manage Reports  To schedule automatic generation and emailing of reports529 SystemReport screen schedule report settings Setting Description Schedule ReportsManaging Saved Reports 530Use Diagnostics Utilities 531Use the Network Diagnostic Tools Send a Ping Packet To send a ping 532Use the Real-Time Traffic Diagnostics Tool Trace a RouteDisplay the Routing Table Look Up a DNS Address To use the real-time traffic diagnostics tool 534Gather Important Log Information Generate Network Statistics To gather log information about your UTM 535536 Perform Maintenance on the USB DeviceReboot and Shut Down the UTM 537 Troubleshoot and Use Online Support 538Power LED Not On Basic FunctioningVerify the Correct Sequence of Events at Startup Test LED Never Turns Off540 Troubleshoot the Web Management InterfaceLAN or WAN Port LEDs Not On 541 When You Enter a URL or IP Address, a Time-Out Error OccursTroubleshoot the ISP Connection  To check the WAN IP address 542Troubleshoot a TCP/IP Network Using a Ping Utility Test the LAN Path to Your UTMPing 543544 Test the Path from Your Computer to a Remote DevicePing -n 10 IP address Restore the Default Configuration and Password 545Problems with Date and Time Enable Remote TroubleshootingUse Online Support  To initiate the support tunnel547 Send Suspicious Files to Netgear for Analysis To submit a file to Netgear for analysis 548 Access the Knowledge Base and DocumentationMalware Analysis screen settings XDSL Network Module for the UTM9S UTM25S 549XDSL Network Module Configuration Tasks Configure the xDSL SettingsXDSL Network Module for the UTM9S and UTM25S 550 To configure the xDSL settings 551552 XDSL settingsSetting Description XDSL Settings VCI 553VPI 554 561, and Troubleshoot the ISP Connection on 555Manually Configure the xDSL Internet Connection 556557 PPPoE and PPPoA settings 558559 ATM Ipoa560 561 Configure Network Address Translation 562Configure Classical Routing 563564 565 Configure Load Balancing and Optional Protocol Binding 566Configure Load Balancing 567568 569 570  To add a secondary WAN address to the DSL interface 571572 573 Setting Description SLOT-x Dynamic DNS Status 574575 576 Advanced DSL settingsDefault Address radio button 577 Wireless Network Module for UTM9S and UTM25S 578Overview of the Wireless Network Module Configuration OrderWireless Equipment Placement and Range Guidelines Wireless Network Module for the UTM9S and UTM25S580 Configure the Basic Radio Settings To configure the basic radio settings Field Descriptions Radio Settings screen settings581 582 Operating Frequency Channel Guidelines 583Wireless Data Security Options 584Wireless Security Profiles 585586 Network authenticationData encryption Before You Change the SSID, WEP, and WPA Settings WPA Radius settingsWPA2 Radius settings 587Configure and Enable Wireless Profiles  To add a wireless profileWireless Profiles screen settings 588589 Add Wireless Profiles screen settingsField Description Profile Configuration 590 Security Options onWEP Index and Keys 591Tkip TKIP+AES 592 Restrict Wireless Access by MAC Address  To edit a wireless profile To delete one or more wireless profiles  To enable or disable one or more wireless profiles594 595 Configure a Wireless Distribution System Access Point Status screen fields596 Connected Clients To enable and configure WDS 597Configure Advanced Radio Settings  To configure WDS on a peer To configure advanced radio settings 598Advanced Wireless screen settings 599Configure WMM QoS Priority Settings 600601 Test Basic Wireless Connectivity For More Information About Wireless Configurations To test for wireless connectivity 6023G/4G Dongle Configuration Tasks 603604 Manually Configure the USB Internet Connection3G/4G Dongles for the UTM9S and UTM25S  To configure the WAN ISP settings for the USB interface 605USB ISP settings Setting Description 3G Dongle DetailsConnection Settings 606XDSL, or USB Port Status on 607608 Configure the 3G/4G Settings To configure the 3G/4G settings 4G settings Setting Description 3GStatusConnection Setting 609610 APN611 612 613 614 615 616 617 618 619 Setting Description USB Dynamic DNS Status 620621 What to Consider Before You Begin 622623 WAN port Physical facilityInternet Computer Network Configuration Requirements Internet Configuration RequirementsWhere Do I Get the Internet Configuration Information? Cabling and Computer Hardware RequirementsInternet Connection Information 625Overview of the Planning Process 626Inbound Traffic 627Inbound Traffic to a Single WAN Port System Inbound Traffic to a Dual WAN Port SystemInbound Traffic Dual WAN Ports for Improved Reliability Inbound Traffic Dual WAN Ports for Load BalancingVirtual Private Networks 629VPN Road Warrior Client-to-Gateway 630VPN Road Warrior Single-Gateway WAN Port Reference Case 631VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing 632VPN Gateway-to-Gateway 633634 635 VPN Telecommuter Client-to-Gateway through a NAT RouterVPN Telecommuter Single-Gateway WAN Port Reference Case 636 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing 637Supported ReadyNAS Models 638Install the UTM Add-On on the ReadyNAS  To install the UTM add-on on the ReadyNASSelect Add-ons Add New ReadyNAS IntegrationSelect Add-ons Installed 640Connect to the ReadyNAS on the UTM 641642 643 644 Why Do I Need Two-Factor Authentication?What Are the Benefits of Two-Factor Authentication? Netgear Two-Factor Authentication Solutions What Is Two-Factor Authentication?Two-Factor Authentication  To use WiKID for end users646 647 Term Description Log message terms648 Reboot System Log MessagesSystem Startup 649Login/Logout System logs login/logoutSystem logs NTP 650Auto-Rollover Mode Firewall RestartIPSec Restart WAN StatusLoad Balancing Mode System logs WAN status, auto rollover652 ACTIVEWAN2System logs WAN status, PPPoE idle timeout PPP LogsSystem logs WAN status, load balancing 653System logs WAN status, Pptp idle timeout 654655 Traffic Metering LogsUnicast, Multicast, and Broadcast Logs Invalid Packet Logging Icmp Redirect LogsMulticast/Broadcast Logs 656657 Service Logs Content-Filtering and Security LogsService logs 658Web Filtering and Content-Filtering Logs 659660 Content-filtering and security logs spamSpam Logs Traffic Logs Malware LogsEmail Filter Logs 661Content-filtering and security logs IPS Content-filtering and security logs anomaly behaviorIPS Logs Anomaly Behavior LogsRouting Logs Application LogsLAN-to-WAN Logs 663LAN-to-DMZ Logs DMZ-to-WAN LogsWAN-to-LAN Logs 664DMZ-to-LAN Logs WAN-to-DMZ LogsRouting logs WAN to DMZ 665Default Settings UTM default configuration settingsFeature Login settings Default behavior 666Default Settings and Technical Specifications Feature Default behavior WAN connectionsAdministrative and monitoring settings 667Feature Default behavior Firewall and network security 668SIP ALG IPSFeature Application security Default behavior 669Feature Default behavior 670Radius settings SSL VPN settingsUser, group, and domain settings 671672 673 Physical and Technical SpecificationsUTM physical and technical specifications UTM IPSec VPN specifications Feature Specification Major regulatory complianceInterface specifications Setting SpecificationUTM SSL VPN specifications Feature Description 802.11b/bg/ng wireless specifications675 Http//prosecure.netgear.comAES Feature Description 802.11a/na wireless specifications676 677 Regulatory Compliance InformationFCC Requirements for Operation in the United States 678 Notification of Compliance WiredEuropean Union Terms Additional Copyrights679 680 MD5Europe EU Declaration of Conformity Edoc in Languages of the European Community681 Language StatementNotification of Compliance Wireless 682FCC Caution 683Industry Canada Important Note Radiation Exposure StatementAvertissement 684Interference Reduction Table 685Index 686687 688 See also689 DMZ690 Blocking 202, 218, 222 setting access exceptions 691692 Logs 469, 508-510traffic statistics693 LAN694 695 696 697 698 699 SSL VPN700 TCP/IP701 702 Logs 290, 470Dhcp 50, 106, 119 ModeConfig 703704