Manuals / NETGEAR / Power Tools / Router

NETGEAR STM150EW-100NAS, UTM5EW-100NAS manual Inbound Traffic, 627

Models: UTM5EW-100NAS STM150EW-100NAS

1 704

Download 704 pages 22.95 Kb

Page 627

Image 627

ProSecure Unified Threat Management (UTM) Appliance

Figure 359.

Features such as multiple exposed hosts are not supported in auto-rollover mode because the IP address of each WAN port needs to be in the identical range of fixed addresses.

•Dual WAN ports in load balancing mode. Load balancing for a UTM with dual WAN ports is similar to a single WAN gateway configuration when you specify the IP address. Each IP address is either fixed or dynamic based on the ISP: You need to use FQDNs when the IP address is dynamic, but FQDNs are optional when the IP address is static.

Figure 360.

Inbound Traffic

•Inbound Traffic to a Single WAN Port System

•Inbound Traffic to a Dual WAN Port System

Incoming traffic from the Internet is usually discarded by the UTM unless the traffic is a response to one of your local computers or a service for which you have configured an inbound rule. Instead of discarding this traffic, you can configure the UTM to forward it to one or more LAN hosts on your network.

The addressing of the UTM’s dual WAN port depends on the configuration being implemented.

Table 158. IP addressing requirements for exposed hosts in dual WAN port systems

Configuration and			Single WAN port	Dual WAN port cases
WAN IP address			(reference case)	Rollover mode	Load balancing mode
				Rollover mode	Load balancing mode

Inbound traffic		Fixed	Allowed	FQDN required	Allowed
•	Port forwarding		(FQDN optional)		(FQDN optional)
•	Port triggering	Dynamic	FQDN required	FQDN required	FQDN required
		Dynamic	FQDN required	FQDN required	FQDN required

Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)

627

Page 627

Image 627

NETGEAR STM150EW-100NAS, UTM5EW-100NAS manual Inbound Traffic, 627

Contents

ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance ProSecure Product Updates ProSecure Forum Revision HistorySupport TrademarksConfigure Quarantine Settings, Query and Manage Settings and Technical SpecificationsUpdated Features That Reduce Traffic and Features That Application control see Configure Application ControlAppendix B, Wireless Network Module for the UTM9S UTM25S Configure Distributed Spam Analysis sectionAdded the Requirements for Entering IP Addresses Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Introduction Key Features and CapabilitiesSingle or multiple exposed hosts Virtual private networks Wireless Features DSL FeaturesAdvanced VPN Support for Both IPSec and SSL Stream Scanning for Content Filtering Powerful, True FirewallAutosensing Ethernet Connections with Auto Uplink Security FeaturesExtensive Protocol Support Easy Installation and ManagementMaintenance and Support Model ComparisonUTM model comparison Network Modules and Broadband Adapters Service Registration Card with License KeysHardware Features Package ContentsTest LED Right WAN LED Right LAN LEDs Power LEDFront Panel UTM5 and UTM10 USB port Left LAN LEDsTest LED Right LAN LEDs Right WAN LEDs LEDs Front Panel UTM25Front Panel UTM50 USB port Left LAN LEDs Left WAN LEDs ActiveActive WAN LEDs Test LED Right LAN LEDs Right WAN LEDs Power LED Left LAN LEDs Left WAN LEDs USB portFront Panel UTM150 LEDs Right WAN LEDs Test LED Right LAN LEDsTest LED Right LAN LEDs Power LED Left WAN LEDs Slot Left LAN LEDs USB portFront Panel UTM9S and UTM25S and Network Modules Active WAN LEDsXDSL Network Modules Wireless Network ModulesLED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150Activity Description Activity Description LAN ports DMZ LEDWAN ports LED Descriptions, UTM9S, UTM25S, and their Network Modules LED descriptions UTM9S and UTM25SUSB LED XDSL network modules Wireless network moduleRear Panel UTM5, UTM10, and UTM25 ReceptaclePort Factory Defaults Security lockReset button Receptacle Rear Panel UTM50 and UTM150Switch Security lock AC power Receptacle Factory DefaultsReset button Console switch PowerBottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Steps for Initial Connection Use the Setup Wizard to Provision UTM in Your NetworkRequirements for Entering IP Addresses Use the Setup Wizard to Provision the UTM in Your NetworkLog In to the UTM Qualified Web BrowsersProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance  To start the Setup Wizard Use the Setup Wizard to Perform the Initial ConfigurationSetup Wizard of 10 LAN Settings Dhcp Setting Description LAN TCP/IP SetupDNS Proxy Setting DescriptionSetting Description Inter Vlan Routing Setup Wizard of 10 WAN SettingsSetup Wizard WAN Settings screen settings Setting Description ISP LoginISP Type Dhcp See Configure Load Balancing Multiple WAN Port ModelsInternet IP Address ISPSetup Wizard of 10 System Date and Time Domain Name Server DNS ServersGet Automatically from ISP radio button For Daylight Savings Time check box Setup Wizard of 10 ServicesSetup Wizard System Date and Time screen settings Setting Description Set Time, Date, and NTP ServersWeb Setup Wizard Services screen settingsSetup Wizard of 10 Email Security Setup Wizard Email Security screen settingsSetting Description Action Scan Exceptions Setup Wizard of 10 Web SecurityHttp Setup Wizard of 10 Web Categories to Be Blocked Blocked Categories Time of Day Setup Wizard Web Categories to be blocked screen settingsSetting Description Blocked Web Categories Blocked Categories Scheduled DaysSetup Wizard Email Notification screen settings Setup Wizard of 10 Email NotificationSetup Wizard of 10 Signatures & Engine Setup Wizard Signatures & Engine screen settingsSetting Description Update Settings Setup Wizard of 10 Saving the Configuration Setting Description Update FrequencyHttps Proxy Settings Use the Web Management Interface to Activate Licenses Register the UTM with NetgearProSecure Unified Threat Management UTM Appliance Electronic Licensing  To retrieve and display the registered informationClick Retrieve Info Test Http Scanning Verify Correct InstallationWhat to Do Next Test ConnectivityProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings Internet and WAN Configuration Tasks Manually Configure Internet and WAN Settings Complete these steps ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Pptp Connection method Manual data input requiredManually Configure the Internet Connection If the automatic ISP configuration is successfulIf the automatic ISP configuration fails Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load Identifier check box DNS server settingsIf the manual ISP configuration fails If the manual ISP configuration is successfulOverview of the WAN Modes Configure the WAN ModeConfigure Network Address Translation All Models Configure Classical Routing All Models  To configure auto-rollover mode Configure Auto-Rollover ModeSetting Description WAN Failure Detection Method Configure the Failure Detection Method To configure the failure detection method Failure detection method settingsPing  To configure load balancing Configure Load Balancing Multiple WAN Port ModelsConfigure Protocol Binding Optional Add Protocol Binding screen settings Screen see Outbound Rules Service Blocking onChange Group Names in the Network Database on  To edit a protocol binding Configure Secondary WAN Addresses To add a secondary WAN address to a WAN interface  To delete one or more secondary addresses Configure Dynamic DNS To configure Ddns DNS service settings Click Apply to save your configurationSet the UTM’s MAC Address and Configure Advanced WAN Options Setting Description MTU Size Advanced WAN settingsFailure Detection Method Setting Speed DescriptionUpload/Download Settings 1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC AddressAdditional WAN-Related Configuration Tasks Manage Virtual LANs and Dhcp Options LAN ConfigurationPort-Based VLANs LAN Configuration100 Assign and Manage Vlan Profiles101 Vlan Dhcp Options102 Dhcp ServerDhcp Relay DNS Proxy103 Configure a Vlan ProfileLdap Server  To add or edit a Vlan profile104 Port Membership Edit Vlan Profile screen settingsSetting Description Vlan Profile 105106 107  To edit a Vlan profile Configure Vlan MAC Addresses and Advanced LAN Settings To enable, disable, or delete one or more Vlan profiles  To configure a Vlan to have a unique MAC address109 Configure Multihome LAN IP Addresses on the Default110  To add a secondary LAN IP address111 Manage Groups and Hosts LAN Groups To edit a secondary LAN IP address  To delete one or more secondary LAN IP addresses112 Manage the Network Database113 Modify Computers or Devices in the Network Database Known PCs and devices settingsSetting Description Name Add Computers or Devices to the Network Database115 Change Group Names in the Network DatabaseDelete Computers or Devices from the Network Database  To edit the names of any of the eight available groups116 Set Up Address ReservationConfigure and Enable the DMZ Port  To enable and configure the DMZ port117 DMZ Setup screen settings Setting Description DMZ Port Setup118 119 120 121 Configure Static RoutesManage Routing  To add a static route to the Static Route table122 Add Static Route screen settings To delete one or more routes Configure Routing Information Protocol To enable and configure RIP Select Network Config Routing  To edit a static route that is in the Static Routes table124 RIP Configuration screen settings125 Authentication for RIP-2B/2M126 Static Route Example127 About Firewall ProtectionAdministrator Tips Firewall Protection128 Outbound Rules Service Blocking Number of supported firewall rule configurations129 Block always Setting Description Outbound RulesOutbound rules overview 130Groups and Hosts LAN Groups on 131132 Service Profiles onInbound Rules Port Forwarding 133NAT IP 134 135 Setting Description Inbound Rules136 137 Quality of Service Profiles on138 Order of Precedence for RulesConfigure LAN WAN Rules  To change the default outbound policy139 140 Create LAN WAN Outbound Service Rules To change an existing outbound or inbound service rule  To enable, disable, or delete one or more rulesCreate LAN WAN Inbound Service Rules  To create an inbound LAN WAN service rule141 142 Configure DMZ WAN Rules143  To delete or disable one or more rulesCreate DMZ WAN Outbound Service Rules Create DMZ WAN Inbound Service Rules144 Configure LAN DMZ Rules  To create an inbound DMZ WAN service rule145 146  To create an inbound LAN DMZ service rule Create LAN DMZ Outbound Service RulesCreate LAN DMZ Inbound Service Rules  To create an outbound LAN DMZ service rule148 Examples of Firewall RulesInbound Rule Examples LAN WAN Inbound Rule Host a Local Public Web Server149 150 Netgear UTM151  To configure the UTM for additional IP addresses152 LAN WAN or DMZ WAN Inbound Rule Specify an Exposed HostOutbound Rule Example LAN WAN Outbound Rule Block Instant Messenger153 154 Configure Other Firewall FeaturesVlan Rules  To create a Vlan ruleAdd VLAN-VLAN Service screen settings Add Customized Services on155  To delete or disable one or more Vlan rules  To edit a Vlan rule156 157 Attack Checks screen settingsSetting Description WAN Security Checks Attack Checks, VPN Pass-through, and Multicast Pass-through158 Configure Multicast Pass-Through To configure multicast pass-through Setting Description LAN Security Checks159  To delete one or more multicast source addresses  To enable and configure session limitsSession Limit screen settings Set Session Limits To enable ALG for SIP and VPN scanning Session Timeout161 162 163 Add Customized Services To add a customized service Services screen settings164  To create a service group Create Service Groups To edit a service  To delete one or more services166  To edit a service groupCreate IP Groups  To create an IP group167 168  To delete an IP groupCreate Quality of Service Profiles  To create a QoS profile169 170 Add QoS Profile screen settings To delete one ore more QoS profiles Default High Medium High LowCreate Bandwidth Profiles  To edit a QoS profile172  To add and enable a bandwidth profile173 Add Bandwidth Profile screen settings174 Create Traffic Meter Profiles To edit a bandwidth profile  To delete one or more bandwidth profiles175  To add a traffic meter profile176 Add Traffic Meter Profile screen settings To add a schedule Set a Schedule to Block or Allow Specific Traffic To edit a traffic meter profile  To delete one or more traffic meter profilesAdd Schedule screen settings 178Scheduled Days  To delete one or more schedules Enable Source MAC FilteringSetting Description Scheduled Time of Day  To edit a schedule180  To remove one or more entries from the tableSet Up IP/MAC Bindings  To set up IP/MAC bindings181 IP/MAC Bindings IP/MAC Binding screen settingsSetting Description Email IP/MAC Violations 182183 Configure Port Triggering To edit an IP/MAC binding  To remove one or more IP/MAC bindings from the tablePort Triggering screen settings  To add a port-triggering rule184  To edit a port-triggering rule  To display the status of the port-triggering rules185 186 Configure Universal Plug and PlayIPS screen settings Enable and Configure the Intrusion Prevention System To enable intrusion prevention  To configure intrusion prevention188 Security Category Settings189 IPS, screen 1 Firewall ProtectionIPS uncommon attack names 190Attack Name Description Web 191 Attack Name DescriptionMisc 192 About Content Filtering and Scans193 Default Email and Web Scan SettingsDefault email and web scan settings Content Filtering and Optimizing ScansScan type Default scan setting Default action if applicable Configure Email ProtectionCustomize Email Protocol Scan Settings  To configure the email protocols and ports to scan195 Protocol Scan Settings onCustomize Email Antivirus and Notification Settings  To configure the antivirus settings for email traffic196 197 Anti-Virus screen settings for email trafficSetting Description Scan Exceptions Notification Settings198 SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME% Email Content FilteringSetting Description Email Alert Settings 199200 201 Email Filters screen settingsSetting Description Email Filters Filter by Password-Protected Attachments ZIP, RAR, etcFilter by File Name Setting Description Filter by File TypeProtect Against Email Spam 202203 Set Up the Whitelist and Blacklist204  To configure the whitelist and blacklist205 Whitelist/Blacklist screen settings206 Configure the Real-Time Blacklist To enable the real-time blacklist  To add a blacklist provider to the real-time blacklist207 Configure Distributed Spam AnalysisDistributed Spam Analysis screen settings Setting Description Distributed Spam Analysis208 Anti-Spam Engine Settings 209Low Medium-Low 210 Configure Web and Services ProtectionCustomize Web Protocol Scan Settings Setting Description Send Quarantine Spam Report211  To configure the web protocols and ports to scan212 Configure Https Smart Block213 Add or Edit Https Smart Block Profile settings214 215  To change a profile216 Configure Web Malware or Antivirus ScansHtml Scan Anti-Virus screen settings for HTTP/HTTPS traffic217 Scan Exception218 Configure Web Content Filtering219  To configure web content filtering220 Content Filtering screen settings Setting Description Content Filtering221 Block Web Objects 222Full-Text Search Performance Management on223 URL Configure Web URL FilteringSetting Description Web Category Lookup 224225  To configure web URL filteringBlacklist URL Filtering screen settingsSetting Description Whitelist 226URL% 227Configure Https Scanning and SSL Certificates How Https Scanning Works228 229 230 Configure the Https Scan Settings To configure the Https scan settings Https Settings screen settings231 Manage SSL Certificates for Https Scanning232 Manage the Active Https Certificate233 Manage Trusted Https CertificatesManage Untrusted Https Certificates 235 Specify Trusted Hosts for Https Scanning To delete an untrusted certificate  To specify trusted hosts236 Trusted Hosts screen settings237 Configure the SSL Settings for Https Scanning To configure the SSL settings for Https scanning SSL Settings screen settingsAnti-Virus screen settings for FTP Configure FTP ScanningCustomize FTP Antivirus Settings  To configure the antivirus settings for FTP traffic239 Configure FTP Content Filtering To configure the FTP filters Setting Description Scan Exception240 Configure Application Control241 242 243 244 To select one or more categories of applicationsTo select one or more individual applications To search for an application245 Meter Profiles on Application Control Policy pop-up screen settingsSetting Description Policy for a category of applications 246247  To change an existing application control profileSet Exception Rules for Web and Application Access  To delete one or more application control profiles248 249  To set web access exception rules250 ApplicationFile Extension Https Smart Block251 252 Add or Edit Exceptions screen settingsURL Filtering Web Category253 Ldap See Configure Radius VLANs on254 Delete Groups onTo search for an application 255To select a category of applications To select a single application256 For Exceptions for Web and Application Access on To disable, enable, or delete one or more exception rules  To change an existing exception rule257 258  To create and manage custom categories259 Custom categories applicationsTo select one or more individual applications Custom Categories screen settings260 To select one or more categories of applicationsTo add a URL 261To remove one or more categories or applications from Applications in this Category table To delete one or more custom categories  To configure scanning exclusion rulesSet Scanning Exclusions for IP Addresses and Ports  To change an existing custom category263 Scanning Exclusion screen settings264 Virtual Private Networking265 IP addressing for VPNs in dual WAN port systems266 Create Gateway-to-Gateway VPN Tunnels with the Wizard267 SHA-1 Setting Default Value IKE policy268 3DES269 IPSec VPN Wizard settings for a gateway-to-gateway tunnel270 Setting Description Secure Connection Remote Accessibility271 Create a Client-to-Gateway VPN Tunnel272 Fqdn IPSec VPN Wizard settings for a client-to-gateway tunnelSelect the VPN Client radio button. The default remote Fqdn 273274 Information required to configure the VPN client 275Component Example Information to be collected 276 277 278 NAT-T VPN client advanced authentication settingsSetting Description Advanced features 279280  To create new authentication settings Type vpnclient281 IKE VPN client authentication settings282 10.34.116.22283 284  To create an IPSec configurationSetting Description Local and Remote ID Type netgearplatformVPN client IPSec configuration settings 285ESP 286  To specify the global parameters287 Test the Netgear VPN Client Connection288 Click Gateway-Tunnel, and press Ctrl+ONetgear VPN Client Status and Log Information View the UTM IPSec VPN Connection Status289 290 View the UTM IPSec VPN Log To query the IPSec VPN log IPSec VPN Connection Status screen information291 Manage IPSec VPN and IKE Policies292  To access the IKE Policies screenManage IKE Policies IKE Policies Screen293 List of IKE Policies table information294 Manually Add or Edit an IKE Policy To delete one or more IKE polices  To add an IKE policy manually295 General Add IKE Policy screen settingsSetting Description Mode Config Record 296297 RemoteIKE SA Parameters 298 Setting Description Extended Authentication  To edit an IKE policy299 Manage VPN Policies VPN Policies Screen300 301 List of VPN Policies table information To add a VPN policy manually  To enable or disable one or more VPN policiesManually Add or Edit a VPN Policy  To delete one or more VPN polices303 Add New VPN Policy screen settings Setting Description General304 Manual Policy Parameters Configure Keep-Alives305 Traffic Selection306 307 Setting Description Auto Policy ParametersConfigure Extended Authentication Xauth  To edit a VPN policy308 309 Configure Xauth for VPN Clients To enable and configure Xauth Extended authentication settings310 User Database ConfigurationRadius Client and Server Configuration  To configure primary and backup Radius serversConnection Configuration Radius Client screen settingsSetting Description Primary Radius Server Backup Radius Server312 Assign IP Addresses to Remote Users Mode ConfigMode Config Operation Configure Mode Config Operation on the UTM313  To configure Mode Config on the UTMAdd Mode Config Record screen settings Setting Description Client Pool314 Traffic Tunnel Security Level 315316 317 Setting Description IKE SA Parameters 318Select Group 2 1024 bit Configure the ProSafe VPN Client for Mode Config Operation User Database Configuration on319 320 321 Type GWModeConfig322 VPN client authentication settings Mode ConfigType TunnelModeConfig VPN client advanced authentication settings Mode Config323 VPN client IPSec configuration settings Mode Config 324Enter 325 Configure the Mode Config Global Parameters326 Test the Mode Config Connection327 Modify or Delete a Mode Config Record To edit a Mode Config record  To delete one or more Mode Config recordsConfigure Keep-Alives and Dead Peer Detection Configure Keep-Alives328 329 Configure Dead Peer Detection To configure DPD on a configured IKE policy Keep-alive settings330 Configure NetBIOS Bridging with IPSec VPN To enable NetBIOS bridging on a configured VPN tunnel Dead Peer Detection settings331 Configure the Pptp ServerPptp Server screen settings Setting Description Pptp Server332 333 Setting Description AuthenticationView the Active Pptp Users  To view the active Pptp tunnel usersPptp IP Configure the L2TP ServerPptp Active Users screen information 334L2TP Server screen settings Setting Description L2TP Server335 L2TP Active Users screen information For More IPSec VPN InformationView the Active L2TP Users  To view the active L2TP tunnel users337 SSL VPN Portal Options338 Build a Portal Using the SSL VPN WizardVirtual Private Networking Using SSL Connections  To start the SSL VPN Wizard339 SSL VPN Wizard of 6 Portal SettingsSSL VPN Wizard of 6 screen settings portal settings Setting Description Portal Layout and Theme Name340 6 Port Forwarding on 341SSL VPN Portal Pages to Display Wizard of 6 Client IP Addresses and Routes on342 SSL VPN Wizard of 6 Domain SettingsRadius Client SSL VPN Wizard of 6 screen settings domain settingsServer Configuration 343344 Windows login account name in email format. For 345Display name in the dn format. For example 346 SSL VPN Wizard of 6 User Settings SSL VPN Wizard of 6 screen settings user settings347 348 SSL VPN Wizard of 6 Client IP Addresses and RoutesSetting Description Client IP Address Range 349Add Routes for VPN Tunnel Clients Setting Description Add New Application for Port Forwarding SSL VPN Wizard of 6 Port Forwarding350 Add New Host Name for Port Forwarding SSL VPN Wizard of 6 Verify and Save Your Settings351 SSH352 353 Access the New SSL VPN Portal354 355 356 View the UTM SSL VPN Connection Status357 Manually Configure and Modify SSL PortalsView the UTM SSL VPN Log  To query the SSL VPN log358 Manually Create or Modify the Portal Layout  To create an SSL VPN portal layout359 360 361 Add Portal Layout screen settings To delete one or more portal layouts Configure Domains, Groups, and UsersSetting Description SSL VPN Portal Pages to Display  To edit a portal layout363 Configure Applications for Port ForwardingAdd Servers and Port Numbers  To add a server and a port numberTCP application Port number  To add servers and host names for client name resolutionAdd a Host Name 364Configure the SSL VPN Client Fully Qualified Domain Name. The full server name365 366 Configure the Client IP Address RangeSSL VPN Client screen settings  To define the client IP address rangeAdd Routes for VPN Tunnel Clients  To add an SSL VPN tunnel client route367 Configure the Advanced SSL VPN Client Settings  To change the LCP time-out368 369 Use Network Resource Objects to Simplify PoliciesAdd New Network Resources  To define a network resource To edit network resources Resources screen settings to edit a resourceEdit Network Resources to Specify Addresses  To delete one or more network resources371 Configure User, Group, and Global Policies372 Global Default Policy To add an SSL VPN policy View PoliciesAdd a Policy  To view the existing policiesAdd SSL VPN Policies Add SSL VPN Policy screen settingsSetting Description Policy For 374Resource Objects to Simplify Policies on 375376  To edit an SSL VPN policyFor More SSL VPN Information  To delete one or more SSL VPN policies377 378 Authentication Process and Options379 External authentication protocols and methodsManage Users, Authentication, and VPN Certificates Authentication Description Protocol or method380 Configure Authentication Domains, Groups, and UsersLogin Portals Administrative Users and Users with Guest Privileges381 Users with Special Access Privileges382 383 384 Active Directories and Ldap ConfigurationsUnauthenticated or Anonymous Users How an Active Directory Works385 How to Bind a DN in an Active Directory Configuration386 387 Select Users Domains388 Configure DomainsCreate and Delete Domains  To create a domain389 390 Add Domain screen settings391 392 393  To edit a domain Configure GroupsEdit Domains  To delete one or more domainsCreate and Delete Groups  To create a VPN group395  To edit a VPN group Groups screen settingsEdit Groups  To delete one or more groupsConfigure Custom Groups  To create and manage custom groups397 398 399 Add Custom Group screen settings To change an existing custom group  To delete one or more custom groups400 Configure User Accounts  To create an individual user account401 402 403 Add User screen settingsSee Configure Extended Authentication Xauth on  To delete one or more user accounts404 Set User Login PoliciesConfigure Login Policies  To configure user login policiesConfigure Login Restrictions Based on IP Address  To restrict logging in based on IP address405  To restrict logging in based on the user’s browser Configure Login Restrictions Based on Web BrowserBy Source IP Address screen settings  To delete one or more addressesInternet Explorer Opera Netscape Navigator  To delete one or more browsers407 Change Passwords and Other User Settings  To modify user settings, including passwords408 409 Edit User screen settingsConfigure Extended Authentication Xauth on DC Agent410 411  To download ProSecure DC Agent software and add a DC agent412  To configure AD SSO with a DC agentDC Agent screen settings  To edit a DC agent413 414 415 Configure Radius VLANs To do so, follow this procedure  To configure a Radius Vlan416 Configure Global User SettingsView and Log Out Active Users  To log out all active users417 Active Users screen settings  To view all or selected users418 419 Manage Digital Certificates for VPN Connections420 VPN Certificates ScreenManage CA Certificates  To view and upload trusted certificates421 Manage Self-Signed Certificates  To delete one or more digital certificates422 423 Generate self-signed certificate request settings 424512 1024 2048 425  To delete one or more self-signed certificates Manage the Certificate Revocation ListView and Manage Self-Signed Certificates  To delete one or more SCRs427  To delete one or more CRLsPerformance Management Bandwidth Capacity428 Features That Reduce Traffic Network and System Management429 430 431 Content FilteringFeatures That Increase Traffic Source MAC Filtering432 433 Configure the DMZ Port Port Triggering434 Assign QoS Profiles Configure Exposed HostsConfigure VPN Tunnels Use QoS and Bandwidth Assignments to Shift the Traffic Mix436 Change Passwords and Administrator and Guest SettingsSystem Management Monitoring Tools for Traffic Management437 Configure Remote Management Access  To configure the UTM for remote management438 439 Https//IPaddress or https//FullyQualifiedDomainName440 Use a Simple Network Management Protocol Manager441 442 Global Snmp settings and SNMPv1/v2c settingsSetting Description Snmp Global Settings SNMPv1/v2c Settings443  To configure the SNMPv3 settingsSNMPv3 settings Setting Description SNMPv3 Settings444  To delete one or more SNMPv3 user profiles Manage the Configuration FileRestore Settings  To edit an SNMPv3 user profileBack Up Settings  To back up settings446 Restore Settings Revert to Factory Default Settings447 Update the Firmware View the Available Firmware Versions448 449 Firmware screen, available versions450 Click Install Downloaded Firmware451  To download the latest firmware for your UTM452 453 454 Update the Scan Signatures and Scan Engine FirmwareReboot without Changing the Firmware  To reboot the UTM without changing the firmware455 456 Configure Date and Time ServiceConfigure Automatic Update and Frequency Settings Signatures & Engine screen settings457 System Date & Time screen settingsAdjust for Daylight Savings Time check box  To set time, date, and NTP servers458 Connect to a ReadyNAS and Configure Quarantine Settings459 Log StorageConnect to a ReadyNAS  To connect to the ReadyNAS on the UTM460 Configure the Quarantine Settings To configure the quarantine settings ReadyNAS Integration screen settingsQuarantine settings Unauthenticated or Anonymous Users on461 462 Enable the WAN Traffic Meter463 Monitor System Access and PerformanceEvent Notifications on Setting Description Enable Traffic Meter464 Traffic Counter465 Setting Description When Limit is reached466 Configure Logging, Alerts, and Event NotificationsConfigure the Email Notification Server  To configure the email notification serverConfigure and Activate System, Email, and Syslog Logs Email Notification screen settings467 468  To configure and activate logs469 Email and Syslog screen settingsSetting Description System Logs Option Email Logs to AdministratorLogs screen see Configure and Activate Firewall Logs on 470Send Logs via Syslog 471 How to Send Syslogs over a VPN Tunnel between SitesConfigure Gateway 1 at Site Setting Description Clear the Following Logs Information472 Configure Gateway 2 at Site To change the remote IP address in the VPN policy  To change the local IP address in the VPN policy473 Configure and Activate Update Failure and Attack Alerts To configure and activate the email alerts  To specify the syslog server that is connected to Gateway474 Alerts screen settings475 TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%FILENAME%, %ACTION%, %VIRUSNAME% Configure and Activate Firewall Logs  To configure and activate firewall logs476 Setting Description Routing Logs Monitor Real-Time Traffic, Security, and Statistics477 478 Dashboard, screen 1Total Threats  To set the poll intervalDashboard screen threats and traffic information 479480 Threats CountsTotal Traffic Bytes 481 Enable and Configure the Intrusion482 Dashboard screen service statistics informationRBL Spam blacklist see Set Up the Whitelist and Blacklist onMonitor Application Use in Real Time 483484 485  To set the monitoring period To filter the information that is displayed onscreen Application Dashboard screenView Status Screens View the System Status486 Status Description View the System Status ScreenSystem Status screen fields 487System Information Scan Settings onView the Network Status Screen 488LAN Vlan Information Available Access Points TableNetwork Status screen fields 489Ssid View the Router Statistics Screen To view the Router Statistics screen 490491 View the Wireless Statistics Screen UTM9S and UTM25S Only To view the Wireless Statistics screen Router Statistics screen fieldsAP Statistics Wireless Statistics screen fields492 Radio Statistics Details493 View the Detailed Status Screen494 495 LAN Port ConfigurationConfigure and Enable the DMZ Port on Detailed Status screen fields496 SettingsMAC Address and Configure Manually Configure the InternetWireless information in SLOT-1 Info or SLOT-2 Info Access Points Information497 Vlan Status screen fields See Configure a Vlan Profile onConfigure a Vlan Profile on View the Vlan Status ScreenView the Active VPN Users View the xDSL Statistics Screen UTM9S and UTM25S Only499 500 View the VPN Tunnel Connection Status501 View the Active Pptp and L2TP Users To view the status of the port-triggering feature View the Port Triggering Status502 503 Port Triggering Status pop-up screen information504 View the WAN, xDSL, or USB Port Status To view the status of a WAN, xDSL, or USB port Connection Status pop-up screen information505 View Attached Devices and the Dhcp LeasesView Attached Devices  To view the attached devices in the LAN Groups screen506 507 Query and Manage the LogsView the Dhcp Leases  To view the Dhcp leases508 Overview of the LogsQuery and Download Logs  To query and download logs509 510 Logs Query screen settings511 512 513 EMERG, ALERT, CRITICAL, ERROR, WARNING, NoticeExample Use the Logs to Identify Infected Clients  To identify infected clientsQuery and Manage the Quarantine Logs Log Management514 Query the Quarantined Logs  To query the quarantine logs515 516 Quarantine screen settings517 View and Manage the Quarantined Spam Table518 View and Manage the Quarantined Infected Files TableSpam Reports for End Users  For an end user to send a spam report519 View, Schedule, and Generate Reports Click Send Report520 521 Enable Application Session Monitoring To configure filtering options Report Filtering Options522 Pie Report screen filtering options settings523 Horizontal BarUse Report Templates and View Reports Onscreen  To display the report templates and view reports onscreen524 525 Report screen report template information526 IPS & Application 527Email Activity 528System Schedule, Email, and Manage Reports To schedule automatic generation and emailing of reports 529530 Report screen schedule report settingsSetting Description Schedule Reports Managing Saved Reports531 Use Diagnostics Utilities532 Use the Network Diagnostic ToolsSend a Ping Packet  To send a pingLook Up a DNS Address Use the Real-Time Traffic Diagnostics ToolTrace a Route Display the Routing Table534  To use the real-time traffic diagnostics tool535 Gather Important Log InformationGenerate Network Statistics  To gather log information about your UTMPerform Maintenance on the USB Device Reboot and Shut Down the UTM536 537 538 Troubleshoot and Use Online SupportTest LED Never Turns Off Power LED Not OnBasic Functioning Verify the Correct Sequence of Events at StartupTroubleshoot the Web Management Interface LAN or WAN Port LEDs Not On540 When You Enter a URL or IP Address, a Time-Out Error Occurs Troubleshoot the ISP Connection541 542  To check the WAN IP address543 Troubleshoot a TCP/IP Network Using a Ping UtilityTest the LAN Path to Your UTM PingTest the Path from Your Computer to a Remote Device Ping -n 10 IP address544 545 Restore the Default Configuration and Password To initiate the support tunnel Problems with Date and TimeEnable Remote Troubleshooting Use Online SupportSend Suspicious Files to Netgear for Analysis  To submit a file to Netgear for analysis547 Access the Knowledge Base and Documentation Malware Analysis screen settings548 549 XDSL Network Module for the UTM9S UTM25S550 XDSL Network Module Configuration TasksConfigure the xDSL Settings XDSL Network Module for the UTM9S and UTM25S551  To configure the xDSL settingsXDSL settings Setting Description XDSL Settings552 553 VPIVCI 554 555 561, and Troubleshoot the ISP Connection on556 Manually Configure the xDSL Internet Connection557 558 PPPoE and PPPoA settingsATM Ipoa 559560 561 562 Configure Network Address Translation563 Configure Classical Routing564 565 566 Configure Load Balancing and Optional Protocol Binding567 Configure Load Balancing568 569 570 571  To add a secondary WAN address to the DSL interface572 573 574 Setting Description SLOT-x Dynamic DNS Status575 Advanced DSL settings Default Address radio button576 577 578 Wireless Network Module for UTM9S and UTM25SWireless Network Module for the UTM9S and UTM25S Overview of the Wireless Network ModuleConfiguration Order Wireless Equipment Placement and Range GuidelinesConfigure the Basic Radio Settings  To configure the basic radio settings580 Radio Settings screen settings 581Field Descriptions 582 583 Operating Frequency Channel Guidelines584 Wireless Data Security Options585 Wireless Security ProfilesNetwork authentication Data encryption586 587 Before You Change the SSID, WEP, and WPA SettingsWPA Radius settings WPA2 Radius settings588 Configure and Enable Wireless Profiles To add a wireless profile Wireless Profiles screen settingsAdd Wireless Profiles screen settings Field Description Profile Configuration589 Security Options on 590591 Tkip TKIP+AESWEP Index and Keys 592  To enable or disable one or more wireless profiles Restrict Wireless Access by MAC Address To edit a wireless profile  To delete one or more wireless profiles594 595 Connected Clients Configure a Wireless Distribution SystemAccess Point Status screen fields 596597  To enable and configure WDS598 Configure Advanced Radio Settings To configure WDS on a peer  To configure advanced radio settings599 Advanced Wireless screen settings600 Configure WMM QoS Priority Settings601 602 Test Basic Wireless ConnectivityFor More Information About Wireless Configurations  To test for wireless connectivity603 3G/4G Dongle Configuration TasksManually Configure the USB Internet Connection 3G/4G Dongles for the UTM9S and UTM25S604 605  To configure the WAN ISP settings for the USB interface606 USB ISP settingsSetting Description 3G Dongle Details Connection Settings607 XDSL, or USB Port Status onConfigure the 3G/4G Settings  To configure the 3G/4G settings608 609 4G settingsSetting Description 3GStatus Connection SettingAPN 610611 612 613 614 615 616 617 618 619 620 Setting Description USB Dynamic DNS Status621 622 What to Consider Before You BeginWAN port Physical facility Internet623 Cabling and Computer Hardware Requirements Computer Network Configuration RequirementsInternet Configuration Requirements Where Do I Get the Internet Configuration Information?625 Internet Connection Information626 Overview of the Planning Process627 Inbound TrafficInbound Traffic Dual WAN Ports for Load Balancing Inbound Traffic to a Single WAN Port SystemInbound Traffic to a Dual WAN Port System Inbound Traffic Dual WAN Ports for Improved Reliability629 Virtual Private Networks630 VPN Road Warrior Client-to-Gateway631 VPN Road Warrior Single-Gateway WAN Port Reference Case632 VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing633 VPN Gateway-to-Gateway634 VPN Telecommuter Client-to-Gateway through a NAT Router VPN Telecommuter Single-Gateway WAN Port Reference Case635 636 637 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing638 Supported ReadyNAS ModelsReadyNAS Integration Install the UTM Add-On on the ReadyNAS To install the UTM add-on on the ReadyNAS Select Add-ons Add New640 Select Add-ons Installed641 Connect to the ReadyNAS on the UTM642 643 Why Do I Need Two-Factor Authentication? What Are the Benefits of Two-Factor Authentication?644  To use WiKID for end users Netgear Two-Factor Authentication SolutionsWhat Is Two-Factor Authentication? Two-Factor Authentication646 647 Log message terms 648Term Description 649 RebootSystem Log Messages System Startup650 Login/LogoutSystem logs login/logout System logs NTPWAN Status Auto-Rollover ModeFirewall Restart IPSec RestartACTIVEWAN2 Load Balancing ModeSystem logs WAN status, auto rollover 652653 System logs WAN status, PPPoE idle timeoutPPP Logs System logs WAN status, load balancing654 System logs WAN status, Pptp idle timeoutTraffic Metering Logs Unicast, Multicast, and Broadcast Logs655 656 Invalid Packet LoggingIcmp Redirect Logs Multicast/Broadcast Logs657 658 Service LogsContent-Filtering and Security Logs Service logs659 Web Filtering and Content-Filtering LogsContent-filtering and security logs spam Spam Logs660 661 Traffic LogsMalware Logs Email Filter LogsAnomaly Behavior Logs Content-filtering and security logs IPSContent-filtering and security logs anomaly behavior IPS Logs663 Routing LogsApplication Logs LAN-to-WAN Logs664 LAN-to-DMZ LogsDMZ-to-WAN Logs WAN-to-LAN Logs665 DMZ-to-LAN LogsWAN-to-DMZ Logs Routing logs WAN to DMZ666 Default SettingsUTM default configuration settings Feature Login settings Default behavior667 Default Settings and Technical SpecificationsFeature Default behavior WAN connections Administrative and monitoring settingsIPS Feature Default behavior Firewall and network security668 SIP ALG669 Feature Application security Default behavior670 Feature Default behavior671 Radius settingsSSL VPN settings User, group, and domain settings672 Physical and Technical Specifications UTM physical and technical specifications673 Setting Specification UTM IPSec VPN specificationsFeature Specification Major regulatory compliance Interface specificationsHttp//prosecure.netgear.com UTM SSL VPN specificationsFeature Description 802.11b/bg/ng wireless specifications 675Feature Description 802.11a/na wireless specifications 676AES Regulatory Compliance Information FCC Requirements for Operation in the United States677 Notification of Compliance Wired European Union678 Additional Copyrights 679Terms MD5 680Language Statement Europe EU Declaration of ConformityEdoc in Languages of the European Community 681682 Notification of Compliance Wireless683 FCC Caution684 Industry CanadaImportant Note Radiation Exposure Statement Avertissement685 Interference Reduction Table686 Index687 See also 688DMZ 689690 691 Blocking 202, 218, 222 setting access exceptionsLogs 469, 508-510traffic statistics 692LAN 693694 695 696 697 698 SSL VPN 699TCP/IP 700701 Logs 290, 470 702703 Dhcp 50, 106, 119 ModeConfig704