Manuals / NETGEAR / Power Tools / Router

NETGEAR STM150EW-100NAS, UTM5EW-100NAS manual Virtual Private Networks, 629

Models: UTM5EW-100NAS STM150EW-100NAS

1 704

Page 629

ProSecure Unified Threat Management (UTM) Appliance

Note: Load balancing is implemented for outgoing traffic and not for incoming traffic. Consider making one of the WAN port Internet addresses public and keeping the other one private in order to maintain better control of WAN port traffic.

Figure 363.

Virtual Private Networks

•VPN Road Warrior (Client-to-Gateway)

•VPN Gateway-to-Gateway

•VPN Telecommuter (Client-to-Gateway through a NAT Router)

When implementing virtual private network (VPN) tunnels, you need to use a mechanism for determining the IP addresses of the tunnel endpoints. The addressing of the firewall’s dual WAN port depends on the configuration being implemented.

Table 159. IP addressing requirements for VPNs in dual WAN port systems

Configuration and WAN IP address		Single WAN port	Dual WAN port configurations
		configurations	Rollover Mode1	Load balancing mode
		(reference cases)	Rollover Mode1	Load balancing mode
		(reference cases)

VPN Road Warrior	Fixed	Allowed	FQDN required	Allowed
(Client-to-Gateway)		(FQDN optional)		(FQDN optional)

	Dynamic	FQDN required	FQDN required	FQDN required

VPN Gateway-to-Gateway	Fixed	Allowed	FQDN required	Allowed
		(FQDN optional)		(FQDN optional)

	Dynamic	FQDN required	FQDN required	FQDN required

VPN Telecommuter	Fixed	Allowed	FQDN required	Allowed
(Client-to-Gateway through		(FQDN optional)		(FQDN optional)
a NAT Router)
a NAT Router)	Dynamic	FQDN required	FQDN required	FQDN required
	Dynamic	FQDN required	FQDN required	FQDN required

1. After a rollover, all tunnels need to be reestablished using the new WAN IP address.

Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)

629

Page 629

Image 629

NETGEAR STM150EW-100NAS, UTM5EW-100NAS manual Virtual Private Networks, 629

Contents

ProSecure Unified Threat Management UTM Appliance Support ProSecure Product Updates ProSecure Forum Revision HistoryTrademarks ProSecure Unified Threat Management UTM ApplianceUpdated Features That Reduce Traffic and Features That Settings and Technical SpecificationsApplication control see Configure Application Control Configure Quarantine Settings, Query and ManageAdded the Requirements for Entering IP Addresses Appendix B, Wireless Network Module for the UTM9S UTM25SConfigure Distributed Spam Analysis section Contents Manually Configure Internet and WAN Settings Firewall Protection Content Filtering and Optimizing Scans Virtual Private Networking Using SSL Connections Network and System Management Troubleshoot and Use Online Support Appendix a xDSL Network Module for the UTM9S and UTM25S Appendix E ReadyNAS Integration Appendix H Default Settings and Technical Specifications Introduction Introduction Key Features and CapabilitiesSingle or multiple exposed hosts Virtual private networks Advanced VPN Support for Both IPSec and SSL Wireless FeaturesDSL Features Stream Scanning for Content Filtering Powerful, True FirewallAutosensing Ethernet Connections with Auto Uplink Security FeaturesExtensive Protocol Support Easy Installation and ManagementUTM model comparison Maintenance and SupportModel Comparison Network Modules and Broadband Adapters Service Registration Card with License KeysHardware Features Package ContentsFront Panel UTM5 and UTM10 Power LEDUSB port Left LAN LEDs Test LED Right WAN LED Right LAN LEDsFront Panel UTM50 Front Panel UTM25USB port Left LAN LEDs Left WAN LEDs Active Test LED Right LAN LEDs Right WAN LEDs LEDsFront Panel UTM150 Power LED Left LAN LEDs Left WAN LEDs USB portLEDs Right WAN LEDs Test LED Right LAN LEDs Active WAN LEDs Test LED Right LAN LEDs Right WAN LEDsFront Panel UTM9S and UTM25S and Network Modules Power LED Left WAN LEDs Slot Left LAN LEDs USB portActive WAN LEDs Test LED Right LAN LEDsXDSL Network Modules Wireless Network ModulesActivity Description LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150LED descriptions UTM5, UTM10, UTM25, UTM50, and UTM150 WAN ports Activity Description LAN portsDMZ LED USB LED LED Descriptions, UTM9S, UTM25S, and their Network ModulesLED descriptions UTM9S and UTM25S Rear Panel UTM5, UTM10, and UTM25 Wireless network moduleReceptacle XDSL network modulesReset button Receptacle Factory Defaults Security lockRear Panel UTM50 and UTM150 PortReset button Console switch Security lock AC power Receptacle Factory DefaultsPower SwitchBottom Panels with Product Labels ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Choose a Location for the UTM Use the Rack-Mounting Kit Steps for Initial Connection Use the Setup Wizard to Provision UTM in Your NetworkLog In to the UTM Use the Setup Wizard to Provision the UTM in Your NetworkQualified Web Browsers Requirements for Entering IP AddressesProSecure Unified Threat Management UTM Appliance Web Management Interface Menu Layout ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance  To start the Setup Wizard Use the Setup Wizard to Perform the Initial ConfigurationSetup Wizard of 10 LAN Settings Dhcp Setting Description LAN TCP/IP SetupDNS Proxy Setting DescriptionSetting Description Inter Vlan Routing Setup Wizard of 10 WAN SettingsISP Type Setup Wizard WAN Settings screen settingsSetting Description ISP Login Internet IP Address See Configure Load Balancing Multiple WAN Port ModelsISP DhcpGet Automatically from ISP radio button Setup Wizard of 10 System Date and TimeDomain Name Server DNS Servers Setup Wizard System Date and Time screen settings Setup Wizard of 10 ServicesSetting Description Set Time, Date, and NTP Servers For Daylight Savings Time check boxWeb Setup Wizard Services screen settingsSetting Description Action Setup Wizard of 10 Email SecuritySetup Wizard Email Security screen settings Scan Exceptions Setup Wizard of 10 Web SecurityHttp Setup Wizard of 10 Web Categories to Be Blocked Setting Description Blocked Web Categories Setup Wizard Web Categories to be blocked screen settingsBlocked Categories Scheduled Days Blocked Categories Time of DaySetup Wizard Email Notification screen settings Setup Wizard of 10 Email NotificationSetting Description Update Settings Setup Wizard of 10 Signatures & EngineSetup Wizard Signatures & Engine screen settings Https Proxy Settings Setup Wizard of 10 Saving the ConfigurationSetting Description Update Frequency Use the Web Management Interface to Activate Licenses Register the UTM with NetgearProSecure Unified Threat Management UTM Appliance Click Retrieve Info Electronic Licensing To retrieve and display the registered information What to Do Next Verify Correct InstallationTest Connectivity Test Http ScanningProSecure Unified Threat Management UTM Appliance Manually Configure Internet and WAN Settings  Complete these steps Internet and WAN Configuration TasksManually Configure Internet and WAN Settings ProSecure Unified Threat Management UTM Appliance ProSecure Unified Threat Management UTM Appliance Pptp Connection method Manual data input requiredIf the automatic ISP configuration fails Manually Configure the Internet ConnectionIf the automatic ISP configuration is successful Pptp and PPPoE settings Balancing Multiple WAN Port Models on page 86 . To use load Identifier check box DNS server settingsIf the manual ISP configuration fails If the manual ISP configuration is successfulOverview of the WAN Modes Configure the WAN ModeConfigure Network Address Translation All Models Configure Classical Routing All Models  To configure auto-rollover mode Configure Auto-Rollover Mode To configure the failure detection method Configure the Failure Detection MethodFailure detection method settings Setting Description WAN Failure Detection MethodPing  To configure load balancing Configure Load Balancing Multiple WAN Port ModelsConfigure Protocol Binding Optional Change Group Names in the Network Database on Add Protocol Binding screen settingsScreen see Outbound Rules Service Blocking on  To edit a protocol binding Configure Secondary WAN Addresses To add a secondary WAN address to a WAN interface  To delete one or more secondary addresses Configure Dynamic DNS To configure Ddns DNS service settings Click Apply to save your configurationSet the UTM’s MAC Address and Configure Advanced WAN Options Setting Description MTU Size Advanced WAN settingsUpload/Download Settings Setting Speed Description1000BaseT FullDuplex. Gigabit Ethernet Router’s MAC Address Failure Detection MethodAdditional WAN-Related Configuration Tasks Manage Virtual LANs and Dhcp Options LAN ConfigurationPort-Based VLANs LAN Configuration100 Assign and Manage Vlan Profiles101 Vlan Dhcp OptionsDhcp Relay Dhcp ServerDNS Proxy 102Ldap Server Configure a Vlan Profile To add or edit a Vlan profile 103104 Setting Description Vlan Profile Edit Vlan Profile screen settings105 Port Membership106 107  To enable, disable, or delete one or more Vlan profiles Configure Vlan MAC Addresses and Advanced LAN Settings To configure a Vlan to have a unique MAC address  To edit a Vlan profile109 Configure Multihome LAN IP Addresses on the Default110  To add a secondary LAN IP address To edit a secondary LAN IP address Manage Groups and Hosts LAN Groups To delete one or more secondary LAN IP addresses 111112 Manage the Network Database113 Setting Description Name Known PCs and devices settingsAdd Computers or Devices to the Network Database Modify Computers or Devices in the Network DatabaseDelete Computers or Devices from the Network Database Change Group Names in the Network Database To edit the names of any of the eight available groups 115116 Set Up Address Reservation117 Configure and Enable the DMZ Port To enable and configure the DMZ port 118 DMZ Setup screen settingsSetting Description DMZ Port Setup 119 120 Manage Routing Configure Static Routes To add a static route to the Static Route table 121122 Add Static Route screen settings To enable and configure RIP Select Network Config Routing Configure Routing Information Protocol To edit a static route that is in the Static Routes table  To delete one or more routes124 RIP Configuration screen settings125 Authentication for RIP-2B/2M126 Static Route Example127 About Firewall Protection128 Administrator TipsFirewall Protection 129 Outbound Rules Service BlockingNumber of supported firewall rule configurations Outbound rules overview Setting Description Outbound Rules130 Block alwaysGroups and Hosts LAN Groups on 131132 Service Profiles onNAT IP Inbound Rules Port Forwarding133 134 135 Setting Description Inbound Rules136 137 Quality of Service Profiles on138 Order of Precedence for Rules139 Configure LAN WAN Rules To change the default outbound policy  To change an existing outbound or inbound service rule Create LAN WAN Outbound Service Rules To enable, disable, or delete one or more rules 140141 Create LAN WAN Inbound Service Rules To create an inbound LAN WAN service rule 142 Configure DMZ WAN Rules143  To delete or disable one or more rules144 Create DMZ WAN Outbound Service RulesCreate DMZ WAN Inbound Service Rules 145 Configure LAN DMZ Rules To create an inbound DMZ WAN service rule 146 Create LAN DMZ Inbound Service Rules Create LAN DMZ Outbound Service Rules To create an outbound LAN DMZ service rule  To create an inbound LAN DMZ service ruleInbound Rule Examples Examples of Firewall RulesLAN WAN Inbound Rule Host a Local Public Web Server 148149 150 Netgear UTM151  To configure the UTM for additional IP addresses152 LAN WAN or DMZ WAN Inbound Rule Specify an Exposed Host153 Outbound Rule ExampleLAN WAN Outbound Rule Block Instant Messenger Vlan Rules Configure Other Firewall Features To create a Vlan rule 154155 Add VLAN-VLAN Service screen settingsAdd Customized Services on 156  To delete or disable one or more Vlan rules To edit a Vlan rule Setting Description WAN Security Checks Attack Checks screen settingsAttack Checks, VPN Pass-through, and Multicast Pass-through 157 To configure multicast pass-through Configure Multicast Pass-ThroughSetting Description LAN Security Checks 158159 Session Limit screen settings  To enable and configure session limitsSet Session Limits  To delete one or more multicast source addresses161  To enable ALG for SIP and VPN scanningSession Timeout 162 163 Add Customized Services164  To add a customized serviceServices screen settings  To edit a service Create Service Groups To delete one or more services  To create a service group166  To edit a service group167 Create IP Groups To create an IP group 168  To delete an IP group169 Create Quality of Service Profiles To create a QoS profile 170 Add QoS Profile screen settingsCreate Bandwidth Profiles Default High Medium High Low To edit a QoS profile  To delete one ore more QoS profiles172  To add and enable a bandwidth profile173 Add Bandwidth Profile screen settings To edit a bandwidth profile Create Traffic Meter Profiles To delete one or more bandwidth profiles 174175  To add a traffic meter profile176 Add Traffic Meter Profile screen settings To edit a traffic meter profile Set a Schedule to Block or Allow Specific Traffic To delete one or more traffic meter profiles  To add a scheduleScheduled Days Add Schedule screen settings178 Setting Description Scheduled Time of Day Enable Source MAC Filtering To edit a schedule  To delete one or more schedules180  To remove one or more entries from the table181 Set Up IP/MAC Bindings To set up IP/MAC bindings Setting Description Email IP/MAC Violations IP/MAC Binding screen settings182 IP/MAC Bindings To edit an IP/MAC binding Configure Port Triggering To remove one or more IP/MAC bindings from the table 183184 Port Triggering screen settings To add a port-triggering rule 185  To edit a port-triggering rule To display the status of the port-triggering rules 186 Configure Universal Plug and Play To enable intrusion prevention Enable and Configure the Intrusion Prevention System To configure intrusion prevention IPS screen settings188 Security Category Settings189 IPS, screen 1 Firewall ProtectionAttack Name Description Web IPS uncommon attack names190 Misc 191Attack Name Description 192 About Content Filtering and ScansDefault email and web scan settings Default Email and Web Scan SettingsContent Filtering and Optimizing Scans 193Customize Email Protocol Scan Settings Configure Email Protection To configure the email protocols and ports to scan Scan type Default scan setting Default action if applicable195 Protocol Scan Settings on196 Customize Email Antivirus and Notification Settings To configure the antivirus settings for email traffic 197 Anti-Virus screen settings for email traffic198 Setting Description Scan ExceptionsNotification Settings Setting Description Email Alert Settings Email Content Filtering199 SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%200 Setting Description Email Filters Email Filters screen settingsFilter by Password-Protected Attachments ZIP, RAR, etc 201Protect Against Email Spam Setting Description Filter by File Type202 Filter by File Name203 Set Up the Whitelist and Blacklist204  To configure the whitelist and blacklist205 Whitelist/Blacklist screen settings To enable the real-time blacklist Configure the Real-Time Blacklist To add a blacklist provider to the real-time blacklist 206207 Configure Distributed Spam Analysis208 Distributed Spam Analysis screen settingsSetting Description Distributed Spam Analysis Low Medium-Low Anti-Spam Engine Settings209 Customize Web Protocol Scan Settings Configure Web and Services ProtectionSetting Description Send Quarantine Spam Report 210211  To configure the web protocols and ports to scan212 Configure Https Smart Block213 Add or Edit Https Smart Block Profile settings214 215  To change a profile216 Configure Web Malware or Antivirus Scans217 Anti-Virus screen settings for HTTP/HTTPS trafficScan Exception Html Scan218 Configure Web Content Filtering219  To configure web content filtering220 221 Content Filtering screen settingsSetting Description Content Filtering Full-Text Search 222Performance Management on Block Web Objects223 Setting Description Web Category Lookup Configure Web URL Filtering224 URL225  To configure web URL filteringSetting Description Whitelist URL Filtering screen settings226 BlacklistURL% 227228 Configure Https Scanning and SSL CertificatesHow Https Scanning Works 229  To configure the Https scan settings Configure the Https Scan SettingsHttps Settings screen settings 230231 Manage SSL Certificates for Https Scanning232 Manage the Active Https Certificate233 Manage Trusted Https CertificatesManage Untrusted Https Certificates  To delete an untrusted certificate Specify Trusted Hosts for Https Scanning To specify trusted hosts 235236 Trusted Hosts screen settings To configure the SSL settings for Https scanning Configure the SSL Settings for Https ScanningSSL Settings screen settings 237Customize FTP Antivirus Settings Configure FTP Scanning To configure the antivirus settings for FTP traffic Anti-Virus screen settings for FTP To configure the FTP filters Configure FTP Content FilteringSetting Description Scan Exception 239240 Configure Application Control241 242 243 To select one or more individual applications To select one or more categories of applicationsTo search for an application 244245 Setting Description Policy for a category of applications Application Control Policy pop-up screen settings246 Meter Profiles on247  To change an existing application control profile248 Set Exception Rules for Web and Application Access To delete one or more application control profiles 249  To set web access exception rules250 Application251 File ExtensionHttps Smart Block URL Filtering Add or Edit Exceptions screen settingsWeb Category 252253 254 See Configure Radius VLANs onDelete Groups on LdapTo select a category of applications 255To select a single application To search for an application256 For Exceptions for Web and Application Access on257  To disable, enable, or delete one or more exception rules To change an existing exception rule 258  To create and manage custom categories259 Custom categories applications260 Custom Categories screen settingsTo select one or more categories of applications To select one or more individual applicationsTo remove one or more categories or applications from 261Applications in this Category table To add a URLSet Scanning Exclusions for IP Addresses and Ports  To configure scanning exclusion rules To change an existing custom category  To delete one or more custom categories263 Scanning Exclusion screen settings264 Virtual Private Networking265 IP addressing for VPNs in dual WAN port systems266 Create Gateway-to-Gateway VPN Tunnels with the Wizard267 268 Setting Default Value IKE policy3DES SHA-1269 IPSec VPN Wizard settings for a gateway-to-gateway tunnel270 Setting Description Secure Connection Remote Accessibility271 Create a Client-to-Gateway VPN Tunnel272 Select the VPN Client radio button. The default remote Fqdn IPSec VPN Wizard settings for a client-to-gateway tunnel273 Fqdn274 Component Example Information to be collected Information required to configure the VPN client275 276 277 278 Setting Description Advanced features VPN client advanced authentication settings279 NAT-T280 281  To create new authentication settingsType vpnclient 282 VPN client authentication settings10.34.116.22 IKE283 Setting Description Local and Remote ID  To create an IPSec configurationType netgearplatform 284ESP VPN client IPSec configuration settings285 286  To specify the global parameters287 Test the Netgear VPN Client Connection288 Click Gateway-Tunnel, and press Ctrl+O289 Netgear VPN Client Status and Log InformationView the UTM IPSec VPN Connection Status  To query the IPSec VPN log View the UTM IPSec VPN LogIPSec VPN Connection Status screen information 290291 Manage IPSec VPN and IKE PoliciesManage IKE Policies  To access the IKE Policies screenIKE Policies Screen 292293 List of IKE Policies table information To delete one or more IKE polices Manually Add or Edit an IKE Policy To add an IKE policy manually 294295 Setting Description Mode Config Record Add IKE Policy screen settings296 GeneralIKE SA Parameters 297Remote 298 299 Setting Description Extended Authentication To edit an IKE policy 300 Manage VPN PoliciesVPN Policies Screen 301 List of VPN Policies table informationManually Add or Edit a VPN Policy  To enable or disable one or more VPN policies To delete one or more VPN polices  To add a VPN policy manually303 304 Add New VPN Policy screen settingsSetting Description General 305 Configure Keep-AlivesTraffic Selection Manual Policy Parameters306 307 Setting Description Auto Policy Parameters308 Configure Extended Authentication Xauth To edit a VPN policy  To enable and configure Xauth Configure Xauth for VPN ClientsExtended authentication settings 309Radius Client and Server Configuration User Database Configuration To configure primary and backup Radius servers 310Setting Description Primary Radius Server Radius Client screen settingsBackup Radius Server Connection ConfigurationMode Config Operation Assign IP Addresses to Remote Users Mode ConfigConfigure Mode Config Operation on the UTM 312313  To configure Mode Config on the UTM314 Add Mode Config Record screen settingsSetting Description Client Pool Traffic Tunnel Security Level 315316 317 Select Group 2 1024 bit Setting Description IKE SA Parameters318 319 Configure the ProSafe VPN Client for Mode Config OperationUser Database Configuration on 320 321 Type GWModeConfig322 VPN client authentication settings Mode Config323 Type TunnelModeConfigVPN client advanced authentication settings Mode Config Enter VPN client IPSec configuration settings Mode Config324 325 Configure the Mode Config Global Parameters326 Test the Mode Config Connection To edit a Mode Config record Modify or Delete a Mode Config Record To delete one or more Mode Config records 327328 Configure Keep-Alives and Dead Peer DetectionConfigure Keep-Alives  To configure DPD on a configured IKE policy Configure Dead Peer DetectionKeep-alive settings 329 To enable NetBIOS bridging on a configured VPN tunnel Configure NetBIOS Bridging with IPSec VPNDead Peer Detection settings 330331 Configure the Pptp Server332 Pptp Server screen settingsSetting Description Pptp Server View the Active Pptp Users Setting Description Authentication To view the active Pptp tunnel users 333Pptp Active Users screen information Configure the L2TP Server334 Pptp IP335 L2TP Server screen settingsSetting Description L2TP Server View the Active L2TP Users For More IPSec VPN Information To view the active L2TP tunnel users L2TP Active Users screen information337 SSL VPN Portal OptionsVirtual Private Networking Using SSL Connections Build a Portal Using the SSL VPN Wizard To start the SSL VPN Wizard 338339 SSL VPN Wizard of 6 Portal Settings340 SSL VPN Wizard of 6 screen settings portal settingsSetting Description Portal Layout and Theme Name SSL VPN Portal Pages to Display 341Wizard of 6 Client IP Addresses and Routes on 6 Port Forwarding on342 SSL VPN Wizard of 6 Domain SettingsServer Configuration SSL VPN Wizard of 6 screen settings domain settings343 Radius Client344 Display name in the dn format. For example Windows login account name in email format. For345 346 347 SSL VPN Wizard of 6 User SettingsSSL VPN Wizard of 6 screen settings user settings 348 SSL VPN Wizard of 6 Client IP Addresses and RoutesAdd Routes for VPN Tunnel Clients Setting Description Client IP Address Range349 350 Setting Description Add New Application for Port ForwardingSSL VPN Wizard of 6 Port Forwarding 351 SSL VPN Wizard of 6 Verify and Save Your SettingsSSH Add New Host Name for Port Forwarding352 353 Access the New SSL VPN Portal354 355 356 View the UTM SSL VPN Connection StatusView the UTM SSL VPN Log Manually Configure and Modify SSL Portals To query the SSL VPN log 357358 359 Manually Create or Modify the Portal Layout To create an SSL VPN portal layout 360 361 Add Portal Layout screen settingsSetting Description SSL VPN Portal Pages to Display Configure Domains, Groups, and Users To edit a portal layout  To delete one or more portal layoutsAdd Servers and Port Numbers Configure Applications for Port Forwarding To add a server and a port number 363Add a Host Name  To add servers and host names for client name resolution364 TCP application Port number365 Configure the SSL VPN ClientFully Qualified Domain Name. The full server name SSL VPN Client screen settings Configure the Client IP Address Range To define the client IP address range 366367 Add Routes for VPN Tunnel Clients To add an SSL VPN tunnel client route 368 Configure the Advanced SSL VPN Client Settings To change the LCP time-out Add New Network Resources Use Network Resource Objects to Simplify Policies To define a network resource 369Edit Network Resources to Specify Addresses Resources screen settings to edit a resource To delete one or more network resources  To edit network resources371 Configure User, Group, and Global Policies372 Global Default PolicyAdd a Policy View Policies To view the existing policies  To add an SSL VPN policySetting Description Policy For Add SSL VPN Policy screen settings374 Add SSL VPN PoliciesResource Objects to Simplify Policies on 375376  To edit an SSL VPN policy377 For More SSL VPN Information To delete one or more SSL VPN policies 378 Authentication Process and OptionsManage Users, Authentication, and VPN Certificates External authentication protocols and methodsAuthentication Description Protocol or method 379Login Portals Configure Authentication Domains, Groups, and UsersAdministrative Users and Users with Guest Privileges 380381 Users with Special Access Privileges382 383 Unauthenticated or Anonymous Users Active Directories and Ldap ConfigurationsHow an Active Directory Works 384385 How to Bind a DN in an Active Directory Configuration386 387 Select Users DomainsCreate and Delete Domains Configure Domains To create a domain 388389 390 Add Domain screen settings391 392 393 Edit Domains Configure Groups To delete one or more domains  To edit a domain395 Create and Delete Groups To create a VPN group Edit Groups Groups screen settings To delete one or more groups  To edit a VPN group397 Configure Custom Groups To create and manage custom groups 398 399 Add Custom Group screen settings400  To change an existing custom group To delete one or more custom groups 401 Configure User Accounts To create an individual user account 402 See Configure Extended Authentication Xauth on Add User screen settings To delete one or more user accounts 403Configure Login Policies Set User Login Policies To configure user login policies 404405 Configure Login Restrictions Based on IP Address To restrict logging in based on IP address By Source IP Address screen settings Configure Login Restrictions Based on Web Browser To delete one or more addresses  To restrict logging in based on the user’s browser407 Internet Explorer Opera Netscape Navigator To delete one or more browsers 408 Change Passwords and Other User Settings To modify user settings, including passwords Configure Extended Authentication Xauth on Edit User screen settingsDC Agent 409410 411  To download ProSecure DC Agent software and add a DC agentDC Agent screen settings  To configure AD SSO with a DC agent To edit a DC agent 412413 414  To do so, follow this procedure Configure Radius VLANs To configure a Radius Vlan 415416 Configure Global User Settings417 View and Log Out Active Users To log out all active users 418 Active Users screen settings To view all or selected users 419 Manage Digital Certificates for VPN Connections420 VPN Certificates Screen421 Manage CA Certificates To view and upload trusted certificates 422 Manage Self-Signed Certificates To delete one or more digital certificates 423 512 1024 2048 Generate self-signed certificate request settings424 425 View and Manage Self-Signed Certificates Manage the Certificate Revocation List To delete one or more SCRs  To delete one or more self-signed certificates427  To delete one or more CRLs428 Performance ManagementBandwidth Capacity 429 Features That Reduce TrafficNetwork and System Management 430 431 Content Filtering432 Features That Increase TrafficSource MAC Filtering 433 434 Configure the DMZ PortPort Triggering Configure VPN Tunnels Configure Exposed HostsUse QoS and Bandwidth Assignments to Shift the Traffic Mix Assign QoS ProfilesSystem Management Change Passwords and Administrator and Guest SettingsMonitoring Tools for Traffic Management 436437 438 Configure Remote Management Access To configure the UTM for remote management 439 Https//IPaddress or https//FullyQualifiedDomainName440 Use a Simple Network Management Protocol Manager441 Setting Description Snmp Global Settings Global Snmp settings and SNMPv1/v2c settingsSNMPv1/v2c Settings 442SNMPv3 settings  To configure the SNMPv3 settingsSetting Description SNMPv3 Settings 443444 Restore Settings Manage the Configuration File To edit an SNMPv3 user profile  To delete one or more SNMPv3 user profiles446 Back Up Settings To back up settings 447 Restore SettingsRevert to Factory Default Settings 448 Update the FirmwareView the Available Firmware Versions 449 Firmware screen, available versions450 Click Install Downloaded Firmware451  To download the latest firmware for your UTM452 453 Reboot without Changing the Firmware Update the Scan Signatures and Scan Engine Firmware To reboot the UTM without changing the firmware 454455 Configure Automatic Update and Frequency Settings Configure Date and Time ServiceSignatures & Engine screen settings 456Adjust for Daylight Savings Time check box System Date & Time screen settings To set time, date, and NTP servers 457458 Connect to a ReadyNAS and Configure Quarantine SettingsConnect to a ReadyNAS Log Storage To connect to the ReadyNAS on the UTM 459 To configure the quarantine settings Configure the Quarantine SettingsReadyNAS Integration screen settings 460461 Quarantine settingsUnauthenticated or Anonymous Users on 462 Enable the WAN Traffic Meter463 Monitor System Access and Performance464 Setting Description Enable Traffic MeterTraffic Counter Event Notifications on465 Setting Description When Limit is reachedConfigure the Email Notification Server Configure Logging, Alerts, and Event Notifications To configure the email notification server 466467 Configure and Activate System, Email, and Syslog LogsEmail Notification screen settings 468  To configure and activate logsSetting Description System Logs Option Email and Syslog screen settingsEmail Logs to Administrator 469Send Logs via Syslog Logs screen see Configure and Activate Firewall Logs on470 Configure Gateway 1 at Site How to Send Syslogs over a VPN Tunnel between SitesSetting Description Clear the Following Logs Information 471 To change the remote IP address in the VPN policy Configure Gateway 2 at Site To change the local IP address in the VPN policy 472 To configure and activate the email alerts Configure and Activate Update Failure and Attack Alerts To specify the syslog server that is connected to Gateway 473474 Alerts screen settingsFILENAME%, %ACTION%, %VIRUSNAME% 475TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT% 476 Configure and Activate Firewall Logs To configure and activate firewall logs 477 Setting Description Routing LogsMonitor Real-Time Traffic, Security, and Statistics 478 Dashboard, screen 1Dashboard screen threats and traffic information  To set the poll interval479 Total ThreatsTotal Traffic Bytes 480Threats Counts 481 Enable and Configure the Intrusion482 Dashboard screen service statistics informationMonitor Application Use in Real Time Spam blacklist see Set Up the Whitelist and Blacklist on483 RBL484  To filter the information that is displayed onscreen  To set the monitoring periodApplication Dashboard screen 485486 View Status ScreensView the System Status System Status screen fields View the System Status Screen487 Status DescriptionView the Network Status Screen Scan Settings on488 System InformationNetwork Status screen fields Available Access Points Table489 LAN Vlan Information To view the Router Statistics screen View the Router Statistics Screen490 Ssid To view the Wireless Statistics screen View the Wireless Statistics Screen UTM9S and UTM25S OnlyRouter Statistics screen fields 491492 Wireless Statistics screen fieldsRadio Statistics Details AP Statistics493 View the Detailed Status Screen494 Configure and Enable the DMZ Port on LAN Port ConfigurationDetailed Status screen fields 495MAC Address and Configure SettingsManually Configure the Internet 496497 Wireless information in SLOT-1 Info or SLOT-2 InfoAccess Points Information Configure a Vlan Profile on See Configure a Vlan Profile onView the Vlan Status Screen Vlan Status screen fields499 View the Active VPN UsersView the xDSL Statistics Screen UTM9S and UTM25S Only 500 View the VPN Tunnel Connection Status501 View the Active Pptp and L2TP Users502  To view the status of the port-triggering featureView the Port Triggering Status 503 Port Triggering Status pop-up screen information To view the status of a WAN, xDSL, or USB port View the WAN, xDSL, or USB Port StatusConnection Status pop-up screen information 504View Attached Devices View Attached Devices and the Dhcp Leases To view the attached devices in the LAN Groups screen 505506 View the Dhcp Leases Query and Manage the Logs To view the Dhcp leases 507508 Overview of the Logs509 Query and Download Logs To query and download logs 510 Logs Query screen settings511 512 Example Use the Logs to Identify Infected Clients EMERG, ALERT, CRITICAL, ERROR, WARNING, Notice To identify infected clients 513514 Query and Manage the Quarantine LogsLog Management 515 Query the Quarantined Logs To query the quarantine logs 516 Quarantine screen settings517 View and Manage the Quarantined Spam Table518 View and Manage the Quarantined Infected Files Table519 Spam Reports for End Users For an end user to send a spam report 520 View, Schedule, and Generate ReportsClick Send Report 521 Enable Application Session Monitoring522  To configure filtering optionsReport Filtering Options 523 Report screen filtering options settingsHorizontal Bar Pie524 Use Report Templates and View Reports Onscreen To display the report templates and view reports onscreen 525 Report screen report template information526 IPS & Application 527Email Activity 528 To schedule automatic generation and emailing of reports Schedule, Email, and Manage Reports529 SystemSetting Description Schedule Reports Report screen schedule report settingsManaging Saved Reports 530531 Use Diagnostics UtilitiesSend a Ping Packet Use the Network Diagnostic Tools To send a ping 532Trace a Route Use the Real-Time Traffic Diagnostics ToolDisplay the Routing Table Look Up a DNS Address534  To use the real-time traffic diagnostics toolGenerate Network Statistics Gather Important Log Information To gather log information about your UTM 535536 Perform Maintenance on the USB DeviceReboot and Shut Down the UTM 537 538 Troubleshoot and Use Online SupportBasic Functioning Power LED Not OnVerify the Correct Sequence of Events at Startup Test LED Never Turns Off540 Troubleshoot the Web Management InterfaceLAN or WAN Port LEDs Not On 541 When You Enter a URL or IP Address, a Time-Out Error OccursTroubleshoot the ISP Connection 542  To check the WAN IP addressTest the LAN Path to Your UTM Troubleshoot a TCP/IP Network Using a Ping UtilityPing 543544 Test the Path from Your Computer to a Remote DevicePing -n 10 IP address 545 Restore the Default Configuration and PasswordEnable Remote Troubleshooting Problems with Date and TimeUse Online Support  To initiate the support tunnel547 Send Suspicious Files to Netgear for Analysis To submit a file to Netgear for analysis 548 Access the Knowledge Base and DocumentationMalware Analysis screen settings 549 XDSL Network Module for the UTM9S UTM25SConfigure the xDSL Settings XDSL Network Module Configuration TasksXDSL Network Module for the UTM9S and UTM25S 550551  To configure the xDSL settings552 XDSL settingsSetting Description XDSL Settings VCI 553VPI 554 555 561, and Troubleshoot the ISP Connection on556 Manually Configure the xDSL Internet Connection557 558 PPPoE and PPPoA settingsATM Ipoa 559560 561 562 Configure Network Address Translation563 Configure Classical Routing564 565 566 Configure Load Balancing and Optional Protocol Binding567 Configure Load Balancing568 569 570 571  To add a secondary WAN address to the DSL interface572 573 574 Setting Description SLOT-x Dynamic DNS Status575 576 Advanced DSL settingsDefault Address radio button 577 578 Wireless Network Module for UTM9S and UTM25SConfiguration Order Overview of the Wireless Network ModuleWireless Equipment Placement and Range Guidelines Wireless Network Module for the UTM9S and UTM25S580 Configure the Basic Radio Settings To configure the basic radio settings Field Descriptions Radio Settings screen settings581 582 583 Operating Frequency Channel Guidelines584 Wireless Data Security Options585 Wireless Security Profiles586 Network authenticationData encryption WPA Radius settings Before You Change the SSID, WEP, and WPA SettingsWPA2 Radius settings 587 To add a wireless profile Configure and Enable Wireless ProfilesWireless Profiles screen settings 588589 Add Wireless Profiles screen settingsField Description Profile Configuration Security Options on 590WEP Index and Keys 591Tkip TKIP+AES 592  To edit a wireless profile Restrict Wireless Access by MAC Address To delete one or more wireless profiles  To enable or disable one or more wireless profiles594 595 Access Point Status screen fields Configure a Wireless Distribution System596 Connected Clients597  To enable and configure WDS To configure WDS on a peer Configure Advanced Radio Settings To configure advanced radio settings 598599 Advanced Wireless screen settings600 Configure WMM QoS Priority Settings601 For More Information About Wireless Configurations Test Basic Wireless Connectivity To test for wireless connectivity 602603 3G/4G Dongle Configuration Tasks604 Manually Configure the USB Internet Connection3G/4G Dongles for the UTM9S and UTM25S 605  To configure the WAN ISP settings for the USB interfaceSetting Description 3G Dongle Details USB ISP settingsConnection Settings 606607 XDSL, or USB Port Status on608 Configure the 3G/4G Settings To configure the 3G/4G settings Setting Description 3GStatus 4G settingsConnection Setting 609APN 610611 612 613 614 615 616 617 618 619 620 Setting Description USB Dynamic DNS Status621 622 What to Consider Before You Begin623 WAN port Physical facilityInternet Internet Configuration Requirements Computer Network Configuration RequirementsWhere Do I Get the Internet Configuration Information? Cabling and Computer Hardware Requirements625 Internet Connection Information626 Overview of the Planning Process627 Inbound TrafficInbound Traffic to a Dual WAN Port System Inbound Traffic to a Single WAN Port SystemInbound Traffic Dual WAN Ports for Improved Reliability Inbound Traffic Dual WAN Ports for Load Balancing629 Virtual Private Networks630 VPN Road Warrior Client-to-Gateway631 VPN Road Warrior Single-Gateway WAN Port Reference Case632 VPN Road Warrior Dual-Gateway WAN Ports for Load Balancing633 VPN Gateway-to-Gateway634 635 VPN Telecommuter Client-to-Gateway through a NAT RouterVPN Telecommuter Single-Gateway WAN Port Reference Case 636 637 VPN Telecommuter Dual-Gateway WAN Ports for Load Balancing638 Supported ReadyNAS Models To install the UTM add-on on the ReadyNAS Install the UTM Add-On on the ReadyNASSelect Add-ons Add New ReadyNAS Integration640 Select Add-ons Installed641 Connect to the ReadyNAS on the UTM642 643 644 Why Do I Need Two-Factor Authentication?What Are the Benefits of Two-Factor Authentication? What Is Two-Factor Authentication? Netgear Two-Factor Authentication SolutionsTwo-Factor Authentication  To use WiKID for end users646 647 Term Description Log message terms648 System Log Messages RebootSystem Startup 649System logs login/logout Login/LogoutSystem logs NTP 650Firewall Restart Auto-Rollover ModeIPSec Restart WAN StatusSystem logs WAN status, auto rollover Load Balancing Mode652 ACTIVEWAN2PPP Logs System logs WAN status, PPPoE idle timeoutSystem logs WAN status, load balancing 653654 System logs WAN status, Pptp idle timeout655 Traffic Metering LogsUnicast, Multicast, and Broadcast Logs Icmp Redirect Logs Invalid Packet LoggingMulticast/Broadcast Logs 656657 Content-Filtering and Security Logs Service LogsService logs 658659 Web Filtering and Content-Filtering Logs660 Content-filtering and security logs spamSpam Logs Malware Logs Traffic LogsEmail Filter Logs 661Content-filtering and security logs anomaly behavior Content-filtering and security logs IPSIPS Logs Anomaly Behavior LogsApplication Logs Routing LogsLAN-to-WAN Logs 663DMZ-to-WAN Logs LAN-to-DMZ LogsWAN-to-LAN Logs 664WAN-to-DMZ Logs DMZ-to-LAN LogsRouting logs WAN to DMZ 665UTM default configuration settings Default SettingsFeature Login settings Default behavior 666Feature Default behavior WAN connections Default Settings and Technical SpecificationsAdministrative and monitoring settings 667668 Feature Default behavior Firewall and network securitySIP ALG IPS669 Feature Application security Default behavior670 Feature Default behaviorSSL VPN settings Radius settingsUser, group, and domain settings 671672 673 Physical and Technical SpecificationsUTM physical and technical specifications Feature Specification Major regulatory compliance UTM IPSec VPN specificationsInterface specifications Setting SpecificationFeature Description 802.11b/bg/ng wireless specifications UTM SSL VPN specifications675 Http//prosecure.netgear.comAES Feature Description 802.11a/na wireless specifications676 677 Regulatory Compliance InformationFCC Requirements for Operation in the United States 678 Notification of Compliance WiredEuropean Union Terms Additional Copyrights679 MD5 680Edoc in Languages of the European Community Europe EU Declaration of Conformity681 Language Statement682 Notification of Compliance Wireless683 FCC CautionImportant Note Radiation Exposure Statement Industry CanadaAvertissement 684685 Interference Reduction Table686 Index687 See also 688DMZ 689690 691 Blocking 202, 218, 222 setting access exceptionsLogs 469, 508-510traffic statistics 692LAN 693694 695 696 697 698 SSL VPN 699TCP/IP 700701 Logs 290, 470 702703 Dhcp 50, 106, 119 ModeConfig704