Page 1 ProSecure Unified Threat Management (UTM) Appliance Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10482-02 January 2010 v1.0...
Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3 Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations. Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
Page 4 Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
Page 5 Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University.
Page 6 v1.0, January 2010...
Page 7: Table Of Contents
Contents ProSecure Unified Threat Management (UTM) Appliance Reference Manual About This Manual Conventions, Formats, and Scope .................xvii How to Print This Manual ....................xviii Revision History ......................xviii Chapter 1 Introduction What Is the ProSecure Unified Threat Management (UTM) Appliance? ......1-1 Key Features and Capabilities ..................1-2 Dual-WAN Port Models for Increased Reliability or Outbound Load Balancing ..................1-3...
Page 8 Setup Wizard Step 10 of 10: Saving the Configuration ..........2-25 Verifying Proper Installation ..................2-26 Testing Connectivity ....................2-26 Testing HTTP Scanning ..................2-26 Registering the UTM with NETGEAR ................2-26 What to Do Next ......................2-28 Chapter 3 Manually Configuring Internet and WAN Settings Understanding the Internet and WAN Configuration Tasks ..........3-1...
Page 9 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Secondary WAN Addresses ..............3-17 Configuring Dynamic DNS ....................3-19 Configuring Advanced WAN Options ................3-22 Additional WAN-Related Configuration Tasks ............3-24 Chapter 4 LAN Configuration Managing Virtual LANs and DHCP Options ..............4-1 Managing the UTM’s Port-Based VLANs ..............4-2 VLAN DHCP Options ....................4-4 Configuring a VLAN Profile ..................4-6 Configuring Multi-Home LAN IPs on the Default VLAN ..........
Page 10 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Managing the Application Level Gateway for SIP Sessions ........5-31 Creating Services, QoS Profiles, and Bandwidth Profiles ..........5-32 Adding Customized Services .................5-32 Creating Quality of Service (QoS) Profiles .............5-35 Creating Bandwidth Profiles ...................5-38 Setting a Schedule to Block or Allow Specific Traffic ............5-41 Enabling Source MAC Filtering ..................5-42 Setting up IP/MAC Bindings ..................5-44...
Page 11 Creating a Client to Gateway VPN Tunnel ...............7-9 Testing the Connections and Viewing Status Information ..........7-17 Testing the VPN Connection ..................7-17 NETGEAR VPN Client Status and Log Information ..........7-18 Viewing the UTM IPsec VPN Connection Status ...........7-20 Viewing the UTM IPsec VPN Log ................7-21 Managing IPsec VPN Policies ..................7-22...
Page 12 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Viewing the UTM SSL VPN Connection Status .............8-16 Viewing the UTM SSL VPN Log ................8-16 Manually Configuring and Editing SSL Connections ............8-17 Creating the Portal Layout ..................8-18 Configuring Domains, Groups, and Users .............8-22 Configuring Applications for Port Forwarding ............8-22 Configuring the SSL VPN Client ................8-25 Using Network Resource Objects to Simplify Policies ...........8-28...
Page 13 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Updating the Scan Signatures and Scan Engine Firmware .........10-21 Configuring Date and Time Service ..............10-24 Chapter 11 Monitoring System Access and Performance Enabling the WAN Traffic Meter ................... 11-1 Configuring Logging, Alerts, and Event Notifications ........... 11-5 Configuring the E-mail Notification Server .............
Page 14 Restoring the Default Configuration and Password ............12-9 Problems with Date and Time ..................12-10 Using Online Support ....................12-10 Enabling Remote Troubleshooting ...............12-10 Sending Suspicious Files to NETGEAR for Analysis ........... 12-11 Accessing the Knowledge Base and Documentation ...........12-12 Appendix A Default Settings and Technical Specifications...
Page 15 Two Factor Authentication Why do I need Two-Factor Authentication? ..............D-1 What are the benefits of Two-Factor Authentication? ..........D-1 What is Two-Factor Authentication ................. D-2 NETGEAR Two-Factor Authentication Solutions ............D-2 Appendix E Related Documents Index v1.0, January 2010...
Page 16 ProSecure Unified Threat Management (UTM) Appliance Reference Manual v1.0, January 2010...
Page 17: About This Manual
About This Manual The NETGEAR ® ProSecure™ Unified Threat Management (UTM) Appliance Reference Manual describes how to install, configure, and troubleshoot a ProSecure Unified Threat Management (UTM) Appliance. The information in this manual is intended for readers with intermediate computer and networking skills.
Page 18: How To Print This Manual
January 2010 For more information about network, Internet, firewall, and VPN technologies, click the links to the NETGEAR Website in Appendix E, “Related Documents.” Note: Product updates are available on the NETGEAR website at http://prosecure.netgear.com or http://kb.netgear.com/app/home. Note: Go to http://prosecure.netgear.com/community/forum.php for information about the ProSecure™...
Page 19: Introduction
As a complete security solution, the UTM combines a powerful, flexible firewall with a content scan engine that uses NETGEAR Stream Scanning technology to protect your network from denial of service (DoS) attacks, unwanted traffic, traffic with objectionable content, spam, phishing, and Web-borne threats such as spyware, viruses, and other malware threats.
Page 20: Key Features And Capabilities
• Advanced IPsec VPN and SSL VPN support. • Depending on the model, bundled with a 1-user license of the NETGEAR ProSafe VPN Client software (VPN01L). • Advanced stateful packet inspection (SPI) firewall with multi-NAT support.
Page 21: Dual-Wan Port Models For Increased Reliability Or Outbound Load Balancing
IPsec VPN with broad protocol support for secure connection to other IPsec gateways and clients. – Depending on the model, bundled with a 1-user license of the NETGEAR ProSafe VPN Client software (VPN01L). • SSL VPN provides remote access for mobile users to selected corporate resources without requiring a pre-installed VPN client on their computers.
Page 22: A Powerful, True Firewall
ProSecure Unified Threat Management (UTM) Appliance Reference Manual A Powerful, True Firewall Unlike simple Internet sharing NAT routers, the UTM is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. Its firewall features have the following capabilities: •...
Page 23: Security Features
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Objectionable traffic protection. The UTM prevents objectionable content from reaching your computers. You can control access to the Internet content by screening for Web services, Web addresses, and keywords within Web addresses. You can log and report attempts to access objectionable Internet sites.
Page 24: Extensive Protocol Support
ISP account. • IPsec VPN Wizard. The UTM includes the NETGEAR IPSec VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the IPsec VPN tunnels are interoperable with other VPNC-compliant VPN routers and clients.
Page 25: Maintenance And Support
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • SSL VPN Wizard. The UTM includes the NETGEAR SSL VPN Wizard to easily configure SSL connections over VPN according to the recommendations of the VPNC to ensure the SSL connections are interoperable with other VPNC-compliant VPN routers and clients.
Page 26: Service Registration Card With License Keys
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 1-1. Differences Between the UTM Models (continued) Feature UTM5 UTM10 UTM25 USB ports Console ports (RS232) Flash Memory/RAM 2 GB/512 MB 2 GB/512 MB 2 GB/1 GB Deployment VLAN Support Dual-WAN auto-rollover mode Dual-WAN load balancing mode Single-WAN mode Service Registration Card with License Keys...
Page 27: Package Contents
Service Registration Card with License Key(s). • Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. Introduction...
Page 28: Hardware Features
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Hardware Features The front panel ports and LEDs, rear panel ports, and bottom label of the UTM are described below. Front Panel Viewed from left to right, the UTM front panel contains the following ports (see Figure 1-2 on page 1-10, which shows a dual-WAN port model, the UTM25):...
Page 29 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Figure 1-2 shows a dual-WAN port model (the UTM25). Single-WAN port models contain the left WAN port that is shown in Figure 1-2 but no right WAN port nor any Active WAN LEDs. The function of each LED is described in Table 1-2.
Page 30: Rear Panel
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 1-2. LED Descriptions (continued) Object Activity Description Active LED The WAN port is either not enabled or has no link to the Internet. (dual-WAN On (Green) The WAN port has a valid Internet connection. port models only) Rear Panel...
Page 31 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 1-4 shows the product label for the UTM5. Figure 1-4 Figure 1-5 shows the product label for the UTM10. Figure 1-5 Introduction 1-13 v1.0, January 2010...
Page 32: Choosing A Location For The Utm
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 1-6 shows the product label for the UTM25. Figure 1-6 Choosing a Location for the UTM The UTM is suitable for use in an office environment where it can be free-standing (on its runner feet) or mounted into a standard 19-inch equipment rack.
Page 33: Using The Rack-Mounting Kit
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Temperature operating limits are not likely to be exceeded. Install the unit in a clean, air- conditioned environment. For information about the recommended operating temperatures for the UTM, see Appendix A, “Default Settings and Technical Specifications.”...
Page 34 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 1-16 Introduction v1.0, January 2010...
Page 35: Understanding The Steps For Initial Connection
“Verifying Proper Installation” on page 2-26. 5. Register the UTM. “Registering the UTM with NETGEAR” on page 2-26. Each of these tasks is described separately in this chapter. The configuration of the WAN mode (required for dual-WAN port models only), dynamic DNS, and other WAN options is described in Chapter 3, “Manually Configuring Internet and WAN...
Page 36: Qualified Web Browsers
1. Start any of the qualified Web browsers, as explained in “Qualified Web Browsers” on this page. 2. Enter https://192.168.1.1 in the address field. The NETGEAR Configuration Manager Login screen displays in the browser (see Figure 2-1 on page 2-3, which shows a dual-WAN port model, the UTM25).
Page 37 You can follow to directions of your browser to accept the SSL certificate, or you can import the UTM’s root certificate by clicking the hyperlink at the he bottom of the NETGEAR Configuration Manager Login screen. 3. In the User field, type admin. Use lower case letters.
Page 38 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. Click Login. The Web Management Interface appears, displaying the System Status screen. (Figure 2-2 on page 2-4 shows the top part of a dual-WAN port model screen. For information about this screen, see “Viewing System Status”...
Page 39: Understanding The Web Management Interface Menu Layout
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Understanding the Web Management Interface Menu Layout Figure 2-3 shows the menu at the top of a dual-WAN port model’s Web Management Interface (in this example, the UTM25). The single-WAN port model’s Web Management Interface layout is identical with the exception that it shows only a single WAN ISP Setting submenu tab.
Page 40 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The bottom of each screen provides action buttons. The nature of the screen determines which action buttons are shown. Figure 2-4 shows an example. Figure 2-4 Any of the following action buttons might be displayed on screen (this list might not be complete): •...
Page 41: Using The Setup Wizard To Perform The Initial Configuration
WAN setup manually, see Chapter 3, “Manually Configuring Internet and WAN Settings.” To start the Setup Wizard: 1. Select Wizards from the main navigation menu. The “Welcome to the Netgear Configuration Wizard” screen displays. Figure 2-6 2. Select the Setup Wizard radio button.
Page 42: Setup Wizard Step 1 Of 10: Lan Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 1 of 10: LAN Settings Figure 2-7 Enter the settings as explained in Table 2-1 on page 2-9, then click Next to go the following screen. Note: In this first step, you are actually configuring the LAN settings for the UTM’s default VLAN.
Page 43 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-1. Setup Wizard Step 1: LAN Settings Setting Description (or Subfield and Description) LAN TCP/IP Setup IP Address Enter the IP address of the UTM’s default VLAN (the factory default is 192.168.1.1).
Page 44 • ou (for organizational unit) • o (for organization) • c (for country) • dc (for domain) For example, to search the Netgear.net domain for all last names of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net port The port number for the LDAP server. The default setting is zero.
Page 45: Setup Wizard Step 2 Of 10: Wan Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-1. Setup Wizard Step 1: LAN Settings (continued) Setting Description (or Subfield and Description) DNS Proxy Enable DNS Proxy This is optional. Select the Enable DNS Proxy radio button to enable the UTM to provide a LAN IP address for DNS address name resolution.
Page 46 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Click the Auto Detect action button at the bottom of the menu. The auto-detect process probes the WAN port for a range of connection methods and suggests one that your ISP is most likely to support. Note: After you have completed the steps in the Setup Wizard, you can make changes to the WAN settings by selecting Network Config >...
Page 47 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-2. Setup Wizard Step 2: WAN Settings (continued) Setting Description (or Subfield and Description) Austria (PPTP) Idle Timeout Select the Keep Connected radio button to keep the (continued) connection always on. To log out after the connection is idle for a period of time, select the Idle Time radio button and, in the timeout field, enter the number of minutes to wait before disconnecting.
Page 48: Setup Wizard Step 3 Of 10: System Date And Time
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-2. Setup Wizard Step 2: WAN Settings (continued) Setting Description (or Subfield and Description) Use These DNS If your ISP has assigned DNS addresses, select the Use these DNS Servers radio Servers button.
Page 49 Note: If you select this option but leave either the Server 1 or Server 2 field blank, both fields are set to the default Netgear NTP servers. Note: A list of public NTP servers is available at http://ntp.isc.org/bin/view/Servers/WebHome...
Page 50: Setup Wizard Step 4 Of 10: Services
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 4 of 10: Services Figure 2-10 Enter the settings as explained in Table 2-4 on page 2-17, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the security services by selecting Application Security >...
Page 51 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-4. Setup Wizard Step 4: Services Settings Setting Description (or Subfield and Description) Email SMTP SMTP scanning is enabled by default on standard service port 25. To disable any of these services, deselect the corresponding checkbox.
Page 52: Setup Wizard Step 5 Of 10: Email Security
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 5 of 10: Email Security Figure 2-11 Enter the settings as explained in Table 2-5, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the email security settings by selecting Application Security >...
Page 53: Setup Wizard Step 6 Of 10: Web Security
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-5. Setup Wizard Step 5: Email Security Settings (continued) Setting Description (or Subfield and Description) IMAP From the IMAP pull-down menu, specify one of the following actions when an infected e-mail is detected: •...
Page 54 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: After you have completed the steps in the Setup Wizard, you can make changes to the Web security settings by selecting Application Security > HTTP/HTTPS > Malware Scan. The Malware Scan screen also lets you specify HTML scanning and notification settings.
Page 55: Setup Wizard Step 7 Of 10: Web Categories To Be Blocked
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 7 of 10: Web Categories to Be Blocked Figure 2-13 Using the Setup Wizard to Provision the UTM in Your Network 2-21 v1.0, January 2010...
Page 56 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Enter the settings as explained in Table 2-7, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the content filtering settings by selecting Application Security >...
Page 57: Setup Wizard Step 8 Of 10: Email Notification
Administrator Email Notification Settings Show as mail sender A descriptive name of the sender for e-mail identification purposes. For example, enter UTM_Notifications@netgear.com. SMTP server The IP address and port number or Internet name and port number of your ISP’s outgoing e-mail SMTP server. The default port number is 25.
Page 58: Setup Wizard Step 9 Of 10: Signatures & Engine
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 9 of 10: Signatures & Engine Figure 2-15 Enter the settings as explained in Table 2-9 on page 2-25, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the signatures and engine settings by selecting Administration >...
Page 59: Setup Wizard Step 10 Of 10: Saving The Configuration
Update From Set the update source server by selecting one of the following radio buttons: • Default update server. Files are updated from the default NETGEAR update server. • Server address. Files are updated from the server that you specify: enter the IP address or host name of the update server.
Page 60: Verifying Proper Installation
Registering the UTM with NETGEAR To receive threat management component updates and technical support, you must register your UTM with NETGEAR. The support registration key is provided with the product package (see “Service Registration Card with License Keys” on page 1-8).
Page 61 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Activating the service licenses initiates their terms of use. Activate the licenses only when you are ready to start using this unit. If your unit has never been registered before you can use the 30-day trial period for all 3 types of licenses to perform the initial testing and configuration.
Page 62: What To Do Next
4 for additional license keys. The UTM activates the licenses and registers the unit with the NETGEAR registration server. Note: When you reset the UTM to the original factory default settings after you have entered the license keys to activate the UTM (see “Registering the UTM with...
Page 63: Manually Configuring Internet And Wan Settings
Chapter 3 Manually Configuring Internet and WAN Settings Note: The initial Internet configuration of the UTM is described in Chapter 2, “Using the Setup Wizard to Provision the UTM in Your Network.” If you used the Setup Wizard to configure your Internet settings, you need this chapter only to configure WAN features such as Dual WAN and Dynamic DNS, and to configure secondary WAN addresses and advanced WAN options.
Page 64: Configuring The Internet Connections
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Configure dynamic DNS on the WAN ports (optional). Configure your fully qualified domain names during this phase (if required). See “Configuring Dynamic DNS” on page 3-19. 5. Configure the WAN options (optional). Optionally, you can enable each WAN port to respond to a ping, and you can change the factory default MTU size and port speed.
Page 65 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 3-1 2. Click the Auto Detect action button at the bottom of the menu. The auto-detect process probes the WAN port for a range of connection methods and suggests one that your ISP is most likely to support.
Page 66 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The auto-detect process will return one of the following results: • If the auto-detect process is successful, a status bar at the top of the menu displays the results (see the red text in Figure 3-2 on page 3-3).
Page 67: Setting The Utm's Mac Address
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The WAN Status window should show a valid IP address and gateway. If the configuration was not successful, skip ahead to “Manually Configuring the Internet Connection” on this page , or see “Troubleshooting the ISP Connection”...
Page 68 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To manually configure the WAN1 ISP (dual-WAN port models) or WAN ISP (single-WAN port models) settings: 1. On a dual-WAN port model, select Network Configuration > WAN Settings > WAN1 ISP Settings. The WAN Settings tabs appear, with the WAN1 ISP Settings screen in view (see Figure 3-1 on page 3-3, which shows a dual-WAN port model’s screen).
Page 69 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter the settings as explained in Table 3-2. Table 3-2. PPTP and PPPoE Settings Setting Description (or Subfield and Description) Austria (PPTP) If your ISP is Austria Telecom or any other ISP that uses PPTP for login, select this radio button and enter the following settings:...
Page 70 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6. Configure the Internet (IP) Address settings as explained in Table 3-3. Click the Current IP Address link to see the currently assigned IP address. Figure 3-6 Table 3-3. Internet (IP) Address Settings Setting Description (or Subfield and Description) Get Dynamically...
Page 71: Configuring The Wan Mode (Required For Dual-Wan Port Models Only)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-4. DNS Server Settings Setting Description (or Subfield and Description) Get Automatically If your ISP has not assigned any Domain Name Servers (DNS) addresses, select from ISP the Get Automatically from ISP radio button. Use These DNS If your ISP has assigned DNS addresses, select the Use these DNS Servers Servers...
Page 72: Network Address Translation (All Models)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual If you want to use a redundant ISP link for backup purposes, select the WAN port that must act as the primary link for this mode. Ensure that the backup WAN port has also been configured and that you configure the WAN Failure Detection Method on the WAN Mode screen to support auto-rollover.
Page 73: Classical Routing (All Models)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Classical Routing (All Models) In classical routing mode, the UTM performs routing, but without NAT. To gain Internet access, each PC on your LAN must have a valid static Internet IP address. If your ISP has allocated a number of static IP addresses to you, and you have assigned one of these addresses to each PC, you can choose classical routing.
Page 74 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the dual-WAN ports for auto-rollover mode: 1. Select Network Config > WAN Settings from the menu, then click the WAN Mode tab. The WAN Mode screen displays. Figure 3-8 2. Enter the settings as explained in Table 3-5.
Page 75 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-5. Auto-Rollover Mode Settings (Dual-WAN Port Models Only) (continued) Setting Description (or Subfield and Description) WAN Failure Detection Method Select one of the following detection failure methods: DNS lookup using DNS queries are sent to the DNS server configured on the WAN ISP pages (see WAN DNS Servers “Configuring the Internet Connections”...
Page 76: Configuring Load Balancing And Optional Protocol Binding (Dual-Wan Port Models Only)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: The default time to roll over after the primary WAN interface fails is 2 minutes; a 30-second minimum test period for a minimum of 4 tests. 3. Click Apply to save your settings. When a rollover occurs, you can configure the UTM to generate a notification e-mail to a specified address (see “Configuring and Activating System, E-mail, and Syslog Logs”...
Page 77 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 3-9 Figure 3-9 shows one example in the Protocol Binding table. Configure the protocol binding settings as explained in Table 3-6. Table 3-6. Protocol Binding Settings (Dual-WAN Port Models Only) Setting Description (or Subfield and Description) Add Protocol Binding Service...
Page 78 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-6. Protocol Binding Settings (Dual-WAN Port Models Only) (continued) Setting Description (or Subfield and Description) Source Network Group 1–Group 8 If this option is selected, the rule is applied to the devices (continued) that are assigned to the selected group.
Page 79: Configuring Secondary Wan Addresses
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Secondary WAN Addresses A single WAN Ethernet port can be accessed through multiple IP addresses by adding aliases to the port. An alias is a secondary WAN address. One advantage is, for example, that you can assign different virtual IP addresses to a Web server and FTP server, even though both servers use the same physical IP address.
Page 80 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To add a secondary WAN address to a WAN port: 1. Select Network Config > WAN Settings from the menu. On a dual-WAN port model, the WAN Settings submenu tabs appear with the WAN1 ISP Settings screen in view. On a single WAN model, the WAN Settings submenu tabs appear with the WAN ISP Settings screen in view.
Page 81: Configuring Dynamic Dns
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows devices with varying public IP addresses to be located using Internet domain names. To use DDNS, you must set up an account with a DDNS provider such as DynDNS.org, TZO.com, or Oray.net.
Page 82 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 3-11 The WAN Mode section on screen reports the currently configured WAN mode. (For the dual- WAN port models, for example, Single Port WAN1, Load Balancing, or Auto Rollover.) Only those options that match the configured WAN Mode are accessible on screen. 3.
Page 83 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click the Information option arrow in the upper right corner of a DNS screen for registration information. Figure 3-12: 5. Access the Web site of the DDNS service provider and register for an account (for example, for dyndns.org, go to http://www.dyndns.com/).
Page 84: Configuring Advanced Wan Options
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 7. Click Apply to save your configuration. Configuring Advanced WAN Options The advanced options include configuration of the maximum transmission unit (MTU) size, port speed, UTM’s MAC address, and setting a rate-limit on the traffic that is being forwarded by the UTM.
Page 85 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the default information settings as explained in Table 3-8. Table 3-8. Advanced WAN Settings Setting Description (or Subfield and Description) MTU Size Make one of the following selections: Default Select the Default radio button for the normal Maximum Transmit Unit (MTU) value.
Page 86: Additional Wan-Related Configuration Tasks
If you want the ability to manage the UTM remotely, enable remote management (see “Configuring Remote Management Access” on page 10-12). If you enable remote management, NETGEAR strongly recommend that you change your password (see “Changing Passwords and Administrator Settings” on page 10-9).
Page 87: Lan Configuration
Chapter 4 LAN Configuration Note: The initial LAN configuration of the UTM’s default VLAN 1 is described in Chapter 2, “Using the Setup Wizard to Provision the UTM in Your Network.” This chapter describes how to configure the advanced LAN features of your UTM. This chapter contains the following sections: •...
Page 88: Managing The Utm's Port-Based Vlans
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VLANs have a number of advantages: • It is easy to set up network segmentation. Users who communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network.
Page 89 ProSecure Unified Threat Management (UTM) Appliance Reference Manual When you create a VLAN profile, assign LAN ports to the VLAN, and enable the VLAN, the LAN ports that are member of the VLAN can send and receive both tagged and untagged packets. Untagged packets that enter these LAN ports are assigned to the default PVID 1;...
Page 90: Vlan Dhcp Options
ProSecure Unified Threat Management (UTM) Appliance Reference Manual For each VLAN profile, the following fields are displayed in the VLAN Profiles table: • Checkbox. Allows you to select the VLAN profile in the table. • Status Icon. Indicates the status of the VLAN profile: –...
Page 91 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The UTM delivers the following settings to any LAN device that requests DHCP: • An IP address from the range that you have defined • Subnet mask • Gateway IP address (the UTM’s LAN IP address) •...
Page 92: Configuring A Vlan Profile
ProSecure Unified Threat Management (UTM) Appliance Reference Manual LDAP Server A Lightweight Directory Access Protocol (LDAP) server allows a user to query and modify directory services that run over TCP/IP. For example, clients can query email addresses, contact information, and other service information using an LDAP server. For each VLAN, you can specify an LDAP server and a search base that defines the location in the directory (that is, the directory tree) from which the LDAP search begins.
Page 93 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Either select an entry from the VLAN Profiles table by clicking the corresponding Edit table button or add a new VLAN profile by clicking the Add table button under the VLAN Profiles table.
Page 94 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 4-1. Table 4-1. VLAN Profile Settings Setting Description (or Subfield and Description) VLAN Profile Profile Name Enter a unique name for the VLAN profile. Note: You can also change the profile name of the default VLAN.
Page 95 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-1. VLAN Profile Settings (continued) Setting Description (or Subfield and Description) Enable DHCP Starting IP Enter the starting IP address. This address specifies the first Server Address of the contiguous addresses in the IP address pool. Any new (continued) DHCP client joining the LAN is assigned an IP address between this address and the Ending IP Address.
Page 96 • ou (for organizational unit) • o (for organization) • c (for country) • dc (for domain) For example, to search the Netgear.net domain for all last names of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net port The port number for the LDAP server. The default setting is zero.
Page 97: Configuring Multi-Home Lan Ips On The Default Vlan
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Multi-Home LAN IPs on the Default VLAN If you have computers using different IP networks in the LAN, (for example, 172.16.2.0 or 10.0.0.0), you can add aliases to the LAN ports and give computers on those networks access to the Internet, but you can do so only for the default VLAN.
Page 98: Managing Groups And Hosts (Lan Groups)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. In the Add Secondary LAN IPs section of the screen, enter the following settings: • IP Address. Enter the secondary address that you want to assign to the LAN ports. • Subnet Mask.
Page 99: Managing The Network Database
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Some advantages of the Network Database are: • Generally, you do not need to enter either IP address or MAC addresses. Instead, you can just select the name of the desired PC or device. •...
Page 100 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 4-5 The Known PCs and Devices table lists the entries in the Network Database. For each PC or device, the following fields are displayed: • Checkbox. Allows you to select the PC or device in the table. •...
Page 101 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Adding PCs or Devices to the Network Database To add PCs or devices manually to the Network Database: 1. In the Add Known PCs and Devices section of the LAN Groups screen (see Figure 4-5 on page 4-14), enter the settings as explained in...
Page 102: Changing Group Names In The Network Database
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Editing PCs or Devices in the Network Database To edit PCs or devices manually in the Network Database: 1. In the Known PCs and Devices table of the LAN Groups screen (see Figure 4-5 on page 4-14), click the Edit table button of a table entry.
Page 103: Setting Up Address Reservation
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Click the Edit Group Names option arrow at the right of the LAN submenu tabs. The Network Database Group Names screen displays. (Figure 4-7 shows some examples.) Figure 4-7 4. Select the radio button next to any group name to enable editing. 5.
Page 104: Configuring And Enabling The Dmz Port
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To reserve an IP address, select Reserved (DHCP Client) from the IP Address Type pull-down menu on the LAN Groups screen as described in “Adding PCs or Devices to the Network Database” on page 4-15 or on the Edit Groups and Hosts screen as described in “Editing PCs or Devices in the Network Database”...
Page 105 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To enable and configure the DMZ port: 1. Select Network Config > DMZ Setup from the menu. The DMZ Setup screen displays. Figure 4-8 2. Enter the settings as explained in Table 4-3 on page 4-20.
Page 106 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-3. DMZ Setup Settings Setting Description (or Subfield and Description) DMZ Port Setup Do you want to Select one of the following radio buttons: enable DMZ Port? • Yes. Enables you to configure the DMZ port settings. Enter the IP address and Subnet Mask fields (see below).
Page 107 • ou (for organizational unit) • o (for organization) • c (for country) • dc (for domain) For example, to search the in Netgear.net domain for all last names of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net port The port number for the LDAP server. The default setting is zero.
Page 108: Managing Routing
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-3. DMZ Setup Settings (continued) Setting Description (or Subfield and Description) DNS Proxy Enable DNS Proxy This is optional. Select the Enable DNS Proxy radio button to enable the UTM to provide a LAN IP address for DNS address name resolution. This setting is enabled by default.
Page 109: Configuring Static Routes
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Static Routes To add a static route to the Static Route table: 1. Select Network Config > Routing from the menu. The Routing screen displays. Figure 4-9 2. Click the Add table button under the Static Routes table. The Add Static Route screen displays.
Page 110: Configuring Routing Information Protocol (Rip)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 4-4. Table 4-4. Static Route Settings Setting Description (or Subfield and Description) Route Name The route name for the static route (for purposes of identification and management).
Page 111 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To enable and configure RIP: 1. Select Network Configuration > Routing from the menu. 2. Click the RIP Configuration option arrow at the right of the Routing submenu tab. The RIP Configuration screen displays. Figure 4-11 3.
Page 112 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-5. RIP Configuration Settings Setting Description (or Subfield and Description) RIP Direction From the RIP Direction pull-down menu, select the direction in which the UTM sends and receives RIP packets: • None. The neither advertises its route table nor does it accept any RIP packets from other routers.
Page 113: Static Route Example
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-5. RIP Configuration Settings (continued) Setting Description (or Subfield and Description) Authentication for Not Valid Before The beginning of the lifetime of the MD5 key. Enter the RIP-2B/2M required? month, date, year, hour, minute, and second. Before this (continued) date and time, the MD5 key is not valid.
Page 114 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4-28 LAN Configuration v1.0, January 2010...
Page 115: Firewall Protection
Chapter 5 Firewall Protection This chapter describes how to use the firewall features of the UTM to protect your network. This chapter contains the following sections: • “About Firewall Protection” on this page. • “Using Rules to Block or Allow Specific Kinds of Traffic” on page 5-3.
Page 116: Administrator Tips
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Administrator Tips Consider the following operational items: 1. As an option, you can enable remote management if you have to manage distant sites from a central location (see “Configuring VPN Authentication Domains, Groups, and Users” on page 9-1 “Configuring Remote Management Access”...
Page 117: Using Rules To Block Or Allow Specific Kinds Of Traffic
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using Rules to Block or Allow Specific Kinds of Traffic Firewall rules are used to block or allow specific traffic passing through from one side to the other. You can configure up to 800 rules on the UTM. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources.
Page 118 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Quality of Service (QoS) priorities. Each service has its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change the QoS priority, which changes the traffic mix through the system (see “Creating Quality of Service (QoS) Profiles”...
Page 119 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-2. Outbound Rules Overview Setting Description (or Subfield and Description) Service The service or application to be covered by this rule. If the service or application does not appear in the list, you must define it using the Services menu (see “Adding Customized Services”...
Page 120 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-2. Outbound Rules Overview (continued) Setting Description (or Subfield and Description) QoS Profile The priority assigned to IP packets of this service. The priorities are defined by “Type of Service (ToS) in the Internet Protocol Suite” standards, RFC 1349. The QoS profile determines the priority of a service which, in turn, determines the quality of that service for the traffic passing through the firewall.
Page 121 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Whether or not DHCP is enabled, how the PCs accesses the server’s LAN address impacts the inbound rules. For example: • If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP address might change periodically as the DHCP lease expires.
Page 122 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-3. Inbound Rules Overview Setting Description (or Subfield and Description) Service The service or application to be covered by this rule. If the service or application does not appear in the list, you must define it using the Services menu (see “Adding Customized Services”...
Page 123 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-3. Inbound Rules Overview (continued) Setting Description (or Subfield and Description) LAN Users The settings that determine which computers on your network are affected by this rule. The options are: • Any. All PCs and devices on your LAN. •...
Page 124 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-3. Inbound Rules Overview (continued) Setting Description (or Subfield and Description) The settings that determines whether packets covered by this rule are logged. The options are: • Always. Always log traffic considered by this rule, whether it matches or not. This is useful when debugging your rules.
Page 125: Order Of Precedence For Rules
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules screen as the last item in the list, as shown in the LAN WAN Rules screen example in Figure 5-1.
Page 126: Setting Lan Wan Rules
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting LAN WAN Rules The default outbound policy is to allow all traffic to the Internet to pass through. Firewall rules can then be applied to block specific types of traffic from going out from the LAN to the Internet (outbound).
Page 127 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To make changes to an existing outbound or inbound service rule, in the Action column to the right of to the rule, click on of the following table buttons: • Edit. Allows you to make any changes to the rule definition of an existing rule. Depending on your selection, either the Edit LAN WAN Outbound Service screen (identical to Figure 5-3 on page...
Page 128 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create a new outbound LAN WAN service rule: 1. In the LAN WAN Rules screen, click the Add table button under the Outbound Services table. The Add LAN WAN Outbound Service screen displays. Figure 5-3 2.
Page 129: Setting Dmz Wan Rules
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create a new inbound LAN WAN service rule: 1. In the LAN WAN Rules screen, click the Add table button under the Inbound Services table. The Add LAN WAN Inbound Service screen displays. Figure 5-4 2.
Page 130 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To access the DMZ WAN Rules screen: 1. Select Network Security > Firewall from the menu. The Firewall submenu tabs appear. 2. Click the DMZ WAN Rules submenu tab. The DMZ WAN Rules screen displays. (Figure 5-5 shows a rule in the Outbound Services table as an example).
Page 131 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click one of the following table buttons: • Disable. Disables the rule or rules. The “!” status icon changes from a green circle to a grey circle, indicating that the rule is or rules are disabled. (By default, when a rule is added to the table, it is automatically enabled.) •...
Page 132 ProSecure Unified Threat Management (UTM) Appliance Reference Manual DMZ WAN Inbound Services Rules The Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules are listed. By default, all inbound traffic (from the Internet to the DMZ) is allowed. Inbound rules that are configured on the LAN WAN Rules screen take precedence over inbound rules that are configured on the DMZ WAN Rules screen.
Page 133: Setting Lan Dmz Rules
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting LAN DMZ Rules The LAN DMZ Rules screen allows you to create rules that define the movement of traffic between the LAN and the DMZ. The default outbound and inbound policies are to allow all traffic between the local LAN and DMZ network.
Page 134 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Up. Moves the rule up one position in the table rank. • Down. Moves the rule down one position in the table rank. To delete or disable one or more rules: 1.
Page 135 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 5-2 on page 5-5. 3. Click Apply. The new rule is now added to the Outbound Services table. The rule is automatically enabled. LAN DMZ Inbound Services Rules The Inbound Services table lists all existing rules for inbound traffic.
Page 136: Inbound Rules Examples
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of the day.
Page 137 Web server on the LAN. The following addressing scheme is used to illustrate this procedure: • Netgear UTM: – WAN1 IP address (dual-WAN port models) or WAN IP address (single-WAN port models): 10.1.0.118 –...
Page 138 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Tip: If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ.
Page 139 Figure 5-14 on page 5-26.. Warning: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.
Page 140: Outbound Rules Example
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 1. Select Any and Allow Always (or Allow by Schedule). 2. Place the rule below all other inbound rules. Figure 5-14 Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger, Real Audio, or other non-essential sites.
Page 141: Configuring Other Firewall Features
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-15 Configuring Other Firewall Features You can configure attack checks, set session limits, and manage the Application Level Gateway (ALG) for SIP sessions. Attack Checks The Attack Checks screen allows you to specify whether or not the UTM should be protected against common attacks in the DMZ, LAN, and WAN networks.
Page 142 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Attack Checks submenu tab. The Attack Checks screen displays. Figure 5-16 3. Enter the settings as explained in Table 5-4. Table 5-4. Attack Checks Settings Setting Description (or Subfield and Description) WAN Security Checks Respond To Ping On Select the Respond To Ping On Internet Ports checkbox to enable the UTM to...
Page 143 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-4. Attack Checks Settings (continued) Setting Description (or Subfield and Description) LAN Security Checks. Block UDP flood Select the Block UDP flood checkbox to prevent the UTM from accepting more than 20 simultaneous, active UDP connections from a single device on the LAN. By default, the Block UDP flood checkbox is deselected.
Page 144: Setting Session Limits
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting Session Limits Session limits allows you to specify the total number of sessions that are allowed, per user, over an IP connection across the UTM. The Session Limit feature is disabled by default. To enable and configure the Session Limit feature: 1.
Page 145: Managing The Application Level Gateway For Sip Sessions
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-5. Session Limit Settings Setting Description (or Subfield and Description) Session Limit User Limit Parameter From the User Limit Parameter pull-down menu, select one of the following options: • Percentage of Max Sessions. A percentage of the total session connection capacity of the UTM.
Page 146: Creating Services, Qos Profiles, And Bandwidth Profiles
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-18 3. Select the Enable SIP checkbox. 4. Click Apply to save your settings. Creating Services, QoS Profiles, and Bandwidth Profiles When you create inbound and outbound firewall rules, you use firewall objects such as services, QoS profiles, bandwidth profiles, and schedules to narrow down the firewall rules: •...
Page 147 ProSecure Unified Threat Management (UTM) Appliance Reference Manual For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.
Page 148 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. In the Add Customer Service section of the screen, enter the settings as explained in Table 5-6. Table 5-6. Services Settings Setting Description (or Subfield and Description) Name A descriptive name of the service for identification and management purposes. Type From the Type pull-down menu, select the Layer 3 protocol that the service uses as its transport protocol:...
Page 149: Creating Quality Of Service (Qos) Profiles
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Modify the settings that you wish to change (see Table 5-6 on page 5-34). 3. Click Apply to save your changes. The modified service is displayed in the Custom Services table. Creating Quality of Service (QoS) Profiles A quality of service (QoS) profile defines the relative priority of an IP packet when multiple connections are scheduled for simultaneous transmission on the UTM.
Page 150 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create a QoS profile: 1. Select Network Security > Firewall Objects from the menu. The Firewall Objects submenu tabs appear, with the Services screen in view. 2. Click the QoS Profiles submenu tab. The QoS Profiles screen displays. Figure 5-21 shows some profiles in the List of QoS Profiles table as an example.
Page 151 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: This document assumes that you are familiar with QoS concepts such QoS priority queues, IP Precedence, DHCP, and their values. Table 5-7. QoS Profile Settings Setting Description (or Subfield and Description) Profile Name A descriptive name of the QoS profile for identification and management purposes.
Page 152: Creating Bandwidth Profiles
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Click Apply to save your changes. The modified QoS profile is displayed in the List of QoS Profiles table. Creating Bandwidth Profiles Bandwidth profiles determine the way in which data is communicated with the hosts. The purpose of bandwidth profiles is to provide a method for allocating and limiting traffic, thus allocating LAN users sufficient bandwidth while preventing them from consuming all the bandwidth on your WAN link.
Page 153 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-23 The screen displays the List of Bandwidth Profiles table with the user-defined profiles. 3. Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays. Figure 5-24 4.
Page 154 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-8. Bandwidth Profile Settings Setting Description (or Subfield and Description) Profile Name A descriptive name of the bandwidth profile for identification and management purposes. Minimum The minimum allocated bandwidth in Kbps. The default setting is 0 Kbps. Bandwidth Maximum The maximum allowed bandwidth in Kbps.
Page 155: Setting A Schedule To Block Or Allow Specific Traffic
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting a Schedule to Block or Allow Specific Traffic Schedules define the timeframes under which firewall rules may be applied. Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of these can be selected when defining firewall rules.
Page 156: Enabling Source Mac Filtering
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Specific Times. The schedule is active only on specific hours of the selected day or days. To the right of the radio buttons, specify the Start Time and End Time fields (Hour, Minute, AM/PM) during which the schedule is in effect.
Page 157 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-26 2. In the MAC Filtering Enable section, select the Yes radio button. 3. In the same section, select one of the following options from the pull-down menu (next to Policy for MAC Addresses listed below): •...
Page 158: Setting Up Ip/Mac Bindings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting up IP/MAC Bindings IP/MAC Binding allows you to bind an IP address to a MAC address and vice-versa. Some PCs or devices are configured with static addresses. To prevent users from changing their static IP addresses, the IP/MAC Binding feature must be enabled on the UTM.
Page 159 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-27 3. Enter the settings as explained in Table 5-9. Table 5-9. IP/MAC Binding Settings Setting Description (or Subfield and Description) Email IP/MAC Violations Do you want to Select one of the following radio buttons: enable E-mail •...
Page 160: Configuring Port Triggering
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-9. IP/MAC Binding Settings (continued) Setting Description (or Subfield and Description) IP Address The IP address of the PC or device that is bound to the MAC address. Log Dropped To log the dropped packets, select Enable from the pull-down menu. The default Packets setting is Disable.
Page 161 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note these restrictions on port triggering: • Only one PC can use a port triggering application at any time. • After a PC has finished using a port triggering application, there is a short time-out period before the application can be used by another PC.
Page 162 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-10. Port Triggering Settings Setting Description (or Subfield and Description) Name A descriptive name of the rule for identification and management purposes. Enable From the pull-down menu, select Yes to enable the rule. (You can define a rule but not enable it.) The default setting is No.
Page 163: Using The Intrusion Prevention System
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using the Intrusion Prevention System The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in real- time, network attacks and port scans and to protect your network from such intrusions. You can set up alerts, block source IP addresses from which port scans are initiated, and drop traffic that carries attacks.
Page 164 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Traffic that passes on the UTM’s VLANs and on the secondary IP addresses that you have configured on the LAN Multi-homing screen (see “Configuring Multi- Home LAN IPs on the Default VLAN” on page 4-11) is also scanned by the IPS.
Page 165 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-31 Firewall Protection 5-51 v1.0, January 2010...
Page 166 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-11. IPS: Less Familiar Attack Names Attack Name Description (or Subfield and Description) web-misc Detects some specific Web attack tools, such as the fingerprinting tool and the password-cracking tool. web-attacks Detects the Web attacks that cannot be placed under other Web categories, such as DoS and overflow attacks against specific Web services.
Page 167: Content Filtering And Optimizing Scans
Chapter 6 Content Filtering and Optimizing Scans This chapter describes how to apply the content filtering features of the UTM and how to optimize scans to protect your network. This chapter contains the following sections: • “About Content Filtering and Scans” on this page.
Page 168: Default E-Mail And Web Scan Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Default E-mail and Web Scan Settings For most network environments, the default scan settings and actions that are shown in Table 6-1 work well but you can adjust these to the needs of your specific environment. Table 6-1.
Page 169: Configuring E-Mail Protection
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-1. Default E-mail and Web Scan Settings (continued) Scan Type Default Scan Setting Default Action (if applicable) Education Allowed with the exception of School Cheating. Gaming Blocked Inactive Sites Allowed Internet Communication and Search Allowed with the exception of Anonymizers Leisure and News...
Page 170: Customizing E-Mail Protocol Scan Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Customizing E-mail Protocol Scan Settings To configure the e-mail protocols and ports to scan: 1. Select Application Security > Services from the menu. The Services screen displays (Figure 6-1 shows the upper part of the Services screen only). Figure 6-1 2.
Page 171: Customizing E-Mail Anti-Virus And Notification Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Customizing E-mail Anti-Virus and Notification Settings Whether or not the UTM detects an e-mail virus, you can configure it to take a variety of actions (some of the default actions are listed in Table 6-1 on page 6-2) and send notifications, e-mails, or both to the end users.
Page 172 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 6-2. Table 6-2. E-mail Anti-Virus and Notification Settings Setting Description (or Subfield and Description) Action SMTP From the SMTP pull-down menu, specify one of the following actions when an infected e-mail is detected: •...
Page 173 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-2. E-mail Anti-Virus and Notification Settings (continued) Setting Description (or Subfield and Description) Append Safe Stamp For SMTP and POP3 e-mail messages, select this checkbox to insert a (SMTP and POP3) default safe stamp message at the end of an e-mail.
Page 174: E-Mail Content Filtering
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-2. E-mail Anti-Virus and Notification Settings (continued) Setting Description (or Subfield and Description) Subject The default subject line for the notification e-mail is “Malware detected!” You can change this subject line. Message The warning message informs the sender, the recipient, or both about the name of the malware threat.
Page 175 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure e-mail content filtering: 1. Select Application Security > Email Filters from the menu. The Email Filters screen displays. Figure 6-3 Content Filtering and Optimizing Scans v1.0, January 2010...
Page 176 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 6-3. Table 6-3. E-mail Filter Settings Setting Description (or Subfield and Description) Filter by Subject Keywords Keywords Enter keywords that should be detected in the e-mail subject line. Use commas to separate different keywords.
Page 177: Protecting Against E-Mail Spam
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-3. E-mail Filter Settings (continued) Setting Description (or Subfield and Description) Filter by File Type File By default, the File Extension field lists the most common file extensions. You can Extension manually add or delete extensions.
Page 178 3. Real-time blacklist. E-mails from known spam sources that are collected by blacklist providers are blocked. 4. Distributed Spam Analysis. E-mails that are detected as spam by the NETGEAR Spam Classification Center are either tagged or blocked. This order of implementation ensures the optimum balance between spam prevention and system performance.
Page 179 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the whitelist and blacklist: 1. Select Application Security > Anti-Spam from the menu. The Anti-Spam submenu tabs appear, with the Whitelist/Blacklist screen in view. Figure 6-4 Content Filtering and Optimizing Scans 6-13 v1.0, January 2010...
Page 180 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 6-3. Table 6-4. Whitelist/Blacklist Settings Setting Description (or Subfield and Description) Sender IP Address Whitelist Enter the source IP addresses from which e-mails can be trusted. Blacklist Enter the source IP addresses from which e-mails are blocked.
Page 181 ProSecure Unified Threat Management (UTM) Appliance Reference Manual blacklist providers and are made available to the public in the form of real-time blacklists (RBLs). By accessing these RBLs, the UTM can block spam originating from known spam sources. By default, the UTM comes with three pre-defined blacklist providers: Dsbl, Spamhaus, and Spamcop.
Page 182 Note: Unlike other scans, you do not need to configure the spam score because the NETGEAR Spam Classification Center performs the scoring automatically as long as the UTM is connected to the Internet. However, this does mean that the UTM must be connected to the Internet for the spam analysis to be performed correctly.
Page 183 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-6 3. Enter the settings as explained in Table 6-5. Table 6-5. Distributed Spam Analysis Settings Setting Description (or Subfield and Description) Distributed Spam Analysis SMTP Select the SMTP checkbox to enable Distributed Spam Analysis for the SMTP protocol. (You can enable Distributed Spam Analysis for both SMTP and POP3.) POP3 Select the POP3 checkbox to enable Distributed Spam Analysis for the POP3 protocol.
Page 184 Anti-Spam Engine Settings Use a proxy Select this checkbox if the UTM connects to the Netgear Spam Classification Center server to (also referred to as the Detection Center) over a proxy server. Then, specify the...
Page 185: Configuring Web And Services Protection
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Web and Services Protection The UTM lets you configure the following settings to protect the network’s Internet and Web services communication: • The Web protocols, instant messaging services, and peer-to-peer services that are scanned for malware threats.
Page 186 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-7 2. Enter the settings as explained in Table 6-5. Table 6-6. Web Protocol, Instant Messaging, and Peer-to-Peer Settings Setting Description (or Subfield and Description) HTTP Select the HTTP checkbox to enable Hypertext Transfer Protocol (HTTP) scanning.
Page 187: Configuring Web Malware Scans
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-6. Web Protocol, Instant Messaging, and Peer-to-Peer Settings (continued) Setting Description (or Subfield and Description) Note: If a protocol uses a port other than the standard service port (for example, port 80 for HTTP), enter this non-standard port in the Ports to Scan field.
Page 188 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-8 2. Enter the settings as explained in Table 6-2. Table 6-7. Malware Scan Settings Setting Description (or Subfield and Description) Action HTTP and Action From the HTTP or HTTPS pull-down menu, specify one of the following HTTPS actions when an infected Web file or object is detected: •...
Page 189: Configuring Web Content Filtering
6-2, all requested traffic from any Web site is allowed. You can specify a message such as “Blocked by NETGEAR” that is displayed on screen if a LAN user attempts to access a blocked site (see the Notification Settings section that is described at the bottom of...
Page 190 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Several types of Web content blocking are available: • File extension blocking. You can block files based on their extension. Such files can include, executable files, audio and video files, and compressed files. •...
Page 191 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: You can bypass any type of Web blocking for trusted URLs by adding the URLs to the whitelist (see “Configuring Web URL Filtering” on page 6-30). Access to the URLs on the whitelist is allowed for PCs in the groups for which file extension, keyword, object, or category blocking, or a combination of these types of Web blocking has been enabled.
Page 192 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-10 [Content Filtering, screen 2 of 3] 6-26 Content Filtering and Optimizing Scans v1.0, January 2010...
Page 193 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-11 [Content Filtering, screen 3 of 3] 3. Enter the settings as explained in Table 6-8 on page 6-28. Content Filtering and Optimizing Scans 6-27 v1.0, January 2010...
Page 194 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-8. Content Filtering Settings Setting Description (or Subfield and Description) Content Filtering Log HTTP Traffic Select this checkbox to log HTTP traffic. For information about how to view the logged traffic, see “Querying Logs and Generating Reports”...
Page 195 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-8. Content Filtering Settings (continued) Setting Description (or Subfield and Description) Select the Web Categories You Wish to Block Select the Enable Blocking checkbox to enable blocking of Web categories. By default, this checkbox is deselected.
Page 196: Configuring Web Url Filtering
Lookup Results. If the URL appears to be uncategorized, you can submit it to NETGEAR for analysis. Submit to To submit an uncategorized URL to NETGEAR for analysis, select the category in NETGEAR which you think that the URL must be categorized from the pull-down menu. Then enter the Submit button.
Page 197 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure Web URL filtering: 1. Select Application Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs appear, with the Malware Scan screen in view. 2. Click the URL Filtering submenu tab. The URL Filtering screen displays. (Figure 6-12 shows some examples.)
Page 198 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 6-9. Table 6-9. URL Filtering Settings Setting Description (or Subfield and Description) Whitelist Enable Select this checkbox to bypass scanning of the URLs that are listed in the URL field.
Page 199 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-9. URL Filtering Settings (continued) Setting Description (or Subfield and Description) This field contains the URLs that are blocked. To add a URL to this field, use the Add URL field or the Import from File tool (see below). You can add a maximum of 200 URLs.
Page 200: Https Scan Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual HTTPS Scan Settings HTTPS traffic is encrypted traffic that cannot be scanned otherwise the data stream would not be secure. However, the UTM can scan HTTPS traffic that is transmitted through an HTTP proxy, that is, HTTPS traffic is scanned as a proxy between the HTTPS client and the HTTPS server.
Page 201 ProSecure Unified Threat Management (UTM) Appliance Reference Manual If one of these is not satisfied, a security alert message appears in the browser window (see Figure 6-14). Figure 6-14 However, even when a certificate is trusted or still valid, or when the name of a certificate does match the name of the Web site, a security alert message still appears when a user who is connected to the UTM visits an HTTPS site.
Page 202 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the HTTPS scan settings: 1. Select Application Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs appear, with the Malware Scan screen in view. 2. Click the HTTPS Settings submenu tab. The HTTPS Settings screen displays. Figure 6-15 3.
Page 203: Specifying Trusted Hosts
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-10. HTTPS Settings Setting Description (or Subfield and Description) HTTP Tunneling Select this checkbox to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default. Traffic from trusted hosts is not scanned (see “Specifying Trusted Hosts”...
Page 204 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note that certain sites contain elements from different HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts: • trustedhostserver1.example.com • trustedhostserver2.example.com • imageserver.example.com To completely bypass the scanning of the https://example.com site, you must add all three hosts to the trusted hosts list because different files from these three hosts are also downloaded when a user attempts to access the https://example.com site.
Page 205: Configuring Ftp Scans
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 6-11. Table 6-11. Trusted Hosts Settings Setting Description (or Subfield and Description) Do Not Intercept HTTPS Connections for the following Hosts Enable Select this checkbox to bypass scanning of trusted hosts that are listed in the Hosts field. Users do not receive a security alert for trusted hosts that are listed in the Host field.
Page 206 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the FTP scan settings: 1. Select Application Security > FTP from the menu. The FTP screen displays. Figure 6-17 2. Enter the settings as explained in Table 6-12. Table 6-12. FTP Scan Settings Setting Description (or Subfield and Description) Action...
Page 207: Setting Web Access Exceptions And Scanning Exclusions
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-12. FTP Scan Settings (continued) Setting Description (or Subfield and Description) Scan Exception The default maximum file or object size that is scanned is 2048 KB, but you can define a maximum size of up to 10240 KB.
Page 208 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To set Web access exception rules: 1. Select Application Security > Block/Accept Exceptions from the menu. The Block/Accept Exceptions screen displays. This screen shows the Exceptions table, which is empty if you have not specified any exception rules.
Page 209 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 6-13. Table 6-13. Add and Edit Block Scanning Exception Settings Setting Description (or Subfield and Description) Action From the pull-down menu, select the action that the UTM applies: •...
Page 210: Setting Scanning Exclusions
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Modify the settings that you wish to change (see Table 6-13 on page 6-43). 3. Click Apply to save your changes. The modified exception rule is displayed in the Exceptions table. To delete or disable one or more exception rules: 1.
Page 211 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-20 2. In the Add Scanning Exclusions section of the screen, specify an exclusion rule as explained in Table 6-14. Table 6-14. Add Scanning Exclusion Settings Setting Description (or Subfield and Description) Client IP The client IP address and optional subnet mask that are excluded from all scanning.
Page 212 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6-46 Content Filtering and Optimizing Scans v1.0, January 2010...
Page 213: Virtual Private Networking Using Ipsec Connections
Chapter 7 Virtual Private Networking Using IPsec Connections This chapter describes how to use the IP security (IPsec) virtual private networking (VPN) features of the UTM to provide secure, encrypted communications between your local network and a remote network or computer. This chapter contains the following sections: •...
Page 214 ProSecure Unified Threat Management (UTM) Appliance Reference Manual “Virtual Private Networks (VPNs)” on page B-9 for more information about the IP addressing requirements for VPNs in the dual WAN modes. For information about how to select and configure a dynamic DNS service for resolving FQDNs, see “Configuring Dynamic DNS”...
Page 215: Using The Ipsec Vpn Wizard For Client And Gateway Configurations
Using the IPsec VPN Wizard for Client and Gateway Configurations You can use the IPsec VPN Wizard to configure multiple gateway or client VPN tunnel policies. ProSaf The section below provides wizard and NETGEAR e VPN Client Software configuration procedures for the following scenarios: •...
Page 216: Creating Gateway-To-Gateway Vpn Tunnels With The Wizard
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Creating Gateway-to-Gateway VPN Tunnels with the Wizard Figure 7-3 To set up a gateway-to-gateway VPN tunnel using the VPN Wizard. 1. Select VPN > IPsec VPN from the menu. The IPsec VPN submenu tabs appear, with the IKE Policies screen in view.
Page 217 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-4 To view the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen. A popup window appears (see Figure 7-5 on page 7-6) displaying the wizard default values.
Page 218 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-5 3. Select the radio buttons and complete the fields and as explained Table 7-2. Table 7-2. (IPsec) VPN Wizard Settings for a Gateway-to-Gateway Tunnel Setting Description (or Subfield and Description) About VPN Wizard This VPN tunnel will connect Select the Gateway radio button.
Page 219 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-2. (IPsec) VPN Wizard Settings for a Gateway-to-Gateway Tunnel (continued) Setting Description (or Subfield and Description) This VPN tunnel will use For the dual-WAN port models only, select one of the two radio buttons following local WAN Interface (WAN1 or WAN2) to specify which local WAN interface the VPN tunnel (dual-WAN port models only)
Page 220 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The IPsec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen. By default, the VPN policy is enabled. Figure 7-6 5.
Page 221: Creating A Client To Gateway Vpn Tunnel
“Using the VPN Wizard Configure the Gateway for a Client Tunnel” on page 7-9. • “Using the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection” on page 7-12. Using the VPN Wizard Configure the Gateway for a Client Tunnel To set up a client-to-gateway VPN tunnel using the VPN Wizard.
Page 222 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-9 To display the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen. A popup window appears (see Figure 7-5 on page 7-6), displaying the wizard default values.
Page 223 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Select the radio buttons and complete the fields and as explained Table 7-3. Table 7-3. (IPsec) VPN Wizard Settings for a Client-to-Gateway Tunnel Setting Description (or Subfield and Description) About VPN Wizard This VPN tunnel will connect Select the VPN Client radio button.
Page 224 Using the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection From a PC with the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to connect to the UTM: 1. Right-click on the VPN client icon in your Windows toolbar, select Security Policy Editor.
Page 225 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-11 2. In the upper left of the Policy Editor window, click the New Connection icon (the first icon on the left) to open a new connection. Give the new connection a name; in this example, we are using UTM_SJ.
Page 226 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 7-4. Table 7-4. Security Policy Editor: Remote Party Settings Setting Description (or Subfield and Description) Connection Security Select the Secure radio button. If you want to connect manually only, select the Only Connect Manually checkbox.
Page 227 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. In the left frame, click My Identity. The screen adjusts. Figure 7-13 6. Enter the settings as explained in Table 7-5. Table 7-5. Security Policy Editor: My Identity Settings Setting Description (or Subfield and Description) Select Certificate From the pull-down menu, select None.
Page 228 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-5. Security Policy Editor: My Identity Settings (continued) Setting Description (or Subfield and Description) ID Type From the pull-down menu, select Domain Name. Then, below, enter the remote FQDN that you entered on the UTM’s VPN Wizard screen (see Figure 7-9 on page 7-10).
Page 229: Testing The Connections And Viewing Status Information
Testing the Connections and Viewing Status Information Both the NETGEAR ProSafe VPN Client and the UTM provide VPN connection and status information. This information is useful for verifying the status of a connection and troubleshooting problems with a connection.
Page 230: Netgear Vpn Client Status And Log Information
My Connections\UTM_SJ” within 30 seconds. The VPN client icon in the system tray should say On: NETGEAR VPN Client Status and Log Information To view more detailed additional status and troubleshooting information from the NETGEAR VPN client: •...
Page 231 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-16 • Right-click the VPN Client icon in the system tray and select Connection Monitor. Figure 7-17 Virtual Private Networking Using IPsec Connections 7-19 v1.0, January 2010...
Page 232: Viewing The Utm Ipsec Vpn Connection Status
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The VPN client system tray icon provides a variety of status indications, which are listed below. Table 7-7. Status Indications for the VPN Client System Tray Icon System Tray Icon Status The client policy is deactivated. The client policy is deactivated but not connected.
Page 233: Viewing The Utm Ipsec Vpn Log
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Active IPsec SAs table lists each active connection with the information that is described Table 7-8. The default poll interval is 5 seconds. To change the poll interval period, enter a new value in the Poll Interval field, and then click set interval.
Page 234: Managing Ipsec Vpn Policies
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-19 Managing IPsec VPN Policies After you have used the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name that you selected as the VPN tunnel connection name during the VPN Wizard setup identifies both the VPN policy and IKE policy.
Page 235: Managing Ike Policies
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Managing IKE Policies The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways, and provides automatic management of the keys that are used for IPsec connections. It is important to remember that: •...
Page 236 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-20 Each policy contains the data that are explained in Table 7-9 These fields are explained in more detail in Table 7-10 on page 7-27. Table 7-9. List of IKE Policies Information Item Description (or Subfield and Description) Name...
Page 237 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To add or edit an IKE policy, see “Manually Adding or Editing an IKE Policy on this page. Note: You cannot delete or edit an IKE policy for which the VPN policy is active. You first must disable or delete the VPN policy before you can delete or edit the IKE policy.
Page 238 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-21 7-26 Virtual Private Networking Using IPsec Connections v1.0, January 2010...
Page 239 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-10. Table 7-10. Add IKE Policy Settings Item Description (or Subfield and Description) Mode Config Record Do you want to use Specify whether or not the IKE policy uses a Mode Config Record.
Page 240 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-10. Add IKE Policy Settings (continued) Item Description (or Subfield and Description) Local Select Local Gateway For the dual-WAN port models only, select a radio button to specify the WAN1 (dual-WAN port or WAN2 interface.
Page 241 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-10. Add IKE Policy Settings (continued) Item Description (or Subfield and Description) Authentication From the pull-down menu, select one of the following two algorithms to use in Algorithm the VPN header for the authentication process: •...
Page 242 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-10. Add IKE Policy Settings (continued) Item Description (or Subfield and Description) Extended Authentication XAUTH Configuration Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and–if enabled–which device is used to Note: For more verify user account information: information about...
Page 243: Managing Vpn Policies
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Managing VPN Policies You can create two types of VPN policies. When you use the VPN Wizard to create a VPN policy, only the Auto method is available.
Page 244 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the VPN Policies submenu tab. The VPN Policies screen displays. (Figure 7-22 shows some examples.) Figure 7-22 Each policy contains the data that are explained in Table 7-11. These fields are explained in more detail in Table 7-12 on page 7-35.
Page 245 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To delete one or more VPN polices: 1. Select the checkbox to the left of the policy that you want to delete or click the Select All table button to select all VPN policies. 2.
Page 246 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-23 7-34 Virtual Private Networking Using IPsec Connections v1.0, January 2010...
Page 247 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Complete the fields, select the radio buttons and checkboxes, and make your selections from the pull-down menus as explained Table 7-12. Table 7-12. Add VPN Policy Settings Item Description (or Subfield and Description) General Policy Name A descriptive name of the VPN policy for identification and management...
Page 248 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-12. Add VPN Policy Settings (continued) Item Description (or Subfield and Description) Traffic Selection Local IP From the pull-down menu, select the address or addresses that are part of the VPN tunnel on the UTM: •...
Page 249 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-12. Add VPN Policy Settings (continued) Item Description (or Subfield and Description) Integrity Algorithm From the pull-down menu, select one of the following two algorithms to be used in the VPN header for the authentication process: •...
Page 250: Configuring Extended Authentication (Xauth)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-12. Add VPN Policy Settings (continued) Item Description (or Subfield and Description) PFS Key Group Select this checkbox to enable Perfect Forward Secrecy (PFS), and then select a Diffie-Hellman (DH) group from the pull-down menu. The DH Group sets the strength of the algorithm in bits.
Page 251: Configuring Xauth For Vpn Clients
ProSecure Unified Threat Management (UTM) Appliance Reference Manual You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are available: • Edge Device. The UTM is used as a VPN concentrator on which one or more gateway tunnels terminate.
Page 252: User Database Configuration
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-13. Table 7-13. Settings Extended Authentication Item Description (or Subfield and Description) Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and–if enabled–which device is used to verify user account information: •...
Page 253 ProSecure Unified Threat Management (UTM) Appliance Reference Manual server in the network when a user requests access to network resources. During the establishment of a VPN connection, the VPN gateway can interrupt the process with an XAUTH request. At that point, the remote user must provide authentication information such as a user name and password or some encrypted response using his user name and password information.
Page 254 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Complete the fields and select the radio buttons as explained Table 7-14. Table 7-14. Settings RADIUS Client Item Description (or Subfield and Description) Primary RADIUS Server Select the Yes radio button to enable and configure the primary RADIUS server, and then enter the settings for the three fields below.
Page 255: Assigning Ip Addresses To Remote Users (Mode Config)
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: You select the RADIUS authentication protocol (PAP or CHAP) on the Edit IKE Policy screen or Add IKE Policy screen (see “Configuring XAUTH for VPN Clients” on page 7-39). Assigning IP Addresses to Remote Users (Mode Config) To simplify the process of connecting remote VPN clients to the UTM, use the Mode Config feature to assign IP addresses to remote users, including a network access IP address, subnet mask, WINS server, and DNS address from the UTM.
Page 256 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Mode Config submenu tab. The Mode Config screen displays. Figure 7-25 As an example, the screen shows two Mode Config records with the names EMEA Sales and NA Sales: •...
Page 257 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-26 4. Complete the fields, select the checkbox, and make your selections from the pull-down menus as explained Table 7-15. Table 7-15. Add Mode Config Record Settings Item Description (or Subfield and Description) Client Pool Record Name A descriptive name of the Mode Config record for identification and...
Page 258 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-15. Add Mode Config Record Settings (continued) Item Description (or Subfield and Description) WINS Server If there is a WINS server on the local network, enter its IP address in the Primary field.
Page 259 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. Click Apply to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedure by configuring an IKE policy. 6.
Page 260 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 8. On the Add IKE Policy screen, complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-16. Note: The settings that are explained in Table 7-16 are specifically for a Mode Config configuration.
Page 261 The period in seconds for which the IKE SA is valid. When the period times out, the next rekeying must occur. The default is 28800 seconds (8 hours). However, for a Mode Config configuration, NETGEAR recommends 3600 seconds (1 hour).
Page 262: Configuring The Prosafe Vpn Client For Mode Config Operation
9. Click Apply to save your settings. The IKE policy is added to the List of IKE Policies table. Configuring the ProSafe VPN Client for Mode Config Operation From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection for Mode Config operation: 1.
Page 263 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. In the upper left of the Policy Editor window, click the New Connection icon (the first icon on the left) to open a new connection. Give the new connection a name; in this example, we are using ModeConfigTest.
Page 264 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-17. Security Policy Editor: Remote Party, Mode Config Settings (continued) Setting Description (or Subfield and Description) Select the Use checkbox. Then, from the pull-down menu, select Secure Gateway Tunnel. Left pull-down menu From the left pull-down menu, select Domain Name.
Page 265 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. In the left frame, click My Identity. The screen adjusts. Figure 7-29 6. Enter the settings as explained in Table 7-18. Table 7-18. Security Policy Editor: My Identity, Mode Config Settings Setting Description (or Subfield and Description) Select Certificate...
Page 266 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-18. Security Policy Editor: My Identity, Mode Config Settings (continued) Setting Description (or Subfield and Description) ID Type From the pull-down menu, select Domain Name. Then, below, enter the remote FQDN that you specified in the UTM’s Mode Config IKE policy. In this example, we are using utm25_remote.com.
Page 267: Testing The Mode Config Connection
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 9. Enter the settings as explained in Table 7-19. Table 7-19. Security Policy Editor: Security Policy, Mode Config Settings Setting Description (or Subfield and Description) Select Phase 1 Negotiation Select the Aggressive Mode radio button. Mode Enable Perfect Forward Select the Enable Perfect Forward Secrecy (PFS) checkbox.
Page 268: Configuring Keepalives
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Keepalives The Keepalive feature maintains the IPSec SA by sending periodic ping requests to a host across the tunnel and monitoring the replies. To configure the Keepalive feature on a configured VPN policy: 1.
Page 269: Configuring Dead Peer Connection
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Enter the settings as explained in Table 7-20. Table 7-20. Keepalive Settings Item Description (or Subfield and Description) General Enable Keepalive Select the Yes radio button to enable the Keepalive feature. Periodically, the UTM sends ping packets to the remote endpoint to keep the tunnel alive.
Page 270 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. In the IKE SA Parameters section of the screen, locate the DPD fields. Figure 7-32 4. Select the radio button and complete the fields as explained Table 7-21. Table 7-21. Dead Peer Detection Settings Item Description (or Subfield and Description) IKE SA Parameters...
Page 271: Configuring Netbios Bridging With Ipsec Vpn
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring NetBIOS Bridging with IPsec VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for several basic network services such as naming and neighborhood device discovery. Because VPN routers do not normally pass NetBIOS traffic, these network services do not function for hosts on opposite ends of a VPN connection.
Page 272 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 7-60 Virtual Private Networking Using IPsec Connections v1.0, January 2010...
Page 273: Virtual Private Networking Using Ssl Connections
Chapter 8 Virtual Private Networking Using SSL Connections The UTM provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, the UTM can authenticate itself to an SSL-enabled client, such as a standard Web browser.
Page 274: Using The Ssl Vpn Wizard For Client Configurations
“Manually Configuring and Editing SSL Connections” on page 8-17.” To start the SSL VPN Wizard: 1. Select Wizards from the main navigation menu. The “Welcome to the Netgear Configuration Wizard” screen displays. Figure 8-1 2. Select the SSLS VPN Wizard radio button.
Page 275: Ssl Vpn Wizard Step 1 Of 6: Portal Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The following sections explain the five configuration screens of the SSL VPN Wizard. On the sixth screen, you can save your SSL VPN policy. The tables in the following sections explain the buttons and fields of the SSL VPN Wizard screens. Additional information about the settings in the SSL VPN Wizard screens is provided in “Manually Configuring and Editing SSL Connections”...
Page 276 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: If you leave the Portal Layout Name field blank, the SSL VPN Wizard uses the default portal layout SSL-VPN. You must enter a name other than SSL VPN in the Portal Layout Name field so the SSL VPN Wizard can create a new portal layout. Do not enter an existing portal layout name in the in the Portal Layout Name field, otherwise the SSL VPN Wizard will fail (although the UTM will not reboot in this situation).
Page 277: Ssl Vpn Wizard Step 2 Of 6: Domain Settings
(recommended) <meta http-equiv=”pragma” content=”no-cache”> <meta http-equiv=”cache-control” content=”no-cache”> <meta http-equiv=”cache-control” content=”must-revalidate”> Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-date Web pages, themes, and data being stored in a user’s Web browser cache. ActiveX web...
Page 278 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note that Figure 8-3 contains some examples. Enter the settings as explained in Table 8-2, then click Next to go the following screen. Note: If you leave the Domain Name field blank, the SSL VPN Wizard uses the default domain name geardomain.
Page 279: Ssl Vpn Wizard Step 3 Of 6: User Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-2. SSL VPN Wizard Step 2: Domain Settings (continued) Setting Description (or Subfield and Description) Portal The portal that you selected on the first SSL VPN Wizard screen.You cannot change the portal on this screen; the portal is displayed for information only. Authentication Server The server IP address or server name of the authentication server for any type of authentication other than authentication through the local user database.
Page 280 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: After you have completed the steps in the SSL VPN Wizard, you can make changes to the user settings by selecting Users > Users. For more information about user settings, see “Configuring User Accounts”...
Page 281: Ssl Vpn Wizard Step 4 Of 6: Client Ip Address Range And Routes
ProSecure Unified Threat Management (UTM) Appliance Reference Manual SSL VPN Wizard Step 4 of 6: Client IP Address Range and Routes Figure 8-5 Note that Figure 8-5 contains some examples. Enter the settings as explained in Table 8-4 on page 8-10, then click Next to go the following screen.
Page 282 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-4. SSL VPN Wizard Step 4: Settings Client IP Address Range and Routes Item Description (or Subfield and Description) Client IP Address Range Enable Full Tunnel Support Select this checkbox to enable full tunnel support. If you leave this checkbox deselected (which is the default setting), split tunnel support is enabled, and you must add a client route by completing the Destination Network and Subnet Mask fields.
Page 283: Ssl Vpn Wizard Step 5 Of 6: Port Forwarding
ProSecure Unified Threat Management (UTM) Appliance Reference Manual SSL VPN Wizard Step 5 of 6: Port Forwarding Figure 8-6 Note that Figure 8-6 contains some examples. Enter the settings as explained in Table 8-5, then click Next to go the following screen. Note: Do not enter an IP address that is already in use in the first Local Server IP Address field or a port number that is already in use in the TCP Port NumberAction field, otherwise the SSL VPN Wizard will fail and the UTM will...
Page 284 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-5. SSL VPN Wizard Step 5: Settings (continued) Port Forwarding Item Description (or Subfield and Description) TCP Port NumberAction The TCP port number of the application that is accessed through the SSL VPN tunnel.
Page 285: Ssl Vpn Wizard Step 6 Of 6: Verify And Save Your Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual SSL VPN Wizard Step 6 of 6: Verify and Save Your Settings Figure 8-7 Virtual Private Networking Using SSL Connections 8-13 v1.0, January 2010...
Page 286: Accessing The New Ssl Portal Login Screen
Click Apply to save your settings. If the settings are accepted by the UTM, a message “Operation Succeeded” appears at the top of the screen, and the “Welcome to the Netgear Configuration Wizard” screen displays again (see Figure 8-1 on page 8-2).
Page 287 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 8-8 4. Enter the user name and password that you just created with the help of the SSL VPN Wizard 5. Click Login. The default User Portal screen displays. Figure 8-9 Virtual Private Networking Using SSL Connections 8-15 v1.0, January 2010...
Page 288: Viewing The Utm Ssl Vpn Connection Status
• Change Password. Allows the user to change their password. • Support. Provides access to the NETGEAR Web site. Viewing the UTM SSL VPN Connection Status To review the status of current SSL VPN tunnels: 1. Select Monitoring > Active Users & VPNs from the main menu. The Active Users & VPN submenu tabs appear, with the Active Users screen in views 2.
Page 289: Manually Configuring And Editing Ssl Connections
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. From the Log Type pull-down menu, select SSL VPN. The SSL VPN logs display. Figure 8-11 Manually Configuring and Editing SSL Connections To manually configure and activate SSL connections, perform the following six basic steps in the order that they are presented: 1.
Page 290: Creating The Portal Layout
ProSecure Unified Threat Management (UTM) Appliance Reference Manual When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can define global policies, group policies, or individual policies. Because you must assign an authentication domain when creating a group, the group is created after you have created the domain.
Page 291 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Portal layouts are applied by selecting one from the available portal layouts in the configuration of a domain. When you have completed your portal layout, you can apply the portal layout to one or more authentication domains (see “Configuring Domains”...
Page 292 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The List of Layouts table displays the following fields: • Layout Name. The descriptive name of the portal. • Description. The banner message that is displayed at the top of the portal (see Figure 8-8 on page 8-15).
Page 293 <meta http-equiv=”cache-control” content=”no-cache”> <meta http-equiv=”cache-control” content=”must- revalidate”> Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-date Web pages, themes, and data being stored in a user’s Web browser cache. Virtual Private Networking Using SSL Connections 8-21 v1.0, January 2010...
Page 294: Configuring Domains, Groups, And Users
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-6. Settings (continued) Add Portal Layout Item Description (or Subfield and Description) ActiveX web cache Select this checkbox to enable ActiveX cache control to be loaded when cleaner users log in to the SSL VPN portal. The Web cache cleaner prompts the user to delete all temporary Internet files, cookies, and browser history when the user logs out or closes the Web browser window.
Page 295 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Adding Servers and Port Numbers To configure port forwarding, you must define the IP addresses of the internal servers and the port number for TCP applications that are available to remote users. To add a server and a port number: 1.
Page 296 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-7. Port Forwarding Applications/TCP Port Numbers TCP Application Port Number FTP Data (usually not needed) FTP Control Protocol Telnet SMTP (send mail) HTTP (web) POP3 (receive mail) NTP (network time protocol) Citrix 1494 Terminal Services...
Page 297: Configuring The Ssl Vpn Client
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. In the Add New Host Name for Port Forwarding section of the screen, specify information in the following fields: • Local Server IP Address. The IP address of an internal server or host computer that you want to name.
Page 298 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • If you enable split tunnel support and you assign an entirely different subnet to the VPN tunnel clients than the subnet that is used by the local network, you must add a client route to ensure that a VPN tunnel client connects to the local network over the VPN tunnel.
Page 299 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Select the checkbox and complete the fields as explained Table 8-8. Table 8-8. Settings Client IP Address Range Item Description (or Subfield and Description) Client IP Address Range Enable Full Tunnel Support Select this checkbox to enable full tunnel support.
Page 300: Using Network Resource Objects To Simplify Policies
IP addresses or IP networks rather than predefined network resources. But for most organizations, NETGEAR recommends that you use network resources. If your server or network configuration changes, you can perform an update quickly by using network resources instead of individually updating all of the user and group policies.
Page 301 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Adding New Network Resources To define a network resource: 1. Select VPN > SSL VPN from the menu. The SSL VPN s submenu tabs appear, with the Policies screen in view. 2. Click the Resources submenu tab. The Resources screen displays. ( Figure 8-16 shows some resources in the List of Resource(s) table as an example.)
Page 302 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Editing Network Resources to Specify Addresses 1. Select VPN > SSL VPN from the menu. The SSL VPN s submenu tabs appear, with the Policies screen in view. 2. Click the Resources submenu tab. The Resources screen displays (see Figure 8-16 on page 8-29, which shows some examples).
Page 303: Configuring User, Group, And Global Policies
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-9. Settings (continued) Add Resource Addresses Item Description (or Subfield and Description) Object Type From the pull-down menu, select one of the following options: • IP Address. The object is an IP address. You must enter the IP address or the FQDN in the IP Address / Name field.
Page 304 ProSecure Unified Threat Management (UTM) Appliance Reference Manual For example, a policy that is configured for a single IP address takes precedence over a policy that is configured for a range of addresses. And a policy that applies to a range of IP addresses takes precedence over a policy that is applied to all IP addresses.
Page 305 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 8-18 2. Make your selection from the following Query options: • Click Global to view all global policies. • Click Group to view group policies, and choose the relevant group’s name from the pull- down menu.
Page 306 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 8-19 3. Select the radio buttons, complete the fields, and make your selection from the pull-down menus as explained Table 8-10. Table 8-10. Settings Add Policy Item Description (or Subfield and Description) Policy For Select one of the following radio buttons to specify the type of SSL VPN policy: •...
Page 307 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-10. Settings (continued) Add Policy Item Description (or Subfield and Description) Add SSL VPN Policies Apply Select one of the following radio buttons to specify how the policy is applied: Policy For •...
Page 308 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-10. Settings (continued) Add Policy Item Description (or Subfield and Description) Apply IP Network Policy Name A descriptive name of the SSL VPN policy for identification Policy For and management purposes. (continued) IP Address The network IP address to which the SSL VPN policy is...
Page 309 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The policy is added to the List of SSL VPN Policies table on the Policies screen. The new policy goes into effect immediately. Note: In addition to configuring SSL VPN user policies, ensure that HTTPS remote management is enabled (see “Configuring Remote Management Access”...
Page 310 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 8-38 Virtual Private Networking Using SSL Connections v1.0, January 2010...
Page 311: Configuring Vpn Authentication Domains, Groups, And Users
Chapter 9 Managing Users, Authentication, and Certificates This chapter describes how to manage users, authentication, and security certificates for IPsec VPN and SSL VPN. This chapter contains the following sections: • “Configuring VPN Authentication Domains, Groups, and Users” on this page. •...
Page 312: Configuring Domains
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Domains The domain determines the authentication method to be used for associated users. For SSL connections, the domain also determines the portal layout that is presented, which in turn determines the network resources to which the associated users have access. The default domain of the UTM is named geardomain.
Page 313 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-1.Authentication Protocols and Methods Authentication Description (or Subfield and Description) Protocol or Method LDAP A network-validated domain-based authentication method that functions with a Lightweight Directory Access Protocol (LDAP) authentication server. LDAP is a standard for querying and updating a directory.
Page 314 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Under the List of Domains table, click the Add table button. The Add Domain screen displays. Figure 9-2 3. Enter the settings as explained in Table 9-2. Table 9-2. Add Domain Settings Setting Description (or Subfield and Description) DOMAIN NAME...
Page 315 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-2. Add Domain Settings (continued) Setting Description (or Subfield and Description) Authentication Type • WIKID-CHAP. WIKID Systems CHAP. Complete the Authentication Server (continued)( and Authentication Secret fields. • MIAS-PAP. Microsoft Internet Authentication Service (MIAS) PAP.
Page 316: Configuring Groups For Vpn Policies
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6. If you change local authentication, click Apply in the Domain screen to save your settings. To delete one or more domains: 1. In the List of Domains table, select the checkbox to the left of the domain that you want to delete or click the Select All table button to select all domains.
Page 317 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Creating and Deleting Groups To create a VPN group: 1. Select Users > Groups from the menu. The Groups screen displays. Figure 9-3 shows the UTM’s default group—geardomain—and, as an example, several other groups in the List of Groups table.
Page 318 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-3. (VPN) Group Settings Setting Description (or Subfield and Description) Name A descriptive (alphanumeric) name of the group for identification and management purposes. Domain The pull-down menu shows the domains that are listed on the Domain screen. From the pull-down menu, select the domain with which the group is associated.
Page 319: Configuring User Accounts
SSL VPN User. A user who can only log in to the SSL VPN portal. • IPSEC VPN User. A user who can only make an IPsec VPN connection via a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see “Configuring...
Page 320 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create an individual user account: 1. Select Users > Users from the menu. The Users screen displays. Figure 9-5 shows the UTM’s default users—admin and guest—and, as an example, several other users in the List of Users table.
Page 321 • SSL VPN User. User who can only log in to the SSL VPN portal. • IPSEC VPN User. User who can only make an IPsec VPN connection via a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see “Configuring Extended Authentication (XAUTH)”...
Page 322: Setting User Login Policies
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The user is added to the List of Users table. To delete one or more users: 1. In the List of Users table, select the checkbox to the left of the user that you want to delete or click the Select All table button to select all users.
Page 323 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: For security reasons, the Deny Login from WAN Interface checkbox is selected by default for guests and administrators. The Disable Login checkbox is disabled (masked out) for administrators. 4. Click Apply to save your settings. Configuring Login Restrictions Based on IP Address To restrict logging in based on IP address: 1.
Page 324 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. In the Defined Addresses Status section of the screen, select one of the following radio buttons: • Deny Login from Defined Addresses. Deny logging in from the IP addresses in the Defined Addresses table.
Page 325 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Click the by Client Browser submenu tab. The by Client Browser screen displays. Figure 9-9 shows a browser in the Defined Browsers table as an example. Figure 9-9 4. In the Defined Browsers Status section of the screen, select one of the following radio buttons: •...
Page 326: Changing Passwords And Other User Settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 7. Click the Add table button. The browser is added to the Defined Browsers table. 8. Repeat step 6 step 7 for any other browsers that you want to add to the Defined Browsers table.
Page 327: Managing Digital Certificates
• SSL VPN User. User who can only log in to the SSL VPN portal. • IPSEC VPN User. User who can only make an IPsec VPN connection via a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see “Configuring Extended Authentication (XAUTH)”...
Page 328 The UTM contains a self-signed digital certificate from NETGEAR. This certificate can be downloaded from the UTM login screen for browser import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA prior to deploying the UTM in your network.
Page 329: Managing Ca Certificates
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Certificates screen contains four tables that are explained in detail in the following sections: • Trusted Certificates (CA Certificate) table. Contains the trusted digital certificates that were issued by CAs and that you uploaded (see “Managing CA Certificates”...
Page 330: Managing Self Certificates
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Trusted Certificates (CA Certificates) table lists the digital certificates of CAs and contains the following fields: • CA Identity (Subject Name). The organization or person to whom the digital certificate is issued.
Page 331 ProSecure Unified Threat Management (UTM) Appliance Reference Manual When a security alert is generated, the user can decide whether or not to trust the host. Figure 9-12 Generating a CSR and Obtaining a Self Certificate from a CA To use a self certificate, you must first request the digital certificate from a CA, and then download and activate the digital certificate on the UTM.
Page 332 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 9-13 [Certificates, screen 2 of 3] 2. In the Generate Self Certificate Request section of the screen, enter the settings as explained in Table 9-7. Table 9-7. Generate Self Certificate Request Settings Setting Description (or Subfield and Description) Name...
Page 333 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-7. Generate Self Certificate Request Settings (continued) Setting Description (or Subfield and Description) Hash Algorithm From the pull-down menu, select one of the following hash algorithms: • MD5. A 128 bit (16 byte) message digest, slightly faster than SHA-1. •...
Page 334 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 9-14 5. Copy the contents of the Data to supply to CA text box into a text file, including all of the data contained from “----BEGIN CERTIFICATE REQUEST---” to “---END CERTIFICATE REQUEST---”.
Page 335: Managing The Certificate Revocation List
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 10. Click Browse and navigate to the digital certificate file from the CA that you just stored on your computer. 11. Click the Upload table button. If the verification process on the UTM approves the digital certificate for validity and purpose, the digital certificate is added to the Active Self Certificates table.
Page 336 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To view the currently-loaded CRLs and upload a new CRL: 1. Select VPN > Certificates from the menu. The Certificates screen displays. Figure 9-15 shows the bottom section of the screen with Certificate Revocation Lists (CRL) table. There are no examples in the table (that is, the table is empty).
Page 337: Network And System Management
Chapter 10 Network and System Management This chapter describes the tools for managing the network traffic to optimize its performance and the system management features of the UTM. This chapter contains the following sections: • “Performance Management” on this page. •...
Page 338: Features That Reduce Traffic
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Auto-rollover mode (dual-WAN port models only): 1.5 Mbps (one active WAN port at 1.5 Mbps) • Single-WAN port mode (single-WAN port models and dual-WAN port models): 1.5 Mbps (one active WAN port at 1.5 Mbps) As a result, and depending on the traffic that is being carried, the WAN side of the UTM is the limiting factor to throughput for most installations.
Page 339 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • ALLOW by schedule, otherwise block The section below summarizes the various criteria that you can apply to outbound rules in order to reduce traffic. For more information about outbound rules, see “Outbound Rules (Service Blocking)”...
Page 340 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • QoS Profile. You can define QoS profiles and then apply them to outbound rules to regulate the priority of traffic. To define QoS profiles, see “Creating Quality of Service (QoS) Profiles” on page 5-35.
Page 341: Features That Increase Traffic
ProSecure Unified Threat Management (UTM) Appliance Reference Manual – URL blocking. You can specify up to 200 URLs that are blocked by the UTM. For more information, see “Configuring Web URL Filtering” on page 6-30. – Web services blocking. You can block Web services such as instant messaging and peer- to-peer services.
Page 342 ProSecure Unified Threat Management (UTM) Appliance Reference Manual LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding) The LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for inbound traffic (from WAN to LAN and from WAN to the DMZ). If you have not defined any rules, only the default rule is listed.
Page 343 ProSecure Unified Threat Management (UTM) Appliance Reference Manual – Address range. The rule is applied to a range of addresses. – Groups. The rule is applied to a group of PCs. (You can configure groups for LAN WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs and Devices table is an automatically-maintained list of all known PCs and network devices and is generally referred to as the Network Database, which is described in “Managing the...
Page 344: Using Qos And Bandwidth Assignment To Shift The Traffic Mix
ProSecure Unified Threat Management (UTM) Appliance Reference Manual e-mail server) and provide public access to them. The fourth LAN port on the UTM (the rightmost LAN port) can be dedicated as a hardware DMZ port to safely provide services to the Internet without compromising security on your LAN.
Page 345: Monitoring Tools For Traffic Management
Changing Passwords and Administrator Settings The default administrator and default guest passwords for the Web Management Interface are both password. NETGEAR recommends that you change these passwords to more secure passwords. You can also configure a separate password for the guest account.
Page 346 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To modify the administrator user account settings, including the password: 1. Select Users > Users from the menu. The Users screen displays. Figure 10-1 shows the UTM’s default users—admin and guest—and, as an example, several other users in the List of Users table.
Page 347 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Select the Check to Edit Password checkbox. The password fields become active. 4. Enter the old password, enter the new password, and then confirm the new password. Note: The ideal password should contain no dictionary words from any language, and should be a mixture of letters (both upper and lower case), numbers, and symbols.
Page 348: Configuring Remote Management Access
Web Management Interface is accessible to anyone who knows its IP address and default password. Because a malicious WAN user can reconfigure the UTM and misuse it in many ways, NETGEAR highly recommends that you change the admin and guest default passwords before continuing (see “Changing Passwords...
Page 349 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your changes. When remote management is enabled, you must use an SSL connection to access the UTM from the Internet. You must enter https:// (not http://) and type the UTM’s WAN IP address in your browser .For example, if the UTM’s WAN IP address is 172.16.0.123, type the following in your browser: https://172.16.0.123.
Page 350: Using An Snmp Manager
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using an SNMP Manager Simple Network Management Protocol (SNMP) forms part of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration.
Page 351: Managing The Configuration File
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 10-1. Table 10-1. SNMP Settings Setting Description (or Subfield and Description) Settings Do You Want to Select one of the following radio buttons: Enable SNMP? •...
Page 352 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Backup & Restore Settings screen lets you: • back up and save a copy of the current settings • restore saved settings from the backed-up file • revert to the factory default settings. To display the Backup &...
Page 353 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Select Save file, and then click OK. 3. Open the folder where you have saved the backup file, and then verify that it has been saved successfully. Note the following: • If your browser is not configured to save downloaded files automatically, locate the folder in which you want to save the file, specify the file name, and save the file.
Page 354: Updating The Firmware
LAN IP address is 192.168.1.1. Updating the Firmware The UTM can automatically detect any new firmware version from NETGEAR. The firmware upgrade process for the UTM consists of the following stages that are explained in detail in the sections below: 1.
Page 355 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Viewing the Available Firmware Versions To view the current version of the firmware that your UTM is running and the other available firmware versions: 1. Select Administration > System Update from the menu. The System Update submenu tabs appear, with the Signatures &...
Page 356 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. To see which other firmware versions are available, click Query under the Firmware Download section to allow the UTM to connect to the NETGEAR update server. The Firmware Download section shows the available firmware versions, including any new versions, and the date when the current firmware version was downloaded to the UTM.
Page 357: Updating The Scan Signatures And Scan Engine Firmware
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Rebooting Without Changing the Firmware To reboot the UTM without changing the firmware: 1. In the Firmware Reboot section of the Firmware screen (see Figure 10-6 on page 10-19), select the active firmware version by clicking the Activation radio button for the firmware that states “active”...
Page 358 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 10-7 The Info section shows the following information fields for the scan engine firmware and pattern file: • Current Version. The version of the files. • Last Updated. The date of the most recent update. To immediately update the scan engine firmware and pattern file, click Update Now at the bottom of the screen.
Page 359 Update From Set the update source server by selecting one of the following radio buttons: • Default update server. Files are updated from the default NETGEAR update server. • Server address. Files are updated from the server that you specify: enter the IP address or host name of the update server.
Page 360: Configuring Date And Time Service
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Date and Time Service Configure date, time and NTP server designations on the System Date & Time screen. Network Time Protocol (NTP) is a protocol that is used to synchronize computer clock times in a network of computers.
Page 361 Note: If you select this option but leave either the Server 1 or Server 2 field blank, both fields are set to the default Netgear NTP servers. Note: A list of public NTP servers is available at http://ntp.isc.org/bin/view/Servers/WebHome Server 1 Name / IP Address Enter the IP address or host name the primary NTP server.
Page 362 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 10-26 Network and System Management v1.0, January 2010...
Page 363: Enabling The Wan Traffic Meter
Chapter 11 Monitoring System Access and Performance This chapter describes the system monitoring features of the UTM. You can be alerted to important events such as a WAN port rollover, WAN traffic limits reached, login failures, and attacks. You can also view status information about the firewall, WAN ports, LAN ports, active VPN users and tunnels, and more.
Page 364 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Internet Traffic Statistics section in the lower part of the screen displays statistics on Internet traffic via the WAN port. If you have not enabled the traffic meter, these statistics are not available.
Page 365 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-1. WAN Traffic Meter Settings Setting Description (or Subfield and Description) Enable Traffic Meter Do you want to Select one of the following radio buttons to configure traffic metering: enable Traffic •...
Page 366 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-1. WAN Traffic Meter Settings (continued) Setting Description (or Subfield and Description) When Limit is reached Block traffic Select one of the following radio buttons to specify what action the UTM performs when the traffic limit has been reached: •...
Page 367: Configuring Logging, Alerts, And Event Notifications
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Logging, Alerts, and Event Notifications By default, the UTM logs security-related events such as accepted and dropped packets on different segments of your LAN, denied incoming and outgoing service requests, hacker probes and login attempts, content filtering events such as attempts to access blocked sites and URLs, unwanted e-mail content, spam attempts, and many other types of events.
Page 368: Configuring And Activating System, E-Mail, And Syslog Logs
Description (or Subfield and Description) Show as mail sender A descriptive name of the sender for e-mail identification purposes. For example, enter UTMnotification@netgear.com. SMTP server The IP address and port number or Internet name and port number of your ISP’s outgoing e-mail SMTP server. The default port number is 25.
Page 369 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-4 Monitoring System Access and Performance 11-7 v1.0, January 2010...
Page 370 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 11-2. Table 11-3. E-mail and Syslog Settings Setting Description (or Subfield and Description) System Logs Option Select the checkboxes to specify which system events are logged: •...
Page 371 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-3. E-mail and Syslog Settings (continued) Setting Description (or Subfield and Description) Enable Select Logs to • IPS Logs. All IPS events. (continued) Send • SSL VPN Logs. All SSL VPN events. (continued) •...
Page 372: Configuring And Activating Update Failure And Attack Alerts
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-3. E-mail and Syslog Settings (continued) Setting Description (or Subfield and Description) Clear the Following Logs Information Select the checkboxes to specify which logs are cleared. The “Select Logs to Send” part of the “Email Logs to Administrator”...
Page 373 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-5 3. Enter the settings as explained in Table 11-4. Table 11-4. Alerts Settings Setting Description (or Subfield and Description) Enable Update Select this checkbox to enable update failure alerts. Failure Alerts Enable License Select this checkbox to enable license expiration alerts.
Page 374 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-4. Alerts Settings (continued) Setting Description (or Subfield and Description) Enable Malware Subject Enter the subject line for the e-mail alert. The default text is “[Malware Alerts alert]”. (continued) Message Enter the content for the e-mail alert. Note: Make sure that you keep the %VIRUSINFO% and %TIME% meta words in a message to enable the UTM to insert the proper malware name and time information.
Page 375: Configuring And Activating Firewall Logs
“Creating Bandwidth Profiles” on page 5-38), or both, have been exceeded. Note: Enabling firewall logs might generate a significant volume of log messages. NETGEAR recommends that you enable firewall logs for debugging purposes only. To configure and activate firewall logs: 1.
Page 376: Monitoring Real-Time Traffic, Security, And Statistics
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-5. Firewall Logs Settings Setting Description (or Subfield and Description) Routing Logs From the Accepted Packets and Dropped Packets columns, select checkboxes to specify which traffic is logged: • LAN to WAN. •...
Page 377 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-7 [Dashboard, screen 1 of 3] Monitoring System Access and Performance 11-15 v1.0, January 2010...
Page 378 ProSecure Unified Threat Management (UTM) Appliance Reference Manual To clear the statistics, click Clear Statistics. To set the poll interval: 1. Click the Stop button. 2. From the Poll Interval pull-down menu, select a new interval (the minimum is 5 seconds, the maximum is 5 minutes).
Page 379 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-6. Dashboard: Total Threats, Threats (Counts), and Total Traffic (Bytes) Information (continued) Item Description (or Subfield and Description) Threats (Counts) This is a graphic that shows the relative number of threats and access violations over the last week, using different colors for the various applications.
Page 380 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-7 explains the fields of the Most Recent 5 and Top 5 sections of the Dashboard screen. Table 11-7. Dashboard: Most Recent 5 and Top 5 Information Category Most Recent 5 Description Top 5 Description Threats •...
Page 381 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-9 [Dashboard, screen 3 of 3] Table 11-8 explains the fields of the Service Statistics section of the Dashboard screen. Table 11-8. Dashboard: Service Statistics Information Item Description (or Subfield and Description) For each of the six supported protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP), this section provides the following statistics: Total Scanned Traffic (MB)
Page 382: Viewing Status Screens
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Viewing Status Screens The UTM provides real-time information in a variety of status screens that are described in the following sections: • “Viewing System Status” on this page. • “Viewing Active VPN Users” on page 11-24.
Page 383 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-10 [System Status, screen 1 of 3] Table 11-9 explains the fields of the Status and System Information sections of the System Status screen. Table 11-9. System Status: Status and System Information Setting Description (or Subfield and Description) Status...
Page 384 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-9. System Status: Status and System Information (continued) Setting Description (or Subfield and Description) System Information States system up time since last reboot. Firmware Information The firmware version and most recent download for the active and secondary firmware of the UTM and for the scan engine, pattern file, and firewall.
Page 385 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-10. System Status: WAN Configuration and LAN Port Information Setting Description (or Subfield and Description) WAN1 Configuration/WAN2 Configuration (Dual-WAN Port Models) WAN Configuration (Single-WAN Port Models) WAN Mode Single Port, Load Balancing, or Auto Rollover. WAN State UP or DOWN.
Page 386: Viewing Active Vpn Users
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-11. System Status: Interface Statistics Setting Description (or Subfield and Description) For each interface (LAN, WAN1, WAN2, and DMZ for the dual-WAN port models; LAN, WAN, and DMZ for the single-WAN port models), the following statistics are displayed: Status 10BaseT Half duplex, 10BaseT Full duplex, 100BaseT Half duplex, 100BaseT Full duplex, or No Link.
Page 387 ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the IPSec VPN Connection Status submenu tab. The IPSec VPN Connection Status screen displays. Figure 11-14 The Active IPsec SAs table lists each active connection with the information that is described Table 11-12.
Page 388: Viewing Port Triggering Status
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the SSL VPN Connection Status submenu tab. The SSL VPN Connection Status screen displays. Figure 11-15 The active user’s user name, group, and IP address are listed in the table with a timestamp indicating the time and date that the user connected.
Page 389: Viewing The Wan Ports Status
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Status option arrow at the top right of the Port Triggering screen.The Port Triggering Status screen appears in a popup window. Figure 11-17 The Port Triggering Status screen displays the information that is described in Table 11-13.
Page 390 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-18 2. Click the WAN Status option arrow at the top right of the WAN1 ISP Settings screen (dual- WAN port models) or WAN1 ISP Settings screen (single-WAN port models). The Connection Status screen appears in a popup window.
Page 391: Viewing Attached Devices And The Dhcp Log
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Connection Status screen displays the information that is described in Table 11-14. Table 11-14. WAN1 (Dual-WAN Port Models) or WAN (Single WAN-Port Models) Port Status Informations Item Description (or Subfield and Description) Connection Time The period that the UTM has been connected through the WAN port.
Page 392 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-20 2. Click the LAN Groups submenu tab. The LAN Groups screen displays (Figure 11-21 shows some examples in the Known PCs and Devices table). Figure 11-21 11-30 Monitoring System Access and Performance v1.0, January 2010...
Page 393 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Known PCs and Devices table contains a list of all known PCs and network devices that are assigned dynamic IP addresses by the UTM, or have been discovered by other means. Collectively, these entries make up the Network Database.
Page 394: Querying Logs And Generating Reports
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-22 Querying Logs and Generating Reports The extensive logging and reporting functions of the UTM let you perform the following tasks that help you to monitor the protection of the network and the performance of the UTM: •...
Page 395 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • System Logs. The system event logs that you have specified on the Email and Syslog screen (see “Configuring and Activating System, E-mail, and Syslog Logs” on page 11-6). However, by default, many more types of events are logged in the system logs. •...
Page 396 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-23 3. Enter the settings as explained in Table 11-15. Table 11-15. Logs Query Settings Setting Description (or Subfield and Description) Log Type Select one of the following log types from the pull-down menu: •...
Page 397 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-15. Logs Query Settings (continued) Setting Description (or Subfield and Description) Log Type • Service Logs. All events that are related to the status of scanning and filtering (continued) services that are part of the Application Security main navigation menu. These events include update success messages, update failed messages, network connection errors, and so on.
Page 398 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-15. Logs Query Settings (continued) Setting Description (or Subfield and Description) Search Criteria Client IP The client IP address that is queried. (continued) This field is available for the following logs: Traffic, Spam, Malware, Content filters, Port Scan, IPS, Instant Messaging/Peer to Peer.
Page 399 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-15. Logs Query Settings (continued) Setting Description (or Subfield and Description) Search Criteria Message The e-mail message text that is queried. (continued) This field is available for the following logs: Port Scan, IPS, Instant Messaging/Peer to Peer. Subject The e-mail subject line that is queried.
Page 400 Note: After the UTM reboots, traffic logs are lost. Therefore, NETGEAR recommends that you connect the UTM to a syslog server to save the traffic logs externally.
Page 401: Scheduling And Generating Reports
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Scheduling and Generating Reports The UTM lets you schedule and generate three types of reports: • Email Reports. For each protocol (SMTP, POP3, and IMAP), the report shows, the following information per day, both in tables and graphics: –...
Page 402 ProSecure Unified Threat Management (UTM) Appliance Reference Manual – The following application incident are shown per day, both in tables and graphics: • Number of instant messaging application violations, top 10 violating instant messaging applications by count, and top 10 violating instant messaging clients by count •...
Page 403 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-24 3. Enter the settings as explained in Table 11-16. Table 11-16. Generate Report Settings Setting Description (or Subfield and Description) Time From From the pull-down menus, specify the start year, month, day, hour, and minutes for the report.
Page 404 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Scheduling Reports To schedule automatic generation and e-mailing of reports: 1. Select Monitoring > Logs & Reports from the menu. The Logs & Reports submenu tabs appear, with the Email and Syslog screen in view. 2.
Page 405: Using Diagnostics Utilities
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-17. Schedule Report Settings (continued) Setting Description (or Subfield and Description) Reports Select one or more checkboxes to specify the reports that are generated: • Email Reports. • Web Reports. • System Reports. Note: You can select all three checkboxes, but you might generate a very large report.
Page 406: Using The Network Diagnostic Tools
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using the Network Diagnostic Tools This section discusses the Network Diagnostics section and the Perform a DNS Lookup section of the Diagnostics screen. Figure 11-26 [Diagnostics, screen 1of 3] Sending a Ping Packet Use the Ping utility to send a ping packet request in order to check the connection between the UTM and a specific IP address.
Page 407 Route Display screen that appears as a popup window. Looking up a DNS Address A DNS (Domain Name Server) converts the Internet name (for example, www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, mail, or other server on the Internet, request a DNS lookup to find the IP address.
Page 408: Using The Realtime Traffic Diagnostics Tool
The file downloads to the location that you specify. 7. When the download is complete, browse to the download location you specified and verify that the file has been downloaded successfully. 8. Send the file to NETGEAR Technical Support for analysis. 11-46 Monitoring System Access and Performance...
Page 409: Gathering Important Log Information And Generating A Network Statistics Report
Gathering Important Log Information and Generating a Network Statistics Report When you request support, NETGEAR Technical Support might ask you to collect the debug logs and other information from your UTM. This section discusses the Gather Important Log Information section, Network Statistics Report section, and Reboot the System section of the Diagnostics screen.
Page 410: Rebooting And Shutting Down The Utm
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To generate the Network Statistic Report: 1. Locate the Network Statistics Report section on the Diagnostics screen. 2. Click Generate Network Statistics. The network statistics report is sent as an e-mail to the recipient that you specified on the Email Notification screen (see “Configuring the E-mail Notification Server”...
Page 411: Troubleshooting And Using Online Support
The date or time is not correct. Go to “Problems with Date and Time” on page 12-10. • I need help from NETGEAR. Go to “Using Online Support” on page 12-10. Note: The UTM’s diagnostic tools are explained in “Using Diagnostics Utilities” on page 11-43.
Page 412: Basic Functioning
192.168.1.1. This procedure is explained in “Restoring the Default Configuration and Password” on page 12-9. If the error persists, you might have a hardware problem and should contact NETGEAR Technical Support. 12-2 Troubleshooting and Using Online Support v1.0, January 2010...
Page 413: Lan Or Wan Port Leds Not On
ProSecure Unified Threat Management (UTM) Appliance Reference Manual LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not light when the Ethernet connection is made, check the following: • Make sure that the Ethernet cable connections are secure at the UTM and at the hub, router, or workstation.
Page 414: When You Enter A Url Or Ip Address A Time-Out Error Occurs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • If your UTM’s IP address has been changed and you do not know the current IP address, clear the UTM’s configuration to factory defaults. This sets the UTM’s IP address to 192.168.1.1. This procedure is explained in “Restoring the Default Configuration and Password”...
Page 415: Troubleshooting The Isp Connection
Web Management Interface. To check the WAN IP address: 1. Launch your browser and navigate to an external site such as www.netgear.com 2. Access the Web Management Interface of the UTM’s configuration at https://192.168.1.1 3. Select Network Security > WAN Settings from the menu. The WAN1 ISP Settings screen (dual-WAN port models) or WAN ISP Settings screen (single-WAN port models) displays.
Page 416 A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP provides the addresses of one or two DNS servers for your use. You may configure your PC manually with DNS addresses, as explained in your operating system documentation.
Page 417: Troubleshooting A Tcp/Ip Network Using A Ping Utility
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the Ping utility in your PC or workstation.
Page 418: Testing The Path From Your Pc To A Remote Device
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. From the Windows run menu, type: PING -n 10 <IP address>...
Page 419: Restoring The Default Configuration And Password
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Restoring the Default Configuration and Password To reset the UTM to the original factory default settings, you can use one of the following two methods: • Push the Reset button on the rear panel of the UTM (see “Rear Panel”...
Page 420: Problems With Date And Time
One of the advanced features that the UTM provides is online support through a support tunnel. With this feature, NETGEAR Technical Support staff is able to analyze from a remote location any difficulty you might be experiencing with the UTM and to perform advanced diagnostics. Make sure that ports 443 and 2222 are open on your firewall, and that you have the support key that was given to you by NETGEAR.
Page 421: Sending Suspicious Files To Netgear For Analysis
1. Select Support > Online Support from the menu The Online Support screen displays. Figure 12-2 2. In the Support Key field, enter the support key that was given to you by NETGEAR 3. Click Connect. When the tunnel is established, the tunnel status field displays ON.
Page 422: Accessing The Knowledge Base And Documentation
The e-mail address of the submitter to enable NETGEAR to contact the submitter if needed. File Location Click Browse to navigate to the file that you want to submit to NETGEAR. Source / Product Model Specify where the file originated (for example, an e-mail address if received via e-mail) and, if known, which product or scan feature (for example, the UTM or a desktop anti-virus application) detected the file.
Page 423: Default Settings And Technical Specifications
Appendix A Default Settings and Technical Specifications You can use the Reset button located on the rear panel to reset all settings to their factory defaults. This is called a hard reset (for more information, see “Reverting to Factory Default Settings” on page 10-18).
Page 424 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table A-1. UTM Default Configuration Settings (continued) Feature Default behavior (continued) DHCP server Enabled DHCP starting IP address 192.168.1.2 DHCP starting IP address 192.168.1.100 Management Time zone Time zone adjusted for daylight savings time Disabled SNMP Disabled...
Page 425 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table A-2. UTM Physical and Technical Specifications (continued) Feature Specification Environmental Specifications 0º to 45º Operating temperatures 32º to 113º Storage temperatures -20º to 70º -4º to 158º Operating humidity 90% maximum relative humidity, noncondensing Storage humidity 95% maximum relative humidity, noncondensing Major Regulatory Compliance...
Page 426 Specification Network Management Web-based configuration and status monitoring Number of concurrent users supported The number of supported dedicated SSL VPN tunnels depends on the model (see NETGEAR’s marketing documentation at http://prosecure.netgear.com SSL versions SSLv3, TLS1.0 SSL encryption algorithm DES, 3DES, ARC4, AES-128, AES-192, AES-256...
Page 427: Network Planning For Dual Wan Ports
Appendix B Network Planning for Dual WAN Ports (Dual-WAN Port Models Only) This appendix describes the factors to consider when planning a network using a firewall that has dual WAN ports. This appendix does not apply to single-WAN port models. This appendix contains the following sections: •...
Page 428 The UTM is capable of being managed remotely, but this feature must be enabled locally after each factory default reset. NETGEAR strongly advises you to change the default management password to a strong password before enabling remote management. Network Planning for Dual WAN Ports (Dual-WAN Port Models Only)
Page 429: Cabling And Computer Hardware Requirements
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • You can choose a variety of WAN options if the factory default settings are not suitable for your installation. These options include enabling a WAN port to respond to a ping, and setting MTU size, port speed, and upload bandwidth.
Page 430 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • ISP Domain Name Server (DNS) addresses • One ore more fixed IP addresses (also known as static IP addresses) Where Do I Get The Internet Configuration Information? There are several ways you can gather the required Internet connection information. •...
Page 431: Overview Of The Planning Process
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Gateway IP Address: ______.______.______.______ Subnet Mask: ______.______.______.______ • ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following: Primary DNS Server IP Address: ______.______.______.______ Secondary DNS Server IP Address: ______.______.______.______ •...
Page 432 ProSecure Unified Threat Management (UTM) Appliance Reference Manual These various types of traffic and auto-rollover or load balancing all interact to make the planning process more challenging: • Inbound Traffic. Unrequested incoming traffic can be directed to a PC on your LAN rather than being discarded.
Page 433: Inbound Traffic To A Single Wan Port System
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Dual WAN Ports in Load Balancing Mode. Load balancing for an UTM with dual WAN ports is similar to a single WAN gateway configuration when you specify the IP address. Each IP address is either fixed or dynamic based on the ISP: You must use FQDNs when the IP address is dynamic but FQDNs are optional when the IP address is static.
Page 434: Inbound Traffic To A Dual Wan Port System
ProSecure Unified Threat Management (UTM) Appliance Reference Manual In the single WAN case, the WAN’s Internet address is either fixed IP or a FQDN if the IP address is dynamic. Figure B-4 Inbound Traffic to a Dual WAN Port System The IP address range of the UTM’s WAN port must be both fixed and public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.
Page 435: Virtual Private Networks (Vpns
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure B-6 Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN port depends on the configuration being implemented: Table B-2.
Page 436 ProSecure Unified Threat Management (UTM) Appliance Reference Manual For a single WAN gateway configuration, use a FQDN when the IP address is dynamic and either an FQDN or the IP address itself when the IP address is fixed. The situation is different in dual- WAN port gateway configurations.
Page 437: Vpn Road Warrior (Client-To-Gateway
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Road Warrior (Client-to-Gateway) The following situations exemplify the requirements for a remote PC client with no firewall to establish a VPN tunnel with a gateway VPN firewall such as an UTM: •...
Page 438 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure B-10 The IP addresses of the WAN ports can be either fixed or dynamic, but you must always use a FQDN because the active WAN port could be either WAN1 or WAN2 (that is, the IP address of the active WAN port is not known in advance).
Page 439: Vpn Gateway-To-Gateway
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing In a dual-WAN port load balancing gateway configuration, the remote PC initiates the VPN tunnel with the appropriate gateway WAN port (that is, port WAN1 or WAN2 as necessary to balance the loads of the two gateway WAN ports) because the IP address of the active WAN port is not known in advance.
Page 440 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure B-13 The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, you must use a FQDN. If an IP address is fixed, an FQDN is optional. VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability In a configuration with two dual-WAN port VPN gateways that function in auto-rollover mode, either of the gateway WAN ports at one end can initiate the VPN tunnel with the appropriate...
Page 441 ProSecure Unified Threat Management (UTM) Appliance Reference Manual After a rollover of a gateway WAN port, the previously inactive gateway WAN port becomes the active port (port WAN_A2 in Figure B-15) and one of the gateways must re-establish the VPN tunnel.
Page 442: Vpn Telecommuter (Client-To-Gateway Through A Nat Router
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Telecommuter (Client-to-Gateway Through a NAT Router) Note: The telecommuter case presumes the home office has a dynamic IP address and NAT router. The following situations exemplify the requirements for a remote PC client connected to the Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a gateway VPN firewall such as an UTM at the company office: •...
Page 443 ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability In a dual-WAN port auto-rollover gateway configuration, the remote PC client initiates the VPN tunnel with the active gateway WAN port (port WAN1 in Figure B-18) because the IP address of the remote NAT router is not known in advance.
Page 444 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The purpose of the FQDN is to toggle the domain name of the gateway between the IP addresses of the active WAN port that is, WAN1 and WAN2) so that the remote PC client can determine the gateway IP address to establish or re-establish a VPN tunnel.
Page 445: System Logs And Error Messages
Appendix C System Logs and Error Messages This appendix explains provides examples and explanations of system logs and error message. When applicable, a recommended action is provided. This appendix contains the following sections: • “System Log Messages” on page C-2. •...
Page 446: System Log Messages
ProSecure Unified Threat Management (UTM) Appliance Reference Manual System Log Messages This section describes log messages that belong to one of the following categories: • Logs that are generated by traffic that is meant for the UTM. • Logs that are generated by traffic that is routed or forwarded through the UTM. •...
Page 447: Service Logs
Table C-5. System Logs: NTP Message 1 Nov 28 12:31:13 [UTM] [ntpdate] Looking Up time-f.netgear.com Message 2 Nov 28 12:31:13 [UTM] [ntpdate] Requesting time from time-f.netgear.com Message 3 Nov 28 12:31:14 [UTM] [ntpdate] adjust time server 69.25.106.19 offset 0.140254 sec Message 4 Nov 28 12:31:14 [UTM] [ntpdate] Synchronized time with time-f.netgear.com...
Page 448: Login/Logout
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Login/Logout This section describes logs that are generated by the administrative interfaces of the device. Table C-6. System Logs: Login/Logout Message Nov 28 14:45:42 [UTM] [login] Login succeeded: user admin from 192.168.10.10 Explanation Login of user admin from host with IP address 192.168.10.10 Recommended Action...
Page 449: Wan Status
ProSecure Unified Threat Management (UTM) Appliance Reference Manual WAN Status This section describes the logs that are generated by the WAN component. If there are two ISP links for Internet connectivity, the router can be configured either in auto-rollover mode or load balancing mode.
Page 450 ProSecure Unified Threat Management (UTM) Appliance Reference Manual System Logs: WAN Status, Auto Rollover (continued) Explanation The logs suggest that the fail-over was detected after five attempts instead of three. However, the reason the messages appear as above is because of the WAN state transition logic which is part of the failover algorithm.
Page 451 ProSecure Unified Threat Management (UTM) Appliance Reference Manual PPP Logs This section describes the WAN PPP connection logs. The PPP type can be configured through the Web Management Interface (see “Manually Configuring the Internet Connection” on page 3-5). • PPPoE Idle-Timeout Logs Table C-10.
Page 452 ProSecure Unified Threat Management (UTM) Appliance Reference Manual • PPTP Idle-Timeout Logs Table C-11. System Logs: WAN Status, PPTP Idle-Timeout Message 1 Nov 29 11:19:02 [UTM] [pppd] Starting connection Message 2 Nov 29 11:19:05 [UTM] [pppd] CHAP authentication succeeded Message 3 Nov 29 11:19:05 [UTM] [pppd] local IP address 192.168.200.214 Message 4 Nov 29 11:19:05 [UTM] [pppd] remote IP address 192.168.200.1...
Page 453: Traffic Metering Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Traffic Metering Logs This section describes logs that are generated when the traffic meter has reached a limit. Table C-13. System Logs: Traffic Metering Message Jan 23 19:03:44 [TRAFFIC_METER] TRAFFIC_METER: Monthly Limit of 10 MB has reached for WAN1._ Explanation Logs that are generated when the traffic limit for WAN1 interface that was set at...
Page 454: Invalid Packet Logging
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Multicast/Broadcast Logs This section describes logs that are generated when the UTM processes multicast and broadcast packets. Table C-16. System Logs: Multicast/Broadcast Message Jan 1 07:24:13 [UTM] [kernel] MCAST-BCAST IN=WAN OUT=SELF SRC=192.168.1.73 DST=192.168.1.255 PROTO=UDP SPT=138 DPT=138 Explanation •...
Page 455 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table C-17. System Logs: Invalid Packets (continued) Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][BAD_CHECKSUM]DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Explanation Bad checksum. Recommended Action None Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][BAD_HW_CHECKSUM][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=ICMP TYPE=3 CODE=0 Explanation...
Page 456: Content Filtering And Security Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table C-17. System Logs: Invalid Packets (continued) Explanation Error returned from helper routine. Recommended Action None Content Filtering and Security Logs This section describes the log messages that are generated by the content filtering and security mechanisms.
Page 457: Spam Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table C-18. Content Filtering and Security Logs: Web Filtering and Content Filtering Message 2009-08-01 00:00:01 HTTP 192.168.1.3 192.168.35.165 http://192.168.35.165/testcases/files/virus/normal/%b4%f3%d3%da2048.rar Proxy Block Explanation Logs that are generated when Web content is blocked because it uses a proxy. The message shows the date and time, protocol, client IP address, server IP address, URL, reason for the action, and action that is taken.
Page 458: Traffic Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Traffic Logs This section describes logs that are generated when the UTM processes Web and e-mail traffic. Table C-20. Content Filtering and Security Logs: Traffic Message 2009-02-28 23:59:59 HTTP 99 192.168.1.2 192.168.33.8 xlzimap@test.com xlzpop3@test.com [MALWARE INFECTED] Fw: cleanvirus Explanation...
Page 459: Ips Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual IPS Logs This section describes logs that are generated when traffic matches IPS rules. Table C-23. Content Filtering and Security Logs: IPS Message 2008-12-31 23:59:37 drop TCP 192.168.1.2 3496 192.168.35.165 8081 WEB-CGI Trend Micro OfficeScan CGI password decryption buffer overflow attempt Explanation Logs that are generated when traffic matches IPS rules.
Page 460: Routing Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Routing Logs This section explains the logging messages for each network segment such as LAN to WAN for debugging purposes. These logs might generate a significant volume of messages. LAN to WAN Logs This section describes logs that are generated when the UTM processes LAN to WAN traffic.
Page 461: Wan To Lan Logs
ProSecure Unified Threat Management (UTM) Appliance Reference Manual WAN to LAN Logs This section describes logs that are generated when the UTM processes WAN to LAN traffic. Table C-29. Routing Logs: WAN to LAN Message Nov 29 10:05:15 [UTM] [kernel] WAN2LAN[ACCEPT] IN=WAN OUT=LAN SRC=192.168.1.214 DST=192.168.10.10 PROTO=ICMP TYPE=8 CODE=0 Explanation •...
Page 462 ProSecure Unified Threat Management (UTM) Appliance Reference Manual C-18 System Logs and Error Messages v1.0, January 2010...
Page 463: Two Factor Authentication
NETGEAR has also recognized the need to provide more than just a firewall to protect the networks. As part the new maintenance firmware release, NETGEAR has...
Page 464: What Is Two-Factor Authentication
NETGEAR Two-Factor Authentication Solutions NETGEAR has implemented 2 Two-Factor Authentication solutions from WiKID. WiKID is the software-based token solution. So instead of using only Windows Active Directory or LDAP as the authentication server, administrators now have the option to use WiKID to perform Two-Factor Authentication on NETGEAR SSL and VPN firewall products.
Page 465 ProSecure Unified Threat Management (UTM) Appliance Reference Manual The request-response architecture is capable of self-service initialization by end-users, dramatically reducing implementation and maintenance costs. Here is an example of how WiKID works. 1. The user launches the WiKID token software, enter the PIN that has been given to them (something they know) and then press “continue”...
Page 466 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: The one-time passcode is time synchronized to the authentication server so that the OTP can only be used once and must be used before the expiration time. If a user does not use this passcode before it is expired, the user must go through the request process again to generate a new OTP.
Page 467: Appendix E Related Documents
Appendix E Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link TCP/IP Networking Basics http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Networking Basics http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing Your Network http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
Page 468 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Related Documents v1.0, January 2010...
Page 469: Index
Index Numerics application (services) protection 6-19, 6-21 Application Level Gateway. See ALG. 10BaseT, 100BaseT, and 1000BaseT 3-23 ARP requests 4-12 arrow (Web Management Interface) attached devices 7-40 monitoring with SNMP 10-14 AC input 1-12 viewing 11-29 access, remote management 10-12 attacks alerts 11-10...
Page 470 ProSecure Unified Threat Management (UTM) Appliance Reference Manual backing up, configuration file 10-16 7-31 bandwidth capacity cache control, SSL VPN 8-5, 8-21 auto-rollover mode 10-2 card, service registration 10-1 categories, Web content 2-22 load balancing mode 10-1 category 5 cable single WAN port mode 10-2 10-1...
Page 471 ProSecure Unified Threat Management (UTM) Appliance Reference Manual managing 10-15 configuration, restoring 12-9 restoring 10-17 content filtering settings reverting to defaults 10-18 factory 10-18, 12-9 IPsec VPN Wizard configuration menu (Web Management Interface) login time-out connection 3-23 requirements password 2-3, 12-9 speed and type, WAN 3-24 PVID...
Page 472 ProSecure Unified Threat Management (UTM) Appliance Reference Manual duplex, half and full 3-23 DHCP Dynamic DNS. See DDNS. address pool 4-20 Dynamic Host Configuration Protocol. See DHCP. DNS servers 4-21 DynDNS.org 3-19, 3-21 domain name 4-20 LDAP server 4-21 lease time 4-21 relay 4-21...
Page 473 ProSecure Unified Threat Management (UTM) Appliance Reference Manual front panel LEDs 1-11 factory default settings ports 1-10 reverting to 10-18 service licenses, automatic retrieval 2-28 action, infected Web file or object 2-20, 6-40 failover attempts audio and video files, filtering 6-41 DNS lookup 3-13...
Page 474 ProSecure Unified Threat Management (UTM) Appliance Reference Manual HTTP increasing traffic action, infected Web file or object 2-20, 6-22 DMZ port 10-7 default port 2-17, 6-20 exposed hosts 10-8 enabling scanning 2-17, 6-20 overview 10-5 proxy, for HTTPS scanning 6-34, 6-37 port forwarding 5-7, 10-6 proxy, signatures &...
Page 475 ProSecure Unified Threat Management (UTM) Appliance Reference Manual IP header 5-37 bandwidth capacity 10-1 configuration IP precedence 5-37 default settings IP security. See IPsec. groups 4-16 IP/MAC binding 5-44 assigning 4-14 managing 4-12 hosts, managing 4-12 alerts 11-10 Known PCs and Devices table 4-14, 4-15 attacks LEDs...
Page 476 5 and top 5 11-18 firewall, use with management default settings mapping, one-to-one 3-10, 5-23 maximum transmission unit. See MTU. NetBIOS, VPN tunnels 7-35, 7-59 NETGEAR registration server IKE polices 7-29 network ModeConfig 7-46 configuration requirements RIP-2 4-26 database...
Page 477 ProSecure Unified Threat Management (UTM) Appliance Reference Manual planning, dual WAN ports (dual-WAN port models) package contents, UTM protocols, supported resources, SSL VPN 8-28 packets, accepted and dropped 11-14 statistics report, diagnostics 11-47 PAP. See also RADIUS-PAP, MIAS-PAP, or WiKID- traffic statistics 11-16 PAP.
Page 478 ProSecure Unified Threat Management (UTM) Appliance Reference Manual IPsec VPN Post Office Protocol 3. See POP3. automatically generated (auto) 7-31 power groups, configuring receptacle 1-12 managing 7-22 specifications, adapter manually generated (manual) 7-31 Power LED 1-11, 12-2 SSL VPN PPP connection managing 8-31 settings...
Page 479 10-2 tracing 11-45 source MAC filtering 10-5 Routing Information Protocol. See RIP. reference documents routing log messages C-16 registering with NETGEAR 2-26 RSA signatures 7-29 registration information rules regulatory compliance See inbound rules, See outbound rules Web access exceptions 6-41...
Page 480 ProSecure Unified Threat Management (UTM) Appliance Reference Manual scan engine firmware 10-21 ModeConfig 7-46 self certificate requests 9-23 scan exceptions VPN policies 7-37 e-mail message size 2-19 Web file or object size 2-20 shutting down 11-48 scan signatures 10-21 signature key length 9-23 scanning signatures &...
Page 481 IP address range and routes, using SSL VPN submenu tabs (Web Management Interface) Wizard support, online 12-10 client routes 8-27 suspicious files, sending to NETGEAR 12-11 domain name domain settings, using SSL VPN Wizard SYN flood 5-28 domains, groups, and users...
Page 482 ProSecure Unified Threat Management (UTM) Appliance Reference Manual tabs, submenu (Web Management Interface) ISP connection 12-5 LEDs 12-2, 12-3 TCP flood, blocking 5-28 12-10 TCP time-out 5-31 remote management 10-13 TCP/IP remotely 12-10 network, troubleshooting 12-7 testing your setup 12-8 settings time-out error 12-4...
Page 483 ProSecure Unified Threat Management (UTM) Appliance Reference Manual examples gateway-to-gateway, dual WAN ports, auto- videoconferencing rollover B-14 DMZ port 4-18 gateway-to-gateway, dual WAN ports, load from restricted address 5-22 balancing B-15 virtual LAN. See VLAN. gateway-to-gateway, single WAN port mode B-13 Road Warrior, dual WAN mode, auto-rollover B-11...
Page 484 ProSecure Unified Threat Management (UTM) Appliance Reference Manual Web protection. See HTTP, See HTTPS, See FTP. whitelist e-mails 6-12 aliases 3-17 URLs 6-32 auto-rollover mode (dual-WAN port models) WiKID configuring 3-11 authentication, overview DDNS 3-19 description description WiKID-CHAP 8-6, 9-5 settings 3-12 WiKID-PAP...

This manual is also suitable for:

Prosecure

NETGEAR UTM5EW-100NAS Appliance Reference Manual

About this Manual

Chapter 1 Introduction

Chapter 2 Using the Setup Wizard to Provision the UTM in Your Network

Chapter 3 Manually Configuring Internet and WAN Settings

Chapter 4 LAN Configuration

Chapter 5 Firewall Protection

Chapter 6 Content Filtering and Optimizing Scans

Chapter 7 Virtual Private Networking Using Ipsec Connections

Chapter 8 Virtual Private Networking Using SSL Connections

Chapter 9 Managing Users, Authentication, and Certificates

Chapter 10 Network and System Management

Chapter 11 Monitoring System Access and Performance

Chapter 12 Troubleshooting and Using Online Support

Appendix A

Default Settings and Technical Specifications

Appendix B

Network Planning for Dual WAN Ports

(Dual-WAN Port Models Only)

Appendix C System Logs and Error Messages

Appendix D Two Factor Authentication

Appendix E Related Documents

Index

Quick Links

Troubleshooting

Related Manuals for NETGEAR UTM5EW-100NAS

Summary of Contents for NETGEAR UTM5EW-100NAS