Section |
Page |
ProSecure Unified Threat Management (UTM) Appliance |
1 |
Contents |
5 |
1. Introduction |
15 |
What Is the ProSecure Unified Threat Management (UTM) Appliance? |
15 |
Key Features and Capabilities |
16 |
Multiple WAN Port Models for Increased Reliability or Outbound Load Balancing |
17 |
Wireless Features |
18 |
DSL Features |
18 |
Advanced VPN Support for Both IPSec and SSL |
18 |
A Powerful, True Firewall |
19 |
Stream Scanning for Content Filtering |
19 |
Security Features |
20 |
Autosensing Ethernet Connections with Auto Uplink |
20 |
Extensive Protocol Support |
21 |
Easy Installation and Management |
21 |
Maintenance and Support |
22 |
Model Comparison |
22 |
Service Registration Card with License Keys |
23 |
Package Contents |
24 |
Hardware Features |
24 |
Front Panel UTM5 and UTM10 |
25 |
Front Panel UTM25 |
26 |
Front Panel UTM50 |
26 |
Front Panel UTM150 |
27 |
Front Panel UTM9S and UTM25S and Network Modules |
28 |
LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 |
30 |
LED Descriptions, UTM9S, UTM25S, and their Network Modules |
32 |
Rear Panel UTM5, UTM10, and UTM25 |
33 |
Rear Panel UTM50 and UTM150 |
34 |
Rear Panel UTM9S and UTM25S |
35 |
Bottom Panels with Product Labels |
36 |
Choose a Location for the UTM |
39 |
Use the Rack-Mounting Kit |
40 |
2. Use the Setup Wizard to Provision the UTM in Your Network |
41 |
Steps for Initial Connection |
41 |
Qualified Web Browsers |
42 |
Requirements for Entering IP Addresses |
42 |
Log In to the UTM |
42 |
Web Management Interface Menu Layout |
44 |
Use the Setup Wizard to Perform the Initial Configuration |
47 |
Setup Wizard Step 1 of 10: LAN Settings |
48 |
Setup Wizard Step 2 of 10: WAN Settings |
51 |
Setup Wizard Step 3 of 10: System Date and Time |
54 |
Setup Wizard Step 4 of 10: Services |
55 |
Setup Wizard Step 5 of 10: Email Security |
57 |
Setup Wizard Step 6 of 10: Web Security |
58 |
Setup Wizard Step 7 of 10: Web Categories to Be Blocked |
60 |
Setup Wizard Step 8 of 10: Email Notification |
62 |
Setup Wizard Step 9 of 10: Signatures & Engine |
63 |
Setup Wizard Step 10 of 10: Saving the Configuration |
64 |
Register the UTM with NETGEAR |
65 |
Use the Web Management Interface to Activate Licenses |
65 |
Electronic Licensing |
67 |
Automatic Retrieval of Licenses after a Factory Default Reset |
67 |
Verify Correct Installation |
68 |
Test Connectivity |
68 |
Test HTTP Scanning |
68 |
What to Do Next |
68 |
3. Manually Configure Internet and WAN Settings |
70 |
Internet and WAN Configuration Tasks |
71 |
Automatically Detecting and Connecting the Internet Connections |
71 |
Manually Configure the Internet Connection |
75 |
Configure the WAN Mode |
80 |
Overview of the WAN Modes |
80 |
Configure Network Address Translation (All Models) |
81 |
Configure Classical Routing (All Models) |
82 |
Configure Auto-Rollover Mode and the Failure Detection Method (Multiple WAN Port Models) |
82 |
Configure Load Balancing and Optional Protocol Binding (Multiple WAN Port Models) |
85 |
Configure Secondary WAN Addresses |
89 |
Configure Dynamic DNS |
91 |
Set the UTM’s MAC Address and Configure Advanced WAN Options |
94 |
Additional WAN-Related Configuration Tasks |
97 |
4. LAN Configuration |
98 |
Manage Virtual LANs and DHCP Options |
98 |
Port-Based VLANs |
99 |
Assign and Manage VLAN Profiles |
100 |
VLAN DHCP Options |
101 |
Configure a VLAN Profile |
103 |
Configure VLAN MAC Addresses and Advanced LAN Settings |
108 |
Configure Multihome LAN IP Addresses on the Default VLAN |
109 |
Manage Groups and Hosts (LAN Groups) |
111 |
Manage the Network Database |
112 |
Change Group Names in the Network Database |
115 |
Set Up Address Reservation |
116 |
Configure and Enable the DMZ Port |
117 |
Manage Routing |
121 |
Configure Static Routes |
121 |
Configure Routing Information Protocol |
123 |
Static Route Example |
126 |
5. Firewall Protection |
127 |
About Firewall Protection |
127 |
Administrator Tips |
128 |
Overview of Rules to Block or Allow Specific Kinds of Traffic |
128 |
Outbound Rules (Service Blocking) |
129 |
Inbound Rules (Port Forwarding) |
133 |
Order of Precedence for Rules |
138 |
Configure LAN WAN Rules |
139 |
Create LAN WAN Outbound Service Rules |
140 |
Create LAN WAN Inbound Service Rules |
141 |
Configure DMZ WAN Rules |
142 |
Create DMZ WAN Outbound Service Rules |
144 |
Create DMZ WAN Inbound Service Rules |
144 |
Configure LAN DMZ Rules |
145 |
Create LAN DMZ Outbound Service Rules |
147 |
Create LAN DMZ Inbound Service Rules |
147 |
Examples of Firewall Rules |
148 |
Inbound Rule Examples |
148 |
Outbound Rule Example |
153 |
Configure Other Firewall Features |
154 |
VLAN Rules |
154 |
Attack Checks, VPN Pass-through, and Multicast Pass-through |
157 |
Set Session Limits |
160 |
Manage the Application Level Gateway for SIP Sessions and VPN Scanning |
161 |
Create Services, QoS Profiles, Bandwidth Profiles, and Traffic Meter Profiles |
162 |
Add Customized Services |
163 |
Create Service Groups |
165 |
Create IP Groups |
167 |
Create Quality of Service Profiles |
169 |
Create Bandwidth Profiles |
171 |
Create Traffic Meter Profiles |
174 |
Set a Schedule to Block or Allow Specific Traffic |
177 |
Enable Source MAC Filtering |
179 |
Set Up IP/MAC Bindings |
181 |
Configure Port Triggering |
183 |
Configure Universal Plug and Play |
186 |
Enable and Configure the Intrusion Prevention System |
187 |
6. Content Filtering and Optimizing Scans |
192 |
About Content Filtering and Scans |
192 |
Default Email and Web Scan Settings |
193 |
Configure Email Protection |
194 |
Customize Email Protocol Scan Settings |
194 |
Customize Email Antivirus and Notification Settings |
196 |
Email Content Filtering |
199 |
Protect Against Email Spam |
202 |
Configure Web and Services Protection |
210 |
Customize Web Protocol Scan Settings |
210 |
Configure HTTPS Smart Block |
212 |
Configure Web Malware or Antivirus Scans |
216 |
Configure Web Content Filtering |
218 |
Configure Web URL Filtering |
224 |
Configure HTTPS Scanning and SSL Certificates |
228 |
How HTTPS Scanning Works |
228 |
Configure the HTTPS Scan Settings |
230 |
Manage SSL Certificates for HTTPS Scanning |
231 |
Specify Trusted Hosts for HTTPS Scanning |
235 |
Configure the SSL Settings for HTTPS Scanning |
237 |
Configure FTP Scanning |
238 |
Customize FTP Antivirus Settings |
238 |
Configure FTP Content Filtering |
239 |
Configure Application Control |
240 |
Set Exception Rules for Web and Application Access |
248 |
Create Custom Categories for Exceptions for Web and Application Access |
258 |
Set Scanning Exclusions for IP Addresses and Ports |
262 |
7. Virtual Private Networking Using IPSec, PPTP, or L2TP Connections |
264 |
Considerations for Dual WAN Port Systems (Multiple WAN Port Models Only) |
264 |
Use the IPSec VPN Wizard for Client and Gateway Configurations |
266 |
Create Gateway-to-Gateway VPN Tunnels with the Wizard |
266 |
Create a Client-to-Gateway VPN Tunnel |
271 |
Test the Connection and View Connection and Status Information |
287 |
Test the NETGEAR VPN Client Connection |
287 |
NETGEAR VPN Client Status and Log Information |
289 |
View the UTM IPSec VPN Connection Status |
289 |
View the UTM IPSec VPN Log |
290 |
Manage IPSec VPN and IKE Policies |
291 |
Manage IKE Policies |
292 |
Manage VPN Policies |
300 |
Configure Extended Authentication (XAUTH) |
308 |
Configure XAUTH for VPN Clients |
309 |
User Database Configuration |
310 |
RADIUS Client and Server Configuration |
310 |
Assign IP Addresses to Remote Users (Mode Config) |
312 |
Mode Config Operation |
312 |
Configure Mode Config Operation on the UTM |
312 |
Configure the ProSafe VPN Client for Mode Config Operation |
319 |
Test the Mode Config Connection |
326 |
Modify or Delete a Mode Config Record |
327 |
Configure Keep-Alives and Dead Peer Detection |
328 |
Configure Keep-Alives |
328 |
Configure Dead Peer Detection |
329 |
Configure NetBIOS Bridging with IPSec VPN |
330 |
Configure the PPTP Server |
331 |
View the Active PPTP Users |
333 |
Configure the L2TP Server |
334 |
View the Active L2TP Users |
336 |
For More IPSec VPN Information |
336 |
8. Virtual Private Networking Using SSL Connections |
337 |
SSL VPN Portal Options |
337 |
Build a Portal Using the SSL VPN Wizard |
338 |
SSL VPN Wizard Step 1 of 6 (Portal Settings) |
339 |
SSL VPN Wizard Step 2 of 6 (Domain Settings) |
342 |
SSL VPN Wizard Step 3 of 6 (User Settings) |
347 |
SSL VPN Wizard Step 4 of 6 (Client IP Addresses and Routes) |
348 |
SSL VPN Wizard Step 5 of 6 (Port Forwarding) |
350 |
SSL VPN Wizard Step 6 of 6 (Verify and Save Your Settings) |
351 |
Access the New SSL VPN Portal |
353 |
View the UTM SSL VPN Connection Status |
356 |
View the UTM SSL VPN Log |
357 |
Manually Configure and Modify SSL Portals |
357 |
Manually Create or Modify the Portal Layout |
359 |
Configure Domains, Groups, and Users |
362 |
Configure Applications for Port Forwarding |
363 |
Configure the SSL VPN Client |
365 |
Use Network Resource Objects to Simplify Policies |
369 |
Configure User, Group, and Global Policies |
371 |
For More SSL VPN Information |
377 |
9. Manage Users, Authentication, and VPN Certificates |
378 |
Authentication Process and Options |
378 |
Configure Authentication Domains, Groups, and Users |
380 |
Login Portals |
380 |
Active Directories and LDAP Configurations |
384 |
Configure Domains |
388 |
Configure Groups |
394 |
Configure Custom Groups |
397 |
Configure User Accounts |
401 |
Set User Login Policies |
404 |
Change Passwords and Other User Settings |
408 |
DC Agent |
409 |
Configure RADIUS VLANs |
415 |
Configure Global User Settings |
416 |
View and Log Out Active Users |
417 |
Manage Digital Certificates for VPN Connections |
419 |
VPN Certificates Screen |
420 |
Manage CA Certificates |
421 |
Manage Self-Signed Certificates |
422 |
Manage the Certificate Revocation List |
426 |
10. Network and System Management |
428 |
Performance Management |
428 |
Bandwidth Capacity |
428 |
Features That Reduce Traffic |
429 |
Features That Increase Traffic |
432 |
Use QoS and Bandwidth Assignments to Shift the Traffic Mix |
435 |
Monitoring Tools for Traffic Management |
436 |
System Management |
436 |
Change Passwords and Administrator and Guest Settings |
436 |
Configure Remote Management Access |
438 |
Use a Simple Network Management Protocol Manager |
440 |
Manage the Configuration File |
445 |
Update the Firmware |
448 |
Update the Scan Signatures and Scan Engine Firmware |
454 |
Configure Date and Time Service |
456 |
Connect to a ReadyNAS and Configure Quarantine Settings |
458 |
Log Storage |
459 |
Connect to a ReadyNAS |
459 |
Configure the Quarantine Settings |
460 |
11. Monitor System Access and Performance |
462 |
Enable the WAN Traffic Meter |
462 |
Configure Logging, Alerts, and Event Notifications |
466 |
Configure the Email Notification Server |
466 |
Configure and Activate System, Email, and Syslog Logs |
467 |
How to Send Syslogs over a VPN Tunnel between Sites |
471 |
Configure and Activate Update Failure and Attack Alerts |
473 |
Configure and Activate Firewall Logs |
476 |
Monitor Real-Time Traffic, Security, and Statistics |
477 |
Monitor Application Use in Real Time |
483 |
View Status Screens |
486 |
View the System Status |
486 |
View the Active VPN Users |
499 |
View the VPN Tunnel Connection Status |
500 |
View the Active PPTP and L2TP Users |
501 |
View the Port Triggering Status |
502 |
View the WAN, xDSL, or USB Port Status |
504 |
View Attached Devices and the DHCP Leases |
505 |
Query and Manage the Logs |
507 |
Overview of the Logs |
508 |
Query and Download Logs |
509 |
Example: Use the Logs to Identify Infected Clients |
513 |
Log Management |
514 |
Query and Manage the Quarantine Logs |
514 |
Query the Quarantined Logs |
515 |
View and Manage the Quarantined Spam Table |
517 |
View and Manage the Quarantined Infected Files Table |
518 |
Spam Reports for End Users |
519 |
View, Schedule, and Generate Reports |
520 |
Enable Application Session Monitoring |
521 |
Report Filtering Options |
522 |
Use Report Templates and View Reports Onscreen |
524 |
Schedule, Email, and Manage Reports |
529 |
Use Diagnostics Utilities |
531 |
Use the Network Diagnostic Tools |
532 |
Use the Real-Time Traffic Diagnostics Tool |
533 |
Gather Important Log Information and Generate a Network Statistics Report |
534 |
Perform Maintenance on the USB Device, Reboot the UTM, or Shut Down the UTM |
536 |
12. Troubleshoot and Use Online Support |
538 |
Basic Functioning |
539 |
Verify the Correct Sequence of Events at Startup |
539 |
Power LED Not On |
539 |
Test LED Never Turns Off |
539 |
LAN or WAN Port LEDs Not On |
540 |
Troubleshoot the Web Management Interface |
540 |
When You Enter a URL or IP Address, a Time-Out Error Occurs |
541 |
Troubleshoot the ISP Connection |
541 |
Troubleshoot a TCP/IP Network Using a Ping Utility |
543 |
Test the LAN Path to Your UTM |
543 |
Test the Path from Your Computer to a Remote Device |
544 |
Restore the Default Configuration and Password |
545 |
Problems with Date and Time |
546 |
Use Online Support |
546 |
Enable Remote Troubleshooting |
546 |
Send Suspicious Files to NETGEAR for Analysis |
547 |
Access the Knowledge Base and Documentation |
548 |
A. xDSL Network Module for the UTM9S and UTM25S |
549 |
xDSL Network Module Configuration Tasks |
550 |
Configure the xDSL Settings |
550 |
Automatically Detecting and Connecting the xDSL Internet Connection |
553 |
Manually Configure the xDSL Internet Connection |
556 |
Configure the WAN Mode |
561 |
Overview of the WAN Modes |
561 |
Configure Network Address Translation |
562 |
Configure Classical Routing |
563 |
Configure Auto-Rollover Mode and the Failure Detection Method |
563 |
Configure Load Balancing and Optional Protocol Binding |
566 |
Configure Secondary WAN Addresses |
570 |
Configure Dynamic DNS |
572 |
Set the UTM’s MAC Address and Configure Advanced WAN Options |
574 |
Additional WAN-Related Configuration Tasks |
577 |
B. Wireless Network Module for the UTM9S and UTM25S |
578 |
Overview of the Wireless Network Module |
579 |
Configuration Order |
579 |
Wireless Equipment Placement and Range Guidelines |
579 |
Configure the Basic Radio Settings |
580 |
Operating Frequency (Channel) Guidelines |
583 |
Wireless Data Security Options |
584 |
Wireless Security Profiles |
585 |
Before You Change the SSID, WEP, and WPA Settings |
587 |
Configure and Enable Wireless Profiles |
588 |
Restrict Wireless Access by MAC Address |
593 |
View the Access Point Status and Connected Clients for a Wireless Profile |
595 |
Configure a Wireless Distribution System |
596 |
Configure Advanced Radio Settings |
598 |
Configure WMM QoS Priority Settings |
600 |
Test Basic Wireless Connectivity |
602 |
For More Information About Wireless Configurations |
602 |
C. 3G/4G Dongles for the UTM9S and UTM25S |
603 |
3G/4G Dongle Configuration Tasks |
603 |
Manually Configure the USB Internet Connection |
604 |
Configure the 3G/4G Settings |
608 |
Configure the WAN Mode |
610 |
Overview of the WAN Modes |
611 |
Configure Network Address Translation |
612 |
Configure Classical Routing |
613 |
Configure Load Balancing and Optional Protocol Binding |
614 |
Configure Dynamic DNS |
618 |
Additional WAN-Related Configuration Tasks |
621 |
D. Network Planning for Dual WAN Ports (Multiple WAN Port Models Only) |
622 |
What to Consider Before You Begin |
622 |
Plan Your Network and Network Management and Set Up Accounts |
622 |
Cabling and Computer Hardware Requirements |
624 |
Computer Network Configuration Requirements |
624 |
Internet Configuration Requirements |
624 |
Overview of the Planning Process |
626 |
Inbound Traffic |
627 |
Inbound Traffic to a Single WAN Port System |
628 |
Inbound Traffic to a Dual WAN Port System |
628 |
Virtual Private Networks |
629 |
VPN Road Warrior (Client-to-Gateway) |
630 |
VPN Gateway-to-Gateway |
633 |
VPN Telecommuter (Client-to-Gateway through a NAT Router) |
635 |
E. ReadyNAS Integration |
638 |
Supported ReadyNAS Models |
638 |
Install the UTM Add-On on the ReadyNAS |
639 |
Connect to the ReadyNAS on the UTM |
641 |
F. Two-Factor Authentication |
644 |
Why Do I Need Two-Factor Authentication? |
644 |
What Are the Benefits of Two-Factor Authentication? |
644 |
What Is Two-Factor Authentication? |
645 |
NETGEAR Two-Factor Authentication Solutions |
645 |
G. System Logs and Error Messages |
648 |
System Log Messages |
649 |
System Startup |
649 |
Reboot |
649 |
NTP |
650 |
Login/Logout |
650 |
Firewall Restart |
651 |
IPSec Restart |
651 |
WAN Status |
651 |
Traffic Metering Logs |
655 |
Unicast, Multicast, and Broadcast Logs |
655 |
Invalid Packet Logging |
656 |
Service Logs |
658 |
Content-Filtering and Security Logs |
658 |
Web Filtering and Content-Filtering Logs |
659 |
Spam Logs |
660 |
Traffic Logs |
661 |
Malware Logs |
661 |
Email Filter Logs |
661 |
IPS Logs |
662 |
Anomaly Behavior Logs |
662 |
Application Logs |
663 |
Routing Logs |
663 |
LAN-to-WAN Logs |
663 |
LAN-to-DMZ Logs |
664 |
DMZ-to-WAN Logs |
664 |
WAN-to-LAN Logs |
664 |
DMZ-to-LAN Logs |
665 |
WAN-to-DMZ Logs |
665 |
H. Default Settings and Technical Specifications |
666 |
Default Settings |
666 |
Physical and Technical Specifications |
673 |
I. Notification of Compliance (Wired) |
677 |
J. Notification of Compliance (Wireless) |
681 |