Manual NETGEAR STM150EW-100NAS

704 pages 32.52 mb

Download

Go to site of 704

Prev Next

Summary

NETGEAR STM150EW-100NAS - page 1

350 East Plumeria Drive San Jose, CA 95134 USA October 2012 202-10780-03 v1.0 Pr oSec ur e Unif i ed T hr eat M anagement (UTM) App l ia nc e Refe re n c e M a n ua l ...
NETGEAR STM150EW-100NAS - page 2

2 ProSecure Unified Thr eat Management (UTM) Appliance Support Thank you for choosing NETGEAR. After installing your device, locate the serial number on the labe l of your product and use it to register your product at https://my .n etgear . com . Y ou must register your product befor e you can use NETGEAR telephone support. NETGEAR recommends regi ...
NETGEAR STM150EW-100NAS - page 3

3 ProSecure Unified Threat Management (UTM) Appliance 202-10780-03 (continued) 1.0 (continued) October 20 12 (continued) (continued) • Added Appendix C, 3G/4G Don gles for the UTM9S and UTM25S . • Added many more default value s to Appendix H, Default Settings and T echnica l Specifications . 202-10780-02 2.0 May 2012 • Updated the ma in navi ...
NETGEAR STM150EW-100NAS - page 4

4 ProSecure Unified Thr eat Management (UTM) Appliance 202-10780-01 1.0 September 201 1 • A dded the UTM9S with the following maj or new features: - xDSL module (see Chapte r 1, Introduction and Chap ter 3, Manually Configure Interne t and WAN Settings ) - Wireless module (see Chapter 1, Introduction and Appendix B, Wireless Network Module for th ...
NETGEAR STM150EW-100NAS - page 5

5 Contents Chapter 1 Introduction What Is the ProSecure Un ified Threat Managem ent (UTM) Appliance? . . 15 Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Multiple WAN Port Models for Increased Reliability or Outbound Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
NETGEAR STM150EW-100NAS - page 6

6 ProSecure Unified Thr eat Management (UTM) Appliance Web Management Interf ace Menu Layout . . . . . . . . . . . . . . . . . . . . . . . . . 44 Use the Setup Wizard to Perf orm the Initial Conf iguration . . . . . . . . . . . . . 47 Setup Wizard Step 1 of 10: LAN Settings. . . . . . . . . . . . . . . . . . . . . . . . 48 Setup Wizard Step 2 of 10 ...
NETGEAR STM150EW-100NAS - page 7

7 ProSecure Unified Th reat Management (UTM) Ap pliance Manage the Network Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 12 Change Group Names in the Network Dat abase . . . . . . . . . . . . . . . . . 115 Set Up Address Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Configure and Enable the ...
NETGEAR STM150EW-100NAS - page 8

8 ProSecure Unified Thr eat Management (UTM) Appliance Chapter 6 Content Filterin g and Optimizing Scans About Content Filtering and Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Default Email and Web Scan Sett ings . . . . . . . . . . . . . . . . . . . . . . . . . 193 Configure Email Protection . . . . . . . . . . . . . . . ...
NETGEAR STM150EW-100NAS - page 9

9 ProSecure Unified Th reat Management (UTM) Ap pliance RADIUS Client and Server C onfiguration . . . . . . . . . . . . . . . . . . . . . . . 310 Assign IP Addresses to Remote Users (Mode Config) . . . . . . . . . . . . . . . 3 12 Mode Config Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 12 Configure Mode Conf ...
NETGEAR STM150EW-100NAS - page 10

10 ProSecure Unified Thr eat Management (UTM) Appliance Configure User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 01 Set User Login Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 04 Change Passwords and Other User Settings . . . . . . . . . . . . . . . . . . . . 408 DC Agent ...
NETGEAR STM150EW-100NAS - page 11

11 ProSecure Unified Th reat Management (UTM) Ap pliance View the Active PPTP and L2TP Users . . . . . . . . . . . . . . . . . . . . . . . . 501 View the Port Triggering Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 02 View the WAN, xDSL, or USB Port Status . . . . . . . . . . . . . . . . . . . . . . 504 View Attached Devices ...
NETGEAR STM150EW-100NAS - page 12

12 ProSecure Unified Thr eat Management (UTM) Appliance Appendix A xDSL Network Modu le for the UTM9S and UTM25S xDSL Network Module Co nfiguration Tasks . . . . . . . . . . . . . . . . . . . . . . . 550 Configure the xDSL Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550 Automatically Detecting and Connecting the xDS ...
NETGEAR STM150EW-100NAS - page 13

13 ProSecure Unified Th reat Management (UTM) Ap pliance Appendix D Network Planning for Dual WAN Ports (Multiple WAN Port Models Only) What to Consider Before You B egin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622 Plan Your Network and Network Mana gement and Set Up Accounts . 622 Cabling and Computer Hardwa re Requirements . . . ...
NETGEAR STM150EW-100NAS - page 14

14 ProSecure Unified Thr eat Management (UTM) Appliance Email Filter Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661 IPS Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662 Anomaly Behavior Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
NETGEAR STM150EW-100NAS - page 15

15 1 1. Intr oduc tio n This chapter provides an overview of the featur es and capabilities o f the NETGEAR ProSecure® Unified Threat Management (UTM) Appliance . Thi s chapter contain s the following sections: • What Is the ProSecure Unified Threat Management (UTM) Appliance? • Key Features and Cap abilities • Service Registration Card with ...
NETGEAR STM150EW-100NAS - page 16

Introduction 16 ProSecure Unified Thr eat Management (UTM) Appliance carry session traf fic, or to maintain a backup conn ection in case of failure of your primar y Internet connection. As a complete security solution, t he UTM combines a powerful, flexible firewall with a conten t scan engine that uses NETGEAR S tream Scanning technology to prote ...
NETGEAR STM150EW-100NAS - page 17

Introduction 17 ProSecure Unified Thr eat Management (UTM) Appliance • Depending on the model, bundled with a one -u ser license of the NETGEAR ProSafe VPN Client software (VPN01L). • Advanced stateful p acket inspection (SPI) firewall with multi-NA T support. • Patent-pending S trea m Scanning technology that enables scanning of real-time pr ...
NETGEAR STM150EW-100NAS - page 18

Introduction 18 ProSecure Unified Thr eat Management (UTM) Appliance Wireless Features Wireless client connections are support ed on the UTM9S and UTM25S with an NMWLSN wireless network module installed. T he UT M9S and UTM25S support the following wirele ss features: • 2.4-GHz radio and 5-GHz radio . Either 2.4-GHz band support with 802.1 1b/g/n ...
NETGEAR STM150EW-100NAS - page 19

Introduction 19 ProSecure Unified Thr eat Management (UTM) Appliance • SSL VPN provides remote access for mobile users to selected corporate re sources without requiring a preinst alled VPN client on their computers. - Uses the familiar Secure Sockets L a yer (SSL) protocol, commonly used for e-commerce transactions, to provide clie nt-free acces ...
NETGEAR STM150EW-100NAS - page 20

Introduction 20 ProSecure Unified Thr eat Management (UTM) Appliance analysis to stop both known and un known threats. T he malware database contains hundreds of thousands of sign atures of spyware, viruses, and other malware. • Objectionable traffic protection . Th e UTM prevents objectionable content from reaching your computers. Y ou can contr ...
NETGEAR STM150EW-100NAS - page 21

Introduction 21 ProSecure Unified Thr eat Management (UTM) Appliance Extensive P rotocol Support The UTM support s the T ransmission Control Pr otocol/Internet Proto col (TCP/IP) and Routing Information Protocol (RIP). For f urther information about TCP/IP , see Internet Configuration Requirements o n page 624. The UTM provides the following protoc ...
NETGEAR STM150EW-100NAS - page 22

Introduction 22 ProSecure Unified Thr eat Management (UTM) Appliance • SNMP . The UTM supports the Simple Network Man agement Protocol (SNMP) to let you monitor and manage log resources from an SNMP-compliant system manager . The SNMP system configuration let s you change the system variables for MIB2. • Diagnostic functions . The UTM in corpor ...
NETGEAR STM150EW-100NAS - page 23

Introduction 23 ProSecure Unified Thr eat Management (UTM) Appliance Service R egistration Card with License Keys Be sure to store the license key ca rd that came with your UTM (see a sample ca rd in the following figure) in a secure location. If you do not use electronic licensing (see Electro nic Licensing on p age 67), you need these service lic ...
NETGEAR STM150EW-100NAS - page 24

Introduction 24 ProSecure Unified Thr eat Management (UTM) Appliance Note: When you reset the UTM to the original factory defa ult settings af ter you have entered t he license keys to activate the UTM (see Register the UTM with NETGEAR on page 65), the license keys are erased. The license keys and the dif ferent types of licenses that are availabl ...
NETGEAR STM150EW-100NAS - page 25

Introduction 25 ProSecure Unified Thr eat Management (UTM) Appliance • Rear Panel UTM50 and UTM1 50 • Rear Panel UTM9S and UTM25S • Bottom Panels with Product Labels The front pan els contain ports and LEDs; the r ear panels contain port s, connectors, and other components; and t he bottom pane ls cont ain product labels. F ront P anel UTM5 a ...
NETGEAR STM150EW-100NAS - page 26

Introduction 26 ProSecure Unified Thr eat Management (UTM) Appliance F ront P anel UTM25 Viewed from lef t to right, the UTM25 front panel cont ains the following ports: • One nonfunctioning USB port. Th is port is included for future managemen t enhancements. The port is currently not operable on the UTM. • LAN Ethernet ports. F our switched N ...
NETGEAR STM150EW-100NAS - page 27

Introduction 27 ProSecure Unified Thr eat Management (UTM) Appliance Figure 4. Front p anel UTM50 F ront P anel UTM150 V iewed from left to rig ht, the UTM150 front p anel contains the following port s: • One nonfunctioning USB port. This port is included for future ma nagement enhancement s. The port is currently not operable on the UTM. • LAN ...
NETGEAR STM150EW-100NAS - page 28

Introduction 28 ProSecure Unified Thr eat Management (UTM) Appliance F ront P anel UTM9S and UTM25S and Network Modules Viewe d from left to right, the UTM9 S and UTM 25S front panel cont ains the following port s and slots: • One USB port that can accept a 3G/4G dongle for wireless connectivity to an ISP . The port is currently operable on the U ...
NETGEAR STM150EW-100NAS - page 29

Introduction 29 ProSecure Unified Thr eat Management (UTM) Appliance xDSL Network Modules The following xDSL network modules a re available for insertion in one of the UTM9S or UTM25S slots: • NMSDSLA. VDSL/ADSL2+ network module, Annex A. • NMSDSLB. VDSL/ADSL2+ network module, Annex B. Note: In previous releases for the UTM9S, these network mod ...
NETGEAR STM150EW-100NAS - page 30

Introduction 30 ProSecure Unified Thr eat Management (UTM) Appliance Figure 8. Wire less network mod ule LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 The following t able describes t he function of each LED. T able 2. LED descriptions UTM5, UTM10, UTM2 5, UTM 50, and UTM150 LED Activity Description Power LED On (gree n) Power is supplied ...
NETGEAR STM150EW-100NAS - page 31

Introduction 31 ProSecure Unified Thr eat Management (UTM) Appliance LAN ports Left LED Off The LAN port ha s no link. On (green) The LAN p ort has dete cted a link with a connected Ethernet device. Blinking (green) Data is transmitted or re ceived by the LAN port. Right LED Off The LAN port is operating at 10 Mbps. On (amber) The LAN port is opera ...
NETGEAR STM150EW-100NAS - page 32

Introduction 32 ProSecure Unified Thr eat Management (UTM) Appliance LED Descriptions, UTM9S , UTM25S , and their Network Modules The following table describ es the function of each LED on the UTM9S and UTM25S and their network modules. T able 3. LED descriptions UTM9S and UTM25S LED Activity Description Power LED On (gree n) Power is supplied to t ...
NETGEAR STM150EW-100NAS - page 33

Introduction 33 ProSecure Unified Thr eat Management (UTM) Appliance R ear P anel UTM5, UTM10, and UTM25 The rear p anel of the UTM5, UTM10, and UT M25 includes the cable lock recept acle, the console port, the Factory Default s reset button, and the AC power connection. Figure 9. Rear p anel of the UTM5, UTM10, and UTM25 Right LED Off The W AN por ...
NETGEAR STM150EW-100NAS - page 34

Introduction 34 ProSecure Unified Thr eat Management (UTM) Appliance Viewe d from left to right, the rear panel of the UTM5, UTM1 0, and UTM25 cont ains the following components : 1. Cable security lock receptacle. 2. Console port. Port for connecting to an optional co nsole terminal. The port has a DB9 male connector . The default baud rate is 960 ...
NETGEAR STM150EW-100NAS - page 35

Introduction 35 ProSecure Unified Thr eat Management (UTM) Appliance R ear P anel UTM9S and UTM25S The rear pa nel of the UTM9S and UTM25S incl udes the cable lock recept acle, the console port and console switch, th e Factory Defaults reset button, the AC power connection, an d the power switch. Figure 1 1. Rear panel of the UTM9S and UTM25S V iew ...
NETGEAR STM150EW-100NAS - page 36

Introduction 36 ProSecure Unified Thr eat Management (UTM) Appliance Bottom P anels with Product Labels The product label on the bottom of the UTM’ s enclosure displays factory defaults settings, regulatory compliance, and other information. The following figure shows the pr od uct label for the UTM5: Figure 12. The following figure shows the pr ...
NETGEAR STM150EW-100NAS - page 37

Introduction 37 ProSecure Unified Thr eat Management (UTM) Appliance The following figure shows the product label for the UTM25: Figure 14. The following figure shows the product label for the UTM50: Figure 15. ...
NETGEAR STM150EW-100NAS - page 38

Introduction 38 ProSecure Unified Thr eat Management (UTM) Appliance The following figure shows the pr od uct label for the UTM150: Figure 16. The following figure shows the pr od uct label for the UTM9S: Figure 17. ...
NETGEAR STM150EW-100NAS - page 39

Introduction 39 ProSecure Unified Thr eat Management (UTM) Appliance The following figure shows the product label for the UTM25S: Figure 18. Choose a Location for the UTM The UTM is suit able for use in an of fice environment where it can be fre estanding (on its runner feet) or mounted into a st andard 19-inch equipment rack. Alternatively , you c ...
NETGEAR STM150EW-100NAS - page 40

Introduction 40 ProSecure Unified Thr eat Management (UTM) Appliance Use the R ack -Mounting Kit Use the mounting kit for the UTM to install the appl iance in a rack. (A mounting kit is provide d in the package for the multiple W AN port models.) Attach the mounting brackets using the hardware that is supplied with the mounting kit. Figure 19. Befo ...
NETGEAR STM150EW-100NAS - page 41

41 2 2. Us e the Setu p W i z ar d to Pr o v isi on the UTM in Y our Ne t w o r k This chapter explains how to log in to the UT M and use the web manageme nt interface, how to use the Setup Wizard to provision the UTM in your network, and how to register the UTM with NETGEAR. The chapter cont ains the following sections: • S teps for In itial Con ...
NETGEAR STM150EW-100NAS - page 42

Use the Setup Wizard t o Provision the UTM in Y our Network 42 ProSecure Unified Thr eat Management (UTM) Appliance 4. V erify the installation . See V erify Co rrect Installation on page 68. 5. Register the UTM . See Register the UTM with NETGEAR on page 65. Each of these tasks is d escribed separat ely in this chapter . The configuration of the W ...
NETGEAR STM150EW-100NAS - page 43

Use the Setup Wizard to Provision the UTM in Y our Net work 43 ProSecure Unified Thr eat Management (UTM) Appliance Figure 20. 3. In the User Name field, type admi n . Use lowercase letters. 4. In the Password / Passcode field, type password . Here, too, use lowercase letters. Note: The UTM user name and p assword are not the same as any user name ...
NETGEAR STM150EW-100NAS - page 44

Use the Setup Wizard t o Provision the UTM in Y our Network 44 ProSecure Unified Thr eat Management (UTM) Appliance Figure 21. W eb Management Interface Menu Layout The following figure shows the menu at the to p the UTM50 web manageme nt interface as an example. ...
NETGEAR STM150EW-100NAS - page 45

Use the Setup Wizard to Provision the UTM in Y our Net work 45 ProSecure Unified Thr eat Management (UTM) Appliance Figure 22. The web management interface menu consists of th e following component s: • 1st level: Main navigation me nu links . The main navigation menu in the orange b ar across the top of the web mana gement interfac e provides ac ...
NETGEAR STM150EW-100NAS - page 46

Use the Setup Wizard t o Provision the UTM in Y our Network 46 ProSecure Unified Thr eat Management (UTM) Appliance • Back . Go to the previous screen (for wizards). • Search . Perform a search operation. • Cancel . Cancel the operation. • Send Now . Send a file or report. When a screen includes a table, t able buttons di splay to let you c ...
NETGEAR STM150EW-100NAS - page 47

Use the Setup Wizard to Provision the UTM in Y our Net work 47 ProSecure Unified Thr eat Management (UTM) Appliance Use the Setup Wizard to P erf orm the Initial Configuration • Setup Wizard S tep 1 of 10: LAN Settings • Setup Wizard S tep 2 of 10: WAN Settin gs • Setup Wizard S tep 3 of 10: System Date and T ime • Setup Wizard S tep 4 of 1 ...
NETGEAR STM150EW-100NAS - page 48

Use the Setup Wizard t o Provision the UTM in Y our Network 48 ProSecure Unified Thr eat Management (UTM) Appliance Setup Wizard Step 1 of 10: LAN Settings Figure 26. Enter the settings as explained in the fo llowing table, and t hen click Next to go the following screen. Note: In this first step, you are configur ing the LAN settings for the UTM? ...
NETGEAR STM150EW-100NAS - page 49

Use the Setup Wizard to Provision the UTM in Y our Net work 49 ProSecure Unified Thr eat Management (UTM) Appliance T a ble 4. Setup Wizard Step 1: LAN Setti ngs screen se ttings Setting Description LAN TCP/IP Setup IP Address Enter the IP address of the UTM’s default VLAN (the factory default address is 192.168.1.1). Note: Always make sure that ...
NETGEAR STM150EW-100NAS - page 50

Use the Setup Wizard t o Provision the UTM in Y our Network 50 ProSecure Unified Thr eat Management (UTM) Appliance Enable DHCP Server (continued) Primary DNS Server This setting is optional. If an IP address is specified, the UTM provides this address as the prim ary DNS server IP address. If no address is specified, the UTM provides its own LAN I ...
NETGEAR STM150EW-100NAS - page 51

Use the Setup Wizard to Provision the UTM in Y our Net work 51 ProSecure Unified Thr eat Management (UTM) Appliance After you have completed the steps in the Setup Wizard, you can change the LAN setting s by selecting Network Config > LAN Settings > Edit LAN Profile . Fo r more information about these LAN settings, see VLAN DHCP Options on p ...
NETGEAR STM150EW-100NAS - page 52

Use the Setup Wizard t o Provision the UTM in Y our Network 52 ProSecure Unified Thr eat Management (UTM) Appliance Enter the settings as explained in the fo llowing table, and t hen click Next to go the following screen. Note: Instead of manually entering the settin gs, you can also click the Auto Detect action button at the bottom of the screen. ...
NETGEAR STM150EW-100NAS - page 53

Use the Setup Wizard to Provision the UTM in Y our Net work 53 ProSecure Unified Thr eat Management (UTM) Appliance Austria (PPTP) (continued) My IP Address The IP address assigned by the ISP to make the connection with the ISP server . Server IP Address The IP address of the PPTP server . Other (PPPoE) If you ha ve installed login software such as ...
NETGEAR STM150EW-100NAS - page 54

Use the Setup Wizard t o Provision the UTM in Y our Network 54 ProSecure Unified Thr eat Management (UTM) Appliance After you have comp leted the steps in the Set up Wizard, you can change to the W AN se ttings by selecting Network Config > W AN Settings . Then click the Edit button in the Action column of the W AN interface for which you want t ...
NETGEAR STM150EW-100NAS - page 55

Use the Setup Wizard to Provision the UTM in Y our Net work 55 ProSecure Unified Thr eat Management (UTM) Appliance Enter the settings as explained in th e following table, a nd then click Next to go the following screen. After you have complete d the steps in the Setup Wizard, you can chan ge the date and time by selecting Administration > Syst ...
NETGEAR STM150EW-100NAS - page 56

Use the Setup Wizard t o Provision the UTM in Y our Network 56 ProSecure Unified Thr eat Management (UTM) Appliance Enter the settings as explained in the fo llowing table, and t hen click Next to go the following screen. IMPORT ANT : T o enable scanning of encrypted emails, you need to configure the SSL settings (see Configure HTTPS Scanning and S ...
NETGEAR STM150EW-100NAS - page 57

Use the Setup Wizard to Provision the UTM in Y our Net work 57 ProSecure Unified Thr eat Management (UTM) Appliance Setup Wizard Step 5 of 10: Email Security Figure 30. Enter the settings as explained in th e following table, a nd then click Next to go the following screen. T a ble 8. Setup Wizard Step 5: Email Sec urity screen se ttings Setting De ...
NETGEAR STM150EW-100NAS - page 58

Use the Setup Wizard t o Provision the UTM in Y our Network 58 ProSecure Unified Thr eat Management (UTM) Appliance After you have completed the step s in the Setup Wizard, you can change t he email security settings by selecting Application Security > Email An ti-Virus . The Email Anti-V irus screen also lets you specify notification set tings ...
NETGEAR STM150EW-100NAS - page 59

Use the Setup Wizard to Provision the UTM in Y our Net work 59 ProSecure Unified Thr eat Management (UTM) Appliance After you have complete d the steps in the Setup Wizard, you can chan ge the web security settings by selecting Application Security > HTTP/HTTPS > Malware Scan . The Malware T a ble 9. Setup Wizard Step 6: Web Security sc reen ...
NETGEAR STM150EW-100NAS - page 60

Use the Setup Wizard t o Provision the UTM in Y our Network 60 ProSecure Unified Thr eat Management (UTM) Appliance Scan screen also lets you specify HTML scanning and notification settings. For more information about these settings, see Con figure Web Malware or Antivirus Scans on page 216. Setup Wizard Step 7 of 10: W eb Ca tegories to Be Blocked ...
NETGEAR STM150EW-100NAS - page 61

Use the Setup Wizard to Provision the UTM in Y our Net work 61 ProSecure Unified Thr eat Management (UTM) Appliance Enter the settings as explained in th e following table, a nd then click Next to go the following screen. After you have completed the step s in the Setup Wizard, you can change the content-filte ring settings by selecting Application ...
NETGEAR STM150EW-100NAS - page 62

Use the Setup Wizard t o Provision the UTM in Y our Network 62 ProSecure Unified Thr eat Management (UTM) Appliance Setup Wizard Step 8 of 10: Email Notification Figure 33. Enter the settings as explained in the fo llowing table, and t hen click Next to go the following screen. After you have completed the step s in the Setup Wizard, you can change ...
NETGEAR STM150EW-100NAS - page 63

Use the Setup Wizard to Provision the UTM in Y our Net work 63 ProSecure Unified Thr eat Management (UTM) Appliance Setup Wizard Step 9 of 10: Signatures & Engine Figure 34. Enter the settings as explained in th e following table, a nd then click Next to go the following screen. T able 12. Setup Wizard Step 9: Signatu res & Engine screen se ...
NETGEAR STM150EW-100NAS - page 64

Use the Setup Wizard t o Provision the UTM in Y our Network 64 ProSecure Unified Thr eat Management (UTM) Appliance After you have co mpleted t he steps in the Se tup Wizard , you can cha nge th e signatu r es a nd engine settings by selecting Administration > System Up date > Signatures & Engine . For more information about these setting ...
NETGEAR STM150EW-100NAS - page 65

Use the Setup Wizard to Provision the UTM in Y our Net work 65 ProSecure Unified Thr eat Management (UTM) Appliance R egister the UTM with NETGEAR • Use the Web Manag ement Interface to Activate Licenses • Electronic Licensing • Automatic Retrieval of Licenses af ter a Factory Default Reset Use the W eb Management Interface to Activate Licens ...
NETGEAR STM150EW-100NAS - page 66

Use the Setup Wizard t o Provision the UTM in Y our Network 66 ProSecure Unified Thr eat Management (UTM) Appliance Note: If you have used the 30-day trial licenses, these trial lice nses are revoked once you activate the purchased service license keys. The purchased service license keys of fe r 1 year or 3 years of service. 4. Click Register . The ...
NETGEAR STM150EW-100NAS - page 67

Use the Setup Wizard to Provision the UTM in Y our Net work 67 ProSecure Unified Thr eat Management (UTM) Appliance  T o change customer or V AR information af ter you have registered the UTM: 1. Make the changes on the Registration screen. 2. Click Up date Info . Th e n ew da t a i s s a ve d b y th e registration and update server .  T o re ...
NETGEAR STM150EW-100NAS - page 68

Use the Setup Wizard t o Provision the UTM in Y our Network 68 ProSecure Unified Thr eat Management (UTM) Appliance V erify Correct Installation • T est Connectivity • T est HTTP Scanning T est the UTM before deploying it in a live production environment. The following instructions walk you through a couple of quick test s that are designed to ...
NETGEAR STM150EW-100NAS - page 69

Use the Setup Wizard to Provision the UTM in Y our Net work 69 ProSecure Unified Thr eat Management (UTM) Appliance The UTM is ready for use. However , the follow ing sections describe important t asks that you might want to address before you deploy the UTM in your network: • Configure the W AN Mode (required if you want to use multiple W AN por ...
NETGEAR STM150EW-100NAS - page 70

70 3 3. Manuall y Conf igur e In te r net an d W AN Settings This chapter contains the following sections: • Internet and W AN Configu ration T asks • Automatically Detecting and Conn ecting the Internet Connections • Manually Configure the Internet Connectio n • Configure the W AN Mode • Configure Secondary W AN Addresses • Configure D ...
NETGEAR STM150EW-100NAS - page 71

Manually Configure Internet and W AN Settings 71 ProSecure Unified Thr eat Management (UTM) Appliance Internet and W AN Configuration T a sks Note: For information about configuring the DSL interface of the UTM9S and UTM25S, see Append ix A, xDSL Network Module for the UTM9S and UTM25S . The in formation in this chapter also applies to the W AN int ...
NETGEAR STM150EW-100NAS - page 72

Manually Configure Int ernet and W AN S ettings 72 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure the W AN port s automatically for connection to the Inte rnet: 1. Select Network Confi g > W AN Settings . The W AN screen displays. (The following figure shows the UTM50.) Figure 37. The UTM5 and UTM10 screens show one W AN ...
NETGEAR STM150EW-100NAS - page 73

Manually Configure Internet and W AN Settings 73 ProSecure Unified Thr eat Management (UTM) Appliance Figure 38. 3. Click the Auto Detect button at the bottom of the screen. The autodetect process probes the W AN port for a range of connection methods and suggests one that your ISP is most likely to support. The autodetect process returns one of th ...
NETGEAR STM150EW-100NAS - page 74

Manually Configure Int ernet and W AN S ettings 74 ProSecure Unified Thr eat Management (UTM) Appliance • If the autodetect process does not find a c onnection, you are prompted to check th e physical connection betwe en your UTM and th e cable or DSL modem, satellite d ish, or wireless ISP radio antenna, or to check your UTM’ s MAC address. Fo ...
NETGEAR STM150EW-100NAS - page 75

Manually Configure Internet and W AN Settings 75 ProSecure Unified Thr eat Management (UTM) Appliance What to do next: • If the automatic ISP configuration is succ essful : Y ou are connected to the Internet through the W AN interface that you just configured. For the multiple W AN port models, continue with the configuration process for th e oth ...
NETGEAR STM150EW-100NAS - page 76

Manually Configure Int ernet and W AN S ettings 76 ProSecure Unified Thr eat Management (UTM) Appliance Figure 41. 6. If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter the settings as explained in the following table: T able 14. PPTP and PPPoE settings Setting Description Austria (PPTP) If your ISP is Austria T elecom o ...
NETGEAR STM150EW-100NAS - page 77

Manually Configure Internet and W AN Settings 77 ProSecure Unified Thr eat Management (UTM) Appliance 7. In the Internet (IP) Address section of the screen (see the following figure), configure the IP address settings as explained in the following table. Click the Current IP Address link to see the currently assigned IP address. Figure 42. Other (P ...
NETGEAR STM150EW-100NAS - page 78

Manually Configure Int ernet and W AN S ettings 78 ProSecure Unified Thr eat Management (UTM) Appliance 8. In the Domain Name Server (DNS) Se rvers section of the screen (see the following figure), specify the DNS settings as explained in the following table. Figure 43. T able 15. Internet IP address settings Setting Description Get Dynamically fro ...
NETGEAR STM150EW-100NAS - page 79

Manually Configure Internet and W AN Settings 79 ProSecure Unified Thr eat Management (UTM) Appliance 9. Click Apply to save any changes to the W AN ISP settings. (Or click Reset to discard any changes and revert to the previous settings.) 10. Click Te s t to evaluate your entries. The UTM attempts to make a connection according to the settings tha ...
NETGEAR STM150EW-100NAS - page 80

Manually Configure Int ernet and W AN S ettings 80 ProSecure Unified Thr eat Management (UTM) Appliance Configure the W A N Mode • Overview of the WAN Mo des • Configure Network Address T ranslation (All Models) • Configure Classical Routing (All Models) • Configure Auto-Rollover Mode and the Failure Detection Method (Multiple W AN Port Mod ...
NETGEAR STM150EW-100NAS - page 81

Manually Configure Internet and W AN Settings 81 ProSecure Unified Thr eat Management (UTM) Appliance W AN interfaces, the remaining interfaces are disabled. As long as the primary link is up, all traf fic is sent over the primary link. When the primary link goes down, the rollover link is brought up to send the traf fic. When the primary link come ...
NETGEAR STM150EW-100NAS - page 82

Manually Configure Int ernet and W AN S ettings 82 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: Changing the W AN mode from classical routin g to NA T causes all LAN W AN and DMZ W AN inbound rules to revert to default settings.  T o configure NA T : 1. Select Network Confi g > W AN Settings > W AN Mode . The W AN Mode sc ...
NETGEAR STM150EW-100NAS - page 83

Manually Configure Internet and W AN Settings 83 ProSecure Unified Thr eat Management (UTM) Appliance When the UTM is configured in auto-rollover mode , it uses the selected W AN failure detection method to detect the st atus of the primary link connection at regular intervals. Link failure is detected in one of the following ways: • DNS queries ...
NETGEAR STM150EW-100NAS - page 84

Manually Configure Int ernet and W AN S ettings 84 ProSecure Unified Thr eat Management (UTM) Appliance Note: Ensure that the backup W AN interface is configu red before enabling auto-rollover mode. 3. Click Apply to save your settings. Configure the Failure Detection Method  T o configure the failure detection method: 1. Select Network Confi g ...
NETGEAR STM150EW-100NAS - page 85

Manually Configure Internet and W AN Settings 85 ProSecure Unified Thr eat Management (UTM) Appliance Note: After the primary W AN interface fails, the default time to roll over is 2 minutes. The minimum test period is 30 seconds, and the minimum number of tests is 4. 5. Click Apply to save your settings. Note: Y ou can configure the UTM to ge nera ...
NETGEAR STM150EW-100NAS - page 86

Manually Configure Int ernet and W AN S ettings 86 ProSecure Unified Thr eat Management (UTM) Appliance Configure Load Balancing (M ultiple W AN P ort Models)  T o configure load balancing: 1. Select Network Confi g > W AN Settings > W AN Mode . The W AN Mode screen displays: Figure 47. Note: Y ou cannot configure load ba lancing when you ...
NETGEAR STM150EW-100NAS - page 87

Manually Configure Internet and W AN Settings 87 ProSecure Unified Thr eat Management (UTM) Appliance This load-balancin g method ensure s that a single W AN interface does n ot carry a disproportionate distribution o f sessions. 3. Click Apply to save your settings. Configure P rotocol Binding (Optional)  T o configure protocol binding and add ...
NETGEAR STM150EW-100NAS - page 88

Manually Configure Int ernet and W AN S ettings 88 ProSecure Unified Thr eat Management (UTM) Appliance Figure 49. 3. Configure the protocol binding settings as explained in the following table: T able 18. Add Protocol Binding screen settings Setting Description Service From the drop-down list, select a service or application to be covered by this ...
NETGEAR STM150EW-100NAS - page 89

Manually Configure Internet and W AN Settings 89 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The protocol binding rule is added to the Protocol Bindings table. The rule is automatically enabled, which is indicated by the ! status icon, a green circle.  T o edit a protocol binding: 1. On the Protocol ...
NETGEAR STM150EW-100NAS - page 90

Manually Configure Int ernet and W AN S ettings 90 ProSecure Unified Thr eat Management (UTM) Appliance It is important that you ensure th at any sec ondary W AN addresses are dif ferent from the primary W AN, LAN, and DMZ IP addresses that are already configured on the UTM. However , primary and secondary W AN addresses can be in the same subnet. ...
NETGEAR STM150EW-100NAS - page 91

Manually Configure Internet and W AN Settings 91 ProSecure Unified Thr eat Management (UTM) Appliance 5. Click the Add table button in the rightmost column to add the secondary IP address to the List of Secondary W AN addre sses table. Repeat Ste p 4 and St e p 5 for each secondary IP address that you want to a dd to the List of Secondary W AN addr ...
NETGEAR STM150EW-100NAS - page 92

Manually Configure Int ernet and W AN S ettings 92 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure DDNS: 1. Select Network Confi g > Dynamic DNS . The Dynamic DNS screen displays (see the following figure). The W AN Mode section onscreen reports the currently configured W AN mode (for example, Single Port W AN1, Load Balan ...
NETGEAR STM150EW-100NAS - page 93

Manually Configure Internet and W AN Settings 93 ProSecure Unified Thr eat Management (UTM) Appliance Figure 52. 4. Access the website of the DDNS se rvice provi der , and regist er for an account (for example, for DynDNS.org, go to http://www .dyndns.com/ ). 5. Configure the DDNS service settings as explained in the following table: 6. Click Apply ...
NETGEAR STM150EW-100NAS - page 94

Manually Configure Int ernet and W AN S ettings 94 ProSecure Unified Thr eat Management (UTM) Appliance Set the UTM’s MA C Address and Configure Advanced W A N Options The advanced options include configuring the ma ximum transmission un it (MTU) size, the port speed, and the UTM’ s MAC address, and setti ng a rate limit on the traf fic that is ...
NETGEAR STM150EW-100NAS - page 95

Manually Configure Internet and W AN Settings 95 ProSecure Unified Thr eat Management (UTM) Appliance Figure 53. 4. Enter the settings as explained in the followin g t able: T a ble 20. Adva nced W A N settings Setting Description MTU Size Make one of the following selections: Default Select the Default radio button for the normal maximum transmit ...
NETGEAR STM150EW-100NAS - page 96

Manually Configure Int ernet and W AN S ettings 96 ProSecure Unified Thr eat Management (UTM) Appliance Spee d In most cases, the UTM can automatically determine the connection spee d of t he W AN port of the device (modem or router) that provides the WAN connection. If you cannot establish an Internet connection, you might need to select the port ...
NETGEAR STM150EW-100NAS - page 97

Manually Configure Internet and W AN Settings 97 ProSecure Unified Thr eat Management (UTM) Appliance 5. Click Apply to save your changes. W ARNING: Depending on the changes that you made, when you click Apply , the UTM rest arts, or services suc h as HTTP and SMTP might rest art. If you want to configure the advanced settings for an additional W A ...
NETGEAR STM150EW-100NAS - page 98

98 4 4. L A N Con fig urat ion This chapter describes how to configure the advanc ed LAN features o f your UTM. This chapter contains the following sections: • Manage V irtual LANs and DHCP Options • Configure Multiho me LAN IP Addresses on the De fault VLAN • Manage Groups an d Hosts (LAN Groups) • Configure and En able the DMZ Port • Ma ...
NETGEAR STM150EW-100NAS - page 99

LAN Configuration 99 ProSecure Unified Thr eat Management (UTM) Appliance A virtual LAN (VLAN) is a local area network wi th a definition that maps workst ations on some basis other than geographic location (f or example, by department, type o f user , or primary application). T o enable traffic to flow betwee n VLANs, traffic need s to go through ...
NETGEAR STM150EW-100NAS - page 100

LAN Configuration 100 ProSecure Unified Thr eat Management (UTM) Appliance • When a port receives an unt agged packet , this packet is forwarde d to a VLAN based on the PVID. • When a port receives a t agged packet, this p acket is forwarded to a VLAN based on the ID that is extracted from the ta gged packet. When you create a VLAN profile, ass ...
NETGEAR STM150EW-100NAS - page 101

LAN Configuration 101 ProSecure Unified Thr eat Management (UTM) Appliance Figure 54. For each VLAN profile, the following fields disp lay in the VLAN Profiles table: • Check box . Allows you to select the VLAN pro file in the t able. • St atus icon . Indicates the st atus of the VLAN profile: - Green circle . The VLAN profile is en abled. - Gr ...
NETGEAR STM150EW-100NAS - page 102

LAN Configuration 102 ProSecure Unified Thr eat Management (UTM) Appliance DHCP Server The default VLAN (VLAN 1) has the DHCP serv er option enabled by default, allowing the UTM to assign IP , DNS server , WINS server , and default gateway addresses to all computers connected to the UTM’ s LAN. The assigned defaul t gateway address is the LAN add ...
NETGEAR STM150EW-100NAS - page 103

LAN Configuration 103 ProSecure Unified Thr eat Management (UTM) Appliance configuration in auto-rollover mode with route di versity (t hat is, with two dif ferent ISPs) and you cannot ensure that the DNS server is available af ter a rollover has occurred. LDAP Server A Lightweight Directory Access Protocol (LD AP) server allows a user to query and ...
NETGEAR STM150EW-100NAS - page 104

LAN Configuration 104 ProSecure Unified Thr eat Management (UTM) Appliance 2. Either select an entry from the VLAN Profiles table and click the corresponding Edit table button, or add a VLAN profile by clicking the Add table button under the VLAN Profiles t able. The Edit VLAN Profile scree n displays. The following figure shows the Edit VLAN Pro f ...
NETGEAR STM150EW-100NAS - page 105

LAN Configuration 105 ProSecure Unified Thr eat Management (UTM) Appliance 3. Enter the settings as explained in the followin g t able: T able 21. Edit VLAN Pr ofile screen settings Setting Description VLAN Profile Profile Name Enter a unique name for the VLAN profile. Note: You can also change the profile name of the default VL AN. VLAN ID Enter a ...
NETGEAR STM150EW-100NAS - page 106

LAN Configuration 106 ProSecure Unified Thr eat Management (UTM) Appliance Enable DHCP Server Select the Enable DHCP Server radio button to e nable the UTM to function a s a Dynamic Host Configuration Protocol (DHCP) server , providing TCP/IP configuration for all computers co nne ct ed to the VLAN. Enter the following settings: Domain Name This se ...
NETGEAR STM150EW-100NAS - page 107

LAN Configuration 107 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. Enable LDAP information T o enable the DHCP server to provide Lightweight Directory Access Protocol (LDAP) server information, select the Enable LDAP informatio n check box. Enter the following settings. Note: The LDAP settings that you ...
NETGEAR STM150EW-100NAS - page 108

LAN Configuration 108 ProSecure Unified Thr eat Management (UTM) Appliance Note: When you have completed the LAN setup, all outbound tra ffic is allowed and all inbound traf fic is discarded except responses to requests fro m the LAN side. For information abou t how to change these default traf fic rules, see Chapter 5, Firewall Protection .  T ...
NETGEAR STM150EW-100NAS - page 109

LAN Configuration 109 ProSecure Unified Thr eat Management (UTM) Appliance Figure 57. 3. From the MAC Address for VLANs drop-down list, select Unique . (The default is Sa me.) 4. As an option, you can disable the broadcast of ARP packet s for the default VLAN by clearing the Enable ARP Broadcast check box. (The broa dcast of ARP packets is enabled ...
NETGEAR STM150EW-100NAS - page 110

LAN Configuration 11 0 ProSecure Unified Thr eat Management (UTM) Appliance The following is an example of correctly configured I P addresses on a multiple W AN port model: • W AN1 IP address. 10.0.0.1 with subnet 255.0.0.0 • W AN2 IP address. 20.0.0.1 with subnet 255.0.0.0 • DMZ IP address. 192.168.10.1 with sub net 255.255.255.0 • Primary ...
NETGEAR STM150EW-100NAS - page 111

LAN Configuration 111 ProSecure Unified Thr eat Management (UTM) Appliance  T o edit a secondary LAN IP address: 1. On the LAN Multi-homing screen (see the previo us screen), click the Edit button in the Action column for the secondary IP address that yo u want to modify . The Edit Secondary LAN IP address screen displays. 2. Modify the IP addre ...
NETGEAR STM150EW-100NAS - page 112

LAN Configuration 11 2 ProSecure Unified Thr eat Management (UTM) Appliance These are some advantages of th e network database: • Generally , you do not need to enter an IP address or a MAC address. Instead, you can just select the name of the desired compu ter or device. • There is no need to reserve an IP address for a computer in the DHCP se ...
NETGEAR STM150EW-100NAS - page 113

LAN Configuration 11 3 ProSecure Unified Thr eat Management (UTM) Appliance Figure 59. The Known PCs and Devices t able lists the ent ries in the network dat abase. For each computer or device, the following fields display: • Check box . Allows you to select the comp uter or device in the ta ble. • Name . The name of the computer or device. For ...
NETGEAR STM150EW-100NAS - page 114

LAN Configuration 11 4 ProSecure Unified Thr eat Management (UTM) Appliance Add C omputers or Devices to the Network Database  T o add computers or devices manually to the network dat abase: 1. In the Add Known PCs and Devices section of the L AN Groups screen (see the previous figure), enter the settings as explained in the following t able: 2. ...
NETGEAR STM150EW-100NAS - page 115

LAN Configuration 11 5 ProSecure Unified Thr eat Management (UTM) Appliance Figure 60. 2. Modify the settings as explained in T able 22 on page 1 14. 3. Click Apply to save your settings in the Known PCs and Devices table. Delete Computers or Device s from the Network Database  T o delete one or more computers or devices from the network dat aba ...
NETGEAR STM150EW-100NAS - page 116

LAN Configuration 11 6 ProSecure Unified Thr eat Management (UTM) Appliance Figure 61. 3. Select the radio button next to the group name that you want to edit. 4. T ype a new name in th e field. The maximum number of characters is 15; spaces and double quotes (") are not allowed. 5. Repeat Ste p 3 and St e p 4 for any oth er group names. 6. Cl ...
NETGEAR STM150EW-100NAS - page 117

LAN Configuration 11 7 ProSecure Unified Thr eat Management (UTM) Appliance Configure and Enable the DMZ P ort The demilit arized zone (DMZ) is a network that, by defa ult, has fewer firewall restrictions than the LAN. The DMZ can be used to host se rvers (such as a web server , FTP server , or email server) and provide public access to them . The ...
NETGEAR STM150EW-100NAS - page 118

LAN Configuration 11 8 ProSecure Unified Thr eat Management (UTM) Appliance Figure 62. 2. Enter the settings as explained in the following table: T able 23. DMZ Setup screen settings Setting Description DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Ye s . Enables you to configu re the DMZ port setting ...
NETGEAR STM150EW-100NAS - page 119

LAN Configuration 11 9 ProSecure Unified Thr eat Management (UTM) Appliance DHCP Disable DHCP Server If another device on your network is the DHCP server for the VLAN, or if you will configure the network se ttings of all of yo ur computers manually , select the Disable DHCP Server radio button to di sable the DHCP server . By default, this radio b ...
NETGEAR STM150EW-100NAS - page 120

LAN Configuration 120 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Note: For all UTM models except for the UTM50, the DMZ LED next to LAN port 4 (see Hardware Features on p age 24) lights green to indicate that the DMZ p ort is enabled. For the UTM50, the DMZ LED next to LAN port 6 lights green to indic ...
NETGEAR STM150EW-100NAS - page 121

LAN Configuration 121 ProSecure Unified Thr eat Management (UTM) Appliance Manage R outing • Configure S tatic Routes • Configure Routing Information Protocol • S tatic Route Example S tatic routes provid e additional routing information to your UTM. Under no rmal circumstances, the UT M has adequate routing inf ormation af ter it has been co ...
NETGEAR STM150EW-100NAS - page 122

LAN Configuration 122 ProSecure Unified Thr eat Management (UTM) Appliance Figure 64. 3. Enter the settings as explained in the following table: 4. Click Apply to save your settings. The new st atic route is added to the S tatic Routes table. T able 24. Add St atic Route screen settings Setting Description Route Name The route name for the static r ...
NETGEAR STM150EW-100NAS - page 123

LAN Configuration 123 ProSecure Unified Thr eat Management (UTM) Appliance  T o edit a sta tic route that is in the S tatic Routes t able: 1. On the Routi ng screen (see Figure 63 on page 121), click the Edit button in the Action column for the route that you want to modify . The Edit S tatic Route screen displays. This screen is identical to th ...
NETGEAR STM150EW-100NAS - page 124

LAN Configuration 124 ProSecure Unified Thr eat Management (UTM) Appliance Figure 65. 3. Enter the settings as explained in the following table: T able 25. RIP Configuration screen settings Setting Description RIP RIP Direction From the RIP Direction drop-down list, select the direction in which the UTM sends and receives RIP packet s: • None . T ...
NETGEAR STM150EW-100NAS - page 125

LAN Configuration 125 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. RIP V ersion By defau lt, the RIP version is set to Disa bled. From the RIP Version drop-down list, select the version: • RIP-1 . Classful routing that d oes not include subnet i nformation. This is the most commonly supported version. ...
NETGEAR STM150EW-100NAS - page 126

LAN Configuration 126 ProSecure Unified Thr eat Management (UTM) Appliance Static R oute Example In this example, we assume the fo llowing: • The UTM’s primary Internet access is thro ugh a cable modem to an ISP . • The UTM is on a local LAN with IP address 192.168.1.100 . • The UTM connects to a re mote network where you need to access a d ...
NETGEAR STM150EW-100NAS - page 127

127 5 5. F i r ewa l l P r o t e c t io n This chapter describes how to use the firewall feat ures of the UTM to protect your ne two rk. Th is chapter conta ins the following sections: • About Firewall Protection • Overview of Rules to Block or Allow Specific Kinds of T raffic • Configure LAN W AN Rules • Configure DMZ W AN Rules • Config ...
NETGEAR STM150EW-100NAS - page 128

Firewall Protection 128 ProSecure Unified Thr eat Management (UTM) Appliance Administrator Tips Consider the following operational items: 1. As an option, you can enable remote managemen t if you have to manage dist ant sites from a central location (see Configu re Authentication Domains, Gr oups, and Users on page 380 and Configure Remote Manageme ...
NETGEAR STM150EW-100NAS - page 129

Firewall Protection 129 ProSecure Unified Thr eat Management (UTM) Appliance A firewall has two default rules, one for inbo und traffic and one for outbound. The default rules of the UTM are: • Inbound . Block all access from out side except re sponses to requests from the L AN side. • Outbound . Allow all access from the LAN side to the outs i ...
NETGEAR STM150EW-100NAS - page 130

Firewall Protection 130 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: Allowing inbound services opens security holes in your UTM. Enable only those port s that are necessary for your network. The following t able describes the fi elds that define the rules for outbound traf fic and that are common to most Outbound Service screens ( ...
NETGEAR STM150EW-100NAS - page 131

Firewall Protection 131 ProSecure Unified Thr eat Management (UTM) Appliance LAN Users Th e se ttings that determine which computers on your network are affected by this rule. The options are: • Any . All computers and devices on your LAN. • Single address . Enter the required address in the St a rt field to apply the rule to a single device on ...
NETGEAR STM150EW-100NAS - page 132

Firewall Protection 132 ProSecure Unified Thr eat Management (UTM) Appliance QoS Profile The priority assigned to IP p ackets of this service. The priorities are defined by T ype of Service ( T oS) in the Internet Protocol Su ite standards, RFC 1349. The QoS pr ofile determines the priority of a service, which, in turn, determines the quality of th ...
NETGEAR STM150EW-100NAS - page 133

Firewall Protection 133 ProSecure Unified Thr eat Management (UTM) Appliance Inbound R ules (P ort Forwarding) If you have enabled Network Address T ranslation (NA T), your network presents only one IP address to the Internet, and outside users ca nnot di rectly access any of your lo cal computers (LAN users). (For information about con figuring NA ...
NETGEAR STM150EW-100NAS - page 134

Firewall Protection 134 ProSecure Unified Thr eat Management (UTM) Appliance • Local computers need to access the local se rver using the computers’ local LAN address. Attempts by local computers to access the se rver using the external W AN IP address will fail. Note: See Configure Port T riggering on page 183 for yet another way to allow cert ...
NETGEAR STM150EW-100NAS - page 135

Firewall Protection 135 ProSecure Unified Thr eat Management (UTM) Appliance T able 28. Inbound rules over view Setting Description Inbound Rules Service (also referred to as Service Name) The service or application to be covered by this rule. If the service or application does not di splay in the list, yo u need to define it usi ng the Services sc ...
NETGEAR STM150EW-100NAS - page 136

Firewall Protection 136 ProSecure Unified Thr eat Management (UTM) Appliance LAN Users The setti ngs th at determine which computers on your network are affected by this rule. The options are: • Any . All computers and de vices on your LAN. • Single address . Enter the required address in the S tart field to apply the rule to a single device on ...
NETGEAR STM150EW-100NAS - page 137

Firewall Protection 137 ProSecure Unified Thr eat Management (UTM) Appliance QoS Profile The priority ass igned to IP packet s of this service. The p riorities are defined by T y pe of Service (T oS) in the Internet Protocol Suite standards, RFC 1349. The QoS profile determines the priority of a service which, in turn, determines the quality of tha ...
NETGEAR STM150EW-100NAS - page 138

Firewall Protection 138 ProSecure Unified Thr eat Management (UTM) Appliance Note: Some residential broadband ISP account s do not allow you to run any server processes (such as a web or FTP server) from your locat ion. Y our ISP might periodically check for servers and might suspend your account if it discovers any active servers at your loca tion ...
NETGEAR STM150EW-100NAS - page 139

Firewall Protection 139 ProSecure Unified Thr eat Management (UTM) Appliance For any traff ic attempting to p ass through the firewall, the p acket information is subjected to the rules in the order shown in the Rules t able, beginning at the top and proceeding to the bottom. In some cases, the order of pre cedence of two or more rules might be imp ...
NETGEAR STM150EW-100NAS - page 140

Firewall Protection 140 ProSecure Unified Thr eat Management (UTM) Appliance  T o change an existing outbound or inbound service rule: In the Action column to the right of to the rule, click one of the following t able buttons: • Edit . Allows you to make any changes to the definition of a n existing rule. Depending on your selection, either t ...
NETGEAR STM150EW-100NAS - page 141

Firewall Protection 141 ProSecure Unified Thr eat Management (UTM) Appliance Figure 68. 2. Enter the settings as explained in T able 27 on p age 130. 3. Click Apply to save your changes. The new rule is now add ed to the Outbound Services tab l e. Create LAN W AN Inbound Service R ules The Inbound Services t able lists all e xisting rules for inbou ...
NETGEAR STM150EW-100NAS - page 142

Firewall Protection 142 ProSecure Unified Thr eat Management (UTM) Appliance Figure 69. 2. Enter the settings as explained in T able 28 on page 135. 3. Click Apply to save your chan ges. The new rule is now added to the Inbound Services table. Configure DMZ W AN Rules • Create DMZ WAN Outbound Service Rules • Create DMZ WAN Inbound Service Rule ...
NETGEAR STM150EW-100NAS - page 143

Firewall Protection 143 ProSecure Unified Thr eat Management (UTM) Appliance adding outbound services rules (see Create DMZ W AN Outbound Service Rules on page 144). T o access the DMZ WA N Rules screen, select Network Sec urity > Firewall > DMZ W AN Rules . The DMZ W AN Rules screen displays. (The following figure shows some rules as an exam ...
NETGEAR STM150EW-100NAS - page 144

Firewall Protection 144 ProSecure Unified Thr eat Management (UTM) Appliance Create DMZ W AN Outbound Service R ules Y ou can change the default outbound policy or define rules that specify exceptions to the default outbound policy . By adding custom rules, you can block or allow access based on the service or application, source or dest ination IP ...
NETGEAR STM150EW-100NAS - page 145

Firewall Protection 145 ProSecure Unified Thr eat Management (UTM) Appliance  T o create an inbound DMZ W AN service rule: 1. In the DMZ W AN Rules screen, click the Add table button under the Inbound Services table. The Add DMZ W AN Inbound Se rvice screen displays: Figure 72. 2. Enter the settings as explained in T able 28 on p age 135. 3. Cli ...
NETGEAR STM150EW-100NAS - page 146

Firewall Protection 146 ProSecure Unified Thr eat Management (UTM) Appliance T o access the LAN DMZ Rules screen and to change an existing outbo und or inbound service rule, select Network Security > Firewall > LAN DMZ Rules . The LAN DMZ Rules screen displays: Figure 73. In the Action column to the right of to the rule, click one of the foll ...
NETGEAR STM150EW-100NAS - page 147

Firewall Protection 147 ProSecure Unified Thr eat Management (UTM) Appliance Create LAN DMZ Outbound Service R ules Y ou can change the default outbound policy or define rules t hat specify exceptions to the default outbound policy . By adding custom rules, you can block or allo w access based on the service or application, source or destination IP ...
NETGEAR STM150EW-100NAS - page 148

Firewall Protection 148 ProSecure Unified Thr eat Management (UTM) Appliance Figure 75. 2. Enter the settings as explained in T able 28 on page 135. 3. Click Apply to save your chan ges. The new rule is now added to the Inbound Services table. Examples of Firewall R ules • Inbound Rule Examples • Outbound Rule Example Inbound R ule Examples LAN ...
NETGEAR STM150EW-100NAS - page 149

Firewall Protection 149 ProSecure Unified Thr eat Management (UTM) Appliance Figure 76. LAN W AN Inbound Rule: Allow Videocon ference from Re stricted A ddresses If you want to allow inco ming videoconferencing to be initiate d from a restricted range of outside IP addresses, such as from a branch off ice, you can create an inboun d rule (see the f ...
NETGEAR STM150EW-100NAS - page 150

Firewall Protection 150 ProSecure Unified Thr eat Management (UTM) Appliance Figure 77. LAN WAN or DMZ W AN Inbound Rule: Set Up One-to - One NA T Mapping In this example, multi-NA T is configured to support multiple public IP addresses on one WA N interface. An inbound rule configures the UTM to ho st an additional public IP address and associate ...
NETGEAR STM150EW-100NAS - page 151

Firewall Protection 151 ProSecure Unified Thr eat Management (UTM) Appliance Tip: If you arrange with your ISP to have more than one public IP address fo r your use, you can use the additiona l public IP addr esses to map to servers on your LAN or DMZ. One of these pub lic IP addresses is used as the primary IP address of the rou ter that provides ...
NETGEAR STM150EW-100NAS - page 152

Firewall Protection 152 ProSecure Unified Thr eat Management (UTM) Appliance 6. In the Send to LAN Server field, enter the lo cal IP address of your web server computer (192.168.1.2 in this example). 7. For the multiple W A N port models only: From the W AN Destination IP Add ress drop-down list, select the web server (the simulated 10.1.0.52 addre ...
NETGEAR STM150EW-100NAS - page 153

Firewall Protection 153 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: For security , NETGEAR strongly recommends that you avoi d creating an exposed host. When a c omputer is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploit s from the Internet. If compromised, the comput ...
NETGEAR STM150EW-100NAS - page 154

Firewall Protection 154 ProSecure Unified Thr eat Management (UTM) Appliance Configure Other Firewall Features • VLAN Rules • Attack Checks, VPN Pass-throu gh, and Multicast Pass-through • Set Session Limits • Manage the Application Level Ga teway for SIP Sessions and VPN Scanning Y ou can configure global VLAN rules, configure att ack chec ...
NETGEAR STM150EW-100NAS - page 155

Firewall Protection 155 ProSecure Unified Thr eat Management (UTM) Appliance Figure 82. 3. Enter the settings as explained in the followin g t able. T abl e 29 . Add VLAN- VL AN Servic e sc ree n settin gs Setting Description Service The service or application to be covered by this rule. If the service or application does not display i n the list, ...
NETGEAR STM150EW-100NAS - page 156

Firewall Protection 156 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Appl y to save your settings. The new VLAN rule is added to the VLAN Services table.  T o change the position of an existing VLAN rul e in the VLAN Services t able: In the Action column to the right of the rule, click one of the following t able buttons: • Up ...
NETGEAR STM150EW-100NAS - page 157

Firewall Protection 157 ProSecure Unified Thr eat Management (UTM) Appliance Attack Checks, VPN P ass -through, and Multicast P ass -through The Attack Checks scre en allows you to specify whether the UTM should be prote cted against common att acks in the DMZ, LAN, and W AN networks, and let s you configure VPN pass-through a nd multicast pass-thr ...
NETGEAR STM150EW-100NAS - page 158

Firewall Protection 158 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Configure Multicast P ass- T hrough  T o configure multicast p ass-through: 1. Select Network Security > Firewall > IGMP . The IGMP screen displays. (The following figure shows one alternate network as an example.) LAN Securit ...
NETGEAR STM150EW-100NAS - page 159

Firewall Protection 159 ProSecure Unified Thr eat Management (UTM) Appliance Figure 84. 2. In the Multicast Pass through section of the screen, select the Ye s radio button to enable multicast pass-through. (By default the Y es radio button is enabled.) When you enable multicast p ass-through, an Internet Group Management Protocol (IGMP) proxy is e ...
NETGEAR STM150EW-100NAS - page 160

Firewall Protection 160 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more multicast source addresses: 1. In the Alternate Networks t able, select the c heck box to the left of each address that you want to delete, or click the Select All t able button to select all addresses. 2. Click the Delete table button. Set Sessi ...
NETGEAR STM150EW-100NAS - page 161

Firewall Protection 161 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. Manage the Application Level Gateway for SIP Sessions and VPN Scanning The application level gateway (ALG) fa cilitates multimedia sessions such as voice over IP (V oIP) sessions that use t he Session Initiation Protocol (SIP) across t ...
NETGEAR STM150EW-100NAS - page 162

Firewall Protection 162 ProSecure Unified Thr eat Management (UTM) Appliance Figure 86. 2. In the ALG section, select the Enable SIP ALG check box. 3. In the ALG section, click Apply to save your settings. 4. In the VPN scan section, select the Enable VPN scan check box. 5. In the VPN scan section, click Apply to save your settings. Create Services ...
NETGEAR STM150EW-100NAS - page 163

Firewall Protection 163 ProSecure Unified Thr eat Management (UTM) Appliance • QoS profiles . A Quality of Service (QoS) profile de fines the relative priority of an IP packet for traf fic that matches the firewall rule. For information about creating QoS profiles, see Create Quality of Se rvice Profiles on p age 169. • Bandwid th profiles . A ...
NETGEAR STM150EW-100NAS - page 164

Firewall Protection 164 ProSecure Unified Thr eat Management (UTM) Appliance  T o add a customized service: 1. Select Network Security > Services . T he Services screen displays. The Custom Services table shows the user-d efined se rvices. (The following figure shows some examples.) Figure 87. 2. In the Add Customer Service section of the scr ...
NETGEAR STM150EW-100NAS - page 165

Firewall Protection 165 ProSecure Unified Thr eat Management (UTM) Appliance  T o edit a service: 1. In the Custom Services t able, click the Edit table button to the right of the service that you want to edit. The Edit Service screen displays: Figure 88. 2. Modify the settings that yo u wish to change (see the previous table). 3. Click Apply to ...
NETGEAR STM150EW-100NAS - page 166

Firewall Protection 166 ProSecure Unified Thr eat Management (UTM) Appliance Figure 89. 2. Under the Custom Service Group table, click the Add table button. The Add Service Group screen displays: Figure 90. 3. In the Name field, en ter a name for the service. 4. Use the move buttons (<< and >>) to move services between the Av ailable Se ...
NETGEAR STM150EW-100NAS - page 167

Firewall Protection 167 ProSecure Unified Thr eat Management (UTM) Appliance Create IP Groups An IP group cont ains a collection of individual IP addresses that do not need to be within the same IP address range. Y ou specify an IP group as either a LAN group or W AN group. Y ou use the group as a firewall ob ject to which you apply a firewall rule ...
NETGEAR STM150EW-100NAS - page 168

Firewall Protection 168 ProSecure Unified Thr eat Management (UTM) Appliance Figure 92. 5. In the IP Address fields, type an IP address. 6. Click the Add table button to add the IP address to the IP Addresses Grouped t able. 7. Repeat the previous two steps to add more IP addresses to the IP Addresses Grouped table. 8. Click the Edit table button t ...
NETGEAR STM150EW-100NAS - page 169

Firewall Protection 169 ProSecure Unified Thr eat Management (UTM) Appliance Create Quality of Service P rofiles A Quality of Service (QoS) profile defines the rela tive priority of an IP p acket when multiple connections are scheduled for simult aneous transmission on the UTM. A QoS p rofile becomes active only when it is associated with a nonbloc ...
NETGEAR STM150EW-100NAS - page 170

Firewall Protection 170 ProSecure Unified Thr eat Management (UTM) Appliance Figure 93. The screen displays the List of QoS Prof iles t able with the user-defined profile s. 2. Under the List of QoS Profiles table, click the Add table button. The Add QoS Profile screen displays: Figure 94. 3. Enter the settings as explained in the following table. ...
NETGEAR STM150EW-100NAS - page 171

Firewall Protection 171 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The new QoS profile is added to the List of QoS Profiles tab l e.  T o edit a QoS profile: 1. In the List of QoS Profiles table, click the Edit table button to the right of th e QoS profile that you want to edit. The Edit QoS Profil ...
NETGEAR STM150EW-100NAS - page 172

Firewall Protection 172 ProSecure Unified Thr eat Management (UTM) Appliance When a new connection is est ablished by a device, the device locates the firewall rule corresponding to the conn ection. • If the rule has a bandwid th profile specification, the device creates a bandwid th class in the kernel. • If multiple connections correspond to ...
NETGEAR STM150EW-100NAS - page 173

Firewall Protection 173 ProSecure Unified Thr eat Management (UTM) Appliance Figure 96. 3. Enter the settings as explained in the followin g t able: T able 34. Add Bandwidth Profile scre en settings Setting Description Profile Name A descri ptive name of the bandwidth profile for identification and manageme nt purposes. Direction From the Direction ...
NETGEAR STM150EW-100NAS - page 174

Firewall Protection 174 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The new bandwid t h profile is added to the List of Bandwidth Profiles table. 5. In the Bandwidth Profiles section of the screen, select the Ye s radio bu tton under Enable Bandwidth Profiles? (By default the No radio button is selecte ...
NETGEAR STM150EW-100NAS - page 175

Firewall Protection 175 ProSecure Unified Thr eat Management (UTM) Appliance both downloaded and upload ed traffic. When a pplied to multiple firewall rules, a single profile can be applied to each firewall rule sep a rately , or to all firewall rules together . After you have create d a traffic met er profile, you can assign the profile to firewal ...
NETGEAR STM150EW-100NAS - page 176

Firewall Protection 176 ProSecure Unified Thr eat Management (UTM) Appliance Figure 98. 3. Enter the settings as explained in the following table: T able 35. Add T raffic Meter Profile screen settings Setting Description Profile Name A descriptive name of the tra ffic meter profile for identificati on and management purposes. Direction From the Dir ...
NETGEAR STM150EW-100NAS - page 177

Firewall Protection 177 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The new traffic meter profile is added to the List of T raffic Meter Profiles table. Y ou now can select the profile when you create or change a firewall rule.  T o edit a traffic meter profile: 1. In the List of T raffic Meter Prof ...
NETGEAR STM150EW-100NAS - page 178

Firewall Protection 178 ProSecure Unified Thr eat Management (UTM) Appliance Figure 10 0. 3. Enter the settings as explained in the following table: T able 36. Add Schedule screen settings Setting Description Profile Name A name of the schedule for identification and management purpo ses. Description A description to further help identificatio n fo ...
NETGEAR STM150EW-100NAS - page 179

Firewall Protection 179 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settin gs. The new schedule is added to the List of Schedules table. Y ou now can se lect the schedule when you create or change a firewall rule.  T o edit a schedule: 1. In the List of Schedules tab le, click the Edit table button to the rig ...
NETGEAR STM150EW-100NAS - page 180

Firewall Protection 180 ProSecure Unified Thr eat Management (UTM) Appliance  T o enable MAC filtering and add MAC addresses to be permitted or blocked: 1. Select Network Security > Address Filte r . The Address Filter submenu t abs display , with the Source MAC Filter screen in view . (The following figure shows one address in the MAC Addres ...
NETGEAR STM150EW-100NAS - page 181

Firewall Protection 181 ProSecure Unified Thr eat Management (UTM) Appliance Set Up IP/MA C Bindings IP/MAC binding allows yo u to bind an IP address to a MAC address and the o ther way around. Some computers or devices ar e configured with st atic addresses. T o prevent users from changing their st atic IP addresses, the IP/MAC bin ding feature ne ...
NETGEAR STM150EW-100NAS - page 182

Firewall Protection 182 ProSecure Unified Thr eat Management (UTM) Appliance Figure 10 2. 2. Enter the settings as explained in the following table: 3. Click the Add table button. The new IP/MAC rule is added to the IP/MAC Bindings table. 4. Click Apply to save your chan ges. T able 37. IP/MAC Binding screen settings Setting Description Email IP/MA ...
NETGEAR STM150EW-100NAS - page 183

Firewall Protection 183 ProSecure Unified Thr eat Management (UTM) Appliance  T o edit an IP/MAC binding: 1. In the IP/MAC Bindings ta ble, click the Edit table button to the right of the IP/MAC binding that you want to edit. The Ed it IP/MAC Binding scre en displays. 2. Modify the settings that yo u wish to change (see the previous table). 3. C ...
NETGEAR STM150EW-100NAS - page 184

Firewall Protection 184 ProSecure Unified Thr eat Management (UTM) Appliance  T o add a port-triggering rule: 1. Select Network Security > Port T riggering . The Port T riggering screen displays. (The following figure shows a rule in the Port T riggering Rule t able as an example.) Figure 10 3. 2. In the Add Port Triggering Rule section, ente ...
NETGEAR STM150EW-100NAS - page 185

Firewall Protection 185 ProSecure Unified Thr eat Management (UTM) Appliance  T o edit a port-triggering rule: 1. In the Port T riggering Rules tab le, click the Edit t able button to the right of the port-triggering rule that you want to edit. The Edit Port T riggering Rule screen displays. 2. Modify the settings that yo u wish to change (see t ...
NETGEAR STM150EW-100NAS - page 186

Firewall Protection 186 ProSecure Unified Thr eat Management (UTM) Appliance Configure Universal Plug and Play The Universal Plug and Play (UPnP) feature enables the UTM to discover and configure devices automatically when it sea rches the LAN and W AN. 1. Select Security > UPnP . The UPnP screen displays: Figure 10 5. The UPnP Portmap T able in ...
NETGEAR STM150EW-100NAS - page 187

Firewall Protection 187 ProSecure Unified Thr eat Management (UTM) Appliance Enable and Configure the Intrusion P revention System The intrusion prevention system (IPS) of the UTM m onitors all network traffic to detect, in real time, distributed denial-of-se rvice (DDoS) attacks, network attacks, an d port scans, and to protect your network from s ...
NETGEAR STM150EW-100NAS - page 188

Firewall Protection 188 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Note: T raffic that p asses on the UTM’ s VLANs and on the secondary IP addresses that you have co nfigured on the LAN Multi-homing screen (see Configure Multihome LAN IP Addresses on the Defa ult VLAN on page 109) is also scanned by ...
NETGEAR STM150EW-100NAS - page 189

Firewall Protection 189 ProSecure Unified Thr eat Management (UTM) Appliance Figure 106. IPS, screen 1 of 2 ...
NETGEAR STM150EW-100NAS - page 190

Firewall Protection 190 ProSecure Unified Thr eat Management (UTM) Appliance Figure 10 7. IPS, scree n 2 of 2 4. Click Apply to save your settings. The following t able explains some of the less familiar att ack names in the IPS: T able 40. IPS: uncommon attack na mes Attack Name Description Web Web-Misc Detects some specific web attack tools, such ...
NETGEAR STM150EW-100NAS - page 191

Firewall Protection 191 ProSecure Unified Thr eat Management (UTM) Appliance Note: T o ensure that alert s are emailed to an administrator , you need to configure the email notification server (see Configure the Email Notification Server on p age 466) and the IPS alerts (see Conf igure and Activate Upd ate Failure and Attack Aler ts on p age 473). ...
NETGEAR STM150EW-100NAS - page 192

192 6 6. Co n te nt F ilter ing an d Optimi zing Scans This chapter describes how to apply the content-filtering features of the UTM and how to optimize scans to protect your network. Thi s chapter cont ains the following sections: • About Content Filtering and Scans • Configure Email Protectio n • Configure W eb and Services Protection • C ...
NETGEAR STM150EW-100NAS - page 193

Content Filtering and Optimizing Scans 193 ProSecure Unified Thr eat Management (UTM) Appliance Note: The UTM can quarantine spa m and malware only if you have integrated a ReadyNAS (see Connect t o a ReadyNAS on p age 459) and configured the quarantine settings (see Configure the Quarantine Settings on p age 460). Default Email and W eb Scan Setti ...
NETGEAR STM150EW-100NAS - page 194

Content Filtering and Optim izing Scans 194 ProSecure Unified Thr eat Management (UTM) Appliance Configure Email P rotection • Customize Email Protocol Scan Se ttings • Customize Email Antivirus and Notifica tion Settings • Email Content Filtering • Protect Against Email Sp am The UTM lets you configure the following settings to p rotect th ...
NETGEAR STM150EW-100NAS - page 195

Content Filtering and Optimizing Scans 195 ProSecure Unified Thr eat Management (UTM) Appliance Note: For information about web protocols and port s, see Customize Web Protocol Scan Setting s on page 210. Figure 108. 2. In the Email section of the screen, select the protocols to scan by selecting the Enable check boxes, and enter the p ort numbers ...
NETGEAR STM150EW-100NAS - page 196

Content Filtering and Optim izing Scans 196 ProSecure Unified Thr eat Management (UTM) Appliance Customize Email Antivirus and Notification Settings Whether or not the UTM detect s an email virus, you can configure it to take a variety of actions (some of the default actions are listed in T able 41 on page 193) and send notifications, emails, or bo ...
NETGEAR STM150EW-100NAS - page 197

Content Filtering and Optimizing Scans 197 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the followin g t able: T able 42. Anti-Virus scree n set tings for email traffic Setting Description Action SMTP The Anti-Virus check box for SMTP is selected by default. When the UTM detects an infected email that i ...
NETGEAR STM150EW-100NAS - page 198

Content Filtering and Optim izing Scans 198 ProSecure Unified Thr eat Management (UTM) Appliance Scan Exceptions The default maximum si ze of the email message that is sca nned is 2048 KB, but you can define a maximum size of up to 10240 KB. However , settin g the maximum size to a high value might affect the UTM’s performance (see Perfor ma nce ...
NETGEAR STM150EW-100NAS - page 199

Content Filtering and Optimizing Scans 199 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Email Content Filtering The UTM provides several options to filter unwanted content f rom emails. Y ou can filter content from emails based on keywords in the subject line, file type of the att achment, and file name ...
NETGEAR STM150EW-100NAS - page 200

Content Filtering and Optim izing Scans 200 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure email content filtering: 1. Select Application Security > Email > Email Filters . The Email Filters screen d isplays: Figure 1 10. ...
NETGEAR STM150EW-100NAS - page 201

Content Filtering and Optimizing Scans 201 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the followin g t able: T abl e 43. Email Filters screen settings Setting Description Email Filters By default, the email filters are blank and enabl ed, that is, the Y es radio button is selected. After you have crea ...
NETGEAR STM150EW-100NAS - page 202

Content Filtering and Optim izing Scans 202 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. P rotect Against Email Spam The UTM integrates multiple antisp am technol ogies to provide comprehensive protection against unwanted email. Y ou can enable all or a combination of these antispam te chnologies. The U ...
NETGEAR STM150EW-100NAS - page 203

Content Filtering and Optimizing Scans 203 ProSecure Unified Thr eat Management (UTM) Appliance This order of implement ation ensures the optimum balance bet ween spam prevention and system performance. For example, if an email or iginates from a whitelisted source , the UTM delivers the email immediately to it s dest inatio n inbox without impleme ...
NETGEAR STM150EW-100NAS - page 204

Content Filtering and Optim izing Scans 204 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure the whitelist and blacklist: 1. Select Application Security > Email > Whitelist/Blacklist . The Whitelist/Blackl ist screen displays. Figure 1 1 1. ...
NETGEAR STM150EW-100NAS - page 205

Content Filtering and Optimizing Scans 205 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the followin g t able: Note: In the fields of the Whitelist/Blacklist screen, use commas to separate multiple entries. For IP addresses, use a hyphen to indicate a range (for example, 192.168 .32.2-192.168.32.8). T a ...
NETGEAR STM150EW-100NAS - page 206

Content Filtering and Optim izing Scans 206 ProSecure Unified Thr eat Management (UTM) Appliance Configure the Real- Time Blacklist Blacklist providers are organizations tha t collect IP addresses of verified open SMTP relays that might be used by spa mmers as media for sending sp am. These known spam relays are compiled by blacklist pr oviders and ...
NETGEAR STM150EW-100NAS - page 207

Content Filtering and Optimizing Scans 207 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete a blacklist provider from the real-time blacklist: 1. In the real-time blacklist, click the Delete table butto n next to the blacklist provider that you want to delete. 2. Click Apply to save your settings. Configure Distributed Spam Analy ...
NETGEAR STM150EW-100NAS - page 208

Content Filtering and Optim izing Scans 208 ProSecure Unified Thr eat Management (UTM) Appliance Figure 1 13. 2. Enter the settings as explained in the following table: T able 45. Distributed Sp am Analysis screen settings Setting Description Distributed Sp am Analysis SMTP Select the SMTP check box to enabl e distributed sp am analysis for the SMT ...
NETGEAR STM150EW-100NAS - page 209

Content Filtering and Optimizing Scans 209 ProSecure Unified Thr eat Management (UTM) Appliance Sensitivity From the Sensitivity drop -dow n list, select the level of sensitivity for the antispam engine that performs the analysis: Low . Medium-Low . Medium . Medium High . This is the default setting. High . Note: A low sensitivity allows more email ...
NETGEAR STM150EW-100NAS - page 210

Content Filtering and Optim izing Scans 210 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. The Distribu ted S pam Analysis section and the Anti-S p am Engine Settings section each have their own Apply and Reset buttons to enable you to change these sections separately . Configure W eb and Services P rotec ...
NETGEAR STM150EW-100NAS - page 211

Content Filtering and Optimizing Scans 21 1 ProSecure Unified Thr eat Management (UTM) Appliance Scanning all protocols enhances ne twork security but might af fect the performance of the UTM. For an optimum balance between security and performance, ena ble scanning of only the most commonly used protocols o n your net work. For example, you can sc ...
NETGEAR STM150EW-100NAS - page 212

Content Filtering and Optim izing Scans 212 ProSecure Unified Thr eat Management (UTM) Appliance service on your network uses both port 80 and port 8080, enter both port numbers in the Ports to Scan field and separate them by a comma. 4. Click Apply to save your settings. Configure HTTPS Smart Block Y ou can block access to HTTPS domains with out e ...
NETGEAR STM150EW-100NAS - page 213

Content Filtering and Optimizing Scans 213 ProSecure Unified Thr eat Management (UTM) Appliance 2. In the HTTPS Smart Block Port section of the screen, enter up to five port numbers, s ep a ra te d by co m ma s, f or wh i c h y ou wan t t h e HTTPS Smart Block feature to function. Each port number needs to be between 1 and 65535. By default, the fe ...
NETGEAR STM150EW-100NAS - page 214

Content Filtering and Optim izing Scans 214 ProSecure Unified Thr eat Management (UTM) Appliance Figure 1 17. The HTTPS Smart Block Profiles table sh ows all the configured profiles, whether enabled or disabled. The HTTPS Smart Block List shows all the prof iles that ar e enabled globally . By default, the t able contains the All Doma ins profile. ...
NETGEAR STM150EW-100NAS - page 215

Content Filtering and Optimizing Scans 215 ProSecure Unified Thr eat Management (UTM) Appliance  T o change a profile: 1. In t he Ac tio n c ol um n of th e HTTPS Smart Block Profiles table, cl ic k th e Edit t able button for the profile that you want to change. The A d d o r E di t H TT PS S ma rt Bl oc k Pr o fi le sc re en displays (see Figu ...
NETGEAR STM150EW-100NAS - page 216

Content Filtering and Optim izing Scans 216 ProSecure Unified Thr eat Management (UTM) Appliance Configure W eb Malware or Antivirus Scans Whether or not the UTM detect s web-based malware threat s, you can configure it to take a variety of actions (some of t he default actions are listed in T able 41 on page 193) and send notifications, emails, or ...
NETGEAR STM150EW-100NAS - page 217

Content Filtering and Optimizing Scans 217 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the followin g t able: 3. Click Apply to save your settings. T able 47. Anti-Virus screen setting s for HTTP/HTTPS traffic Setting Description Action HTTP and HTTPS Action The Anti-Virus check boxes for HTTP and HTTP ...
NETGEAR STM150EW-100NAS - page 218

Content Filtering and Optim izing Scans 218 ProSecure Unified Thr eat Management (UTM) Appliance Configure W eb Content Filtering If you want to restrict access by inte rnal LAN users to certain types of information and objects on the Internet, use the UT M’s content filtering and web object s filtering. Except for the web content categories that ...
NETGEAR STM150EW-100NAS - page 219

Content Filtering and Optimizing Scans 219 ProSecure Unified Thr eat Management (UTM) Appliance Note: Y ou can bypass any type of web blocking for truste d hosts by addin g the exact matching domain names to the trusted host list (see Specify T rusted Hosts for HTTPS Scanning on page 235). Access to the domains on the trusted host list is allowed f ...
NETGEAR STM150EW-100NAS - page 220

Content Filtering and Optim izing Scans 220 ProSecure Unified Thr eat Management (UTM) Appliance Figure 120. Content filtering, screen 2 of 3 ...
NETGEAR STM150EW-100NAS - page 221

Content Filtering and Optimizing Scans 221 ProSecure Unified Thr eat Management (UTM) Appliance Figure 121. Content filterin g, screen 3 of 3 2. Enter the settings as explained in the followin g t able: T able 48. Content Filtering screen settin gs Setting Description Content Filterin g Log HTTP T raffic Se lect this check box to log HTTP traffic. ...
NETGEAR STM150EW-100NAS - page 222

Content Filtering and Optim izing Scans 222 ProSecure Unified Thr eat Management (UTM) Appliance Block Files with the Following Extensions By default, the File Extension field lists the most common fi le extensio ns. Y ou can manually add or delete extensions . Use commas to separate dif ferent extensions. Y ou can enter a maximum of 4 0 file exten ...
NETGEAR STM150EW-100NAS - page 223

Content Filtering and Optimizing Scans 223 ProSecure Unified Thr eat Management (UTM) Appliance Select the Web Categories Y ou Wish to Block Select the Enab le Blocking check box to enable blocking of web categories. (By d efault, this check box is selected.) Select the check boxes of any web ca tegories that you want to block. Us e the action butt ...
NETGEAR STM150EW-100NAS - page 224

Content Filtering and Optim izing Scans 224 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Note: When the UTM blocks access to a link of a cert ain blocked web category , the UTM displays an HTML warning screen th at includes a link to submit a URL misclassifia tion. T o submit a misclassified or uncatego ...
NETGEAR STM150EW-100NAS - page 225

Content Filtering and Optimizing Scans 225 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure web URL filtering: 1. Select Application Securi ty > HTTP/HTTPS > URL Filtering . The URL Filtering screen displays. Figure 122. ...
NETGEAR STM150EW-100NAS - page 226

Content Filtering and Optim izing Scans 226 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the following table: T able 49. URL Filtering screen settings Setting Description Whitelist Enable Select this check box to bypass scanning of the URLs that are listed in the URL field. Users are allo wed to access ...
NETGEAR STM150EW-100NAS - page 227

Content Filtering and Optimizing Scans 227 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. URL (continued) Delete T o delete one or more URLs, highlight the URLs, and cl ick the Delete table button. Export T o export the URLs, click the Ex port table button, and follow the instructions of your browser . Ad ...
NETGEAR STM150EW-100NAS - page 228

Content Filtering and Optim izing Scans 228 ProSecure Unified Thr eat Management (UTM) Appliance Configure HTTPS Scanning and SSL Certificates • How HTTPS Scanning Works • Configure the HTTPS Scan Settings • Manage SSL Certificates for HTTPS Scanning • Specify T rusted Hosts for HTTPS Scanning • Configure the SSL Setting s for HTTPS Scann ...
NETGEAR STM150EW-100NAS - page 229

Content Filtering and Optimizing Scans 229 ProSecure Unified Thr eat Management (UTM) Appliance During SSL authentication, the HTTPS client authen ticates three items: • Is the SSL certificate trusted? • Has the SSL certificate expired? • Does the name on the SSL certificate match that of the website? If one of these items is not aut henticat ...
NETGEAR STM150EW-100NAS - page 230

Content Filtering and Optim izing Scans 230 ProSecure Unified Thr eat Management (UTM) Appliance Configure the HTTPS Scan Settings  T o configure the HTTPS scan settings: 1. Select Application Security > HTTP/HTTPS > HT TPS Settings . The HTTPS Settings screen displays: Figure 12 5. 2. Enter the settings as explained in the following table ...
NETGEAR STM150EW-100NAS - page 231

Content Filtering and Optimizing Scans 231 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Manage SSL Certificates for HTTPS Scanning Note: For information about digit al certificates for VPN connections, see Manage Digital Certificates fo r VPN Connections on page 419. Before enabling HTTPS scanning, you ...
NETGEAR STM150EW-100NAS - page 232

Content Filtering and Optim izing Scans 232 ProSecure Unified Thr eat Management (UTM) Appliance recommends that you replace this digital certificat e with a digit al certificate from a well-known commercial certification authority (CA) such as an interna l Windows server or an external organization such as V eriSign or Thawte. Becaus e a commercia ...
NETGEAR STM150EW-100NAS - page 233

Content Filtering and Optimizing Scans 233 ProSecure Unified Thr eat Management (UTM) Appliance  T o download the current certificate into your browser: 1. Click Download for Browser Import . 2. Follow the instructions of your b rowser to save the Roo tCA.crt file on your computer .  T o reload the default NETGEAR certificate: 1. Select the U ...
NETGEAR STM150EW-100NAS - page 234

Content Filtering and Optim izing Scans 234 ProSecure Unified Thr eat Management (UTM) Appliance The T rusted Certificates table cont ains the trusted certificates from third-party we bsites that are signed by the certification authorities. The UTM comes st andard with trusted certificates that are preloaded in the T rusted Certificates table.  ...
NETGEAR STM150EW-100NAS - page 235

Content Filtering and Optimizing Scans 235 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete an untrusted certificate: 1. From the Exceptions - Untrusted Certificates But Granted Access table, select the certificate. 2. Click Delete Selected .  T o move an untrusted certificate to the T rusted Certificate Authorities t able: 1. ...
NETGEAR STM150EW-100NAS - page 236

Content Filtering and Optim izing Scans 236 ProSecure Unified Thr eat Management (UTM) Appliance Figure 13 0. 2. Enter the settings as explained in the following table: 3. Click Apply to save your settings. T able 51. T rusted Hosts s creen settings Setting Description Do Not Intercept HT TPS Connection s for the followi ng Host s Enable Select thi ...
NETGEAR STM150EW-100NAS - page 237

Content Filtering and Optimizing Scans 237 ProSecure Unified Thr eat Management (UTM) Appliance Configure the SSL Settings for HTTPS Scanning  T o configure the SSL settings for HTT PS scanning: 1. Select Application Security > SSL Settings > SSL Settings . The SSL Sett ings screen displays . Figure 131. 2. Enter the settings as explained ...
NETGEAR STM150EW-100NAS - page 238

Content Filtering and Optim izing Scans 238 ProSecure Unified Thr eat Management (UTM) Appliance Configure FTP Scanning • Customize FTP Antivirus Settings • Configure FTP Content Filtering Some malware threat s are specifically deve loped to spread through th e FTP protocol. By default, the UTM scans FTP traf fic, but you can disable scanning o ...
NETGEAR STM150EW-100NAS - page 239

Content Filtering and Optimizing Scans 239 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Configure FTP Content Filtering  T o configure the FTP filters: 1. Select Application Securi ty > FTP > FTP Filters . The FTP Filters screen disp lays: Figure 133. 2. Enter the settings as explained in the f ...
NETGEAR STM150EW-100NAS - page 240

Content Filtering and Optim izing Scans 240 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Configure Application Control Application control enables you to safegua rd data, protect users, and enhance productivity . Y ou can control multiple applications in the following ca tegories: • Instant messaging ...
NETGEAR STM150EW-100NAS - page 241

Content Filtering and Optimizing Scans 241 ProSecure Unified Thr eat Management (UTM) Appliance • Private protocols • Social networks Control is set for entire categories of a pplic ations (for example, to block gaming during business hours), for individual applications (for example, to allow Skype but blo ck some other applications), or for a ...
NETGEAR STM150EW-100NAS - page 242

Content Filtering and Optim izing Scans 242 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure an application control profile and enable application c ontrol: 1. Select Application Security > Applica tion Control . The Application Control screen displays. (The following figure cont ains an ex ample in the Applica tion Control ...
NETGEAR STM150EW-100NAS - page 243

Content Filtering and Optimizing Scans 243 ProSecure Unified Thr eat Management (UTM) Appliance Figure 135. 3. Configure the common settings in the uppe r part of the screen as explained in the following tab l e: T able 55. Common settings on the Add or Edit Application Control Profile screen Setting Description Name A name of the profile for i den ...
NETGEAR STM150EW-100NAS - page 244

Content Filtering and Optim izing Scans 244 ProSecure Unified Thr eat Management (UTM) Appliance 4. In the lower part of the screen, select the categories of applications and individual applications that you want to include in the profile by using the following methods: • T o select one or more categories of applications: In the left p ane, selec ...
NETGEAR STM150EW-100NAS - page 245

Content Filtering and Optimizing Scans 245 ProSecure Unified Thr eat Management (UTM) Appliance 5. In the Active Categories and Individual Applications t able, set t he po li cy f or e a ch s e le ct e d category of applications and individual application by clicking th e Edit table button to the right of each selection. The Application Control Pol ...
NETGEAR STM150EW-100NAS - page 246

Content Filtering and Optim izing Scans 246 ProSecure Unified Thr eat Management (UTM) Appliance 6. Configure the policy as explained in the following table: T able 56. Application Control Policy pop-up screen settings Setting Description Policy for a catego r y of application s Application Policy Fro m the drop-down list, select the action fo r th ...
NETGEAR STM150EW-100NAS - page 247

Content Filtering and Optimizing Scans 247 ProSecure Unified Thr eat Management (UTM) Appliance 7. Click Apply to save the policy settings. The pop-up screen closes. 8. Repeat St e p 5 through St ep 7 for other selections in the Active Categories and Individual Applications table. 9. On the Add or Edit Application Control Profile screen, click Appl ...
NETGEAR STM150EW-100NAS - page 248

Content Filtering and Optim izing Scans 248 ProSecure Unified Thr eat Management (UTM) Appliance 2. Modify the settings that you wish to change (see the previous procedure). 3. Click Apply to s av e y o ur ch a ng es . T he m od if i ed application control profile is di sp la ye d i n the Global Application Control Profile table or the Application ...
NETGEAR STM150EW-100NAS - page 249

Content Filtering and Optimizing Scans 249 ProSecure Unified Thr eat Management (UTM) Appliance • A combination of file extensions and protoco ls • One URL or URL expression • One built-in web category group or built-in individual web category T o further refine exception rules, you can crea te custom categories th at allow you to include eit ...
NETGEAR STM150EW-100NAS - page 250

Content Filtering and Optim izing Scans 250 ProSecure Unified Thr eat Management (UTM) Appliance 2. Under the File Extension table at the bottom of the screen, click the Add table button to specify an exception rule. The Add or Edit Exceptions screen displays. The content of the lower part of the screen depends on the selectio n of the Category dro ...
NETGEAR STM150EW-100NAS - page 251

Content Filtering and Optimizing Scans 251 ProSecure Unified Thr eat Management (UTM) Appliance • File Extension . Figure 140. Add or edit exceptions : file extensions • HTTPS Smart Block . Figure 141. Add or edit excepti ons: HTTPS Smart Block ...
NETGEAR STM150EW-100NAS - page 252

Content Filtering and Optim izing Scans 252 ProSecure Unified Thr eat Management (UTM) Appliance • URL Filtering . Figure 142. Add or edit exceptions: URL filtering • Web Category . Figure 143. Add or edit exception s: web categories 4. Complete the fields and make your selections from the drop-down lists as explained in the following table: T ...
NETGEAR STM150EW-100NAS - page 253

Content Filtering and Optimizing Scans 253 ProSecure Unified Thr eat Management (UTM) Appliance Domain User/Group Click the Edit button to open the Applies T o pop-up screen, which lets you configure a domain, group, or individu al user to which t he exception needs to ap ply (see the screen later in this table). If applicable, on the Applies T o s ...
NETGEAR STM150EW-100NAS - page 254

Content Filtering and Optim izing Scans 254 ProSecure Unified Thr eat Management (UTM) Appliance Domain User/Grou p (continued) Local Groups Do the following: 1. From the Name drop-down list, select a local group. 2. Click the Apply button to apply the exception to the selecte d local group. Y ou can specify lo cal groups on the Groups screen (see ...
NETGEAR STM150EW-100NAS - page 255

Content Filtering and Optimizing Scans 255 ProSecure Unified Thr eat Management (UTM) Appliance Domain User/Group (continued) Custom Groups Do the following: 1. From the Name drop-down list, select a custom group. 2. Click the Apply button to apply the exception to the selected grou p. Y ou can specify custo m groups on the Custom Group s screen (s ...
NETGEAR STM150EW-100NAS - page 256

Content Filtering and Optim izing Scans 256 ProSecure Unified Thr eat Management (UTM) Appliance Category (and related information) (continued) File Extensions The acti on applies to one or more file extensions and one or more protocols, which you need to specify onscreen: 1. File Extensi ons . Manually enter up to 40 file extensions. Use commas to ...
NETGEAR STM150EW-100NAS - page 257

Content Filtering and Optimizing Scans 257 ProSecure Unified Thr eat Management (UTM) Appliance 5. Click Apply to save your settings. The new exception rule is added to the associated table on the Exceptions screen and is enabled by default. T o return to the Exceptions screen without adding the rule, click Cancel . 6. Optional step: If you do not ...
NETGEAR STM150EW-100NAS - page 258

Content Filtering and Optim izing Scans 258 ProSecure Unified Thr eat Management (UTM) Appliance Create Custom Categories for Exception s for W eb and Application Access Use custom categories to set exceptions for web a nd application access on the Exceptions screen (see Set Exception Rules for W eb and Application Access on page 248). Each custom ...
NETGEAR STM150EW-100NAS - page 259

Content Filtering and Optimizing Scans 259 ProSecure Unified Thr eat Management (UTM) Appliance • Application . Figure 145. Custom categories: applications • URL Filtering . Figure 146. Custom ca tegories: URL filtering ...
NETGEAR STM150EW-100NAS - page 260

Content Filtering and Optim izing Scans 260 ProSecure Unified Thr eat Management (UTM) Appliance • Web Category . Figure 147. Cu stom categorie s: web categories 4. Complete the fields and make your selections from the drop-down lists as explained in the following table: T able 58. Custom Categories screen settings Setting Description Name A name ...
NETGEAR STM150EW-100NAS - page 261

Content Filtering and Optimizing Scans 261 ProSecure Unified Thr eat Management (UTM) Appliance Category T ype (continued) Application (continued) T o remove one or more categories or applica t io ns from the Applications in this Ca tegory table: 1. Select the check boxes that are associated with the catego ries or applications, or select all entri ...
NETGEAR STM150EW-100NAS - page 262

Content Filtering and Optim izing Scans 262 ProSecure Unified Thr eat Management (UTM) Appliance 5. Click Apply to save your settings. The new ca tegory is added to the Custom Categories table. T o return to the Custom Categories screen without adding the category , click Cancel .  T o change an existing custom category: 1. In the Action column ...
NETGEAR STM150EW-100NAS - page 263

Content Filtering and Optimizing Scans 263 ProSecure Unified Thr eat Management (UTM) Appliance Figure 148. 2. In the Add Scanning Exclusions section of the screen, specify an exclusion rule as explained in the following table: 3. In the Add column, click the Add table button to add the exclusion rule to the Scanning Exclusions table. The new exclu ...
NETGEAR STM150EW-100NAS - page 264

264 7 7. Vi r t u a l P rivat e N e t wo rk i n g Us in g IPSe c, PPTP , or L 2T P Co nn e ct ion s This chapter describes how to use the IP se cu rity (IPSec) virtual private networking (VPN) features of the UTM to provide secure, en cr ypted communications between your local networ k and a remote network or computer . This chapter contains the fo ...
NETGEAR STM150EW-100NAS - page 265

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 265 ProSecure Unified Thr eat Management (UTM) Appliance balancing mode if t he IP addresses are st atic, but mandatory if the W AN IP addresses are dynamic. See Vi rtual Private Networks on pag e 629 for more information about th e IP addressing requirement s for VPNs in the dual ...
NETGEAR STM150EW-100NAS - page 266

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 266 ProSecure Unified Thr eat Management (UTM) Appliance Use the IPSec VPN Wizard for Client and Gateway Configurations • Create Gateway-to-Gateway VPN T unnels with the Wizard • Create a Client-to-Gateway VPN T unnel Y ou can use the IPSec VPN Wizard to configure multiple gat ...
NETGEAR STM150EW-100NAS - page 267

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 267 ProSecure Unified Thr eat Management (UTM) Appliance • Multiple W AN port models. A drop-down list to select the W AN interface, a check box to enable VPN rollover , and another drop-down list to select a W AN inte rface for VPN rollover . If the multiple W A N port model is ...
NETGEAR STM150EW-100NAS - page 268

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 268 ProSecure Unified Thr eat Management (UTM) Appliance Figure 15 3. The VPN Wizard default values screen lists some in correct default values. The correct values are listed in the following t able. T able 61. IPSec VPN Wizard default values for a gatewa y-to-gateway tunnel Setti ...
NETGEAR STM150EW-100NAS - page 269

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 269 ProSecure Unified Thr eat Management (UTM) Appliance 2. Select the radio buttons and complete the fields and as explained in the followin g t able: Key group DH-Group 2 (1024 bit) NetBIOS Enabled T able 62. IPSec VPN Wizard s ettings for a ga teway-to-gateway tunnel Setting Des ...
NETGEAR STM150EW-100NAS - page 270

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 270 ProSecure Unified Thr eat Management (UTM) Appliance Tip: T o ensure that tunnels stay active, af ter completing the wizard, manually edit the VPN policy to enable keep-ali ves, which periodically sends ping packet s to the host on the peer side of th e network to keep the tun ...
NETGEAR STM150EW-100NAS - page 271

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 271 ProSecure Unified Thr eat Management (UTM) Appliance Figure 155. b. Locate the policy in the t able, and click the Connect t able button. The IPSec VPN connection becomes active. Note: When using FQDNs, if the Dynamic DNS service is slow to u pdate its servers when your DHCP W ...
NETGEAR STM150EW-100NAS - page 272

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 272 ProSecure Unified Thr eat Management (UTM) Appliance Use the VPN Wizard to Configure the Gateway for a Client T unnel  T o set up a client-to-gateway VPN tunnel using the VPN Wizard: 1. Select VPN > IPSec VPN > VPN W izard . The VPN Wizard screen displays (see the fol ...
NETGEAR STM150EW-100NAS - page 273

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 273 ProSecure Unified Thr eat Management (UTM) Appliance T o display the wizard default settings, cli ck the VPN W i zard defa ult values option arrow in the upper right of the screen. A pop-up scree n displa ys (see Figure 153 on p ag e 268), showing the wizard default values. The ...
NETGEAR STM150EW-100NAS - page 274

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 274 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. The IPSec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen. By de fault, the VPN policy is enable d. This VPN tunnel will use following local WAN Inte ...
NETGEAR STM150EW-100NAS - page 275

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 275 ProSecure Unified Thr eat Management (UTM) Appliance Figure 158. Note: When you are using FQDNs and a Dy namic DNS (DDNS) service, if the DDNS service is slow to update it s servers when your DHCP W AN address changes, the VPN tunnel fails because the FQDNs do not resolve to yo ...
NETGEAR STM150EW-100NAS - page 276

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 276 ProSecure Unified Thr eat Management (UTM) Appliance Use the NETGEAR VPN Client Wizard to C reate a Se cure Connection The VPN client lets you set up the VPN connection manually (see Manually Create a Secure Connection Using the NETGEAR VPN Client on p age 280) or with the int ...
NETGEAR STM150EW-100NAS - page 277

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 277 ProSecure Unified Thr eat Management (UTM) Appliance Figure 160. 3. Select the A router or a VPN gatew ay radio button, and click Next . The VPN tunnel paramete rs wizard screen (screen 2 of 3) displays. Figure 161. 4. S pecify the following VPN tunnel parameters: • IP or DNS ...
NETGEAR STM150EW-100NAS - page 278

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 278 ProSecure Unified Thr eat Management (UTM) Appliance Figure 16 2. 6. This screen is a summary screen of the new VPN conf iguration. Click Finish . 7. S pecify the local and remote IDs: a. In the tree list pa ne of the Configuration Panel screen, click Ga teway (the default nam ...
NETGEAR STM150EW-100NAS - page 279

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 279 ProSecure Unified Thr eat Management (UTM) Appliance c. S pecify the settings that are explained in the following t able. 8. Configure the global parameters: a. Click Global Parameters in the lef t column of the Configuration Panel screen. The Global Parameters p ane displays i ...
NETGEAR STM150EW-100NAS - page 280

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 280 ProSecure Unified Thr eat Management (UTM) Appliance Figure 16 4. b. S pecify the default lifetimes in seconds: • Authentication (IKE) , Default . The default lifetime va lue is 3600 seconds. Change this setting to 28800 se conds to match the configuration of the UTM. • En ...
NETGEAR STM150EW-100NAS - page 281

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 281 ProSecure Unified Thr eat Management (UTM) Appliance Configure the Authentication Settings (Pha se 1 Settings)  T o create new authentication settings: 1. Right-click the VPN client icon in yo ur Windows system tray , and select Configuration Panel . The Configuration Panel ...
NETGEAR STM150EW-100NAS - page 282

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 282 ProSecure Unified Thr eat Management (UTM) Appliance Note: This is the name for the authentication phase t hat is used only for the VPN client, not during IKE negotiation. You can view and change this name in the tree list pane. This name needs to be a unique name. The Authent ...
NETGEAR STM150EW-100NAS - page 283

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 283 ProSecure Unified Thr eat Management (UTM) Appliance 5. Click Apply to use the new settings immediately , and click Save to keep the settings for future use. 6. Click the Advanced tab in the Authentication p ane. The Adv an c ed p ane displays. Figure 168. 7. S pecify the setti ...
NETGEAR STM150EW-100NAS - page 284

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 284 ProSecure Unified Thr eat Management (UTM) Appliance 8. Click Apply to use the new settings immediat ely , and click Save to keep the set tings for future use. Create the IPSec Configuration (Ph ase 2 Settings) Note: On the UTM, the IPSec configuration (phase 2 settin gs) is r ...
NETGEAR STM150EW-100NAS - page 285

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 285 ProSecure Unified Thr eat Management (UTM) Appliance Figure 169. 3. S pecify the settings that are explained in the following table. T abl e 69. VPN client IP Sec configuration settings Setting Description VPN Client address Either enter 0.0.0.0 as the IP address, or enter a vi ...
NETGEAR STM150EW-100NAS - page 286

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 286 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to use the new settings immediat ely , and click Save to keep the set tings for future use. Configure the Global Parameters  T o specify the global p arameters: 1. Click Global Parameters in the left col um ...
NETGEAR STM150EW-100NAS - page 287

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 287 ProSecure Unified Thr eat Management (UTM) Appliance T est the Connection and View Connection and Status Information • T est the NETGEAR VPN Client Connection • NETGEAR VPN Client S tatus and Log Information • V iew the UTM IPSec VPN Connection S tatus • V iew the UTM I ...
NETGEAR STM150EW-100NAS - page 288

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 288 ProSecure Unified Thr eat Management (UTM) Appliance Perform one of the following t asks: - Double-click Gateway-T unnel . - Right-click Gateway-T unnel , and select Open tunnel . - Click Gateway-T unnel , and press Ctrl+O . Figure 17 2. • Use the system-tray icon . Right-cl ...
NETGEAR STM150EW-100NAS - page 289

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 289 ProSecure Unified Thr eat Management (UTM) Appliance NETGEAR VPN Client Status and Log Information  T o view det ailed negotiation and error info rmation about the NETGEAR VPN client: Right-click the VPN client icon in the system tray , and select Console . The VPN Client Co ...
NETGEAR STM150EW-100NAS - page 290

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 290 ProSecure Unified Thr eat Management (UTM) Appliance The Active IPSec SA(s) table list s each active connection with the information that is described in the following t able. The default poll interval is 5 seconds. T o change the poll interval period, enter a new value in t h ...
NETGEAR STM150EW-100NAS - page 291

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 291 ProSecure Unified Thr eat Management (UTM) Appliance Figure 178. Manage IPSec VPN and IKE P olicies • Manage IKE Policies • Manage VPN Policies After you have used th e VPN Wiza rd to se t up a VPN tu nnel, a VPN policy and an IKE policy are stored in sep arate policy t abl ...
NETGEAR STM150EW-100NAS - page 292

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 292 ProSecure Unified Thr eat Management (UTM) Appliance Manage IKE P olicies The Internet Key Exchange (IKE) proto col performs negotiations between the two VPN gateways and provides automa tic management of the ke ys that are used for IPSec connections. It is import ant to remem ...
NETGEAR STM150EW-100NAS - page 293

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 293 ProSecure Unified Thr eat Management (UTM) Appliance Figure 179. Each policy cont ains the dat a that are explai ned in the following t able. These fields are explained in more det ail in T able 72 on page 296. T abl e 71. List of IKE Policies table information Setting Descript ...
NETGEAR STM150EW-100NAS - page 294

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 294 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more IKE polices: 1. Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all IKE policies. 2. Click the Delete table button. For infor ...
NETGEAR STM150EW-100NAS - page 295

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 295 ProSecure Unified Thr eat Management (UTM) Appliance Figure 180. ...
NETGEAR STM150EW-100NAS - page 296

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 296 ProSecure Unified Thr eat Management (UTM) Appliance 3. Complete the fields, select the radio buttons, and make your selections from the drop-down lists as explained in the following table: T able 72. Add IKE Policy screen sett ings Setting Description Mode Config Record Do yo ...
NETGEAR STM150EW-100NAS - page 297

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 297 ProSecure Unified Thr eat Management (UTM) Appliance Identifier T ype From the drop-down list, select on e of the following ISAKMP i dentifiers to be used by the UTM, and then specify the iden ti fier in the Identifier field: • Local W AN IP . T he W AN IP ad dress of the UTM ...
NETGEAR STM150EW-100NAS - page 298

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 298 ProSecure Unified Thr eat Management (UTM) Appliance Authentication Method Select one of the following radio buttons to specify the authenti cation method: • Pre-shared key . A secret that is sha red between the UTM and the remote endpoint. • RSA-Signature . Uses the activ ...
NETGEAR STM150EW-100NAS - page 299

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 299 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The IKE po licy is added to the List of IKE Policies table.  T o edit an IKE policy: 1. Select VPN > IPSec VPN . The IPSec VPN submenu t abs display with the IKE Policies screen in ...
NETGEAR STM150EW-100NAS - page 300

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 300 ProSecure Unified Thr eat Management (UTM) Appliance Manage VPN P olicies Y ou can create two types of VPN policies. When you use the VPN Wizard to create a VPN policy , only the Auto method is available. • Manual . Y ou manually enter all settings (includi ng the keys) for ...
NETGEAR STM150EW-100NAS - page 301

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 301 ProSecure Unified Thr eat Management (UTM) Appliance Figure 181. Each policy cont ains the dat a that are explai ned in the following t able. These fields are explained in more det ail in T able 74 on page 304. T a ble 73. Lis t of VPN Policies table information Setting Descrip ...
NETGEAR STM150EW-100NAS - page 302

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 302 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more VPN polices: 1. Select the check box to the left of each policy that you want to delete, or click the Select All table button to select all VPN po licies. 2. Click the Delete table button.  T o ...
NETGEAR STM150EW-100NAS - page 303

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 303 ProSecure Unified Thr eat Management (UTM) Appliance Figure 182. ...
NETGEAR STM150EW-100NAS - page 304

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 304 ProSecure Unified Thr eat Management (UTM) Appliance 3. Complete the fields, select the radio buttons and check boxes, and make your selections from the drop-down lists as explained in the following t a ble: T able 74. Add New VPN Policy screen settings Setting Description Gen ...
NETGEAR STM150EW-100NAS - page 305

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 305 ProSecure Unified Thr eat Management (UTM) Appliance Enable Keepalive Note: See also Configure Keep-Alives and Dead Peer Detection on page 328. Select a radio button to specify if keep-alive is enabled: • Ye s . This feature i s enabled: Periodically , th e UTM sends keep-a l ...
NETGEAR STM150EW-100NAS - page 306

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 306 ProSecure Unified Thr eat Management (UTM) Appliance Encryption Algorithm From the drop-down list, sele ct one of the following five algorithms to negotiate the security association (SA): • DES . Data Encryption S tandard (DES). • 3DES . T riple DES. This is the default al ...
NETGEAR STM150EW-100NAS - page 307

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 307 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table. Auto Policy Paramete rs Note: These fields apply only when you select Auto Poli cy as the policy type. SA Lifetime The lifetime ...
NETGEAR STM150EW-100NAS - page 308

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 308 ProSecure Unified Thr eat Management (UTM) Appliance  T o edit a VPN policy: 1. Select VPN > IPSec VPN > VPN Policies . The VPN Policies screen d isplays (see Figure 181 on p age 301). 2. In the List of VPN Policies table, click the Edit table button to the right of t ...
NETGEAR STM150EW-100NAS - page 309

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 309 ProSecure Unified Thr eat Management (UTM) Appliance Configure XA UTH for VPN Clients Once the XAUTH has been enabled, you need to est ablish user accounts in the user database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or RADIUS-P AP server . Note: ...
NETGEAR STM150EW-100NAS - page 310

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 310 ProSecure Unified Thr eat Management (UTM) Appliance User Database Configuration When XAUTH is enabled in an Edge Device configuration, users need to be authenticated either by a local user databa se account or by an external RADIUS server . Whether or not you use a RADIUS ser ...
NETGEAR STM150EW-100NAS - page 311

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 31 1 ProSecure Unified Thr eat Management (UTM) Appliance 2. Complete the fields and select the radio buttons as explained in the following table: 3. Click Apply to save your settings. Note: Y ou can select the RADIUS authentication protocol (P AP or CHAP) on the Edit IKE Policy sc ...
NETGEAR STM150EW-100NAS - page 312

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 312 ProSecure Unified Thr eat Management (UTM) Appliance Assign IP Addresses to R e mote Users (Mode Config) • Mode Config Operation • Configure Mode Config Operation on the UTM • Configure the ProSafe VPN Client for Mode Config Operat ion • T est the Mode Config Connectio ...
NETGEAR STM150EW-100NAS - page 313

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 313 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure Mode Config on the UTM: 1. Select VPN > IPSec VPN > Mode Config . The Mode Config screen displays: Figure 184. As an example, the screen shows two Mode Config record s with the name s EMEA Sales and NA ...
NETGEAR STM150EW-100NAS - page 314

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 314 ProSecure Unified Thr eat Management (UTM) Appliance Figure 18 5. 3. Complete the fields, select the check box, and make your selections from the drop-down lists as explained in the following table: T able 77. Add Mode Config Record screen settings Setting Description Client P ...
NETGEAR STM150EW-100NAS - page 315

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 315 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedure by configuring an IKE policy . 5. Select VPN > IP Sec VPN ...
NETGEAR STM150EW-100NAS - page 316

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 316 ProSecure Unified Thr eat Management (UTM) Appliance 6. Under the List of IKE Policies table, click the Add table button. The Add IKE Policy screen displays. (The following figure shows the upper part only of a multiple W AN port model screen.) The W AN drop-down list (next to ...
NETGEAR STM150EW-100NAS - page 317

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 317 ProSecure Unified Thr eat Management (UTM) Appliance Note: The IKE policy settings that are expla ined i n th e fo l lo wi ng t ab le are specifically for a Mode Config configuratio n. T able 72 on page 296 explains the general IKE policy settings. T able 78. IKE policy setting ...
NETGEAR STM150EW-100NAS - page 318

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 318 ProSecure Unified Thr eat Management (UTM) Appliance IKE SA Parameters Note: Generally, the default settings wo rk we ll for a Mode Config configuration. Encryption Algorithm T o negotiate the security asso ciation (SA), from the drop-down list, select the 3DES algorithm. Auth ...
NETGEAR STM150EW-100NAS - page 319

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 319 ProSecure Unified Thr eat Management (UTM) Appliance 8. Click Apply to save your settings. The IKE po licy is added to the List of IKE Policies table. Configure the ProSafe VPN Client for Mode Config Operation When the Mode Config feature is enab led, the following information ...
NETGEAR STM150EW-100NAS - page 320

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 320 ProSecure Unified Thr eat Management (UTM) Appliance Note: Perform these tasks from a comp uter that has the NETGEAR ProSafe VPN Client inst alled. T o configure the VPN client for Mode Config op eration, create authentication settings (phase 1 settings), create an associated ...
NETGEAR STM150EW-100NAS - page 321

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 321 ProSecure Unified Thr eat Management (UTM) Appliance Figure 188. 3. Change the name of the authentication phase (the def ault is Gateway): a. Ri g h t- c li c k th e authentication phase na m e . b. Select Rename . c. T ype GW _ModeConfig . d. Click anywhere in the tree list p ...
NETGEAR STM150EW-100NAS - page 322

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 322 ProSecure Unified Thr eat Management (UTM) Appliance 4. S pecify the settings that are explained in the following table. 5. Click Apply to use the new settings immediat ely , and click Save to keep the set tings for future use. 6. Click the Advanced t ab in the Authentication ...
NETGEAR STM150EW-100NAS - page 323

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 323 ProSecure Unified Thr eat Management (UTM) Appliance 7. S pecify the settings that are explaine d in the following table. 8. Click Apply to use the new settings immediately , and click Save to keep the settings for future use. Create the Mode Config IPSec Configuration (Ph ase ...
NETGEAR STM150EW-100NAS - page 324

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 324 ProSecure Unified Thr eat Management (UTM) Appliance Note: This is the name for the IPSec configuration t hat is used only for the VPN client, not during IPSec negotiati on. You can view and chang e this name in the tree list pane. This name needs to be a unique name. The IPSe ...
NETGEAR STM150EW-100NAS - page 325

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 325 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to use the new settings immediately , and click Save to keep the settings for future use. Configure the Mode Config Global Parameters  T o specify the global p arameters: 1. Click Global Parameters in the le ...
NETGEAR STM150EW-100NAS - page 326

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 326 ProSecure Unified Thr eat Management (UTM) Appliance 2. S pecify the following default lifetimes in seconds t o m at c h th e c o nf ig u ra ti o n on th e U TM : • Authentication (IKE) , Default . Enter 3600 se conds. • Encryption (IPSec) , Default . Enter 3600 second s. ...
NETGEAR STM150EW-100NAS - page 327

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 327 ProSecure Unified Thr eat Management (UTM) Appliance Figure 195. 3. From the client computer , ping a computer on the UTM LAN. Modify or Delete a Mode Config R ecord Note: Before you modify or delete a Mode Config record, make sure that it is not used in an IKE policy .  T o ...
NETGEAR STM150EW-100NAS - page 328

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 328 ProSecure Unified Thr eat Management (UTM) Appliance Configure K eep -Alives and Dead P eer Detection • Configure Keep-Alives • Configure Dead Peer Detection In some cases, you might not want a VPN tunnel to be discon nected when traf fic is idle, for example, when client- ...
NETGEAR STM150EW-100NAS - page 329

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 329 ProSecure Unified Thr eat Management (UTM) Appliance 3. Enter the settings as explained in the followin g t able: 4. Click Apply to save your settings. Configure Dead P eer Detection The Dead Peer Detection (DPD) feature le ts the UTM ma intain the IKE SA by exchanging periodic ...
NETGEAR STM150EW-100NAS - page 330

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 330 ProSecure Unified Thr eat Management (UTM) Appliance 3. In the IKE SA Pa rameters section of the screen, locate the DPD fields, an d complete the fields as explained the following table: 4. Click Apply to save your settings. Configure NetBIOS Bridging with IPSec VPN Windows ne ...
NETGEAR STM150EW-100NAS - page 331

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 331 ProSecure Unified Thr eat Management (UTM) Appliance Figure 198. 3. Select the Enable NetBIOS check box. 4. Click Apply to save your settings. Configure the PPTP Server As an alternate solution to IPSec VPN and L2 TP tunnels, you can configure a Point-to -Point T unnel Protoco ...
NETGEAR STM150EW-100NAS - page 332

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 332 ProSecure Unified Thr eat Management (UTM) Appliance  T o enable the PPTP server and configure the PPTP server pool, authentication , and encryption: 1. Select VPN > PPTP Server . The PPTP Server screen displays: Figure 19 9. 2. Enter the settings as explained in the fol ...
NETGEAR STM150EW-100NAS - page 333

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 333 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. View the Active PPTP Users  T o view the active PPTP tunnel users: Select Monitoring > Active Users & VPNs > PPTP Active Users . The PPTP Active Users screen displays: Figure ...
NETGEAR STM150EW-100NAS - page 334

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 334 ProSecure Unified Thr eat Management (UTM) Appliance The List of PPTP Active Users t able lists each ac tive connection with the info rmation that is described in the following t able. The default poll interval is 5 seconds. T o change the poll interval period, enter a new val ...
NETGEAR STM150EW-100NAS - page 335

Virtu al Private Networking Using IPSec, PPTP , or L2TP Connections 335 ProSecure Unified Thr eat Management (UTM) Appliance Figure 201. 2. Enter the settings as explained in the followin g t able: 3. Click Apply to save your settings. T a ble 86. L2T P Server scree n settings Setting Description L2TP Server Enable L2T P Server T o enable the L 2TP ...
NETGEAR STM150EW-100NAS - page 336

Virtual P rivate Networking Usin g IPSec, PPTP , or L2TP Connections 336 ProSecure Unified Thr eat Management (UTM) Appliance View the Active L2TP Users  T o view the active L2TP tunnel users: Select Monitoring > Active Users & VPNs > L2TP Active Users . The L2TP Active Users screen displays: Figure 20 2. The List of L2TP Active Users ...
NETGEAR STM150EW-100NAS - page 337

337 8 8. Vi r t u a l P rivat e N e t wo rk i n g Us i ng SSL Co n n ec t ion s The UTM provides a hardware-based SSL VPN solution designed specifically to p rovide remote access for mobile users to corporate or co mme rcial resources, byp assing the need for a preinstalled VPN client o n their computers. Us ing the familiar Secure Socket s Layer ( ...
NETGEAR STM150EW-100NAS - page 338

Virtual Private Networ king Using SSL Connections 338 ProSecure Unified Thr eat Management (UTM) Appliance • SSL port forwarding . Like an SSL VPN tunnel, port forwarding is a web-based client that is installed transp arently and then creates a virtual, encrypted tunnel to the remote network. However , port forwarding dif fers from an SSL VPN tun ...
NETGEAR STM150EW-100NAS - page 339

Virtual Private Networking Using SSL Connections 339 ProSecure Unified Thr eat Management (UTM) Appliance 2. Select the SSL VPN Wizard radio button. 3. Click Next . The first SSL VPN Wizard screen displays. The following sections explain the five confi guration screens o f the SSL VPN Wiza rd. On the sixth screen, you can save your SSL VPN p olicy ...
NETGEAR STM150EW-100NAS - page 340

Virtual Private Networ king Using SSL Connections 340 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: Do not enter an existing port al layout name in the Port al Layout Name field; otherwise, the SSL VPN W izard fails when yo u attempt to apply the settings (although the UTM doe s not reboot in this situation). If you leave the Port ...
NETGEAR STM150EW-100NAS - page 341

Virtual Private Networking Using SSL Connections 341 ProSecure Unified Thr eat Management (UTM) Appliance After you have complete d the steps in the SSL VPN Wizard, you can chan ge the portal settings by selecting VPN > SSL VPN > Port al Layout . For more information about porta l settings, see Manually Create or Mo dify the Portal Layout on ...
NETGEAR STM150EW-100NAS - page 342

Virtual Private Networ king Using SSL Connections 342 ProSecure Unified Thr eat Management (UTM) Appliance SSL VPN Wizard Step 2 of 6 (Domain Settings) Figure 20 5. Enter the settings as explained in the fo llowing table, and t hen click Next to go the following screen. Note: If you leave the Domain Name fie ld blank, the SSL VPN Wizard uses the de ...
NETGEAR STM150EW-100NAS - page 343

Virtual Private Networking Using SSL Connections 343 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: Do not enter an existing domain name i n the Domain Name field; otherwise, the SSL VPN Wizard fa ils when you attempt to apply the settings and the UTM reboot s to recover it s configuration. T able 89. SSL VPN Wizard Step 2 of 6 scre ...
NETGEAR STM150EW-100NAS - page 344

Virtual Private Networ king Using SSL Connections 344 ProSecure Unified Thr eat Management (UTM) Appliance Authentication T ype (continued) • WIKID-CHAP . WiKID Systems CHAP . Complete the following fi elds: - Authentication Server - Authentication Secret - Radius Port - Repeat - T imeout • MIAS-P AP . Microsoft Internet Authentication Service ...
NETGEAR STM150EW-100NAS - page 345

Virtual Private Networking Using SSL Connections 345 ProSecure Unified Thr eat Management (UTM) Appliance Portal The portal that you selected on the first SSL VPN Wizard scree n. Y ou cannot change the portal on this screen; the portal is disp layed for information only . Authentication Serve r All authentication types except the Local User Databas ...
NETGEAR STM150EW-100NAS - page 346

Virtual Private Networ king Using SSL Connections 346 ProSecure Unified Thr eat Management (UTM) Appliance After you have completed the step s in the SSL VPN Wizard, you can change t he domain settings by selecting Users > Domains . For mo re information about domain settings, see Configure Domains on page 388. Search Base LDAP and Active Direct ...
NETGEAR STM150EW-100NAS - page 347

Virtual Private Networking Using SSL Connections 347 ProSecure Unified Thr eat Management (UTM) Appliance SSL VPN Wizard Step 3 of 6 (User Settings) Figure 206. Note that the previous figure cont ains an exam ple. Enter the settings as explained in the following t able, and then click Next to go the following screen. W ARNING: Do not enter an exist ...
NETGEAR STM150EW-100NAS - page 348

Virtual Private Networ king Using SSL Connections 348 ProSecure Unified Thr eat Management (UTM) Appliance After you have completed the step s in the SSL VPN Wizard, you can change t he user settings or add more users fo r this portal by selecting Users > Users . For more information about user settings, see Config ure User Account s on pa ge 40 ...
NETGEAR STM150EW-100NAS - page 349

Virtual Private Networking Using SSL Connections 349 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: Do not enter an existing route for a VPN tunnel client in the Destination Network and Subnet Mask fields; otherwise, the SSL VPN Wizard fails when yo u attempt to apply the settings and the UTM reboot s to recover it s configuration. ...
NETGEAR STM150EW-100NAS - page 350

Virtual Private Networ king Using SSL Connections 350 ProSecure Unified Thr eat Management (UTM) Appliance SSL VPN Wizard Step 5 of 6 (P ort Forwa rding) Note: This screen displays only if you have selected the Port Forward ing check box on the SSL VPN Wizard S tep 1 of 6 screen (see Figure 204 on page 339). Figure 20 8. Note that the previous figu ...
NETGEAR STM150EW-100NAS - page 351

Virtual Private Networking Using SSL Connections 351 ProSecure Unified Thr eat Management (UTM) Appliance After you have complete d the steps in the SSL VPN Wizard, you can chan ge the client IP address range and routes by selecting VPN > SSL VPN > Port Forwarding . For more information about po rt-forwarding settings, see Configure Applicati ...
NETGEAR STM150EW-100NAS - page 352

Virtual Private Networ king Using SSL Connections 352 ProSecure Unified Thr eat Management (UTM) Appliance Figure 20 9. ...
NETGEAR STM150EW-100NAS - page 353

Virtual Private Networking Using SSL Connections 353 ProSecure Unified Thr eat Management (UTM) Appliance Click Apply to save your settings. If the setting s are accepted by the UTM, a message Operation Succeeded d isplays at the top of the screen, an d the Welcome to th e Netgear Configuration Wizard screen displays ag ain (see Figure 203 on pa ge ...
NETGEAR STM150EW-100NAS - page 354

Virtual Private Networ king Using SSL Connections 354 ProSecure Unified Thr eat Management (UTM) Appliance Figure 21 1. 3. T o verify access, enter the user name and password that you created with the SSL VPN Wizard. Note: Any user for whom you have set up a user account that is linked to the domain for the portal and who has knowledge of the porta ...
NETGEAR STM150EW-100NAS - page 355

Virtual Private Networking Using SSL Connections 355 ProSecure Unified Thr eat Management (UTM) Appliance Figure 212. Figure 213. A portal screen displays a simple menu that provides the SSL user with the following menu selections: • VPN T unnel . Provides full network connectivity . • Port Forwarding . Provides access to the network service s ...
NETGEAR STM150EW-100NAS - page 356

Virtual Private Networ king Using SSL Connections 356 ProSecure Unified Thr eat Management (UTM) Appliance Note: The first time that a user attempt s to connect through the VPN tunnel, the NETGEAR SSL VPN tunnel adapte r is installed; the first time that a user attempts to connect through the port-forwarding tunnel, the NETGEAR port-forwarding engi ...
NETGEAR STM150EW-100NAS - page 357

Virtual Private Networking Using SSL Connections 357 ProSecure Unified Thr eat Management (UTM) Appliance View the UTM SSL VPN Log  T o query the SSL VPN log: 1. Select Monitoring > Logs & Report s > Logs Query . The Logs Query screen displa ys. 2. From the Log T ype drop-down, select SSL VPN . The SSL VPN logs d isplay . Figure 215. M ...
NETGEAR STM150EW-100NAS - page 358

Virtual Private Networ king Using SSL Connections 358 ProSecure Unified Thr eat Management (UTM) Appliance 2. Create authentication domains, user groups, and user accounts (see Configure Domains, Groups, and Users on p age 362) a. Create one or more authentication domains f or authentication of SSL VPN users. When remote users log in to the UTM, th ...
NETGEAR STM150EW-100NAS - page 359

Virtual Private Networking Using SSL Connections 359 ProSecure Unified Thr eat Management (UTM) Appliance Manually Create or Modify the P ortal Layout The Portal Layouts screen that you can access from the SSL VPN con figuration menu allows you to create a custom p age that remote users see when th ey log in to the port al. Because the page is cust ...
NETGEAR STM150EW-100NAS - page 360

Virtual Private Networ king Using SSL Connections 360 ProSecure Unified Thr eat Management (UTM) Appliance The List of Layout s table disp lays the fo llowing fields: • Layout Name . The descrip tive name of the portal. • Description . The banner message that is displayed at the top of the portal (see Figure 21 1 on page 354). • Use Count . T ...
NETGEAR STM150EW-100NAS - page 361

Virtual Private Networking Using SSL Connections 361 ProSecure Unified Thr eat Management (UTM) Appliance 3. Complete the fields and select the check boxes as explained in the following table: T able 93. Add Portal Layout screen setting s Setting Description Port al Layout and Theme Name Portal Layout Name A descriptive name for the portal layout. ...
NETGEAR STM150EW-100NAS - page 362

Virtual Private Networ king Using SSL Connections 362 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The new portal layout is added to the List of Layouts table. For information about how to display the new portal layout, see Access the New SSL VPN Portal on p age 353.  T o edit a port al layout: 1. On ...
NETGEAR STM150EW-100NAS - page 363

Virtual Private Networking Using SSL Connections 363 ProSecure Unified Thr eat Management (UTM) Appliance Configure Applications for P ort Forwarding Port forwarding provides access to specific defined network se rvices. T o define these services, you need to specify the internal server addresses and port numbers for TCP applications that are inter ...
NETGEAR STM150EW-100NAS - page 364

Virtual Private Networ king Using SSL Connections 364 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click the Add table button. The new application entry is added to the List of Configured Applications for Port Forwarding table. Remote users can now securely access network applications once they have logged in to the SSL VPN portal and la ...
NETGEAR STM150EW-100NAS - page 365

Virtual Private Networking Using SSL Connections 365 ProSecure Unified Thr eat Management (UTM) Appliance 2. In the Add New Host Name for Port Forwarding section of the screen, specify inf ormation in the following fields: • Local Server IP Ad dress . The IP address of a n internal server or host computer that you want to name. • Fully Qualifie ...
NETGEAR STM150EW-100NAS - page 366

Virtual Private Networ king Using SSL Connections 366 ProSecure Unified Thr eat Management (UTM) Appliance Configure the Client IP Address Range First determine the address range to be assig ned to VPN tunnel clients, and the n define the address range.  T o define the client IP address range: 1. Select VPN > SSL VPN > SSL VPN Client . The ...
NETGEAR STM150EW-100NAS - page 367

Virtual Private Networking Using SSL Connections 367 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. VPN tunnel clients are now able to connect to the UTM and receive a virtual IP address in the client address range. Add Routes for VPN T unnel Clients The VPN tunnel client s assume that the following netwo ...
NETGEAR STM150EW-100NAS - page 368

Virtual Private Networ king Using SSL Connections 368 ProSecure Unified Thr eat Management (UTM) Appliance  T o change the specifications of an existing route and to delet e an old route: 1. Add a new route to the Configured Client Ro utes table. 2. In the Configured Client Routes table, to the right of the route that is out-of-date, click the D ...
NETGEAR STM150EW-100NAS - page 369

Virtual Private Networking Using SSL Connections 369 ProSecure Unified Thr eat Management (UTM) Appliance Use Network R esource Objects to Simplify P olicies Network resources are g roups of IP addresses, IP address ranges, and services. By defin ing resource object s, you can more quickly create and config ure network policies. Y ou do not need to ...
NETGEAR STM150EW-100NAS - page 370

Virtual Private Networ king Using SSL Connections 370 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more network resources: 1. Select the check box to the left of each network re source that you want to delete, or click the Select All table button to select all network re sources. 2. Click the Delete table button. Edit ...
NETGEAR STM150EW-100NAS - page 371

Virtual Private Networking Using SSL Connections 371 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The new configuration is added to the Defined Resource Addresses table. T o delete a configuration from the Defined Resource Addresses table, click the Delete table button to the right of the configuration ...
NETGEAR STM150EW-100NAS - page 372

Virtual Private Networ king Using SSL Connections 372 ProSecure Unified Thr eat Management (UTM) Appliance For example, assume the follow ing global p olicy configuration: • Policy 1. A Deny rule has been configured to block all services to the IP address range 10.0.0.0–10.0.0.255. • Policy 2. A Deny rule has been configured to block FTP acce ...
NETGEAR STM150EW-100NAS - page 373

Virtual Private Networking Using SSL Connections 373 ProSecure Unified Thr eat Management (UTM) Appliance View P olicies  T o view the existing policies: 1. Select VPN > SSL VPN . The SSL VPN submenu tabs display , with the Policies screen in view . (The following figure shows some examples.) Figure 223. 2. Make your selection from the follow ...
NETGEAR STM150EW-100NAS - page 374

Virtual Private Networ king Using SSL Connections 374 ProSecure Unified Thr eat Management (UTM) Appliance . Figure 22 4. 3. Select the radio buttons, complete the fields, and make your selection from the drop-down lists as explained in the following table: T able 97. Add SSL VPN Policy screen settin gs Setting Description Policy For Select one of ...
NETGEAR STM150EW-100NAS - page 375

Virtual Private Networking Using SSL Connections 375 ProSecure Unified Thr eat Management (UTM) Appliance Apply Policy For (continued) Network Resource Policy N ame A descrip tive name of the SSL VPN policy for identification and management purpose s. Defined Resources From the drop-down list, select a network resou rce that you have defined on the ...
NETGEAR STM150EW-100NAS - page 376

Virtual Private Networ king Using SSL Connections 376 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click App ly to save your settings. The policy is ad ded to the List of SSL VPN Policie s table on the Policies screen. The new policy goes into effect immediately . Note: If you have configured SSL VPN user policies, ensure that HTTPS remo ...
NETGEAR STM150EW-100NAS - page 377

Virtual Private Networking Using SSL Connections 377 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more SSL VPN policies: 1. On the Policies screen (see Figure 223 on page 373), select the check box to the left of each SSL VPN policy that you want to delete, or click the Select All t able button to select all policies. ...
NETGEAR STM150EW-100NAS - page 378

378 9 9. Manage Us er s , A ut hen tica tion , an d VPN Cert i f icates This chapter describes how to manage users, aut henticat ion, and security certificates for IPSec VPN and SSL VPN. This chapter cont ains the following sections: • Authentication Process and Options • Configure Authentication Domains, Groups, and Users • Manage Digital Ce ...
NETGEAR STM150EW-100NAS - page 379

Manage Users, Authentica tion, and VPN Certificates 379 ProSecure Unified Thr eat Management (UTM) Appliance The UTM support s security policies that are based on an Active Directory with single sign-on (SSO) through the use of the DC agent and a dditi onal Lightweigh t Directory Access Protocol (LDAP) configuration options (see Configure Authentic ...
NETGEAR STM150EW-100NAS - page 380

Manage Users, Authentication, and VPN Certificates 380 ProSecure Unified Thr eat Management (UTM) Appliance Configure Authentication Do mains, Groups, and Users • Login Portals • Active Directories and LDAP Configurations • Configure Domains • Configure Groups • Configure Custom Groups • Configure User Account s • Set User Login Polic ...
NETGEAR STM150EW-100NAS - page 381

Manage Users, Authentica tion, and VPN Certificates 381 ProSecure Unified Thr eat Management (UTM) Appliance Figure 225. Users with Special A ccess Privileges Users who have a computer behind the UTM a nd who are assigned access policies that diffe r from the UTM’s default email and web access policies (see Set Exception Rules for Web a nd Applic ...
NETGEAR STM150EW-100NAS - page 382

Manage Users, Authentication, and VPN Certificates 382 ProSecure Unified Thr eat Management (UTM) Appliance Figure 22 6. The User Portal Login screen displays three links: • Download CA certificate . The first time that a user remotely conn ects to a UTM with a browser through an SSL connection, he or she might get a warning message about the SSL ...
NETGEAR STM150EW-100NAS - page 383

Manage Users, Authentica tion, and VPN Certificates 383 ProSecure Unified Thr eat Management (UTM) Appliance Figure 227. If you do not use the DC agent in your configuration (see DC Agent on p age 409), after completing a session, a user needs to log out manually by following these step s: 1. Return to the User Portal Log in screen (see Figure 226 ...
NETGEAR STM150EW-100NAS - page 384

Manage Users, Authentication, and VPN Certificates 384 ProSecure Unified Thr eat Management (UTM) Appliance For information about how to configure and modi fy accounts for users wit h special access privileges, see the following sections: • Configure User Account s • Set User Login Policies • Change Passwords and Other User Setting s Unauthen ...
NETGEAR STM150EW-100NAS - page 385

Manage Users, Authentica tion, and VPN Certificates 385 ProSecure Unified Thr eat Management (UTM) Appliance • An OU is created in the root node (for e xample, dc=compan yname, dc=com) of the hierarchy . In a company AD, an OU often represent s a regional office or dep artment. • A group is created under cn=users. • A user is created under ea ...
NETGEAR STM150EW-100NAS - page 386

Manage Users, Authentication, and VPN Certificates 386 ProSecure Unified Thr eat Management (UTM) Appliance Figure 22 8. 4. T o verify Jamie Hanson’s user login name, click the Account tab. The account properties for Jamie Hanson display . Figure 22 9. 5. Log in to the UTM. ...
NETGEAR STM150EW-100NAS - page 387

Manage Users, Authentica tion, and VPN Certificates 387 ProSecure Unified Thr eat Management (UTM) Appliance 6. Select Users > Domains . 7. Click Add . The Add Domain screen displays. 8. Enter testAD.com in the Domain Name field. 9. From the Authentication T ype drop -down list, select Active Directory . 10. Select a previously configured portal ...
NETGEAR STM150EW-100NAS - page 388

Manage Users, Authentication, and VPN Certificates 388 ProSecure Unified Thr eat Management (UTM) Appliance Figure 23 1. 14. Complete the remaining fields and drop-down list as needed. 15. Click Apply to save your settings. Configure Domains The domain determines the authen tication method to be used f or associated users. For SSL connections, the ...
NETGEAR STM150EW-100NAS - page 389

Manage Users, Authentica tion, and VPN Certificates 389 ProSecure Unified Thr eat Management (UTM) Appliance The List of Domains t able displays the domains with the following fields: • Check box . Allows you to select the d omain in the table. • Domain Name . The name of the domain. The default domain name (geardomain) is appended by an asteri ...
NETGEAR STM150EW-100NAS - page 390

Manage Users, Authentication, and VPN Certificates 390 ProSecure Unified Thr eat Management (UTM) Appliance 3. Enter the settings as explained in the following table: T able 99. Add Domain screen settings Setting Description Domain Name A descriptive (alphanumeric) name of the domain for identi fication and management purposes. Authentication T ype ...
NETGEAR STM150EW-100NAS - page 391

Manage Users, Authentica tion, and VPN Certificates 391 ProSecure Unified Thr eat Management (UTM) Appliance Authentication T ype (continued) Note: If you select any type of RADIUS authenticati on, make sure that one or more RADIUS servers are config ured (s ee RADIUS Client and Server Configuration on page 310). • MIAS-P AP . Microso ft Internet ...
NETGEAR STM150EW-100NAS - page 392

Manage Users, Authentication, and VPN Certificates 392 ProSecure Unified Thr eat Management (UTM) Appliance Authentication Secret All RADIUS, WiKID, and MIAS authentication types The authentication secret or password that is required to access the authentication se rver for RADIUS, WiKID, or MIAS authentication. Workgroup NT Domain only The workg r ...
NETGEAR STM150EW-100NAS - page 393

Manage Users, Authentica tion, and VPN Certificates 393 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The domain is added to the List of Domains table. 5. If you use local authentication, make sure that it is not disabled: in the Local Aut hentication section of the Domain screen (see Figure 232 on page ...
NETGEAR STM150EW-100NAS - page 394

Manage Users, Authentication, and VPN Certificates 394 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more domains: 1. In the List of Domains t able, select the check box to the left of each domain that you want to delete, or click the Select All t able button to select all domains. Y ou cannot delete a default domain. 2 ...
NETGEAR STM150EW-100NAS - page 395

Manage Users, Authentica tion, and VPN Certificates 395 ProSecure Unified Thr eat Management (UTM) Appliance Create and Delete Groups  T o create a VPN group: 1. Select Users > Groups . The Group s screen displays. (The following figure shows the UTM’s default grou p—geardomain—and, as an example, several other group s in the List of Gr ...
NETGEAR STM150EW-100NAS - page 396

Manage Users, Authentication, and VPN Certificates 396 ProSecure Unified Thr eat Management (UTM) Appliance 2. In the Add New Group section of th e screen, enter the sett ings a s explaine d in the following table: 3. Click the Add table button. The new group is added to the List of Groups t able.  T o delete one or more group s: 1. In the List ...
NETGEAR STM150EW-100NAS - page 397

Manage Users, Authentica tion, and VPN Certificates 397 ProSecure Unified Thr eat Management (UTM) Appliance Figure 235. Except for group s that are associated with domains that u se the LDAP authentication method, you can modify only the idle time-out settings. Y ou can never modify the Group Name and Group’ s Auth T ype fields. 3. Modify the id ...
NETGEAR STM150EW-100NAS - page 398

Manage Users, Authentication, and VPN Certificates 398 ProSecure Unified Thr eat Management (UTM) Appliance Figure 23 6. 2. Under the Custom Groups table, click the Add table button to specify a custom group. The Add Custom Group screen displays: Figure 23 7. ...
NETGEAR STM150EW-100NAS - page 399

Manage Users, Authentica tion, and VPN Certificates 399 ProSecure Unified Thr eat Management (UTM) Appliance 3. Complete the fields and make your selections from the drop-down lists as explained in the following table: T able 101. Add Custom Group screen settings Setting Description Name A na me of the custom group for identification and management ...
NETGEAR STM150EW-100NAS - page 400

Manage Users, Authentication, and VPN Certificates 400 ProSecure Unified Thr eat Management (UTM) Appliance 4. After you have specified all members o f the custom group, click Appl y to save your sett ings. The new custom group is added to the Custom Groups table. T o return to the Custom Groups screen without adding the group, click Cancel .  T ...
NETGEAR STM150EW-100NAS - page 401

Manage Users, Authentica tion, and VPN Certificates 401 ProSecure Unified Thr eat Management (UTM) Appliance Configure User Accounts The UTM support s both unauthenticated and a uthenticated users: • Unauthenticated users . Anonymous users who do not log in to the UTM a nd to which the UTM’ s default email and web access policies apply . • Au ...
NETGEAR STM150EW-100NAS - page 402

Manage Users, Authentication, and VPN Certificates 402 ProSecure Unified Thr eat Management (UTM) Appliance Figure 23 8. The List of Users t able displays th e users and has the following fields: • Check box . Allows you to select the user in th e table. • Name . The name of the user . If the user name is appended by an asterisk, the user is a ...
NETGEAR STM150EW-100NAS - page 403

Manage Users, Authentica tion, and VPN Certificates 403 ProSecure Unified Thr eat Management (UTM) Appliance 3. Enter the settings as explained in the followin g t able: 4. Click Apply to save your settings. The user is added to the List of Users table.  T o delete one or more user account s: 1. In the List of User s table, select the check box ...
NETGEAR STM150EW-100NAS - page 404

Manage Users, Authentication, and VPN Certificates 404 ProSecure Unified Thr eat Management (UTM) Appliance Set User Login P olicies Y ou can restrict the ability of defined users to log in to the UTM’ s web manage ment interface. Y ou can also require or prohibit logging in from certain IP addresses or from p articular browsers. Note: User logon ...
NETGEAR STM150EW-100NAS - page 405

Manage Users, Authentica tion, and VPN Certificates 405 ProSecure Unified Thr eat Management (UTM) Appliance Configure L ogin Restrictio ns Based on IP Address  T o restrict logging in based on IP addre ss: 1. Select Users > Users . The Users screen displays (see Figure 238 on page 402). 2. In the Action column of the List of Users table, cli ...
NETGEAR STM150EW-100NAS - page 406

Manage Users, Authentication, and VPN Certificates 406 ProSecure Unified Thr eat Management (UTM) Appliance 6. In the Add Defined Addresses section of the screen, add an address to the Defined Addresses table by entering the settings as explained in the following table: 7. Click the Add table button. The address is added to the Defined Addresses ta ...
NETGEAR STM150EW-100NAS - page 407

Manage Users, Authentica tion, and VPN Certificates 407 ProSecure Unified Thr eat Management (UTM) Appliance Figure 242. 4. In the Defined Browsers S tatus section of the screen, select one of the following radio buttons: • Deny Login from Defined Browsers . Deny logg ing in from the browsers in the Defined Browsers table. • Allow Login only fr ...
NETGEAR STM150EW-100NAS - page 408

Manage Users, Authentication, and VPN Certificates 408 ProSecure Unified Thr eat Management (UTM) Appliance Change P asswords and Other User Settings For any user , you can change the p assword, user type, and idle time-o ut settings. Only administrators have read/write access. All o ther users have read-only access. Note: The default administrator ...
NETGEAR STM150EW-100NAS - page 409

Manage Users, Authentica tion, and VPN Certificates 409 ProSecure Unified Thr eat Management (UTM) Appliance 3. Modify the settings as explained in the following t able: 4. Click Apply to save your settings. DC Agent If you set up an open ne twork, you would want to allow unauthenticated users to surf anonymously . For a secure network, you would u ...
NETGEAR STM150EW-100NAS - page 410

Manage Users, Authentication, and VPN Certificates 410 ProSecure Unified Thr eat Management (UTM) Appliance Note: The DC agent does not function with LDAP domain users. The DC agent monitors all Windows login even ts (that is, all AD domain use r authentications) on the DC server , and provides a mapping of Windows user names and IP addresses to th ...
NETGEAR STM150EW-100NAS - page 411

Manage Users, Authentica tion, and VPN Certificates 41 1 ProSecure Unified Thr eat Management (UTM) Appliance  T o download ProSecure DC Agent sof tware and add a DC agent: 1. Select Users > DC Agent . The DC Agen t screen displays: Figure 244. 2. Under the List of DC Agents t able, click the Download/Install link to download the ProSecure DC ...
NETGEAR STM150EW-100NAS - page 412

Manage Users, Authentication, and VPN Certificates 412 ProSecure Unified Thr eat Management (UTM) Appliance 4. On the DC Agent screen (see F igure 244 on page 41 1), complete the fields and make your selections from the drop-down lists as explained in the following table: 5. T o add the newly configured DC agent to the List of DC Agent(s) table, cl ...
NETGEAR STM150EW-100NAS - page 413

Manage Users, Authentica tion, and VPN Certificates 413 ProSecure Unified Thr eat Management (UTM) Appliance b. Click the Add table button to add a domain. The Add Domain screen displays: Figure 246. c. Enter the following settings: • In the Domain Name field, enter T est_Domain . • From the Authentication T ype drop-down list, select Active Di ...
NETGEAR STM150EW-100NAS - page 414

Manage Users, Authentication, and VPN Certificates 414 ProSecure Unified Thr eat Management (UTM) Appliance 2. Add a DC agent on the UTM50: a. Select Users > DC Agent . The DC Agent screen displays: Figure 24 7. b. In the Domain field, enter T est_Domain . c. In the Action column, click Add . 3. Add the IP address of the UTM50 on t he ProSecure ...
NETGEAR STM150EW-100NAS - page 415

Manage Users, Authentica tion, and VPN Certificates 415 ProSecure Unified Thr eat Management (UTM) Appliance Configure RADIUS VLANs Y ou can use a RADIUS virtual LAN (VLAN) to set web access exceptions and provide a n added layer of security .  T o do so, follow this procedure: 1. S pecify a RADIUS server (see RADIUS Client and Server Configurat ...
NETGEAR STM150EW-100NAS - page 416

Manage Users, Authentication, and VPN Certificates 416 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click the Add table button. The new VLAN is added to the List of VLAN t able. T o delete a user from the List of VLAN t able, click the Delete t able button in the Action column for the VLAN that you want to delete. Configure Global User S ...
NETGEAR STM150EW-100NAS - page 417

Manage Users, Authentica tion, and VPN Certificates 417 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save the session settings. 5. Locate the Users Portal Login Settings section on screen. S pecify the defau lt domain settings: • From the Default Domain drop-down list , select a domain that you previously configured on t ...
NETGEAR STM150EW-100NAS - page 418

Manage Users, Authentication, and VPN Certificates 418 ProSecure Unified Thr eat Management (UTM) Appliance  T o view all or selected users: 1. On the Active Users screen (s ee the previous figure), select one of the following radio buttons: • Vie w A l l . This selection returns all active us ers after you click the Search button. • Search ...
NETGEAR STM150EW-100NAS - page 419

Manage Users, Authentica tion, and VPN Certificates 419 ProSecure Unified Thr eat Management (UTM) Appliance The List of Users t able di splays the following fields: • IP Addre ss . The IP address that is associated with the user . • Domain . The domain to which the user belong s. • User . The user name. • Group s . The group s to which the ...
NETGEAR STM150EW-100NAS - page 420

Manage Users, Authentication, and VPN Certificates 420 ProSecure Unified Thr eat Management (UTM) Appliance On the UTM, the uploaded digit al certificate is checked for validity and purpose. The digit al certificate is accepted when it p asses the vali dity test and the purpose matches its use. Th e check for the purpose needs to correspond to its ...
NETGEAR STM150EW-100NAS - page 421

Manage Users, Authentica tion, and VPN Certificates 421 ProSecure Unified Thr eat Management (UTM) Appliance • Active Self Certificates t able . Contains the self-signed certificates that were issued b y CAs and that you uploaded (see Manage Self -Signed Certificates on p age 422). • Self Certificate Request s t able . Contains t he self-signed ...
NETGEAR STM150EW-100NAS - page 422

Manage Users, Authentication, and VPN Certificates 422 ProSecure Unified Thr eat Management (UTM) Appliance  T o upload a digit al certificate of a trusted CA on the UTM: 1. Download a digital ce rtificate file from a trusted CA and store it on your computer . 2. In the Upload T rusted Certificates section of the screen, click the Browse button ...
NETGEAR STM150EW-100NAS - page 423

Manage Users, Authentica tion, and VPN Certificates 423 ProSecure Unified Thr eat Management (UTM) Appliance Generate a CSR and Obtain a Se lf -Signed Certificate from a CA T o use a self-signed certificate, you first need to request the certificate from a CA, and then download and activate the certificate on the UTM. T o request a self-signed cert ...
NETGEAR STM150EW-100NAS - page 424

Manage Users, Authentication, and VPN Certificates 424 ProSecure Unified Thr eat Management (UTM) Appliance 2. In the Generate Self Certificate Request section of the screen, enter the settings a s explained in the following table: 3. Click the Generate table button. A new SCR is created and added to the Self Certificate Requests t able. 4. In the ...
NETGEAR STM150EW-100NAS - page 425

Manage Users, Authentica tion, and VPN Certificates 425 ProSecure Unified Thr eat Management (UTM) Appliance Figure 256. 5. Copy the contents of the Data to supply to CA text field into a text file, including all of the data cont ained from “-----BEGIN CERTIFICA TE REQUEST -----” to “-----END CERTIFICA TE REQUEST -----.” 6. Submit your SCR ...
NETGEAR STM150EW-100NAS - page 426

Manage Users, Authentication, and VPN Certificates 426 ProSecure Unified Thr eat Management (UTM) Appliance  T o delete one or more SCRs: 1. In the Self Certificate Requests table, select the check box to the lef t of each SCR that you want to delete, or click the Se lect All table button to select all SCRs. 2. Click the Delete table button. Vie ...
NETGEAR STM150EW-100NAS - page 427

Manage Users, Authentica tion, and VPN Certificates 427 ProSecure Unified Thr eat Management (UTM) Appliance The Certificate Revocation List s (CRL) t able li st s the active CAs and their critical release dates: • CA Identity . The official name of the CA that issued the CRL. • Last Up date . The date when the CRL was released. • Next Up dat ...
NETGEAR STM150EW-100NAS - page 428

428 10 10. Net w or k and S y stem Managemen t This chapter describes the tools for managing th e network traf fic to optimize its performance and the system management features of the UTM. This chapter cont ains the following sections: • Performance Manageme nt • System Management • Connect to a ReadyNAS and Configure Qu arantine Settings P ...
NETGEAR STM150EW-100NAS - page 429

Network and System Management 429 ProSecure Unified Thr eat Management (UTM) Appliance - Auto-rollover mode (multiple W AN port models only). 1000 Mbps (one active W AN port at 1000 Mbps). - Primary W AN mode (single W AN port models and multiple W AN port models). 1000 Mbps (one active W AN port at 1000 Mbps). In practice, the W AN-side bandwid th ...
NETGEAR STM150EW-100NAS - page 430

Network and System Management 430 ProSecure Unified Thr eat Management (UTM) Appliance The following section summarizes the various criteria that you can app ly to outbound rules in order to reduce traf fic. For more information about outbound rules, see Outbound Rules (Service Blocking) on page 129. For detailed procedures on how to co nfigure out ...
NETGEAR STM150EW-100NAS - page 431

Network and System Management 431 ProSecure Unified Thr eat Management (UTM) Appliance • QoS profile . Y ou can define QoS profiles and then apply them to outbound ru les to regulate the priority of traf fic. For inform ation about how to define QoS profiles, see Create Quality of Service Profiles on p age 169. • T raffic Meter profile . Y ou c ...
NETGEAR STM150EW-100NAS - page 432

Network and System Management 432 ProSecure Unified Thr eat Management (UTM) Appliance - Web services blocking . Y ou can block web services such as instant messaging, peer-to-peer and media applications, and tools. For more information , see Customize Web Protocol Sca n Settings on page 210. - Web ob ject blocki ng . Y ou can block the following w ...
NETGEAR STM150EW-100NAS - page 433

Network and System Management 433 ProSecure Unified Thr eat Management (UTM) Appliance Each rule lets you specify the desired action for the connections covered by the rule: • BLOCK always • ALLOW alway s The following section summarizes the various cr iteria tha t you can apply to inbound rules and that might increase traffic. For more informa ...
NETGEAR STM150EW-100NAS - page 434

Network and System Management 434 ProSecure Unified Thr eat Management (UTM) Appliance • Users allowed . Y ou can specify that the rule applies to individual users in the network, groups in the network, or b oth. T o configure users accounts, see Configure User Accounts o n page 401. T o configure groups, see Configure Gro ups on p age 394 and Co ...
NETGEAR STM150EW-100NAS - page 435

Network and System Management 435 ProSecure Unified Thr eat Management (UTM) Appliance Configure Exposed Hosts S pecifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet for services that you have not yet defined . For an example of how to set up an exposed host, see LAN W A N or DMZ W A N Inbo ...
NETGEAR STM150EW-100NAS - page 436

Network and System Management 436 ProSecure Unified Thr eat Management (UTM) Appliance Monitoring T ools for T raffic Management The UTM includes several tools that can be used to monitor the traf fic conditions of the firewall and content-filtering engine and to monitor the users’ access to th e Internet and the types of traf fic that they are a ...
NETGEAR STM150EW-100NAS - page 437

Network and System Management 437 ProSecure Unified Thr eat Management (UTM) Appliance 2. In the Action column of the List of Users table, click the Edit table button for the user with the name admin. The Edit User screen displays: Figure 259. 3. Select the Check to Edit Password check box. The password fields become available. 4. Enter the old pas ...
NETGEAR STM150EW-100NAS - page 438

Network and System Management 438 ProSecure Unified Thr eat Management (UTM) Appliance Note: For enhanced security , restrict access to as few external IP addresses as practical. • Deny or allow login access from specific browsers. By defa ul t, the administrator can log in from any browser . In general, these policy settings work well fo r an ad ...
NETGEAR STM150EW-100NAS - page 439

Network and System Management 439 ProSecure Unified Thr eat Management (UTM) Appliance 2. Select one of the following radio buttons: • Ye s . Enable HTTPS remote management. This is the default setting. • No . Disable HTTPS remote management. W ARNING: If you are remotely connected to the UTM and yo u select the No radio button, you and all oth ...
NETGEAR STM150EW-100NAS - page 440

Network and System Management 440 ProSecure Unified Thr eat Management (UTM) Appliance Note: If you are unable to connect remotely to the UTM af ter enabling HTTPS remote management, check if other user policie s, such as the default user policy , are preventing access. For access to the UTM’s web management interface, check if administrative acc ...
NETGEAR STM150EW-100NAS - page 441

Network and System Management 441 ProSecure Unified Thr eat Management (UTM) Appliance Figure 261. ...
NETGEAR STM150EW-100NAS - page 442

Network and System Management 442 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the following table: 3. Click Apply to save your settings. T able 108. Global SNMP settings and SNMPv1/v2c settings Setting Description SNMP Global Settings Do Y ou W ant to Enable SNMP? Select one of the following radio butt ...
NETGEAR STM150EW-100NAS - page 443

Network and System Management 443 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure the SNMPv3 settings: 1. Select Administration > SNMP . The SNMP screen displays (see Figure 261 on page 441). 2. In the SNMPv3 Settings section of the screen, click the Add table button to configure a new SNMPv3 user profile. The Add/Edit Use ...
NETGEAR STM150EW-100NAS - page 444

Network and System Management 444 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The SNMPv3 user profile is added to the SNMPv3 Settings table on the SNMP screen. If the global SNMP settings are enabled, the SNMPv3 user profiles in the SNMPv3 Settings table are also enabled. Auth Algorithm T ype From the ...
NETGEAR STM150EW-100NAS - page 445

Network and System Management 445 ProSecure Unified Thr eat Management (UTM) Appliance Th e SNMPv3 Settings table shows the following columns: • User Name . The SNMPv3 user name. • Security Level . The level of security that indicates whethe r authentication and encryption are enabled: - NoAuth, NoPrivate . Both authentication and encryption ar ...
NETGEAR STM150EW-100NAS - page 446

Network and System Management 446 ProSecure Unified Thr eat Management (UTM) Appliance Figure 26 3. Back Up Settings The backup feature saves all UTM settings to a file. These settings include: • Network settings . IP address, subnet ma sk, gateway , and so on. • Scan settings . Services to scan, primary and seconda ry actions, and so on. • U ...
NETGEAR STM150EW-100NAS - page 447

Network and System Management 447 ProSecure Unified Thr eat Management (UTM) Appliance R estore Settings W ARNING: Restore only settings that were backed up from th e same soft ware version. Restoring settings from a di fferent sof tware version can corrupt your backup file o r the UTM system sof tware.  T o restore settings from a backup file: ...
NETGEAR STM150EW-100NAS - page 448

Network and System Management 448 ProSecure Unified Thr eat Management (UTM) Appliance W ARNING: When you press the hardware Factory De fault s reset button or click the sof tware Default button, the UTM settings are erased. All firewall rules, VPN policies, LAN/W AN settings, and other settings are lost. Back up your settings if you i ntend on usi ...
NETGEAR STM150EW-100NAS - page 449

Network and System Management 449 ProSecure Unified Thr eat Management (UTM) Appliance Figure 264. Firmware screen, available versions The Firmware Reboot section shows the following information fields for bot h the active and secondary (that is, nonactive) firmware: • T ype . Active or secondary firmware. • Ve r s i o n . The firmwa re version ...
NETGEAR STM150EW-100NAS - page 450

Network and System Management 450 ProSecure Unified Thr eat Management (UTM) Appliance  T o upgrade the UTM’ s firmware directly from an update server and reboot the UTM: 1. In the Firmware Download section of the Firmware screen, click Query to displ ay the available firmware versions. 2. Select the radio button that corresponds to the firmwa ...
NETGEAR STM150EW-100NAS - page 451

Network and System Management 451 ProSecure Unified Thr eat Management (UTM) Appliance The UTM reboot s automatically . During the reboot process, the Firmware screen remains visible. The reboot process is complete after several minutes when the T est LED on the front panel goes of f and the Firmware screen disappears. W ARNING: Af ter you have st ...
NETGEAR STM150EW-100NAS - page 452

Network and System Management 452 ProSecure Unified Thr eat Management (UTM) Appliance  T o upgrade the UTM’ s firmware from a downloaded file and reboot the UTM: 1. In the Firmware Upload section of the Firmware screen, click Browse to locate and select the previously saved firmware upgrade file (for example, UTM50-Firmware-V3.3.0-17.pkg). No ...
NETGEAR STM150EW-100NAS - page 453

Network and System Management 453 ProSecure Unified Thr eat Management (UTM) Appliance 3. (Optional) T o install the new firmware version and reboot the UTM with the new firmware version as the active firmware, select the Switch to new firm ware automatically after inst allation check box. 4. Click Install Uploaded Firmware . (If you decide that yo ...
NETGEAR STM150EW-100NAS - page 454

Network and System Management 454 ProSecure Unified Thr eat Management (UTM) Appliance Reboot without Changing the F irmware  T o reboot the UTM without changing the firmware: 1. In the Firmware Reboot section of the Firmware screen (see the previo us figure), select the active firmware version by selecting the Activation radio button for the fi ...
NETGEAR STM150EW-100NAS - page 455

Network and System Management 455 ProSecure Unified Thr eat Management (UTM) Appliance Figure 267. The Info section onscreen shows the following information fields for the scan engine firmware and pattern file: • Current V ersion . The version of the files. • Last Up dated . The date of the most recent update. T o update the scan engine firmwar ...
NETGEAR STM150EW-100NAS - page 456

Network and System Management 456 ProSecure Unified Thr eat Management (UTM) Appliance Configure A utomatic Update and Frequency Settings  T o configure the up date settings and frequency settings for automatic downloading o f the scan engine firmware and p attern file: 1. Locate the Update Settings, Frequency Settings, and HTTPS Proxy Settings ...
NETGEAR STM150EW-100NAS - page 457

Network and System Management 457 ProSecure Unified Thr eat Management (UTM) Appliance  T o set time, date, and NTP servers: 1. Select Administration > System Date & T ime . The System Date & Time scree n displays : Figure 268. The bottom of the screen displa ys the current weekday , date, time, time zone, and year (in the example in ...
NETGEAR STM150EW-100NAS - page 458

Network and System Management 458 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Note: If you select the default NTP servers or if you enter a custom server FQDN, the UTM determines the IP address of the NTP se rver by performing a DNS lookup. Before the UTM ca n perform this lookup, you need to configure ...
NETGEAR STM150EW-100NAS - page 459

Network and System Management 459 ProSecure Unified Thr eat Management (UTM) Appliance Log Storage After you have integra ted a ReadyNAS with the UTM—whether or not yo u have configured the quarantine settings—all logs tha t are norm ally stored on the UTM are now st ored on the ReadyNAS. That is, all logs that you can specify on the Email and ...
NETGEAR STM150EW-100NAS - page 460

Network and System Management 460 ProSecure Unified Thr eat Management (UTM) Appliance Figure 26 9. 2. T o connect to the ReadyNAS, select the Ye s radio button. 3. Enter the settings as explained in the following table: 1. Click Apply to save you r settings. Note: For additional information about how to set u p a UTM with a ReadyNAS, see Appendix ...
NETGEAR STM150EW-100NAS - page 461

Network and System Management 461 ProSecure Unified Thr eat Management (UTM) Appliance Figure 270. 2. T o enable the UT M to quarantine files, select the Ye s radio butt on. 3. Enter the settings as explained in the followin g t able: 4. Click Apply to save your settings. T a ble 1 13. Q uarantine s ettings Setting Description Allow anonymous users ...
NETGEAR STM150EW-100NAS - page 462

462 11 11 . Mon it or S y st em A cce ss a n d Pe r f o r m a n c e This chapter describes the system-monitoring features of the UTM. Y ou can be alerted to important event s such as a W A N port rollover , WAN traffic limit s reac hed, login failures, and attacks. Y ou can also view status information about the firewall, W AN ports, LAN port s, ac ...
NETGEAR STM150EW-100NAS - page 463

Monitor System Access and Performance 463 ProSecure Unified Thr eat Management (UTM) Appliance  T o monitor traffic limit s on each of the W AN ports, and for the UTM9S and UTM25S, also on the xDSL (SLOT -1 or SLOT -2) and USB port s: 1. Select Network Config > W AN Metering . On the multiple W AN port models, the W AN Metering tabs display , ...
NETGEAR STM150EW-100NAS - page 464

Monitor System Access and Performance 464 ProSecure Unified Thr eat Management (UTM) Appliance T able 1 14. W AN traffic meter s ett ings Setting Description Enable T raffic Meter Do you want to enable Traffic Metering on W AN1? (multiple W AN port models) or Do you want to enable Traffic Metering on W AN? (single W AN port models) Select one of th ...
NETGEAR STM150EW-100NAS - page 465

Monitor System Access and Performance 465 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. 4. For the multiple W AN port models only , click the W AN2 T raffic Meter , W AN3 T raffic Meter (UTM150 only), or W AN4 T raffic Meter (UTM150 only) submenu tab to display the corresponding W AN T raffic Meter scree ...
NETGEAR STM150EW-100NAS - page 466

Monitor System Access and Performance 466 ProSecure Unified Thr eat Management (UTM) Appliance Configure Logging , Alerts , and Event Notifications • Configure the Email Notification Server • Configure and Activate System, Email, and Syslog Logs • How to Send Syslogs over a VPN T unnel between Sites • Configure and Activate Up date Failure ...
NETGEAR STM150EW-100NAS - page 467

Monitor System Access and Performance 467 ProSecure Unified Thr eat Management (UTM) Appliance Figure 273. 6. Enter the settings as explained in the followin g t able: 7. Click Te s t to ensure that the connection to the server and email address succeeds. 8. Click Apply to save your settings. Configure and Activate System, Email, and Syslog Logs Y ...
NETGEAR STM150EW-100NAS - page 468

Monitor System Access and Performance 468 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure and activate logs: 1. Select Monitoring > Logs & Reports . The Logs & Reports subme nu tabs display , with the Email and Syslog screen in view: Figure 27 4. ...
NETGEAR STM150EW-100NAS - page 469

Monitor System Access and Performance 469 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the followin g t able: T able 1 16. Email and Syslog screen settings Setting Description System Lo gs Option Select the check boxes to spec ify which system events are logged: • Change of Time by NTP . L ogs a messa ...
NETGEAR STM150EW-100NAS - page 470

Monitor System Access and Performance 470 ProSecure Unified Thr eat Management (UTM) Appliance Enable (continued) Select Lo gs to Send (continued) • Service Logs . All events that are related to the status of scanning and filtering services that you access fr om the Application Security main navigation menu. These events include update success me ...
NETGEAR STM150EW-100NAS - page 471

Monitor System Access and Performance 471 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings, or click Clear L og Informa tion to clear t he sele cted logs. How to Send Syslogs over a VPN T unnel between Sites  T o send syslogs from one site to another over a gate way-to-gateway VPN tunnel: 1. At Site 1, se ...
NETGEAR STM150EW-100NAS - page 472

Monitor System Access and Performance 472 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save the settings.  T o change the remote IP address in the VPN policy: 1. Select VPN > IPSec VPN > VPN Policies . The VPN Policy screen displays. 2. Next to the policy name for the Gateway 1–to–Gateway 2 autopolicy , click ...
NETGEAR STM150EW-100NAS - page 473

Monitor System Access and Performance 473 ProSecure Unified Thr eat Management (UTM) Appliance  T o specify the syslog server that is connected to Gate way 1: 1. Select Monitoring > Logs & Report s > Email and Syslog to display the Email and Syslog screen) 2. Enable the syslog server and specify its IP address at Site 1. Enter 192.168. ...
NETGEAR STM150EW-100NAS - page 474

Monitor System Access and Performance 474 ProSecure Unified Thr eat Management (UTM) Appliance Figure 27 5. 2. Enter the settings as explained in the following table: T able 1 17. Alert s screen settings Setting Description Enable T raffic Meter Limit Alerts Select this ch eck box to enable traffic meter limit alerts. This check box is cleared by d ...
NETGEAR STM150EW-100NAS - page 475

Monitor System Access and Performance 475 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Enable Malware Alerts Select this check box to enable malware alerts, and fill in the Subject and Message fields. This check box is cleared by default. Subject Enter the subje ct line for the email al ert. Th e defaul ...
NETGEAR STM150EW-100NAS - page 476

Monitor System Access and Performance 476 ProSecure Unified Thr eat Management (UTM) Appliance Configure and Activate Firewall Logs Y ou can configure the logging options for eac h network segment. For example, the UTM can log accepted pa ckets for LAN-to-W AN traffic, dropped p ackets for W AN-to-DMZ traffic, and so on. Y ou can also configure log ...
NETGEAR STM150EW-100NAS - page 477

Monitor System Access and Performance 477 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click Apply to save your settings. Monitor R eal- Time T raffic, Security , and Statistics The Dashboard screen le ts you mon itor the real-time security scanning st atus with detected network threat s, detected network traf fic, and se rvice statist i ...
NETGEAR STM150EW-100NAS - page 478

Monitor System Access and Performance 478 ProSecure Unified Thr eat Management (UTM) Appliance Figure 277. Dashboard, screen 1 of 3 T o clear the st atistics, click Clea r St atistics . ...
NETGEAR STM150EW-100NAS - page 479

Monitor System Access and Performance 479 ProSecure Unified Thr eat Management (UTM) Appliance  T o set the poll interval: 1. Click the Sto p button. 2. From the Poll Interval drop-down list, select a new interval. The minimum is 5 seconds; the maximum is 5 minutes. 3. Click the Set Interval button. The following ta ble explains the fields of th ...
NETGEAR STM150EW-100NAS - page 480

Monitor System Access and Performance 480 ProSecure Unified Thr eat Management (UTM) Appliance Figure 278. Dashboard, screen 2 of 3 Threats (Count s) This is a graphic that shows the relative number of threats and access violations over the last week, using different colors for the various components, most of which are self-explanatory: Email Filte ...
NETGEAR STM150EW-100NAS - page 481

Monitor System Access and Performance 481 ProSecure Unified Thr eat Management (UTM) Appliance The following ta ble explains the fields of the Most Recent 5 and T op 5 sections of the Dashboard screen: T able 120. Dashboard screen: most recen t 5 th reat s and top 5 threats inf ormation Category Most recent 5 threats description T o p 5 threats des ...
NETGEAR STM150EW-100NAS - page 482

Monitor System Access and Performance 482 ProSecure Unified Thr eat Management (UTM) Appliance Figure 279. Dashboard, screen 3 of 3 The following t able explains the fields of the Service S tatistics section of the Dashboard screen: T able 121. Dashboard screen: service st atistics information Item Description For each of the six supported protocol ...
NETGEAR STM150EW-100NAS - page 483

Monitor System Access and Performance 483 ProSecure Unified Thr eat Management (UTM) Appliance Monitor Application Use in R eal Time If you have enabled a pplication session monitoring (see Enable Application Session Monitoring on page 521), the Application Dashboard screen let s you monitor the use of applications and protocols in real time. T o d ...
NETGEAR STM150EW-100NAS - page 484

Monitor System Access and Performance 484 ProSecure Unified Thr eat Management (UTM) Appliance Figure 28 0. Line chart icon Pie chart icon ...
NETGEAR STM150EW-100NAS - page 485

Monitor System Access and Performance 485 ProSecure Unified Thr eat Management (UTM) Appliance  T o set the poll interval: 1. Click the Sto p button. 2. From the Poll Interval drop-down list , select a new interval. The minimum is 30 seconds; the maximum is 20 minutes. 3. Click the Set Interval button.  T o set the monitoring period: From the ...
NETGEAR STM150EW-100NAS - page 486

Monitor System Access and Performance 486 ProSecure Unified Thr eat Management (UTM) Appliance View Status Screens • View t he System S tatus • View the Active VPN Users • View t he VPN T unnel Connection S tatus • View the Active PPTP an d L2TP Users • View t he Port T riggering S tatu s • View the W AN, xDSL, or USB Port S tatus • V ...
NETGEAR STM150EW-100NAS - page 487

Monitor System Access and Performance 487 ProSecure Unified Thr eat Management (UTM) Appliance View the System Status Screen T o view the System S tatus screen, select Monitoring > System S tatus . The Syste m S tatus tabs display , with the System S tatus screen in view: Figure 281. The following ta ble explains the fields of the System S tatus ...
NETGEAR STM150EW-100NAS - page 488

Monitor System Access and Performance 488 ProSecure Unified Thr eat Management (UTM) Appliance View the Network Status Screen T o view the Network S tatus screen, select Monitoring > System S tatus > Network S tatus . The Network S tatus scree n displays. (The follo wing figure shows t he Ne twork S tatus screen of the UTM50. The Network S ta ...
NETGEAR STM150EW-100NAS - page 489

Monitor System Access and Performance 489 ProSecure Unified Thr eat Management (UTM) Appliance available wireless access point, and has a Wireless S tatistics op tion arrow in the upper right of the screen.) Figure 282. The UTM9S and UTM25S also show a t able with available access point s at the bottom of the Network S tatus screen: Figure 283. The ...
NETGEAR STM150EW-100NAS - page 490

Monitor System Access and Performance 490 ProSecure Unified Thr eat Management (UTM) Appliance View the Router Statistics Screen  T o view the Router St atistics screen: 1. Select Monitoring > System S tatus > Netwo rk St atus . The Network S tat us screen displays. 2. Click the Show St atistics option arrow in t he upper right of the Netw ...
NETGEAR STM150EW-100NAS - page 491

Monitor System Access and Performance 491 ProSecure Unified Thr eat Management (UTM) Appliance T o change the poll interval period, enter a new value in the Poll I nterval field, and then click Set interval . T o stop polling, click Sto p . View the Wireless Statistics Sc reen (UTM9S and UTM25S Only)  T o view the Wireless S t atistics screen: 1 ...
NETGEAR STM150EW-100NAS - page 492

Monitor System Access and Performance 492 ProSecure Unified Thr eat Management (UTM) Appliance The following t able explains the fields of the Wireless S tatistics screen. T o change the poll interval period, ente r a new value in the Poll Interval field , and then click Set interval . T o stop polling, click Sto p . Note: For information about cli ...
NETGEAR STM150EW-100NAS - page 493

Monitor System Access and Performance 493 ProSecure Unified Thr eat Management (UTM) Appliance View the Detailed Status Screen T o view the Detailed S tatus screen, select Monitoring > System St atus > Det ailed St atus . The Detailed S tatus screen displays. (The follo wing figure shows the Detailed S tatus screen of the UTM50.) Figure 286. ...
NETGEAR STM150EW-100NAS - page 494

Monitor System Access and Performance 494 ProSecure Unified Thr eat Management (UTM) Appliance Figure 287. Det ailed St atus screen sectio ns that are specific to the UTM9S and UTM25S ...
NETGEAR STM150EW-100NAS - page 495

Monitor System Access and Performance 495 ProSecure Unified Thr eat Management (UTM) Appliance The following ta ble explains the fields of the Det ailed S tatus screen: T a ble 127. D et ailed St atus screen fields Item Description LAN Port Configuration The following fields are shown for ea ch of the LAN ports. VLAN Profile The name of the VLAN pr ...
NETGEAR STM150EW-100NAS - page 496

Monitor System Access and Performance 496 ProSecure Unified Thr eat Management (UTM) Appliance Firmware V ersion (UTM9 S and UTM25S only) The firmware on the xDSL network mo dule. W AN S tate The WAN st ate can be either UP or DOWN, depending on whether the port is connected to the Internet and whether the port is enabled. For information about con ...
NETGEAR STM150EW-100NAS - page 497

Monitor System Access and Performance 497 ProSecure Unified Thr eat Management (UTM) Appliance MAC Address For the WAN or xDSL ports, this field displays the default MAC address or the MAC address that you have specified on the Advanced Options screen . For the USB port, this field displays the detected MAC address. For information about configurin ...
NETGEAR STM150EW-100NAS - page 498

Monitor System Access and Performance 498 ProSecure Unified Thr eat Management (UTM) Appliance View the VLAN Status Screen The VLAN S tatus scre en displays information about the VLANs (both enab led and disabled) that are configured on the UTM. For informa tion about configuring VLAN profiles, see Configure a VLAN Profile on p age 103 . For inform ...
NETGEAR STM150EW-100NAS - page 499

Monitor System Access and Performance 499 ProSecure Unified Thr eat Management (UTM) Appliance View the xDSL Statistics Sc reen (UTM9S and UTM25S Only) T o view the xDSL S tatistics screen, select Monitoring > System S t atus > xDSL S t atistics . The xDSL S tatistics screen displa ys: Figure 289. View the Active VPN Users The Active Users sc ...
NETGEAR STM150EW-100NAS - page 500

Monitor System Access and Performance 500 ProSecure Unified Thr eat Management (UTM) Appliance View the VPN T unnel Connection Status T o review the status o f current IPSec VPN tunnels, select Monitori ng > Active Users & VPNs > IPSec VPN Connection St atus . The IPSec VPN Connection S tatus screen displays: Figure 29 1. The Active IPSec ...
NETGEAR STM150EW-100NAS - page 501

Monitor System Access and Performance 501 ProSecure Unified Thr eat Management (UTM) Appliance Figure 292. The active user ’s user name, gro up, and IP addre ss are listed in the t able with a time stamp indicating the time and date that the user conne cted. T o disconnect an active user , click the Disconnect table button to the right of the use ...
NETGEAR STM150EW-100NAS - page 502

Monitor System Access and Performance 502 ProSecure Unified Thr eat Management (UTM) Appliance The default poll interval is 5 seconds. T o change the poll interval period, enter a new value in the Poll Interval field, and then click the Set Interval b utton. T o stop polling, click the Stop button. T o view the active L2TP tunnel users, se lect Mon ...
NETGEAR STM150EW-100NAS - page 503

Monitor System Access and Performance 503 ProSecure Unified Thr eat Management (UTM) Appliance Figure 295. 2. Select the Statu s option arrow in the upper right of the Port Triggering screen. The Port T riggering S tatus screen displays in a pop-up screen. Figure 296. The Port T riggering S tatus screen displays the in formation that is described i ...
NETGEAR STM150EW-100NAS - page 504

Monitor System Access and Performance 504 ProSecure Unified Thr eat Management (UTM) Appliance View the WA N , xDSL, or USB P ort Status Y ou can view the status of the W AN connections, the DNS servers, and the DHCP servers. For the UTM9S and UTM25S, you can also view the status of the xDSL and USB port s.  T o view the st atus of a W AN, xDSL, ...
NETGEAR STM150EW-100NAS - page 505

Monitor System Access and Performance 505 ProSecure Unified Thr eat Management (UTM) Appliance Depending on the type of connections, any o f the following buttons might display on the Connection S tatus screen: • Renew . Click to renew the DHCP lease. • Release . Click to disconnect the DHCP connection. • Disconnect . Click to disconnect th e ...
NETGEAR STM150EW-100NAS - page 506

Monitor System Access and Performance 506 ProSecure Unified Thr eat Management (UTM) Appliance Figure 29 8. 2. Select the LAN Groups submenu t ab. The LAN Groups screen displays. (The following figure shows some examples in the Known PCs and Devices table.) Figure 29 9. The Known PCs and Devices table cont ains a list of all known computers an d ne ...
NETGEAR STM150EW-100NAS - page 507

Monitor System Access and Performance 507 ProSecure Unified Thr eat Management (UTM) Appliance manually to add a meaningful name). If the compute r or device was assigned an IP address by the DHCP server , then the name is appended by an asterisk. • IP Addre ss . The current IP address of the computer or device. For DHCP client s of the UTM, this ...
NETGEAR STM150EW-100NAS - page 508

Monitor System Access and Performance 508 ProSecure Unified Thr eat Management (UTM) Appliance Overview of the Logs The UTM generates logs that provide det ailed information about malware th reats and traf fic activities on the network. Y ou can view these logs through the web management in terface or save the log records in CSV or HTML fo rmat and ...
NETGEAR STM150EW-100NAS - page 509

Monitor System Access and Performance 509 ProSecure Unified Thr eat Management (UTM) Appliance Y ou can query and generate each type of log separately and filter the informa tion based on a number of criteria. For example, you can filter the malware logs using the following criteria (other log types have similar filtering criteria) : • S tart dat ...
NETGEAR STM150EW-100NAS - page 510

Monitor System Access and Performance 510 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the following table: T able 134. Logs Query screen settings Setting Description Log T ype Select one of the follow ing log types from the drop-dow n list: • Tr a f f i c . All scanned incoming and outg oing traffic. ...
NETGEAR STM150EW-100NAS - page 511

Monitor System Access and Performance 51 1 ProSecure Unified Thr eat Management (UTM) Appliance View All Select on e of the following radio buttons: • Vie w A l l . Display or download the entire selected log . • Search Criteria . Query the selected log by confi guring the search criteria th at are available for the selected log . Search Criter ...
NETGEAR STM150EW-100NAS - page 512

Monitor System Access and Performance 512 ProSecure Unified Thr eat Management (UTM) Appliance Search Crit eria (continued) Category or Categories From the drop-down list, select a category that is queried. Y ou can select th e following from the drop-down list: • For the IPS log: an attack. • For the Application log: an instant messaging, peer ...
NETGEAR STM150EW-100NAS - page 513

Monitor System Access and Performance 513 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click one of the following action buttons: • Search . Query the log according to the search criteria th at you specified, and view the log through the we b management interface, that is, onscreen. • Download . Query the log according to the search ...
NETGEAR STM150EW-100NAS - page 514

Monitor System Access and Performance 514 ProSecure Unified Thr eat Management (UTM) Appliance Log Management Generated logs t ake up sp ace and resources on the UTM internal disk. T o ensure that there is always sufficient sp ace to save newer logs, the UTM automatically deletes older logs whenever the total log size reaches 50 percent of the allo ...
NETGEAR STM150EW-100NAS - page 515

Monitor System Access and Performance 515 ProSecure Unified Thr eat Management (UTM) Appliance Query the Quarantined Logs  T o query the quarantine logs: 1. Select Monitoring > Quarantine . The Quarantine screen displays. (The following figure shows the S pam log information settings as an example.) Depending on the selection that you make fr ...
NETGEAR STM150EW-100NAS - page 516

Monitor System Access and Performance 516 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the following table: 3. Click Search . The log is queried according to the search crite ria that you specified, and the search results are displayed onscreen. T able 135. Quarantine screen settings Setting Description ...
NETGEAR STM150EW-100NAS - page 517

Monitor System Access and Performance 517 ProSecure Unified Thr eat Management (UTM) Appliance View and Manage the Quarantined Spam T able When you query the sp am quarantine file, the Quarantine screen wit h the Quarantined S pam table displays: Figure 303. The Quarantined S pam t able has the following columns (not all columns are shown in the pr ...
NETGEAR STM150EW-100NAS - page 518

Monitor System Access and Performance 518 ProSecure Unified Thr eat Management (UTM) Appliance After you have selected one or more t able entries, take one of the following action s (or click the return link to return to the previous screen): • Send as S p am . The selected spam email files are t agged as spam for distributed sp am analysis, and ...
NETGEAR STM150EW-100NAS - page 519

Monitor System Access and Performance 519 ProSecure Unified Thr eat Management (UTM) Appliance • Client IP . The client IP address from whic h the spyware or virus originated. • Server IP . The server IP address from which the spyware or virus originated. • From . The email address of the sender . • To . The email address of the recipient. ...
NETGEAR STM150EW-100NAS - page 520

Monitor System Access and Performance 520 ProSecure Unified Thr eat Management (UTM) Appliance 2. Click the Check your qu arantined mail link. The following screen displays: Figure 30 6. 3. From the drop-down lists, specify the start date, start time, end date, and end time for the spam report. 4. In the Send to fie ld, enter an email address. 5. C ...
NETGEAR STM150EW-100NAS - page 521

Monitor System Access and Performance 521 ProSecure Unified Thr eat Management (UTM) Appliance Y ou can view the reports onscreen, download them to your computer , and configure the UTM to send them to one or more email addresses. The UTM provides preconfigured rep ort templates. As an option, you can apply filtering options to narrow down and spec ...
NETGEAR STM150EW-100NAS - page 522

Monitor System Access and Performance 522 ProSecure Unified Thr eat Management (UTM) Appliance 2. Select the Enable Application Session Monitori ng check box. By default, this check box is cleared. 3. Click Apply to save your chan ges. R eport Filtering Options Before you generate report s to view onscreen or schedule report s to be emailed, you mi ...
NETGEAR STM150EW-100NAS - page 523

Monitor System Access and Performance 523 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings as explained in the followin g t able: T able 136. Report screen: filtering options set tings Setting Description T ime Range Note: Even if you click Apply to save the filtering options, when you leave the Report screen and then retu ...
NETGEAR STM150EW-100NAS - page 524

Monitor System Access and Performance 524 ProSecure Unified Thr eat Management (UTM) Appliance 3. The next step depends on whether you want to view the report on screen or schedule it to be emailed: • Viewing onscree n . T o view a filtered report onscreen, sel ec t a r eport by clicking Vi ew next to the report. (For more information, see the fo ...
NETGEAR STM150EW-100NAS - page 525

Monitor System Access and Performance 525 ProSecure Unified Thr eat Management (UTM) Appliance Figure 309. Report, screen 2 of 4 Note: For information abou t setting a time range an d other filtering options for a report, see the previous section. 2. Select a report by clicking Vi ew next to the report to display the selected report onscreen. The f ...
NETGEAR STM150EW-100NAS - page 526

Monitor System Access and Performance 526 ProSecure Unified Thr eat Management (UTM) Appliance URL Filtering by T ime For the HTTPS and HTTP pr otocols separately , a chart and a table with the number of blocked attempts to a ccess URLs that are on the blacklist. File Blocked by T ime For each of the three web server protocols separately , a chart ...
NETGEAR STM150EW-100NAS - page 527

Monitor System Access and Performance 527 ProSecure Unified Thr eat Management (UTM) Appliance T o p n Catego ries By Request For all web server pr otocols combined, a chart and a table with the web categories that were requested most often, including the number of times that they were requested, an d drill-do wn links to the users who requested th ...
NETGEAR STM150EW-100NAS - page 528

Monitor System Access and Performance 528 ProSecure Unified Thr eat Management (UTM) Appliance T op n Applications by Bandwidth A chart and a table with the applications for w hich most bandwidth was consumed and the size of the bandwid th consumed (expressed in bytes), and drill-down links to the users who accessed the applications. When you click ...
NETGEAR STM150EW-100NAS - page 529

Monitor System Access and Performance 529 ProSecure Unified Thr eat Management (UTM) Appliance Schedule, Email, and Manage R eports  T o schedule automatic generation and emailing of report s: 1. Select Monitoring > Logs & Report s > Report . The Report screen displays. (The following two figures show onl y the Schedule Report s and Re ...
NETGEAR STM150EW-100NAS - page 530

Monitor System Access and Performance 530 ProSecure Unified Thr eat Management (UTM) Appliance 2. Enter the settings in the Schedule Reports section as explained in the following table: 3. Optional step: T o send the reports immediately to the email addresses that are specified in the Email Recipients field, click Send Now . (These emailed reports ...
NETGEAR STM150EW-100NAS - page 531

Monitor System Access and Performance 531 ProSecure Unified Thr eat Management (UTM) Appliance Figure 31 1. Report, screen 4 of 4 The Report History se ction shows the generated and emailed repo rts with their report dat e and lets you perform the following actions. • Sp ecify the number of report s to keep . T o manage the number of report s tha ...
NETGEAR STM150EW-100NAS - page 532

Monitor System Access and Performance 532 ProSecure Unified Thr eat Management (UTM) Appliance T o display the Diagnostics screen, select Monitoring > Diagnos tics . T o facilitate the explanation of the tools, the Diagnostics scree n is divided and presented in this ma nual in three figures. Use the Network Diagnostic T ools This section discus ...
NETGEAR STM150EW-100NAS - page 533

Monitor System Access and Performance 533 ProSecure Unified Thr eat Management (UTM) Appliance T race a Route A traceroute list s all routers between the s ource (the UTM) and the destination IP address.  T o send a traceroute: 1. Locate the Network Diagnostics section on th e Diagnostics screen. In the IP Address field, enter the IP address for ...
NETGEAR STM150EW-100NAS - page 534

Monitor System Access and Performance 534 ProSecure Unified Thr eat Management (UTM) Appliance out which applications are using the most bandwid th, which users use the most bandwid th, how long users are connected, and othe r information.  T o use the real-time traffic diagnostics tool: 1. Locate the Realtime T raffic Diagnostics secti on on th ...
NETGEAR STM150EW-100NAS - page 535

Monitor System Access and Performance 535 ProSecure Unified Thr eat Management (UTM) Appliance Figure 314. Diagnostics, sc reen 3 of 4 Gather Important Lo g Information  T o gather log information about your UTM: 1. Locate the Gather Import ant Log Information section on the Diagnost ics screen. Click Download Now . Y ou are prompted to save the ...
NETGEAR STM150EW-100NAS - page 536

Monitor System Access and Performance 536 ProSecure Unified Thr eat Management (UTM) Appliance P erform Maintenance on the USB Device, R eboot the UTM, or Shut Down the UTM Note: The USB Device Maintenance section applies to the UTM9S and UMT25S only . This section discusses the USB Device Mainten ance section and System Maintenance section of the ...
NETGEAR STM150EW-100NAS - page 537

Monitor System Access and Performance 537 ProSecure Unified Thr eat Management (UTM) Appliance Note: Rebooting breaks any existing con nections either to the UTM (such as your management session) or through th e UTM (for example, LAN users accessing the Internet). Ho wever , when the reboot process is complete, connections to the Internet are autom ...
NETGEAR STM150EW-100NAS - page 538

538 12 12. T r oubleshoot and Use Onl ine S upport This chapter provides trouble shooting tips an d information for the UTM. Afte r each problem description, instructions are provided to he lp you diagnose and solve the problem. For the common problems listed, go to the section in dicated. • Is the UTM on? Go to Basic Functioning on p age 539. ? ...
NETGEAR STM150EW-100NAS - page 539

T roubleshoot and Use Online Support 539 ProSecure Unified Thr eat Management (UTM) Appliance Basic F unctioning • V erify the Correct Sequence of Events a t S tartup • Power LED No t On • T est LED Never T urns Off • LAN or WAN Port LEDs Not On Note: For descriptions of all LEDs, see LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 ...
NETGEAR STM150EW-100NAS - page 540

T roubleshoot and Use Online Support 540 ProSecure Unified Thr eat Management (UTM) Appliance  If all LEDs are still on more than several minutes minute af ter power-up, do the following: • T urn off the power , and then turn it on again to see if the UTM recovers. • Reset the UTM’s con figuration to factory default settings. Doin g so set ...
NETGEAR STM150EW-100NAS - page 541

T roubleshoot and Use Online Support 541 ProSecure Unified Thr eat Management (UTM) Appliance • Make sure that you ar e using the correct login information. The factory default login name is admin, and the p assword is password. Make sure that Caps Lock is of f when entering this information. • If your computer’s IP address is shown as 169.25 ...
NETGEAR STM150EW-100NAS - page 542

T roubleshoot and Use Online Support 542 ProSecure Unified Thr eat Management (UTM) Appliance  T o check the W AN IP address: 1. Launch your browser and navigate to an ex ternal site su ch as www .netgear .com. 2. Access the web management interface of the UTM’s configuration at https://192.168.1.1. 3. Select Network Config > W AN Settings ...
NETGEAR STM150EW-100NAS - page 543

T roubleshoot and Use Online Support 543 ProSecure Unified Thr eat Management (UTM) Appliance If your UTM can obt ain an IP address, but an attached computer is u nable to load any web pages fro m the Internet: • Y our computer might not recognize any DNS server addresse s. A DNS server is a host on the Internet that translates Internet names (su ...
NETGEAR STM150EW-100NAS - page 544

T roubleshoot and Use Online Support 544 ProSecure Unified Thr eat Management (UTM) Appliance - Check that the corresponding Link LEDs are on for your network interface card and for the hub port s (if any) that are connected to your workstation and UTM. • Wrong network co nfiguration: - V erify that the Ethernet card driver software and TCP/IP so ...
NETGEAR STM150EW-100NAS - page 545

T roubleshoot and Use Online Support 545 ProSecure Unified Thr eat Management (UTM) Appliance R estore the Default Configuration and P assword T o reset the UTM to the original factory default settings, you ca n use one of the following two methods: • Press the Factory Default s reset button on the rear panel of t he UTM (see Rear Panel UTM5, UTM ...
NETGEAR STM150EW-100NAS - page 546

T roubleshoot and Use Online Support 546 ProSecure Unified Thr eat Management (UTM) Appliance P roblems with Date and Time The System Date & T ime screen displays the current date and time of day (see Configure Date and Time Service o n page 456). The UTM uses the Network T ime Protocol (NTP) to obtain the curre nt time from one of several netw ...
NETGEAR STM150EW-100NAS - page 547

T roubleshoot and Use Online Support 547 ProSecure Unified Thr eat Management (UTM) Appliance Figure 317. 2. In the Support Key field, enter the support key that was given to you by NETGEAR. 3. Click Connect . When the tunnel is established, the tunnel st a tus field displays ON. T o terminate the tunnel, click Disconnect . Th e tunnel status field ...
NETGEAR STM150EW-100NAS - page 548

T roubleshoot and Use Online Support 548 ProSecure Unified Thr eat Management (UTM) Appliance Figure 31 8. 2. Enter the settings as explained in the following table: 3. Click Submit . Access the Knowledge Base and Documentation T o access NETGEAR’s kno wledge base for the UTM, select Support > Knowledge Base . T o access NETGEAR’s documentat ...
NETGEAR STM150EW-100NAS - page 549

549 A A. xD SL Netw or k Module f o r th e UTM9S and UTM2 5S This appendix describe s how to configure the DSL interfaces of the NMSDSLA a nd NMSDSLB network modules that you can inst all in a UTM9S or UTM25S. This appendix includes the following sections: • xDSL Network Module Configuration T asks • Configure the xDSL Se ttings • Automatical ...
NETGEAR STM150EW-100NAS - page 550

xDSL Network Module fo r the UTM9S and UTM25S 550 ProSecure Unified Thr eat Management (UTM) Appliance xDSL Network Module Configuration T asks Generally , six steps, four of which are optional , are required to complete t he DSL Internet connection of your UTM9S or UTM25S.  Complete these step s: 1. Configure the xDSL settings . Before yo u can ...
NETGEAR STM150EW-100NAS - page 551

xDSL Network Module fo r the UTM9S and UTM25S 551 ProSecure Unified Th reat Management (UTM) Ap pliance  T o configure the xDSL settings: 1. Select Network Config > W AN Settings . The W AN screen displays: Figure 319. Note: For more information about the W AN screen, see Automatically Detecting and Connecting the xDSL Internet Connection on ...
NETGEAR STM150EW-100NAS - page 552

xDSL Network Module fo r the UTM9S and UTM25S 552 ProSecure Unified Thr eat Management (UTM) Appliance Figure 32 1. 4. Either click Auto Detect or , if you have the correct settings, enter the settings as explained in the following table: T able 140. xDSL settings Setting Description xDSL Settings DSL T ransfer Mode Select one of the following DSL ...
NETGEAR STM150EW-100NAS - page 553

xDSL Network Module fo r the UTM9S and UTM25S 553 ProSecure Unified Th reat Management (UTM) Ap pliance 5. Click Apply to save your settings. Automatically Detecting and Connecting the xDSL Internet Connection T o set up your UTM9S or UTM25S for secu re Internet connections, the web management interface provides the option to detect the net work co ...
NETGEAR STM150EW-100NAS - page 554

xDSL Network Module fo r the UTM9S and UTM25S 554 ProSecure Unified Thr eat Management (UTM) Appliance Y ou can set the failure detection method for the DSL in terface on the corresponding W AN Advanced Options screen (see Configure Auto-Ro llover Mode and the Failure Detection Method on page 563). • Action . The Edit button in the Action column ...
NETGEAR STM150EW-100NAS - page 555

xDSL Network Module fo r the UTM9S and UTM25S 555 ProSecure Unified Th reat Management (UTM) Ap pliance 3. Click the Auto Detect button at the bottom of the screen. The autodetect process probes the W AN port for a range of connection methods and suggests one that your ISP is most likely to support. The autodetect process returns one of th e follow ...
NETGEAR STM150EW-100NAS - page 556

xDSL Network Module fo r the UTM9S and UTM25S 556 ProSecure Unified Thr eat Management (UTM) Appliance Figure 32 4. Note: The Connection S tatus screen should show a valid IP address and gateway . For more information about the Connection S tatus screen, see V iew the WAN, xDSL, or USB Port S tatus on p age 504. What to do next: • If the automati ...
NETGEAR STM150EW-100NAS - page 557

xDSL Network Module fo r the UTM9S and UTM25S 557 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 325. 2. Click the Edit button in the Action column of the SLOT -x interface. The SLOT -x ISP Set tings screen displays (see Figure 323 on page 554). 3. Locate the ISP Login section onscreen: Figure 326. In the ISP Login section, select one ...
NETGEAR STM150EW-100NAS - page 558

xDSL Network Module fo r the UTM9S and UTM25S 558 ProSecure Unified Thr eat Management (UTM) Appliance 6. If your connection is Point-to-Point Protocol over Ethe rnet (PPPoE) or Point-to-Point Protocol over A TM (PPPoA), your ISP require s an initial login. Enter the settings as explained in the following table: 7. In the Internet (I P) Address sec ...
NETGEAR STM150EW-100NAS - page 559

xDSL Network Module fo r the UTM9S and UTM25S 559 ProSecure Unified Th reat Management (UTM) Ap pliance 8. In the Domain Name Server (DNS) Servers section of the screen (se e the following figure), specify the DNS settin gs as explained in the following table. Figure 328. T able 143. Internet IP address settings Setting Description Get Dynamically ...
NETGEAR STM150EW-100NAS - page 560

xDSL Network Module fo r the UTM9S and UTM25S 560 ProSecure Unified Thr eat Management (UTM) Appliance 9. Click Apply to save any changes to the SLOT -x ISP settings. (Or click Reset to discard any changes and revert to the previous settings.) 10. Click T est to evaluate your entries. The UTM9S or UTM25S attempts to make a connection according to t ...
NETGEAR STM150EW-100NAS - page 561

xDSL Network Module fo r the UTM9S and UTM25S 561 ProSecure Unified Th reat Management (UTM) Ap pliance What to do next: • If the manual ISP configuration is successful : Y ou are connected to the Internet through the DSL interface that you just configured. Continue with Configure the W A N Mode on page 561. • If the manual ISP configuration fa ...
NETGEAR STM150EW-100NAS - page 562

xDSL Network Module fo r the UTM9S and UTM25S 562 ProSecure Unified Thr eat Management (UTM) Appliance • Primary W AN mode . The DSL interface (or a W AN interface or the USB interface) is made the primary interface. The other interf aces are disabled. • Auto-rollover mode . A DSL or W AN inte rface is defined as the primary link, a nd another ...
NETGEAR STM150EW-100NAS - page 563

xDSL Network Module fo r the UTM9S and UTM25S 563 ProSecure Unified Th reat Management (UTM) Ap pliance W ARNING: Changing the W AN mode from classical routing to NA T causes all LAN W AN and DMZ W AN inbound rules to re vert to default settings.  T o configure NA T : 1. Select Network Config > W AN Settings > W A N Mode . The W AN Mode sc ...
NETGEAR STM150EW-100NAS - page 564

xDSL Network Module fo r the UTM9S and UTM25S 564 ProSecure Unified Thr eat Management (UTM) Appliance When the UTM9S or UTM25S is configured in a uto-rollover mode, it uses the selected W AN failure detection method to detect t he status of t he primary link connection at regular intervals. Link failure is detec ted in on e of the following ways: ...
NETGEAR STM150EW-100NAS - page 565

xDSL Network Module fo r the UTM9S and UTM25S 565 ProSecure Unified Th reat Management (UTM) Ap pliance d. From the corresponding drop-do wn list on the right, select a W AN interface, the USB interface, or the DSL interface to function as the backup interface. Note: Ensure that the backup interface is configured be fore enabling auto-rollover mode ...
NETGEAR STM150EW-100NAS - page 566

xDSL Network Module fo r the UTM9S and UTM25S 566 ProSecure Unified Thr eat Management (UTM) Appliance Note: After the primary in terface fails, the default time to roll over is 2 minutes. The minimum test period is 30 seconds, an d the minimum numbe r of tests is 4. 5. Click Apply to save your settings. Note: Y ou can configure the UTM to generate ...
NETGEAR STM150EW-100NAS - page 567

xDSL Network Module fo r the UTM9S and UTM25S 567 ProSecure Unified Th reat Management (UTM) Ap pliance • Continuity of source IP address for secure connections. Some services, particularly HTTPS, cease to re spond when a client’ s source IP address changes shortly after a se ssion has been est ablished. Configure Load Balancing  T o configu ...
NETGEAR STM150EW-100NAS - page 568

xDSL Network Module fo r the UTM9S and UTM25S 568 ProSecure Unified Thr eat Management (UTM) Appliance • Round-robin . With round-robin load balancing, new traffic conn ections are sent over a DSL, USB, or W AN link in a serial method irrespective of bandwid th or link speed. For example if the DSL , W AN1, and W AN2 interfaces are active in roun ...
NETGEAR STM150EW-100NAS - page 569

xDSL Network Module fo r the UTM9S and UTM25S 569 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 334. 3. Configure the protocol binding settings as explained in the following table: T able 146. Add Protocol Binding screen settings Setting Description Service From the drop-down list, select a service or application to be cove red by th ...
NETGEAR STM150EW-100NAS - page 570

xDSL Network Module fo r the UTM9S and UTM25S 570 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The protocol binding rule is added to the Protocol Bindings table. The rule is automatically enabled, which is indicated by the ! status icon, a green circle.  T o edit a protocol binding: 1. On the Protoco ...
NETGEAR STM150EW-100NAS - page 571

xDSL Network Module fo r the UTM9S and UTM25S 571 ProSecure Unified Th reat Management (UTM) Ap pliance For more information about firewall rules, se e Overview of Rules to Block or Allow Specific Kinds of T raffic on pag e 128). It is import ant that you ensure that any secondary DSL addresses are dif ferent from the primary DSL, W AN, LAN, and DM ...
NETGEAR STM150EW-100NAS - page 572

xDSL Network Module fo r the UTM9S and UTM25S 572 ProSecure Unified Thr eat Management (UTM) Appliance • Subnet Mask . Enter the subnet ma sk for the secondary IP address. 5. Click the Add table button in the rightmost column to add the secondary IP address to the List of Secondary W AN addresses table. Repeat step 4 and step 5 for each secondary ...
NETGEAR STM150EW-100NAS - page 573

xDSL Network Module fo r the UTM9S and UTM25S 573 ProSecure Unified Th reat Management (UTM) Ap pliance  T o configure DDNS: 1. Select Network Config > Dynamic DNS . The Dynamic DNS screen displays (see the following figure). The W AN Mode section onscreen reports the currently configured W AN mode (for example, Single Port W AN1, Load Balanc ...
NETGEAR STM150EW-100NAS - page 574

xDSL Network Module fo r the UTM9S and UTM25S 574 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click the Information option arrow in the upper right of a DNS screen for registration information. Figure 33 7. 4. Access the website of the DDNS service p rovi der , and register for an account (fo r example, for DynDNS.org, go t o http://www ...
NETGEAR STM150EW-100NAS - page 575

xDSL Network Module fo r the UTM9S and UTM25S 575 ProSecure Unified Th reat Management (UTM) Ap pliance Note: Y ou can also configure the failure detection met hod for the auto-rollover mode on the Advanced Op tions screen for the DSL interface. This procedure is discussed in Configure the Failure Detection Method on p age 565. IMPORT ANT : Each co ...
NETGEAR STM150EW-100NAS - page 576

xDSL Network Module fo r the UTM9S and UTM25S 576 ProSecure Unified Thr eat Management (UTM) Appliance 4. Enter the settings as explained in the following table: 5. Click Apply to save your changes. W ARNING: Depending on the changes that you made, when you click Apply , the UTM9S or UTM25S rest arts, or services such as HTT P and SMTP might rest a ...
NETGEAR STM150EW-100NAS - page 577

xDSL Network Module fo r the UTM9S and UTM25S 577 ProSecure Unified Th reat Management (UTM) Ap pliance Additional W A N-R elated Configuration T asks • If you have not already do ne so, conf igure t he Ethernet W AN interfaces of the UTM9S or UTM25S (see Chapter 3, Manually Configure Internet an d WAN Settings ). • If you want the ability to m ...
NETGEAR STM150EW-100NAS - page 578

578 B B. W ir eless Net w or k Mo dule f or the UTM9S and UTM2 5S This appendix describe s how to configure the wireless fea tures of the NMSWLSN wireless network module that you can inst all in a UTM9S or UTM25S. This appendix includes the following sections: • Overview of the Wire less Network Module • Configure the Basic Ra dio Settings • ...
NETGEAR STM150EW-100NAS - page 579

Wireless Network Module for the UTM9S and UTM25S 579 ProSecure Unified Th reat Management (UTM) Ap pliance Overview of the Wireless Network Module • Configuration Order • Wireless Equipment Pla cement and Range Guidelines The wireless network module is a wireless access point that provides connectivity to multiple wireless network devices withi ...
NETGEAR STM150EW-100NAS - page 580

Wireless Network Module for the UTM9S and UTM25S 580 ProSecure Unified Thr eat Management (UTM) Appliance Note: Failure to follow these guidelines c an result in significant performance degradation or inability to connect to the wireless network module. For complete performance specifications, see th e data sheet on the ProSecure UTM series home pa ...
NETGEAR STM150EW-100NAS - page 581

Wireless Network Module for the UTM9S and UTM25S 581 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 339. 2. S pecify the settings as explained the following table: T able 149. Radio Settings screen settings Field Descriptions Region This is a preconfigu red field that you canno t cha nge. Country S pecify a country by makin g a select ...
NETGEAR STM150EW-100NAS - page 582

Wireless Network Module for the UTM9S and UTM25S 582 ProSecure Unified Thr eat Management (UTM) Appliance Mode The wireless modes that you can se lect depend on the radio’s operating frequency that you select. 2.4 GHz S pecify the wireless mode in the 2 .4-GHz band by making a selection from the drop-down list: • g and b . This is the defau lt ...
NETGEAR STM150EW-100NAS - page 583

Wireless Network Module for the UTM9S and UTM25S 583 ProSecure Unified Th reat Management (UTM) Ap pliance W ARNING: When you have changed the country setting s, the wireless ne twork module ( not the UTM9S or UTM25S) will reboot when you c lick Apply . 3. Click Apply to save your settings. Operating F requency (Channel) Guidelines Y ou should not ...
NETGEAR STM150EW-100NAS - page 584

Wireless Network Module for the UTM9S and UTM25S 584 ProSecure Unified Thr eat Management (UTM) Appliance • In infrastructure mode, wirele ss devices norma lly scan all channels, lo oking for a wireless access point. If more than one wireless access point can be used, the one with the strongest signal is used. This can happen only when the wirele ...
NETGEAR STM150EW-100NAS - page 585

Wireless Network Module for the UTM9S and UTM25S 585 ProSecure Unified Th reat Management (UTM) Ap pliance Note: On the UTM9S or UTM25S, WEP is no t supported when the radio functions in 802.1 1n wireless mode (802.1 1n, 802.1 1ng, 802,1 1na, or Greenfield). For information about how to configure WEP , see Configure and Enable Wireless Pro files on ...
NETGEAR STM150EW-100NAS - page 586

Wireless Network Module for the UTM9S and UTM25S 586 ProSecure Unified Thr eat Management (UTM) Appliance Wireless security profiles, hereaf ter referred to as wireless profiles, let you configure unique security settings for each SSI D on the UTM9S or UTM25S. The UTM9S and UTM25S support up to four wireless profiles (BSSIDs ) that you can configur ...
NETGEAR STM150EW-100NAS - page 587

Wireless Network Module for the UTM9S and UTM25S 587 ProSecure Unified Th reat Management (UTM) Ap pliance Before Y ou Change the SSID , WEP , and WP A Settings For a new wireless profile, prin t or copy t he following form and fill in the set tings. ______________________ __________________________ _________________________ S tore this information ...
NETGEAR STM150EW-100NAS - page 588

Wireless Network Module for the UTM9S and UTM25S 588 ProSecure Unified Thr eat Management (UTM) Appliance Configure and Enable Wireless P rofiles  T o add a wireless profile: 1. Select Network Config > Wireles s Settings > W i reless Profiles . The W ireless Profile s screen displays: Figure 34 1. The following t able explains the fields o ...
NETGEAR STM150EW-100NAS - page 589

Wireless Network Module for the UTM9S and UTM25S 589 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 342. 3. S pecify the settings as explained in the following table: T able 151. Add Wireless Profiles screen sett ings Field Description Profile Co nfigurati on Profile Name The name for the wireless prof ile . Fo r the UTM9S, t he name ...
NETGEAR STM150EW-100NAS - page 590

Wireless Network Module for the UTM9S and UTM25S 590 ProSecure Unified Thr eat Management (UTM) Appliance SSID The wireless network name (SSID) for the wireless profile. The default SSID name is netgear-1 . Y ou can cha nge this name by entering up to 32 alphanume ric characters. Make sure that additional SSID s have uniq ue names. Broadcast SSID S ...
NETGEAR STM150EW-100NAS - page 591

Wireless Network Module for the UTM9S and UTM25S 591 ProSecure Unified Th reat Management (UTM) Ap pliance Encryp tion Note: WPA, WPA2, and WPA+WPA2 only. The encryption that you can select depends on the type of WP A security that you have selected: • WP A . Y ou can select the following types of encryptio n from the drop-down list: - TKIP - TKI ...
NETGEAR STM150EW-100NAS - page 592

Wireless Network Module for the UTM9S and UTM25S 592 ProSecure Unified Thr eat Management (UTM) Appliance 4. Click Apply to save your settings. The profile is updated in the List Of Wireless Profiles table. W ARNING: If you use a wireless computer to configure wireless security settings, you will be disconnected when you click Apply . Reconfigure y ...
NETGEAR STM150EW-100NAS - page 593

Wireless Network Module for the UTM9S and UTM25S 593 ProSecure Unified Th reat Management (UTM) Ap pliance  T o edit a wireless profile: 1. On the Wireless Profiles screen (see Figure 341 on page 588), click the Edit button in the Action column for the wireless profile that you want to modify . The Edit Wireless Profile screen displays. This scr ...
NETGEAR STM150EW-100NAS - page 594

Wireless Network Module for the UTM9S and UTM25S 594 ProSecure Unified Thr eat Management (UTM) Appliance Figure 34 3. Note: The default wireless profile with pr ofile name UTM9S or UTM2 5S is referred to as virtual access point zero (V AP0). If you add more wireless profiles, they are referred to as V AP1, V AP2, and V AP3. 3. In the MAC Filter Co ...
NETGEAR STM150EW-100NAS - page 595

Wireless Network Module for the UTM9S and UTM25S 595 ProSecure Unified Th reat Management (UTM) Ap pliance W ARNING: If you configure the wireless network module in the UTM9S or UTM25S from a wireless computer whose MAC ad dress is not in the access control list, and if the ACL policy st atus is set to deny access, you lose your wireless connec tio ...
NETGEAR STM150EW-100NAS - page 596

Wireless Network Module for the UTM9S and UTM25S 596 ProSecure Unified Thr eat Management (UTM) Appliance The following t able explains the fields of the A cce ss P oi nt S t at us screen. Configure a Wireless Distribution System The UTM9S or UTM25S can function as a st ation (peer) in a Wireless Distribution System (WDS). WDS enables expansion of ...
NETGEAR STM150EW-100NAS - page 597

Wireless Network Module for the UTM9S and UTM25S 597 ProSecure Unified Th reat Management (UTM) Ap pliance mixed encryption (TKIP+AES, which is supporte d in WP A and WP A+WP A2 security modes), WDS uses AES because it is the stronger encryption method. T o configure WDS, you need to know the MA C addre sses of the wireless peers, an d you need to ...
NETGEAR STM150EW-100NAS - page 598

Wireless Network Module for the UTM9S and UTM25S 598 ProSecure Unified Thr eat Management (UTM) Appliance  T o configure WDS on a peer: 1. Configure the same wireless security that you have configured on the UTM9S or UTM25S. 2. Enter the MAC address of the UTM9S’s or UTM25S’s access point, which is displayed on the WDS Configuration screen o ...
NETGEAR STM150EW-100NAS - page 599

Wireless Network Module for the UTM9S and UTM25S 599 ProSecure Unified Th reat Management (UTM) Ap pliance 3. S pecify the settings as explained in the following table: 4. Click Apply to save your settings. T able 153. Advanced Wirele ss screen settin gs Setting Description Beacon Interval Enter an interval between 20 ms and 100 ms for each beacon ...
NETGEAR STM150EW-100NAS - page 600

Wireless Network Module for the UTM9S and UTM25S 600 ProSecure Unified Thr eat Management (UTM) Appliance Configure WMM QoS P riority Settings Wi-Fi Multimedia (WMM) is a subset of the 802.1 1e standard. WMM allows wireless traf fic to have a range of priorities, depending on th e type of data. T ime-dependent information, such as video or audio, h ...
NETGEAR STM150EW-100NAS - page 601

Wireless Network Module for the UTM9S and UTM25S 601 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 347. 3. Select the Enable WMM check box. 4. Click Apply to save your settings. 5. In the DSCP to Queue table, from the drop-down lists, select a WMM queue for each DSCP value that you want to use in a QoS profile: • 4 . The highest pr ...
NETGEAR STM150EW-100NAS - page 602

Wireless Network Module for the UTM9S and UTM25S 602 ProSecure Unified Thr eat Management (UTM) Appliance T est Basic Wireless Connectivity After you have configured the wireless network module as exp lained in the previous sections, test your wirele ss client s for connectivity be fore you place the UTM9S or UTM25S at it s permanent position.  ...
NETGEAR STM150EW-100NAS - page 603

603 C C. 3G/4G Dongl es f or th e UTM9S and UTM2 5S This appendix describe s how to configure the wireless fea tures of a mobile broadband USB adapter (3G/4G dongle) that you can install in a UTM9S or UTM25S. This appendix includes the following sections: • 3G/4G Dongle Con figuration T asks • Manually Configure the USB Internet Connection • ...
NETGEAR STM150EW-100NAS - page 604

3G/4G Dongles for the UTM9S and UTM25S 604 ProSecure Unified Thr eat Management (UTM) Appliance  Complete these step s: 1. Insert the 3G/4G dongle and configure the Internet c onnection to your ISP . During this phase, you connect to your wireless IS P , and, only if necessary , modify the 3G/4G settings. See Manually Configure the USB Int ernet ...
NETGEAR STM150EW-100NAS - page 605

3G/4G Dongles for the UTM9S and UTM25S 605 ProSecure Unified Th reat Management (UTM) Ap pliance  T o configure the W AN ISP settings for the USB i nterface: 1. Select Network Config > W AN Settings . The W AN screen displays: Figure 348. 2. Select W AN Mode 3. Click the Edit button in the Action column of the USB interface. The USB ISP Setti ...
NETGEAR STM150EW-100NAS - page 606

3G/4G Dongles for the UTM9S and UTM25S 606 ProSecure Unified Thr eat Management (UTM) Appliance 4. Configure the settings as explained in th e following table: T able 154. USB ISP settings Setting Description 3G Dongle Det ails Card T ype The card type is a fixed field that states 3G/4G . Enable 3G Service Select the Enable 3G Service check box to ...
NETGEAR STM150EW-100NAS - page 607

3G/4G Dongles for the UTM9S and UTM25S 607 ProSecure Unified Th reat Management (UTM) Ap pliance 5. Click Apply to save any changes to the USB ISP settings. (Or click Reset to discard any changes and revert to the previous settings.) 6. T o verify the connection: a. Return to the W AN screen by selecting Network Config > W AN Settings . b. Click ...
NETGEAR STM150EW-100NAS - page 608

3G/4G Dongles for the UTM9S and UTM25S 608 ProSecure Unified Thr eat Management (UTM) Appliance Configure the 3G/4G Settings The 3G/4G settings are automatically detected. M odifying these settings is required only if you cannot connect to your ISP . For example, if your ISP provides you informat ion about a pay plan fo r the 3G/4G service, you mig ...
NETGEAR STM150EW-100NAS - page 609

3G/4G Dongles for the UTM9S and UTM25S 609 ProSecure Unified Th reat Management (UTM) Ap pliance 4. The information in the 3G S tatus section and SIM Card st ate section of the screen is automatically detected. If necessary , configure the connection settings as explained in the following table. T able 155. 3G/4G settings Setting Description 3GSt a ...
NETGEAR STM150EW-100NAS - page 610

3G/4G Dongles for the UTM9S and UTM25S 610 ProSecure Unified Thr eat Management (UTM) Appliance 5. Click Apply to save your settings. Note: If you are connected to the Inter net over a PPP connection (that is, the PDP type is PPP) and you change the connection settings, the settings do not t ake ef fe ct until you disco nnect from the Intern et and ...
NETGEAR STM150EW-100NAS - page 611

3G/4G Dongles for the UTM9S and UTM25S 61 1 ProSecure Unified Th reat Management (UTM) Ap pliance Overview of the W AN Modes Y ou cannot configure failure detection settings for the USB interface, but you can configure the USB interface to p articipate in load balancing or function as a rollover interfa ce in case the primary W AN interface goes do ...
NETGEAR STM150EW-100NAS - page 612

3G/4G Dongles for the UTM9S and UTM25S 612 ProSecure Unified Thr eat Management (UTM) Appliance For information about how to configure the USB interface as a rollover link, see the following sections: • T o configure the USB interface as the rollover link for a W AN interface, see Configure Load Balancing (Multiple W AN Port Models) on page 86. ? ...
NETGEAR STM150EW-100NAS - page 613

3G/4G Dongles for the UTM9S and UTM25S 613 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 352. 2. In the NA T (Network Address Translation) section of the screen, select the NA T radio button. 3. Click Apply to save your settings. Configure Classical R outing In classical routing mode, the UTM9S and UTM25 S perform routing, but withou ...
NETGEAR STM150EW-100NAS - page 614

3G/4G Dongles for the UTM9S and UTM25S 614 ProSecure Unified Thr eat Management (UTM) Appliance Configure Load Balancing and Optional P rotocol Binding T o use multiple ISP links simultaneously , configure load balancing. In load balancing mode, the USB interface, DSL interface, or any W AN interface carries any outbound protocol unless protocol bi ...
NETGEAR STM150EW-100NAS - page 615

3G/4G Dongles for the UTM9S and UTM25S 615 ProSecure Unified Th reat Management (UTM) Ap pliance b. From the corresponding drop-do wn list on the right, select one of the following load balancing meth ods: • Weighte d LB . With weighted load balancing, balance weights are calculated based on DSL, USB, or W AN link s peed and available DSL, USB, o ...
NETGEAR STM150EW-100NAS - page 616

3G/4G Dongles for the UTM9S and UTM25S 616 ProSecure Unified Thr eat Management (UTM) Appliance • Destination Network . The Internet loca tions (based on their IP address) that are covered by the protocol binding ru le. • Action . The Edit button provides access to th e Edit Protocol Binding screen for the corresponding service. 2. Click the Ad ...
NETGEAR STM150EW-100NAS - page 617

3G/4G Dongles for the UTM9S and UTM25S 617 ProSecure Unified Th reat Management (UTM) Ap pliance 4. Click Apply to save your settings. The protocol binding rule is added to the Protocol Bindings table. The rule is automatically enabled, which is indicated by the ! status icon, a green circle.  T o edit a protocol binding: 1. On the Protocol Bind ...
NETGEAR STM150EW-100NAS - page 618

3G/4G Dongles for the UTM9S and UTM25S 618 ProSecure Unified Thr eat Management (UTM) Appliance Configure Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows devices with varying public IP addresses to be located using In ternet domain names. T o use DDNS, you need to set up an account with a DDNS provider such as DynD NS.org, TZO.com ...
NETGEAR STM150EW-100NAS - page 619

3G/4G Dongles for the UTM9S and UTM25S 619 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 356. The W AN Mode section onscreen reports the currently configured W AN mode (for example, Single Port W AN1, Load Balancing, or Auto Rollover). Only those option s that match the configured W AN m ode are accessible onscreen. 2. Click the subm ...
NETGEAR STM150EW-100NAS - page 620

3G/4G Dongles for the UTM9S and UTM25S 620 ProSecure Unified Thr eat Management (UTM) Appliance 3. Click the Information option arrow in the upper right of a DNS screen for registration information. Figure 35 7. 4. Access the website of the DDNS service p rovi der , and register for an account (fo r example, for DynDNS.org, go t o http://www .dyndn ...
NETGEAR STM150EW-100NAS - page 621

3G/4G Dongles for the UTM9S and UTM25S 621 ProSecure Unified Th reat Management (UTM) Ap pliance Additional W A N-R elated Configuration T asks • If you have not already do ne so, conf igure t he Ethernet W AN interfaces of the UTM9S or UTM25S (see Chapter 3, Manually Configure Internet an d WAN Settings ). • If you want the ability to manage t ...
NETGEAR STM150EW-100NAS - page 622

622 D D. Netw or k P lanning f or Dual W AN P orts (Multiple W AN P ort Models Onl y ) This appendix describes the factors to conside r when planning a network using a firewall that has dual W AN ports. This appendix does not apply to single W AN port models. This appendix cont ains the following sections: • What to Consider Before Y ou Begin • ...
NETGEAR STM150EW-100NAS - page 623

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 623 ProSecure Unified Th reat Management (UTM) Ap pliance Y our decision has the following implications: • Fully qualified domain name (FQDN) - For auto-rollover mode, you will need an FQ DN t o implement features such as exposed host s and virtual private networks. - For load ...
NETGEAR STM150EW-100NAS - page 624

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 624 ProSecure Unified Thr eat Management (UTM) Appliance 4. Prepare to connect the UTM physically to your cable or DSL modems and a computer . Instructions for connecting the UTM are in th e ProSecure Unifie d Threat Management UTM Installation Guide . Cabling and Computer Hard ...
NETGEAR STM150EW-100NAS - page 625

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 625 ProSecure Unified Th reat Management (UTM) Ap pliance - For Windows 2000/XP/V ista, open the Local Area Network Connection, select the TCP/IP entry for the Ethernet adapter , and click Properties . Record all the settings for each tab. - For Macintosh computers, op en the TC ...
NETGEAR STM150EW-100NAS - page 626

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 626 ProSecure Unified Thr eat Management (UTM) Appliance • Fully qualified domain name : So me organizations use a fully qualified d omain name (FQDN) from a Dynamic DNS service provider for their IP addresses. Dynamic DNS service provider: _________________ _____ FQDN: _____ ...
NETGEAR STM150EW-100NAS - page 627

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 627 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 359. Features such as multiple exposed host s are not supported in auto-rollover mode because the IP address of ea ch W AN port needs to be in the identical range of fixed addresses. • Dual W AN port s in load ba ...
NETGEAR STM150EW-100NAS - page 628

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 628 ProSecure Unified Thr eat Management (UTM) Appliance Inbound T raffic to a Single WAN P ort System The Internet IP address of the UTM’ s WAN port needs to be known to the public so that the public can send incoming traf fic to the exposed host when this feature is support ...
NETGEAR STM150EW-100NAS - page 629

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 629 ProSecure Unified Th reat Management (UTM) Ap pliance Note: Load balancing is imp lemented for outgoing traf fic and not for incoming traf fic. Consider making one of the W AN port Internet addresses public and keeping the other one private in o rder to maintain better co nt ...
NETGEAR STM150EW-100NAS - page 630

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 630 ProSecure Unified Thr eat Management (UTM) Appliance For a single W AN gateway configuration, use an FQDN when the IP address is dynamic and either an FQDN or the IP address itself when the IP address is fixed. The situation is dif ferent in dual W AN port gateway configura ...
NETGEAR STM150EW-100NAS - page 631

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 631 ProSecure Unified Th reat Management (UTM) Ap pliance VPN Road W arrior: Single- Gateway W AN P ort (Reference Case) In a single W AN port gateway configuration, the remote VPN client initiates the VPN tunnel because the IP address of the remote VPN client is not known in ad ...
NETGEAR STM150EW-100NAS - page 632

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 632 ProSecure Unified Thr eat Management (UTM) Appliance Figure 36 8. The purpose of the FQDN in this case is to toggle the domain name of the ga teway firewall between the IP addresses of the active W AN port (that is, W AN1 and W AN2) so that the remote VPN client can determi ...
NETGEAR STM150EW-100NAS - page 633

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 633 ProSecure Unified Th reat Management (UTM) Ap pliance VPN Gateway -to - Gateway The following situations exemplify the require me nts for a gateway VPN firewall su ch as an UTM to establish a VPN tu nnel with another gateway VPN firewall: • Single-gateway W AN ports • Re ...
NETGEAR STM150EW-100NAS - page 634

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 634 ProSecure Unified Thr eat Management (UTM) Appliance Figure 37 1. The IP addresses of the gateway W AN ports can be either fixed or dynamic, but you a lways need to use an FQDN because the active W AN ports could be either W AN_A1, W AN_A2, W AN_B1, or W AN_B2 (that is, the ...
NETGEAR STM150EW-100NAS - page 635

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 635 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 373. The IP addresses of the gateway W AN ports can be either fixed or dynamic. If an IP a ddress is dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional. VPN T elecommuter (Client-to- G ...
NETGEAR STM150EW-100NAS - page 636

Network Planning for Dual W AN P ort s (Multiple W AN Port Models Only) 636 ProSecure Unified Thr eat Management (UTM) Appliance The IP address of the gateway W AN port can be eit her fixed or dyn amic. If the IP address is dynamic, you need to use an FQDN. If the IP address is fixed, an FQDN is optional. VPN T elecommuter: Dual - Gateway W AN P or ...
NETGEAR STM150EW-100NAS - page 637

Network Planning for Dual W AN Port s (Multiple W AN Port Models Only) 637 ProSecure Unified Th reat Management (UTM) Ap pliance VPN T elecommuter: Dual- Gateway W AN P orts for Lo ad Balancing In a dual W AN port load balancing gateway configuration, the remote VPN client initiates the VPN tunnel with the appropriate gateway W AN port (that is, po ...
NETGEAR STM150EW-100NAS - page 638

638 E E. R e ad yNAS Integ r ation This appendix describe s how to set up a UTM with a NETGEAR Re adyNAS. This appendix includes the following sections: • Supported ReadyNAS Models • Install the UTM Add-On on th e ReadyNAS • Connect to the ReadyNAS on the UTM Note: For more information about in tegrating a ReadyNAS with a UTM, see the UTM Rea ...
NETGEAR STM150EW-100NAS - page 639

ReadyNAS Integration 639 ProSecure Unified Th reat Management (UTM) Ap pliance Install the UTM Add- On on the R eadyNAS  T o install th e UTM add-on on the ReadyNAS: 1. S tart a web browser . 2. In the address field, enter the IP addre ss of the ReadyNAS, for example, enter http s://192.168.168.168 . The ReadyNAS web ma nagement interface displa ...
NETGEAR STM150EW-100NAS - page 640

ReadyNAS Integration 640 ProSecure Unified Thr eat Management (UTM) Appliance Figure 37 9. 7. Click Inst all . 8. Select Add-ons > Inst alled . Figure 38 0. 9. Select the UTM Connector check box to enable the UT M connection. ...
NETGEAR STM150EW-100NAS - page 641

ReadyNAS Integration 641 ProSecure Unified Th reat Management (UTM) Ap pliance 10. Click Save . The status indicator shows green. Figure 381. Connect to the R eadyNAS on the UTM  T o connect to the ReadyNAS on the UTM: 1. Select Administration > ReadyNAS Inte gration . The ReadyNAS Integration screen displays : Figure 382. 2. T o connect to t ...
NETGEAR STM150EW-100NAS - page 642

ReadyNAS Integration 642 ProSecure Unified Thr eat Management (UTM) Appliance 3. Enter the settings as explained in the following table: 4. Click Apply to save your settings. 5. Select Administration > Quarantine Settings . The Quarantine Settings screen displays: Figure 38 3. 6. T o enable quarantine files to be save d to the ReadyNAS, click th ...
NETGEAR STM150EW-100NAS - page 643

ReadyNAS Integration 643 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 384. ...
NETGEAR STM150EW-100NAS - page 644

644 F F. T w o -F act or A ut hen ti cati on This appendix provides an overview of two-factor authentication, and an example of how to implement the WiKID solution. This appendi x cont ains the fo llowing sections: • Why Do I Need T wo-Factor Authentication? • NETGEAR T wo-Factor Authentication Solutions Why Do I Need T wo -Factor Authenticatio ...
NETGEAR STM150EW-100NAS - page 645

T wo-Factor Authentication 645 ProSecure Unified Th reat Management (UTM) Ap pliance • Proven regulatory compliance . T wo-factor authentication has been used a s a mandatory authentication process for many corporations and enterprises worldwide. What Is T wo-Factor Authentication? T wo-factor authenticatio n is a security solution that enhance s ...
NETGEAR STM150EW-100NAS - page 646

T wo-Factor Authentication 646 ProSecure Unified Thr eat Management (UTM) Appliance Figure 38 5. 2. A one-time passcode ( something the user has ) is generated. Figure 38 6. Note: The one-time passco de is time-synchronized to the authentication server so that the OTP can be used only once and needs to be used before the expiration time. If a user ...
NETGEAR STM150EW-100NAS - page 647

T wo-Factor Authentication 647 ProSecure Unified Th reat Management (UTM) Ap pliance Figure 387. ...
NETGEAR STM150EW-100NAS - page 648

648 G G. Sy s t e m L o g s a n d E r ro r M e s s a g e s This appendix provides example s and explanati ons of system logs and error me ssage. When applicable, a recommended action is provided. This appendix conta ins the following sections: • System Log Messages • Service Logs • Content-Filtering and Security Logs • Routing Logs This app ...
NETGEAR STM150EW-100NAS - page 649

System Logs and Error Messages 649 ProSecure Unified Th reat Management (UTM) Ap pliance System Log Messages • System S tartup • Reboot • NTP • Login/Logout • Firewall Restart • IPSec Restart • WAN S tatus • T raffic Metering Logs • Unicast, Multicast, and Broadcast Logs • Invalid Packet Logging This section describes log messag ...
NETGEAR STM150EW-100NAS - page 650

System Logs an d Error Messages 650 ProSecure Unified Thr eat Management (UTM) Appliance NTP This section describes log messages generated by the NTP daemon during synchroniza tion with the NTP server . The fixed time and date before NTP synchronizes with any of the servers is Fri 1999 Dec 31 19:13:00. Login/Logout This section describes logs that ...
NETGEAR STM150EW-100NAS - page 651

System Logs and Error Messages 651 ProSecure Unified Th reat Management (UTM) Ap pliance Firewall R estart This section describes logs that are generated when the firewall rest arts. IPSec Restart This section describes logs that are generated when IPSec rest arts. WA N St a t u s This section describes the logs tha t are generated by the W AN comp ...
NETGEAR STM150EW-100NAS - page 652

System Logs an d Error Messages 652 ProSecure Unified Thr eat Management (UTM) Appliance This section describes the logs that are generated when the W AN mode is set to auto-rollover . Load Balancing Mode When the W AN mode is configured for load balancing, both the W AN ports are active simultaneously and th e traffic is b alanced betw een them. I ...
NETGEAR STM150EW-100NAS - page 653

System Logs and Error Messages 653 ProSecure Unified Th reat Management (UTM) Ap pliance This section describes the logs tha t are generated when the W AN mode is set to load balanc ing. PPP Logs This section describes the W AN PPP connection logs. The PPP type can be configured through the web management int erface. For more information, see Manua ...
NETGEAR STM150EW-100NAS - page 654

System Logs an d Error Messages 654 ProSecure Unified Thr eat Management (UTM) Appliance • PPTP Idle-T imeout logs Explanation Message 1: Establishment of the PPPoE connection start s. Message 2: A message from the PPPoE server ind icating a correct login. Message 3: The authentication for PPP suc ceeds. Message 4: The local IP address tha t is a ...
NETGEAR STM150EW-100NAS - page 655

System Logs and Error Messages 655 ProSecure Unified Th reat Management (UTM) Ap pliance • PPP Authentication logs T raffic Metering Logs This section describes logs that are generat ed when the traf fic meter has reached a limit. Unicast, Multicast, and Broadcast Logs This section describes logs that are generated when the UTM processes unicast ...
NETGEAR STM150EW-100NAS - page 656

System Logs an d Error Messages 656 ProSecure Unified Thr eat Management (UTM) Appliance ICMP Redirect L ogs This section describes logs that are generated wh en the UTM processes ICMP redirect messages. Multicast/Broadcast Logs This section describes logs that are gener ated when the UTM processes multicast and broadcast packet s. Invalid P acket ...
NETGEAR STM150EW-100NAS - page 657

System Logs and Error Messages 657 ProSecure Unified Th reat Management (UTM) Ap pliance Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INV ALID][ICMP_TYPE][ DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=ICMP TYPE=19 CODE=0 Explanation Invalid ICMP type. Recommended Action None. Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INV ALID][TCP_FLAG_COMBINA T ...
NETGEAR STM150EW-100NAS - page 658

System Logs an d Error Messages 658 ProSecure Unified Thr eat Management (UTM) Appliance Service Logs This section describes log messages gener ated during firmware updates and other service-related events. Content -Filtering and Security Logs • Web Filtering and Content-Filtering Logs • Spam Logs • T raffic Logs • Malware Logs • Email Fi ...
NETGEAR STM150EW-100NAS - page 659

System Logs and Error Messages 659 ProSecure Unified Th reat Management (UTM) Ap pliance • IPS Logs • Anomaly Behavior Logs • Application Logs This section describes the log messages that are generated by the conten t-filtering and security mechanisms. W eb Filtering and Content -Filtering Logs This section describes logs that are generated w ...
NETGEAR STM150EW-100NAS - page 660

System Logs an d Error Messages 660 ProSecure Unified Thr eat Management (UTM) Appliance Spam Logs This section describes logs that are generated when the UTM filters sp am email messages. Message 2009 -08-01 00:00:01 HTTP ldap_domain ldap_user 1 92.168.1.3 192.168 .35.165 http://192.168.35.165/testcases/files/ virus/normal/%b4%f3 %d3%da2048.rar Ke ...
NETGEAR STM150EW-100NAS - page 661

System Logs and Error Messages 661 ProSecure Unified Th reat Management (UTM) Ap pliance Tr a f f i c L o g s This section describes logs that are genera ted when the UTM processes web and email traffic. Malware Logs This section describes logs that are generated when the UTM detects viruse s. Email Filter Logs This section describes logs that are ...
NETGEAR STM150EW-100NAS - page 662

System Logs an d Error Messages 662 ProSecure Unified Thr eat Management (UTM) Appliance IPS Logs This section describes logs that are generated when traf fic matches IPS rules. Anomaly Behavior Logs This section describes logs that are generat ed when ports are scanned or when distributed DoS (DDoS) event s occur . T able 184. Content-filtering an ...
NETGEAR STM150EW-100NAS - page 663

System Logs and Error Messages 663 ProSecure Unified Th reat Management (UTM) Ap pliance Application Logs This section describes logs that are generated when the UTM filters application traf fic. Ro u t i n g Lo gs • LAN-to-WAN Logs • LAN-to-DMZ Logs • DMZ-to-WAN L ogs • WAN-to-LAN Logs • DMZ-to-LAN Logs • WAN-to-DMZ L ogs This section ...
NETGEAR STM150EW-100NAS - page 664

System Logs an d Error Messages 664 ProSecure Unified Thr eat Management (UTM) Appliance LAN-to -DMZ Logs This section describes logs that are generat ed when the UTM processes LAN-to-DMZ traf fic. DMZ -to - WAN Logs This section describes logs that are generated when the UTM processes DMZ-to-W AN traf fic. WA N-to -LAN Logs This section describes ...
NETGEAR STM150EW-100NAS - page 665

System Logs and Error Messages 665 ProSecure Unified Th reat Management (UTM) Ap pliance DMZ -to -LAN Logs This section describes logs that are generated when the UTM processes DMZ-to-L AN traf fic. W AN-to -DMZ Logs This section describes logs that are generated when the UTM processes W AN-to-DMZ traffic. T able 191. Routing logs: DMZ to W AN Mess ...
NETGEAR STM150EW-100NAS - page 666

666 H H. De fa ult Settings an d T echni cal Spec if ica ti ons This appendix provides the de fault settings and th e physical and technical specifica tions of the UTM in the following sections: • Default Settings • Physical and T echnical Specifications Default Settings Y ou can use the Factory Default s reset button on the rear p anel to rese ...
NETGEAR STM150EW-100NAS - page 667

Default Settings and T echnical S pecifications 667 ProSecure Unified Th reat Management (UTM) Ap pliance W AN connections W AN MAC address Use default address W AN MTU size 1500 Port speed AutoSense Dynamic DNS Disabled Local network (L AN) LAN IP address 192.168.1.1 Subnet mask 255.255.255.0 DHCP server Enabled DHCP starting IP address 192.168.1. ...
NETGEAR STM150EW-100NAS - page 668

Default Settings and T echnical Specifications 668 ProSecure Unified Thr eat Management (UTM) Appliance Firewall and network security Inbound LAN W AN rules (communications coming in from the Internet) All traffic is blocked, except for traffic in response to requests from the LAN. Outbound LAN W AN rules (communications from the LAN to the Interne ...
NETGEAR STM150EW-100NAS - page 669

Default Settings and T echnical S pecifications 669 ProSecure Unified Th reat Management (UTM) Ap pliance Application secur ity SMTP Enabled on port 25 Infected ema il is blocked POP3 Enabled on port 1 10 Infected attachment is deleted IMAP Enabled on port 143 Infected attachment is deleted Email content filtering Disabled Email whitelist and black ...
NETGEAR STM150EW-100NAS - page 670

Default Settings and T echnical Specifications 670 ProSecure Unified Thr eat Management (UTM) Appliance Blocked keywords for Web traf fic None Embedded Objects (ActiveX/Java/Flash) Al lowed Javascript Allowed Proxy Allowed Cookies Allowed URL whitelist and b lack list None Blocked applications No ne VPN IPsec Wizard: IKE policy settings for gateway ...
NETGEAR STM150EW-100NAS - page 671

Default Settings and T echnical S pecifications 671 ProSecure Unified Th reat Management (UTM) Ap pliance Authentication algo rithm SHA-1 Authentication metho d Pre-shared Key Key group DH-Group 2 (1024 bit) Life time 8 hours VPN IPsec Wizard: VPN policy se ttings for client-to-gateway tunnels Encryption alg orithm 3DES Authentication algo rithm SH ...
NETGEAR STM150EW-100NAS - page 672

Default Settings and T echnical Specifications 672 ProSecure Unified Thr eat Management (UTM) Appliance Wireless radio and access point settings (U TM9S and UTM25S only) Wireless radio Enabled Region Nonconfigurabl e: set for the region in which you purchased the UTM. Country The selection is limited to the countries in the region in which you purc ...
NETGEAR STM150EW-100NAS - page 673

Default Settings and T echnical S pecifications 673 ProSecure Unified Th reat Management (UTM) Ap pliance Physical and T echnical Specifications The following ta ble shows the physical and technica l specifications for the UTM: T a ble 194. U TM physi cal and te chnical s pecificatio ns Feature Specification Network protocol and standards compatibi ...
NETGEAR STM150EW-100NAS - page 674

Default Settings and T echnical Specifications 674 ProSecure Unified Thr eat Management (UTM) Appliance The following t able shows the IPSec VPN specificat ions for the UTM: Major regula to ry compli an c e Meets requirements of FCC Class A CE WEEE RoHS Interface specifications LAN UTM5, UTM9S, UTM25S, UTM10, UTM25, and UTM1 50 4 LAN au tosensing 1 ...
NETGEAR STM150EW-100NAS - page 675

Default Settings and T echnical S pecifications 675 ProSecure Unified Th reat Management (UTM) Ap pliance The following ta ble shows the SSL VPN specifications for th e UTM: The following t able shows the wireless spe cificat ions for the wireless network module for the UTM9S and UTM25S: T a ble 196. U TM SSL VPN speci fications Setting Specificati ...
NETGEAR STM150EW-100NAS - page 676

Default Settings and T echnical Specifications 676 ProSecure Unified Thr eat Management (UTM) Appliance Note: For default email and web scan settings, see T able 41 on page 193. 802.1 1a/na wireless s pecifications 802.1 1a data rates 6, 9, 12, 18, 24, 36, 48, 54 Mbps, and autorate capable 802.1 1na data rates (includes Greenfield) Chann els with d ...
NETGEAR STM150EW-100NAS - page 677

677 I I. Notif ica tion o f Com plian ce (W ir ed) NET GEAR W ir ed Pr oducts Regulatory Compliance Information This section includes user requirement s for oper ating this product in accordance with National laws for usage of radio spectrum and ope ration of radio devices. Failure of the end-user to comply with the applicable re quirements may res ...
NETGEAR STM150EW-100NAS - page 678

Notification of Compliance (Wired) 678 ProSecure Unified Thr eat Management (UTM) Appliance FCC Radio Frequency Interference W arnings & Instructions This equipment has been tested and foun d to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. T hese limits a re designed to provide reasonable protection ...
NETGEAR STM150EW-100NAS - page 679

Notification of Compliance (Wired) 679 ProSecure Unified Th reat Management (UTM) Ap pliance Additional Copyrights AES Copyright (c) 2001, Dr . Brian Gladman, b rg@gladman.uk.net, Worcester , UK. All rights reserved. TERMS Redistribution and use in source and binary fo rms, with or without modification, are permitted subject to the foll owing condi ...
NETGEAR STM150EW-100NAS - page 680

Notification of Compliance (Wired) 680 ProSecure Unified Thr eat Management (UTM) Appliance MD5 Copyright (C) 1 990, RSA Data Se curity , Inc. All rights r eserved. License to copy and use this software is grant ed provided th at it is identified as the “RSA Data Security , Inc. MD5 Message-Digest Algorithm” in all material mentioning or refere ...
NETGEAR STM150EW-100NAS - page 681

681 J J. No tif i cati on of C om pli ance (W ir ele ss) NET GEAR Dual Band - W ir eless Regulatory Compliance Information This section includes user requ irements for operating this product in a ccordance with National laws for usag e of radio spectrum and operation of radio devices. Failure of the end-user to comply with the ap p l ica ble requir ...
NETGEAR STM150EW-100NAS - page 682

ProSecure Unified Thr eat Management (UTM) Appliance Notification of Compliance (Wireless) 682 Español [Spanish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposiciones aplica bles o exigibles de la Directiva 1999/5/CE. Ελληνική [Greek] ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ ...
NETGEAR STM150EW-100NAS - page 683

ProSecure Unified Thr eat Management (UTM) Appliance Notification of Compliance (Wireless) 683 This device is a 2.4 GHz wideband transmission system (tra nsceiver), intende d for use in all EU member states and EFT A countries, except in France and Italy where restrictive use applies. In Italy the end-user should apply for a license at the nati ona ...
NETGEAR STM150EW-100NAS - page 684

ProSecure Unified Thr eat Management (UTM) Appliance Notification of Compliance (Wireless) 684 • For product available in the USA market, only channel 1~ 1 1 can be operated. Selectio n of other channels is not possible. • This device and its antenna(s) must not be co-located or ope ration in conjunction with any other a ntenna or transmitter . ...
NETGEAR STM150EW-100NAS - page 685

ProSecure Unified Thr eat Management (UTM) Appliance Notification of Compliance (Wireless) 685 Interference Reduction T able The following table shows the recommended minimu m distance between NETGEAR equipme nt and household appliances to reduce interference (in feet and meters). Household Ap pliance Reco mmended Minimum Distance (in feet and mete ...
NETGEAR STM150EW-100NAS - page 686

686 Inde x Numerics 10BASE-T , 100BASE-T , and 1000BASE-T speeds 96 2.4- and 5-GHz operating frequency , radio 581 20- and 40-MHz channel spacing, radio 582 3322.org DSL settings 572 – 574 USB settings 618 – 620 W AN settings 91 – 93 3G service, enabling 606 3G/4G dongles, supported 60 3 64-, 128-, and 256-bit WEP 592 802.1 1a/b/bg/ng/n modes ...
NETGEAR STM150EW-100NAS - page 687

687 ProSecure Unified Th reat Management (UTM) Ap pliance Apple iPhone and iPad IPSec VPN connections 336 Mac SSL VPN connection 377 Application Leve l Gateway (ALG) 161 applications custom categories 259 – 260 default security settings 669 reports 527 setting access exceptions 255 ARP (Address Re solution Protocol) broadcasting, configurin g 109 ...
NETGEAR STM150EW-100NAS - page 688

688 ProSecure Unified Thr eat Management (UTM) Appliance C CA (certification authority) 232 , 300 cache control, SSL VPN 341 , 361 card, service registration 23 Carrier Sense Multiple Access (CSMA), radio 599 categories, web content 61 Category 5 cable 624 Certific at e Re vo ca ti on List (CRL) 421 , 426 certificate signing re quest (CSR) 42 3 cer ...
NETGEAR STM150EW-100NAS - page 689

689 ProSecure Unified Th reat Management (UTM) Ap pliance troubleshooting setting s 546 daylight savings ti me settings 55 , 457 troubleshooting setting s 546 DC (domain controller) age nt, configuring 409 – 414 DDNS (dynamic DNS), configuring DSL settings 572 USB settings 618 W AN settings 91 DDoS (distributed denial-of-service) 188 Dead Peer De ...
NETGEAR STM150EW-100NAS - page 690

690 ProSecure Unified Thr eat Management (UTM) Appliance downloading DC agent software 410 firmware file 451 SSL certificate 382 DPD (Dead Peer Detection) 298 , 329 DSCP (Differentiated Services Code Point) 18 , 171 , 600 DSL LEDs 33 DSL network module s described 29 status, viewing 495 DSL settings advanced se ttings 576 autodetecting 555 auto-rol ...
NETGEAR STM150EW-100NAS - page 691

691 ProSecure Unified Th reat Management (UTM) Ap pliance W AN settings 82 – 85 file extensions blocking 202 , 218 , 222 setting access exceptions 256 file names, blocking 202 filtering reports 522 firewall attack checks 157 bandwidth profiles 171 – 174 connecting to the Internet 624 custom services 163 default settings 668 inbound rules. See i ...
NETGEAR STM150EW-100NAS - page 692

692 ProSecure Unified Thr eat Management (UTM) Appliance scanning process 228 trusted hosts 235 HTTPS Smart Block configuring 212 – 215 logs 469 , 508 – 510 settings access exceptions 256 humidity , operating and storage 673 I ICMP (Internet Contro l Message Protocol) time-out 161 type 164 idle time-out DSL connection 558 W AN connection 53 , 7 ...
NETGEAR STM150EW-100NAS - page 693

693 ProSecure Unified Th reat Management (UTM) Ap pliance port forwarding, SSL VPN 363 PPTP se rver 332 reserved 116 secondary addresses DSL settings 570 LAN settings 109 WAN settings 89 static or permanent addresses DSL settings 559 requirements 74 , 555 USB settings 606 WAN settings 54 , 78 subnet mask default 49 , 105 DMZ port 118 W AN al iases ...
NETGEAR STM150EW-100NAS - page 694

694 ProSecure Unified Thr eat Management (UTM) Appliance ProSafe VPN Client sof tware 17 licensing, electronic 67 lifetime, quarantine 461 Lightweight Directory Access Protocol, See LDAP . limit, traffic meter (or counter) 464 limits, sessions 160 listening port, DC agent 412 LLC (Logical Link Control) encapsulation 552 load balanc ing mode DSL int ...
NETGEAR STM150EW-100NAS - page 695

695 ProSecure Unified Th reat Management (UTM) Ap pliance record 296 models, UTM 22 modes, wireless 582 , 675 monitoring default settin gs 667 MPPE (Microsof t Point- to-Point Encryption) 333 MTU (maximum transmission unit), default 95 , 576 multicast pass-through 15 8 multihome LAN IP addresses, configuring 109 – 110 multiple WAN port s, auto-ro ...
NETGEAR STM150EW-100NAS - page 696

696 ProSecure Unified Thr eat Management (UTM) Appliance restoring 545 patter n file 454 pay plan, 3G/4G service 610 PDP (packet data protocol) type, 3G/4G service 610 peer-to-peer (P2) applications blocked applications, recent 5 and top 5 481 logs 469 , 508 – 510 traffic st atistics 479 Perfect Forward Secrecy (PFS) 307 , 31 5 performance manage ...
NETGEAR STM150EW-100NAS - page 697

697 ProSecure Unified Th reat Management (UTM) Ap pliance PPTP (Point-to-Point Tunneling Protocol) require ments 74 server settings 331 user accounts 401 – 403 W AN settings 52 , 76 preamble type, radio 599 pre-shared key client-to-gateway VPN tunne l 274 gateway-to-gateway VPN tunnel 269 IKE policy settings 298 WP A, WP A2, and mixed mode 591 pr ...
NETGEAR STM150EW-100NAS - page 698

698 ProSecure Unified Thr eat Management (UTM) Appliance wired products 677 – 680 relay gateway 50 , 106 , 119 Remote Authentication Dial In User Service. See RADIUS. remote man agement access 438 troubleshooting 440 remote troublesho oting, enabling 546 remote users, assigning addresses (ModeC onfig) 312 reports administrator emailing opti ons 5 ...
NETGEAR STM150EW-100NAS - page 699

699 ProSecure Unified Th reat Management (UTM) Ap pliance service provider , 3G/4G 608 service registration card 23 session expiration length 41 6 Session Ini tiation Prot ocol (SIP) 161 session limits configuring 160 logging dropped packets 477 Setup Wizard, initi al configuration 47 severities, syslog 470 SHA-1 IKE policies 297 ModeConfig 315 sel ...
NETGEAR STM150EW-100NAS - page 700

700 ProSecure Unified Thr eat Management (UTM) Appliance options 337 settings, configuring manuall y 359 settings, using SSL VPN Wizard 339 specifications 675 status 356 tunnel described 337 user account 401 – 403 user port al 35 4 user settings, using SSL VPN Wizard 347 SSL VPN Wizard 21 , 338 SSO (single sign-on) 384 , 412 stateful packet inspe ...
NETGEAR STM150EW-100NAS - page 701

701 ProSecure Unified Th reat Management (UTM) Ap pliance transfer mode, DSL settings 55 2 T ransmission Control Protocol (TCP) 18 4 transmit power , radio 583 T ransport Layer Security (TLS) 345 , 392 traps, SNMP 442 trial period, service licenses 65 troubleshooting basic functioning 539 browsers 540 configuration settings, using sniffer 540 date ...
NETGEAR STM150EW-100NAS - page 702

702 ProSecure Unified Thr eat Management (UTM) Appliance Virtual Private Network Consortium (VPNC) 21 , 266 virtual private network. See VPN tun nels. virus d atabase 454 logs. See malware, logs. protection emails 196 FTP web traffic 238 HTTP and HTT PS web traffic 216 signature files 454 VLANs advant ages 99 default 48 , 103 described 99 DHCP addr ...
NETGEAR STM150EW-100NAS - page 703

703 ProSecure Unified Th reat Management (UTM) Ap pliance connection speed 97 connection type , view ing 496 failure detectio n method 82 – 85 load balancing mode configuring 85 – 87 DDNS 91 described 80 VPN IPSec 264 NA T , configuring 81 primary W AN mode , described 80 secondary IP addresses 89 SNMP management 442 W AN al iases 89 W AN in te ...
NETGEAR STM150EW-100NAS - page 704

704 ProSecure Unified Thr eat Management (UTM) Appliance wireless specific ations 675 Wizards Setup Wizard 47 IPSec VPN. See IPSec VPN Wizard. SSL VPN. See SSL VPN Wizard. WMM (Wi-Fi Multimedia) power saving , radio 599 priority 600 WP A (Wi-Fi protected access), WP A2, and mixed mode configuring 590 – 592 types of encryption 584 X XAUTH configur ...

Manufacturer NETGEAR Category Router

Documents that we receive from a manufacturer of a NETGEAR STM150EW-100NAS can be divided into several groups. They are, among others:
- NETGEAR technical drawings
- STM150EW-100NAS manuals
- NETGEAR product data sheets
- information booklets
- or energy labels NETGEAR STM150EW-100NAS
All of them are important, but the most important information from the point of view of use of the device are in the user manual NETGEAR STM150EW-100NAS.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals NETGEAR STM150EW-100NAS, service manual, brief instructions and user manuals NETGEAR STM150EW-100NAS. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product NETGEAR STM150EW-100NAS.

Similar manuals

Netgear Nighthawk X4S AC2600 Model D7800

299 pages
Netgear C6250

18 pages
Netgear RBK43v2

164 pages
Netgear DGN2200Bv4

14 pages

A complete manual for the device NETGEAR STM150EW-100NAS, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use NETGEAR STM150EW-100NAS by users. Manuals are usually written by a technical writer, but in a language understandable to all users of NETGEAR STM150EW-100NAS.

A complete NETGEAR manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual NETGEAR STM150EW-100NAS - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the NETGEAR STM150EW-100NAS, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the NETGEAR STM150EW-100NAS, that we can find in the current document
3. Tips how to use the basic functions of the device NETGEAR STM150EW-100NAS - which should help us in our first steps of using NETGEAR STM150EW-100NAS
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with NETGEAR STM150EW-100NAS
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of NETGEAR STM150EW-100NAS in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning NETGEAR STM150EW-100NAS?

Use the form below

If you did not solve your problem by using a manual NETGEAR STM150EW-100NAS, ask a question using the form below. If a user had a similar problem with NETGEAR STM150EW-100NAS it is likely that he will want to share the way to solve it.

Manual NETGEAR STM150EW-100NAS

Summary

NETGEAR STM150EW-100NAS - page 1

NETGEAR STM150EW-100NAS - page 2

NETGEAR STM150EW-100NAS - page 3

NETGEAR STM150EW-100NAS - page 4

NETGEAR STM150EW-100NAS - page 5

NETGEAR STM150EW-100NAS - page 6

NETGEAR STM150EW-100NAS - page 7

NETGEAR STM150EW-100NAS - page 8

NETGEAR STM150EW-100NAS - page 9

NETGEAR STM150EW-100NAS - page 10

NETGEAR STM150EW-100NAS - page 11

NETGEAR STM150EW-100NAS - page 12

NETGEAR STM150EW-100NAS - page 13

NETGEAR STM150EW-100NAS - page 14

NETGEAR STM150EW-100NAS - page 15

NETGEAR STM150EW-100NAS - page 16

NETGEAR STM150EW-100NAS - page 17

NETGEAR STM150EW-100NAS - page 18

NETGEAR STM150EW-100NAS - page 19

NETGEAR STM150EW-100NAS - page 20

NETGEAR STM150EW-100NAS - page 21

NETGEAR STM150EW-100NAS - page 22

NETGEAR STM150EW-100NAS - page 23

NETGEAR STM150EW-100NAS - page 24

NETGEAR STM150EW-100NAS - page 25

NETGEAR STM150EW-100NAS - page 26

NETGEAR STM150EW-100NAS - page 27

NETGEAR STM150EW-100NAS - page 28

NETGEAR STM150EW-100NAS - page 29

NETGEAR STM150EW-100NAS - page 30

NETGEAR STM150EW-100NAS - page 31

NETGEAR STM150EW-100NAS - page 32

NETGEAR STM150EW-100NAS - page 33

NETGEAR STM150EW-100NAS - page 34

NETGEAR STM150EW-100NAS - page 35

NETGEAR STM150EW-100NAS - page 36

NETGEAR STM150EW-100NAS - page 37

NETGEAR STM150EW-100NAS - page 38

NETGEAR STM150EW-100NAS - page 39

NETGEAR STM150EW-100NAS - page 40

NETGEAR STM150EW-100NAS - page 41

NETGEAR STM150EW-100NAS - page 42

NETGEAR STM150EW-100NAS - page 43

NETGEAR STM150EW-100NAS - page 44

NETGEAR STM150EW-100NAS - page 45

NETGEAR STM150EW-100NAS - page 46

NETGEAR STM150EW-100NAS - page 47

NETGEAR STM150EW-100NAS - page 48

NETGEAR STM150EW-100NAS - page 49

NETGEAR STM150EW-100NAS - page 50

NETGEAR STM150EW-100NAS - page 51

NETGEAR STM150EW-100NAS - page 52

NETGEAR STM150EW-100NAS - page 53

NETGEAR STM150EW-100NAS - page 54

NETGEAR STM150EW-100NAS - page 55

NETGEAR STM150EW-100NAS - page 56

NETGEAR STM150EW-100NAS - page 57

NETGEAR STM150EW-100NAS - page 58

NETGEAR STM150EW-100NAS - page 59

NETGEAR STM150EW-100NAS - page 60

NETGEAR STM150EW-100NAS - page 61

NETGEAR STM150EW-100NAS - page 62

NETGEAR STM150EW-100NAS - page 63

NETGEAR STM150EW-100NAS - page 64

NETGEAR STM150EW-100NAS - page 65

NETGEAR STM150EW-100NAS - page 66

NETGEAR STM150EW-100NAS - page 67

NETGEAR STM150EW-100NAS - page 68

NETGEAR STM150EW-100NAS - page 69

NETGEAR STM150EW-100NAS - page 70

NETGEAR STM150EW-100NAS - page 71

NETGEAR STM150EW-100NAS - page 72

NETGEAR STM150EW-100NAS - page 73

NETGEAR STM150EW-100NAS - page 74

NETGEAR STM150EW-100NAS - page 75

NETGEAR STM150EW-100NAS - page 76

NETGEAR STM150EW-100NAS - page 77

NETGEAR STM150EW-100NAS - page 78