ProSecure Unified Threat Management (UTM) Appliance Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10482-02 January 2010 v1.
© 2009–2010 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSecure and ProSafe are trademarks of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. 2.
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University.
vi v1.
Contents ProSecure Unified Threat Management (UTM) Appliance Reference Manual About This Manual Conventions, Formats, and Scope .................................................................................xvii How to Print This Manual .............................................................................................. xviii Revision History .............................................................................................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Chapter 2 Using the Setup Wizard to Provision the UTM in Your Network Understanding the Steps for Initial Connection ..............................................................2-1 Qualified Web Browsers ...........................................................................................2-2 Logging In to the UTM ....................................................................................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Secondary WAN Addresses ......................................................................3-17 Configuring Dynamic DNS ............................................................................................3-19 Configuring Advanced WAN Options ............................................................................3-22 Additional WAN-Related Configuration Tasks ......................................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Managing the Application Level Gateway for SIP Sessions ..................................5-31 Creating Services, QoS Profiles, and Bandwidth Profiles ............................................5-32 Adding Customized Services .................................................................................5-32 Creating Quality of Service (QoS) Profiles .............................................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Creating Gateway-to-Gateway VPN Tunnels with the Wizard .................................7-4 Creating a Client to Gateway VPN Tunnel ...............................................................7-9 Testing the Connections and Viewing Status Information .............................................7-17 Testing the VPN Connection ..................................................................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Viewing the UTM SSL VPN Connection Status .....................................................8-16 Viewing the UTM SSL VPN Log .............................................................................8-16 Manually Configuring and Editing SSL Connections ....................................................8-17 Creating the Portal Layout .....................................................................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Updating the Scan Signatures and Scan Engine Firmware .................................10-21 Configuring Date and Time Service .....................................................................10-24 Chapter 11 Monitoring System Access and Performance Enabling the WAN Traffic Meter ................................................................................... 11-1 Configuring Logging, Alerts, and Event Notifications ................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Troubleshooting the ISP Connection ............................................................................12-5 Troubleshooting a TCP/IP Network Using a Ping Utility ...............................................12-7 Testing the LAN Path to Your UTM ........................................................................12-7 Testing the Path from Your PC to a Remote Device ..............................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Firewall Restart ....................................................................................................... C-4 IPsec Restart ........................................................................................................... C-4 WAN Status ............................................................................................................. C-5 Traffic Metering Logs .............................................
ProSecure Unified Threat Management (UTM) Appliance Reference Manual xvi v1.
About This Manual The NETGEAR® ProSecure™ Unified Threat Management (UTM) Appliance Reference Manual describes how to install, configure, and troubleshoot a ProSecure Unified Threat Management (UTM) Appliance. The information in this manual is intended for readers with intermediate computer and networking skills. Conventions, Formats, and Scope The conventions, formats, and scope of this manual are described in the following paragraphs: • • Typographical conventions.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Scope. This manual is written for the UTM according to these specifications: Product Version ProSecure Unified Threat Management (UTM) Appliance Manual Publication Date January 2010 For more information about network, Internet, firewall, and VPN technologies, click the links to the NETGEAR Website in Appendix E, “Related Documents.” Note: Product updates are available on the NETGEAR website at http://prosecure.netgear.
Chapter 1 Introduction This chapter provides an overview of the features and capabilities of the ProSecure Unified Threat Management (UTM) Appliance. This chapter contains the following sections: • • • • • • “What Is the ProSecure Unified Threat Management (UTM) Appliance?” on this page. “Key Features and Capabilities” on page 1-2. “Service Registration Card with License Keys” on page 1-8. “Package Contents” on page 1-9. “Hardware Features” on page 1-10. “Choosing a Location for the UTM” on page 1-14.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Key Features and Capabilities The UTM provides the following key features and capabilities: • For the single-WAN port models, a single 10/100/1000 Mbps Gigabit Ethernet WAN port. For the dual-WAN port models, dual 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing or failover protection of your Internet connection, providing increased system reliability or increased throughput.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Dual-WAN Port Models for Increased Reliability or Outbound Load Balancing The UTM product line offers models with two broadband WAN ports. The second WAN port allows you to connect a second broadband Internet line that can be configured on a mutuallyexclusive basis to: • Provide backup and rollover if one line is inoperable, ensuring you are never disconnected.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual A Powerful, True Firewall Unlike simple Internet sharing NAT routers, the UTM is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. Its firewall features have the following capabilities: • DoS protection. Automatically detects and thwarts denial of service (DoS) attacks such as Ping of Death and SYN Flood. • Secure firewall. Blocks unwanted traffic from the Internet to your LAN.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Objectionable traffic protection. The UTM prevents objectionable content from reaching your computers. You can control access to the Internet content by screening for Web services, Web addresses, and keywords within Web addresses. You can log and report attempts to access objectionable Internet sites. • Automatic signature updates.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Extensive Protocol Support The UTM supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, see “Internet Configuration Requirements” on page B-3. The UTM provides the following protocol support: • IP address sharing by NAT.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • SSL VPN Wizard. The UTM includes the NETGEAR SSL VPN Wizard to easily configure SSL connections over VPN according to the recommendations of the VPNC to ensure the SSL connections are interoperable with other VPNC-compliant VPN routers and clients. • SNMP. The UTM supports the Simple Network Management Protocol (SNMP) to let you monitor and manage log resources from an SNMP-compliant system manager.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 1-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: When you reset the UTM to the original factory default settings after you have entered the license keys to activate the UTM (see “Registering the UTM with NETGEAR” on page 2-26), the license keys are erased. The license keys and the different types of licenses that are available for the UTM are no longer displayed on the Registration screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Hardware Features The front panel ports and LEDs, rear panel ports, and bottom label of the UTM are described below. Front Panel Viewed from left to right, the UTM front panel contains the following ports (see Figure 1-2 on page 1-10, which shows a dual-WAN port model, the UTM25): • One non-functioning USB port: this port is included for future management enhancements. The port is currently not operable on the UTM.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Figure 1-2 shows a dual-WAN port model (the UTM25). Single-WAN port models contain the left WAN port that is shown in Figure 1-2 but no right WAN port nor any Active WAN LEDs. The function of each LED is described in Table 1-2. Table 1-2. LED Descriptions Object Activity Description Power On (Green) Power is supplied to the UTM. Off Power is not supplied to the UTM. On (Amber) during startup.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 1-2. LED Descriptions (continued) Object Activity Description Active LED (dual-WAN port models only) Off The WAN port is either not enabled or has no link to the Internet. On (Green) The WAN port has a valid Internet connection. Rear Panel The rear panel of the UTM includes a cable lock receptacle, a console port, a reset button, and an AC power connection.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 1-4 shows the product label for the UTM5. Figure 1-4 Figure 1-5 shows the product label for the UTM10. Figure 1-5 Introduction 1-13 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 1-6 shows the product label for the UTM25. Figure 1-6 Choosing a Location for the UTM The UTM is suitable for use in an office environment where it can be free-standing (on its runner feet) or mounted into a standard 19-inch equipment rack. Alternatively, you can rack-mount the UTM in a wiring closet or equipment room.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Temperature operating limits are not likely to be exceeded. Install the unit in a clean, airconditioned environment. For information about the recommended operating temperatures for the UTM, see Appendix A, “Default Settings and Technical Specifications.” Using the Rack-Mounting Kit Use the mounting kit for the UTM to install the appliance in a rack. (A mounting kit is provided in the package for the dual-WAN port models).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 1-16 Introduction v1.
Chapter 2 Using the Setup Wizard to Provision the UTM in Your Network Understanding the Steps for Initial Connection Typically, the UTM is installed as a network gateway to function as a combined LAN switch, firewall, and content scan engine in order to protect the network from all incoming and outgoing malware threats. Generally, five steps are required to complete the basic and security configuration of your UTM: 1. Connect the UTM physically to your network.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Qualified Web Browsers To configure the UTM, you must use a Web browser such as Microsoft Internet Explorer 6 or higher, Mozilla Firefox 3 or higher, or Apple Safari 3 or higher with JavaScript, cookies, and you must have SSL enabled.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 2-1 Note: The first time that you remotely connect to the UTM with a browser via an SSL connection, you might get a warning message regarding the SSL certificate. You can follow to directions of your browser to accept the SSL certificate, or you can import the UTM’s root certificate by clicking the hyperlink at the he bottom of the NETGEAR Configuration Manager Login screen. 3. In the User field, type admin.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. Click Login. The Web Management Interface appears, displaying the System Status screen. (Figure 2-2 on page 2-4 shows the top part of a dual-WAN port model screen. For information about this screen, see “Viewing System Status” on page 11-20). Note: After 5 minutes of inactivity (the default login time-out), you are automatically logged out. Figure 2-2 2-4 Using the Setup Wizard to Provision the UTM in Your Network v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Understanding the Web Management Interface Menu Layout Figure 2-3 shows the menu at the top of a dual-WAN port model’s Web Management Interface (in this example, the UTM25). The single-WAN port model’s Web Management Interface layout is identical with the exception that it shows only a single WAN ISP Setting submenu tab.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The bottom of each screen provides action buttons. The nature of the screen determines which action buttons are shown. Figure 2-4 shows an example. Figure 2-4 Any of the following action buttons might be displayed on screen (this list might not be complete): • • • • • • • • • Apply. Save and apply the configuration. Reset. Reset the configuration to default values. Test.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • • Down. Move down the selected entry in the table. Apply. Apply the selected entry. Almost all screens and sections of screens have an accompanyning help screen. To open the help screen, click the question mark icon. ( ).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 1 of 10: LAN Settings Figure 2-7 Enter the settings as explained in Table 2-1 on page 2-9, then click Next to go the following screen. Note: In this first step, you are actually configuring the LAN settings for the UTM’s default VLAN. For more information about VLANs, see “Managing Virtual LANs and DHCP Options” on page 4-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-1. Setup Wizard Step 1: LAN Settings Setting Description (or Subfield and Description) LAN TCP/IP Setup IP Address Enter the IP address of the UTM’s default VLAN (the factory default is 192.168.1.1). Note: Always make sure that the LAN port IP address and DMZ port IP address are in different subnets.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-1. Setup Wizard Step 1: LAN Settings (continued) Setting Description (or Subfield and Description) Enable DHCP Server (continued) Primary DNS Server This is optional. If an IP address is specified, the UTM provides this address as the primary DNS server IP address. If no address is specified, the UTM provides its own LAN IP address as the primary DNS server IP address. Secondary DNS Server This is optional.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-1. Setup Wizard Step 1: LAN Settings (continued) Setting Description (or Subfield and Description) DNS Proxy Enable DNS Proxy This is optional. Select the Enable DNS Proxy radio button to enable the UTM to provide a LAN IP address for DNS address name resolution. This setting is enabled by default.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Click the Auto Detect action button at the bottom of the menu. The auto-detect process probes the WAN port for a range of connection methods and suggests one that your ISP is most likely to support. Note: After you have completed the steps in the Setup Wizard, you can make changes to the WAN settings by selecting Network Config > WAN Settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-2. Setup Wizard Step 2: WAN Settings (continued) Setting Description (or Subfield and Description) Austria (PPTP) (continued) Idle Timeout Select the Keep Connected radio button to keep the connection always on. To log out after the connection is idle for a period of time, select the Idle Time radio button and, in the timeout field, enter the number of minutes to wait before disconnecting.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-2. Setup Wizard Step 2: WAN Settings (continued) Setting Description (or Subfield and Description) Use These DNS Servers If your ISP has assigned DNS addresses, select the Use these DNS Servers radio button. Ensure that you fill in valid DNS server IP addresses in the fields. Incorrect DNS entries might cause connectivity issues. Primary DNS Server The IP address of the primary DNS server.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-3. Setup Wizard Step 3: System Date and Time Settings Setting Description (or Subfield and Description) Set Time, Date and NTP Servers Date/Time From the pull-down menu, select the local time zone in which the UTM operates. The proper time zone is required in order for scheduling to work correctly. The UTM includes a real-time clock (RTC), which it uses for scheduling.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 4 of 10: Services Figure 2-10 Enter the settings as explained in Table 2-4 on page 2-17, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the security services by selecting Application Security > Services.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-4. Setup Wizard Step 4: Services Settings Setting Description (or Subfield and Description) Email SMTP POP3 IMAP SMTP scanning is enabled by default on standard service port 25. To disable any of these services, deselect the corresponding checkbox. POP3 scanning is enabled by default You can change the standard service on standard service port 110.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 5 of 10: Email Security Figure 2-11 Enter the settings as explained in Table 2-5, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the email security settings by selecting Application Security > Email Anti-Virus. The Email Anti-Virus screen also lets you specify notification settings and email alert settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-5. Setup Wizard Step 5: Email Security Settings (continued) Setting Description (or Subfield and Description) IMAP From the IMAP pull-down menu, specify one of the following actions when an infected e-mail is detected: • Delete attachment. This is the default setting. The e-mail is not blocked, but the attachment is deleted, and a log entry is created. • Log only. Only a log entry is created.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: After you have completed the steps in the Setup Wizard, you can make changes to the Web security settings by selecting Application Security > HTTP/HTTPS > Malware Scan. The Malware Scan screen also lets you specify HTML scanning and notification settings. For more information about these settings, see “Configuring Web Malware Scans” on page 6-21. Table 2-6.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 7 of 10: Web Categories to Be Blocked Figure 2-13 Using the Setup Wizard to Provision the UTM in Your Network v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Enter the settings as explained in Table 2-7, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the content filtering settings by selecting Application Security > HTTP/HTTPS > Content Filtering. The Content Filtering screen lets you specify additional filtering tasks and notification settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 8 of 10: Email Notification Figure 2-14 Enter the settings as explained in Table 2-8, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the administrator email notification settings by selecting Network Config > Email Notification. For more information about these settings, see “Configuring the E-mail Notification Server” on page 11-5.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setup Wizard Step 9 of 10: Signatures & Engine Figure 2-15 Enter the settings as explained in Table 2-9 on page 2-25, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the signatures and engine settings by selecting Administration > System Update > Signatures and Engine.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 2-9. Setup Wizard Step 9: Signatures & Engine Settings Setting Description (or Subfield and Description) Update Settings Update From the pull-down menu, select one of the following options: • Never. The pattern and firmware files are never automatically updated. • Scan engine and Signatures. The pattern and firmware files are automatically updated according to the Update Frequency settings below.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Verifying Proper Installation Test the UTM before deploying it in a live production environment. The following instructions walk you through a couple of quick tests that are designed to ensure that your UTM is functioning correctly. Testing Connectivity Verify that network traffic can pass through the UTM: • • Ping an Internet URL. Ping the IP address of a device on either side of the UTM.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Activating the service licenses initiates their terms of use. Activate the licenses only when you are ready to start using this unit. If your unit has never been registered before you can use the 30-day trial period for all 3 types of licenses to perform the initial testing and configuration. To use the trial period, do not click Register in step 4 of the procedure below but click Trial instead.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. Repeat step 2 and step 4 for additional license keys. The UTM activates the licenses and registers the unit with the NETGEAR registration server. Note: When you reset the UTM to the original factory default settings after you have entered the license keys to activate the UTM (see “Registering the UTM with NETGEAR” on page 2-26), the license keys are erased.
Chapter 3 Manually Configuring Internet and WAN Settings Note: The initial Internet configuration of the UTM is described in Chapter 2, “Using the Setup Wizard to Provision the UTM in Your Network.” If you used the Setup Wizard to configure your Internet settings, you need this chapter only to configure WAN features such as Dual WAN and Dynamic DNS, and to configure secondary WAN addresses and advanced WAN options.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Configure dynamic DNS on the WAN ports (optional). Configure your fully qualified domain names during this phase (if required). See “Configuring Dynamic DNS” on page 3-19. 5. Configure the WAN options (optional). Optionally, you can enable each WAN port to respond to a ping, and you can change the factory default MTU size and port speed. However, these are advanced features and changing them is not usually required.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 3-1 2. Click the Auto Detect action button at the bottom of the menu. The auto-detect process probes the WAN port for a range of connection methods and suggests one that your ISP is most likely to support. (Figure 3-2 shows a dual-WAN port model’s screen. A single-WAN port model’s screen shows only a single WAN ISP Settings submenu tab.) Figure 3-2 Manually Configuring Internet and WAN Settings v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The auto-detect process will return one of the following results: • If the auto-detect process is successful, a status bar at the top of the menu displays the results (see the red text in Figure 3-2 on page 3-3). • If the auto-detect process senses a connection method that requires input from you, it prompts you for the information. All methods with their required settings are detailed in Table 3-1. Table 3-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The WAN Status window should show a valid IP address and gateway. If the configuration was not successful, skip ahead to “Manually Configuring the Internet Connection” on this page , or see “Troubleshooting the ISP Connection” on page 12-5. Note: If the configuration process was successful, you are connected to the Internet through WAN port 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To manually configure the WAN1 ISP (dual-WAN port models) or WAN ISP (single-WAN port models) settings: 1. On a dual-WAN port model, select Network Configuration > WAN Settings > WAN1 ISP Settings. The WAN Settings tabs appear, with the WAN1 ISP Settings screen in view (see Figure 3-1 on page 3-3, which shows a dual-WAN port model’s screen). On a single-WAN port model, select Network Configuration > WAN Settings > WAN ISP Settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter the settings as explained in Table 3-2. Table 3-2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6. Configure the Internet (IP) Address settings as explained in Table 3-3. Click the Current IP Address link to see the currently assigned IP address. Figure 3-6 Table 3-3. Internet (IP) Address Settings Setting Description (or Subfield and Description) Get Dynamically If your ISP has not assigned you a static IP address, select the Get dynamically from ISP from ISP radio button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-4. DNS Server Settings Setting Description (or Subfield and Description) Get Automatically from ISP If your ISP has not assigned any Domain Name Servers (DNS) addresses, select the Get Automatically from ISP radio button. Use These DNS Servers If your ISP has assigned DNS addresses, select the Use these DNS Servers radio button. Ensure that you fill in valid DNS server IP addresses in the fields.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual If you want to use a redundant ISP link for backup purposes, select the WAN port that must act as the primary link for this mode. Ensure that the backup WAN port has also been configured and that you configure the WAN Failure Detection Method on the WAN Mode screen to support auto-rollover. • Load Balancing Mode. The UTM distributes the outbound traffic equally among the WAN interfaces that are functional.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Classical Routing (All Models) In classical routing mode, the UTM performs routing, but without NAT. To gain Internet access, each PC on your LAN must have a valid static Internet IP address. If your ISP has allocated a number of static IP addresses to you, and you have assigned one of these addresses to each PC, you can choose classical routing.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the dual-WAN ports for auto-rollover mode: 1. Select Network Config > WAN Settings from the menu, then click the WAN Mode tab. The WAN Mode screen displays. Figure 3-8 2. Enter the settings as explained in Table 3-5. Table 3-5. Auto-Rollover Mode Settings (Dual-WAN Port Models Only) Setting Description (or Subfield and Description) Port Mode Auto-Rollover using Select the Auto-Rollover using WAN port radio button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-5. Auto-Rollover Mode Settings (Dual-WAN Port Models Only) (continued) Setting Description (or Subfield and Description) WAN Failure Detection Method Select one of the following detection failure methods: DNS lookup using WAN DNS Servers DNS queries are sent to the DNS server configured on the WAN ISP pages (see “Configuring the Internet Connections” on page 3-2).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: The default time to roll over after the primary WAN interface fails is 2 minutes; a 30-second minimum test period for a minimum of 4 tests. 3. Click Apply to save your settings. When a rollover occurs, you can configure the UTM to generate a notification e-mail to a specified address (see “Configuring and Activating System, E-mail, and Syslog Logs” on page 11-6).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 3-9 a. Figure 3-9 shows one example in the Protocol Binding table. Configure the protocol binding settings as explained in Table 3-6. Table 3-6. Protocol Binding Settings (Dual-WAN Port Models Only) Setting Description (or Subfield and Description) Add Protocol Binding Service From the pull-down menu, select a service or application to be covered by this rule.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-6. Protocol Binding Settings (Dual-WAN Port Models Only) (continued) Setting Description (or Subfield and Description) Source Network (continued) Group 1–Group 8 If this option is selected, the rule is applied to the devices that are assigned to the selected group. Note: You may also assign a customized name to a group (see “Changing Group Names in the Network Database” on page 4-16).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Secondary WAN Addresses A single WAN Ethernet port can be accessed through multiple IP addresses by adding aliases to the port. An alias is a secondary WAN address. One advantage is, for example, that you can assign different virtual IP addresses to a Web server and FTP server, even though both servers use the same physical IP address.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To add a secondary WAN address to a WAN port: 1. Select Network Config > WAN Settings from the menu. On a dual-WAN port model, the WAN Settings submenu tabs appear with the WAN1 ISP Settings screen in view. On a single WAN model, the WAN Settings submenu tabs appear with the WAN ISP Settings screen in view. 2. Click the Secondary Addresses option arrow.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows devices with varying public IP addresses to be located using Internet domain names. To use DDNS, you must set up an account with a DDNS provider such as DynDNS.org, TZO.com, or Oray.net. (Links to DynDNS, TZO and Oray are provided for your convenience as submenu tabs of the Dynamic DNS configuration menu.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 3-11 The WAN Mode section on screen reports the currently configured WAN mode. (For the dualWAN port models, for example, Single Port WAN1, Load Balancing, or Auto Rollover.) Only those options that match the configured WAN Mode are accessible on screen. 3. Select the submenu tab for your DDNS service provider: • Dynamic DNS submenu tab (which is shown in Figure 3-11) for DynDNS.org or DYNDNS.com. • DNS TZO submenu tab for TZO.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click the Information option arrow in the upper right corner of a DNS screen for registration information. Figure 3-12: 5. Access the Web site of the DDNS service provider and register for an account (for example, for dyndns.org, go to http://www.dyndns.com/). 6.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 7. Click Apply to save your configuration. Configuring Advanced WAN Options The advanced options include configuration of the maximum transmission unit (MTU) size, port speed, UTM’s MAC address, and setting a rate-limit on the traffic that is being forwarded by the UTM. To configure advanced WAN options: 1. Select Network Config > WAN Settings from the menu.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the default information settings as explained in Table 3-8. Table 3-8. Advanced WAN Settings Setting Description (or Subfield and Description) MTU Size Make one of the following selections: Default Select the Default radio button for the normal Maximum Transmit Unit (MTU) value. For most Ethernet networks this value is 1500 Bytes, or 1492 Bytes for PPPoE connections.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 3-8. Advanced WAN Settings (continued) Setting Description (or Subfield and Description) Use this MAC Address Select the Use this MAC Address radio button to manually enter the MAC address in the field next to the radio button. You would typically enter the MAC address that your ISP is requiring for MAC authentication.
Chapter 4 LAN Configuration Note: The initial LAN configuration of the UTM’s default VLAN 1 is described in Chapter 2, “Using the Setup Wizard to Provision the UTM in Your Network.” This chapter describes how to configure the advanced LAN features of your UTM. This chapter contains the following sections: • • • • • “Managing Virtual LANs and DHCP Options” on this page. “Configuring Multi-Home LAN IPs on the Default VLAN” on page 4-11. “Managing Groups and Hosts (LAN Groups)” on page 4-12.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VLANs have a number of advantages: • • • • It is easy to set up network segmentation. Users who communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network. They are easy to manage.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual When you create a VLAN profile, assign LAN ports to the VLAN, and enable the VLAN, the LAN ports that are member of the VLAN can send and receive both tagged and untagged packets. Untagged packets that enter these LAN ports are assigned to the default PVID 1; packets that leave these LAN ports with the same default PVID 1 are untagged.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual For each VLAN profile, the following fields are displayed in the VLAN Profiles table: • Checkbox. Allows you to select the VLAN profile in the table. • Status Icon. Indicates the status of the VLAN profile: – Green circle: the VLAN profile is enabled. – Grey circle: the VLAN profile is disabled. Profile Name. The unique name assigned to the VLAN profile. VLAN ID. The unique ID (or tag) assigned to the VLAN profile. Subnet IP.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The UTM delivers the following settings to any LAN device that requests DHCP: • An IP address from the range that you have defined • Subnet mask • Gateway IP address (the UTM’s LAN IP address) • Primary DNS server (the UTM’s LAN IP address) • WINS server (if you entered a WINS server address in the DHCP Setup menu) • Lease time (the date obtained and the duration of the lease).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual LDAP Server A Lightweight Directory Access Protocol (LDAP) server allows a user to query and modify directory services that run over TCP/IP. For example, clients can query email addresses, contact information, and other service information using an LDAP server. For each VLAN, you can specify an LDAP server and a search base that defines the location in the directory (that is, the directory tree) from which the LDAP search begins.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Either select an entry from the VLAN Profiles table by clicking the corresponding Edit table button or add a new VLAN profile by clicking the Add table button under the VLAN Profiles table. The Edit VLAN Profile screen displays (see Figure 4-3). Figure 4-3 LAN Configuration 4-7 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 4-1. Table 4-1. VLAN Profile Settings Setting Description (or Subfield and Description) VLAN Profile Profile Name Enter a unique name for the VLAN profile. Note: You can also change the profile name of the default VLAN. VLAN ID Enter a unique ID number for the VLAN profile. No two VLAN can have the same VLAN ID number. Note: You can enter VLAN IDs from 2 to 4093.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-1. VLAN Profile Settings (continued) Setting Description (or Subfield and Description) Enable DHCP Server (continued) Starting IP Address Enter the starting IP address. This address specifies the first of the contiguous addresses in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address between this address and the Ending IP Address. The IP address 192.168.1.2 is the default start address.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-1. VLAN Profile Settings (continued) Setting Description (or Subfield and Description) Enable LDAP information (continued) Search Base The search objects that specify the location in the directory tree from which the LDAP search begin. You can specify multiple search object, separated by commas.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Multi-Home LAN IPs on the Default VLAN If you have computers using different IP networks in the LAN, (for example, 172.16.2.0 or 10.0.0.0), you can add aliases to the LAN ports and give computers on those networks access to the Internet, but you can do so only for the default VLAN. The IP address that is assigned as a secondary IP address must be unique and must not be assigned to the VLAN.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. In the Add Secondary LAN IPs section of the screen, enter the following settings: • IP Address. Enter the secondary address that you want to assign to the LAN ports. • Subnet Mask. Enter the subnet mask for the secondary IP address. 4. Click the Add table button in the rightmost column to add the secondary IP address to the Available Secondary LAN IPs table.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Some advantages of the Network Database are: • Generally, you do not need to enter either IP address or MAC addresses. Instead, you can just select the name of the desired PC or device. • There is no need to reserve an IP address for a PC in the DHCP server.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 4-5 The Known PCs and Devices table lists the entries in the Network Database. For each PC or device, the following fields are displayed: • Checkbox. Allows you to select the PC or device in the table. • Name. The name of the PC or device. For computers that do not support the NetBIOS protocol, the name is displayed as “Unknown” (you can edit the entry manually to add a meaningful name).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Adding PCs or Devices to the Network Database To add PCs or devices manually to the Network Database: 1. In the Add Known PCs and Devices section of the LAN Groups screen (see Figure 4-5 on page 4-14), enter the settings as explained in Table 4-2. Table 4-2. Add Known PCs and Devices Settings Setting Description (or Subfield and Description) Name Enter the name of the PC or device.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Editing PCs or Devices in the Network Database To edit PCs or devices manually in the Network Database: 1. In the Known PCs and Devices table of the LAN Groups screen (see Figure 4-5 on page 4-14), click the Edit table button of a table entry. The Edit Groups and Hosts screen displays (see Figure 4-6, which contains some examples). Figure 4-6 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Click the Edit Group Names option arrow at the right of the LAN submenu tabs. The Network Database Group Names screen displays. (Figure 4-7 shows some examples.) Figure 4-7 4. Select the radio button next to any group name to enable editing. 5. Type a new name in the field. The maximum number of characters is 15; spaces and double quotes (") are not allowed. 6. Repeat step 4 and step 5 for any other group names. 7.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To reserve an IP address, select Reserved (DHCP Client) from the IP Address Type pull-down menu on the LAN Groups screen as described in “Adding PCs or Devices to the Network Database” on page 4-15 or on the Edit Groups and Hosts screen as described in “Editing PCs or Devices in the Network Database” on page 4-16. Note: The reserved address is not assigned until the next time the PC or device contacts the UTM’s DHCP server.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To enable and configure the DMZ port: 1. Select Network Config > DMZ Setup from the menu. The DMZ Setup screen displays. Figure 4-8 2. Enter the settings as explained in Table 4-3 on page 4-20. LAN Configuration 4-19 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-3. DMZ Setup Settings Setting Description (or Subfield and Description) DMZ Port Setup Do you want to enable DMZ Port? Select one of the following radio buttons: • Yes. Enables you to configure the DMZ port settings. Enter the IP address and Subnet Mask fields (see below). • No. Allows to disable the DMZ port after you have configured it. IP Address Enter the IP address of the DMZ port.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-3. DMZ Setup Settings (continued) Setting Description (or Subfield and Description) Enable DHCP Server Primary DNS (continued) Server DHCP Relay This is optional. If an IP address is specified, the UTM provides this address as the primary DNS server IP address. If no address is specified, the UTM provides its own LAN IP address as the primary DNS server IP address. Secondary DNS Server This is optional.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-3. DMZ Setup Settings (continued) Setting Description (or Subfield and Description) DNS Proxy Enable DNS Proxy This is optional. Select the Enable DNS Proxy radio button to enable the UTM to provide a LAN IP address for DNS address name resolution. This setting is enabled by default.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Static Routes To add a static route to the Static Route table: 1. Select Network Config > Routing from the menu. The Routing screen displays. Figure 4-9 2. Click the Add table button under the Static Routes table. The Add Static Route screen displays. Figure 4-10 LAN Configuration 4-23 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 4-4. Table 4-4. Static Route Settings Setting Description (or Subfield and Description) Route Name The route name for the static route (for purposes of identification and management). Active To make the static route effective, select the Active checkbox. Note: A route can be added to the table and made inactive, if not needed.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To enable and configure RIP: 1. Select Network Configuration > Routing from the menu. 2. Click the RIP Configuration option arrow at the right of the Routing submenu tab. The RIP Configuration screen displays. Figure 4-11 3. Enter the settings as explained in Table 4-5 on page 4-26. LAN Configuration 4-25 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-5. RIP Configuration Settings Setting Description (or Subfield and Description) RIP RIP Direction From the RIP Direction pull-down menu, select the direction in which the UTM sends and receives RIP packets: • None. The neither advertises its route table nor does it accept any RIP packets from other routers. This effectively disables RIP. • In Only.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 4-5. RIP Configuration Settings (continued) Setting Description (or Subfield and Description) Authentication for RIP-2B/2M required? (continued) Not Valid Before The beginning of the lifetime of the MD5 key. Enter the month, date, year, hour, minute, and second. Before this date and time, the MD5 key is not valid. Not Valid After The end of the lifetime of the MD5 key. Enter the month, date, year, hour, minute, and second.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4-28 LAN Configuration v1.
Chapter 5 Firewall Protection This chapter describes how to use the firewall features of the UTM to protect your network. This chapter contains the following sections: • • • • • • • • • “About Firewall Protection” on this page. “Using Rules to Block or Allow Specific Kinds of Traffic” on page 5-3. “Configuring Other Firewall Features” on page 5-27 “Creating Services, QoS Profiles, and Bandwidth Profiles” on page 5-32.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Administrator Tips Consider the following operational items: 1. As an option, you can enable remote management if you have to manage distant sites from a central location (see “Configuring VPN Authentication Domains, Groups, and Users” on page 9-1 and “Configuring Remote Management Access” on page 10-12). 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using Rules to Block or Allow Specific Kinds of Traffic Firewall rules are used to block or allow specific traffic passing through from one side to the other. You can configure up to 800 rules on the UTM. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Quality of Service (QoS) priorities. Each service has its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change the QoS priority, which changes the traffic mix through the system (see “Creating Quality of Service (QoS) Profiles” on page 5-35). Outbound Rules (Service Blocking) The UTM allows you to block the use of certain Internet services by PCs on your network.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-2. Outbound Rules Overview Setting Description (or Subfield and Description) Service The service or application to be covered by this rule. If the service or application does not appear in the list, you must define it using the Services menu (see “Adding Customized Services” on page 5-32). Action (Filter) The action for outgoing connections covered by this rule: • BLOCK always. • BLOCK by schedule, otherwise allow.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-2. Outbound Rules Overview (continued) Setting Description (or Subfield and Description) QoS Profile The priority assigned to IP packets of this service. The priorities are defined by “Type of Service (ToS) in the Internet Protocol Suite” standards, RFC 1349. The QoS profile determines the priority of a service which, in turn, determines the quality of that service for the traffic passing through the firewall.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Whether or not DHCP is enabled, how the PCs accesses the server’s LAN address impacts the inbound rules. For example: • If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP address might change periodically as the DHCP lease expires. Consider using Dyamic DNS so that external users can always find your network (see “Configuring Dynamic DNS” on page 3-19).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Table 5-3. Inbound Rules Overview Setting Description (or Subfield and Description) Service The service or application to be covered by this rule. If the service or application does not appear in the list, you must define it using the Services menu (see “Adding Customized Services” on page 5-32). Action (Filter) The action for outgoing connections covered by this rule: • BLOCK always. • BLOCK by schedule, otherwise allow.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-3. Inbound Rules Overview (continued) Setting Description (or Subfield and Description) LAN Users The settings that determine which computers on your network are affected by this rule. The options are: • Any. All PCs and devices on your LAN. • Single address. Enter the required address to apply the rule to a single device on your LAN. • Address range.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-3. Inbound Rules Overview (continued) Setting Description (or Subfield and Description) Log The settings that determines whether packets covered by this rule are logged. The options are: • Always. Always log traffic considered by this rule, whether it matches or not. This is useful when debugging your rules. • Never. Never log traffic considered by this rule, whether it matches or not.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules screen as the last item in the list, as shown in the LAN WAN Rules screen example in Figure 5-1. Figure 5-1 For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules table, beginning at the top and proceeding to the bottom.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting LAN WAN Rules The default outbound policy is to allow all traffic to the Internet to pass through. Firewall rules can then be applied to block specific types of traffic from going out from the LAN to the Internet (outbound). This feature is also referred to as service blocking.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To make changes to an existing outbound or inbound service rule, in the Action column to the right of to the rule, click on of the following table buttons: • Edit. Allows you to make any changes to the rule definition of an existing rule.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create a new outbound LAN WAN service rule: 1. In the LAN WAN Rules screen, click the Add table button under the Outbound Services table. The Add LAN WAN Outbound Service screen displays. Figure 5-3 2. Enter the settings as explained in Table 5-2 on page 5-5. 3. Click Apply to save your changes. The new rule is now added to the Outbound Services table.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create a new inbound LAN WAN service rule: 1. In the LAN WAN Rules screen, click the Add table button under the Inbound Services table. The Add LAN WAN Inbound Service screen displays. Figure 5-4 2. Enter the settings as explained in Table 5-3 on page 5-8. 3. Click Apply to save your changes. The new rule is now added to the Inbound Services table.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To access the DMZ WAN Rules screen: 1. Select Network Security > Firewall from the menu. The Firewall submenu tabs appear. 2. Click the DMZ WAN Rules submenu tab. The DMZ WAN Rules screen displays. (Figure 5-5 shows a rule in the Outbound Services table as an example).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click one of the following table buttons: • Disable. Disables the rule or rules. The “!” status icon changes from a green circle to a grey circle, indicating that the rule is or rules are disabled. (By default, when a rule is added to the table, it is automatically enabled.) • Delete. Deletes the rule or rules.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual DMZ WAN Inbound Services Rules The Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules are listed. By default, all inbound traffic (from the Internet to the DMZ) is allowed. Inbound rules that are configured on the LAN WAN Rules screen take precedence over inbound rules that are configured on the DMZ WAN Rules screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting LAN DMZ Rules The LAN DMZ Rules screen allows you to create rules that define the movement of traffic between the LAN and the DMZ. The default outbound and inbound policies are to allow all traffic between the local LAN and DMZ network. You can then apply firewall rules to block specific types of traffic from either going out from the LAN to the DMZ (outbound) or coming in from the DMZ to the LAN (inbound).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Up. Moves the rule up one position in the table rank. • Down. Moves the rule down one position in the table rank. To delete or disable one or more rules: 1. Select the checkbox to the left of the rule that you want to delete or disable or click the Select All table button to select all rules. 2. Click one of the following table buttons: • Disable. Disables the rule or rules.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 5-2 on page 5-5. 3. Click Apply. The new rule is now added to the Outbound Services table. The rule is automatically enabled. LAN DMZ Inbound Services Rules The Inbound Services table lists all existing rules for inbound traffic. If you have not defined any rules, no rules are listed. By default, all inbound traffic (from the LAN to the DMZ) is allowed.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of the day.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-12 LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping In this example, we will configure multi-NAT to support multiple public IP addresses on one WAN interface. By creating an inbound rule, we will configure the UTM to host an additional public IP address and associate this address with a Web server on the LAN.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Tip: If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ. One of these public IP addresses is used as the primary IP address of the router that provides Internet access to your LAN PCs through NAT. The other addresses are available to map to your servers. To configure the UTM for additional IP addresses: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6. In the Send to LAN Server field, enter the local IP address of your Web server PC (192.168.1.2 in this example). 7. For the dual-WAN port models only: from the WAN Destination IP Address pull-down menu, select the Web server (the simulated 10.1.0.52 address in this example) that you first must have defined on the WAN1 Secondary Addresses or WAN2 Secondary Addresses screen (see “Configuring Secondary WAN Addresses” on page 3-17).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 1. Select Any and Allow Always (or Allow by Schedule). 2. Place the rule below all other inbound rules. Figure 5-14 Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger, Real Audio, or other non-essential sites.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-15 Configuring Other Firewall Features You can configure attack checks, set session limits, and manage the Application Level Gateway (ALG) for SIP sessions. Attack Checks The Attack Checks screen allows you to specify whether or not the UTM should be protected against common attacks in the DMZ, LAN, and WAN networks. The various types of attack checks are listed on the Attack Checks screen and defined in Table 5-4 on page 5-28.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Attack Checks submenu tab. The Attack Checks screen displays. Figure 5-16 3. Enter the settings as explained in Table 5-4. Table 5-4. Attack Checks Settings Setting Description (or Subfield and Description) WAN Security Checks Respond To Ping On Select the Respond To Ping On Internet Ports checkbox to enable the UTM to Internet Ports respond to a ping from the Internet. A ping can be used as a diagnostic tool.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-4. Attack Checks Settings (continued) Setting Description (or Subfield and Description) LAN Security Checks. Block UDP flood Select the Block UDP flood checkbox to prevent the UTM from accepting more than 20 simultaneous, active UDP connections from a single device on the LAN. By default, the Block UDP flood checkbox is deselected.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting Session Limits Session limits allows you to specify the total number of sessions that are allowed, per user, over an IP connection across the UTM. The Session Limit feature is disabled by default. To enable and configure the Session Limit feature: 1. Select Network Security > Firewall from the menu. The Firewall submenu tabs appear. 2. Click the Session Limit submenu tab. The Session Limit screen displays. Figure 5-17 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-5. Session Limit Settings Setting Description (or Subfield and Description) Session Limit User Limit Parameter From the User Limit Parameter pull-down menu, select one of the following options: • Percentage of Max Sessions. A percentage of the total session connection capacity of the UTM. • Number of Sessions. An absolute number of maximum sessions. User Limit Enter a number to indicate the user limit.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-18 3. Select the Enable SIP checkbox. 4. Click Apply to save your settings. Creating Services, QoS Profiles, and Bandwidth Profiles When you create inbound and outbound firewall rules, you use firewall objects such as services, QoS profiles, bandwidth profiles, and schedules to narrow down the firewall rules: • • • Services. A service narrows down the firewall rule to an application and a port number.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number. This number appears as the destination port number in the transmitted IP packets.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. In the Add Customer Service section of the screen, enter the settings as explained in Table 5-6. Table 5-6. Services Settings Setting Description (or Subfield and Description) Name A descriptive name of the service for identification and management purposes. Type From the Type pull-down menu, select the Layer 3 protocol that the service uses as its transport protocol: • TCP. • UDP. • ICMP.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Modify the settings that you wish to change (see Table 5-6 on page 5-34). 3. Click Apply to save your changes. The modified service is displayed in the Custom Services table. Creating Quality of Service (QoS) Profiles A quality of service (QoS) profile defines the relative priority of an IP packet when multiple connections are scheduled for simultaneous transmission on the UTM.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create a QoS profile: 1. Select Network Security > Firewall Objects from the menu. The Firewall Objects submenu tabs appear, with the Services screen in view. 2. Click the QoS Profiles submenu tab. The QoS Profiles screen displays. Figure 5-21 shows some profiles in the List of QoS Profiles table as an example. Figure 5-21 The screen displays the List of QoS Profiles table with the user-defined profiles. 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: This document assumes that you are familiar with QoS concepts such QoS priority queues, IP Precedence, DHCP, and their values. Table 5-7. QoS Profile Settings Setting Description (or Subfield and Description) Profile Name A descriptive name of the QoS profile for identification and management purposes.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Click Apply to save your changes. The modified QoS profile is displayed in the List of QoS Profiles table. Creating Bandwidth Profiles Bandwidth profiles determine the way in which data is communicated with the hosts. The purpose of bandwidth profiles is to provide a method for allocating and limiting traffic, thus allocating LAN users sufficient bandwidth while preventing them from consuming all the bandwidth on your WAN link.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-23 The screen displays the List of Bandwidth Profiles table with the user-defined profiles. 3. Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays. Figure 5-24 4. Enter the settings as explained in Table 5-8 on page 5-40. Firewall Protection 5-39 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-8. Bandwidth Profile Settings Setting Description (or Subfield and Description) Profile Name A descriptive name of the bandwidth profile for identification and management purposes. Minimum Bandwidth The minimum allocated bandwidth in Kbps. The default setting is 0 Kbps. Maximum Bandwidth The maximum allowed bandwidth in Kbps.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting a Schedule to Block or Allow Specific Traffic Schedules define the timeframes under which firewall rules may be applied. Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of these can be selected when defining firewall rules. To set a schedule: 1. Select Network Security > Firewall Objects from the menu. The Firewall Objects submenu tabs appear, with the Services screen in view. 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Specific Times. The schedule is active only on specific hours of the selected day or days. To the right of the radio buttons, specify the Start Time and End Time fields (Hour, Minute, AM/PM) during which the schedule is in effect. 5. Click Apply to save your settings to Schedule 1. Repeat these steps to set to a schedule for Schedule 2 and Schedule 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-26 2. In the MAC Filtering Enable section, select the Yes radio button. 3. In the same section, select one of the following options from the pull-down menu (next to Policy for MAC Addresses listed below): • Block. Traffic coming from all addresses in the MAC Addresses table is blocked. • Permit. Traffic coming from all addresses in the MAC Addresses table is permitted. 4.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Setting up IP/MAC Bindings IP/MAC Binding allows you to bind an IP address to a MAC address and vice-versa. Some PCs or devices are configured with static addresses. To prevent users from changing their static IP addresses, the IP/MAC Binding feature must be enabled on the UTM. If the UTM detects packets with a matching IP address but with the inconsistent MAC address (or vice-versa), the packets are dropped.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 5-27 3. Enter the settings as explained in Table 5-9. Table 5-9. IP/MAC Binding Settings Setting Description (or Subfield and Description) Email IP/MAC Violations Do you want to enable E-mail Logs for IP/MAC Binding Violation? Select one of the following radio buttons: • Yes. IP/MAC binding violations are e-mailed. • No. IP/MAC binding violations are not e-mailed.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-9. IP/MAC Binding Settings (continued) Setting Description (or Subfield and Description) IP Address The IP address of the PC or device that is bound to the MAC address. Log Dropped Packets To log the dropped packets, select Enable from the pull-down menu. The default setting is Disable. 4. Click the Add table button. The new IP/MAC rule is added to the IP/MAC Bindings table. 5. Click Apply to save your changes.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note these restrictions on port triggering: • Only one PC can use a port triggering application at any time. • After a PC has finished using a port triggering application, there is a short time-out period before the application can be used by another PC. This time-out period is required so the UTM can determine that the application has terminated.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-10. Port Triggering Settings Setting Description (or Subfield and Description) Name A descriptive name of the rule for identification and management purposes. Enable From the pull-down menu, select Yes to enable the rule. (You can define a rule but not enable it.) The default setting is No. Protocol From the pull-down menu, select the protocol to which the rule applies: • TCP.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using the Intrusion Prevention System The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in realtime, network attacks and port scans and to protect your network from such intrusions. You can set up alerts, block source IP addresses from which port scans are initiated, and drop traffic that carries attacks.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: Traffic that passes on the UTM’s VLANs and on the secondary IP addresses that you have configured on the LAN Multi-homing screen (see “Configuring MultiHome LAN IPs on the Default VLAN” on page 4-11) is also scanned by the IPS. When you enable the IPS, the default IPS configuration goes into effect. The default IPS configuration is the configuration that the Advanced (IPS) screen returns to when you click the Reset button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 5-31 Firewall Protection 5-51 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 5-11. IPS: Less Familiar Attack Names Attack Name Description (or Subfield and Description) Web web-misc Detects some specific Web attack tools, such as the fingerprinting tool and the password-cracking tool. web-attacks Detects the Web attacks that cannot be placed under other Web categories, such as DoS and overflow attacks against specific Web services.
Chapter 6 Content Filtering and Optimizing Scans This chapter describes how to apply the content filtering features of the UTM and how to optimize scans to protect your network. This chapter contains the following sections: • • • • “About Content Filtering and Scans” on this page. “Configuring E-mail Protection” on page 6-3. “Configuring Web and Services Protection” on page 6-19. “Setting Web Access Exceptions and Scanning Exclusions” on page 6-41.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Default E-mail and Web Scan Settings For most network environments, the default scan settings and actions that are shown in Table 6-1 work well but you can adjust these to the needs of your specific environment. Table 6-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-1. Default E-mail and Web Scan Settings (continued) Scan Type Default Scan Setting Education Allowed with the exception of School Cheating. Gaming Blocked Inactive Sites Allowed Internet Communication and Search Allowed with the exception of Anonymizers Leisure and News Allowed Malicious Blocked Politics and Religion Allowed Sexual Content Blocked Technology Allowed Default Action (if applicable) a.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Customizing E-mail Protocol Scan Settings To configure the e-mail protocols and ports to scan: 1. Select Application Security > Services from the menu. The Services screen displays (Figure 6-1 shows the upper part of the Services screen only). Figure 6-1 2. In the Email section of the screen, select the protocols to scan by selecting the Enable checkboxes and enter the port numbers if different from the default port numbers: • SMTP.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Customizing E-mail Anti-Virus and Notification Settings Whether or not the UTM detects an e-mail virus, you can configure it to take a variety of actions (some of the default actions are listed in Table 6-1 on page 6-2) and send notifications, e-mails, or both to the end users. To configure the e-mail anti-virus settings: 1. Select Application Security > Email Anti-Virus from the menu. The Email Anti-Virus screen displays.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 6-2. Table 6-2. E-mail Anti-Virus and Notification Settings Setting Description (or Subfield and Description) Action SMTP From the SMTP pull-down menu, specify one of the following actions when an infected e-mail is detected: • Block infected email. This is the default setting. The e-mail is blocked, and a log entry is created. • Delete attachment.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-2. E-mail Anti-Virus and Notification Settings (continued) Setting Description (or Subfield and Description) Append Safe Stamp (SMTP and POP3) For SMTP and POP3 e-mail messages, select this checkbox to insert a default safe stamp message at the end of an e-mail. The safe stamp insertion serves as a security confirmation to the end user. You can change the default message.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-2. E-mail Anti-Virus and Notification Settings (continued) Setting Description (or Subfield and Description) Subject The default subject line for the notification e-mail is “Malware detected!” You can change this subject line. Message The warning message informs the sender, the recipient, or both about the name of the malware threat. You can change the default message to include more information.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure e-mail content filtering: 1. Select Application Security > Email Filters from the menu. The Email Filters screen displays. Figure 6-3 Content Filtering and Optimizing Scans 6-9 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 6-3. Table 6-3. E-mail Filter Settings Setting Description (or Subfield and Description) Filter by Subject Keywords Keywords Enter keywords that should be detected in the e-mail subject line. Use commas to separate different keywords. The total maximum length of this field is 2048 characters, excluding duplicate words and delimiter commas.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-3. E-mail Filter Settings (continued) Setting Description (or Subfield and Description) Filter by File Type File Extension By default, the File Extension field lists the most common file extensions. You can manually add or delete extensions. Use commas to separate different extensions. You can enter a maximum of 40 file extensions; the maximum total length of this field, excluding the delimiter commas, is 160 characters.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Real-time blacklist. E-mails from known spam sources that are collected by blacklist providers are blocked. 4. Distributed Spam Analysis. E-mails that are detected as spam by the NETGEAR Spam Classification Center are either tagged or blocked. This order of implementation ensures the optimum balance between spam prevention and system performance.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the whitelist and blacklist: 1. Select Application Security > Anti-Spam from the menu. The Anti-Spam submenu tabs appear, with the Whitelist/Blacklist screen in view. Figure 6-4 Content Filtering and Optimizing Scans 6-13 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 6-3. Table 6-4. Whitelist/Blacklist Settings Setting Description (or Subfield and Description) Sender IP Address Whitelist Enter the source IP addresses from which e-mails can be trusted. Blacklist Enter the source IP addresses from which e-mails are blocked. Click Apply to save your settings or click Reset to clear all entries from these fields.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual blacklist providers and are made available to the public in the form of real-time blacklists (RBLs). By accessing these RBLs, the UTM can block spam originating from known spam sources. By default, the UTM comes with three pre-defined blacklist providers: Dsbl, Spamhaus, and Spamcop. There is no limit to the number of blacklist providers that you can add to the RBL sources. To enable the real-time blacklist: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Add table button in the Add column. The new blacklist provider is added to the realtime blacklist, and it is disabled by default. To delete a blacklist provider from the real-time blacklist: 1. In the real-time blacklist, click the Delete table button next to the blacklist provider that you want to delete. 2. Click Apply to save your settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-6 3. Enter the settings as explained in Table 6-5. Table 6-5. Distributed Spam Analysis Settings Setting Description (or Subfield and Description) Distributed Spam Analysis SMTP Select the SMTP checkbox to enable Distributed Spam Analysis for the SMTP protocol. (You can enable Distributed Spam Analysis for both SMTP and POP3.) POP3 Select the POP3 checkbox to enable Distributed Spam Analysis for the POP3 protocol.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-5. Distributed Spam Analysis Settings (continued) Setting Description (or Subfield and Description) Sensitivity From the Sensitivity pull-down menu, select the level of sensitivity for the anti-spam engine that performs the analysis: Low. Medium-Low. Medium. Medium High. This is the default setting. High. Note: A low sensitivity allows more e-mails to pass through but increases the risk of spam messages.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Web and Services Protection The UTM lets you configure the following settings to protect the network’s Internet and Web services communication: • • • • • • • • The Web protocols, instant messaging services, and peer-to-peer services that are scanned for malware threats. Actions that are taken when infected Web files or objects are detected. The maximum file sizes that are scanned. Web objects that are blocked.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-7 2. Enter the settings as explained in Table 6-5. Table 6-6. Web Protocol, Instant Messaging, and Peer-to-Peer Settings Setting Description (or Subfield and Description) Web HTTP Select the HTTP checkbox to enable Hypertext Transfer Protocol (HTTP) scanning. This service is enabled by default and uses default port 80. HTTPS Select the HTTPS checkbox to enable Hypertext Transfer Protocol over Secure Socket Layer (HTTPS).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-6. Web Protocol, Instant Messaging, and Peer-to-Peer Settings (continued) Setting Description (or Subfield and Description) Note: If a protocol uses a port other than the standard service port (for example, port 80 for HTTP), enter this non-standard port in the Ports to Scan field.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-8 2. Enter the settings as explained in Table 6-2. Table 6-7. Malware Scan Settings Setting Description (or Subfield and Description) Action HTTP and HTTPS Action From the HTTP or HTTPS pull-down menu, specify one of the following actions when an infected Web file or object is detected: • Delete file. This is the default setting. The Web file or object is deleted, and a log entry is created. • Log only.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-7. Malware Scan Settings (continued) Setting Description (or Subfield and Description) Scan Exception The default maximum file or object size that are scanned is 2048 KB, but you can define a maximum size of up to 10240 KB. However, setting the maximum size to a high value might affect the UTM's performance (see “Performance Management” on page 10-1).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Several types of Web content blocking are available: • File extension blocking. You can block files based on their extension. Such files can include, executable files, audio and video files, and compressed files. • Keyword blocking. You can specify words that, should they appear in the Web site name (URL) or in a newsgroup name, cause that site or newsgroup to be blocked by the UTM.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: You can bypass any type of Web blocking for trusted URLs by adding the URLs to the whitelist (see “Configuring Web URL Filtering” on page 6-30). Access to the URLs on the whitelist is allowed for PCs in the groups for which file extension, keyword, object, or category blocking, or a combination of these types of Web blocking has been enabled. To configure Web content filtering: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 6-10 [Content Filtering, screen 2 of 3] 6-26 Content Filtering and Optimizing Scans v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 6-11 [Content Filtering, screen 3 of 3] 3. Enter the settings as explained in Table 6-8 on page 6-28. Content Filtering and Optimizing Scans 6-27 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-8. Content Filtering Settings Setting Description (or Subfield and Description) Content Filtering Log HTTP Traffic Select this checkbox to log HTTP traffic. For information about how to view the logged traffic, see “Querying Logs and Generating Reports” on page 11-32. By default, HTTP traffic is not logged. Note: Logging HTTP traffic might affect the UTM's performance (see “Performance Management” on page 10-1).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-8. Content Filtering Settings (continued) Setting Description (or Subfield and Description) Select the Web Categories You Wish to Block Select the Enable Blocking checkbox to enable blocking of Web categories. By default, this checkbox is deselected. Select the checkboxes of any Web categories that you want to block. Use the action buttons at the top of the section in the following way: • Allow All.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-8. Content Filtering Settings (continued) Setting Description (or Subfield and Description) Web Category Lookup URL Enter a URL to find out if it has been categorized, and if so, in which category. Then, click the lookup button. If the URL has been categorized, the category appears next to Lookup Results. If the URL appears to be uncategorized, you can submit it to NETGEAR for analysis.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure Web URL filtering: 1. Select Application Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs appear, with the Malware Scan screen in view. 2. Click the URL Filtering submenu tab. The URL Filtering screen displays. (Figure 6-12 shows some examples.) Figure 6-12 Content Filtering and Optimizing Scans 6-31 v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 6-9. Table 6-9. URL Filtering Settings Setting Description (or Subfield and Description) Whitelist Enable Select this checkbox to bypass scanning of the URLs that are listed in the URL field. Users are allowed to access the URLs that are listed in the URL field. URL This field contains the URLs for which scanning is bypassed.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-9. URL Filtering Settings (continued) Setting Description (or Subfield and Description) URL This field contains the URLs that are blocked. To add a URL to this field, use the Add URL field or the Import from File tool (see below). You can add a maximum of 200 URLs. Note: If a URL is in both on the whitelist and blacklist, then the whitelist takes precedence and URLs on the whitelist are not scanned.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual HTTPS Scan Settings HTTPS traffic is encrypted traffic that cannot be scanned otherwise the data stream would not be secure. However, the UTM can scan HTTPS traffic that is transmitted through an HTTP proxy, that is, HTTPS traffic is scanned as a proxy between the HTTPS client and the HTTPS server. Figure 6-13 shows the HTTPS scanning traffic flow.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual If one of these is not satisfied, a security alert message appears in the browser window (see Figure 6-14). Figure 6-14 However, even when a certificate is trusted or still valid, or when the name of a certificate does match the name of the Web site, a security alert message still appears when a user who is connected to the UTM visits an HTTPS site.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the HTTPS scan settings: 1. Select Application Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs appear, with the Malware Scan screen in view. 2. Click the HTTPS Settings submenu tab. The HTTPS Settings screen displays. Figure 6-15 3. Enter the settings as explained in Table 6-10 on page 6-37. 6-36 Content Filtering and Optimizing Scans v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-10. HTTPS Settings Setting Description (or Subfield and Description) HTTP Tunneling Select this checkbox to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default. Traffic from trusted hosts is not scanned (see “Specifying Trusted Hosts” on page 6-37).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note that certain sites contain elements from different HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts: • trustedhostserver1.example.com • trustedhostserver2.example.com • imageserver.example.com To completely bypass the scanning of the https://example.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 6-11. Table 6-11. Trusted Hosts Settings Setting Description (or Subfield and Description) Do Not Intercept HTTPS Connections for the following Hosts Enable Select this checkbox to bypass scanning of trusted hosts that are listed in the Hosts field. Users do not receive a security alert for trusted hosts that are listed in the Host field.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To configure the FTP scan settings: 1. Select Application Security > FTP from the menu. The FTP screen displays. Figure 6-17 2. Enter the settings as explained in Table 6-12. Table 6-12. FTP Scan Settings Setting Description (or Subfield and Description) Action FTP Action From the FTP pull-down menu, specify one of the following actions when an infected FTP file or object is detected: • Delete file. This is the default setting.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 6-12. FTP Scan Settings (continued) Setting Description (or Subfield and Description) Scan Exception The default maximum file or object size that is scanned is 2048 KB, but you can define a maximum size of up to 10240 KB. However, setting the maximum size to a high value might affect the UTM's performance (see “Performance Management” on page 10-1).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To set Web access exception rules: 1. Select Application Security > Block/Accept Exceptions from the menu. The Block/Accept Exceptions screen displays. This screen shows the Exceptions table, which is empty if you have not specified any exception rules. (Figure 6-18 shows three exception rules in the Exceptions table as an example.) Figure 6-18 2. Under the Exceptions table, click the Add table button to specify an exception rule.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 6-13. Table 6-13. Add and Edit Block Scanning Exception Settings Setting Description (or Subfield and Description) Action From the pull-down menu, select the action that the UTM applies: • allow. The exception allows access to an application, Web category, or URL that is otherwise blocked. • block. The exception blocks access to an application, Web category, or URL that is otherwise allowed.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Modify the settings that you wish to change (see Table 6-13 on page 6-43). 3. Click Apply to save your changes. The modified exception rule is displayed in the Exceptions table. To delete or disable one or more exception rules: 1. Select the checkbox to the left of the rule that you want to delete or disable or click the Select All table button to select all rules. 2. Click one of the following table buttons: • Disable.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 6-20 2. In the Add Scanning Exclusions section of the screen, specify an exclusion rule as explained in Table 6-14. Table 6-14. Add Scanning Exclusion Settings Setting Description (or Subfield and Description) Client IP The client IP address and optional subnet mask that are excluded from all scanning. Destination IP The destination IP address and optional subnet mask that are excluded from all scanning.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6-46 Content Filtering and Optimizing Scans v1.
Chapter 7 Virtual Private Networking Using IPsec Connections This chapter describes how to use the IP security (IPsec) virtual private networking (VPN) features of the UTM to provide secure, encrypted communications between your local network and a remote network or computer. This chapter contains the following sections: • • • • • • • • “Considerations for Dual WAN Port Systems (Dual-WAN Port Models Only)” on this page. “Using the IPsec VPN Wizard for Client and Gateway Configurations” on page 7-3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual See “Virtual Private Networks (VPNs)” on page B-9 for more information about the IP addressing requirements for VPNs in the dual WAN modes. For information about how to select and configure a dynamic DNS service for resolving FQDNs, see “Configuring Dynamic DNS” on page 3-19. For information about WAN mode configuration, see “Configuring the WAN Mode (Required for Dual-WAN Port Models Only)” on page 3-9.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-1. IP Addressing for VPNs in Dual WAN Port Systems Configuration and WAN IP address Rollover Modea Load Balancing Mode VPN “Gateway-to-Gateway” Fixed FQDN required FQDN Allowed (optional) Dynamic FQDN required FQDN required Fixed FQDN required FQDN Allowed (optional) Dynamic FQDN required FQDN required VPN “Telecommuter” (client-to-gateway through a NAT router) a.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Creating Gateway-to-Gateway VPN Tunnels with the Wizard Figure 7-3 To set up a gateway-to-gateway VPN tunnel using the VPN Wizard. 1. Select VPN > IPsec VPN from the menu. The IPsec VPN submenu tabs appear, with the IKE Policies screen in view. 2. Click the VPN Wizard submenu tab. The VPN Wizard screen displays (see Figure 7-4 on page 7-5, which contains some examples for the dual-WAN port models).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-4 To view the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen. A popup window appears (see Figure 7-5 on page 7-6) displaying the wizard default values. After you have completed the wizard, you can modify these settings for the tunnel policy that you have set up. Virtual Private Networking Using IPsec Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-5 3. Select the radio buttons and complete the fields and as explained Table 7-2. Table 7-2. (IPsec) VPN Wizard Settings for a Gateway-to-Gateway Tunnel Setting Description (or Subfield and Description) About VPN Wizard This VPN tunnel will connect to the following peers Select the Gateway radio button. The local WAN port’s IP address or Internet name appears in the End Point Information section of the screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-2. (IPsec) VPN Wizard Settings for a Gateway-to-Gateway Tunnel (continued) Setting Description (or Subfield and Description) This VPN tunnel will use following local WAN Interface (dual-WAN port models only) For the dual-WAN port models only, select one of the two radio buttons (WAN1 or WAN2) to specify which local WAN interface the VPN tunnel uses as the local endpoint.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The IPsec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen. By default, the VPN policy is enabled. Figure 7-6 5. Configure a VPN policy on the remote gateway that allows connection to the UTM. 6. Activate the IPsec VPN connection: a. Select Monitoring > Active Users & VPNs from the menu.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: When using FQDNs, if the dynamic DNS service is slow to update their servers when your DHCP WAN address changes, the VPN tunnel will fail because the FQDNs do not resolve to your new address. If you have the option to configure the update interval, set it to an appropriately short time.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-9 To display the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen. A popup window appears (see Figure 7-5 on page 7-6), displaying the wizard default values. After you have completed the wizard, you can modify these settings for the tunnel policy that you have set up. 7-10 Virtual Private Networking Using IPsec Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Select the radio buttons and complete the fields and as explained Table 7-3. Table 7-3. (IPsec) VPN Wizard Settings for a Client-to-Gateway Tunnel Setting Description (or Subfield and Description) About VPN Wizard This VPN tunnel will connect to the following peers Select the VPN Client radio button. The default remote FQDN (utm_remote.com) and the default local FQDN (utm_local.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The IPsec VPN policy is now added to the List of VPN Policies table on the VPN Policies screen. By default, the VPN policy is enabled. Figure 7-10 Note: When using FQDNs, if the dynamic DNS service is slow to update their servers when your DHCP WAN address changes, the VPN tunnel will fail because the FQDNs do not resolve to your new address.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-11 2. In the upper left of the Policy Editor window, click the New Connection icon (the first icon on the left) to open a new connection. Give the new connection a name; in this example, we are using UTM_SJ. Figure 7-12 Virtual Private Networking Using IPsec Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 7-4. Table 7-4. Security Policy Editor: Remote Party Settings Setting Description (or Subfield and Description) Connection Security Select the Secure radio button. If you want to connect manually only, select the Only Connect Manually checkbox. ID Type From the pull-down menu, select IP Subnet.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. In the left frame, click My Identity. The screen adjusts. Figure 7-13 6. Enter the settings as explained in Table 7-5. Table 7-5. Security Policy Editor: My Identity Settings Setting Description (or Subfield and Description) Select Certificate From the pull-down menu, select None. The Pre-Shared Key window appears.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-5. Security Policy Editor: My Identity Settings (continued) Setting Description (or Subfield and Description) ID Type From the pull-down menu, select Domain Name. Then, below, enter the remote FQDN that you entered on the UTM’s VPN Wizard screen (see Figure 7-9 on page 7-10). In this example, the domain name is utm_remote.com.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 9. Enter the settings as explained in Table 7-6. Table 7-6. Security Policy Editor: Security Policy Settings Setting Description (or Subfield and Description) Select Phase 1 Negotiation Select the Aggressive Mode radio button. Mode Enable Perfect Forward Secrecy (PFS) Select the Enable Perfect Forward Secrecy (PFS) checkbox. From the pull-down menu below, select Diffie-Hellman Group 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-15 In the example that is shown in Figure 7-15, you should receive the message “Successfully connected to My Connections\UTM_SJ” within 30 seconds.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-16 • Right-click the VPN Client icon in the system tray and select Connection Monitor. Figure 7-17 Virtual Private Networking Using IPsec Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The VPN client system tray icon provides a variety of status indications, which are listed below. Table 7-7. Status Indications for the VPN Client System Tray Icon System Tray Icon Status The client policy is deactivated. The client policy is deactivated but not connected. The client policy is activated and connected. A flashing vertical bar indicates traffic on the tunnel.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Active IPsec SAs table lists each active connection with the information that is described in Table 7-8. The default poll interval is 5 seconds. To change the poll interval period, enter a new value in the Poll Interval field, and then click set interval. To stop polling, click stop. Table 7-8.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-19 Managing IPsec VPN Policies After you have used the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name that you selected as the VPN tunnel connection name during the VPN Wizard setup identifies both the VPN policy and IKE policy. You can edit existing policies, or manually add new VPN and IKE policies directly in the policy tables.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Managing IKE Policies The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways, and provides automatic management of the keys that are used for IPsec connections. It is important to remember that: • • An automatically generated VPN policy (“Auto Policy”) must use the IKE negotiation protocol. A manually generated VPN policies (“Manual Policy”) cannot use the IKE negotiation protocol.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 7-20 Each policy contains the data that are explained in Table 7-9 These fields are explained in more detail in Table 7-10 on page 7-27. Table 7-9. List of IKE Policies Information Item Description (or Subfield and Description) Name The name that identifies the IKE policy.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To add or edit an IKE policy, see “Manually Adding or Editing an IKE Policy on this page. Note: You cannot delete or edit an IKE policy for which the VPN policy is active. You first must disable or delete the VPN policy before you can delete or edit the IKE policy. Note: To gain a more complete understanding of the encryption, authentication and DH algorithm technologies, see the link to “Virtual Private Networking Basics” in Appendix E.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 7-21 7-26 Virtual Private Networking Using IPsec Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-10. Table 7-10. Add IKE Policy Settings Item Description (or Subfield and Description) Mode Config Record Do you want to use Mode Config Record? Specify whether or not the IKE policy uses a Mode Config Record. For information about how to define a Mode Config Record, see “Mode Config Operation” on page 7-43.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-10. Add IKE Policy Settings (continued) Item Description (or Subfield and Description) Local Select Local Gateway (dual-WAN port models only) For the dual-WAN port models only, select a radio button to specify the WAN1 or WAN2 interface. Identifier Type From the pull-down menu, select one of the following ISAKMP identifiers to be used by the UTM, and then specify the identifier in the field below: • Local WAN IP.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-10. Add IKE Policy Settings (continued) Item Description (or Subfield and Description) Authentication Algorithm From the pull-down menu, select one of the following two algorithms to use in the VPN header for the authentication process: • SHA-1. Hash algorithm that produces a 160-bit digest. This is the default setting. • MD5. Hash algorithm that produces a 128-bit digest.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-10. Add IKE Policy Settings (continued) Item Description (or Subfield and Description) Extended Authentication XAUTH Configuration Note: For more information about XAUTH and its authentication modes, see “Configuring XAUTH for VPN Clients” on page 7-39.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Managing VPN Policies You can create two types of VPN policies. When you use the VPN Wizard to create a VPN policy, only the Auto method is available. • Manual. You manually enter all settings (including the keys) for the VPN tunnel on the UTM and on the remote VPN endpoint. No third party server or organization is involved.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the VPN Policies submenu tab. The VPN Policies screen displays. (Figure 7-22 shows some examples.) Figure 7-22 Each policy contains the data that are explained in Table 7-11. These fields are explained in more detail in Table 7-12 on page 7-35. Table 7-11.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To delete one or more VPN polices: 1. Select the checkbox to the left of the policy that you want to delete or click the Select All table button to select all VPN policies. 2. Click the Delete table button. To enable or disable one ore more VPN policies: 1. Select the checkbox to the left of the policy that you want to delete or click the Select All table button to select all IKE Policies. 2. Click the Enable or Disable table button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 7-23 7-34 Virtual Private Networking Using IPsec Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Complete the fields, select the radio buttons and checkboxes, and make your selections from the pull-down menus as explained Table 7-12. Table 7-12. Add VPN Policy Settings Item Description (or Subfield and Description) General Policy Name A descriptive name of the VPN policy for identification and management purposes. Note: The name is not supplied to the remote VPN endpoint.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-12. Add VPN Policy Settings (continued) Item Description (or Subfield and Description) Traffic Selection Local IP From the pull-down menu, select the address or addresses that are part of the VPN tunnel on the UTM: • Any. All PCs and devices on the network. Note: You cannot select Any for both the UTM and the remote endpoint. • Single. A single IP address on the network. Enter the IP address in the Start IP Address field.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-12. Add VPN Policy Settings (continued) Item Description (or Subfield and Description) Integrity Algorithm From the pull-down menu, select one of the following two algorithms to be used in the VPN header for the authentication process: • SHA-1. Hash algorithm that produces a 160-bit digest. This is the default setting. • MD5. Hash algorithm that produces a 128-bit digest. Key-In The integrity key for the inbound policy.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-12. Add VPN Policy Settings (continued) Item Description (or Subfield and Description) PFS Key Group Select this checkbox to enable Perfect Forward Secrecy (PFS), and then select a Diffie-Hellman (DH) group from the pull-down menu. The DH Group sets the strength of the algorithm in bits. The higher the group, the more secure the exchange. From the pull-down menu, select one of the following three strengths: • Group 1 (768 bit).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are available: • Edge Device. The UTM is used as a VPN concentrator on which one or more gateway tunnels terminate. You must specify the authentication type that must be used during verification of the credentials of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUSCHAP. • IPsec Host.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-13. Table 7-13. Extended Authentication Settings Item Description (or Subfield and Description) Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and–if enabled–which device is used to verify user account information: • None. XAUTH is disabled.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual server in the network when a user requests access to network resources. During the establishment of a VPN connection, the VPN gateway can interrupt the process with an XAUTH request. At that point, the remote user must provide authentication information such as a user name and password or some encrypted response using his user name and password information.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Complete the fields and select the radio buttons as explained Table 7-14. Table 7-14. RADIUS Client Settings Item Description (or Subfield and Description) Primary RADIUS Server Select the Yes radio button to enable and configure the primary RADIUS server, and then enter the settings for the three fields below. The default setting is that the No radio button is selected.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: You select the RADIUS authentication protocol (PAP or CHAP) on the Edit IKE Policy screen or Add IKE Policy screen (see “Configuring XAUTH for VPN Clients” on page 7-39).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Mode Config submenu tab. The Mode Config screen displays. Figure 7-25 As an example, the screen shows two Mode Config records with the names EMEA Sales and NA Sales: • For EMEA Sales, a first pool (172.169.100.1 through 172.169.100.99) and second pool (182.183.200.1 through 172.183.200.99) are shown. • For NA Sales, a first pool (172.173.100.50 through 172.173.100.90), a second pool (182.185.210.1 through 182.185.210.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 7-26 4. Complete the fields, select the checkbox, and make your selections from the pull-down menus as explained Table 7-15. Table 7-15. Add Mode Config Record Settings Item Description (or Subfield and Description) Client Pool Record Name A descriptive name of the Mode Config record for identification and management purposes.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-15. Add Mode Config Record Settings (continued) Item Description (or Subfield and Description) WINS Server If there is a WINS server on the local network, enter its IP address in the Primary field. You can enter the IP address of a second WINS server in the Secondary field. DNS Server Enter the IP address of the DNS server that is used by remote VPN clients in the Primary field.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. Click Apply to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedure by configuring an IKE policy. 6. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear with the IKE Policies screen in view (see Figure 7-20 on page 7-24). 7. Under the List of IKE Policies table, click the Add table button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 8. On the Add IKE Policy screen, complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-16. Note: The settings that are explained in Table 7-16 are specifically for a Mode Config configuration. Table 7-10 on page 7-27 explains the general IKE policy settings. Table 7-16.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-16. Add IKE Policy Settings for a Mode Config Configuration (continued) Item Description (or Subfield and Description) Remote Identifier Type From the pull-down menu, select FQDN. Note: Mode Config requires that the remote end is defined by a FQDN. Identifier Enter the FQDN for the remote end. This must be a FQDN that is not used in any other IKE policy. In this example, we are using utm25_remote.com.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-16. Add IKE Policy Settings for a Mode Config Configuration (continued) Item Description (or Subfield and Description) Extended Authentication XAUTH Configuration Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and–if enabled–which device is used to Note: For more verify user account information: information about • None. XAUTH is disabled. This the default setting.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. In the upper left of the Policy Editor window, click the New Connection icon (the first icon on the left) to open a new connection. Give the new connection a name; in this example, we are using ModeConfigTest. Figure 7-28 3. Enter the settings as explained in Table 7-17. Table 7-17.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-17. Security Policy Editor: Remote Party, Mode Config Settings (continued) Setting Description (or Subfield and Description) Use Select the Use checkbox. Then, from the pull-down menu, select Secure Gateway Tunnel. ID Type Left pull-down menu From the left pull-down menu, select Domain Name. Then, below, enter the local FQDN that you specified in the UTM’s Mode Config IKE policy. In this example, we are using utm25_local.com.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 5. In the left frame, click My Identity. The screen adjusts. Figure 7-29 6. Enter the settings as explained in Table 7-18. Table 7-18. Security Policy Editor: My Identity, Mode Config Settings Setting Description (or Subfield and Description) Select Certificate From the pull-down menu, select None. The Pre-Shared Key window appears.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 7-18. Security Policy Editor: My Identity, Mode Config Settings (continued) Setting Description (or Subfield and Description) ID Type From the pull-down menu, select Domain Name. Then, below, enter the remote FQDN that you specified in the UTM’s Mode Config IKE policy. In this example, we are using utm25_remote.com. Secure Interface Configuration Select Preferred from the Virtual Adapter pull-down menu.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 9. Enter the settings as explained in Table 7-19. Table 7-19. Security Policy Editor: Security Policy, Mode Config Settings Setting Description (or Subfield and Description) Select Phase 1 Negotiation Select the Aggressive Mode radio button. Mode Enable Perfect Forward Secrecy (PFS) Select the Enable Perfect Forward Secrecy (PFS) checkbox. From the pull-down menu below, select Diffie-Hellman Group 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Keepalives The Keepalive feature maintains the IPSec SA by sending periodic ping requests to a host across the tunnel and monitoring the replies. To configure the Keepalive feature on a configured VPN policy: 1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear with the IKE Policies screen in view. 2. Click the VPN Policies submenu tab. The VPN Policies screen displays (see Figure 7-22 on page 7-32). 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Enter the settings as explained in Table 7-20. Table 7-20. Keepalive Settings Item Description (or Subfield and Description) General Enable Keepalive Select the Yes radio button to enable the Keepalive feature. Periodically, the UTM sends ping packets to the remote endpoint to keep the tunnel alive. You must enter the ping IP address, detection period, and the maximum number of times that the UTM attempts to reconnect (see below).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. In the IKE SA Parameters section of the screen, locate the DPD fields. Figure 7-32 4. Select the radio button and complete the fields as explained Table 7-21. Table 7-21. Dead Peer Detection Settings Item Description (or Subfield and Description) IKE SA Parameters Enable Dead Peer Detection Select the Yes radio button to enable DPD.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring NetBIOS Bridging with IPsec VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for several basic network services such as naming and neighborhood device discovery. Because VPN routers do not normally pass NetBIOS traffic, these network services do not function for hosts on opposite ends of a VPN connection. To solve this problem, you can configure the UTM to bridge NetBIOS traffic over the VPN tunnel.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 7-60 Virtual Private Networking Using IPsec Connections v1.
Chapter 8 Virtual Private Networking Using SSL Connections The UTM provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, the UTM can authenticate itself to an SSL-enabled client, such as a standard Web browser.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • SSL Port Forwarding. Like an SSL VPN tunnel, port forwarding is a Web-based client that installs transparently and then creates a virtual, encrypted tunnel to the remote network. However, port forwarding differs from an SSL VPN tunnel in several ways: – Port forwarding supports only TCP connections, not UDP connections or connection using other IP protocols.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The following sections explain the five configuration screens of the SSL VPN Wizard. On the sixth screen, you can save your SSL VPN policy. The tables in the following sections explain the buttons and fields of the SSL VPN Wizard screens.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: If you leave the Portal Layout Name field blank, the SSL VPN Wizard uses the default portal layout SSL-VPN. You must enter a name other than SSL VPN in the Portal Layout Name field so the SSL VPN Wizard can create a new portal layout. Do not enter an existing portal layout name in the in the Portal Layout Name field, otherwise the SSL VPN Wizard will fail (although the UTM will not reboot in this situation).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-1. SSL VPN Wizard Step 1: Portal Settings (continued) Item Description (or Subfield and Description) HTTP meta tags for cache control (recommended) Select this checkbox to apply HTTP meta tag cache control directives to this portal layout.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note that Figure 8-3 contains some examples. Enter the settings as explained in Table 8-2, then click Next to go the following screen. Note: If you leave the Domain Name field blank, the SSL VPN Wizard uses the default domain name geardomain. You must enter a name other than geardomain in the Domain Name field so the SSL VPN Wizard can create a new domain.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-2. SSL VPN Wizard Step 2: Domain Settings (continued) Setting Description (or Subfield and Description) Portal The portal that you selected on the first SSL VPN Wizard screen.You cannot change the portal on this screen; the portal is displayed for information only.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: After you have completed the steps in the SSL VPN Wizard, you can make changes to the user settings by selecting Users > Users. For more information about user settings, see “Configuring User Accounts” on page 9-9. Table 8-3. SSL VPN Wizard Step 3: User Settings Setting Description (or Subfield and Description) User Name A descriptive (alphanumeric) name of the user for identification and management purposes.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual SSL VPN Wizard Step 4 of 6: Client IP Address Range and Routes Figure 8-5 Note that Figure 8-5 contains some examples. Enter the settings as explained in Table 8-4 on page 8-10, then click Next to go the following screen. Note: Do not enter an existing route for a VPN tunnel client in the Destination Network and Subnet Mask fields, otherwise the SSL VPN Wizard will fail and the UTM will reboot to recover its configuration.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-4. SSL VPN Wizard Step 4: Client IP Address Range and Routes Settings Item Description (or Subfield and Description) Client IP Address Range Enable Full Tunnel Support Select this checkbox to enable full tunnel support. If you leave this checkbox deselected (which is the default setting), split tunnel support is enabled, and you must add a client route by completing the Destination Network and Subnet Mask fields.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual SSL VPN Wizard Step 5 of 6: Port Forwarding Figure 8-6 Note that Figure 8-6 contains some examples. Enter the settings as explained in Table 8-5, then click Next to go the following screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-5. SSL VPN Wizard Step 5: Port Forwarding Settings (continued) Item Description (or Subfield and Description) TCP Port NumberAction The TCP port number of the application that is accessed through the SSL VPN tunnel. Below are some commonly used TCP applications and port numbers.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual SSL VPN Wizard Step 6 of 6: Verify and Save Your Settings Figure 8-7 Virtual Private Networking Using SSL Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Verify your settings; if you need to make any changes, click the Back action button (if needed several times) to return to the screen on which you want to make changes. Click Apply to save your settings. If the settings are accepted by the UTM, a message “Operation Succeeded” appears at the top of the screen, and the “Welcome to the Netgear Configuration Wizard” screen displays again (see Figure 8-1 on page 8-2).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 8-8 4. Enter the user name and password that you just created with the help of the SSL VPN Wizard 5. Click Login. The default User Portal screen displays. Figure 8-9 Virtual Private Networking Using SSL Connections v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The default User Portal screen displays a simple menu that provides the SSL user with the following menu selections: • VPN Tunnel. Provides full network connectivity. • Port Forwarding. Provides access to the network services that you defined in “SSL VPN Wizard Step 5 of 6: Port Forwarding” on page 8-11. Change Password. Allows the user to change their password. Support. Provides access to the NETGEAR Web site.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. From the Log Type pull-down menu, select SSL VPN. The SSL VPN logs display. Figure 8-11 Manually Configuring and Editing SSL Connections To manually configure and activate SSL connections, perform the following six basic steps in the order that they are presented: 1. Edit the existing SSL portal or create a new one (see “Creating the Portal Layout” on page 8-18).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can define global policies, group policies, or individual policies. Because you must assign an authentication domain when creating a group, the group is created after you have created the domain. c. Create one or more SSL VPN user accounts.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Portal layouts are applied by selecting one from the available portal layouts in the configuration of a domain. When you have completed your portal layout, you can apply the portal layout to one or more authentication domains (see “Configuring Domains” on page 9-2). You can also make the new portal the default portal for the SSL VPN gateway by selecting the default radio button adjacent to the portal layout name.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The List of Layouts table displays the following fields: • Layout Name. The descriptive name of the portal. • Description. The banner message that is displayed at the top of the portal (see Figure 8-8 on page 8-15). Use Count. The number of remote users that are currently using the portal. Portal URL. The URL at which the portal can be accessed. Action. The table buttons that allow you to edit or delete the portal layout. • • • 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Complete the fields and select the checkboxes as explained Table 8-6. Table 8-6. Add Portal Layout Settings Item Description (or Subfield and Description) Portal Layout and Theme Name Portal Layout Name A descriptive name for the portal layout. This name is part of the path of the SSL VPN portal URL. Note: Custom portals are accessed at a different URL than the default portal.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-6. Add Portal Layout Settings (continued) Item Description (or Subfield and Description) ActiveX web cache cleaner Select this checkbox to enable ActiveX cache control to be loaded when users log in to the SSL VPN portal. The Web cache cleaner prompts the user to delete all temporary Internet files, cookies, and browser history when the user logs out or closes the Web browser window.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Adding Servers and Port Numbers To configure port forwarding, you must define the IP addresses of the internal servers and the port number for TCP applications that are available to remote users. To add a server and a port number: 1. Select VPN > SSL VPN from the menu. The SSL VPN s submenu tabs appear, with the Policies screen in view. 2. Click the Port Forwarding submenu tab. The Port Forwarding screen displays.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-7. Port Forwarding Applications/TCP Port Numbers TCP Application Port Number FTP Data (usually not needed) 20 FTP Control Protocol 21 SSH 22a Telnet 23a SMTP (send mail) 25 HTTP (web) 80 POP3 (receive mail) 110 NTP (network time protocol) 123 Citrix 1494 Terminal Services 3389 VNC (virtual network computing) 5900 or 5800 a. Users can specify the port number together with the host name or IP address. 4.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. In the Add New Host Name for Port Forwarding section of the screen, specify information in the following fields: • Local Server IP Address. The IP address of an internal server or host computer that you want to name. • Fully Qualified Domain Name. The full server name.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • If you enable split tunnel support and you assign an entirely different subnet to the VPN tunnel clients than the subnet that is used by the local network, you must add a client route to ensure that a VPN tunnel client connects to the local network over the VPN tunnel. Configuring the Client IP Address Range First determine the address range to be assigned to VPN tunnel clients, then define the address range.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Select the checkbox and complete the fields as explained Table 8-8. Table 8-8. Client IP Address Range Settings Item Description (or Subfield and Description) Client IP Address Range Enable Full Tunnel Support Select this checkbox to enable full tunnel support.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To add an SSL VPN tunnel client route: 1. Select VPN > SSL VPN from the menu. The SSL VPN s submenu tabs appear, with the Policies screen in view. 2. Click the SSL VPN Client submenu tab. The SSL VPN Client screen displays (see Figure 815 on page 8-26). 3. In the Add Routes for VPN Tunnel Clients section of the screen, specify information in the following fields: • Destination Network.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Adding New Network Resources To define a network resource: 1. Select VPN > SSL VPN from the menu. The SSL VPN s submenu tabs appear, with the Policies screen in view. 2. Click the Resources submenu tab. The Resources screen displays. ( Figure 8-16 shows some resources in the List of Resource(s) table as an example.) Figure 8-16 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Editing Network Resources to Specify Addresses 1. Select VPN > SSL VPN from the menu. The SSL VPN s submenu tabs appear, with the Policies screen in view. 2. Click the Resources submenu tab. The Resources screen displays (see Figure 8-16 on page 8-29, which shows some examples). 3. In the List of Resources table, to the right of the new resource in the Action column, click the Edit table button. A new screen displays.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-9. Add Resource Addresses Settings (continued) Item Description (or Subfield and Description) Object Type From the pull-down menu, select one of the following options: • IP Address. The object is an IP address. You must enter the IP address or the FQDN in the IP Address / Name field. • IP Network.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual For example, a policy that is configured for a single IP address takes precedence over a policy that is configured for a range of addresses. And a policy that applies to a range of IP addresses takes precedence over a policy that is applied to all IP addresses. If two or more IP address ranges are configured, then the smallest address range takes precedence. Host names are treated the same as individual IP addresses.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 8-18 2. Make your selection from the following Query options: • Click Global to view all global policies. • Click Group to view group policies, and choose the relevant group’s name from the pulldown menu. Click User to view group policies, and choose the relevant user’s name from the pulldown menu. • 3. Click the Display action button. The List of SSL VPN Policies table displays the list for your selected Query option.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual . Figure 8-19 3. Select the radio buttons, complete the fields, and make your selection from the pull-down menus as explained Table 8-10. Table 8-10. Add Policy Settings Item Description (or Subfield and Description) Policy For Select one of the following radio buttons to specify the type of SSL VPN policy: • Global. The new policy is global and excludes all groups and users. • Group. The new policy must be limited to a single group.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-10. Add Policy Settings (continued) Item Description (or Subfield and Description) Add SSL VPN Policies Apply Policy For Select one of the following radio buttons to specify how the policy is applied: • Network Resource. The policy is applied to a network resource that you have defined on the Resources screen (see “Using Network Resource Objects to Simplify Policies” on page 8-28).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 8-10. Add Policy Settings (continued) Item Description (or Subfield and Description) Apply IP Network Policy For (continued) Policy Name A descriptive name of the SSL VPN policy for identification and management purposes. IP Address The network IP address to which the SSL VPN policy is applied. Subnet Mask The network subnet mask to which the SSL VPN policy is applied.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The policy is added to the List of SSL VPN Policies table on the Policies screen. The new policy goes into effect immediately. Note: In addition to configuring SSL VPN user policies, ensure that HTTPS remote management is enabled (see “Configuring Remote Management Access” on page 10-12). If it not enabled, all SSL VPN user connections are disabled.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 8-38 Virtual Private Networking Using SSL Connections v1.
Chapter 9 Managing Users, Authentication, and Certificates This chapter describes how to manage users, authentication, and security certificates for IPsec VPN and SSL VPN. This chapter contains the following sections: • • “Configuring VPN Authentication Domains, Groups, and Users” on this page. “Managing Digital Certificates” on page 9-17. Configuring VPN Authentication Domains, Groups, and Users Users are assigned to a group, and a group is assigned to a domain.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Domains The domain determines the authentication method to be used for associated users. For SSL connections, the domain also determines the portal layout that is presented, which in turn determines the network resources to which the associated users have access. The default domain of the UTM is named geardomain. You cannot delete the default domain.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-1.Authentication Protocols and Methods Authentication Description (or Subfield and Description) Protocol or Method LDAP A network-validated domain-based authentication method that functions with a Lightweight Directory Access Protocol (LDAP) authentication server. LDAP is a standard for querying and updating a directory.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Under the List of Domains table, click the Add table button. The Add Domain screen displays. Figure 9-2 3. Enter the settings as explained in Table 9-2. Table 9-2. Add Domain Settings Setting Description (or Subfield and Description) DOMAIN NAME A descriptive (alphanumeric) name of the domain for identification and management purposes.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-2. Add Domain Settings (continued) Setting Description (or Subfield and Description) Authentication Type (continued)( • WIKID-CHAP. WIKID Systems CHAP. Complete the Authentication Server and Authentication Secret fields. • MIAS-PAP. Microsoft Internet Authentication Service (MIAS) PAP. Complete the Authentication Server and Authentication Secret fields. • MIAS-CHAP. Microsoft Internet Authentication Service (MIAS) CHAP.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 6. If you change local authentication, click Apply in the Domain screen to save your settings. To delete one or more domains: 1. In the List of Domains table, select the checkbox to the left of the domain that you want to delete or click the Select All table button to select all domains. You cannot delete a default domain. 2. Click the Delete table button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Creating and Deleting Groups To create a VPN group: 1. Select Users > Groups from the menu. The Groups screen displays. Figure 9-3 shows the UTM’s default group—geardomain—and, as an example, several other groups in the List of Groups table. Figure 9-3 The List of Groups table displays the VPN groups with the following fields: • Checkbox. Allows you to select the group in the table. • Name. The name of the group.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-3. (VPN) Group Settings Setting Description (or Subfield and Description) Name A descriptive (alphanumeric) name of the group for identification and management purposes. Domain The pull-down menu shows the domains that are listed on the Domain screen. From the pull-down menu, select the domain with which the group is associated. For information about how to configure domains, see “Configuring Domains” on page 9-2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 9-4 3. Modify the idle timeout period in minutes in the Idle Timeout field. For a group that is associated with a domain that uses the LDAP authentication method, configure the LDAP attributes (in fields 1 through 4) as needed. 4. Click Apply to save your changes. The modified group is displayed in the List of Groups table. Configuring User Accounts When you create a user account, you must assign the user to a user group.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To create an individual user account: 1. Select Users > Users from the menu. The Users screen displays. Figure 9-5 shows the UTM’s default users—admin and guest—and, as an example, several other users in the List of Users table. Figure 9-5 The List of Users table displays the users with the following fields: • Checkbox. Allows you to select the user in the table. • Name. The name of the user.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 9-6 3. Enter the settings as explained in Table 9-4. Table 9-4. Add User Settings Setting Description (or Subfield and Description) User Name A descriptive (alphanumeric) name of the user for identification and management purposes. User Type From the pull-down menu, select one of the pre-defined user types that determines the access credentials: • Administrator.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your settings. The user is added to the List of Users table. To delete one or more users: 1. In the List of Users table, select the checkbox to the left of the user that you want to delete or click the Select All table button to select all users. You cannot delete a default user. 2. Click the Delete table button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: For security reasons, the Deny Login from WAN Interface checkbox is selected by default for guests and administrators. The Disable Login checkbox is disabled (masked out) for administrators. 4. Click Apply to save your settings. Configuring Login Restrictions Based on IP Address To restrict logging in based on IP address: 1. Select Users > Users from the menu. The Users screen displays (see Figure 9-5 on page 9-10). 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. In the Defined Addresses Status section of the screen, select one of the following radio buttons: • Deny Login from Defined Addresses. Deny logging in from the IP addresses in the Defined Addresses table. • Allow Login only from Defined Addresses. Allow logging in from the IP addresses in the Defined Addresses table. 5. Click Apply to save your settings. 6.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Click the by Client Browser submenu tab. The by Client Browser screen displays. Figure 9-9 shows a browser in the Defined Browsers table as an example. Figure 9-9 4. In the Defined Browsers Status section of the screen, select one of the following radio buttons: • Deny Login from Defined Browsers. Deny logging in from the browsers in the Defined Browsers table. • Allow Login only from Defined Browsers.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 7. Click the Add table button. The browser is added to the Defined Browsers table. 8. Repeat step 6 and step 7 for any other browsers that you want to add to the Defined Browsers table. To delete one or more browsers: 1. In the Defined Browsers table, select the checkbox to the left of the browser that you want to delete or click the Select All table button to select all browsers. 2. Click the Delete table button.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Enter the settings as explained in Table 9-6. Table 9-6. Edit User Settings Setting Description (or Subfield and Description) User Type From the pull-down menu, select one of the pre-defined user types that determines the access credentials: • Administrator. User who has full access and the capacity to change the UTM configuration (that is, read/write access). • SSL VPN User. User who can only log in to the SSL VPN portal.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual On the UTM, the uploaded digital certificate is checked for validity and purpose. The digital certificate is accepted when it passes the validity test and the purpose matches its use. The check for the purpose must correspond to its use for IPsec VPN, SSL VPN, or both.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Certificates screen contains four tables that are explained in detail in the following sections: • Trusted Certificates (CA Certificate) table. Contains the trusted digital certificates that were issued by CAs and that you uploaded (see “Managing CA Certificates” on this page). • Active Self Certificates table.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Trusted Certificates (CA Certificates) table lists the digital certificates of CAs and contains the following fields: • • • CA Identity (Subject Name). The organization or person to whom the digital certificate is issued. Issuer Name. The name of the CA that issued the digital certificate. Expiry Time. The date after which the digital certificate becomes invalid. To upload a digital certificate of a trusted CA on the UTM: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual When a security alert is generated, the user can decide whether or not to trust the host. Figure 9-12 Generating a CSR and Obtaining a Self Certificate from a CA To use a self certificate, you must first request the digital certificate from a CA, and then download and activate the digital certificate on the UTM. To request a self certificate from a CA, you must generate a Certificate Signing Request (CSR) for and on the UTM.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 9-13 [Certificates, screen 2 of 3] 2. In the Generate Self Certificate Request section of the screen, enter the settings as explained in Table 9-7. Table 9-7. Generate Self Certificate Request Settings 9-22 Setting Description (or Subfield and Description) Name A descriptive name of the domain for identification and management purposes. Subject The name that other organizations see as the holder (owner) of the certificate.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 9-7. Generate Self Certificate Request Settings (continued) Setting Description (or Subfield and Description) Hash Algorithm From the pull-down menu, select one of the following hash algorithms: • MD5. A 128 bit (16 byte) message digest, slightly faster than SHA-1. • SHA-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 9-14 5. Copy the contents of the Data to supply to CA text box into a text file, including all of the data contained from “----BEGIN CERTIFICATE REQUEST---” to “---END CERTIFICATE REQUEST---”. 6. Submit your SCR to a CA: a. Connect to the website of the CA. b. Start the SCR procedure. c.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 10. Click Browse and navigate to the digital certificate file from the CA that you just stored on your computer. 11. Click the Upload table button. If the verification process on the UTM approves the digital certificate for validity and purpose, the digital certificate is added to the Active Self Certificates table. To delete one or more SCRs: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To view the currently-loaded CRLs and upload a new CRL: 1. Select VPN > Certificates from the menu. The Certificates screen displays. Figure 9-15 shows the bottom section of the screen with Certificate Revocation Lists (CRL) table. There are no examples in the table (that is, the table is empty).
Chapter 10 Network and System Management This chapter describes the tools for managing the network traffic to optimize its performance and the system management features of the UTM. This chapter contains the following sections: • • “Performance Management” on this page. “System Management” on page 10-9.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Auto-rollover mode (dual-WAN port models only): 1.5 Mbps (one active WAN port at 1.5 Mbps) • Single-WAN port mode (single-WAN port models and dual-WAN port models): 1.5 Mbps (one active WAN port at 1.5 Mbps) As a result, and depending on the traffic that is being carried, the WAN side of the UTM is the limiting factor to throughput for most installations.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • ALLOW by schedule, otherwise block The section below summarizes the various criteria that you can apply to outbound rules in order to reduce traffic. For more information about outbound rules, see “Outbound Rules (Service Blocking)” on page 5-4. For detailed procedures on how to configure outbound rules, see “Setting LAN WAN Rules” on page 5-12 and “Setting DMZ WAN Rules” on page 5-15.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • QoS Profile. You can define QoS profiles and then apply them to outbound rules to regulate the priority of traffic. To define QoS profiles, see “Creating Quality of Service (QoS) Profiles” on page 5-35. • Bandwidth Profile. You can define bandwidth profiles and then apply them to outbound rules to limit traffic. To define bandwidth profiles, see “Creating Bandwidth Profiles” on page 5-38.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual – URL blocking. You can specify up to 200 URLs that are blocked by the UTM. For more information, see “Configuring Web URL Filtering” on page 6-30. – Web services blocking. You can block Web services such as instant messaging and peerto-peer services. For more information, see “Customizing Web Protocol Scan Settings and Services” on page 6-19. – Web object blocking.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding) The LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for inbound traffic (from WAN to LAN and from WAN to the DMZ). If you have not defined any rules, only the default rule is listed. The default rule blocks all access from outside except responses to requests from the LAN side.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual – – • Address range. The rule is applied to a range of addresses. Groups. The rule is applied to a group of PCs. (You can configure groups for LAN WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs and Devices table is an automatically-maintained list of all known PCs and network devices and is generally referred to as the Network Database, which is described in “Managing the Network Database” on page 4-13.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual e-mail server) and provide public access to them. The fourth LAN port on the UTM (the rightmost LAN port) can be dedicated as a hardware DMZ port to safely provide services to the Internet without compromising security on your LAN. By default, the DMZ port and both inbound and outbound DMZ traffic are disabled. Enabling the DMZ port and allowing traffic to and from the DMZ increases the traffic through the WAN ports.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual For more information about QoS profiles, see “Creating Quality of Service (QoS) Profiles” on page 5-35. Assigning Bandwidth Profiles By applying a QoS profile, the WAN bandwidth does not change. You change the WAN bandwidth that is assigned to a service or application by applying a bandwidth profile.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To modify the administrator user account settings, including the password: 1. Select Users > Users from the menu. The Users screen displays. Figure 10-1 shows the UTM’s default users—admin and guest—and, as an example, several other users in the List of Users table. Figure 10-1 2. In the Action column of the List of Users table, click the Edit table button for the user with the name admin. The Edit User screen displays.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. Select the Check to Edit Password checkbox. The password fields become active. 4. Enter the old password, enter the new password, and then confirm the new password. Note: The ideal password should contain no dictionary words from any language, and should be a mixture of letters (both upper and lower case), numbers, and symbols. Your password can be up to 30 characters. 5.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Remote Management Access An administrator can configure, upgrade, and check the status of the UTM over the Internet via a Secure Sockets Layer (SSL) VPN connection. Note: When remote management is enabled and administrative access through a WAN interface is granted (see “Configuring Login Policies” on page 9-12), the UTM’s Web Management Interface is accessible to anyone who knows its IP address and default password.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 4. Click Apply to save your changes. When remote management is enabled, you must use an SSL connection to access the UTM from the Internet. You must enter https:// (not http://) and type the UTM’s WAN IP address in your browser .For example, if the UTM’s WAN IP address is 172.16.0.123, type the following in your browser: https://172.16.0.123. The UTM’s remote login URL is: https:// or https://
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using an SNMP Manager Simple Network Management Protocol (SNMP) forms part of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 10-1. Table 10-1. SNMP Settings Setting Description (or Subfield and Description) Settings Do You Want to Enable SNMP? Select one of the following radio buttons: • Yes. Enable SNMP. • No. Disable SNMP. This is the default setting. Read Community The community string to allow an SNMP manager access to the MIB objects of the UTM for the purpose of reading only. The default setting is public.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Backup & Restore Settings screen lets you: • • • back up and save a copy of the current settings restore saved settings from the backed-up file revert to the factory default settings. To display the Backup & Restore Settings screen, select Administration > Backup & Restore Settings from the menu. Figure 10-5 Backup Settings The backup feature saves all UTM settings to a file. These settings include: • • • • Network settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Select Save file, and then click OK. 3. Open the folder where you have saved the backup file, and then verify that it has been saved successfully. Note the following: • If your browser is not configured to save downloaded files automatically, locate the folder in which you want to save the file, specify the file name, and save the file.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Reverting to Factory Default Settings To reset the UTM to the original factory default settings, you can use one of the following two methods: • Using a sharp object, press and hold the Reset button on the rear panel of the UTM (see “Rear Panel” on page 1-12) for about eight seconds until the Test LED turns on and begins to blink (about 30 seconds).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Viewing the Available Firmware Versions To view the current version of the firmware that your UTM is running and the other available firmware versions: 1. Select Administration > System Update from the menu. The System Update submenu tabs appear, with the Signatures & Engine screen in view. 2. Click the Firmware submenu tab. The Firmware screen displays.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 3. To see which other firmware versions are available, click Query under the Firmware Download section to allow the UTM to connect to the NETGEAR update server. The Firmware Download section shows the available firmware versions, including any new versions, and the date when the current firmware version was downloaded to the UTM. Upgrading the Firmware and Rebooting the UTM To upgrade the UTM’s firmware and reboot the UTM: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Rebooting Without Changing the Firmware To reboot the UTM without changing the firmware: 1. In the Firmware Reboot section of the Firmware screen (see Figure 10-6 on page 10-19), select the active firmware version by clicking the Activation radio button for the firmware that states “active” in the Type column. 2. Select the radio button that corresponds to the firmware version that you want to download onto the UTM. 3. Click Reboot.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 10-7 The Info section shows the following information fields for the scan engine firmware and pattern file: • • Current Version. The version of the files. Last Updated. The date of the most recent update. To immediately update the scan engine firmware and pattern file, click Update Now at the bottom of the screen. 10-22 Network and System Management v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Automatic Update and Frequency Settings To configure the update settings and frequency settings for automatic downloading of the scan engine firmware and pattern file: 1. Locate the Update Settings, Frequency Settings, and HTTPS Proxy Settings section on the Signatures & Engine screen (see Figure 10-7 on page 10-22). 2. Enter the settings as explained in Table 10-2. Table 10-2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Date and Time Service Configure date, time and NTP server designations on the System Date & Time screen. Network Time Protocol (NTP) is a protocol that is used to synchronize computer clock times in a network of computers. Setting the correct system time and time zone ensures that the date and time recorded in the UTM logs and reports are accurate. To set time, date and NTP servers: 1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 10-3. System Date & Time Settings (continued) Setting Description (or Subfield and Description) Automatically Adjust for Daylight Savings Time If daylight savings time is supported in your region, select the Automatically Adjust for Daylight Savings Time checkbox. NTP Server (default or custom) From the pull-down menu, select an NTP server: • Use Default NTP Servers.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 10-26 Network and System Management v1.
Chapter 11 Monitoring System Access and Performance This chapter describes the system monitoring features of the UTM. You can be alerted to important events such as a WAN port rollover, WAN traffic limits reached, login failures, and attacks. You can also view status information about the firewall, WAN ports, LAN ports, active VPN users and tunnels, and more. In addition, the diagnostics utilities are described.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Internet Traffic Statistics section in the lower part of the screen displays statistics on Internet traffic via the WAN port. If you have not enabled the traffic meter, these statistics are not available. Figure 11-1 2. Enter the settings as explained in Table 11-1 on page 11-3. 11-2 Monitoring System Access and Performance v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-1. WAN Traffic Meter Settings Setting Description (or Subfield and Description) Enable Traffic Meter Do you want to Select one of the following radio buttons to configure traffic metering: enable Traffic • Yes.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-1. WAN Traffic Meter Settings (continued) Setting Description (or Subfield and Description) When Limit is reached Block traffic Select one of the following radio buttons to specify what action the UTM performs when the traffic limit has been reached: • Block All Traffic. All incoming and outgoing Internet and e-mail traffic is blocked. • Block All Traffic Except E-Mail.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring Logging, Alerts, and Event Notifications By default, the UTM logs security-related events such as accepted and dropped packets on different segments of your LAN, denied incoming and outgoing service requests, hacker probes and login attempts, content filtering events such as attempts to access blocked sites and URLs, unwanted e-mail content, spam attempts, and many other types of events.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 11-2. Table 11-2. E-mail Notification Settings Setting Description (or Subfield and Description) Show as mail sender A descriptive name of the sender for e-mail identification purposes. For example, enter UTMnotification@netgear.com. SMTP server The IP address and port number or Internet name and port number of your ISP’s outgoing e-mail SMTP server. The default port number is 25.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-4 Monitoring System Access and Performance v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Enter the settings as explained in Table 11-2. Table 11-3. E-mail and Syslog Settings Setting Description (or Subfield and Description) System Logs Option Select the checkboxes to specify which system events are logged: • Change of Time by NTP. Logs a message when the system time changes after a request from an NTP server. • Secure Login Attempts. Logs a message when a secure login is attempted.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-3. E-mail and Syslog Settings (continued) Setting Description (or Subfield and Description) Enable (continued) Select Logs to Send (continued) IPS Logs. All IPS events. SSL VPN Logs. All SSL VPN events. IPSEC VPN Logs. All IPsec VPN events. Content Filter Logs. All attempts to access blocked Web sites and URLs. • Service Logs.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-3. E-mail and Syslog Settings (continued) Setting Description (or Subfield and Description) Clear the Following Logs Information Select the checkboxes to specify which logs are cleared. The “Select Logs to Send” part of the “Email Logs to Administrator” section of the screen (see above) lists the same checkboxes as the “Clear the Following Logs Information” section of the screen. 3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-5 3. Enter the settings as explained in Table 11-4. Table 11-4. Alerts Settings Setting Description (or Subfield and Description) Enable Update Failure Alerts Select this checkbox to enable update failure alerts. Enable License Expiration Alerts Select this checkbox to enable license expiration alerts. This checkbox is enabled by default.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-4. Alerts Settings (continued) Setting Description (or Subfield and Description) Enable Malware Alerts (continued) Subject Enter the subject line for the e-mail alert. The default text is “[Malware alert]”. Message Enter the content for the e-mail alert. Note: Make sure that you keep the %VIRUSINFO% and %TIME% meta words in a message to enable the UTM to insert the proper malware name and time information.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Configuring and Activating Firewall Logs You can configure the logging options for each network segment. For example, the UTM can log accepted packets for LAN-to-WAN traffic, dropped packets for WAN-to-DMZ traffic, and so on.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-5. Firewall Logs Settings Setting Description (or Subfield and Description) Routing Logs From the Accepted Packets and Dropped Packets columns, select checkboxes to specify which traffic is logged: • LAN to WAN. • LAN to DMZ. • DMZ to WAN. • WAN to LAN. • DMZ to LAN. • WAN to DMZ. Other Event Logs Source MAC Filter Select this checkbox to log packets from MAC addresses that match the source MAC address filter settings.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-7 [Dashboard, screen 1 of 3] Monitoring System Access and Performance v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To clear the statistics, click Clear Statistics. To set the poll interval: 1. Click the Stop button. 2. From the Poll Interval pull-down menu, select a new interval (the minimum is 5 seconds, the maximum is 5 minutes). 3. Click the Set Interval button. Table 11-6 explains the fields of the Total Threats, Threats (Counts), and Total Traffic (Bytes) sections of the Dashboard screen. Table 11-6.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-6. Dashboard: Total Threats, Threats (Counts), and Total Traffic (Bytes) Information (continued) Item Description (or Subfield and Description) Threats (Counts) This is a graphic that shows the relative number of threats and access violations over the last week, using different colors for the various applications.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-7 explains the fields of the Most Recent 5 and Top 5 sections of the Dashboard screen. Table 11-7. Dashboard: Most Recent 5 and Top 5 Information Category Most Recent 5 Description Top 5 Description Threats • Malware Name. The name of the malware threat. • Protocol. The protocol in which the malware threat was detected. • Date and Time. The date and time that the malware threat was detected. • Malware Name.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-9 [Dashboard, screen 3 of 3] Table 11-8 explains the fields of the Service Statistics section of the Dashboard screen. Table 11-8. Dashboard: Service Statistics Information Item Description (or Subfield and Description) For each of the six supported protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP), this section provides the following statistics: Total Scanned Traffic (MB) The total quantity of scanned traffic in MB.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Viewing Status Screens The UTM provides real-time information in a variety of status screens that are described in the following sections: • • • • • • • “Viewing System Status” on this page. “Viewing Active VPN Users” on page 11-24. “Viewing VPN Tunnel Connection Status” on page 11-24. “Viewing Port Triggering Status” on page 11-26. “Viewing the WAN Ports Status” on page 11-27. “Viewing Attached Devices and the DHCP Log” on page 11-29.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-10 [System Status, screen 1 of 3] Table 11-9 explains the fields of the Status and System Information sections of the System Status screen. Table 11-9. System Status: Status and System Information Setting Description (or Subfield and Description) Status System The current CPU, memory, and hard disk usage. When usage is within safe limits, the status bars show green.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-9. System Status: Status and System Information (continued) Setting Description (or Subfield and Description) System Information States system up time since last reboot. Firmware Information The firmware version and most recent download for the active and secondary firmware of the UTM and for the scan engine, pattern file, and firewall.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-10. System Status: WAN Configuration and LAN Port Information Setting Description (or Subfield and Description) WAN1 Configuration/WAN2 Configuration (Dual-WAN Port Models) or WAN Configuration (Single-WAN Port Models) WAN Mode Single Port, Load Balancing, or Auto Rollover. WAN State UP or DOWN. NAT Enabled or Disabled. Connection Type Static IP, DHCP, PPPoE, or PPTP. Connection State Connected or Not Connected.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-11. System Status: Interface Statistics Setting Description (or Subfield and Description) For each interface (LAN, WAN1, WAN2, and DMZ for the dual-WAN port models; LAN, WAN, and DMZ for the single-WAN port models), the following statistics are displayed: Status 10BaseT Half duplex, 10BaseT Full duplex, 100BaseT Half duplex, 100BaseT Full duplex, or No Link. Tx (KB) The number of transmitted packets in KB.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the IPSec VPN Connection Status submenu tab. The IPSec VPN Connection Status screen displays. Figure 11-14 The Active IPsec SAs table lists each active connection with the information that is described in Table 11-12. The default poll interval is 5 seconds. To change the poll interval period, enter a new value in the Poll Interval field, and then click Set interval. To stop polling, click Stop. Table 11-12.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the SSL VPN Connection Status submenu tab. The SSL VPN Connection Status screen displays. Figure 11-15 The active user’s user name, group, and IP address are listed in the table with a timestamp indicating the time and date that the user connected. To disconnect an active user, click the Disconnect table button to the right of the user’s table entry.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual 2. Click the Status option arrow at the top right of the Port Triggering screen.The Port Triggering Status screen appears in a popup window. Figure 11-17 The Port Triggering Status screen displays the information that is described in Table 11-13. Table 11-13. Port Triggering Status Information Item Description (or Subfield and Description) # The sequence number of the rule on screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-18 2. Click the WAN Status option arrow at the top right of the WAN1 ISP Settings screen (dualWAN port models) or WAN1 ISP Settings screen (single-WAN port models). The Connection Status screen appears in a popup window. Figure 11-19 11-28 Monitoring System Access and Performance v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Connection Status screen displays the information that is described in Table 11-14. Table 11-14. WAN1 (Dual-WAN Port Models) or WAN (Single WAN-Port Models) Port Status Informations Item Description (or Subfield and Description) Connection Time The period that the UTM has been connected through the WAN port. Connection Type DHCP or Static IP. Connection Status Connected or Disconnected.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-20 2. Click the LAN Groups submenu tab. The LAN Groups screen displays (Figure 11-21 shows some examples in the Known PCs and Devices table). Figure 11-21 11-30 Monitoring System Access and Performance v1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The Known PCs and Devices table contains a list of all known PCs and network devices that are assigned dynamic IP addresses by the UTM, or have been discovered by other means. Collectively, these entries make up the Network Database. For each attached PC or device, the Known PCs and Devices table displays the following fields: • Checkbox. Allows you to select the PC or device in the table. • Name. The name of the PC or device.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-22 Querying Logs and Generating Reports The extensive logging and reporting functions of the UTM let you perform the following tasks that help you to monitor the protection of the network and the performance of the UTM: • • • Querying and downloading logs Generating and downloading e-mail, Web, and system reports Scheduling automatic e-mail, Web, and system reports, and e-mailing these reports to specified recipients.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • • • • • • • • • • • System Logs. The system event logs that you have specified on the Email and Syslog screen (see “Configuring and Activating System, E-mail, and Syslog Logs” on page 11-6). However, by default, many more types of events are logged in the system logs. Service Logs. All events that are related to the status of scanning and filtering services that are part of the Application Security main navigation menu.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-23 3. Enter the settings as explained in Table 11-15. Table 11-15. Logs Query Settings Setting Description (or Subfield and Description) Log Type Select one of the following log types from the pull-down menu: • Traffic. All scanned incoming and outgoing traffic. • Spam. All intercepted spam. • System. The system event logs that you have specified in the System Logs Options section at the top of the screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-15. Logs Query Settings (continued) Setting Description (or Subfield and Description) Log Type (continued) • Service Logs. All events that are related to the status of scanning and filtering services that are part of the Application Security main navigation menu. These events include update success messages, update failed messages, network connection errors, and so on. • Malware.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-15. Logs Query Settings (continued) Setting Description (or Subfield and Description) Search Criteria (continued) Client IP The client IP address that is queried. This field is available for the following logs: Traffic, Spam, Malware, Content filters, Port Scan, IPS, Instant Messaging/Peer to Peer. Server IP The server IP address that is queried.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-15. Logs Query Settings (continued) Setting Description (or Subfield and Description) Search Criteria (continued) Message The e-mail message text that is queried. This field is available for the following logs: Port Scan, IPS, Instant Messaging/Peer to Peer. Subject The e-mail subject line that is queried. This field is available only for the Traffic log.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Example: Using Logs to Identify Infected Clients You can use the UTM logs to help identify potentially infected clients on the network. For example, clients that are generating abnormally high volumes of HTTP traffic might be infected with spyware or other malware threats.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Scheduling and Generating Reports The UTM lets you schedule and generate three types of reports: • Email Reports.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual – The following application incident are shown per day, both in tables and graphics: • • – Number of instant messaging application violations, top 10 violating instant messaging applications by count, and top 10 violating instant messaging clients by count Number of peer-to-peer application violations, top 10 violating peer-to-peer applications by count, and top 10 violating peer-to-peer clients by count The following malware incident
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure 11-24 3. Enter the settings as explained in Table 11-16. Table 11-16. Generate Report Settings Setting Description (or Subfield and Description) Time From From the pull-down menus, specify the start year, month, day, hour, and minutes for the report. Time To From the pull-down menus, specify the end year, month, day, hour, and minutes for the report. Note: The maximum report period is 31 days.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Scheduling Reports To schedule automatic generation and e-mailing of reports: 1. Select Monitoring > Logs & Reports from the menu. The Logs & Reports submenu tabs appear, with the Email and Syslog screen in view. 2. Click the Schedule Reports submenu tab. The Schedule Reports screen displays. Figure 11-25 3. Enter the settings as explained in Table 11-17. Table 11-17.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table 11-17. Schedule Report Settings (continued) Setting Description (or Subfield and Description) Reports Select one or more checkboxes to specify the reports that are generated: • Email Reports. • Web Reports. • System Reports. Note: You can select all three checkboxes, but you might generate a very large report.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using the Network Diagnostic Tools This section discusses the Network Diagnostics section and the Perform a DNS Lookup section of the Diagnostics screen. Figure 11-26 [Diagnostics, screen 1of 3] Sending a Ping Packet Use the Ping utility to send a ping packet request in order to check the connection between the UTM and a specific IP address.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Tracing a Route A traceroute lists all routers between the source (the UTM) and the destination IP address. To send a traceroute: 1. Locate the Network Diagnostics section on the Diagnostics screen. 2. In the IP Address field, enter the IP address for which you want trace the route. 3. Click the Traceroute button. The results of the traceroute are displayed in a new screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Using the Realtime Traffic Diagnostics Tool This section discusses the Realtime Traffic Diagnostics section and the Perform a DNS Lookup section of the Diagnostics screen. Figure 11-27 [Diagnostics, screen 2 of 3] You can use the Realtime Traffic Diagnostics tool to analyze traffic patterns with a network traffic analyzer tool.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Gathering Important Log Information and Generating a Network Statistics Report When you request support, NETGEAR Technical Support might ask you to collect the debug logs and other information from your UTM. This section discusses the Gather Important Log Information section, Network Statistics Report section, and Reboot the System section of the Diagnostics screen.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To generate the Network Statistic Report: 1. Locate the Network Statistics Report section on the Diagnostics screen. 2. Click Generate Network Statistics. The network statistics report is sent as an e-mail to the recipient that you specified on the Email Notification screen (see “Configuring the E-mail Notification Server” on page 11-5).
Chapter 12 Troubleshooting and Using Online Support This chapter provides troubleshooting tips and information for the UTM. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the UTM on? Go to “Basic Functioning” on page 12-2. • Have I connected the UTM correctly? Go to “Basic Functioning” on page 12-2. • I cannot access the UTM’s Web Management Interface.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Basic Functioning After you turn on power to the UTM, the following sequence of events should occur: 1. When power is first applied, verify that the PWR LED is on. 2. After approximately two minutes, verify that: a. The Test LED is no longer lit. b. The LAN port Left LEDs are lit for any local ports that are connected. c. The WAN port Left LEDs are lit for any WAN ports that are connected.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not light when the Ethernet connection is made, check the following: • Make sure that the Ethernet cable connections are secure at the UTM and at the hub, router, or workstation. • Make sure that power is turned on to the connected hub, router, or workstation.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • If your UTM’s IP address has been changed and you do not know the current IP address, clear the UTM’s configuration to factory defaults. This sets the UTM’s IP address to 192.168.1.1. This procedure is explained in “Restoring the Default Configuration and Password” on page 12-9.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • If the computer is configured correctly, but still not working, ensure that the UTM is connected and turned on. Connect to the Web Management Interface and check the UTM’s settings. If you cannot connect to the UTM, see the information in the previous section (“Troubleshooting the Web Management Interface” on page 12-3).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual If your UTM is still unable to obtain an IP address from the ISP, the problem might be one of the following: • Your ISP might require a login program. Ask your ISP whether they require PPP over Ethernet (PPPoE) or some other type of login. • If your ISP requires a login, you might have incorrectly set the login name and password. • Your ISP might check for your PC's host name.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the Ping utility in your PC or workstation.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. From the Windows run menu, type: PING -n 10 where is the IP address of a remote device such as your ISP’s DNS server. If the path is functioning correctly, replies as in the previous section are displayed.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Restoring the Default Configuration and Password To reset the UTM to the original factory default settings, you can use one of the following two methods: • Push the Reset button on the rear panel of the UTM (see “Rear Panel” on page 1-12) and hold the Reset button for about eight seconds until the Test LED turns on and begins to blink (about 30 seconds).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Problems with Date and Time The System Date & Time screen displays the current date and time of day (see “Configuring Date and Time Service” on page 10-24). The UTM uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is stamped with the date and time of day. Problems with the date and time function can include: • Date shown is January 1, 2000.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To initiate the support tunnel: 1. Select Support > Online Support from the menu The Online Support screen displays. Figure 12-2 2. In the Support Key field, enter the support key that was given to you by NETGEAR 3. Click Connect. When the tunnel is established, the tunnel status field displays ON. To terminate the tunnel, click Disconnect. The tunnel status field displays OFF.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual To submit a file to NETGEAR for analysis: 1. Select Support > Malware Analysis from the menu The Online Support screen displays. Figure 12-3 2. Enter the settings as explained in Table 12-1. Table 12-1. Malware Analysis Settings Setting Description (or Subfield and Description) Email Address The e-mail address of the submitter to enable NETGEAR to contact the submitter if needed.
Appendix A Default Settings and Technical Specifications You can use the Reset button located on the rear panel to reset all settings to their factory defaults. This is called a hard reset (for more information, see “Reverting to Factory Default Settings” on page 10-18). • To perform a hard reset, press and hold the Reset button for approximately eight seconds (until the TEST LED blinks rapidly). The UTM returns to the factory configuration settings that are shown in Table A-1 below.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table A-1. UTM Default Configuration Settings (continued) Feature Default behavior (continued) DHCP server Enabled DHCP starting IP address 192.168.1.2 DHCP starting IP address 192.168.1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table A-2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table A-3. UTM IPsec VPN Specifications (continued) Setting Specification IPsec authentication types Local User database, RADIUS PAP, RADIUS CHAP IPsec certificates supported CA digital certificate, Self digital certificate Table A-4 shows the SSL VPN specifications for the UTM. Table A-4.
Appendix B Network Planning for Dual WAN Ports (Dual-WAN Port Models Only) This appendix describes the factors to consider when planning a network using a firewall that has dual WAN ports. This appendix does not apply to single-WAN port models. This appendix contains the following sections: • • • • “What to Consider Before You Begin” on this page. “Overview of the Planning Process” on page B-5. “Inbound Traffic” on page B-7. “Virtual Private Networks (VPNs)” on page B-9.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Protocol binding – For auto-rollover mode, protocol binding does not apply. – For load balancing mode, decide which protocols should be bound to a specific WAN port. – You can also add your own service protocols to the list. 2. Set up your accounts a. Obtain active Internet services such as cable or DSL broadband accounts and locate the Internet service provider (ISP) configuration information.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • You can choose a variety of WAN options if the factory default settings are not suitable for your installation. These options include enabling a WAN port to respond to a ping, and setting MTU size, port speed, and upload bandwidth. 4. Prepare to physically connect the firewall to your cable or DSL modems and a computer. Instructions for connecting the UTM are in the ProSecure Unified Threat Management UTM Installation Guide.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • • ISP Domain Name Server (DNS) addresses One ore more fixed IP addresses (also known as static IP addresses) Where Do I Get The Internet Configuration Information? There are several ways you can gather the required Internet connection information. • Your ISPs provide all the information needed to connect to the Internet.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Gateway IP Address: ______.______.______.______ Subnet Mask: ______.______.______.______ ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following: Primary DNS Server IP Address: ______.______.______.______ Secondary DNS Server IP Address: ______.______.______.______ • Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or home.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual These various types of traffic and auto-rollover or load balancing all interact to make the planning process more challenging: • Inbound Traffic. Unrequested incoming traffic can be directed to a PC on your LAN rather than being discarded. The mechanism for making the IP address public depends on whether the dual WAN ports are configured for auto-rollover or load balancing. • Virtual Private Networks.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Dual WAN Ports in Load Balancing Mode. Load balancing for an UTM with dual WAN ports is similar to a single WAN gateway configuration when you specify the IP address. Each IP address is either fixed or dynamic based on the ISP: You must use FQDNs when the IP address is dynamic but FQDNs are optional when the IP address is static.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual In the single WAN case, the WAN’s Internet address is either fixed IP or a FQDN if the IP address is dynamic. Figure B-4 Inbound Traffic to a Dual WAN Port System The IP address range of the UTM’s WAN port must be both fixed and public so that the public can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure B-6 Virtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN port depends on the configuration being implemented: Table B-2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual For a single WAN gateway configuration, use a FQDN when the IP address is dynamic and either an FQDN or the IP address itself when the IP address is fixed. The situation is different in dualWAN port gateway configurations. • Dual WAN Ports in Auto-Rollover Mode. A dual-WAN port auto-rollover gateway configuration is different from a single-WAN port gateway configuration when you specify the IP address of the VPN tunnel endpoint.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Road Warrior (Client-to-Gateway) The following situations exemplify the requirements for a remote PC client with no firewall to establish a VPN tunnel with a gateway VPN firewall such as an UTM: • Single gateway WAN port • Redundant dual gateway WAN ports for increased reliability (before and after rollover) • Dual gateway WAN ports for load balancing VPN Road Warrior: Single Gateway WAN Port (Reference Case) In a single WAN port gate
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure B-10 The IP addresses of the WAN ports can be either fixed or dynamic, but you must always use a FQDN because the active WAN port could be either WAN1 or WAN2 (that is, the IP address of the active WAN port is not known in advance). After a rollover of the WAN port has occurred, the previously inactive gateway WAN port becomes the active port (port WAN2 in Figure B-11) and the remote PC client must re-establish the VPN tunnel.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing In a dual-WAN port load balancing gateway configuration, the remote PC initiates the VPN tunnel with the appropriate gateway WAN port (that is, port WAN1 or WAN2 as necessary to balance the loads of the two gateway WAN ports) because the IP address of the active WAN port is not known in advance. The selected gateway WAN port must act as the responder.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Figure B-13 The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, you must use a FQDN. If an IP address is fixed, an FQDN is optional.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual After a rollover of a gateway WAN port, the previously inactive gateway WAN port becomes the active port (port WAN_A2 in Figure B-15) and one of the gateways must re-establish the VPN tunnel.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Telecommuter (Client-to-Gateway Through a NAT Router) Note: The telecommuter case presumes the home office has a dynamic IP address and NAT router.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability In a dual-WAN port auto-rollover gateway configuration, the remote PC client initiates the VPN tunnel with the active gateway WAN port (port WAN1 in Figure B-18) because the IP address of the remote NAT router is not known in advance. The gateway WAN port must act as the responder.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The purpose of the FQDN is to toggle the domain name of the gateway between the IP addresses of the active WAN port that is, WAN1 and WAN2) so that the remote PC client can determine the gateway IP address to establish or re-establish a VPN tunnel.
Appendix C System Logs and Error Messages This appendix explains provides examples and explanations of system logs and error message. When applicable, a recommended action is provided. This appendix contains the following sections: • • • “System Log Messages” on page C-2. “Content Filtering and Security Logs” on page C-12. “Routing Logs” on page C-16. This appendix uses the following log message terms. Table C-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual System Log Messages This section describes log messages that belong to one of the following categories: • Logs that are generated by traffic that is meant for the UTM. • Logs that are generated by traffic that is routed or forwarded through the UTM. • Logs that are generated by system daemons NTP, the WAN daemon, and others. System Startup This section describes log messages generated during system startup. Table C-2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Service Logs This section describes log messages generated during firmware updates and other service-related events. Table C-4. System Logs: Service Message 2008-12-31 23:59:48 error Firmware update failed! Either the subscription is not yet registered, or has been expired. Explanation Logs that are generated when a firmware update fails or succeeds. The message shows the date and time, and the event.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Login/Logout This section describes logs that are generated by the administrative interfaces of the device. Table C-6. System Logs: Login/Logout Message Nov 28 14:45:42 [UTM] [login] Login succeeded: user admin from 192.168.10.10 Explanation Login of user admin from host with IP address 192.168.10.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual WAN Status This section describes the logs that are generated by the WAN component. If there are two ISP links for Internet connectivity, the router can be configured either in auto-rollover mode or load balancing mode. Auto-Rollover Mode When the WAN mode is configured for auto-rollover, the primary link is active and secondary acts only as a backup.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual System Logs: WAN Status, Auto Rollover (continued) Explanation The logs suggest that the fail-over was detected after five attempts instead of three. However, the reason the messages appear as above is because of the WAN state transition logic which is part of the failover algorithm. The above logs can be interpreted as below. The primary link failure is properly detected after the 3rd attempt.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual PPP Logs This section describes the WAN PPP connection logs. The PPP type can be configured through the Web Management Interface (see “Manually Configuring the Internet Connection” on page 3-5). • PPPoE Idle-Timeout Logs Table C-10.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • PPTP Idle-Timeout Logs Table C-11. System Logs: WAN Status, PPTP Idle-Timeout Message 1 Message 2 Message 3 Message 4 Message 5 Message 6 Message 7 Message 8 Message 9 Explanation Nov 29 11:19:02 [UTM] [pppd] Starting connection Nov 29 11:19:05 [UTM] [pppd] CHAP authentication succeeded Nov 29 11:19:05 [UTM] [pppd] local IP address 192.168.200.214 Nov 29 11:19:05 [UTM] [pppd] remote IP address 192.168.200.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Traffic Metering Logs This section describes logs that are generated when the traffic meter has reached a limit. Table C-13. System Logs: Traffic Metering Message Jan 23 19:03:44 [TRAFFIC_METER] TRAFFIC_METER: Monthly Limit of 10 MB has reached for WAN1._ Explanation Logs that are generated when the traffic limit for WAN1 interface that was set at 10 MB has been reached.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Multicast/Broadcast Logs This section describes logs that are generated when the UTM processes multicast and broadcast packets. Table C-16. System Logs: Multicast/Broadcast Message Jan 1 07:24:13 [UTM] [kernel] MCAST-BCAST IN=WAN OUT=SELF SRC=192.168.1.73 DST=192.168.1.255 PROTO=UDP SPT=138 DPT=138 Explanation • This packet (broadcast) is destined to the device from the WAN network. • For other settings, see Table C-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table C-17. System Logs: Invalid Packets (continued) Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][BAD_CHECKSUM]DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Explanation Bad checksum. Recommended Action None Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INVALID][BAD_HW_CHECKSUM][DROP] SRC=192.168.20.10 DST=192.168.20.2 PROTO=ICMP TYPE=3 CODE=0 Explanation Bad hardware checksum for ICMP packets.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table C-17. System Logs: Invalid Packets (continued) Explanation Error returned from helper routine. Recommended Action None Content Filtering and Security Logs This section describes the log messages that are generated by the content filtering and security mechanisms. Web Filtering and Content Filtering Logs This section describes logs that are generated when the UTM filters Web content. Table C-18.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Table C-18. Content Filtering and Security Logs: Web Filtering and Content Filtering Message 2009-08-01 00:00:01 HTTP 192.168.1.3 192.168.35.165 http://192.168.35.165/testcases/files/virus/normal/%b4%f3%d3%da2048.rar Proxy Block Explanation Logs that are generated when Web content is blocked because it uses a proxy.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Traffic Logs This section describes logs that are generated when the UTM processes Web and e-mail traffic. Table C-20. Content Filtering and Security Logs: Traffic Message 2009-02-28 23:59:59 HTTP 99 192.168.1.2 192.168.33.8 xlzimap@test.com xlzpop3@test.com [MALWARE INFECTED] Fw: cleanvirus Explanation Web and e-mail traffic logs for HTTP, SMTP, POP3, IMAP, HTTPS, and FTP traffic.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual IPS Logs This section describes logs that are generated when traffic matches IPS rules. Table C-23. Content Filtering and Security Logs: IPS Message 2008-12-31 23:59:37 drop TCP 192.168.1.2 3496 192.168.35.165 8081 WEB-CGI Trend Micro OfficeScan CGI password decryption buffer overflow attempt Explanation Logs that are generated when traffic matches IPS rules.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Routing Logs This section explains the logging messages for each network segment such as LAN to WAN for debugging purposes. These logs might generate a significant volume of messages. LAN to WAN Logs This section describes logs that are generated when the UTM processes LAN to WAN traffic. Table C-26. Routing Logs: LAN to WAN Message Nov 29 09:19:43 [UTM] [kernel] LAN2WAN[ACCEPT] IN=LAN OUT=WAN SRC=192.168.10.10 DST=72.14.207.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual WAN to LAN Logs This section describes logs that are generated when the UTM processes WAN to LAN traffic. Table C-29. Routing Logs: WAN to LAN Message Nov 29 10:05:15 [UTM] [kernel] WAN2LAN[ACCEPT] IN=WAN OUT=LAN SRC=192.168.1.214 DST=192.168.10.10 PROTO=ICMP TYPE=8 CODE=0 Explanation • This packet from the LAN to the WAN has been allowed by the firewall. • For other settings, see Table C-1.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual C-18 System Logs and Error Messages v1.
Appendix D Two Factor Authentication This appendix provides an overview of Two-Factor Authentication, and an example of how to implement the WiKID solution. This appendix contains the following sections: • • “Why do I need Two-Factor Authentication?” on this page.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual • Quick to deploy and manage. The WiKID solution integrates seamlessly with the NETGEAR SSL and VPN firewall products. • Proven regulatory compliance. Two-Factor Authentication has been used as a mandatory authentication process for many corporations and enterprises worldwide.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual The request-response architecture is capable of self-service initialization by end-users, dramatically reducing implementation and maintenance costs. Here is an example of how WiKID works. 1. The user launches the WiKID token software, enter the PIN that has been given to them (something they know) and then press “continue” to receive the OTP from the WiKID authentication server: Figure D-1 2.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual Note: The one-time passcode is time synchronized to the authentication server so that the OTP can only be used once and must be used before the expiration time. If a user does not use this passcode before it is expired, the user must go through the request process again to generate a new OTP. 3. The user then proceeds to the Two-Factor Authentication login page and enters the generated one-time passcode as the login password.
Appendix E Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link TCP/IP Networking Basics http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Networking Basics http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing Your Network http://documentation.netgear.com/reference/enu/wsdhcp/index.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual E-2 Related Documents v1.
Index Numerics application (services) protection 6-19, 6-21 Application Level Gateway. See ALG.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual B C backing up, configuration file 10-16 CA 7-31 bandwidth capacity auto-rollover mode 10-2 LAN 10-1 load balancing mode 10-1 single WAN port mode 10-2 WAN 10-1 cache control, SSL VPN 8-5, 8-21 bandwidth limits, logging dropped packets 11-14 Certificate Revocation List. See CRL.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual managing 10-15 restoring 10-17 reverting to defaults 10-18 configuration menu (Web Management Interface) 2-5 connection requirements 2-1 speed and type, WAN 3-24 console port 1-12 content filtering audio and video files 6-28 compressed files 6-28 executable files 6-28 log messages C-12 logs 11-9, 11-33, 11-35 scheduling 2-22 settings, using the Setup Wizard 2-21 Web categories 2-22 configuration, restoring 12-9 content filtering settings
ProSecure Unified Threat Management (UTM) Appliance Reference Manual duplex, half and full 3-23 DMZ DHCP address pool 4-20 DNS servers 4-21 domain name 4-20 LDAP server 4-21 lease time 4-21 relay 4-21 server 4-20 WINS server 4-21 DNS proxy 4-22 firewall security 4-18 increasing traffic 10-7 IP addresses 4-20 port 1-5, 4-18 setup settings 4-20 subnet mask 4-20 Dynamic DNS. See DDNS. Dynamic Host Configuration Protocol. See DHCP. 1-6 DynDNS.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual F front panel LEDs 1-11 ports 1-10 factory default settings reverting to 10-18 service licenses, automatic retrieval 2-28 failover attempts DNS lookup 3-13 pinging 3-13 failover protection.. See auto-rollover mode (dual-WAN port models).
ProSecure Unified Threat Management (UTM) Appliance Reference Manual HTTP action, infected Web file or object 2-20, 6-22 default port 2-17, 6-20 enabling scanning 2-17, 6-20 proxy, for HTTPS scanning 6-34, 6-37 proxy, signatures & engine settings 2-25 trusted hosts 6-37 increasing traffic DMZ port 10-7 exposed hosts 10-8 overview 10-5 port forwarding 5-7, 10-6 port triggering 10-7 VPN tunnels 10-8 HTTPS action, infected Web file or object 2-20, 6-22 default port 2-17, 6-20 enabling scanning 2-17, 6-20 sca
ProSecure Unified Threat Management (UTM) Appliance Reference Manual IP header 5-37 IP precedence 5-37 IP security. See IPsec. IP/MAC binding 5-44 IPS alerts 11-10 attacks categories 5-50 recent 5 and top 5 11-18 description 5-49 logs 11-9, 11-33, 11-35 outbreak alerts 11-10 defining 11-12 IPsec hosts, XAUTH 7-39, 7-40 IPsec VPN Wizard client-to-gateway tunnels, setting up 7-9 default settings 7-5 description 1-6 gateway-to-gateway tunnels, setting up 7-4 IPsec VPN. See VPN tunnels.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual configuring options 11-8 e-mail address for sending logs 2-23, 11-6 firewall logs, configuring 11-13 management 11-38 querying logs 11-32 search criteria 11-35 selecting logs 11-34 specifying logs to send via e-mail 11-8 syslog server 11-9 terms in messages C-1 Media Access Control. See MAC. memory usage 11-21 Message-Digest algorithm 5. See MD5.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual planning, dual WAN ports (dual-WAN port models) B-1 protocols, supported 1-2 resources, SSL VPN 8-28 statistics report, diagnostics 11-47 traffic statistics 11-16 P package contents, UTM 1-9 packets, accepted and dropped 11-14 PAP. See also RADIUS-PAP, MIAS-PAP, or WiKIDPAP. 9-2 Network Access Server. See NAS. Password Authentication Protocol. See PAP. Network Address Translation. See NAT.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual IPsec VPN automatically generated (auto) 7-31 groups, configuring 9-6 managing 7-22 manually generated (manual) 7-31 SSL VPN managing 8-31 settings 8-34 Post Office Protocol 3. See POP3.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual description 5-35 examples 5-35 shifting traffic mix 10-8 value 5-37 quality of service. See QoS.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual ModeConfig 7-46 self certificate requests 9-23 VPN policies 7-37 scan engine firmware 10-21 scan exceptions e-mail message size 2-19 Web file or object size 2-20 shutting down 11-48 scan signatures 10-21 signature key length 9-23 scanning exclusions 6-44 size exceptions 6-6, 6-23, 6-41 signatures & engine settings HTTP proxy 2-25 update frequency 2-25 update settings, using the Setup Wizard 2-24 scheduling blocking traffic 5-41 repo
ProSecure Unified Threat Management (UTM) Appliance Reference Manual spam blocked messages, recent 5 and top 5 11-18 Distributed Spam Analysis 6-16 logs 11-8, 11-32, 11-34 protection 6-11 real-time blacklist (RBL) 6-14 whitelist and blacklist 6-12 using SSL VPN Wizard 8-11 portal accessing 8-14 options 8-1 settings, configuring manually 8-18 settings, using SSL VPN Wizard 8-3 specifications A-4 status 8-16 tunnel description 8-1 user account 9-9, 9-11 user portal 8-15 user settings, using SSL VPN Wizard 8-
ProSecure Unified Threat Management (UTM) Appliance Reference Manual tabs, submenu (Web Management Interface) 2-5 ISP connection 12-5 LEDs 12-2, 12-3 NTP 12-10 remote management 10-13 remotely 12-10 testing your setup 12-8 time-out error 12-4 Web Management Interface 12-3 TCP flood, blocking 5-28 TCP time-out 5-31 TCP/IP network, troubleshooting 12-7 settings 2-9 technical specifications A-2 trusted certificates 9-19, 9-20 hosts 6-37 Test LED 1-11, 12-2 testing connectivity 2-26 HTTP scanning 2-26 Two-
ProSecure Unified Threat Management (UTM) Appliance Reference Manual V videoconferencing DMZ port 4-18 from restricted address 5-22 virtual LAN. See VLAN. Virtual Private Network Consortium. See VPNC. virtual private network. See VPN (tunnel). virus database 10-21 logs.
ProSecure Unified Threat Management (UTM) Appliance Reference Manual W Web protection. See HTTP, See HTTPS, See FTP.
