ProSecure Web/Email Security Threat Management Appliance STM150/300/600 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10519-01 1.
© 2009 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSecure is a trademark of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. 2.
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University.
vi v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Contents About This Manual Conventions, Formats, and Scope ..................................................................................xiii How to Print This Manual ................................................................................................xiv Revision History ...............................................................................................................
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Understanding the Steps for Initial Connection ..............................................................2-4 Qualified Web Browsers ...........................................................................................2-5 Logging In to the STM ....................................................................................................2-5 Understanding the Web Management Interface Menu Layout ....................
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Updating the Software ..................................................................................................3-19 Scheduling Updates ...............................................................................................3-19 Performing a Manual Update .................................................................................3-21 Critical Updates That Require a Restart ...................................
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Creating and Deleting Groups by Name ..................................................................5-3 Editing Groups by Name ..........................................................................................5-4 Creating and Deleting Groups by IP Address and Subnet .......................................5-5 Configuring User Accounts .....................................................................................
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Chapter 7 Troubleshooting and Using Online Support Basic Functioning ...........................................................................................................7-2 Power LED Not On ...................................................................................................7-2 Test LED or Status LED Never Turns Off .................................................................
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual xii v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual About This Manual The NETGEAR® ProSecure™ Web/Email Security Threat Management Appliance STM Reference Manual describes how to configure and troubleshoot a ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600. The information in this manual is intended for readers with intermediate computer and networking skills.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual • Scope. This manual is written for the STM according to these specifications: Product ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600 Manual Publication Date September 2009 For more information about network, Internet, firewall, and VPN technologies, click the links to the NETGEAR website in Appendix B, “Related Documents.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Chapter 1 Introduction This chapter provides an overview of the features and capabilities of the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600. It also identifies the physical features of the appliances and the contents of the product packages.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual In addition to scanning HTTP, HTTPS, FTP, SMTP, POP3, and IMAP traffic, the STM protects networks against spam phishing attacks and unwanted Web use. The STM is a plug-and-play device that can be installed and configured within minutes.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Key Features and Capabilities The STM provides the following key features and capabilities: • • • • • • • • • • • • • • • • • Up to two pairs of 10/100/1000 Mbps Gigabit Ethernet WAN ports (see “STM Model Comparison” on page 1-5).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Stream Scanning for Content Filtering Stream Scanning is based on the simple observation that network traffic travels in streams. The STM scan engine starts receiving and analyzing traffic as the stream enters the network. As soon as a number of bytes are available, scanning starts.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Easy Installation and Management You can install, configure, and operate the STM within minutes after connecting it to the network. The following features simplify installation and management tasks: • Browser-based management. Browser-based configuration allows you to easily configure the STM from almost any type of personal computer, such as Windows, Macintosh, or Linux.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 1-1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note: When you reset the STM to the original factory default settings after you have entered the license keys to activate the STM (see “Registering the STM with NETGEAR” on page 2-28), the license keys are erased. The license keys and the different types of licenses that are available for the STM are no longer displayed on the Registration screen.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Front Panel Ports and LEDs The front panels of the three STM models provide different components. STM150 Front Panel Figure 1-2 shows the front panel ports and status light-emitting diodes (LEDs) of the STM150. 5) Downlink LEDs 1) Power LED 4) Uplink LEDs 2) Test LED 3) USB Port 5) Downlink Ports 4) Uplink Port Figure 1-2 From left to right, the STM150’s front panel shows the following ports and LEDs: 1. Power LED. 2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The function of each STM150 LED is described in the following table: Table 1-2. LED Descriptions for the STM150 Object Activity Description Power On (Green) Power is supplied to the STM. Off Power is not supplied to the STM. On (Amber) during startup. The STM is initializing. After approximately 2 minutes, when the STM has completed its initialization, the Test LED turns off.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Front Panel STM300 Figure 1-3 shows the front panel ports and LEDs of the STM300. 2) Power LED 3) Status LED 1) Console Port 7) Uplink LEDs 6) Mgmt Port 8) Downlink LEDs 5) USB Port 8) Downlink Port 4) HDD LED 7) Uplink Port Figure 1-3 From left to right, the STM300’s front panel shows the following ports and LEDs: 1. Console port. Port for connecting to an optional console terminal.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The function of each STM300 LED is described in the following table: Table 1-3. LED Descriptions for the STM300 Object Activity Description Power On (Green) Power is supplied to the STM. Off Power is not supplied to the STM. On (Amber) during startup. The STM is initializing. After approximately 2 minutes, when the STM has completed its initialization, the Status LED turns off.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Front Panel STM600 Figure 1-4 shows the front panel ports and LEDs of the STM600. 7) Pair 1 LEDs 2) Power LED 3) Status LED 1) Console Port 6) Mgmt Port 8) Pair 2 LEDs 5) USB Port 8) Pair 2 Ports 4) HDD LED 7) Pair 1 Ports Figure 1-4 From left to right, the STM600’s front panel shows the following ports and LEDs: 1. Console port. Port for connecting to an optional console terminal. The ports has a DB9 male connector.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The function of each STM600 LED is described in the following table: Table 1-4. LED Descriptions for the STM600 Object Activity Description Power On (Green) Power is supplied to the STM. Off Power is not supplied to the STM. On (Amber) during startup. The STM is initializing. After approximately 2 minutes, when the STM has completed its initialization, the Status LED turns off.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Rear Panel Features The rear panel of the STM150 differs from the rear panels of the STM300 and STM600. Rear Panel STM150 Figure 1-5 shows the rear panel components of the STM150. 1) Console Port 2) Lock 4) Reset Button 3) Power Button 5) AC Power Socket Figure 1-5 From left to right, the STM150’s rear panel components are: 1. Console port. Port for connecting to an optional console terminal.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Rear Panel STM300 and STM600 The rear panels of the STM300 and STM600 are identical. Figure 1-6 shows the rear panel components of the STM300 and STM600. 1) Power Switch 2) AC Power Socket Figure 1-6 From left to right, the STM300’s and STM600’s rear panel components (excluding the four fan air outlets) are: 1. Power switch. Switch to turn the STM300 or STM600 on or off.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual STM150 Product Label Figure 1-7 STM300 Product Label Figure 1-8 1-16 Introduction v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual STM600 Product Label Figure 1-9 Choosing a Location for the STM The STM is suitable for use in an office environment where it can be free-standing (on its runner feet) or mounted into a standard 19-inch equipment rack. Alternatively, you can rack-mount the STM in a wiring closet or equipment room. A mounting kit, containing two mounting brackets and four screws, is provided in the STM package.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual • Temperature operating limits are not likely to be exceeded. Install the unit in a clean, airconditioned environment. For information about the recommended operating temperatures for the STM, see Appendix A, “Default Settings and Technical Specifications.” Using the Rack-Mounting Kit Use the mounting kit for the STM to install the appliance in a rack. (A mounting kit is provided in the product package for the STM).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Chapter 2 Using the Setup Wizard to Provision the STM in Your Network This chapter describes provisioning the STM in your network. This chapter contains the following sections: • • • • • • “Choosing a Deployment Scenario on this page. “Understanding the Steps for Initial Connection” on page 2-4. “Registering the STM with NETGEAR” on page 2-28. “Verifying Proper Installation” on page 2-27.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 2-1 Server Group In a server group deployment, one STM appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the e-mail server with dedicated protection against malware threats, including e-mail-borne viruses and spam. Figure 2-2 on page 2-3 shows a typical server group deployment scenario.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 2-2 Segmented LAN Deployment In a segmented LAN deployment, one STM appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from malware threats coming in through the gateway or originating from other segments. Figure 23 on page 2-4 shows a typical segmented LAN deployment scenario.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 2-3 Understanding the Steps for Initial Connection Generally, five steps are required to complete the basic and security configuration of your STM: 1. Connect the STM physically to your network. Connect the cables and restart your network according to the instructions in the installation guide.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 4. Verify the installation. See “Verifying Proper Installation” on page 2-27. 5. Register the STM. “Registering the STM with NETGEAR” on page 2-28. Each of these tasks is described separately in this chapter. Qualified Web Browsers To configure the STM, you must use a Web browser such as Microsoft Internet Explorer 5.1 or higher, Mozilla Firefox l.x or higher, or Apple Safari 1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The NETGEAR Configuration Manager Login screen displays in the browser (see Figure 2-4, which shows the STM600). Figure 2-5 3. In the User field, type admin. Use lower case letters. 4. In the Password field, type password. Here too, use lower case letters. Note: The STM user name and password are not the same as any user name or password you might use to log in to your Internet connection.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note: The first time that you remotely connect to the STM with a browser via an SSL VPN connection, you might get a warning message regarding the SSL certificate. If you are using a Windows computer with Internet Explorer 5.5 or higher, simply click Yes to accept the certificate. Other browsers provide you with similar options to accept and install the SSL certificate.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Understanding the Web Management Interface Menu Layout Figure 2-7 shows the menu at the top of the STM600’s Web Management Interface. The Web Management Interface layouts of the STM150 and STM300 are identical.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Any of the following action buttons might be displayed on screen (this list might not be complete): • • • • • • • • • Apply. Save and apply the configuration. Reset. Reset the configuration to default values. Test. Test the configuration before you decide whether or not to save and apply the configuration. Auto Detect. Enable the STM to detect the configuration automatically and suggest values for the configuration. Next.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Using the Setup Wizard to Perform the Initial Configuration The Setup Wizard facilitates the initial configuration of the STM by taking you through 11 screens, the last of which allows you to save the configuration. To start the Setup Wizard: 1. Select Global Settings > Network Settings from the main navigation menu. The Network Settings submenu tabs appear with the Network Settings screen in view. 2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 2 of 11: Networking Settings Figure 2-11 Enter the settings as explained in Table 2-1, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the network settings by selecting Global Settings > Network Settings. For more information about these network settings, see “Configuring Network Settings” on page 3-1. Table 2-1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 2-1. Setup Wizard Step 2: Network Settings (continued) Setting Description (or Subfield and Description) Subnet Mask Enter the IP subnet mask. The subnet mask specifies the network number portion of an IP address. Unless you are implementing subnetting, use 255.255.255.0 as the subnet mask. Gateway Address Enter the IP address of the gateway through which the STM is accessed.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Enter the settings as explained in Table 2-2, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the date and time by selecting Administration > System Date & Time. For more information about these settings, see “Configuring Date and Time Service” on page 3-23. Table 2-2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 4 of 11: Email Security Figure 2-13 Enter the settings as explained in Table 2-3 on page 2-15, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the e-mail security settings by selecting Email Security > Policy or Email Security > Anti-Virus.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 2-3. Setup Wizard Step 4: Email Security Settings Setting Description (or Subfield and Description) Services to Scan SMTP POP3 IMAP SMTP scanning is enabled by default on standard To disable any of these services, deselect service port 25. the corresponding checkbox. You can POP3 scanning is enabled by default on standard change the standard service port or add service port 110.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 2-3. Setup Wizard Step 4: Email Security Settings (continued) Setting Description (or Subfield and Description) IMAP From the IMAP pull-down menu, specify one of the following actions when an infected e-mail is detected: • Quarantine attachment. The e-mail is not blocked, but the attachment is removed and placed in the malware quarantine for further research.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 5 of 11: Web Security Figure 2-14 Enter the settings as explained in Table 2-4, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the Web security settings by selecting Web Security > Policy or Web Security > HTTP/HTTPS > Malware Scan. The Malware Scan screen also lets you specify HTML scanning and notification settings.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 2-4. Setup Wizard Step 5: Web Security Settings (continued) Setting Description (or Subfield and Description) HTTPS HTTPS scanning is disabled by default. FTP FTP scanning is enabled by default To disable File Transfer Protocol (FTP) scanning, on standard service port 21. deselect the corresponding checkbox. You can change the standard service port or add another port in the corresponding Ports to Scan field.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 2-4. Setup Wizard Step 5: Web Security Settings (continued) Setting Description (or Subfield and Description) FTP From the FTP pull-down menu, specify one of the following actions when an infected Web file or object is detected: • Quarantine file. The Web file or object is removed and placed in the malware quarantine for further research.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Enter the settings as explained in Table 2-5 on page 2-20, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the administrator e-mail notification settings by selecting Global Settings > Email Notification server. For more information about these settings, see “Configuring the E-mail Notification Server” on page 6-2. Table 2-5.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 7 of 11: Update Settings Figure 2-16 Enter the settings as explained in Table 2-6 on page 2-22, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the security subscription update settings by selecting Administration > Software Update. For more information about these settings, see “Updating the Software” on page 3-19.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 2-6. Setup Wizard Step 7: Update Settings Setting Description (or Subfield and Description) System Information You cannot configure this section; it is shown for information only. For the software, Scan Engine, (signature) Pattern File, and operating system (OS), the current version and the date of the last update are displayed.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 8 of 11: HTTP Proxy Settings Figure 2-17 Enter the settings as explained in Table 2-7, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the security subscription update settings by selecting Global Settings> HTTP Proxy. For more information about these settings, see “Configuring the HTTP Proxy Settings” on page 3-7. Table 2-7.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 9 of 11: Web Categories Figure 2-18 2-24 Using the Setup Wizard to Provision the STM in Your Network v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Enter the settings as explained in Table 2-8, then click Next to go the following screen. Note: After you have completed the steps in the Setup Wizard, you can make changes to the content filtering settings by selecting Web Security > HTTP/HTTPS > Content Filtering. The Content Filtering screen lets you specify additional filtering tasks and notification settings.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setup Wizard Step 10 of 11: Configuration Summary Figure 2-19 2-26 Using the Setup Wizard to Provision the STM in Your Network v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Click Apply to save your settings and automatically restart the system or click Back to make changes to the configuration. Setup Wizard Step 11 of 11: Restarting the System Figure 2-20 Wizard screen 11 is just an informational screen to let you know that the S restarts automatically with the new configuration. Verifying Proper Installation Test the STM before deploying it in a live production environment.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The eicar.com test file is a legitimate DoS program and is safe to use because it is not a malware threat and does not include any fragments of malware code. The test file is provided by EICAR, an organization that unites efforts against computer crime, fraud, and misuse of computers or networks. Verify that the STM properly scans HTTP traffic: 1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 2-21 2. Enter the license key in the Registration Key field. 3. Fill out the customer and VAR fields. 4. Click Register. 5. Repeat step 2 and step 4 for additional license keys. The STM activates the licenses and registers the unit with the NETGEAR registration server. Using the Setup Wizard to Provision the STM in Your Network v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note: When you reset the STM to the original factory default settings after you have entered the license keys to activate the STM (see “Registering the STM with NETGEAR” on page 2-28), the license keys are erased. The license keys and the different types of licenses that are available for the STM are no longer displayed on the Registration screen.
Chapter 3 Performing Network and System Management This chapter describes the network settings, the system management features, and ways to improve the performance of the STM. If you have used the Setup Wizard, you have already configured some of these settings, but there are situations in which you might want to modify them. This chapter contains the following sections: • • • • • • • • • • • • “Configuring Network Settings” on this page. “Configuring Session Limits and Timeouts” on page 3-5.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure the STM’s network settings: 1. Select Global Settings > Network Settings from the menu. The Network Settings submenu tabs appear with the Network Settings screen in view (Figure 3-1 shows the STM600). Figure 3-1 [STM600] Figure 3-2 on page 3-3 shows the Interface Speed & Duplex Settings section of the Network Settings screen of the STM300. 3-2 Performing Network and System Management v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 3-2 [STM300] Figure 3-3 shows the Interface Speed & Duplex Settings section of the Network Settings screen of the STM150. Figure 3-3 [STM150] 2. Complete the fields and make your selections from the pull-down menus as explained in Table 3-1. Table 3-1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-1. Network Settings (continued) Setting Description (or Subfield and Description) Subnet Mask Enter the IP subnet mask. The subnet mask specifies the network number portion of an IP address. Unless you are implementing subnetting, use 255.255.255.0 as the subnet mask. Gateway Address Enter the IP address of the gateway through which the STM is accessed.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-1. Network Settings (continued) Setting Description (or Subfield and Description) MTU Settings Maximum Transmission Unit The maximum transmission unit (MTU) is the largest physical packet size that a network can transmit. Packets that are larger than the MTU value are divided into smaller packets before they are sent, an action that prolongs the transmission process.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Click the Session Limits submenu tab. The Session Limits screen displays. Figure 3-4 3. Select the radio buttons, make your selections from the pull-down menu, and complete the fields as explained in Table 3-2. Table 3-2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-2. Session Limits Settings (continued) Setting Description (or Subfield and Description) Do You Want to Limit Value Depending on the selection in the Limit Type field, this value is a Enable per-user percentage or an absolute number.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure the HTTP proxy: 1. Select Global Settings > HTTP Proxy from the menu. The HTTP Proxy screen displays. Figure 3-5 2. Select the checkbox and complete the fields as explained in Table 3-3. Table 3-3.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual About Users with Administrative and Guest Privileges There are two pre-defined user types that can access the STM’s Web Management Interface: • Administrator. A user who has full access and the capacity to change the STM configuration (that is, read/write access). The default user name for an administrator is admin, and the default password for an administrator is password. • Guest user.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 3-6 2. To modify the administrator or guest settings, select the checkbox and complete the fields as explained in Table 3-4. Table 3-4. Set Password Settings screen; Administrator and Guest Settings Setting Description (or Subfield and Description) User Selection Select one of the following radio buttons: • Edit Administrator Settings.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Under the Administrator Settings and Guest Settings sections of the screen, click Apply to save your settings. 4. If you modified the administrator settings and now want to modify the guest settings, or the other way around, repeat step 2 and step 3 for the other settings. 5. To modify the Web Management Interface timeout settings, complete the field as explained in Table 3-5. Table 3-5.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure remote management: 1. Select Administration > Remote Management from the menu The Remote Management screen displays (see Figure 3-7 on page 3-12). Figure 3-7 2. In the Secure HTTPS Management section of the screen, enter number of the port that you want to use to access Web Management Interface of the STM. The default setting is port 443, but you can enter a port ranging from 1024 to 65535.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual . Note: To maintain security, the STM rejects a login that uses http://address rather than the SSL https://address. Note: The first time that you remotely connect to the STM with a browser via an SSL VPN connection, you might get a warning message regarding the SSL certificate. If you are using a Windows computer with Internet Explorer 5.5 or higher, simply click Yes to accept the certificate.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 3-8 2. Select the radio buttons and complete the fields as explained in Table 3-6. Table 3-6. SNMP Settings Setting Description (or Subfield and Description) SNMP Settings Do You Want to Enable SNMP? Select one of the following radio buttons: • Yes. Enable SNMP. • No. Disable SNMP. This is the default setting.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-6. SNMP Settings (continued) Setting Description (or Subfield and Description) Do You Want to Enable SNMP? (continued) Set Community The community string to allow an SNMP manager access to the MIB objects of the STM for the purpose of reading and writing. The default setting is private. Contact The SNMP system contact information that is available to the SNMP manager. This setting is optional.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Managing the Configuration File The configuration settings of the STM are stored in a configuration file on the STM. This file can be saved (backed up) to a PC, retrieved (restored) from the PC, or cleared to factory default settings. Once the STM is installed and works properly, make a back-up of the configuration file to a computer. If necessary, you can later restore the STM settings from this file.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Back up your STM settings periodically, and store the backup file in a safe place. Tip: You can use a backup file to export all settings to another STM that has the same language and management software versions. Remember to change the IP address of the second STM before deploying it to eliminate IP address conflicts on the network. To backup settings: 1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Warning: Once you start restoring settings, do not interrupt the process. Do not try to go online, turn off the STM, shut down the computer, or do anything else to the STM until the settings have been fully restored.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Updating the Software If you have used the Setup Wizard, you might have already configured the software update settings; the Software Update screen allows you to modify these settings. The STM has four main software components: • • • • The application software that includes the network protocols, security services, Web Management Interface, and other components.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 3-10 2. Select the radio buttons, complete the field, and make your selections from the pull-down menus as explained in Table 3-7 on page 3-21. 3-20 Performing Network and System Management v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-7. Software Update Settings Setting Description (or Subfield and Description) System Information You cannot configure this section; it is shown for information only. For the software, Scan Engine, (signature) Pattern File, and operating system (OS), the current version and the date of the last update are displayed. Update Settings Update From Select one of the following radio buttons: • Default update server.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 3-11 3. After the update has completed, click Apply to activate the newly updated software. Critical Updates That Require a Restart If a downloaded update requires a restart, you are prompted to perform the update when you log in to the STM. Figure 3-12 shows an example of a Critical Update screen, which provides information about the update and allows you to install it immediately or are a later time.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring Date and Time Service If you have used the Setup Wizard, you might have already configured the system date and time settings; the System Date and Time screen allows you to modify these settings. Configure date, time and NTP server designations on the System Date and Time screen. Network Time Protocol (NTP) is a protocol that is used to synchronize computer clock times in a network of computers.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-8. System Date and Time Settings Setting Description (or Subfield and Description) System Date and Time From the pull-down menu, select an NTP server, or select to enter the time manually. Use Default NTP Servers The STM’s real-time clock (RTC), which it uses for scheduling, is updated regularly by contacting a default NETGEAR NTP server on the Internet. This is the default setting.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Managing Digital Certificates The STM uses digital certificates (also known as X509 certificates) for secure web access connections over HTTPS (that is, SSL VPN connections). Digital certificates can be either self-signed or can be issued by certification authorities (CAs) such as an internal Windows server or an external organizations such as Verisign or Thawte.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA prior to deploying the STM in your network. The STM’s Certificate Management screen lets you to view the currently loaded digital certificate for HTTPS scans, upload a new digital certificate, manage the trusted CA authorities list, and manage the untrusted certificates list.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The top part of the Certificate Used for HTTPS Scans section displays information about the current certificate that is used for HTTPS scans Note: For information about the HTTPS scanning process, “HTTPS Scan Settings” on page 4-36. Downloading the Certificate in to Your Browser To download the current certificate in to your browser: 1. Click Download for browser Import. 2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Managing Trusted Certificates To manage trusted certificates: Select Web Security> Certificate Management from the menu. The Certificate Management screen displays. Figure 3-16 shows only the Trusted Certificate Authorities section of the screen. Figure 3-16 The Trusted Certificate Authorities table contains the trusted certificates from third-party Web sites that are signed by the Certificate Authorities.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Importing a Trusted Certificate To import a trusted certificate: 1. Click Browse next to the Import from File field. 2. Navigate to a trusted certificate file on your computer. Follow the instructions of your browser to place the certificate file in the Import from File field. 3. Click the upload button. The newly imported trusted certificate is added to the Trusted Certificate Authorities table.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Deleting an Untrusted Certificate To delete an untrusted certificate: 1. Select the certificate from the Untrusted Certificates table. 2. Click Delete Selected. Moving an Untrusted Certificate to the Trusted Certificate Authorities Table To move an untrusted certificate to the Trusted Certificate Authorities table: 1. Select the certificate from the Untrusted Certificates table. 2. Click Add to Trusted List.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 3-9. Quarantine Settings Setting Description (or Subfield and Description) Malware Quarantine Area Size Specify the maximum amount of memory in MB that is allocated to malware quarantine. This limit is commutative for all users. For the STM600, the default setting is 200 MB and the maximum setting is 512 MB. For the STM150 and STM300, the default setting is 100 MB and the maximum setting is 512 MB.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual If you want to reduce traffic by preventing undesired e-mails from reaching their destinations or by preventing access to certain sites on the Internet, you can use the STM’s content filtering feature. By default, this feature is disabled; all requested traffic from any Web site is allowed with the exception of Web content categories that are mentioned in “Default E-mail and Web Scan Settings” on page 4-2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual – Setting the size of Web files to be scanned. Scanning large Web files requires network resources and might slow down traffic. You can specify the maximum file size that is scanned, and if files that exceed the maximum size are skipped (which might compromise security) or blocked. For more information, see “Configuring Web Malware Scans” on page 4-24.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3-34 Performing Network and System Management v1.
Chapter 4 Content Filtering and Optimizing Scans This chapter describes how to apply the content filtering features of the STM and how to optimize scans to protect your network. This chapter contains the following sections: • • • • • “About Content Filtering and Scans” on this page. “Configuring E-mail Protection” on page 4-4. “Configuring Web and Services Protection” on page 4-22. “Configuring Application Control” on page 4-44. “Setting Scanning Exclusions and Web Access Exceptions” on page 4-46.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Default E-mail and Web Scan Settings For most network environments, the default scan settings and actions that are shown in Table 4-1 work well but you can adjust these to the needs of your specific environment. Table 4-1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring E-mail Protection The STM lets you configure the following settings to protect the network’s e-mail communication: • • • • • • The e-mail protocols that are scanned for malware threats. Actions that are taken when infected e-mails are detected. The maximum file sizes that are scanned. Keywords, file types, and file names in e-mails that are filtered to block objectionable or highrisk content.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Complete the fields and select the checkboxes as explained in Table 4-2. Table 4-2. E-mail Policy Settings Setting Description Services to Scan SMTP Select the SMTP checkbox to enable Simple Mail Transfer Protocol (SMTP) scanning. This service is enabled by default and uses default port 25. POP3 Select the POP3 checkbox to enable Post Office Protocol 3 (POP3) ).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-2 2. Complete the fields, select the checkboxes, and make your selections from the pull-down menus as explained in Table 4-3. Table 4-3. E-mail Anti-Virus Action Settings Setting Description Action SMTP 4-6 From the SMTP pull-down menu, specify one of the following actions when an infected e-mail is detected: • Quarantine attachment.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-3. E-mail Anti-Virus Action Settings (continued) Setting Description POP3 From the POP3 pull-down menu, specify one of the following actions when an infected e-mail is detected: • Quarantine attachment. The e-mail is not blocked, but the attachment is removed and placed in the malware quarantine for further research.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Make your selection from the pull-down menus and complete the field as explained in Table 4-4. Table 4-4. E-mail Anti-Virus Exception Settings Setting Description Scan Exceptions From the pull-down menu, specify one of the following actions when an e-mail attachment exceeds the size that you specify in the file size field: • Skip. The file is not scanned but skipped, leaving the end user vulnerable.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-4 Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Complete the fields, select the checkboxes, and make your selections from the pull-down menus as explained in Table 4-5. Table 4-5. E-mail Anti-Virus Notification Settings Setting Description Notification Settings 4-10 Insert Warning into Email Subject (SMTP) For SMTP e-mail messages, select this checkbox to insert a warning into the e-mail subject line: • Malware Found.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-5. E-mail Anti-Virus Notification Settings (continued) Setting Description Email Alert Settings Note: Ensure that the E-mail Notification Server (see “Configuring the E-mail Notification Server” on page 6-2) is configured before you specify the e-mail alert settings.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure e-mail content filtering: 1. Select Email Security > Filters from the menu. The Filters screen displays. Figure 4-5 4-12 Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Complete the fields and make your selections from the pull-down menus as explained in Table 4-6. Table 4-6. E-mail Filter Settings Setting Description (or Subfield and Description) Filter by Subject Keywords Keywords Enter keywords that are detected in the e-mail subject line. Use commas to separate different keywords.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-6. E-mail Filter Settings (continued) Setting Description (or Subfield and Description) Filter by File Type File Extension By default, the File Extension field lists the most common file extensions that are detected. You can manually add or delete extensions. Use commas to separate different extensions.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Blacklist. E-mails from the specified sources are considered spam and are blocked. 3. Real-time blacklist. E-mails from known spam sources that are collected by blacklist providers are blocked. 4. Distributed spam analysis. E-mails that are detected as spam by the NETGEAR Spam Classification Center are either tagged, blocked, or quarantined.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure the whitelist and blacklist: 1. Select Email Security > Anti-Spam from the menu. The Anti-Spam submenu tabs appear, with the Whitelist/Blacklist screen in view. Figure 4-6 4-16 Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Complete the fields as explained in Table 4-6. Table 4-7. Whitelist/Blacklist Settings Setting Description Sender IP Address (SMTP) Whitelist Enter the source IP addresses from which e-mails can be trusted. Blacklist Enter the source IP addresses from which e-mails are blocked. Click Apply to save your settings or click Reset to clear all entries from these fields.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual By default, the STM comes with two pre-defined blacklist providers: Spamhaus, and Spamcop. You can add a maximum of 16 blacklist providers to the RBL sources. To enable the real-time blacklist: 1. Select Email Security > Anti-Spam from the menu. The Anti-Spam submenu tabs appear, with the Whitelist/Blacklist screen in view. 2. Click the Real-time Blacklist submenu tab. The Real-time Blacklist screen displays. Figure 4-7 3.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring Distributed Spam Analysis Spam, phishing, and other e-mail-borne threats consist of millions of messages intentionally composed differently to evade commonly-used filters. Nonetheless, all messages within the same outbreak share at least one unique, identifiable value which can be used to distinguish the outbreak.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-8 3. Complete the fields, select the checkboxes, and make your selections from the pull-down menus as explained in Table 4-8. Table 4-8. Distributed Spam Analysis Settings Setting Description (or Subfield and Description) Distributed Spam Analysis 4-20 SMTP Select the SMTP checkbox to enable Distributed Spam Analysis for the SMTP protocol. (You can enable Distributed Spam Analysis for both SMTP and POP3.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-8. Distributed Spam Analysis Settings (continued) Setting Description (or Subfield and Description) Action SMTP From the SMTP pull-down menu, select the action that are taken when spam is detected by the anti-spam engine: • Tag spam email. This is the default setting. The e-mail is tagged as spam, and a spam log entry is created. • Block spam email. The e-mail is blocked, and a spam log entry is created.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring Web and Services Protection The STM lets you configure the following settings to protect the network’s Internet communication: • • • • • • • • The Web protocols that are scanned for malware threats. Actions that are taken when infected Web files or objects are detected. The maximum file sizes that are scanned. Web objects that are blocked.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-9 2. Complete the fields and select the checkboxes as explained in Table 4-8. Table 4-9. Web Policy Settings Setting Description Services to Scan HTTP Select the HTTP checkbox to enable Hypertext Transfer Protocol (HTTP) scanning. This service is enabled by default and uses default port 80. You can change the standard service port or add another port in the corresponding Ports to Scan field.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring Web Malware Scans If you have used the Setup Wizard, you might have already configured the Web malware action and exception scan settings; the Malware Scan screen allows you to modify these settings.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-10. Malware Scan Settings Setting Description Action HTTP and HTTPS Action From the HTTP or HTTPS pull-down menu, specify one of the following actions when an infected Web file or object is detected: • Quarantine ile. f The file is placed in quarantine, a malware quarantine log entry is created, and depending on the nature of the malware threat, also a virus log entry or a spyware log entry. • Delete file.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-10. Malware Scan Settings (continued) Setting Description Note: You can customize this text. Make sure that you keep the %VIRUSINFO% meta word in the text to enable the STM to insert the proper malware threat information. In addition to the %VIRUSINFO% meta word, you can insert the following meta words in your customized message: %TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note: You can bypass any type of Web blocking for trusted URLs by adding the URLs to the whitelist (see “Configuring Web URL Filtering” on page 4-32). Access to the URLs on the whitelist is allowed for PCs in the groups for which file extension, object, or category blocking, or a combination of these types of Web blocking has been enabled.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual . Figure 4-12 [Content Filtering, screen 2 of 3] 4-28 Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual . Figure 4-13 [Content Filtering, screen 3 of 3] 3. Complete the fields, select the checkboxes, and make your selections from the pull-down menus as explained in Table 4-11 on page 4-30. Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-11. Content Filtering Settings Setting Description Content Filtering Log HTTP Traffic Select this checkbox to log HTTP traffic. For information about how to view the logged traffic, see “Querying Logs and Generating Reports” on page 6-22. By default, HTTP traffic is not logged. Note: Logging HTTP traffic might affect the STM's performance (see “Performance Management” on page 3-31).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-11. Content Filtering Settings (continued) Setting Description Web Categorization Schedule Do You Want this Schedule to be Active on All Days or Specific Days? Select one of the following radio buttons: • All Days. The schedule is in effect all days of the week. • Specific Days. The schedule is active only on specific days.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-11. Content Filtering Settings (continued) Setting Description Web Category Lookup URL Enter a URL to find out if it has been categorized, and if so, in which category. Then, click the lookup button. If the URL has been categorized, the category appears next to Lookup Results.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-14 3. Complete the fields and select the checkboxes as explained in Table 4-12 on page 4-34. Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-12. URL Filtering Settings Setting Description Whitelist (takes precedence over Blacklist) Enable Select this checkbox to bypass scanning of the URLs that are listed in the URL field. Users are allowed to access the URLs that are listed in the URL field. URL This field contains the URLs for which scanning is bypassed. To add a URL to this field, use the Add URL field or the Import from File tool (see below).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-12. URL Filtering Settings (continued) Setting Description Add URL Type or copy a URL in the Add URL field. Then, click the add table button to add the URL to the URL field. Import from File To import a list with URLs into the URL field, click the Browse button and navigate to a file in .txt format that contains line-delimited URLs (that is, one URL per line).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual HTTPS Scan Settings HTTPS traffic is encrypted traffic that cannot be scanned otherwise the data stream would not be secure. However, the STM can scan HTTPS traffic that is transmitted through an HTTP proxy, that is, HTTPS traffic is scanned as a proxy between the HTTPS client and the HTTPS server. Figure 4-15 shows the HTTPS scanning traffic flow.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual If one of these is not satisfied, a security alert message appears in the browser window (see Figure 4-16). Figure 4-16 However, even when a certificate is trusted or still valid, or when the name of a certificate does match the name of the Web site, a security alert message still appears when a user who is connected to the STM visits an HTTPS site.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure the HTTPS scan settings: 1. Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs appear, with the Malware Scan screen in view. 2. Click the HTTPS Settings submenu tab. The HTTPS Settings screen displays (see Figure 4-17). Figure 4-17 4-38 Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Complete the fields and select the checkboxes as explained in Table 4-13. Table 4-13. HTTPS Settings Setting Description HTTP Tunneling Select this checkbox to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default. Traffic from trusted hosts is not scanned (see “Specifying Trusted Hosts” on page 4-39).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note that certain sites contain elements from different HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts: • trustedhostserver1.example.com • trustedhostserver2.example.com • imageserver.example.com To completely bypass the scanning of the https://example.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Complete the fields and select the checkbox as explained in Table 4-14. Table 4-14. Trusted Hosts Settings Setting Description Do Not Intercept HTTPS Connections for the following Hosts Enable Select this checkbox to bypass scanning of trusted hosts that are listed in the Hosts field. Users do not receive a security alert for trusted hosts that are listed in the Host field.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-19 2. Complete the fields, select the checkboxes, and make your selections from the pull-down menus as explained in Table 4-15. Table 4-15. FTP Scan Settings Setting Description Action FTP 4-42 Action From the FTP pull-down menu, specify one of the following actions when an infected FTP file or object is detected: • Quarantine file.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-15. FTP Scan Settings (continued) Setting Description Scan Exception From the pull-down menu, specify one of the following actions when a file or object exceeds the size that you specify in the file size field: • Skip. The file or object is not scanned but skipped, leaving the end user vulnerable. This is the default setting. • Block. The file or object is blocked and does not reach the end user.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring Application Control The STM lets you control user access to Web applications such as instant messaging, media, peerto-peer services, and online tools. Blocking an application prohibits all traffic to and from the application, which can be useful when you want to control the STM’s throughput. By default, none of the applications are blocked. To enable and configure application control: 1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 4-21 [Application Control, screen 2 of 3] Figure 4-22 [Application Control, screen 3 of 3] Content Filtering and Optimizing Scans v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 5. After you have configured each section, first click Apply to save the settings before you continue with the next section. You must save the configuration changes for each section individually.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Setting Scanning Exclusions To save resources, you can configure scanning exclusions for IP addresses and ports that you know are secure. For example, if your network includes a Web server that hosts Web pages that are accessible by anyone on the Internet, the files that are hosted by your Web server do not need to be scanned.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. In the Add column, click the add table button to add the exclusion rule to the Scanning Exclusions table. The new exclusion rule is enabled by default. To disable a rule, select the checkbox in the Enable column for the rule. To delete an exclusion rule from the Scanning Exclusions table, click the delete table button in the Action column to the right of the rule that you want to delete.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Under the Exceptions table, click the add table button to specify an exception rule. The Add Exception screen displays. Figure 4-25 3. Complete the fields and make your selections from the pull-down menus as explained in Table 4-17. Table 4-17. Add Exception Settings Setting Description Action From the pull-down menu, select the action that the STM applies: • allow.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-17. Add Exception Settings (continued) Setting Description Applies to (continued) All Users Click the apply button to apply the exception to all users, both authenticated and unauthenticated. Authenticated Click the apply button to apply the exception to all authenticated users. These are users who have actively logged in to the STM and who have been authenticated.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-17. Add Exception Settings (continued) Setting Description Applies to (continued) Group Membership by IP Do the following: 1. From the Name pull-down menu, select a group that is defined by its IP address. 2. Click the apply button to apply the exception to the selected group.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 4-17. Add Exception Settings (continued) Setting Description Category From the pull-down menu, select the category to which the action applies: • URL Filtering. The action applies to a URL. Enter the URL in the Subcategory field. • Web category. The action applies to a Web category. Select a category from the Subcategory pull-down menu. • Application. The action applies to an application.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Click one of the following table buttons: • disable. Disables the rule or rules. The “!” status icon changes from a green circle to a grey circle, indicating that the rule is or rules are disabled. (By default, when a rule is added to the table, it is automatically enabled.) • delete. Deletes the rule or rules.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 4-54 Content Filtering and Optimizing Scans v1.
Chapter 5 Managing Users, Groups, and Authentication This chapter describes how to manage users, groups, and authentication on the STM. This chapter contains the following sections: • • • • • • “About Users, Groups, and Domains on this page. “Configuring Groups” on page 5-2. “Configuring User Accounts” on page 5-6. “Configuring Authentication” on page 5-9. “Global User Settings” on page 5-24. “Viewing and Logging Out Active Users” on page 5-25.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual • Authenticated users. User who have a computer behind the STM, who log in to the STM with a user name and password, and who are assigned an access policies that normally differs from the STM’s default e-mail and Web access policies. Different users or user groups can have different access policies, so there can be multiple access policies on the STM.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note: If you use groups on a remote device, you must configure your network’s firewall to allow access to the IP address and subnet mask that have been assigned to the remote group. Creating and Deleting Groups by Name To create a local group by name: 1. Select User Management > Groups from the menu. The Groups screen displays (Figure 5-1 contains one example).
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Click the add table button. The new group is added to the List of Groups table. To delete a group from the List of Groups table, click the delete table button in the Action column for the group that you want to delete. Note: When you delete a group, an exception rule that is associated with this group no longer has any effect. You can delete such an exception rule.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 5-2. Group Edit Settings Setting Description Edit Description You can edit the brief description of the group for identification and management purposes. To move users from one field to another, use one of the following methods: • Move a single user: highlight the users, then click a single arrow button to move the user from one field to the other.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. In the Add New IP Subnets/Groups section of the screen, complete the fields as explained in Table 5-3. Table 5-3. IP Subnet/Group Settings Setting Description IP Address An IP address on your local network or on a remote device to which the users are assigned. Netmask The subnet mask to which the users are assigned. For an individual IP address, specify 255.255.255.255.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 5-4 The List of Users table displays the users with the following fields: • Enable. The checkbox allows you to enable or disable the user. • Name. The name of the user. • Group. The group to which the user is assigned. If no group is displayed, the user is not assigned to any group. • Action.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 5-4. User Settings (continued) Setting Description Password Select one of the following radio buttons: • The radio button to the left of the Password field. Enter the password that the user must enter to gain access to the STM. The password can be up to 64 characters. • Use username as the password. The password that is assigned to the user is identical to the user name. 3. Click the add table button.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring Authentication The login screen and authentication on the STM depends on the user type and the authentication method: • Administrative users. Users with administrative and guest privileges on the STM must log in through the NETGEAR Configuration Manager Login screen (see Figure 5-6) where they are authenticated through the STM’s local user database. These users must provide their user name and password.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 5-7 After a user has logged in through the User Portal Login screen, the Authentication screen displays. Figure 5-8 The Authentication screen shows the IP address with which the user has logged in and lets a user change the password. After completing a session, a user must log out by following these steps: a. Return to the User Portal Login screen (see Figure 5-7). 5-10 Managing Users, Groups, and Authentication v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The user must know how to return to the User Portal Login screen. The administrator must provide the User Portal Login URL: https:///~common/cgi-bin/user_login.pl or https:///~common/cgi-bin/user_login.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual RADIUS support two types of protocols: – PAP. Password Authentication Protocol (PAP) is a simple protocol in which the client sends a password in clear text. – CHAP. Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake in which the client and server trade challenge messages, each responding with a hash of the other’s challenge message that is calculated using a shared secret value.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual If the size limit is exceeded so that “dc=companyname,dc=com” misses some entries during the lookup process, a user can still be properly authenticated. However, to prevent the size limit from being exceeded, an AD administrator must set a larger value in the LDAP server configuration so that the entire list of users and groups is returned in the lookup result.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 4. To verify Jamie Hanson’s user logon name, click the Account tab. The account properties for Jamie Hanson display. Figure 5-10 5. Log in to the STM. 6. Select User Management > Authentications from the menu The LDAP screen displays. 7. In the List of LDAP table, click the edit button on in the Action column of domain ABC.com. The Edit LDAP screen displays. 8.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 5-11 • The full name, Jamie Hanson (Figure 5-12 shows only the Bind DN field). Figure 5-12 • The Windows account name in e-mail format such as jhanson@testAD.com (Figure 5-13 shows only the Bind DN field). Figure 5-13 Managing Users, Groups, and Authentication v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 9. Click Test to verify that the LDAP server can actually function with the bind DN that you have modified. The automated test procedure checks the connection to the LDAP server; the bind DN, and the bind password. If any settings require changes, you are notified at the end of the automated test procedure. 10. Click Apply to save your settings.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The List of LDAP table displays the following fields: • Domain Name. The name of the STM’s domain to which the server has been assigned. • Server. The IP address of the LDAP or Active Directory server. • Action. The edit table button that provides access to the Edit LDAP screen and the delete table button that allows you to delete the LDAP or Active Directory server. 2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 5-5. LDAP Settings (continued) Setting Description UID Attribute The attribute in the LDAP directory that contains the user’s identifier (uid). For an Active Directory, enter sAMAccountName. For an OpenLDAP directory, enter uid. Member Groups This field is optional. The attribute that is used to identify the groups an entry belongs Attribute to. For an Active Directory, enter memberOf.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To delete a domain and server from the List of LDAP table, click the delete table button in the Action column for the domain and server that you want to delete. Warning: After their sessions have expired, users can no longer log in to the STM if the domain that has been assigned to them is the domain that you deleted. Editing LDAP and Active Directory Domains To edit an LDAP or Active Directory domain: 1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 5-15 The List of RADIUS table displays the following fields: • Domain Name. The name of the STM’s domain to which the server has been assigned. • Server. The IP address of the RADIUS server. • Action. The edit table button that provides access to the Edit RADIUS screen and the delete table button that allows you to delete the RADIUS server. 3.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 5-6. RADIUS Settings (continued) Setting Description Port The port number for the RADIUS authentication server. The default port for the RADIUS server is 1812. Shared Secret The shared secret (password) that is required to access the RADIUS authentication server. Repeat The maximum number of times that the STM attempts to connect to the RADIUS server. The default setting is 3 times.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Editing RADIUS Domains and Configuring VLANs To edit a RADIUS domain: 1. Select User Management > Authentication from the menu. The authentication submenu tabs appear with the LDAP screen in view. 2. Click the RADIUS submenu tab. The RADIUS screen displays (see Figure 5-15 on page 5-20). 3. In the Action column of the List of RADIUS table, click the edit table button for the domain and server that you want to edit.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 4. Modify the fields and make your selections from the pull-down menu as explained in Table 5-6 on page 5-20. 5. Click Test to verify that the RADIUS server can actually function with the RADIUS settings that you have modified. The automated test procedure checks the connection to the RADIUS server; the user name, and the password. If any settings require changes, you are notified at the end of the automated test procedure. 6.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Global User Settings You can globally set the user session settings for authenticated users. These settings include the session expiration period, the allowed session idle time, and the default domain that is presented to the users. To specify the global user configuration settings: 1. Select User Management > Configuration from the menu. The Configuration screen displays. Figure 5-17 2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Click Apply to save the session settings. 4. Locate the Users Portal Login Settings section on screen, and specify the default domain settings: • From the Default Domain pull-down menu, select a domain that is presented as the default domain on the User Portal Login screen. The default domain that is presented is prosecuredomain.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To view all or selected users: 1. On the Active Users screen (see Figure 5-18 on page 5-25), select one of the following radio buttons: • View All. This selection returns all active users after you have clicked the Search button. • Search Criteria. This selection lets you enter the following search criteria so that only selected users are returned after you have clicked the Search button.
Chapter 6 Monitoring System Access and Performance This chapter describes the system monitoring features of the STM. You can be alerted to important events such as attacks and login failures. You can also view the system status and real-time traffic and security information. In addition, the diagnostics utilities are described.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Configuring the E-mail Notification Server If you have used the Setup Wizard, you might have already configured the e-mail notification server; the E-mail Notification Server screen allows you to modify these settings. The STM can automatically send information such as notifications and reports to an administrator.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-1. E-mail Notification Settings (continued) Setting Description (or Subfield and Description) SMTP server The IP address and port number or Internet name and port number of your ISP’s outgoing e-mail SMTP server. The default port number is 25. Note: If you leave this field blank, the STM cannot send e-mail notifications.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-2 [Email and Syslog, screen 1 of 3] 3. Select the Enable checkbox to enable the STM to send logs to an e-mail address. 4. Complete the fields, select the radio button and checkboxes, and make your selections from the pull-down menus as explained in Table 6-2. Table 6-2. E-mail Logs Settings 6-4 Setting Description (or Subfield and Description) Send to The e-mail address of the recipient of the log file.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-2. E-mail Logs Settings (continued) Setting Description (or Subfield and Description) Frequency Select a radio button to specify how often the log file is sent: • When the space is full. Logs are sent when the storage space that is assigned to the logs is full. • Daily. Logs are sent daily at the time that you specify from the pull-down menus (hours and minutes). • Weekly.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Figure 6-3 [Email and Syslog, screen 2 of 3] 4. Select the Enable checkbox to enable the STM to send logs to a syslog server. 5. Complete the fields, select the checkboxes, and make your selections from the pull-down menus as explained in Table 6-3. Table 6-3. Syslog Settings 6-6 Setting Description (or Subfield and Description) IP Address The IP address of the syslog server.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-3. Syslog Settings (continued) Setting Description (or Subfield and Description) Facility The facility indicates from which internal part of the STM the log message originates. For each log that you have selected to be sent to the syslog server (see above), select one of the following facilities from the pull-down menu: • auth. security and authorization log messages. • authpriv.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Locate the Clear the Following Log Information section at the bottom of the screen. Figure 6-4 [Email and Syslog, screen 3 of 3] 3. Select the checkboxes to specify which logs are cleared: • System. The system event logs are cleared. • Traffic. The logs with scanned incoming and outgoing traffic are cleared. • Malware. The logs with intercepted viruses and spyware are cleared. • Spam.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To configure and activate the e-mail alerts: 1. Select Monitoring > Logs & Reports from the menu. The Logs & Reports submenu tabs appear, with the Email and Syslog screen in view. 2. Click the Alerts submenu tab. The Alerts screen displays. Figure 6-5 3. Select the checkboxes and complete the fields as explained in Table 6-4. Table 6-4.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-4. Alerts Settings (continued) Setting Description (or Subfield and Description) Enable Malware Alerts Select this checkbox to enable malware alerts, and configure the Subject and Message fields. Enable Malware Outbreak Alerts Subject Enter the subject line for the e-mail alert. The default text is “[Malware alert]”. Message Enter the content for the e-mail alert.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Monitoring Real-Time Traffic, Security, Statistics, and Web Usage You can monitor the real-time traffic, security events, and statistics from the Dashboard screen. The Web Usage screen displays which hosts on your network are consuming the most resources.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-6 [Dashboard, screen 1 of 3] Table 6-5 on page 6-13 explains the fields of the Status, Total Threats, Threats (Last 7 Days) sections of the Dashboard screen. 6-12 Monitoring System Access and Performance v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-5. Dashboard: Status, Total Threats, and Threats (Last 7 Days) formation Item Description Status System The current CPU, memory, and hard disk usage. When usage is within safe limits, the status bars show green. Services The protocols that are being scanned for malware threats. (ON, OFF, or HALT stated next to the protocol) and the number of active connections for each protocol.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-5. Dashboard: Status, Total Threats, and Threats (Last 7 Days) formation Item Description Threats (Last 7 Days) This is a graphic that shows the relative number of threats and access violations over the last week, using different colors for the various applications: Note: IMBlock stands for instant messaging applications blocked; P2PBlock stands for peer-to-peer applications blocked.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-6 explains the fields of the Total Scanned Services Traffic, Most Recent 5 and Top 5 sections of the Dashboard screen. Table 6-6. Dashboard: Total Scanned Services Traffic and Most Recent 5 and Top 5 Information Item Description Total Scanned Services Traffic (Last 7 Days) This is a graphic that shows the relative number of traffic in bytes over the last week.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-8 [Dashboard, screen 3 of 3] Note: Figure 6-8 shows the Interface Statistics section of the STM600. The STM300 and STM150 have different interfaces (see Table 6-7 on page 6-17). Table 6-7 on page 6-17 explains the fields of the Service Statistics and Interface Statistics sections of the Dashboard screen. 6-16 Monitoring System Access and Performance v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-7. Dashboard: Service Statistics and Interface Statistics Information Item Description Service Statistics For each of the six supported protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP), this section provides the following statistics: Total Scanned Traffic (MB) The total quantity of scanned traffic in MB. Total Emails/Files Scanned The total number of scanned e-mails and files.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Monitoring Web Usage The Web Usage screen shows you how the STM’s Web resources are being used. You can see, for example, which host on the STM uses most resources. To view the STM’s Web usage: 1. Select Monitoring > Dashboard from the menu. The dashboard submenu tabs appear with the Dashboard screen in view. 2. Click the Web Usage submenu tab. The Web Usage screen displays.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 3. Use the From pull-down menu to select the start date of the Web usage report (year, month, date) and the To pull-down menu to select the end date of the report (year, month, date). 4. Click View. The STM generates a Web usage report. The Web usage reports shows the following columns: • TOP. The Web usage ranking. • Category. The Web content filtering category. • Requests. The number of requests for the category.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-10 Table 6-8 on page 6-21 explains the fields of the System Information, Management Interface Information, and Interfaces sections of the System Status screen. 6-20 Monitoring System Access and Performance v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-8. System Status Information Setting Description System Information Firmware Information The current version and most recent update (that is, the most recently downloaded version) for the software, scan engine, pattern file, and operating system (OS). Hardware Serial Number The hardware serial number of the STM.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Querying Logs and Generating Reports The extensive logging and reporting functions of the STM let you perform the following tasks that help you to monitor the protection of the network and the performance of the STM: • • • Querying and downloading logs Generating and downloading e-mail, Web, and system reports Scheduling automatic e-mail, Web, and system reports, and e-mailing these reports to specified recipients.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual You can query and generate each type of log separately and filter the information based on a number of criteria.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-11 3. Select the checkboxes and radio buttons, make your selections from the pull-down menus, and complete the fields as explained in Table 6-9 on page 6-25. 6-24 Monitoring System Access and Performance v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-9. Log Query Settings Setting Description (or Subfield and Description) Log Type Select one of the following log types from the pull-down menu: • Traffic. All scanned incoming and outgoing traffic. • Virus. All intercepted viruses. • Spyware. All intercepted spyware. • Spam. All intercepted spam, including spam that was detected through the blacklist, real-time blacklist, and Distributed Spam Analysis.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-9. Log Query Settings (continued) 6-26 Setting Description (or Subfield and Description) Search Criteria (continued) Client IP The client IP address that is queried. This field is available for the following logs: Traffic, Virus, Spyware, Spam, Content filters, and Application. Server IP The server IP address that is queried.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-9. Log Query Settings (continued) Setting Description (or Subfield and Description) Search Criteria (continued) URL The URL that is queried. This field is available only for the Content filters log. Category The Web or application category that is queried. This field is available for the following logs: Content filters and Application. Size The file’s minimum and maximum size (in bytes) that are queried.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual To identify infected clients that are sending spyware or a virus in outbound traffic, query the STM spyware and virus logs and see if any of your internal IP addresses are the source of spyware or a virus: 1. On the Log Query screen (see Figure 6-11 on page 6-24), select Traffic as the log type. 2. Select the start date and time from the pull-down menus. 3. Select the end date and time from the pull-down menus. 4.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual – – – – • Number of malware incidents Number of files blocked Number of blacklist violations (not applicable to IMAP) Number of e-mails captured by Distributed Spam Analysis (not applicable to IMAP) Web Reports.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual – – Top 10 blocked clients by count For each application, the number of blocked requests, in a graphic The reports that you select are generated as MHTML files, which contain headers for the tables and graphics. You can download the reports as zipped files. Generating Reports To generate a report: 1. Select Monitoring > Logs & Reports from the menu.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-10. Generate Report Settings Setting Description Time From From the pull-down menus, specify the start year, month, day, hour, and minutes for the report. Time To From the pull-down menus, specify the end year, month, day, hour, and minutes for the report. Note: The maximum report period is 31 days. Reports Select one or more checkboxes to specify the reports that are generated: • Email Reports. • Web Reports.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-13 3. Select the checkboxes and complete the fields as explained in Table 6-11. Table 6-11. Schedule Report Settings Setting Description Report Settings Frequency 6-32 Select one of the following checkboxes to specify the frequency with which the reports are generated and e-mailed. • Daily. The report is generated daily at 3:00 am. • Weekly. The report is generated weekly on Sunday at 3:00 am. • Monthly.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-11. Schedule Report Settings (continued) Setting Description Reports Select one or more checkboxes to specify the reports that are generated: • Email Reports. • Web Reports. • System Reports. • Application Reports. Note: You can select all four checkboxes, but you might generate a very large report.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual You can query and view the spam quarantine file and the malware quarantine file separately and filter the information based on a number of criteria.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-14 3. Select the checkboxes and radio buttons, make your selections from the pull-down menus, and complete the fields as explained in Table 6-9. Table 6-12. Quarantine File Settings Setting Description (or Subfield and Description) File Type Select one of the following file types from the pull-down menu: • Spam. Quarantined spam that was detected through Distributed Spam Analysis. • Malware.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 6-12. Quarantine File Settings (continued) Setting Description (or Subfield and Description) Search Criteria (continued) Start Date/Time From the pull-down menus, select the year, month, day, hours, and minutes for the start date and time. End Date/Time From the pull-down menus, select the year, month, day, hours, and minutes for the end date and time.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-15 The Quarantined Spam table shows the following columns: • Checkbox. Lets you select the table entry. • Date. The date that the e-mail was received. • Protocol. The protocol (SMTP) in which the spam was found. • User. The user name that was used to log on the STM. • Client IP. The client IP address from which the spam originated. • From. The e-mail address of the sender. • To. The e-mail address of the recipient.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual • Send as Ham. The selected spam e-mail files are not tagged as spam for Distributed Spam Analysis, are deleted from the quarantine file, and are sent to the intended recipients. • Delete. The selected spam e-mail files are deleted from the quarantine file.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Figure 6-18 shows the Quarantined Infected Files table with data. Figure 6-18 After you have selected one or more table entries, take one of the following actions (or click the Return hyperlink to return to the previous screen): • Resend to Admin.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 2. Select the start date and time from the Begin Date/Time pull-down menus. 3. Specify the recipient’s e-mail address in the Send to field. Note: The report includes only quarantined spam e-mails that contain the e-mail address that is specified in the Send to field. 4. Click Send Report. Note: The report provides summary information such as time, sender, recipient, subject, and size, and a retrieve link.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Using the Network Diagnostic Tools This section discusses the Ping or Trace an IP Address section and the Perform a DNS Lookup section of the Diagnostics screen. Figure 6-20 [Diagnostics, screen 1of 3] Sending a Ping Packet Use the Ping utility to send a ping packet request in order to check the connection between the STM and a specific IP address.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Looking up a DNS Address A DNS (Domain Name Server) converts the Internet name (for example, www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, mail, or other server on the Internet, request a DNS lookup to find the IP address. To look up a DNS address: 1. Locate the Perform a DNS Lookup section on the Diagnostics screen. 2. In the Domain Name field, enter a domain name. 3. Click the lookup button.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 4. In Destination IP Address, enter the IP address of the destination of the traffic stream that you want to analyze. 5. Click Start. You are prompted to save the downloaded traffic information file to your computer, however, do not save the file until you have stopped capturing the traffic flow. 6. When you want to stop capturing the traffic flow, click Stop. 7. Select a location to save the captured traffic flow.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Gathering Important Log Information To gather log information about your STM: 1. Locate the Gather Important Log Information section on the Diagnostics screen. 2. Click Download Now. You are prompted to save the downloaded log information file to your computer. The default file name is importantlog.gpg. 3.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Note: See also “Updating the Software” on page 3-19. Note: For the STM150 only, there is an alternate way to restart: press the Power button on the rear panel of the STM150 (see “Rear Panel STM150” on page 1-14). The front panel Test LED flashes, and the STM150 reboots. To shut down the STM: 1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 6-46 Monitoring System Access and Performance v1.
Chapter 7 Troubleshooting and Using Online Support This chapter provides troubleshooting tips and information for the STM. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the STM on? Go to “Basic Functioning” on page 7-2. • Have I connected the STM correctly? Go to “Basic Functioning” on page 7-2. • I cannot access the STM’s Web Management Interface.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Basic Functioning After you turn on power to the STM, the following sequence of events should occur: 1. When power is first applied, verify that the PWR LED is on. 2. After approximately two minutes, verify that: a. The Test LED (STM150) or Status LED (STM300 and STM600) is no longer lit. b. The LAN port Left LEDs are lit for any local ports that are connected. c.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual If all LEDs are still more than several minutes minute after power up: • Turn the power off, and then turn it on again to see if the STM recovers. • Clear the STM’s configuration to factory defaults. Doing so sets the STM’s IP address to 192.168.1.201. This procedure is explained in “Restoring the Default Configuration and Password” on page 7-6.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Tip: If you do not want to revert to the factory default settings and lose your configuration settings, you can restart the STM and use a sniffer to capture packets sent during the reboot. Look at the ARP packets to locate the STM’s LAN interface address. • Make sure that you are using the SSL https://address login rather than the http://address login. • Make sure that your browser has Java, JavaScript, or ActiveX enabled.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the Ping utility in your PC or workstation.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. From the Windows run menu, type: PING -n 10 where is the IP address of a remote device such as your ISP’s DNS server. If the path is functioning correctly, replies as in the previous section are displayed.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual The STM restarts. During the reboot process, the Backup & Restore Settings screen remains visible. The reboot process is complete after several minutes when the Test LED (STM150) or Status LED (STM300 and STM600) on the front panel goes off. Warning: When you restore the factory default settings, the STM settings are erased. All scan and anti-spam settings are lost. Back up your settings if you intend on using them.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Using Online Support The STM includes online support tools that allow NETGEAR Technical Support to securely perform diagnostics of the STM, and that lets you submit suspicious files for analysis by NETGEAR. You can also access the knowledge base and documentation online. Enabling Remote Troubleshooting One of the advanced features that the STM provides is online support through a support tunnel.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Installing Hot Fixes NETGEAR might release hot fixes or patches if certain problems are found in any software release. When a hot fix is available, install it immediately to ensure optimum performance of the STM. Hot fixes might be released through NETGEAR resellers or might be available on the NETGEAR ProSecure Web site at http://prosecure.netgear.com.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 6. Navigate to the location on your computer where you have saved the hot fix file, and then select it. 7. Click Open. The hot fix file now appears in the Import from File field. 8. Click Apply to install the hot fix. The Test LED (STM150) or Status LED (STM300 and STM600) blinks during the hot fix installation.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table 7-1. Malware Analysis Settings Setting Description Email Address The e-mail address of the submitter to enable NETGEAR to contact the submitter if needed. File Location Click Browse to navigate to the file that you want to submit to NETGEAR.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual 7-12 Troubleshooting and Using Online Support v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Appendix A Default Settings and Technical Specifications To return the STM returns to the default factory configuration settings that are shown in Table A-1, click the default button on the Backup and Restore Settings screen (see “Reverting to Factory Default Settings” on page 3-18). Table A-1. STM Default Configuration Settings Feature Default Login User Login URL https://192.168.1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table A-1. STM Default Configuration Settings (continued) Feature Default LAN Connections MAC Address Default address MTU Size 1500 Ports STM150: 5 AutoSense 10/100/1000BASE-T, RJ-45 STM300: 3 AutoSense 10/100/1000BASE-T, RJ-45 STM600: 5 AutoSense 10/100/1000BASE-T, RJ-45 LAN IP Address In line transparent bridged Subnet Mask 255.255.255.0 Table A-2 shows the STM specifications. Table A-2.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Table A-2. STM Specifications (continued) Feature Specification Electromagnetic Emissions Meets requirements of FCC Part 15 Class A VCCI Class A CE mark, commercial Meets requirements of UL listed C-Tick Safety Default Settings and Technical Specifications v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual A-4 Default Settings and Technical Specifications v1.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Li nk TCP/IP Networking Basics http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Networking Basics http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing Your Network http://documentation.
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual B-2 Related Documents v1.
Index Numerics Web access exceptions 4-49 categories 2-25, 4-30 10BaseT, 100BaseT, and 1000BaseT 3-4 anti-spam settings, backing up 3-16 A anti-virus action if infected e-mails 2-15 user notification settings 4-10 AC input STM150 1-14 STM300 1-15 STM600 1-15 application software, updating 3-19 access preventing inherited privileges 5-11 read/write and read-only 3-9 remote management 3-11 action buttons (Web Management Interface) 2-8 activating, service licenses 1-6, 2-28 Active Directory (AD) domai
FVX338 ProSafe VPN Firewall 200 Reference Manual keywords, e-mails 4-11, 4-13 sites, reducing traffic 3-32 URLs 4-34 Web access exceptions 4-49 categories 2-25, 4-26, 4-30 objects 4-26, 4-30 Challenge Handshake Authentication Protocol. See RADIUS-CHAP.
FVX338 ProSafe VPN Firewall 200 Reference Manual D date settings 2-13, 3-23, 3-24 troubleshooting 7-7 daylight savings time 2-13, 3-24 debug logs 6-43 dedicated management VLAN port 1-6 defaults configuration restoring 7-6 settings A-1 content filtering settings 4-2 domains, for authentication 5-25 factory default settings, reverting to 3-18 IP address 2-11, 3-3 login time-out 2-7 NETGEAR certificate 3-27 password 2-6 subnet mask 2-12, 3-4 user name 2-6 overview 5-1 RADIUS 5-19 trusted 4-26 Web access exc
FVX338 ProSafe VPN Firewall 200 Reference Manual exclusions, scanning 4-47 Gnutella 4-2, 4-46 executable files e-mail filtering 4-14 FTP filtering 4-43 Web filtering 4-30 Google Talk 4-2, 4-46 GoToMyPC 4-3, 4-46 groups by IP address and subnet, managing 5-5 by IP membership, authentication 4-51 by name, managing 5-3 local 4-50 membership 5-2 overview 5-1 Web access exceptions, applying to 4-49 F facilities, syslog server 6-7 factory defaults login 1-15 service licenses, automatic retrieval 2-30 settings
FVX338 ProSafe VPN Firewall 200 Reference Manual hot fixes 7-9 initial configuration, Setup Wizard 2-10 HTML, scanning 4-25 installation, steps 2-4 HTTP action, infected Web file or object 2-18, 4-25 concurrently scanned connections 1-5 default port 2-17, 4-23 enabling scanning 2-17, 4-23 logging, traffic 4-30 proxy settings configuring manually 3-8 using the Setup Wizard 2-23 proxy, for HTTPS scanning 4-36, 4-39 testing scanning 2-27 trusted hosts 4-39 instant messaging services configuring 4-46 defau
FVX338 ProSafe VPN Firewall 200 Reference Manual troubleshooting 7-2, 7-3 ports STM150 1-8 STM300 1-10 STM600 1-12 LDAP binding a dn 5-12 configuring a dn 5-17 domains 5-16 overview 5-11 settings 5-17 users and groups 4-51 LEDs Hard drive (HDD) STM150, not applicable STM300 1-11 STM600 1-13 LAN STM150 1-9 STM300 1-11 STM600 1-13 locations STM150 1-8 STM300 1-10 STM600 1-12 Power STM150 1-9 STM300 1-11 STM600 1-13 Status STM150, not applicable STM300 1-11 STM600 1-13 stop blinking (Test LED, Status LED) 6-21
FVX338 ProSafe VPN Firewall 200 Reference Manual NTP 3-23 servers, settings 2-13, 3-23, 3-24 troubleshooting 7-7 digital certificates 3-25 performance 3-31 Management Information Base. See MIB. management ports STM150, not applicable STM300 1-10 STM600 1-12 O maximum transmission unit. See MTU (settings).
FVX338 ProSafe VPN Firewall 200 Reference Manual placement, location 1-17 STM600 1-15 polling interval 6-11 power specifications, adapter A-2 POP3 action, infected e-mails 2-15, 4-7 default port 2-15, 4-5 Distributed Spam Analysis 4-20 enabling scanning 2-15, 4-5 file extension blocking 4-14 file name blocking 4-14 keyword blocking 4-13 password-protected attachment blocking 4-13 printing, this manual xiv ports console STM150 1-14 STM300 1-10 STM600 1-12 LAN speed 7-2 STM150 1-8 STM300 1-10 STM600 1-1
FVX338 ProSafe VPN Firewall 200 Reference Manual S real-time protection, capabilities 1-4 traffic, diagnostics 6-42 safety compliance A-3 scan engine capabilities 1-4 updating 2-22, 3-19 real-time blacklist (RBL), e-mails 4-17 real-time clock. See RTC.
FVX338 ProSafe VPN Firewall 200 Reference Manual shutting down 6-44 whitelist and blacklist 4-15 signatures, pattern file 2-22 Spamcop 4-18 Simple Mail Transfer Protocol. See SMTP. Spamhaus 4-18 Simple Network Management Protocol. See SNMP. specifications, physical and technical A-2 size, exceptions e-mail attachments 2-16, 4-8 FTP files and objects 4-43 Web files and objects 2-19, 4-25 speed autosensing 3-4 settings 3-4 spyware logs 6-22, 6-25 See also anti virus, See also e-mails.
FVX338 ProSafe VPN Firewall 200 Reference Manual rear panel 1-15 zone 2-13, 3-24 Stream Scanning technology overview 1-4 streaming, scanned file parts 2-18, 4-25 submenu tabs (Web Management Interface) 2-8 subnet mask, STM 2-12, 3-4 TLS 5-17 support, online 7-8 tools (online) configuring 4-46 defaults 4-3 status 6-13 suspicious files 7-10 switch, power STM150 1-14 STM300 1-15 STM600 1-15 tracing a route (traceroute) 6-41 syslog server 6-6 system date and time settings, using the Setup Wizard 2-12, 2
FVX338 ProSafe VPN Firewall 200 Reference Manual update failure alert 6-8, 6-9 update servers 2-22, 3-21 update settings backing up 3-16 security subscriptions configuring manually 3-19 using the Setup Wizard 2-21 updates critical 3-22 product xiv scheduling 2-22, 3-19 updating software automatically 3-21 manually 3-21 overview 3-19 uplink ports. See WAN, ports.
FVX338 ProSafe VPN Firewall 200 Reference Manual reports 6-29, 6-33 scan throughput 1-5 security settings, using the Setup Wizard 2-17 statistics 6-13 usage monitoring 6-18 reports 6-19 Web Management Interface 2-8 browsers, qualified 2-5 layout 2-8 settings 2-11 status 6-21 troubleshooting 7-3 whitelist e-mails 4-15 URLs 4-34 wildcards, using for URLs 4-34 Winamp 4-2, 4-46 Y Yahoo Messenger 4-2, 4-46 Yahoo Toolbar 4-3, 4-46 Z zone, time 2-13, 3-24 Index-13 v2.
FVX338 ProSafe VPN Firewall 200 Reference Manual Index-14 v2.